On Mon, Sep 26, 2022 at 2:41 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > On Mon, Sep 26, 2022 at 2:03 PM Jeff Xu <jeffxu@xxxxxxxxxxxx> wrote: > > Thanks for details about the unconfined_t domain, this is one option. > > > > IMHO: between permissive domain + audit log and unconfined_t, there might > > be room for letting each permissive domain decide its own audit logging > > strategy. The reasons are ... > > I'm sorry, but I don't want to support a permissive mode that doesn't > generate denial records in the upstream kernel at this point in time. > No problem, I understand. Thanks Best Regards Jeff > -- > paul-moore.com
