-
Bug
-
Resolution: Done
-
Normal
-
rhel-8.10, rhel-10.0, rhel-9.6
-
None
-
rhel-sst-ccs
-
2
-
False
-
False
-
-
None
-
Red Hat Enterprise Linux
-
CCS 2025-19
-
None
-
Done
-
Not Required
-
Not Required
Document link:
Section number and name:
- For RHEL 8: 12.2. Deploying fapolicyd
- For RHEL 9: 12.2. Deploying fapolicyd
- For RHEL 10: 10.2. Deploying fapolicyd
Describe the issue:
- Step 4. says "If you enabled permissive mode through /etc/fapolicyd/fapolicyd.conf: "
- This suggests that you need to apply the following steps only if you have set the permissive mode
- In fact, if you don't apply the following steps or make sure to have at least one audit rule enabled there will be no logging to `audit.log`
Impact of this issue:
- Access denied events from `fapolicyd` won't show up in `audit.log`
- This would increase the users effort for troubleshooting
Suggestions for improvement:
- Remove the condition of the enabled permissive mode
- The documentation should clearly state what steps are necessary to log 'access denied' events to `audit.log`
- Either include the steps from the solution "No FANOTIFY event seen in the audit log despite fapolicyd blocking operations" or reference it
- Reference the manpage `fapolicyd(8)` at the end of the section for more information
