[PATCH 6.6 02/32] audit: record fanotify event regardless of presence of rules

patches.lists.linux.dev archive mirror
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	patches@lists.linux.dev, Richard Guy Briggs <rgb@redhat.com>,
	Paul Moore <paul@paul-moore.com>, Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.6 02/32] audit: record fanotify event regardless of presence of rules
Date: Fri, 31 Oct 2025 15:00:56 +0100	[thread overview]
Message-ID: <20251031140042.450183807@linuxfoundation.org> (raw)
In-Reply-To: <20251031140042.387255981@linuxfoundation.org>

6.6-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Richard Guy Briggs <rgb@redhat.com>

[ Upstream commit ce8370e2e62a903e18be7dd0e0be2eee079501e1 ]

When no audit rules are in place, fanotify event results are
unconditionally dropped due to an explicit check for the existence of
any audit rules.  Given this is a report from another security
sub-system, allow it to be recorded regardless of the existence of any
audit rules.

To test, install and run the fapolicyd daemon with default config.  Then
as an unprivileged user, create and run a very simple binary that should
be denied.  Then check for an event with
	ausearch -m FANOTIFY -ts recent

Link: https://issues.redhat.com/browse/RHEL-9065
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 include/linux/audit.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/linux/audit.h b/include/linux/audit.h
index 335e1ba5a2327..7ca75f8873799 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -526,7 +526,7 @@ static inline void audit_log_kern_module(const char *name)
 
 static inline void audit_fanotify(u32 response, struct fanotify_response_info_audit_rule *friar)
 {
-	if (!audit_dummy_context())
+	if (audit_enabled)
 		__audit_fanotify(response, friar);
 }
 
-- 
2.51.0

next prev parent reply	other threads:[~2025-10-31 14:02 UTC|newest]

Thread overview: 41+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-10-31 14:00 [PATCH 6.6 00/32] 6.6.116-rc1 review Greg Kroah-Hartman
2025-10-31 14:00 ` [PATCH 6.6 01/32] net/sched: sch_qfq: Fix null-deref in agg_dequeue Greg Kroah-Hartman
2025-10-31 14:00 ` Greg Kroah-Hartman [this message]
2025-10-31 14:00 ` [PATCH 6.6 03/32] perf: Use current->flags & PF_KTHREAD|PF_USER_WORKER instead of current->mm == NULL Greg Kroah-Hartman
2025-10-31 14:00 ` [PATCH 6.6 04/32] perf: Have get_perf_callchain() return NULL if crosstask and user are set Greg Kroah-Hartman
2025-10-31 14:00 ` [PATCH 6.6 05/32] perf: Skip user unwind if the task is a kernel thread Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.6 06/32] x86/bugs: Report correct retbleed mitigation status Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.6 07/32] x86/bugs: Fix reporting of LFENCE retpoline Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.6 08/32] EDAC/mc_sysfs: Increase legacy channel support to 16 Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.6 09/32] btrfs: zoned: return error from btrfs_zone_finish_endio() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.6 10/32] btrfs: zoned: refine extent allocator hint selection Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.6 11/32] btrfs: scrub: replace max_t()/min_t() with clamp() in scrub_throttle_dev_io() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.6 12/32] btrfs: always drop log root tree reference in btrfs_replay_log() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.6 13/32] btrfs: use level argument in log tree walk callback replay_one_buffer() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.6 14/32] btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.6 15/32] arch: Add the macro COMPILE_OFFSETS to all the asm-offsets.c Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.6 16/32] mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.6 17/32] selftests: mptcp: disable add_addr retrans in endpoint_tests Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.6 18/32] selftests: mptcp: join: mark delete re-add signal as skipped if not supported Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.6 19/32] serial: sc16is7xx: remove unused to_sc16is7xx_port macro Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.6 20/32] serial: sc16is7xx: reorder code to remove prototype declarations Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.6 21/32] serial: sc16is7xx: refactor EFR lock Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.6 22/32] serial: sc16is7xx: remove useless enable of enhanced features Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.6 23/32] xhci: dbc: poll at different rate depending on data transfer activity Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.6 24/32] xhci: dbc: Allow users to modify DbC poll interval via sysfs Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.6 25/32] xhci: dbc: Improve performance by removing delay in transfer event polling Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.6 26/32] xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.6 27/32] xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.6 28/32] bits: add comments and newlines to #if, #else and #endif directives Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.6 29/32] bits: introduce fixed-type GENMASK_U*() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.6 30/32] gpio: regmap: Allow to allocate regmap-irq device Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.6 31/32] gpio: regmap: add the .fixed_direction_output configuration parameter Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.6 32/32] gpio: idio-16: Define fixed direction of the GPIO lines Greg Kroah-Hartman
2025-10-31 15:15 ` [PATCH 6.6 00/32] 6.6.116-rc1 review Peter Schneider
2025-10-31 18:21 ` Florian Fainelli
2025-10-31 19:34 ` Jon Hunter
2025-10-31 22:37 ` Shuah Khan
2025-11-01  9:53 ` Naresh Kamboju
2025-11-01 11:51 ` Ron Economos
2025-11-01 19:32 ` Brett A C Sheffield
2025-11-01 21:02 ` Miguel Ojeda

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:335e1ba5a232 dfblob:7ca75f887379 )
 OR (
bs:"[PATCH 6.6 02/32] audit: record fanotify event regardless of presence of rules" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20251031140042.450183807@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=patches@lists.linux.dev \
    --cc=paul@paul-moore.com \
    --cc=rgb@redhat.com \
    --cc=sashal@kernel.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).