[pkg-apparmor] Bug#1017595: Bug#1017595: please make apparmor less noisy

Harald Dunkel harald.dunkel at aixigo.com
Wed Sep 7 08:47:52 BST 2022 

Here is an example:

root at dpcl018:~# aa-status
apparmor module is loaded.
30 profiles are loaded.
27 profiles are in enforce mode.
    /usr/bin/evince
    /usr/bin/evince-previewer
    /usr/bin/evince-previewer//sanitized_helper
    /usr/bin/evince-thumbnailer
    /usr/bin/evince//sanitized_helper
    /usr/bin/man
    /usr/lib/cups/backend/cups-pdf
    /usr/lib/telepathy/mission-control-5
    /usr/lib/telepathy/telepathy-*
    /usr/lib/telepathy/telepathy-*//pxgsettings
    /usr/lib/telepathy/telepathy-*//sanitized_helper
    /usr/lib/telepathy/telepathy-ofono
    /usr/lib/x86_64-linux-gnu/lightdm/lightdm-guest-session
    /usr/lib/x86_64-linux-gnu/lightdm/lightdm-guest-session//chromium
    /usr/sbin/cups-browsed
    /usr/sbin/cupsd
    /usr/sbin/cupsd//third_party
    /usr/sbin/haveged
    /usr/sbin/ntpd
    docker-default
    libreoffice-senddoc
    libreoffice-soffice//gpg
    libreoffice-xpdfimport
    man_filter
    man_groff
    nvidia_modprobe
    nvidia_modprobe//kmod
3 profiles are in complain mode.
    /usr/sbin/sssd
    libreoffice-oopslash
    libreoffice-soffice
12 processes have profiles defined.
5 processes are in enforce mode.
    /usr/sbin/cups-browsed (1335514)
    /usr/sbin/cupsd (1335513)
    /usr/lib/cups/notifier/dbus (1335541) /usr/sbin/cupsd
    /usr/sbin/haveged (776)
    /usr/sbin/ntpd (1102)
7 processes are in complain mode.
    /usr/sbin/sssd (806)
    /usr/lib/x86_64-linux-gnu/sssd/sssd_be (866) /usr/sbin/sssd
    /usr/lib/x86_64-linux-gnu/sssd/sssd_nss (915) /usr/sbin/sssd
    /usr/lib/x86_64-linux-gnu/sssd/sssd_sudo (916) /usr/sbin/sssd
    /usr/lib/x86_64-linux-gnu/sssd/sssd_pam (917) /usr/sbin/sssd
    /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh (919) /usr/sbin/sssd
    /usr/lib/x86_64-linux-gnu/sssd/sssd_pac (920) /usr/sbin/sssd
0 processes are unconfined but have a profile defined.

root at dpcl018:~# dpkg -l apparmor\*
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                    Version      Architecture Description
+++-=======================-============-============-======================================
ii  apparmor                2.13.2-10    amd64        user-space parser utility for AppArmor
un  apparmor-profiles-extra <none>       <none>       (no description available)
un  apparmor-utils          <none>       <none>       (no description available)


This is not about fine-tuning apparmor profiles or avoiding certain
packages. Its about adding auditd to Recommends to make apparmor less
noisy.


Regards

Harri

More information about the pkg-apparmor-team mailing list