Hello,
On some Ubuntu 22 and 24 systems, syslog is being cluttered with
messages like this which is completely uninteresting:
Feb 05 16:17:01 myhost.example.com audit[353829]: AVC apparmor="ALLOWED"
operation="open" profile="/usr/sbin/sssd" name="/proc/420747/cmdline"
pid=353829 comm="sssd_nss" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
I would certainly like to know about DENIED events, but how can I have
apparmor/audit stop logging about ALLOWED events?
--
Regards,
Troels Arvin
- [apparmor] Prevent log message about ALLOWED apparmor events... Troels Arvin
-
