Comment 17 for bug 1399027

> c0n7r4 (c0n7r4) wrote:
> apparmor="AUDIT"

AUDIT events happen if your profile has a rule like
    audit /tmp/tempfile/ r,
and the program is then really doing something that needs this rule (like getting a directory listing for /tmp/tempfile/).

"audit" means that the action is allowed (but gets logged every time), so there's nothing aa-logprof should ask about.

So for AUDIT events, aa-logprof works as expected - those things are already allowed, so there's nothing to ask ;-)