Description of problem:

Playing around with fapolicyd, installed on a freshly new system, with no specific post configuration performed, I noticed that denials weren't leading to FANOTIFY audit events, e.g. with `fapolicyd --debug-deny` executing:

-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
[user@vm-fapolicy8 ~]$ ./hello
-bash: ./hello: Operation not permitted

1. journalctl --follow -u fapolicyd.service
   [...]
   Mar 24 14:18:06 vm-fapolicy8 fapolicyd[2049]: rule=13 dec=deny_audit perm=execute auid=1000 pid=2086 exe=/usr/bin/bash : path=/home/user/hello ftype=application/x-executable trust=0

1. ausearch -m FANOTIFY -ts recent
   <no matches>
   • • • • • • • 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

Version-Release number of selected component (if applicable):

audit-3.0.7-4.el8.x86_64
fapolicyd-1.1.3-8.el8_7.1.x86_64
kernel-core-4.18.0-425.13.1.el8_7.x86_64

How reproducible:

Always

Steps to Reproduce:
1. Build a custom untrusted binary

-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
[user@vm-fapolicy8 ~]$ cat > hello.c << EOF
#include <stdio.h>
int main(int argc, char *argv[])

EOF

[user@vm-fapolicy8 ~]$ gcc -o hello hello.c
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

2. Try executing it

-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
[user@vm-fapolicy8 ~]$ ./hello
-bash: ./hello: Operation not permitted
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

3. Check for audit event

-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
[root@vm-fapolicy8 ~]# ausearch -m FANOTIFY -ts recent
<no matches>
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

Actual results:

None

Expected results:

Some event