Load Rules on boot in audit framework? 09 January 2021, 07:22:48 I have a folder called /run/systemd that gets created on boot. I'm new to runit so I was curious as to what exactly was creating this folder. I made a rule in audit (auditctl) to find out, but since rules get removed when the service is closed, I put the rule in /etc/audit/audit.rules like it said in the man page for auditd. That didn't work, so I put it in /etc/audit/rules.d and generated a /etc/audit/audit.rules using augenrules. That did not work either. I'm on kernel 5.10.4 and I have audit-runit installed and the service is running. I tested it and audit is working on a testing folder, it just doesn't reload the rule from audit.rules on boot (tested that with auditctl -l). My rule is the following:Code: [Select]-w /run/systemd -p wa -k systemd I can load this rule using auditctl -R so I dont think it's the syntax or anything.Not sure if it's maybe something about runit I missed or something else. Any help would be appreciated. Thanks.