[PATCH 1/1] Add CONFIG_SECURITY_SELINUX_PERMISSIVE_DONTAUDIT
Paul Moore
paul at paul-moore.com
Mon Sep 26 21:40:57 UTC 2022
On Mon, Sep 26, 2022 at 2:03 PM Jeff Xu <jeffxu at chromium.org> wrote:
> Thanks for details about the unconfined_t domain, this is one option.
>
> IMHO: between permissive domain + audit log and unconfined_t, there might
> be room for letting each permissive domain decide its own audit logging
> strategy. The reasons are ...
I'm sorry, but I don't want to support a permissive mode that doesn't
generate denial records in the upstream kernel at this point in time.
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list