Hello, I am currently struggling with a strange SELinux problem, for which I am not able to find an answer by reading the documentation and researching online. The problem is, that some AVC denial log entries seem to get lost in permissive mode, in other words, they are not logged... I've already deactivated all dont audit rules and I know for sure that the denial actually occurs, because I can trace it via strace... Although I can't see a corresponding entry in the audit.log. By the way, in enforcing mode I can see suddenly the missing denial entry... If the permissive mode lacks/drops some denials which we can only see in enforcing mode, then this would be truly terrible for the policy writers... Otherwise I am out of ideas, what other things could cause the loss of SELinux denials... I hope you can point me to right direction with this matter and I thank you in advance for your help. Best regards, BMK
