Pete Markowsky

@Zehpto were you able to sort this out? Your comments about the database being corrupted seems like something is off environmentally.

>An alternative approach to modifying this screen (which may get a bit cluttered with my proposal above) would be a 'Copy to clipboard' button which would stick all this information...

@izzh Are you looking for something more than the https://santa.dev/deployment/file-access-auth.html#eventdetailurl in the FAA config and the WatchItem EventDetailURL that lets you override that?

Looking at my notes I believe what we're looking for here is: 1. Adding an indicator to mount events as to whether or not enforcement is in effect. 2. If...

> If possible adding a flag for mounts that are just Santa bootstrapping its understanding of the environment. @mlw Correct me if I'm wrong here but 2023.9 handles this point...

What's involved in changing this over? Is it as simple as changing the type or is there more to rewrite?

>A reasonable person might assume that if a user can use santactl to add a specific binary to the ALLOWLIST_COMPILER policy, they should also be able to enable the feature...

Unfortunately just noticed that we're only reporting if transitive rules are enabled in `santactl status` if a sync service url is set. I've filed #1276 to address this.

A few thoughts here ### 1. can you run `sudo eslogger exec close` (⚠️ This is very noisy) and clean up the log to just have events and send the...

Another thing we should do is look at the daemon logs. Can you run `log stream --predicate 'sender=="com.google.santa.daemon"'` You should see the messages for creating transitive rules if this is...