Re: [PATCH v1 2/2] audit: record AUDIT_ANOM_* events regardless of presence of rules

On Mar 5, 2025 Richard Guy Briggs wrote: > > When no audit rules are in place, AUDIT_ANOM_{LINK,CREAT} events > reported in audit_log_path_denied() are unconditionally dropped due to > an explicit check for the existence of any audit rules. Given this is a > report of a security violation, allo

[PATCH v1 2/2] audit: record AUDIT_ANOM_* events regardless of presence of rules

When no audit rules are in place, AUDIT_ANOM_{LINK,CREAT} events reported in audit_log_path_denied() are unconditionally dropped due to an explicit check for the existence of any audit rules. Given this is a report of a security violation, allow it to be recorded regardless of the existence of any