Euask
A community for mutual assistance and knowledge sharing

How to disable notification for complain mode's profile violation notification? Reward $1
Created by Aravi, 24 days ago, 238 views

This is related to my previous question.

http://www.euask.com/topic/9014-Ubuntu-apparmor-issue-It-says-denied-smbd-services-smbd-in-complains-mode-How-can-i-solve-this

I have installed appArmor notify to find out if any thing is blocked by appArmor. But it have landed me in a big trouble. I am getting notification every few mins.

How to disalbe the complain mode's profile violation nofitication without disturbing other apparmor notification?

Operating system is Ubuntu 16.04.3 LTS 64bits.
Facebook Twitter Google+ Addthis

√ Best Answer

1

ha1424 days ago

@Aravi

No problem..the bug can only be fixed by smb team...yeah check the security risks, notification service (apparmor-notify )
https://wiki.archlinux.org/index.php/AppArmor


firejail
https://firejail.wordpress.com/
https://firejail.wordpress.com/documentation-2/
https://firejail.wordpress.com/documentation-2/basic-usage/#private

  • downvote

2

ha1424 days ago

@Aravi

Profiles in complain mode don't enforce any profile rules, just log violation attempts.


How to disable a particular AppArmor profile on Ubuntu
http://ask.xmodulo.com/disable-particular-apparmor-profile-ubuntu.html

Configuring Security Event Notification
https://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/data/bx5dcog.html

https://help.ubuntu.com/community/AppArmor

Apparmor and its usage
https://wiki.itcollege.ee/index.php/Apparmor_and_its_usage

Ubuntu Linux: Disable Apparmor For Specific Profile / Service Such As Mysqld Server
https://www.cyberciti.biz/faq/ubuntu-linux-howto-disable-apparmor-commands/


Intro to Ubuntu Apparmor and How to Configure Apparmor Profiles
http://www.thegeekstuff.com/2014/03/apparmor-ubuntu/

  • downvote

3

Aravi24 days ago

Hi @ha14

Let us understand what it is. In linux os, apparmor just similar to windows defender.It is mandatory access control (MAC).

smbd is related to remote access service which supports windows machine. So I don't want smbd profile out of apparmor. complain mode's logs are minimum required to track.

Apart from apparmor (which is MAC) their is a optional tool called apparmor notification (aa-notify) (notification service for apparmor).

My major concern is that I want to disable its message for complain mode's violation report.

I can't afford to disable apparmor notification completely. Because, in case of blocking, I will land in problem. As I am a new Linux user.

  • downvote

4

Aravi24 days ago

@ha14
Friend, just I found the exact problem. Currently samba services are running in user level. This is the problem because the folder /run/samba/msg.lock is owned by root. It is privilege issue.

  • downvote

5

ha1424 days ago

@Aravi


reinstall Samba!!!

  • downvote

6

Aravi24 days ago

hi @ha14

find final solution.

1) samba/msg.lock is known issue and reported bug to smb team. So no way to fix it. Also samba should be with user level privilege. So re-installation will not help.

2) currently aa-notify don't offers ignore message option.

the possible solution is either remove the samba profile from apparmor. Or remove the notification service.

I just wasted full day behind this. sorry to waste your time too. I will check with possible security risk and decide which one to keep.

  • downvote

7

Aravi23 days ago

HI @ha14

Thanks I will try firejail too. The final resolution for the aa-notify is that it is a nonsense. You will be disturbed a log in desktop. It is more better to view the last few 100 lines when you have any issue.

  • downvote
    You have to sign in to answer a question, sign up if you don't have an account.


    Hot Topics
    yousifalnaier2 Change the IP address problem
    pleaseAnswerMe I can't find the file that will make me install code::blocks
    curnscurns "Can not connect to the server"
    sonich2401 Wise Reg Cleaner Desktop Glitch
    Teresita How do you earn online by using apps on cell phone?
    yousifalnaier2 My balance account
    CarloCorbacelli Title of the problemWise Driver Care
    tongkouthor [attachment=8844:0069567.jpg]
    Recent users who have won rewards.
    WiseCleaner_admin won $1
    WiseCleaner_admin won $1
    Tika won $4
    ZzMrXzZ won $2
    ha14 won $1
    nuklin won $1
    AAA1992 won $1
    ha14 won $1
    Karmadyota won $1
    ha14 won $1
    Latest Topics
    tongkouthor [attachment=8844:0069567.jpg]
    sonich2401 Wise Reg Cleaner Desktop Glitch
    CarloCorbacelli Title of the problemWise Driver Care
    curnscurns "Can not connect to the server"
    Fatemeh How to minimize Windows 7?
    rohinraha Windows 10 update
    pleaseAnswerMe I can't find the file that will make me install code::blocks
    yousifalnaier2 My balance account
    yousifalnaier2 Change the IP address problem
    Teresita How do you earn online by using apps on cell phone?
    Get free dollars by installing euask App.