[apparmor] Prevent log message about ALLOWED apparmor events?
Troels Arvin
troels at arvin.dk
Thu Feb 6 13:33:54 UTC 2025
Hello,
On some Ubuntu 22 and 24 systems, syslog is being cluttered with
messages like this which is completely uninteresting:
Feb 05 16:17:01 myhost.example.com audit[353829]: AVC apparmor="ALLOWED"
operation="open" profile="/usr/sbin/sssd" name="/proc/420747/cmdline"
pid=353829 comm="sssd_nss" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
I would certainly like to know about DENIED events, but how can I have
apparmor/audit stop logging about ALLOWED events?
--
Regards,
Troels Arvin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20250206/e14023d2/attachment.html>
More information about the AppArmor
mailing list