[apparmor] Too much noise
John Johansen
john.johansen at canonical.com
Thu Dec 7 22:11:13 UTC 2017
On 12/07/2017 02:00 PM, azurit at pobox.sk wrote:
> Hi,
>
> i have this rule in my profile:
> owner /etc/passwd r,
>
> Problem is, that application is running under lots of different UIDs and all of them are trying to access /etc/passwd (which is not needed, only master process, running under root, needs it). How to get rid of the noise in the logs? I cannot do 'deny /etc/passwd r' as it will deny also root (master process) to access /etc/passwd.
>
you can try an undocumented unsupported experimental feature, that will be supported in the future but in a different form. Add the rule
deny other /etc/passwd r,
this will deny access to tasks with uids that are not the owner of the file (fsuid != file uid), and the deny will quiet logging because it is a known denial.
The other way is to use two profiles one for the master process and another for all the other processes that should not be accessing the file, but this can be inconvenient to set up.
More information about the AppArmor
mailing list