permissions in audit { ... } blocks are ignored

Bug #1480472 reported by Christian Boltz
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
New
Undecided
Unassigned

Bug Description

AppArmor 2.10

If I have a profile with
    audit capability chown,
it gives me the expected AUDIT log entry.

However, using an audit block:
     audit {
         capability chown,
     }
it doesn't work and gives me a DENIED log instead - so it seems the content of the audit block is completely ignored :-(

For the records: I tested with a copy of /usr/bin/chown and the following profile:

#include <tunables/global>
/tmp/chown {
  #include <abstractions/base>
  /** rw,
  audit capability chown, # changed to an audit block for the second version
}

Tags: aa-parser
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.