Mozilla Destek’te Ara

Destek dolandırıcılığından kaçının. Mozilla sizden asla bir telefon numarasını aramanızı, mesaj göndermenizi veya kişisel bilgilerinizi paylaşmanızı istemez. Şüpheli durumları “Kötüye kullanım bildir” seçeneğini kullanarak bildirebilirsiniz.

Daha Fazlasını Öğren

Excessive apparmor log entries on Ubuntu platform

  • 3 yanıt
  • 2 kişi bu sorunu yaşıyor
  • 630 gösterim
  • Son yanıtı yazan: scoobienator

more options

OS version: Ubuntu 22.04.1 LTS (jammy), 64-bit (amd64, x86_64). Firefox version: 110.0 (64-bit) (NOTE: the issue was noticed with version 109.0, too)

Firefox package was installed on Ubuntu through 'APT', using the Mozilla Team repository (https://ppa.launchpadcontent.net/mozillateam/ppa/ubuntu/). It caught my attention that an excessive amount of Firefox related 'DENIED' AppArmor log messages is generated during the browser activity.

According to messages, Firefox is occasionally denied read access to '/sys/devices/' area and read/write access to 'oom_score_adj' target in '/proc/'. Could somebody clarify why would that access be required for regular browser operations? I'm a bit puzzled as I haven't noticed anything similar with the older Ubuntu and Firefox versions. A complete suppression of those messages is also an option as long as there's no negative impact on application's performance.

I already posted this question to Ubuntu forum but seems like nobody there could provide an explanation. I'd appreciate any input or hint.

Following is the sample of referred log messages:

---SNIP--- [Fri Feb 24 19:14:50 2023] audit: type=1400 audit(1674000890.813:39): apparmor="DENIED" operation="capable" profile="firefox" pid=2231 comm="firefox" capability=21 capname="sys_admin"

[Fri Feb 24 19:14:50 2023] audit: type=1400 audit(1674000890.877:40): apparmor="DENIED" operation="open" profile="firefox" name="/sys/devices/pci0000:00/0000:00:02.0/revision" pid=2235 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

[Fri Feb 24 19:14:50 2023] audit: type=1400 audit(1674000890.877:41): apparmor="DENIED" operation="open" profile="firefox" name="/sys/devices/pci0000:00/0000:00:02.0/config" pid=2235 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

[Fri Feb 24 19:14:50 2023] audit: type=1400 audit(1674000890.877:42): apparmor="DENIED" operation="open" profile="firefox" name="/sys/devices/pci0000:00/0000:00:02.0/revision" pid=2235 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

[Fri Feb 24 19:14:50 2023] audit: type=1400 audit(1674000890.877:43): apparmor="DENIED" operation="open" profile="firefox" name="/sys/devices/pci0000:00/0000:00:02.0/config" pid=2235 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

[Fri Feb 24 19:14:50 2023] audit: type=1400 audit(1674000890.885:44): apparmor="DENIED" operation="open" profile="firefox" name="/sys/devices/pci0000:00/0000:00:02.0/revision" pid=2235 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

[Fri Feb 24 19:14:50 2023] audit: type=1400 audit(1674000890.885:45): apparmor="DENIED" operation="open" profile="firefox" name="/sys/devices/pci0000:00/0000:00:02.0/config" pid=2235 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

[Fri Feb 24 19:14:50 2023] audit: type=1400 audit(1674000890.885:46): apparmor="DENIED" operation="open" profile="firefox" name="/sys/devices/pci0000:00/0000:00:02.0/revision" pid=2235 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

[Fri Feb 24 19:14:50 2023] audit: type=1400 audit(1674000890.885:47): apparmor="DENIED" operation="open" profile="firefox" name="/sys/devices/pci0000:00/0000:00:02.0/config" pid=2235 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 . . . . . . [Fri Feb 24 19:16:22 2023] audit: type=1400 audit(1674000983.040:56): apparmor="DENIED" operation="open" profile="firefox" name="/proc/2347/oom_score_adj" pid=2231 comm="firefox" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000

[Fri Feb 24 19:16:35 2023] audit: type=1400 audit(1674000995.296:57): apparmor="DENIED" operation="open" profile="firefox" name="/proc/2347/oom_score_adj" pid=2231 comm="firefox" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000

[Fri Feb 24 19:16:39 2023] audit: type=1400 audit(1674000999.280:58): apparmor="DENIED" operation="open" profile="firefox" name="/proc/2347/oom_score_adj" pid=2231 comm="firefox" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000

[Fri Feb 24 19:16:41 2023] audit: type=1400 audit(1674001001.768:59): apparmor="DENIED" operation="open" profile="firefox" name="/proc/2455/oom_score_adj" pid=2231 comm="firefox" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000

[Fri Feb 24 19:16:41 2023] audit: type=1400 audit(1674001001.768:60): apparmor="DENIED" operation="open" profile="firefox" name="/proc/2458/oom_score_adj" pid=2231 comm="firefox" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000 ---SNIP---

OS version: Ubuntu 22.04.1 LTS (jammy), 64-bit (amd64, x86_64). Firefox version: 110.0 (64-bit) (NOTE: the issue was noticed with version 109.0, too) Firefox package was installed on Ubuntu through 'APT', using the Mozilla Team repository (https://ppa.launchpadcontent.net/mozillateam/ppa/ubuntu/). It caught my attention that an excessive amount of Firefox related 'DENIED' AppArmor log messages is generated during the browser activity. According to messages, Firefox is occasionally denied read access to '/sys/devices/' area and read/write access to 'oom_score_adj' target in '/proc/'. Could somebody clarify why would that access be required for regular browser operations? I'm a bit puzzled as I haven't noticed anything similar with the older Ubuntu and Firefox versions. A complete suppression of those messages is also an option as long as there's no negative impact on application's performance. I already posted this question to Ubuntu forum but seems like nobody there could provide an explanation. I'd appreciate any input or hint. Following is the sample of referred log messages: ---SNIP--- [Fri Feb 24 19:14:50 2023] audit: type=1400 audit(1674000890.813:39): apparmor="DENIED" operation="capable" profile="firefox" pid=2231 comm="firefox" capability=21 capname="sys_admin" [Fri Feb 24 19:14:50 2023] audit: type=1400 audit(1674000890.877:40): apparmor="DENIED" operation="open" profile="firefox" name="/sys/devices/pci0000:00/0000:00:02.0/revision" pid=2235 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [Fri Feb 24 19:14:50 2023] audit: type=1400 audit(1674000890.877:41): apparmor="DENIED" operation="open" profile="firefox" name="/sys/devices/pci0000:00/0000:00:02.0/config" pid=2235 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [Fri Feb 24 19:14:50 2023] audit: type=1400 audit(1674000890.877:42): apparmor="DENIED" operation="open" profile="firefox" name="/sys/devices/pci0000:00/0000:00:02.0/revision" pid=2235 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [Fri Feb 24 19:14:50 2023] audit: type=1400 audit(1674000890.877:43): apparmor="DENIED" operation="open" profile="firefox" name="/sys/devices/pci0000:00/0000:00:02.0/config" pid=2235 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [Fri Feb 24 19:14:50 2023] audit: type=1400 audit(1674000890.885:44): apparmor="DENIED" operation="open" profile="firefox" name="/sys/devices/pci0000:00/0000:00:02.0/revision" pid=2235 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [Fri Feb 24 19:14:50 2023] audit: type=1400 audit(1674000890.885:45): apparmor="DENIED" operation="open" profile="firefox" name="/sys/devices/pci0000:00/0000:00:02.0/config" pid=2235 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [Fri Feb 24 19:14:50 2023] audit: type=1400 audit(1674000890.885:46): apparmor="DENIED" operation="open" profile="firefox" name="/sys/devices/pci0000:00/0000:00:02.0/revision" pid=2235 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [Fri Feb 24 19:14:50 2023] audit: type=1400 audit(1674000890.885:47): apparmor="DENIED" operation="open" profile="firefox" name="/sys/devices/pci0000:00/0000:00:02.0/config" pid=2235 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 . . . . . . [Fri Feb 24 19:16:22 2023] audit: type=1400 audit(1674000983.040:56): apparmor="DENIED" operation="open" profile="firefox" name="/proc/2347/oom_score_adj" pid=2231 comm="firefox" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000 [Fri Feb 24 19:16:35 2023] audit: type=1400 audit(1674000995.296:57): apparmor="DENIED" operation="open" profile="firefox" name="/proc/2347/oom_score_adj" pid=2231 comm="firefox" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000 [Fri Feb 24 19:16:39 2023] audit: type=1400 audit(1674000999.280:58): apparmor="DENIED" operation="open" profile="firefox" name="/proc/2347/oom_score_adj" pid=2231 comm="firefox" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000 [Fri Feb 24 19:16:41 2023] audit: type=1400 audit(1674001001.768:59): apparmor="DENIED" operation="open" profile="firefox" name="/proc/2455/oom_score_adj" pid=2231 comm="firefox" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000 [Fri Feb 24 19:16:41 2023] audit: type=1400 audit(1674001001.768:60): apparmor="DENIED" operation="open" profile="firefox" name="/proc/2458/oom_score_adj" pid=2231 comm="firefox" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000 ---SNIP---

scoobienator tarafından tarihinde düzenlendi

Seçilen çözüm

You can try Firefox from the official Mozilla server if you currently use a version from the repositories of your Linux distribution to see if it behaves differently.

Bu yanıtı konu içinde okuyun 👍 1

Tüm Yanıtlar (3)

more options

Seçilen çözüm

You can try Firefox from the official Mozilla server if you currently use a version from the repositories of your Linux distribution to see if it behaves differently.

more options

Thanks, cor-el! Yes, the version you suggested runs clean without any excessive log messages. The version from Mozilla Team repository seem to be having something specific in its build that triggers this logging issue.

Regards,

Alex

more options

Just for the info...The logging issue seems to be related strictly to 'apparmor' facility. The version downloaded from Mozilla server runs from my home directory and doesn't have an 'apparmor' profile as the package installed from the linux repository. Hence no excessive logs...