I should add that the profiles that are filling your logs, should also be updated so that they are not causing these messages.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2117338 Title: Tremendous amount of apparmor audit spam in the kernel log Status in apparmor package in Ubuntu: New Bug description: On xubuntu 25.04 desktop system running xfce, with the following pipeline: sudo dmesg -x | egrep -v -e type=1400 -e audit -e type=1107 -e 'kauditd_printk_skb: .* callbacks suppressed' | wc -l Over just under 48 hours there are *14* total messages NOT related to apparmor, of ~1000 messages total. The rest are things like: kern :notice: [192478.133140] audit: type=1400 audit(1752963712.161:9538): apparmor="ALLOWED" operation="file_perm" class="file" profile="Xorg" name="/proc/driver/nvidia/params" pid=2552 comm="Xorg" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 kern :notice: [192478.133142] audit: type=1400 audit(1752963712.161:9539): apparmor="ALLOWED" operation="unlink" class="file" profile="Xorg" name="/dev/char/195:254" pid=2552 comm="Xorg" requested_mask="d" denied_mask="d" fsuid=0 ouid=0 kern :notice: [192478.133153] audit: type=1400 audit(1752963712.161:9540): apparmor="ALLOWED" operation="symlink" class="file" profile="Xorg" name="/dev/char/195:254" pid=2552 comm="Xorg" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 kern :notice: [230770.061790] audit: type=1400 audit(1753002004.644:9849): apparmor="DENIED" operation="open" class="file" profile="snap.firmware-updater.firmware-notifier" name="/proc/sys/vm/max_map_count" pid=2036274 comm="firmware-notifi" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 kern :notice: [214132.665446] audit: type=1400 audit(1752985367.008:9708): apparmor="ALLOWED" operation="file_perm" class="file" profile="transmission-gtk" name=2F686F6D652F6F62656C69782F746F7272656E742F4C6561726E696E67204F70656E4356203520436F6D707574657220566973696F6E207769746820507974686F6E206279204A6F65204D696E696368696E6F202E2E20455055422F4C6561726E696E67204F70656E4356203520436F6D707574657220566973696F6E207769746820507974686F6E206279204A6F65204D696E696368696E6F202E2E2E65707562 pid=629774 comm="transmission-gt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 kern :notice: [214132.665498] audit: type=1400 audit(1752985367.008:9709): apparmor="ALLOWED" operation="file_perm" class="file" profile="transmission-gtk" name=2F686F6D652F6F62656C69782F746F7272656E742F4C6561726E696E67204F70656E4356203520436F6D707574657220566973696F6E207769746820507974686F6E206279204A6F65204D696E696368696E6F202E2E20455055422F4C6561726E696E67204F70656E4356203520436F6D707574657220566973696F6E207769746820507974686F6E206279204A6F65204D696E696368696E6F202E2E2E65707562 pid=629774 comm="transmission-gt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 in colosal ongoing unending amounts. Even if relevant to apparmor profile development, such logs should not be enabled by default with end users, as they interfere with basic monitoring of system health and operations, while not being actionable or important to the end user in any way. Please disable them by default. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2117338/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
