Add audit log entry to specify whether the decision was made in permissive mode/permissive domain or enforcing mode.
Signed-off-by: Richard Haines <[email protected]> --- V2 changes: Remove utilities and follow the kernel way of detecting whether permissive or not. libselinux/src/avc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libselinux/src/avc.c b/libselinux/src/avc.c index b1ec57f..96b2678 100644 --- a/libselinux/src/avc.c +++ b/libselinux/src/avc.c @@ -723,6 +723,10 @@ void avc_audit(security_id_t ssid, security_id_t tsid, log_append(avc_audit_buf, " "); avc_dump_query(ssid, tsid, tclass); + + if (denied) + log_append(avc_audit_buf, " permissive=%u", result ? 0 : 1); + log_append(avc_audit_buf, "\n"); avc_log(SELINUX_AVC, "%s", avc_audit_buf); -- 2.9.3
