From 793a373510a9ea65334f0e6393dfcadb511df8a6 Mon Sep 17 00:00:00 2001
From: Max Altgelt <max.altgelt@nextron-systems.com>
Date: Wed, 22 May 2024 12:08:42 +0100
Subject: [PATCH] fix: do not ignore AVC messages

AppArmor messages are also logged as AVC messages. The current
behaviour blocks them all, so no apparmor messages are printed.
Change this to allow AVC.
---
 audit.rules | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/audit.rules b/audit.rules
index e8c501e..1bc613f 100644
--- a/audit.rules
+++ b/audit.rules
@@ -74,9 +74,6 @@
 
 ### We put these early because audit is a first match wins system.
 
-## Ignore SELinux AVC records
--a always,exclude -F msgtype=AVC
-
 ## Ignore current working directory records
 -a always,exclude -F msgtype=CWD