我使用的是 ubuntu 20.04 focal,并且安装了 discord。当 discord 处于活动状态时,我会从 dmesg 中收到大量消息。
[ 1242.218055] audit: type=1400 audit(1626585289.753:15781): apparmor="DENIED" operation="ptrace" profile="snap.discord.discord" pid=2211 comm="Discord" requested_mask="read" denied_mask="read" peer="unconfined"
[ 1252.208904] kauditd_printk_skb: 109 callbacks suppressed
[ 1252.208907] audit: type=1400 audit(1626585299.754:15891): apparmor="DENIED" operation="ptrace" profile="snap.discord.discord" pid=2211 comm="Discord" requested_mask="read" denied_mask="read" peer="unconfined"
[ 1252.208928] audit: type=1400 audit(1626585299.754:15892): apparmor="DENIED" operation="open" profile="snap.discord.discord" name="/proc/1221/cmdline" pid=2211 comm="Discord" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 1252.208962] audit: type=1400 audit(1626585299.754:15893): apparmor="DENIED" operation="ptrace" profile="snap.discord.discord" pid=2211 comm="Discord" requested_mask="read" denied_mask="read" peer="unconfined"
[ 1252.209060] audit: type=1400 audit(1626585299.754:15894): apparmor="DENIED" operation="open" profile="snap.discord.discord" name="/proc/1241/cmdline" pid=2211 comm="Discord" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 1252.209067] audit: type=1400 audit(1626585299.754:15895): apparmor="DENIED" operation="ptrace" profile="snap.discord.discord" pid=2211 comm="Discord" requested_mask="read" denied_mask="read" peer="unconfined"
[ 1252.209084] audit: type=1400 audit(1626585299.754:15896): apparmor="DENIED" operation="ptrace" profile="snap.discord.discord" pid=2211 comm="Discord" requested_mask="read" denied_mask="read" peer="unconfined"
[ 1252.209193] audit: type=1400 audit(1626585299.754:15897): apparmor="DENIED" operation="open" profile="snap.discord.discord" name="/proc/1375/cmdline" pid=2211 comm="Discord" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 1252.209200] audit: type=1400 audit(1626585299.754:15898): apparmor="DENIED" operation="ptrace" profile="snap.discord.discord" pid=2211 comm="Discord" requested_mask="read" denied_mask="read" peer="unconfined"
[ 1252.209207] audit: type=1400 audit(1626585299.754:15899): apparmor="DENIED" operation="open" profile="snap.discord.discord" name="/proc/1451/cmdline" pid=2211 comm="Discord" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 1252.209212] audit: type=1400 audit(1626585299.754:15900): apparmor="DENIED" operation="ptrace" profile="snap.discord.discord" pid=2211 comm="Discord" requested_mask="read" denied_mask="read" peer="unconfined"
基本上,这使得从 dmesg 中获取任何其他信息变得很困难。我确信它也在其他地方记录。
$journalctl -f
Jul 18 01:21:04 ab audit[2211]: AVC apparmor="DENIED" operation="ptrace" profile="snap.discord.discord" pid=2211 comm="Discord" requested_mask="read" denied_mask="read" peer="unconfined"
Jul 18 01:21:04 ab audit[2211]: AVC apparmor="DENIED" operation="ptrace" profile="snap.discord.discord" pid=2211 comm="Discord" requested_mask="read" denied_mask="read" peer="unconfined"
Jul 18 01:21:04 ab audit[2211]: AVC apparmor="DENIED" operation="ptrace" profile="snap.discord.discord" pid=2211 comm="Discord" requested_mask="read" denied_mask="read" peer="unconfined"
Jul 18 01:21:04 ab audit[2211]: AVC apparmor="DENIED" operation="ptrace" profile="snap.discord.discord" pid=2211 comm="Discord" requested_mask="read" denied_mask="read" peer="unconfined"
Jul 18 01:21:04 ab audit[2211]: AVC apparmor="DENIED" operation="ptrace" profile="snap.discord.discord" pid=2211 comm="Discord" requested_mask="read" denied_mask="read" peer="unconfined"
Jul 18 01:21:04 ab audit[2211]: AVC apparmor="DENIED" operation="ptrace" profile="snap.discord.discord" pid=2211 comm="Discord" requested_mask="read" denied_mask="read" peer="unconfined"
Jul 18 01:21:04 ab audit[2211]: AVC apparmor="DENIED" operation="ptrace" profile="snap.discord.discord" pid=2211 comm="Discord" requested_mask="read" denied_mask="read" peer="unconfined"
Jul 18 01:21:04 ab audit[2211]: AVC apparmor="DENIED" operation="ptrace" profile="snap.discord.discord" pid=2211 comm="Discord" requested_mask="read" denied_mask="read" peer="unconfined"
Jul 18 01:21:04 ab audit[2211]: AVC apparmor="DENIED" operation="ptrace" profile="snap.discord.discord" pid=2211 comm="Discord" requested_mask="read" denied_mask="read" peer="unconfined"
于是我查看了 apparmor /var/lib/snapd/apparmor/profiles/snap.discord.discord,发现我可以拒绝 ptrace,但这已经设置好了。
我不确定 discord 为何尝试访问 ptrace,但我很高兴不授予它任何额外权限。但我希望停止过多的日志记录。当 discord 处于活动状态时,我每秒可能会记录数十个请求。这必定会在某处生成一个巨大的日志文件。我如何才能阻止 discord 淹没我的日志?
答案1
这个问题似乎只出现在 Discord Snap 上,因为我使用 Discord 的 deb,无法重现错误日志。不过,问题和解决方法已经在Discord snap 网页. 引用自那里:
Snap 受到限制,因此 Discord 可能无法执行一些不受限制时通常会执行的任务。这可能会导致系统日志充斥着 apparmor 错误。在 Snap 中授予对系统观察界面的访问权限将启用这些功能,从而减少日志记录。
snap connect discord:system-observe
此外,Discord snap 由 Snapcrafters 维护,而不是 Discord 本身。如果你想使用官方 Discord,你可以从下载 deb 存档Discord 的下载页面并使用 DPKG 或 APT 安装它。