From 4dfc1388e32e8de66bec8cb60a617172e6ca2c18 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sat, 30 Sep 2023 13:28:41 +0100
Subject: [PATCH] feat(aa): add support for audit log.

---
 pkg/aa/rules.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/pkg/aa/rules.go b/pkg/aa/rules.go
index d2bfb91d2..977c57e1c 100644
--- a/pkg/aa/rules.go
+++ b/pkg/aa/rules.go
@@ -25,6 +25,10 @@ func NewQualifierFromLog(log map[string]string) Qualifier {
 		owner = true
 	}
 
+	audit := false
+	if log["apparmor"] == "AUDIT" {
+		audit = true
+	}
 	fileInherit := false
 	if log["operation"] == "file_inherit" {
 		fileInherit = true
@@ -34,7 +38,7 @@ func NewQualifierFromLog(log map[string]string) Qualifier {
 		noNewPrivs = true
 	}
 	return Qualifier{
-		Audit:       false,
+		Audit:       audit,
 		AccessType:  "",
 		Owner:       owner,
 		NoNewPrivs:  noNewPrivs,