[v1,0/2] override audit silence norule for fs cases

Message

Richard Guy Briggs March 5, 2025, 9:33 p.m. UTC

The audit subsystem normally suppresses output when there are no rules
present to avoid overwhelming the user with unwanted messages.  It could
be argued that another security subsystem would generally want to
override that default.  Allow them through for fsnotify and filesystem
security violations.

Richard Guy Briggs (2):
  audit: record fanotify event regardless of presence of rules
  audit: record AUDIT_ANOM_* events regardless of presence of rules

 include/linux/audit.h | 8 +-------
 kernel/audit.c        | 2 +-
 kernel/auditsc.c      | 2 +-
 3 files changed, 3 insertions(+), 9 deletions(-)