如何关闭快照中所有 AppArmor DENIED 消息?

tag-icon tag-icon snap log apparmor
如何关闭快照中所有 AppArmor DENIED 消息?

我的 snap 沙盒日志中有大量 AppArmor DENIED 消息。我该如何关闭这些消息?

Nov 22 21:39:28 dima kernel: [19901.633595] audit: type=1400 audit(1669142368.829:4586): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/lo/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:39:28 dima kernel: [19901.633635] audit: type=1400 audit(1669142368.829:4587): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/pci0000:00/0000:00:14.3/net/wlp0s20f3/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:39:28 dima kernel: [19901.633690] audit: type=1400 audit(1669142368.829:4588): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/br-72b56228fe43/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:39:28 dima kernel: [19901.633729] audit: type=1400 audit(1669142368.829:4589): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/docker0/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:39:28 dima kernel: [19901.633752] audit: type=1400 audit(1669142368.829:4590): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/tun0/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:39:58 dima kernel: [19931.631110] audit: type=1400 audit(1669142398.826:4591): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/lo/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:39:58 dima kernel: [19931.631121] audit: type=1400 audit(1669142398.826:4592): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/pci0000:00/0000:00:14.3/net/wlp0s20f3/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:39:58 dima kernel: [19931.631157] audit: type=1400 audit(1669142398.826:4593): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/br-72b56228fe43/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:39:58 dima kernel: [19931.631187] audit: type=1400 audit(1669142398.826:4594): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/docker0/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:39:58 dima kernel: [19931.631201] audit: type=1400 audit(1669142398.826:4595): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/tun0/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:40:28 dima kernel: [19961.630808] audit: type=1400 audit(1669142428.828:4596): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/lo/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:40:28 dima kernel: [19961.630821] audit: type=1400 audit(1669142428.828:4597): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/pci0000:00/0000:00:14.3/net/wlp0s20f3/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:40:28 dima kernel: [19961.630828] audit: type=1400 audit(1669142428.828:4598): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/br-72b56228fe43/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:40:28 dima kernel: [19961.630853] audit: type=1400 audit(1669142428.828:4599): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/docker0/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:40:28 dima kernel: [19961.630871] audit: type=1400 audit(1669142428.828:4600): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/tun0/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:40:58 dima kernel: [19991.621939] audit: type=1400 audit(1669142458.824:4601): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/lo/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:40:58 dima kernel: [19991.621950] audit: type=1400 audit(1669142458.824:4602): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/pci0000:00/0000:00:14.3/net/wlp0s20f3/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:40:58 dima kernel: [19991.621955] audit: type=1400 audit(1669142458.824:4603): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/br-72b56228fe43/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:40:58 dima kernel: [19991.621959] audit: type=1400 audit(1669142458.824:4604): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/docker0/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:40:58 dima kernel: [19991.621973] audit: type=1400 audit(1669142458.824:4605): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/tun0/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:41:28 dima kernel: [20021.618919] audit: type=1400 audit(1669142488.824:4606): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/lo/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:41:28 dima kernel: [20021.618928] audit: type=1400 audit(1669142488.824:4607): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/pci0000:00/0000:00:14.3/net/wlp0s20f3/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:41:28 dima kernel: [20021.618940] audit: type=1400 audit(1669142488.824:4608): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/br-72b56228fe43/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:41:28 dima kernel: [20021.618969] audit: type=1400 audit(1669142488.824:4609): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/docker0/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:41:28 dima kernel: [20021.618975] audit: type=1400 audit(1669142488.824:4610): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/tun0/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:41:58 dima kernel: [20051.617503] audit: type=1400 audit(1669142518.827:4611): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/lo/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:41:58 dima kernel: [20051.617507] audit: type=1400 audit(1669142518.827:4612): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/pci0000:00/0000:00:14.3/net/wlp0s20f3/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:41:58 dima kernel: [20051.617508] audit: type=1400 audit(1669142518.827:4613): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/br-72b56228fe43/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 22 21:41:58 dima kernel: [20051.617509] audit: type=1400 audit(1669142518.827:4614): apparmor="DENIED" operation="open" profile="snap.skype.skype" name="/sys/devices/virtual/net/docker0/speed" pid=4550 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

答案1

您可以关闭全部Snap 沙盒拒绝所有应用通过运行以下命令:

echo -n quiet_denied > /sys/module/apparmor/parameters/audit

这将抑制拒绝警告,直到下次启动。

如果您想使其永久生效,则必须使用 grub 指定内核参数。警告:这是一个高级更改,如果您不知道自己在做什么并将其搞乱,这可能会破坏您的系统!

在文件中,在 后面/etc/default/grub添加,如下所示:apparmor.audit=quiet_deniedGRUB_CMDLINE_LINUX_DEFAULT

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash apparmor.audit=quiet_denied"

然后运行

sudo update-grub

然后重新启动。

相关内容