Comment # 1 on bug 1178154 from Marcus R�ckert

aa-notify allows creating desktop notifications for apparmor violations. but
this tool needs read access to /var/log/audit/audit.log.

on option would be to change the permissions of the file and directory to

root:audit u=rwX,g=rX,o=

then one could add the users to that group and they could run aa-notify.
Other options might be having a dbus service that could run as root and inject
the messages into dbus and then they could be picked up by the normal
notification services running in the desktop environment.

Could the security team advice which solution would be preferred to solve the
problem? do we have upstream contacts we could use to come to a cross distro
solution for this problem?