diff options
| author | Richard Guy Briggs <rgb@redhat.com> | 2025-08-06 17:04:07 -0400 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2025-11-02 22:18:03 +0900 |
| commit | 38a020eb9ee4944eab5cfdd2ad743c1ff4519475 (patch) | |
| tree | beed8713f9edc28b448ff9f409fa221838c236f8 /include | |
| parent | f1971d5ba2efe944c6e0ae8709f733968c5c70ed (diff) | |
| download | linux-38a020eb9ee4944eab5cfdd2ad743c1ff4519475.tar.gz linux-38a020eb9ee4944eab5cfdd2ad743c1ff4519475.tar.bz2 linux-38a020eb9ee4944eab5cfdd2ad743c1ff4519475.zip | |
audit: record fanotify event regardless of presence of rules
[ Upstream commit ce8370e2e62a903e18be7dd0e0be2eee079501e1 ]
When no audit rules are in place, fanotify event results are
unconditionally dropped due to an explicit check for the existence of
any audit rules. Given this is a report from another security
sub-system, allow it to be recorded regardless of the existence of any
audit rules.
To test, install and run the fapolicyd daemon with default config. Then
as an unprivileged user, create and run a very simple binary that should
be denied. Then check for an event with
ausearch -m FANOTIFY -ts recent
Link: https://issues.redhat.com/browse/RHEL-9065
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/audit.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index a394614ccd0b..e3f06eba9c6e 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -527,7 +527,7 @@ static inline void audit_log_kern_module(const char *name) static inline void audit_fanotify(u32 response, struct fanotify_response_info_audit_rule *friar) { - if (!audit_dummy_context()) + if (audit_enabled) __audit_fanotify(response, friar); } |