On Wed, 2009-07-01 at 09:32 -0400, Christopher Pardy wrote: > Creates a empty file disable_dontaudit in the polciy directory > (/etc/selinux/<policytype>). Checks for the existance of this file to > set the sepol disable don't audit upon handle creation. Also provides > the function "int semanage_get_disable_dontaudit()" which returns the > don't audit property of the current policy. > > Signed-off-by: Christopher Pardy <cpardy@xxxxxxxxxx> Your patch is not correctly generated. Please read http://userweb.kernel.org/~akpm/stuff/tpp.txt In your description, please explain the rationale for the patch, not just what it does - we can discover the latter from reading the code, but not the former. Why do we want this functionality? Why is it better than the existing semodule -DB to disable dontaudit rules and semodule -B to re-enable them? -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
