apparmor.d/tests/testdata/logs/audit.log

type=BPF msg=audit(1111111111.111:1111): prog-id=60 op=LOAD
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="file_inherit" profile="kmod" pid=505701 comm="modprobe" family="unix" sock_type="stream" protocol=0 requested_mask="send receive"
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="file_inherit" profile="mkinitcpio" pid=505701 comm="modprobe" family="unix" sock_type="stream" protocol=0 requested_mask="receive"
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="file_inherit" profile="pacman" pid=505701 comm="modprobe" family="unix" sock_type="stream" protocol=0 requested_mask="receive"
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="file_inherit" profile="pacman-hook-mkinitcpio-install" pid=505701 comm="modprobe" family="unix" sock_type="stream" protocol=0 requested_mask="receive"
type=AVC msg=audit(1111111111.111:1111): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="apparmor_parser" name="firejail-default" pid=509201 comm="apparmor_parser"
type=AVC msg=audit(1111111111.111:1111): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="apparmor_parser" name="firejail-default" pid=509200 comm="apparmor_parser"
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="open" profile="aa-log" name="/sys/kernel/mm/transparent_hugepage/hpage_pmd_size" pid=509286 comm="remove-system.m" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0FSUID="user" OUID="user"
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="open" profile="sysctl" name="/proc/sys/kernel/panic_on_oops" pid=509859 comm="sysctl" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0FSUID="user" OUID="root"
type=BPF msg=audit(1111111111.111:1111): prog-id=75 op=LOAD
type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="signal" profile="dbus-daemon" pid=2466 comm="at-spi-bus-laun" requested_mask="receive" denied_mask="receive" signal=term peer="at-spi-bus-launcher"
type=BPF msg=audit(1111111111.111:1111): prog-id=16 op=LOAD
type=BPF msg=audit(1111111111.111:1111): prog-id=17 op=LOAD
type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="open" profile="dnsmasq" name="/proc/sys/kernel/osrelease" pid=1427 comm="dnsmasq" requested_mask="r" denied_mask="r" fsuid=0 ouid=0FSUID="root" OUID="root"
type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="open" profile="dnsmasq" name="/proc/1/environ" pid=1427 comm="dnsmasq" requested_mask="r" denied_mask="r" fsuid=0 ouid=0FSUID="root" OUID="root"
type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="open" profile="dnsmasq" name="/proc/cmdline" pid=1427 comm="dnsmasq" requested_mask="r" denied_mask="r" fsuid=0 ouid=0FSUID="root" OUID="root"
type=AVC msg=audit(1111111111.111:1111): apparmor="STATUS" operation="profile_load" profile="apparmor_parser" name="docker-default" pid=1775 comm="apparmor_parser"
type=BPF msg=audit(1111111111.111:1111): prog-id=18 op=LOAD
type=BPF msg=audit(1111111111.111:1111): prog-id=22 op=LOAD
type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="open" profile="lsb_release" name="/home/user/" pid=2737 comm="find" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000FSUID="user" OUID="user"
type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="open" profile="lsb_release" name="/etc/" pid=2737 comm="find" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0FSUID="user" OUID="root"
type=BPF msg=audit(1111111111.111:1111): prog-id=23 op=LOAD
type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="file_inherit" profile="chromium-chromium" name="/home/user/.local/share/gvfs-metadata/root" pid=8661 comm="chromium" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000FSUID="user" OUID="user"
type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="file_inherit" profile="chromium-chromium" name="/home/user/.local/share/gvfs-metadata/root-aaabbbc0.log" pid=8661 comm="chromium" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000FSUID="user" OUID="user"
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="open" profile="fusermount" name="/run/user/1000/doc/" pid=8703 comm="fusermount" requested_mask="r" denied_mask="r" fsuid=0 ouid=1000FSUID="root" OUID="user"
type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="open" profile="chrome-gnome-shell" name="/home/user/.netrc" pid=9119 comm="chrome-gnome-sh" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000FSUID="user" OUID="user"
type=BPF msg=audit(1111111111.111:1111): prog-id=26 op=LOAD
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="exec" info="no new privs" error=-1 profile="man" name="/usr/bin/preconv" pid=60755 comm="man" requested_mask="x" denied_mask="x" fsuid=1000 ouid=1000 target="man_groff" FSUID="user" OUID="user"
type=USER_AVC msg=audit(1111111111.111:1111): pid=1648 uid=102 auid=4294967295 ses=4294967295 subj=? msg='apparmor="ALLOWED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="AddMatch" name=":1.3" mask="receive" label="dbus-daemon" peer_pid=1667 peer_label="power-profiles-daemon"  exe="/usr/bin/dbus-daemon" sauid=102 hostname=? addr=? terminal=?'UID="messagebus" AUID="unset" SAUID="messagebus"
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="file_perm" parent=16001 profile=666F6F20626172 name="/home/foo/.bash_history" pid=17011 comm="bash" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=1000
type=USER_AVC msg=audit(1111111111.111:1111): pid=1648 uid=102 auid=4294967295 ses=4294967295 subj=? msg='apparmor="ALLOWED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="AddMatch" mask="send" name="org.freedesktop.DBus" pid=1667 label="power-profiles-daemon" peer_label="dbus-daemon"  exe="/usr/bin/dbus-daemon" sauid=102 hostname=? addr=? terminal=? UID="messagebus" AUID="unset" SAUID="messagebus"
type=USER_AVC msg=audit(1111111111.111:1111): pid=1648 uid=102 auid=4294967295 ses=4294967295 subj=? msg='apparmor="ALLOWED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="AddMatch" name=":1.4" mask="receive" label="dbus-daemon" peer_pid=1 peer_label="unconfined"  exe="/usr/bin/dbus-daemon" sauid=102 hostname=? addr=? terminal=?'UID="messagebus" AUID="unset" SAUID="messagebus"
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="bind" profile="gnome-shell" pid=2027 comm="gnome-shell" family="unix" sock_type="stream" protocol=0 requested_mask="bind" denied_mask="bind" addr="@/tmp/.X11-unix/X1"
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="file_perm" profile="gnome-session-binary" pid=1995 comm="gnome-session-b" family="unix" sock_type="stream" protocol=0 requested_mask="send receive" denied_mask="send receive" addr="@/tmp/.ICE-unix/1995" peer_addr=none peer="gnome-shell"
Sep  6 11:23:47 xubuntu-lts kernel: [   31.024982] audit: type=1107 audit(1111111111.111:1111): pid=1567 uid=102 auid=4294967295 ses=4294967295 subj=? msg='apparmor="ALLOWED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/Accounts/User1000" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name="org.freedesktop.Accounts" pid=1693 label="lightdm" peer_pid=1559 peer_label="accounts-daemon"
Sep  6 11:26:12 xubuntu-lts kernel: [  175.272924] audit: type=1107 audit(1111111111.111:1111): pid=1567 uid=102 auid=4294967295 ses=4294967295 subj=? msg='apparmor="ALLOWED" operation="dbus_signal"  bus="system" path="/org/freedesktop/Accounts/User1000" interface="org.freedesktop.Accounts.User" member="Changed" name=":1.6" mask="receive" pid=1693 label="lightdm" peer_pid=1559 peer_label="accounts-daemon"
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="link" class="file" profile="akonadi_maildispatcher_agent" name="/home/bob/.config/akonadi/agent_config_akonadi_maildispatcher_agent.CmJRGE" pid=19277 comm="akonadi_maildis" requested_mask="k" denied_mask="k" fsuid=1000 ouid=1000 target="/home/bob/.config/akonadi/#3029891" FSUID="user" OUID="user"