Enable AppArmor LogΒΆ
AppArmor usually outputs messages when it is interacting with an application and if there are AppArmor denied messages. A message is logged, via the Linux Auditing System, when a profile is in complain mode and application tries to access denied resources. The Linux Auditing System is disabled in the StarlingX kernel by default. To enable it, please refer to Enable Auditd in the Kernel.
Note
Enabling Auditd in the kernel is necessary for AppArmor logging. User do NOT need to install Auditd system application.
Once enabled, the logged message can be seen at /var/log/kern.log
.
2023-02-01T01:48:45.412 controller-0 kernel: notice [ 4028.407687] audit: type=1400 audit(1675216125.410:3110): apparmor="ALLOWED" operation="open" profile="test-profile" name="/proc/1/attr/current" pid=331323 comm="cat" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
If auditd system application is installed as described in Start Auditd
System Application, the messages are logged at
/var/log/audit/audit.log
.