The audit flags are not being set correctly by the parser so that audit capability XXX,
will not result in an audit message being logged when the capability is used. Signed-off-by: John Johansen <[email protected]> --- === modified file 'parser/parser_yacc.y' --- parser/parser_yacc.y 2014-09-03 20:22:26 +0000 +++ parser/parser_yacc.y 2014-10-07 11:17:18 +0000 @@ -793,13 +793,17 @@ if ($2.owner) yyerror(_("owner prefix not allowed on capability rules")); - if ($2.deny) - $1->caps.deny |= $3; - else + if ($2.deny && $2.audit) { + $1->caps.deny |= $3; + } else if ($2.deny) { + $1->caps.deny |= $3; + $1->caps.quiet |= $3; + } else { $1->caps.allow |= $3; + if ($2.audit) + $1->caps.audit |= $3; + } - if (!$2.audit) - $1->caps.quiet |= $3; $$ = $1; }; -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
