Public bug reported:
On xubuntu 25.04 desktop system running xfce, with the following
pipeline:
sudo dmesg -x | egrep -v -e type=1400 -e audit -e type=1107 -e
'kauditd_printk_skb: .* callbacks suppressed' | wc -l
Over just under 48 hours there are *14* total messages NOT related to
apparmor, of ~1000 messages total. The rest are things like:
kern :notice: [192478.133140] audit: type=1400 audit(1752963712.161:9538):
apparmor="ALLOWED" operation="file_perm" class="file" profile="Xorg"
name="/proc/driver/nvidia/params" pid=2552 comm="Xorg" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
kern :notice: [192478.133142] audit: type=1400 audit(1752963712.161:9539):
apparmor="ALLOWED" operation="unlink" class="file" profile="Xorg"
name="/dev/char/195:254" pid=2552 comm="Xorg" requested_mask="d"
denied_mask="d" fsuid=0 ouid=0
kern :notice: [192478.133153] audit: type=1400 audit(1752963712.161:9540):
apparmor="ALLOWED" operation="symlink" class="file" profile="Xorg"
name="/dev/char/195:254" pid=2552 comm="Xorg" requested_mask="c"
denied_mask="c" fsuid=0 ouid=0
kern :notice: [230770.061790] audit: type=1400 audit(1753002004.644:9849):
apparmor="DENIED" operation="open" class="file"
profile="snap.firmware-updater.firmware-notifier"
name="/proc/sys/vm/max_map_count" pid=2036274 comm="firmware-notifi"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
kern :notice: [214132.665446] audit: type=1400 audit(1752985367.008:9708):
apparmor="ALLOWED" operation="file_perm" class="file"
profile="transmission-gtk"
name=2F686F6D652F6F62656C69782F746F7272656E742F4C6561726E696E67204F70656E4356203520436F6D707574657220566973696F6E207769746820507974686F6E206279204A6F65204D696E696368696E6F202E2E20455055422F4C6561726E696E67204F70656E4356203520436F6D707574657220566973696F6E207769746820507974686F6E206279204A6F65204D696E696368696E6F202E2E2E65707562
pid=629774 comm="transmission-gt" requested_mask="r" denied_mask="r"
fsuid=1000 ouid=1000
kern :notice: [214132.665498] audit: type=1400 audit(1752985367.008:9709):
apparmor="ALLOWED" operation="file_perm" class="file"
profile="transmission-gtk"
name=2F686F6D652F6F62656C69782F746F7272656E742F4C6561726E696E67204F70656E4356203520436F6D707574657220566973696F6E207769746820507974686F6E206279204A6F65204D696E696368696E6F202E2E20455055422F4C6561726E696E67204F70656E4356203520436F6D707574657220566973696F6E207769746820507974686F6E206279204A6F65204D696E696368696E6F202E2E2E65707562
pid=629774 comm="transmission-gt" requested_mask="r" denied_mask="r"
fsuid=1000 ouid=1000
in colosal ongoing unending amounts. Even if relevant to apparmor
profile development, such logs should not be enabled by default with end
users, as they interfere with basic monitoring of system health and
operations, while not being actionable or important to the end user in
any way. Please disable them by default.
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
On xubuntu 25.04 desktop system running xfce, with the following
pipeline:
sudo dmesg -x | egrep -v -e type=1400 -e audit -e type=1107 -e audit -e
'kauditd_printk_skb: .* callbacks suppressed' | wc -l
Over just under 48 hours there are *14* total messages NOT related to
- apparmor. The rest are things like:
+ apparmor, of ~1000 messages total. The rest are things like:
kern :notice: [192478.133140] audit: type=1400 audit(1752963712.161:9538):
apparmor="ALLOWED" operation="file_perm" class="file" profile="Xorg"
name="/proc/driver/nvidia/params" pid=2552 comm="Xorg" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
kern :notice: [192478.133142] audit: type=1400 audit(1752963712.161:9539):
apparmor="ALLOWED" operation="unlink" class="file" profile="Xorg"
name="/dev/char/195:254" pid=2552 comm="Xorg" requested_mask="d"
denied_mask="d" fsuid=0 ouid=0
kern :notice: [192478.133153] audit: type=1400 audit(1752963712.161:9540):
apparmor="ALLOWED" operation="symlink" class="file" profile="Xorg"
name="/dev/char/195:254" pid=2552 comm="Xorg" requested_mask="c"
denied_mask="c" fsuid=0 ouid=0
kern :notice: [230770.061790] audit: type=1400 audit(1753002004.644:9849):
apparmor="DENIED" operation="open" class="file"
profile="snap.firmware-updater.firmware-notifier"
name="/proc/sys/vm/max_map_count" pid=2036274 comm="firmware-notifi"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
kern :notice: [214132.665446] audit: type=1400 audit(1752985367.008:9708):
apparmor="ALLOWED" operation="file_perm" class="file"
profile="transmission-gtk"
name=2F686F6D652F6F62656C69782F746F7272656E742F4C6561726E696E67204F70656E4356203520436F6D707574657220566973696F6E207769746820507974686F6E206279204A6F65204D696E696368696E6F202E2E20455055422F4C6561726E696E67204F70656E4356203520436F6D707574657220566973696F6E207769746820507974686F6E206279204A6F65204D696E696368696E6F202E2E2E65707562
pid=629774 comm="transmission-gt" requested_mask="r" denied_mask="r"
fsuid=1000 ouid=1000
kern :notice: [214132.665498] audit: type=1400 audit(1752985367.008:9709):
apparmor="ALLOWED" operation="file_perm" class="file"
profile="transmission-gtk"
name=2F686F6D652F6F62656C69782F746F7272656E742F4C6561726E696E67204F70656E4356203520436F6D707574657220566973696F6E207769746820507974686F6E206279204A6F65204D696E696368696E6F202E2E20455055422F4C6561726E696E67204F70656E4356203520436F6D707574657220566973696F6E207769746820507974686F6E206279204A6F65204D696E696368696E6F202E2E2E65707562
pid=629774 comm="transmission-gt" requested_mask="r" denied_mask="r"
fsuid=1000 ouid=1000
in colosal ongoing unending amounts. Even if relevant to apparmor
profile development, such logs should not be enabled by default with end
users, as they interfere with basic monitoring of system health and
operations, while not being actionable or important to the end user in
any way. Please disable them by default.
** Description changed:
On xubuntu 25.04 desktop system running xfce, with the following
pipeline:
- sudo dmesg -x | egrep -v -e type=1400 -e audit -e type=1107 -e audit -e
+ sudo dmesg -x | egrep -v -e type=1400 -e audit -e type=1107 -e
'kauditd_printk_skb: .* callbacks suppressed' | wc -l
Over just under 48 hours there are *14* total messages NOT related to
apparmor, of ~1000 messages total. The rest are things like:
kern :notice: [192478.133140] audit: type=1400 audit(1752963712.161:9538):
apparmor="ALLOWED" operation="file_perm" class="file" profile="Xorg"
name="/proc/driver/nvidia/params" pid=2552 comm="Xorg" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
kern :notice: [192478.133142] audit: type=1400 audit(1752963712.161:9539):
apparmor="ALLOWED" operation="unlink" class="file" profile="Xorg"
name="/dev/char/195:254" pid=2552 comm="Xorg" requested_mask="d"
denied_mask="d" fsuid=0 ouid=0
kern :notice: [192478.133153] audit: type=1400 audit(1752963712.161:9540):
apparmor="ALLOWED" operation="symlink" class="file" profile="Xorg"
name="/dev/char/195:254" pid=2552 comm="Xorg" requested_mask="c"
denied_mask="c" fsuid=0 ouid=0
kern :notice: [230770.061790] audit: type=1400 audit(1753002004.644:9849):
apparmor="DENIED" operation="open" class="file"
profile="snap.firmware-updater.firmware-notifier"
name="/proc/sys/vm/max_map_count" pid=2036274 comm="firmware-notifi"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
kern :notice: [214132.665446] audit: type=1400 audit(1752985367.008:9708):
apparmor="ALLOWED" operation="file_perm" class="file"
profile="transmission-gtk"
name=2F686F6D652F6F62656C69782F746F7272656E742F4C6561726E696E67204F70656E4356203520436F6D707574657220566973696F6E207769746820507974686F6E206279204A6F65204D696E696368696E6F202E2E20455055422F4C6561726E696E67204F70656E4356203520436F6D707574657220566973696F6E207769746820507974686F6E206279204A6F65204D696E696368696E6F202E2E2E65707562
pid=629774 comm="transmission-gt" requested_mask="r" denied_mask="r"
fsuid=1000 ouid=1000
kern :notice: [214132.665498] audit: type=1400 audit(1752985367.008:9709):
apparmor="ALLOWED" operation="file_perm" class="file"
profile="transmission-gtk"
name=2F686F6D652F6F62656C69782F746F7272656E742F4C6561726E696E67204F70656E4356203520436F6D707574657220566973696F6E207769746820507974686F6E206279204A6F65204D696E696368696E6F202E2E20455055422F4C6561726E696E67204F70656E4356203520436F6D707574657220566973696F6E207769746820507974686F6E206279204A6F65204D696E696368696E6F202E2E2E65707562
pid=629774 comm="transmission-gt" requested_mask="r" denied_mask="r"
fsuid=1000 ouid=1000
in colosal ongoing unending amounts. Even if relevant to apparmor
profile development, such logs should not be enabled by default with end
users, as they interfere with basic monitoring of system health and
operations, while not being actionable or important to the end user in
any way. Please disable them by default.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2117338
Title:
Tremendous amount of apparmor audit spam in the kernel log
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2117338/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
