Re: [PATCH v1 1/2] audit: record fanotify event regardless of presence of rules

On Mar 5, 2025 Richard Guy Briggs wrote: > > When no audit rules are in place, fanotify event results are > unconditionally dropped due to an explicit check for the existence of > any audit rules. Given this is a report from another security > sub-system, allow it to be recorded regardless of t

Re: [PATCH v2] audit,module: restore audit logging in load failure case

On Mar 17, 2025 Richard Guy Briggs wrote: > > The move of the module sanity check to earlier skipped the audit logging > call in the case of failure and to a place where the previously used > context is unavailable. > > Add an audit logging call for the module loading failure case and get > the

Re: [PATCH v1 2/2] audit: record AUDIT_ANOM_* events regardless of presence of rules

On Mar 5, 2025 Richard Guy Briggs wrote: > > When no audit rules are in place, AUDIT_ANOM_{LINK,CREAT} events > reported in audit_log_path_denied() are unconditionally dropped due to > an explicit check for the existence of any audit rules. Given this is a > report of a security violation, allo