Excessive apparmor event logging
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Unity8 Session Snap |
New
|
Undecided
|
Unassigned |
Bug Description
While a user session with Unity8 is active, syslog gets continuous log entries of the following kind
Jan 12 09:55:29 samsung930X3G dbus[10741]: apparmor="ALLOWED" operation=
and
Jan 12 09:57:48 samsung930X3G kernel: [31863.034623] audit: type=1400 audit(148423306
so rather than a typical 3MB log I have 130MB files before rolling.
The first denial is because there isn't a unity8 interface that allows the access. Therefore, the access is a policy violation and it is logged (but allowed).
The second denial looks like it should be allowed, but if the snap got upgraded in the background from behind the running unity8 session, it would not because there are no rules in the policy to allow reading other revisions in /snap/SNAP_NAME. I'll fix the second, but be aware of this related bug #1616650.