[apparmor] Regarding apparmor in container
John Johansen
john.johansen at canonical.com
Tue Oct 20 19:05:14 UTC 2020
On 10/20/20 9:12 AM, swarna latha wrote:
> Hi,
>
> We are using apparmor to generate profile for a video application running in container.
>
> with apparmor in complaint mode, we see the video is not streaming, and we are not getting any apparmor logs. if we disable the apparmor profile, we see video streaming.
>
> Can you please let us know the reason for this behaviour... is it due to any permission issue or performance issue...
>
> if it is due to permission issue, why we are not getting apparmor logs in this case.
>
It is likely a permission issue but it is possible other parts of the kernel are interacting with apparmor
what is your kernel version?
As root can you enable debug mode,
echo 0> /sys/module/apparmor/parameters/debug
this will give some logging output with extra info for so special cases.
and can youturn off audit silencing
echo -n "noquiet" /sys/module/apparmor/parameters/audit
this turns off deny rules silencing of denials.
You can toggle these values live and do it one at a time if you like.
More information about the AppArmor
mailing list