AUDIT events happen if your profile has a rule like
audit /tmp/tempfile/ r,
and the program is then really doing something that needs this rule (like getting a directory listing for /tmp/tempfile/).
"audit" means that the action is allowed (but gets logged every time), so there's nothing aa-logprof should ask about.
So for AUDIT events, aa-logprof works as expected - those things are already allowed, so there's nothing to ask ;-)
> c0n7r4 (c0n7r4) wrote:
> apparmor="AUDIT"
AUDIT events happen if your profile has a rule like
audit /tmp/tempfile/ r,
and the program is then really doing something that needs this rule (like getting a directory listing for /tmp/tempfile/).
"audit" means that the action is allowed (but gets logged every time), so there's nothing aa-logprof should ask about.
So for AUDIT events, aa-logprof works as expected - those things are already allowed, so there's nothing to ask ;-)