What are these strange entries in dmesg?
Running Ubuntu Linux 9.04, and I see these odd log lines in dmesg:
[ 18.673752] type=1505 audit(1240159967.221:2): operation="profile_load" name="/usr/share/gdm/guest-session/Xsession" name2="default" pid=2197 [ 18.730952] type=1505 audit(1240159967.278:3): operation="profile_load" name="/sbin/dhclient-script" name2="default" pid=2201 [ 18.731093] type=1505 audit(1240159967.278:4): operation="profile_load" name="/sbin/dhclient3" name2="default" pid=2201 [ 18.731141] type=1505 audit(1240159967.278:5): operation="profile_load" name="/usr/lib/NetworkManager/nm-dhcp-client.action" name2="default" pid=2201 [ 18.731182] type=1505 audit(1240159967.278:6): operation="profile_load" name="/usr/lib/connman/scripts/dhclient-script" name2="default" pid=2201 [ 18.871720] type=1505 audit(1240159967.417:7): operation="profile_load" name="/usr/lib/cups/backend/cups-pdf" name2="default" pid=2206 [ 18.871913] type=1505 audit(1240159967.417:8): operation="profile_load" name="/usr/sbin/cupsd" name2="default" pid=2206 [ 18.909533] type=1505 audit(1240159967.458:9): operation="profile_load" name="/usr/sbin/tcpdump" name2="default" pid=2210
What generates them, and should I be worried?
It’s AppArmor loading it’s profiles as applications start up.
For those that don’t know AppArmor is similar to SE Linux in that it monitors and restricts based on a set of profiles usually configured in /etc/apparmor.d
The log entries you are seeing are good log entries and are showing that AppArmor is loading up and doing it’s thing. Generally you can ignore them but it’s always a good idea to remember AppArmor exists as it can bite you.
e.g. I reconfigured MySQL on a Ubuntu system to use /home/mysql for it’s data files and it wouldn’t start because AppArmor was blocking access to it. The MySQL logs just said “Permission Denied” where as syslog told me that AppArmor was stopping it.
Check more discussion of this question.
Related posts:
Leave a comment
Recent Posts
- Cron expression that runs every 5 minutes from 1:30 am – 6:00 am [duplicate]
- Understanding redundant power supplies
- Is there a way for administrators to disable users from installing Firefox extensions?
- Is there research material on NTP accuracy available?
- How to create a limited “domain admin” that does not have access to domain controllers?