From c1644cd7574c25af42566781f1b9164a4c49c3d8 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Fri, 2 Apr 2021 10:43:29 +0100
Subject: [PATCH] Receive on screen notifications of AppArmor denials.

---
 root/etc/xdg/autostart/apparmor-notify.desktop | 8 ++++++++
 root/usr/lib/sysusers.d/apparmor.d.conf        | 2 ++
 2 files changed, 10 insertions(+)
 create mode 100644 root/etc/xdg/autostart/apparmor-notify.desktop
 create mode 100644 root/usr/lib/sysusers.d/apparmor.d.conf

diff --git a/root/etc/xdg/autostart/apparmor-notify.desktop b/root/etc/xdg/autostart/apparmor-notify.desktop
new file mode 100644
index 00000000..36d6e71d
--- /dev/null
+++ b/root/etc/xdg/autostart/apparmor-notify.desktop
@@ -0,0 +1,8 @@
+[Desktop Entry]
+Type=Application
+Name=AppArmor Notify
+Comment=Receive on screen notifications of AppArmor denials
+TryExec=aa-notify
+Exec=aa-notify -p -s 1 -w 60 -f /var/log/audit/audit.log
+StartupNotify=false
+NoDisplay=true
diff --git a/root/usr/lib/sysusers.d/apparmor.d.conf b/root/usr/lib/sysusers.d/apparmor.d.conf
new file mode 100644
index 00000000..c5bd1271
--- /dev/null
+++ b/root/usr/lib/sysusers.d/apparmor.d.conf
@@ -0,0 +1,2 @@
+# Allow the user to read the apparmor log
+g audit -