Comment 1 for bug 1431717

I've confirmed this with a simpler program/profile and 'ix' mode:

$ cat profile
#include <tunables/global>

profile audit-exec {
  #include <abstractions/base>

  audit /bin/true ix,
}
$ sudo apparmor_parser -r profile
$ cat test.c
#include <unistd.h>
#include <stdio.h>

int main(void)
{
 execl("/bin/true", "true", NULL);
 perror("execl");
 return 0;
}
$ gcc test.c -Wall -o test
$ aa-exec -p audit-exec -- ./test

There is no audit event for the execl(2) of /bin/true. If I change the rule to 'audit deny /bin/true x,' the execl(2) is denied and an audit event is generated.

That means that the bug does not allow confined programs to gain exec permissions in any way and the denial of exec still generates an audit event. This bug seems to only affect the auditing of allowed exec events.