Comment 3 for bug 1367264

Thanks for the comments Jamie. We call aa_getcon() to figure out whether we are running confined or not:

    // Find out whether we are confined. aa_getcon() returns -1 in that case.
    char* con = nullptr;
    char* mode;
    int rc = aa_getcon(&con, &mode);
    // Only con (not mode) must be deallocated
    free(con);
    confinement_type = rc == -1 ? "leaf-net" : "unconfined";

If you want to silence the denial in the logs, that's cool with me. We just rely on aa_getcon() returning -1 if we are confined. So, as long as the return value doesn't change, I'm good with silencing it (but I don't have a problem with the log entry per se either).