From e616b9b3fc7c7efbb440f06b32e0e4c4067ddbba Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Thu, 29 Feb 2024 00:20:37 +0000
Subject: [PATCH] feat(aa-log): ensure unix rule are not confused with network
 unix rule.

Both are technically the same, we simply prioritize `unix` to `network unix`.
---
 pkg/aa/profile.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/pkg/aa/profile.go b/pkg/aa/profile.go
index 1ca09ddd..eb56ec7e 100644
--- a/pkg/aa/profile.go
+++ b/pkg/aa/profile.go
@@ -85,7 +85,11 @@ func (p *AppArmorProfile) AddRule(log map[string]string) {
 	case "cap":
 		p.Rules = append(p.Rules, CapabilityFromLog(log))
 	case "net":
-		p.Rules = append(p.Rules, NetworkFromLog(log))
+		if log["family"] == "unix" {
+			p.Rules = append(p.Rules, UnixFromLog(log))
+		} else {
+			p.Rules = append(p.Rules, NetworkFromLog(log))
+		}
 	case "mount":
 		switch log["operation"] {
 		case "mount":