# Allow enabling of audit logging to file path "sys/audit/file" { capabilities = ["update", "sudo"] } # Allow listing of audit devices path "sys/audit" { capabilities = ["read", "sudo"] }