mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
AppArmor_Failures: really fiexample log format
Steve Beattie
parent
d8b5a10bf4
commit
5f2580ac53
1 changed files with 1 additions and 1 deletions
|
|
@ -72,7 +72,7 @@ is setup but are usually in one or more of the following locations:
|
|||
|
||||
A typical denied message looks like the following:
|
||||
|
||||
type=APPARMOR\_ALLOWED msg=audit(1212396827.141:861): operation=“inode\_unlink” requested\_mask=“w” denied\_mask=“w” name=“/tmp/orbit-jj/linc-e6e-0-2acdd337d87e5” pid=3694 profile=“/usr/bin/foo”
|
||||
type=APPARMOR_ALLOWED msg=audit(1212396827.141:861): operation=“inode_unlink” requested_mask=“w” denied_mask=“w” name=“/tmp/orbit-jj/linc-e6e-0-2acdd337d87e5” pid=3694 profile=“/usr/bin/foo”
|
||||
|
||||
Notice the 'denied\_mask' in the above log entry. auditd will use
|
||||
'DENIED' instead. In general, you can use one of (as root):
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue