Re: [PATCH v2 1/1] audit: Mark audit_log_vformat() with __printf() attribute

On Thu, Mar 20, 2025 at 6:02 PM Paul Moore wrote: > On Mar 13, 2025 Andy Shevchenko wrote: > > > > audit_log_vformat() is using printf() type of format, and GCC compiler > > (Debian 14.2.0-17) is not happy about this: > > > > kernel/audit.c:1978:9: error: function ‘audit_log_vformat’ might be a

Re: [PATCH v1 1/2] audit: record fanotify event regardless of presence of rules

On Mar 5, 2025 Richard Guy Briggs wrote: > > When no audit rules are in place, fanotify event results are > unconditionally dropped due to an explicit check for the existence of > any audit rules. Given this is a report from another security > sub-system, allow it to be recorded regardless of t

Re: [PATCH v1 2/2] audit: record AUDIT_ANOM_* events regardless of presence of rules

On Mar 5, 2025 Richard Guy Briggs wrote: > > When no audit rules are in place, AUDIT_ANOM_{LINK,CREAT} events > reported in audit_log_path_denied() are unconditionally dropped due to > an explicit check for the existence of any audit rules. Given this is a > report of a security violation, allo

Re: [PATCH v2] audit,module: restore audit logging in load failure case

On Mar 17, 2025 Richard Guy Briggs wrote: > > The move of the module sanity check to earlier skipped the audit logging > call in the case of failure and to a place where the previously used > context is unavailable. > > Add an audit logging call for the module loading failure case and get > the