I'm afraid we are talking about two different things...
In your example
Code:
Dec 2 21:27:21 maverick kernel: [ 693.304375] type=1400 audit(1291350441.726:15): apparmor="DENIED" operation="open" parent=1820 profile="/usr/bin/evince" name="/boot/initrd.img-2.6.35-23-generic" pid=1843 comm="evince" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
AA denied access to /boot/initrd.img-2.6.35-23-generic because you explicitly did not allow the application to access that file in its AA profile. This is of course logged.
But what I'm talking about is this: if I add this line to usr.bin.evince
Code:
deny /boot/initrd.img-2.6.35-23-generic r,
and then attempt to open the initrd file using evince, the access will be denied AND it will not be logged. BTW the quote you gave ("deny rules - In a profile any rule with the deny prefix will cause quieting of rejects matching the rule. ") IMO confirms this.
My original question was: can this behavior be applied to the network rule as well?
Bookmarks