diff --git a/parser/parser_misc.c b/parser/parser_misc.c
index d66c990d7..5582ff9fb 100644
--- a/parser/parser_misc.c
+++ b/parser/parser_misc.c
@@ -97,6 +97,7 @@ static struct keyword_table keyword_table[] = {
 	{"audit",		TOK_AUDIT},
 	{"deny",		TOK_DENY},
 	{"allow",		TOK_ALLOW},
+	{"prompt",		TOK_PROMPT},
 	{"set",			TOK_SET},
 	{"rlimit",		TOK_RLIMIT},
 	{"alias",		TOK_ALIAS},
diff --git a/parser/parser_yacc.y b/parser/parser_yacc.y
index b225fb5d0..10aca3227 100644
--- a/parser/parser_yacc.y
+++ b/parser/parser_yacc.y
@@ -115,6 +115,7 @@ static void abi_features(char *filename, bool search);
 %token TOK_AUDIT
 %token TOK_DENY
 %token TOK_ALLOW
+%token TOK_PROMPT
 %token TOK_PROFILE
 %token TOK_SET
 %token TOK_ALIAS
@@ -632,6 +633,7 @@ opt_owner_flag: { /* nothing */ $$ = 0; }
 opt_rule_mode: { /* nothing */ $$ = RULE_UNSPECIFIED; }
 	| TOK_ALLOW { $$ = RULE_ALLOW; }
 	| TOK_DENY { $$ = RULE_DENY; }
+	| TOK_PROMPT { $$ = RULE_PROMPT; }
 
 opt_prefix: opt_audit_flag opt_rule_mode opt_owner_flag
 	{
@@ -674,8 +676,11 @@ rules: rules opt_prefix block
 	{
 		struct cod_entry *entry, *tmp;
 
-		PDEBUG("matched: %s%s%sblock\n", $2.audit == AUDIT_FORCE ? "audit " : "",
-		       $2.rule_mode == RULE_DENY ? "deny " : "", $2.owner ? "owner " : "");
+		PDEBUG("matched: %s%s%sblock\n",
+		       $2.audit == AUDIT_FORCE ? "audit " : "",
+		       $2.rule_mode == RULE_DENY ? "deny " : "",
+		       $2.rule_mode == RULE_PROMPT ? "prompt " : "",
+		       $2.owner ? "owner " : "");
 		list_for_each_safe($3->entries, entry, tmp) {
 			const char *error;
 			entry->next = NULL;
diff --git a/parser/rule.h b/parser/rule.h
index 05dbed13d..a7234c778 100644
--- a/parser/rule.h
+++ b/parser/rule.h
@@ -153,7 +153,7 @@ typedef std::list<rule_t *> RuleList;
 /* Not classes so they can be used in the bison front end */
 typedef uint32_t perms_t;
 typedef enum { AUDIT_UNSPECIFIED, AUDIT_FORCE, AUDIT_QUIET } audit_t;
-typedef enum { RULE_UNSPECIFIED, RULE_ALLOW, RULE_DENY } rule_mode_t;
+typedef enum { RULE_UNSPECIFIED, RULE_ALLOW, RULE_DENY, RULE_PROMPT } rule_mode_t;
 
 /* NOTE: we can not have a constructor for class prefixes. This is
  * because it will break bison, and we would need to transition to
@@ -183,6 +183,13 @@ public:
 		}
 
 		switch (rule_mode) {
+		case RULE_ALLOW:
+			if (output)
+				os << " ";
+
+			os << "allow";
+			output = true;
+			break;
 		case RULE_DENY:
 			if (output)
 				os << " ";
@@ -190,6 +197,13 @@ public:
 			os << "deny";
 			output = true;
 			break;
+		case RULE_PROMPT:
+			if (output)
+				os << " ";
+
+			os << "prompt";
+			output = true;
+			break;
 		default:
 			break;
 		}