From a6feeff4839729fe3ec030b9b4f6dd4d5d4de5aa Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Thu, 19 Aug 2021 12:32:25 +0200
Subject: [PATCH] Create audit rules with 064 permissions

---
 shared/macros-ansible.jinja | 1 +
 1 file changed, 1 insertion(+)

diff --git a/shared/macros-ansible.jinja b/shared/macros-ansible.jinja
index b26966238a21..3e333cc91b09 100644
--- a/shared/macros-ansible.jinja
+++ b/shared/macros-ansible.jinja
@@ -467,6 +467,7 @@ The macro requires following parameters:
     path: '{{ audit_file }}'
     line: "{{{ action_arch_filters }}}{{{ syscall_flag }}}{{ syscalls | join(',') }}{{{ other_filters }}}{{{ auid_filters}}} -F key={{{ key }}}"
     create: true
+    mode: 0640
     state: present
   when: syscalls_found | length == 0
 {{%- endmacro %}}