-
anonym authored
The basic idea is to first run a "I start monitoring the AppArmor log" step, which records the current time, and that any "AppArmor has denied" step run for the same profile later will only look at entries from that time and on. The wordings on the steps now make the scenarios a bit clearer, and we also don't have to clear syslog any more as an ugly workaround. Furthermore, this will bring us close to a clean solution of #9924, which will require us to run a sysctl command *before* anything that could generate the AppArmor log entries we're interested in. The "I monitor" step is a perfect candidate for that, wereas we before would need yet another step.
5cb5daf4