On 12/07/2017 02:00 PM, [email protected] wrote: > Hi, > > i have this rule in my profile: > owner /etc/passwd r, > > Problem is, that application is running under lots of different UIDs and all > of them are trying to access /etc/passwd (which is not needed, only master > process, running under root, needs it). How to get rid of the noise in the > logs? I cannot do 'deny /etc/passwd r' as it will deny also root (master > process) to access /etc/passwd. >
you can try an undocumented unsupported experimental feature, that will be supported in the future but in a different form. Add the rule deny other /etc/passwd r, this will deny access to tasks with uids that are not the owner of the file (fsuid != file uid), and the deny will quiet logging because it is a known denial. The other way is to use two profiles one for the master process and another for all the other processes that should not be accessing the file, but this can be inconvenient to set up. -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
