On 7/14/22 11:53, Stephen Smalley wrote: > Hi, > > Is it possible to exclude a script from triggering audit records? > I know that one can exclude an executable via -a never,exit -F > exe=/path/to/exe but I haven't been able to find a way to do the same > for a script. > Also, is there a way to have the exclusion applied to all child > processes spawned by the script? So - the way I've done this is to set policy for the script to run in a certain unique type, then exclude that subj_type. For child processes, if they are spawned with the parent context you are set, otherwise I'm sure macros exist to accommodate that and you would be more familiar with those than me.