Triggering a SELinux denial on a file descriptor operation (e.g. fchmod(2)) creates an audit record path field with a name of (null).
Since the path of the file descriptor is exported by reading the symlink target of /proc/\<PID>/fd/\<FD> the audit subsystem should be able to provide it.
System: Debian sid Kernel:
Linux hostname 5.19.0-1-amd64 #1 SMP PREEMPT_DYNAMIC Debian 5.19.6-1 (2022-09-01) x86_64 GNU/Linux
Auditd: 3.0.9Triggering a SELinux denial on a file descriptor operation (e.g. fchmod(2)) creates an audit record path field with a name of
(null)
. Since the path of the file descriptor is exported by reading the symlink target of /proc/\<PID>/fd/\<FD> the audit subsystem should be able to provide it.