Apparmor issues with audit


I’m having some permission issues with the file /var/log/audit/audit.log the file exists but can only be read by the root user. In this case I’m working with apparmor and have followed the instructions on the archlinux wiki exactly. The file exists, I’ve created and am a member of the audit group, and have added the necessary line to audit.conf yet unfortunately when I try to run aa-notify -p -s 1 -w 60 -f /var/log/audit/audit.log things do not work, and I can’t read the log file I previously mentioned. Searching around on the internet about this pretty much just turns up red hat articles that don’t really help me. I will say that I get the expected behaviour when running the aforementioned command. Any help with this would be greatly appreciated

What should the file and directory permissions be?

The AppArmor page does not provide any insight into that, however for me here are the permissions:

drwx------ root root

If you want it to be accessible by the audit group then you’ll need to change the permissions to allow access.

Ok, I changed the group of the directory to audit and added read, write, and execute permissions for group to the directory. This seems to be working. Is this the most proper way to handle this?

@jonathon Not sure what’s happening now, but the changes to permissions are not persistent. The second the system is restarted they revert back to what I sent earlier.