>> Hi, >> >> i'm having problems with audit rule modifier - it's just not working when >> used alone. I'm trying to enable only logging with this: >> audit /home/** a, >> audit /home/** w, >By only logging you mean logging of an access but not granting permission?
I mean logging of an access AND granting permission. > >> >> It should work according to documentation ( >> http://wiki.apparmor.net/index.php/QuickProfileLanguage#Rule_Modifiers ) but >> it's doing nothing. I was able to enable logging only with this running in >> complain mode: >> audit deny /home/**/*.php a, >> audit deny /home/**/*.php w, >> >these two rules where necessary to get logging in complain mode? Well, i just read in docs that 'w' implies also 'a', so only the second line is necessary. But yes, i had to use 'audit deny' for logging to work (and, as i want to NOT deny the action, i had to use complain mode). >> Audit alone it not working. Is this a known bug? Thanks. >> >It is not known. > >Can you send us the full profile you are using? Here is the complete profile (i already removed that 'a' line and tested it): /usr/lib/apache2/mpm-itk/apache2 { network, capability, file, audit deny /home/**/*.php w, } As i said, i'm running this in complain mode because i don't want to deny the action on last line. I want to use apparmor only for logging access to files via PHP (i will be processing that log later). Thank you. azur -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
