Score:2

How to turn off all the AppArmor DENIED messages from snaps?

ng flag

I have a ton of AppArmor DENIED messages in my logs from the snap sandbox. How can I turn off these messages?

Nov 22 21:39:28 dima kernel: [19901.633595] audit: type=1400 audit(1669142368.829:4586): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/lo/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:39:28 dima kernel: [19901.633635] audit: type=1400 audit(1669142368.829:4587): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/pci0000:00/0000:00:14.3/net/wlp0s20f3/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:39:28 dima kernel: [19901.633690] audit: type=1400 audit(1669142368.829:4588): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/br-72b56228fe43/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:39:28 dima kernel: [19901.633729] audit: type=1400 audit(1669142368.829:4589): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/docker0/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:39:28 dima kernel: [19901.633752] audit: type=1400 audit(1669142368.829:4590): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/tun0/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:39:58 dima kernel: [19931.631110] audit: type=1400 audit(1669142398.826:4591): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/lo/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:39:58 dima kernel: [19931.631121] audit: type=1400 audit(1669142398.826:4592): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/pci0000:00/0000:00:14.3/net/wlp0s20f3/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:39:58 dima kernel: [19931.631157] audit: type=1400 audit(1669142398.826:4593): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/br-72b56228fe43/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:39:58 dima kernel: [19931.631187] audit: type=1400 audit(1669142398.826:4594): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/docker0/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:39:58 dima kernel: [19931.631201] audit: type=1400 audit(1669142398.826:4595): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/tun0/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:40:28 dima kernel: [19961.630808] audit: type=1400 audit(1669142428.828:4596): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/lo/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:40:28 dima kernel: [19961.630821] audit: type=1400 audit(1669142428.828:4597): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/pci0000:00/0000:00:14.3/net/wlp0s20f3/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:40:28 dima kernel: [19961.630828] audit: type=1400 audit(1669142428.828:4598): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/br-72b56228fe43/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:40:28 dima kernel: [19961.630853] audit: type=1400 audit(1669142428.828:4599): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/docker0/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:40:28 dima kernel: [19961.630871] audit: type=1400 audit(1669142428.828:4600): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/tun0/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:40:58 dima kernel: [19991.621939] audit: type=1400 audit(1669142458.824:4601): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/lo/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:40:58 dima kernel: [19991.621950] audit: type=1400 audit(1669142458.824:4602): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/pci0000:00/0000:00:14.3/net/wlp0s20f3/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:40:58 dima kernel: [19991.621955] audit: type=1400 audit(1669142458.824:4603): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/br-72b56228fe43/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:40:58 dima kernel: [19991.621959] audit: type=1400 audit(1669142458.824:4604): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/docker0/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:40:58 dima kernel: [19991.621973] audit: type=1400 audit(1669142458.824:4605): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/tun0/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:41:28 dima kernel: [20021.618919] audit: type=1400 audit(1669142488.824:4606): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/lo/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:41:28 dima kernel: [20021.618928] audit: type=1400 audit(1669142488.824:4607): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/pci0000:00/0000:00:14.3/net/wlp0s20f3/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:41:28 dima kernel: [20021.618940] audit: type=1400 audit(1669142488.824:4608): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/br-72b56228fe43/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:41:28 dima kernel: [20021.618969] audit: type=1400 audit(1669142488.824:4609): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/docker0/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:41:28 dima kernel: [20021.618975] audit: type=1400 audit(1669142488.824:4610): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/tun0/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:41:58 dima kernel: [20051.617503] audit: type=1400 audit(1669142518.827:4611): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/lo/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:41:58 dima kernel: [20051.617507] audit: type=1400 audit(1669142518.827:4612): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/pci0000:00/0000:00:14.3/net/wlp0s20f3/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:41:58 dima kernel: [20051.617508] audit: type=1400 audit(1669142518.827:4613): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/br-72b56228fe43/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:41:58 dima kernel: [20051.617509] audit: type=1400 audit(1669142518.827:4614): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/docker0/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Score:2
ng flag

You can turn of all denials from the snap sandbox for all apps by running the following command:

echo -n quiet_denied > /sys/module/apparmor/parameters/audit

This will suppress denial warnings until the next boot.

If you want to make this permanent, you will have to specify a kernel parameter using grub. Warning: this is an advanced change, this might brick your system if you don't know what you're doing and mess it up!

In the file /etc/default/grub, add apparmor.audit=quiet_denied at the back of GRUB_CMDLINE_LINUX_DEFAULT, like so:

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash apparmor.audit=quiet_denied"

Then run

sudo update-grub

and reboot.

I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.