[apparmor] Problem with audit rule modifier

John Johansen john.johansen at canonical.com
Fri Jun 28 17:35:17 UTC 2013

On 06/28/2013 08:36 AM, azurIt wrote:
> Hi,
> i'm having problems with audit rule modifier - it's just not working when used alone. I'm trying to enable only logging with this:
> audit /home/** a,
> audit /home/** w,
By only logging you mean logging of an access but not granting permission?

> It should work according to documentation ( http://wiki.apparmor.net/index.php/QuickProfileLanguage#Rule_Modifiers ) but it's doing nothing. I was able to enable logging only with this running in complain mode:
> audit deny /home/**/*.php a,
> audit deny /home/**/*.php w,
these two rules where necessary to get logging in complain mode?

> Audit alone it not working. Is this a known bug? Thanks.
It is not known.

Can you send us the full profile you are using?

More information about the AppArmor mailing list