On 9/21/2022 11:54 AM, jeffxu@xxxxxxxxxxxx wrote: > From: Jeff Xu <jeffxu@xxxxxxxxxxxx> > > This patch was originally developed by Luis Hector Chavez > <lhchavez@xxxxxxxxxxxx> > > For systems that use SECURITY_SELINUX_DEVELOP=y and allow permissive > domains. The audit log from permissive domains can be excessive in > practice, and this patch is useful to avoid the log spam. Doesn't this defeat the purpose of permissive mode? If you aren't logging the events that would have failed how can you learn what policy you should have? > > Luis Hector Chavez (1): > Add CONFIG_SECURITY_SELINUX_PERMISSIVE_DONTAUDIT > > security/selinux/Kconfig | 10 ++++++++++ > security/selinux/avc.c | 9 +++++++++ > 2 files changed, 19 insertions(+) > > -- > 2.37.3.968.ga6b4b080e4-goog >
