From 5d40cc11665a74dfeb75f623ab839cf4d444b564 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Mon, 25 Mar 2024 20:32:13 +0000
Subject: [PATCH] fix(aa-log): handle owner rule even if thhe log is not
 complete.

---
 pkg/aa/rules.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/pkg/aa/rules.go b/pkg/aa/rules.go
index a80f69f00..c2702148d 100644
--- a/pkg/aa/rules.go
+++ b/pkg/aa/rules.go
@@ -39,9 +39,8 @@ func NewQualifierFromLog(log map[string]string) Qualifier {
 	owner := false
 	fsuid, hasFsUID := log["fsuid"]
 	ouid, hasOuUID := log["ouid"]
-	OUID, hasOUID := log["OUID"]
 	isDbus := strings.Contains(log["operation"], "dbus")
-	if hasFsUID && hasOuUID && hasOUID && fsuid == ouid && OUID != "root" && !isDbus {
+	if hasFsUID && hasOuUID && fsuid == ouid && ouid != "0" && !isDbus {
 		owner = true
 	}