Ah! The rule ``` audit dbus bus=system, ```
is the problem. It is tagging every dbus match to be audited. You can drop that rule entirely, and just add dbus allow rules as needed, like the first 3 rules. Or you could allow all dbus system bus accesses by dropping the ```audit``` keyword, in which case you could also drop the first 3 dbus rules. Unfortunately you can't do what this rule is trying to do atm, which allow dbus accesses but log the ones we don't know about, while enforcing the other rules. You can get something some what close by putting the profile into complain mode, which will log a message for every unknown access type, but it will also allow all accesses. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1948752 Title: apparmor is logging too many messages Status in Redshift: New Status in apparmor package in Ubuntu: New Bug description: Unfortunately, this bug does not seem to be fixed yet. My syslog is flooded with ALLOWED messages regarding redshift. My system is a Kubuntu 21.04. AppArmor is V. 3.0.0-0ubuntu7.1 Attached you'll find an excerpt from /var/log/syslog for the last 5 minutes. To manage notifications about this bug go to: https://bugs.launchpad.net/redshift/+bug/1948752/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
