[apparmor] AppArmor logging although deactivated
Torsten
re_torsten_01 at seypro.de
Sun Sep 27 14:34:50 UTC 2015
Hello all,
I am using OpenSuse 13.2 and wanted to test AppArmor. So I activated it,
but it was not doing exactly what I wanted to do yet, so I wanted to
deactivate it again. I did this using yast and systemctl and both are
telling me, that it is deactivated. aa-status is also telling me the same:
apparmor module is loaded.
0 profiles are loaded.
0 profiles are in enforce mode.
0 profiles are in complain mode.
0 processes have profiles defined.
0 processes are in enforce mode.
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
Nevertheless I still get a lot of messages like these in my log:
[222725.738438] audit: type=1400 audit(1443345412.950:16515):
apparmor="ALLOWED" operation="open" profile="/usr/sbin/dovecot"
name=2F686F6D652F646F7665636F742F746F727374656E2F6D61696C732F2E44656C65746564204974656D732F646F7665636F742E696E646578
pid=8487 comm="imap" requested_mask="rw" denied_mask="rw" fsuid=1010
ouid=1010
Only after a reboot these messages are gone.
Is this expected behavior?
Best
Torsten
More information about the AppArmor
mailing list