Sadly yes. AppArmor currently doesn't do audit message deduping, leaving it entirely to the audit infrastructure. Which means denial messages can fill the logs.
There is current work to fix this by providing a dedup cache that will hopefully land in 4.20 ** Changed in: apparmor (Ubuntu) Importance: Undecided => Wishlist -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1787600 Title: kernel: [ 6230.503218] audit: type=1400 audit(1534512537.321:398960): apparmor="DENIED" operation="open" profile="snap.gnome-system-monitor .gnome-system-monitor" name="/run/mount/utab" pid=2265 comm="gnome- system-mo" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1787600/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
