Public bug reported:
While running Discord, AppArmor prints a ton of denials every second.
The lines look something like this:
> Jun 17 18:00:14 magni audit[267198]: AVC apparmor="DENIED"
operation="ptrace" profile="snap.discord.discord" pid=267198
comm="Discord" requested_mask="read" denied_mask="read"
peer="unconfined"
I'm thankful that AppArmor is preventing it from using pthread to mess
with my system. However, I wish it didn't spam my logs so much. Would it
be possible to implement a system whereby subsequent identical logs
within the same second are deduplicated? For example, instead of 127
separate denials lines, one second could look like this:
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED" operation="ptrace"
> profile="snap.discord.discord" pid=267198 comm="Discord"
> requested_mask="read" denied_mask="read" peer="unconfined"
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED" operation="open"
> profile="snap.discord.discord" name="/proc/1383/cmdline" pid=267198
> comm="Discord" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED" operation="ptrace"
> profile="snap.discord.discord" pid=267198 comm="Discord"
> requested_mask="read" denied_mask="read" peer="unconfined"
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED" [3 identical
> messages omitted]
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED" operation="open"
> profile="snap.discord.discord" name="/proc/1407/cmdline" pid=267198
> comm="Discord" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED" operation="ptrace"
> profile="snap.discord.discord" pid=267198 comm="Discord"
> requested_mask="read" denied_mask="read" peer="unconfined"
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED" [48 identical
> messages omitted]
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED" operation="ptrace"
> profile="snap.discord.discord" pid=267198 comm="Discord"
> requested_mask="read" denied_mask="read"
> peer="snap.snap-store.ubuntu-software"
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED" operation="ptrace"
> profile="snap.discord.discord" pid=267198 comm="Discord"
> requested_mask="read" denied_mask="read" peer="unconfined"
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED" [15 identical
> messages omitted]
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED" operation="ptrace"
> profile="snap.discord.discord" pid=267198 comm="Discord"
> requested_mask="read" denied_mask="read" peer="docker-default"
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED" operation="ptrace"
> profile="snap.discord.discord" pid=267198 comm="Discord"
> requested_mask="read" denied_mask="read" peer="unconfined"
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED" operation="open"
> profile="snap.discord.discord" name="/proc/14296/cmdline" pid=267198
> comm="Discord" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED" operation="ptrace"
> profile="snap.discord.discord" pid=267198 comm="Discord"
> requested_mask="read" denied_mask="read" peer="unconfined"
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED" [8 identical
> messages omitted]
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED" operation="open"
> profile="snap.discord.discord" name="/proc/93917/cmdline" pid=267198
> comm="Discord" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED" operation="ptrace"
> profile="snap.discord.discord" pid=267198 comm="Discord"
> requested_mask="read" denied_mask="read" peer="unconfined"
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED" [40 identical
> messages omitted]
Of course, it would've been nice if Discord wasn't persistently trying
to ptrace everything on my system all the time even after being denied,
but AppArmor exists to deal with misbehaving applications, so we kinda
have to expect that the applications it deals with will be misbehaving.
ProblemType: Bug
DistroRelease: Ubuntu 21.04
Package: apparmor 3.0.0-0ubuntu7
ProcVersionSignature: Ubuntu 5.11.0-18.19-generic 5.11.17
Uname: Linux 5.11.0-18-generic x86_64
NonfreeKernelModules: nvidia_modeset nvidia
ApportVersion: 2.20.11-0ubuntu65.1
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Thu Jun 17 17:58:38 2021
InstallationDate: Installed on 2021-06-10 (7 days ago)
InstallationMedia: Ubuntu 21.04 "Hirsute Hippo" - Release amd64 (20210420)
ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-5.11.0-18-generic
root=UUID=802cdec1-14ec-442d-a9c6-ae876626bd24 ro quiet splash vt.handoff=7
RebootRequiredPkgs: gnome-shell
SourcePackage: apparmor
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug hirsute
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1932342
Title:
Feature Request: Rate limit apparmor denial logs
Status in apparmor package in Ubuntu:
New
Bug description:
While running Discord, AppArmor prints a ton of denials every second.
The lines look something like this:
> Jun 17 18:00:14 magni audit[267198]: AVC apparmor="DENIED"
operation="ptrace" profile="snap.discord.discord" pid=267198
comm="Discord" requested_mask="read" denied_mask="read"
peer="unconfined"
I'm thankful that AppArmor is preventing it from using pthread to mess
with my system. However, I wish it didn't spam my logs so much. Would
it be possible to implement a system whereby subsequent identical logs
within the same second are deduplicated? For example, instead of 127
separate denials lines, one second could look like this:
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED"
operation="ptrace" profile="snap.discord.discord" pid=267198 comm="Discord"
requested_mask="read" denied_mask="read" peer="unconfined"
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED" operation="open"
profile="snap.discord.discord" name="/proc/1383/cmdline" pid=267198
comm="Discord" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED"
operation="ptrace" profile="snap.discord.discord" pid=267198 comm="Discord"
requested_mask="read" denied_mask="read" peer="unconfined"
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED" [3 identical
messages omitted]
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED" operation="open"
profile="snap.discord.discord" name="/proc/1407/cmdline" pid=267198
comm="Discord" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED"
operation="ptrace" profile="snap.discord.discord" pid=267198 comm="Discord"
requested_mask="read" denied_mask="read" peer="unconfined"
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED" [48 identical
messages omitted]
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED"
operation="ptrace" profile="snap.discord.discord" pid=267198 comm="Discord"
requested_mask="read" denied_mask="read" peer="snap.snap-store.ubuntu-software"
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED"
operation="ptrace" profile="snap.discord.discord" pid=267198 comm="Discord"
requested_mask="read" denied_mask="read" peer="unconfined"
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED" [15 identical
messages omitted]
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED"
operation="ptrace" profile="snap.discord.discord" pid=267198 comm="Discord"
requested_mask="read" denied_mask="read" peer="docker-default"
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED"
operation="ptrace" profile="snap.discord.discord" pid=267198 comm="Discord"
requested_mask="read" denied_mask="read" peer="unconfined"
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED" operation="open"
profile="snap.discord.discord" name="/proc/14296/cmdline" pid=267198
comm="Discord" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED"
operation="ptrace" profile="snap.discord.discord" pid=267198 comm="Discord"
requested_mask="read" denied_mask="read" peer="unconfined"
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED" [8 identical
messages omitted]
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED" operation="open"
profile="snap.discord.discord" name="/proc/93917/cmdline" pid=267198
comm="Discord" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED"
operation="ptrace" profile="snap.discord.discord" pid=267198 comm="Discord"
requested_mask="read" denied_mask="read" peer="unconfined"
> Jun 17 18:02:29 magni audit[267198]: AVC apparmor="DENIED" [40 identical
messages omitted]
Of course, it would've been nice if Discord wasn't persistently trying
to ptrace everything on my system all the time even after being
denied, but AppArmor exists to deal with misbehaving applications, so
we kinda have to expect that the applications it deals with will be
misbehaving.
ProblemType: Bug
DistroRelease: Ubuntu 21.04
Package: apparmor 3.0.0-0ubuntu7
ProcVersionSignature: Ubuntu 5.11.0-18.19-generic 5.11.17
Uname: Linux 5.11.0-18-generic x86_64
NonfreeKernelModules: nvidia_modeset nvidia
ApportVersion: 2.20.11-0ubuntu65.1
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Thu Jun 17 17:58:38 2021
InstallationDate: Installed on 2021-06-10 (7 days ago)
InstallationMedia: Ubuntu 21.04 "Hirsute Hippo" - Release amd64 (20210420)
ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-5.11.0-18-generic
root=UUID=802cdec1-14ec-442d-a9c6-ae876626bd24 ro quiet splash vt.handoff=7
RebootRequiredPkgs: gnome-shell
SourcePackage: apparmor
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1932342/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
