On Wed, 2009-07-01 at 10:06 -0400, Stephen Smalley wrote: > On Wed, 2009-07-01 at 09:32 -0400, Christopher Pardy wrote: > > Creates a empty file disable_dontaudit in the polciy directory > > (/etc/selinux/<policytype>). Checks for the existance of this file to > > set the sepol disable don't audit upon handle creation. Also provides > > the function "int semanage_get_disable_dontaudit()" which returns the > > don't audit property of the current policy. > > > > Signed-off-by: Christopher Pardy <cpardy@xxxxxxxxxx> > > Your patch is not correctly generated. Please read > http://userweb.kernel.org/~akpm/stuff/tpp.txt Oh, and also: http://lxr.linux.no/linux/Documentation/SubmittingPatches > In your description, please explain the rationale for the patch, not > just what it does - we can discover the latter from reading the code, > but not the former. > > Why do we want this functionality? Why is it better than the existing > semodule -DB to disable dontaudit rules and semodule -B to re-enable > them? > -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
