I have found two cases where apparmor was incorrectly dropping messages, though neither of them are due to "deleted". They where
- improper quieting of some network denials
- failure to log domain transitions when mandatory profile not present
The larger problem of the audit subsystem just dropping audit messages without even logging the message was lost has also not been fixed. There is currently a new patchset from kees to fix some of the problems, and I will rebase/rework my original patchset and try again.
So an update of the slow progress on this bug,
I have found two cases where apparmor was incorrectly dropping messages, though neither of them are due to "deleted". They where
- improper quieting of some network denials
- failure to log domain transitions when mandatory profile not present
The larger problem of the audit subsystem just dropping audit messages without even logging the message was lost has also not been fixed. There is currently a new patchset from kees to fix some of the problems, and I will rebase/rework my original patchset and try again.