My python Snapcraft app works perfectly. It does exactly what it is supposed to. Except…
It logs repeatedly to dmesg apparently claiming that apparmor denied it permission to do things. Here are two examples of logs that show up repeatedly.
[ 67.487382] audit: type=1400 audit(1662553232.920:101): apparmor="DENIED" operation="open" profile="snap.myapp.main" name="/proc/25/cmdline" pid=3140 comm="MyApp" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 586.726101] audit: type=1400 audit(1671210693.333:167): apparmor="DENIED" operation="open" profile="snap.myapp.main" name="/proc/11525/mounts" pid=11525 comm="python3" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Given that my app actually successfully does everything it’s supposed to do, why are these make-believe errors showing up at all?
More importantly, users are complaining about how their dmesg logs are filling up from my app. How do I stop this from happening?
Based on other conversations I found in this forum, I found that if I add plugs for the following interfaces to my YAML, and manually grant connections for them, then the dmesg logs do go away. However, I don’t understand the need to do this since my app is working perfectly (except the logs) without these interfaces.
hardware-observe
system-observe
mount-observe
I really don’t understand what’s going on. I’m not a Linux guru. I’d never even heard of dmesg or apparmor until my first user complaint. Does anyone have any suggestions for how I can figure this out? I really don’t want to have to request interfaces that I don’t need, especially if the user would have to manually enable them.
Thanks in advance!