diff --git a/policycoreutils/audit2allow/audit2allow b/policycoreutils/audit2allow/audit2allow
index 9186965..1c7d896 100644
--- a/policycoreutils/audit2allow/audit2allow
+++ b/policycoreutils/audit2allow/audit2allow
@@ -58,6 +58,9 @@ class AuditToPolicy:
                           help="generate a module package - conflicts with -o and -m")
         parser.add_option("-o", "--output", dest="output",
                           help="append output to <filename>, conflicts with -M")
+        parser.add_option("-D", "--dontaudit", action="store_true", 
+                          dest="dontaudit", default=False, 
+                          help="generate policy with dontaudit rules")
         parser.add_option("-R", "--reference", action="store_true", dest="refpolicy",
                           default=True, help="generate refpolicy style output")
 
@@ -153,11 +156,11 @@ class AuditToPolicy:
     def __process_input(self):
         if self.__options.type:
             avcfilter = audit.AVCTypeFilter(self.__options.type)
-            self.__avs = self.__parser.to_access(avcfilter)
+            self.__avs = self.__parser.to_access(avcfilter, dontaudit=self.__options.dontaudit)
             csfilter = audit.ComputeSidTypeFilter(self.__options.type)
             self.__role_types = self.__parser.to_role(csfilter)
         else:
-            self.__avs = self.__parser.to_access()
+            self.__avs = self.__parser.to_access(dontaudit=self.__options.dontaudit)
             self.__role_types = self.__parser.to_role()
 
     def __load_interface_info(self):
diff --git a/policycoreutils/audit2allow/audit2allow.1 b/policycoreutils/audit2allow/audit2allow.1
index c041f75..d9635c2 100644
--- a/policycoreutils/audit2allow/audit2allow.1
+++ b/policycoreutils/audit2allow/audit2allow.1
@@ -25,10 +25,10 @@
 .TH AUDIT2ALLOW "1" "January 2005" "Security Enhanced Linux" NSA
 .SH NAME
 .BR audit2allow
-	\- generate SELinux policy allow rules from logs of denied operations
+\- generate SELinux policy allow/dontaudit rules from logs of denied operations
 
 .BR audit2why  
-	\- translates SELinux audit messages into a description of why the access was denied (audit2allow -w)
+\- translates SELinux audit messages into a description of why the access was denied (audit2allow -w)
 
 .SH SYNOPSIS
 .B audit2allow
@@ -44,6 +44,9 @@ Read input from output of
 Note that all audit messages are not available via dmesg when
 auditd is running; use "ausearch -m avc | audit2allow"  or "-a" instead.
 .TP
+.B "\-D" | "\-\-dontaudit"
+Generate dontaudit rules (Default: allow)
+.TP
 .B "\-h" | "\-\-help"
 Print a short usage message
 .TP
diff --git a/sepolgen/src/sepolgen/access.py b/sepolgen/src/sepolgen/access.py
index 71121d7..139f786 100644
--- a/sepolgen/src/sepolgen/access.py
+++ b/sepolgen/src/sepolgen/access.py
@@ -86,6 +86,8 @@ class AccessVector:
             self.perms = refpolicy.IdSet()
             self.audit_msgs = []
 
+        self.dontaudit = False
+
         # The direction of the information flow represented by this
         # access vector - used for matching
         self.info_flow_dir = None
@@ -253,7 +255,7 @@ class AccessVectorSet:
         for av in l:
             self.add_av(AccessVector(av))
 
-    def add(self, src_type, tgt_type, obj_class, perms, audit_msg=None):
+    def add(self, src_type, tgt_type, obj_class, perms, audit_msg=None, dontaudit=False):
         """Add an access vector to the set.
         """
         tgt = self.src.setdefault(src_type, { })
@@ -266,6 +268,7 @@ class AccessVectorSet:
             access.src_type = src_type
             access.tgt_type = tgt_type
             access.obj_class = obj_class
+            access.dontaudit = dontaudit
             cls[obj_class] = access
 
         access.perms.update(perms)
diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py
index efcc40d..80371d0 100644
--- a/sepolgen/src/sepolgen/audit.py
+++ b/sepolgen/src/sepolgen/audit.py
@@ -424,7 +424,7 @@ class AuditParser:
         
         return role_types
 
-    def to_access(self, avc_filter=None, only_denials=True):
+    def to_access(self, avc_filter=None, only_denials=True, dontaudit=False):
         """Convert the audit logs access into a an access vector set.
 
         Convert the audit logs into an access vector set, optionally
@@ -448,10 +448,10 @@ class AuditParser:
             if avc_filter:
                 if avc_filter.filter(avc):
                     av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
-                               avc.accesses, avc)
+                               avc.accesses, avc, dontaudit=dontaudit)
             else:
                 av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
-                           avc.accesses, avc)
+                           avc.accesses, avc, dontaudit=dontaudit)
         return av_set
 
 class AVCTypeFilter:
@@ -477,5 +477,3 @@ class ComputeSidTypeFilter:
         if self.regex.match(avc.tcontext.type):
             return True
         return False
-
-
diff --git a/sepolgen/src/sepolgen/refpolicy.py b/sepolgen/src/sepolgen/refpolicy.py
index b138e3d..782ea3d 100644
--- a/sepolgen/src/sepolgen/refpolicy.py
+++ b/sepolgen/src/sepolgen/refpolicy.py
@@ -449,6 +449,8 @@ class AVRule(Leaf):
             self.tgt_types.add(av.tgt_type)
         self.obj_classes.add(av.obj_class)
         self.perms.update(av.perms)
+        if av.dontaudit:
+            self.rule_type = audit2why.DONTAUDIT
 
     def to_string(self):
         """Return a string representation of the rule