On 7/17/20 4:09 PM, Deven Bowers wrote:
+config SECURITY_IPE_PERMISSIVE_SWITCH
+ bool "Enable the ability to switch IPE to permissive mode"
+ default y
+ help
+ This option enables two ways of switching IPE to permissive mode,
+ a sysctl (if enabled), `ipe.enforce`, or a kernel command line
+ parameter, `ipe.enforce`. If either of these are set to 0, files
is set
+ will be subject to IPE's policy, audit messages will be
logged, but
+ the policy will not be enforced.
+
+ If unsure, answer Y.
--
~Randy