If you’re wondering why SELinux is not printing a “denied” message in /var/log/audit/audit.log it’s probably because somebody wanted to hide it! Yes, it’s possible to prevent an SELinux module from logging a denied message. Disable this behaviour by executing the following command:

semodule --disable_dontaudit --build

Re-enable again with:

semodule --build

For more consult the semodule man page and Possible Causes of Silent Denials