Home / ubuntu / Questions / 1537197
Accepted
NovHak
Asked: 2025-01-05 02:26:08 +0800 CST

AppArmor is filling the journal with useless messages regarding Transmission

  • 772

24.10 user here. Counting from current boot only (less than three hours ago), I already have more than 6k useless messages like this in the journal :

audit: type=1400 audit(1736012989.876:317033): apparmor="ALLOWED" operation="file_perm" class="file" profile="transmission-gtk" name=<redacted> pid=11838 comm="transmission-gt" requested_mask="r" denied_mask="r" fsuid=1001 ouid=1001

Considering I’m a very modest user of Transmission, I guess it must get very heavy on active Transmission users’ disk space, easily counting in the hundreds of thousands, if not millions.

I’ve set the transmission-gtk profile to default_allow, which seems to get rid of the problem, but makes it somehow enforced too, i.e. explicit deny rules will be applied, so I will probably set it back to complain, but with an “allow all” rule… or maybe trash the whole shebang, which looks like a very sexy option at the time being.

However, correcting a bad profile would be better. Does anyone know how I can explicitly allow those file_perm operations ?

apparmor

1 Answers

  1. Best Answer

    I found out what the problem was. It’s specific to non-english users, or people who configured the download folder of Transmission outside of the Downloads directory.

    I download my torrents inside a Transmission directory that’s in my downloads folder… except that being french, my downloads folder is Téléchargements. The AppArmor Transmission profiles are set to rw-authorize everything inside the system-wide default downloads folder name, that’s defined in /etc/xdg/user-dirs.defaults. It’s still set to Downloads, so I could either change it to Téléchargements, or change the AppArmor profile.

    I chose the latter, by creating /etc/apparmor.d/local/transmission, whose content follows :

    owner @{HOME}/Téléchargements/ r,
owner @{HOME}/Téléchargements/** rw,

    Then, I replaced the Transmission profiles by running (as root) :

    apparmor_parser -r /etc/apparmor.d/transmission

    Note : I didn’t check, but it’s very much possible that the downloads directory name that’s chosen by the AppArmor profiles is not the default one, but the one that’s defined for the root user, if user-specific directories have been set on the system. Mind you, it’s very likely that none is specifically defined unless you have a “non-standard” view on security, but still, if it’s the case as I suspect it is, it should be addressed.

    • 2