asterisk-user Posted April 17, 2017 Posted April 17, 2017 Hi All, I might need your help with one issue I've encountered. I'm running debian with the 4.9.20 kernel on an Odroid XU4 board. I've compiled the kernel with the options for AppArmor enabled. The installed AppArmor version is the 2.10.95 (auditd is also installed in version 1:2.4-1+b1). ## Kernel Options ## CONFIG_SECURITY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_APPARMOR=y CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 CONFIG_DEFAULT_SECURITY_APPARMOR=y CONFIG_DEFAULT_SECURITY="apparmor" CONFIG_SECCOMP=y CONFIG_SECCOMP_FILTER=y CONFIG_AUDIT=y ## ## AppArmor itself is working without any issues. If I set a profile to enforce, then any not allowed action is blocked and logged accordingly. The problem I'm facing now is that AppArmor is not logging anything in complain mode, which makes it very difficult to create a new profile for applications. The strange thing is, that all actions get logged in enforce mode perfectly... (e.g. Apr 17 14:21:56 localhost kernel: [ 2913.082774] audit: type=1400 audit(1492435316.208:54): apparmor="DENIED" operation="open" profile="/usr/sbin/nginx" name="/etc/nginx/nginx.conf" pid=4260 comm="nginx" requested_mask="r" denied_mask="r" fsuid=0 ouid=0) Does anyone have a cloue what's wrong? I'd be greateful for any hints. Kind regards, Viktor
asterisk-user Posted April 18, 2017 Author Posted April 18, 2017 Hi All, it took me a while, but I found the solution: crontab (root): @reboot /bin/echo 0 > /proc/sys/kernel/printk_ratelimit solved the problem for me. It seems that the kernel is automatically filtering the apparmor messages (spam). Thanks, Viktor
Recommended Posts