linux-arm.git - Russell King's ARM Linux kernel tree

diff options

author	Richard Guy Briggs <rgb@redhat.com>	2025-03-05 16:33:20 -0500
committer	Paul Moore <paul@paul-moore.com>	2025-04-11 14:14:41 -0400
commit	654d61b8e0e2f8b9bdea28a9a51279ecdacafe3c (patch)
tree	8f415b70753be9926825a4ed10e4b038d2ace81d /tools/perf/scripts/python/export-to-sqlite.py
parent	baaba7b4483731592334611f4170160ae8a4d5f7 (diff)

audit: record AUDIT_ANOM_* events regardless of presence of rules

When no audit rules are in place, AUDIT_ANOM_{LINK,CREAT} events reported in audit_log_path_denied() are unconditionally dropped due to an explicit check for the existence of any audit rules. Given this is a report of a security violation, allow it to be recorded regardless of the existence of any audit rules. To test, mkdir -p /root/tmp chmod 1777 /root/tmp touch /root/tmp/test.txt useradd test chown test /root/tmp/test.txt {echo C0644 12 test.txt; printf 'hello\ntest1\n'; printf \\000;} | \ scp -t /root/tmp Check with ausearch -m ANOM_CREAT -ts recent Link: https://issues.redhat.com/browse/RHEL-9065 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>

Diffstat (limited to 'tools/perf/scripts/python/export-to-sqlite.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: