Hi All, Had a thought pop up in my head, and was just cusrious... Lets say I am using SELinux in my Linux product to monitor the filesystem and generate avc deny events in audit.log, whenever my strict selinux policy is violated... And I am running in Permissive mode (so NOT actively preventing anything, just reporting...). Is there any reason why I cant simply write a bunch of rules in audit.rules to accomplish the same objective ? Possibly a dumb question, so apologize in advance, but other than Policy Enforcement and Prevention in the 'Enforcing' mode (which I cant use in my product for various reasons), what else is SELinux buying me, that I cant get by using just audit ? I am sure there must be significant benefits of SELinux, but can someone help me understand some of the benefits. And also perhaps some of the SELinux functionalities are desirable, but cannot be accomplished by just audit. Can you tell me what those may be? If there is an article or URL that provides more depth, please feel free to share that as well. Thanks as always for your help. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
