kernel: [ 6230.503218] audit: type=1400 audit(1534512537.321:398960): apparmor="DENIED" operation="open" profile="snap.gnome-system-monitor.gnome-system-monitor" name="/run/mount/utab" pid=2265 comm="gnome-system-mo" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Bug #1787600 reported by
Le Hoang Anh
This bug affects 7 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
Confirmed
|
Wishlist
|
Unassigned |
Bug Description
This log repeats so many times in file /var/log/syslog and /var/log/kern.log, causing the size of 2 files exceed 100Mb, and the journal folder increase to several Gbs, causing no space left in "Filesystem root".
description: | updated |
To post a comment you must log in.
Sadly yes. AppArmor currently doesn't do audit message deduping, leaving it entirely to the audit infrastructure. Which means denial messages can fill the logs.
There is current work to fix this by providing a dedup cache that will hopefully land in 4.20