**Exception**

The audit rules for permission changes made with ``fremovexattr`` are disabled
by default as they can generate an excessive amount of logs in a short period
of time, especially during a deployment.

Deployers can enable auditing for ``fremovexattr`` usage by setting the
following Ansible variable:

.. code-block:: yaml

   security_audit_DAC_fremovexattr: yes