> c0n7r4 (c0n7r4) wrote:
> apparmor="AUDIT"
AUDIT events happen if your profile has a rule like
audit /tmp/tempfile/ r,
and the program is then really doing something that needs this rule (like
getting a directory listing for /tmp/tempfile/).
"audit" means that the action is allowed (but get
Linux Mint is not parsing AppArmor complain log files correctly, I'm not
sure why.
a sample from the audit.log file is
type=AVC msg=audit(1212212212.121:13867): apparmor="AUDIT" operation="open"
profile="/usr/bin/testfile" name="/tmp/tempfile/" pid=2686 comm="testfile"
requested_mask="r" fsuid=0
Writing updated profile for /usr/bin/konversation.
Setting /usr/bin/konversation to complain mode.
Before you begin, you may wish to check if a
profile already exists for the application you
wish to confine. See the following wiki page for
more information:
http://wiki.apparmor.net/index.php/Profi
This bug was fixed in the package apparmor - 2.8.95~2430-0ubuntu5.2
---
apparmor (2.8.95~2430-0ubuntu5.2) trusty-proposed; urgency=medium
* debian/patches/php5-Zend_semaphore-lp1401084.patch: allow php5
abstraction access to Zend opcache files (LP: #1401084)
* debian/patches/d
