Excessive apparmor log entries on Ubuntu platform
OS version: Ubuntu 22.04.1 LTS (jammy), 64-bit (amd64, x86_64). Firefox version: 110.0 (64-bit) (NOTE: the issue was noticed with version 109.0, too)
Firefox package was installed on Ubuntu through 'APT', using the Mozilla Team repository (https://ppa.launchpadcontent.net/mozillateam/ppa/ubuntu/). It caught my attention that an excessive amount of Firefox related 'DENIED' AppArmor log messages is generated during the browser activity.
According to messages, Firefox is occasionally denied read access to '/sys/devices/' area and read/write access to 'oom_score_adj' target in '/proc/'. Could somebody clarify why would that access be required for regular browser operations? I'm a bit puzzled as I haven't noticed anything similar with the older Ubuntu and Firefox versions. A complete suppression of those messages is also an option as long as there's no negative impact on application's performance.
I already posted this question to Ubuntu forum but seems like nobody there could provide an explanation. I'd appreciate any input or hint.
Following is the sample of referred log messages:
---SNIP--- [Fri Feb 24 19:14:50 2023] audit: type=1400 audit(1674000890.813:39): apparmor="DENIED" operation="capable" profile="firefox" pid=2231 comm="firefox" capability=21 capname="sys_admin"
[Fri Feb 24 19:14:50 2023] audit: type=1400 audit(1674000890.877:40): apparmor="DENIED" operation="open" profile="firefox" name="/sys/devices/pci0000:00/0000:00:02.0/revision" pid=2235 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[Fri Feb 24 19:14:50 2023] audit: type=1400 audit(1674000890.877:41): apparmor="DENIED" operation="open" profile="firefox" name="/sys/devices/pci0000:00/0000:00:02.0/config" pid=2235 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[Fri Feb 24 19:14:50 2023] audit: type=1400 audit(1674000890.877:42): apparmor="DENIED" operation="open" profile="firefox" name="/sys/devices/pci0000:00/0000:00:02.0/revision" pid=2235 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[Fri Feb 24 19:14:50 2023] audit: type=1400 audit(1674000890.877:43): apparmor="DENIED" operation="open" profile="firefox" name="/sys/devices/pci0000:00/0000:00:02.0/config" pid=2235 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[Fri Feb 24 19:14:50 2023] audit: type=1400 audit(1674000890.885:44): apparmor="DENIED" operation="open" profile="firefox" name="/sys/devices/pci0000:00/0000:00:02.0/revision" pid=2235 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[Fri Feb 24 19:14:50 2023] audit: type=1400 audit(1674000890.885:45): apparmor="DENIED" operation="open" profile="firefox" name="/sys/devices/pci0000:00/0000:00:02.0/config" pid=2235 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[Fri Feb 24 19:14:50 2023] audit: type=1400 audit(1674000890.885:46): apparmor="DENIED" operation="open" profile="firefox" name="/sys/devices/pci0000:00/0000:00:02.0/revision" pid=2235 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[Fri Feb 24 19:14:50 2023] audit: type=1400 audit(1674000890.885:47): apparmor="DENIED" operation="open" profile="firefox" name="/sys/devices/pci0000:00/0000:00:02.0/config" pid=2235 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 . . . . . . [Fri Feb 24 19:16:22 2023] audit: type=1400 audit(1674000983.040:56): apparmor="DENIED" operation="open" profile="firefox" name="/proc/2347/oom_score_adj" pid=2231 comm="firefox" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
[Fri Feb 24 19:16:35 2023] audit: type=1400 audit(1674000995.296:57): apparmor="DENIED" operation="open" profile="firefox" name="/proc/2347/oom_score_adj" pid=2231 comm="firefox" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
[Fri Feb 24 19:16:39 2023] audit: type=1400 audit(1674000999.280:58): apparmor="DENIED" operation="open" profile="firefox" name="/proc/2347/oom_score_adj" pid=2231 comm="firefox" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
[Fri Feb 24 19:16:41 2023] audit: type=1400 audit(1674001001.768:59): apparmor="DENIED" operation="open" profile="firefox" name="/proc/2455/oom_score_adj" pid=2231 comm="firefox" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
[Fri Feb 24 19:16:41 2023] audit: type=1400 audit(1674001001.768:60): apparmor="DENIED" operation="open" profile="firefox" name="/proc/2458/oom_score_adj" pid=2231 comm="firefox" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000 ---SNIP---
由 scoobienator 於 修改
被選擇的解決方法
You can try Firefox from the official Mozilla server if you currently use a version from the repositories of your Linux distribution to see if it behaves differently.
從原來的回覆中察看解決方案 👍 1所有回覆 (3)
選擇的解決方法
You can try Firefox from the official Mozilla server if you currently use a version from the repositories of your Linux distribution to see if it behaves differently.
Thanks, cor-el! Yes, the version you suggested runs clean without any excessive log messages. The version from Mozilla Team repository seem to be having something specific in its build that triggers this logging issue.
Regards,
Alex
Just for the info...The logging issue seems to be related strictly to 'apparmor' facility. The version downloaded from Mozilla server runs from my home directory and doesn't have an 'apparmor' profile as the package installed from the linux repository. Hence no excessive logs...