After some research I can now safely confirm this bug. However, the log lines do not seem to be related to any rules in "/etc/audit/rules.d" or AppArmor profiles loaded. %‑)
The only difference between the log lines in *this* bug report, my lines and the ones mentioned on https://bugzilla.redhat.com/show_bug.cgi?id=1507282 seems to be system- specific configuration, e.g. SELinux. Over the past 24 hours, I also had sometimes 100 lines at once in my log when opening or reloading a web page, in a new tab in Firefox. Therefore Firefox seems to be the only "offending" application at present. I also cleared the /etc/audit/rules.d and uninstalled the AppArmor extras packages (apparmor-profiles, apparmor-profiles-extra) with the Firefox profiles in it. Unfortunately the logs lines still poured in. Therefore I also changed the abstractions for Firefox (/etc/apparmor.d/abstractions/ubuntu-browsers) and commented out everything Firefox related, with no avail. The problem is somewhere deeper and not Firefox-specific. I hope Tyler Hicks (tyhicks) is correct and the fixes mentioned will soon be available. Due to the problem I generated several GiB of logs a day which is not so good for my SSD (even with wear-leveling). My temporary workaround is to stop auditd, since unlike /etc/systemd/journald.conf there is no Storage=volatile option for auditd. :-0 ',:-l >:/ ** Bug watch added: Red Hat Bugzilla #1507282 https://bugzilla.redhat.com/show_bug.cgi?id=1507282 ** Bug watch added: Red Hat Bugzilla #1117953 https://bugzilla.redhat.com/show_bug.cgi?id=1117953 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1774711 Title: excessive seccomp audit logs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1774711/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
