ace0287d7a
Story: 2010310 Task: 47620 Signed-off-by: Elisamara Aoki Goncalves <elisamaraaoki.goncalves@windriver.com> Change-Id: I97065a0d0c345bb32663e1ff631c5c4ca524231d
1.2 KiB
Enable AppArmor Log
AppArmor usually outputs messages when it is interacting with an
application and if there are AppArmor denied messages. A message is
logged, via the Linux Auditing System, when a profile is in complain
mode and application tries to access denied resources. The Linux
Auditing System is disabled in the kernel by default. To enable it,
please refer to Enable Auditd in the
Kernel <auditd-support-339a51d8ce16>.
Note
Enabling Auditd in the kernel is necessary for AppArmor logging. User do NOT need to install Auditd system application.
Once enabled, the logged message can be seen at
/var/log/kern.log.
2023-02-01T01:48:45.412 controller-0 kernel: notice [ 4028.407687] audit: type=1400 audit(1675216125.410:3110): apparmor="ALLOWED" operation="open" profile="test-profile" name="/proc/1/attr/current" pid=331323 comm="cat" requested_mask="r" denied_mask="r" fsuid=0 ouid=0If auditd system application is installed as described in Start Auditd
System Application <auditd-support-339a51d8ce16>, the
messages are logged at /var/log/audit/audit.log.