1Disable Permissive Processes 2 3 4Disabling the 'permissivedomains' module allows you to remove all permissive domains shipped with the distribution. 5 6When the distribution policy writers write a new confined domain, they initially ship the policy for that domain in permissive mode. Permissive mode means that a process running in the domain will not be confined by SELinux. The kernel will log the AVC messages, access denials, that would have happened had the process been run in enforcing mode. 7 8Permissive domain policies are experimental and will be turned to enforcing in future Operation System Releases. 9 10Note if you disable the permissive domains module, you may see an increase in the denials in your log files. 11