Under which mode do SELinux policy rule violations only produce log messages?

SELinux operates in several modes, with each having distinct behaviors regarding policy enforcement and logging. In Permissive Mode, SELinux policy rules are not enforced, meaning that any actions that would typically trigger a policy violation do not result in denials or access blocks. Instead, violations are only logged, providing visibility into potential security issues without actively preventing them.

This mode is particularly useful for administrators who are in the process of developing or testing new SELinux policies. It allows them to monitor what would be denied under enforcing mode without disrupting system operations. By examining the logs generated in Permissive Mode, administrators can adjust their policies accordingly to ensure that necessary actions or processes are not inadvertently blocked when the system is switched to Enforcing Mode in the future.

Other modes like Enforcing Mode actively enforce policies and prevent any actions that violate these rules, while Disabled Mode completely turns off SELinux enforcement and logging altogether. Active Mode is not a recognized standard SELinux mode, further clarifying that Permissive Mode is indeed the correct choice for the situation described in the question.