[Touch-packages] [Bug 2122743] [NEW] AppArmor is auditing the apparmor/.null file

Sat, 13 Sep 2025 03:25:41 -0700 

Public bug reported:

AppArmor is creating unnecessary log spam

Files with a dentry pointing aa_null.dentry where already rejected as           
part of file_inheritance. Unfortunately the check in                            
common_file_perm() is insufficient to cover all cases causing                   
unnecessary audit messages without the original files context.                  
                                                                                
Eg.
[ 442.886474] audit: type=1400 audit(1704822661.616:329): apparmor="DENIED" 
operation="file_inherit" class="file" 
namespace="root//lxd-juju-98527a-0_<var-snap-lxd-common-lxd>" 
profile="snap.lxd.activate" name="/apparmor/.null" pid=9525 comm="snap-exec"

other examples can be found in the logs of
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2120439                 
https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1952084                    
https://bugs.launchpad.net/snapd/+bug/2049099

** Affects: apparmor (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2122743

Title:
  AppArmor is auditing the apparmor/.null file

Status in apparmor package in Ubuntu:
  New

Bug description:
  AppArmor is creating unnecessary log spam

  Files with a dentry pointing aa_null.dentry where already rejected as         
  
  part of file_inheritance. Unfortunately the check in                          
  
  common_file_perm() is insufficient to cover all cases causing                 
  
  unnecessary audit messages without the original files context.                
  
                                                                                
  
  Eg.
  [ 442.886474] audit: type=1400 audit(1704822661.616:329): apparmor="DENIED" 
operation="file_inherit" class="file" 
namespace="root//lxd-juju-98527a-0_<var-snap-lxd-common-lxd>" 
profile="snap.lxd.activate" name="/apparmor/.null" pid=9525 comm="snap-exec"

  other examples can be found in the logs of
  https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2120439               
  
  https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1952084                  
  
  https://bugs.launchpad.net/snapd/+bug/2049099

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2122743/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to