[PATCH 0/1] Add CONFIG_SECURITY_SELINUX_PERMISSIVE_DONTAUDIT
Casey Schaufler
casey at schaufler-ca.com
Wed Sep 21 19:10:26 UTC 2022
On 9/21/2022 11:54 AM, jeffxu at chromium.org wrote:
> From: Jeff Xu <jeffxu at chromium.org>
>
> This patch was originally developed by Luis Hector Chavez
> <lhchavez at chromium.org>
>
> For systems that use SECURITY_SELINUX_DEVELOP=y and allow permissive
> domains. The audit log from permissive domains can be excessive in
> practice, and this patch is useful to avoid the log spam.
Doesn't this defeat the purpose of permissive mode? If you aren't
logging the events that would have failed how can you learn what
policy you should have?
>
> Luis Hector Chavez (1):
> Add CONFIG_SECURITY_SELINUX_PERMISSIVE_DONTAUDIT
>
> security/selinux/Kconfig | 10 ++++++++++
> security/selinux/avc.c | 9 +++++++++
> 2 files changed, 19 insertions(+)
>
> --
> 2.37.3.968.ga6b4b080e4-goog
>
More information about the Linux-security-module-archive
mailing list