Bug 503132

Summary: krdc spams the kernel logs with apparmor audit messages
Product: [KDE Neon] neon Reporter: Laurent Bonnaud <L.Bonnaud>
Component: SnapsAssignee: Neon Bugs <neon-bugs-null>
Status: RESOLVED WORKSFORME    
Severity: normal CC: sgmoore
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Laurent Bonnaud 2025-04-21 18:58:21 UTC 
SUMMARY

The apparmor profile for krdc should be updated to remove audit messages.

STEPS TO REPRODUCE
1. start /snap/bin/krdc
2. connect to a VNC server

OBSERVED RESULT

The following messages are logged by the kernel:

[23322.233955] audit: type=1400 audit(1745260174.132:579): apparmor="DENIED" operation="capable" class="cap" profile="/usr/lib/snapd/snap-confine" pid=24602 comm="snap-confine" capability=12  capname="net_admin"
[23322.233967] audit: type=1400 audit(1745260174.132:580): apparmor="DENIED" operation="capable" class="cap" profile="/usr/lib/snapd/snap-confine" pid=24602 comm="snap-confine" capability=38  capname="perfmon"
[23322.236080] audit: type=1400 audit(1745260174.134:581): apparmor="DENIED" operation="capable" class="cap" profile="/usr/lib/snapd/snap-confine" pid=24602 comm="snap-confine" capability=4  capname="fsetid"
[23328.377203] audit: type=1400 audit(1745260180.276:583): apparmor="DENIED" operation="open" class="file" profile="snap.krdc.krdc" name="/proc/sys/kernel/core_pattern" pid=24602 comm="krdc" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[23328.434437] audit: type=1400 audit(1745260180.333:584): apparmor="DENIED" operation="open" class="file" profile="snap.krdc.krdc" name="/home/bonnaudl/.config/kdedefaults/kdeglobals" pid=24602 comm="krdc" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
[23328.435569] audit: type=1400 audit(1745260180.335:585): apparmor="DENIED" operation="open" class="file" profile="snap.krdc.krdc" name="/home/bonnaudl/.config/krdcrc" pid=24602 comm="krdc" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
[23328.462480] audit: type=1400 audit(1745260180.361:586): apparmor="DENIED" operation="open" class="file" profile="snap.krdc.krdc" name="/home/bonnaudl/.config/krdcrc" pid=24602 comm="krdc" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
[23328.486850] audit: type=1400 audit(1745260180.386:587): apparmor="DENIED" operation="open" class="file" profile="snap.krdc.krdc" name="/home/bonnaudl/.config/kdedefaults/kcminputrc" pid=24602 comm="krdc" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
[23328.486860] audit: type=1400 audit(1745260180.386:588): apparmor="DENIED" operation="open" class="file" profile="snap.krdc.krdc" name="/home/bonnaudl/.config/kcminputrc" pid=24602 comm="krdc" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
[23328.705771] audit: type=1326 audit(1745260180.605:589): auid=1000 uid=1000 gid=1000 ses=3 subj=snap.krdc.krdc pid=24602 comm="krdc" exe="/snap/krdc/102/usr/bin/krdc" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7d58eb76e6f1 code=0x50000
[23328.705778] audit: type=1326 audit(1745260180.605:590): auid=1000 uid=1000 gid=1000 ses=3 subj=snap.krdc.krdc pid=24602 comm="krdc" exe="/snap/krdc/102/usr/bin/krdc" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7d58eb76e6f1 code=0x50000
[23328.705781] audit: type=1326 audit(1745260180.605:591): auid=1000 uid=1000 gid=1000 ses=3 subj=snap.krdc.krdc pid=24602 comm="krdc" exe="/snap/krdc/102/usr/bin/krdc" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7d58eb76e6f1 code=0x50000
[23328.705784] audit: type=1326 audit(1745260180.605:592): auid=1000 uid=1000 gid=1000 ses=3 subj=snap.krdc.krdc pid=24602 comm="krdc" exe="/snap/krdc/102/usr/bin/krdc" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7d58eb76e6f1 code=0x50000
[23338.700767] audit: type=1400 audit(1745260190.599:620): apparmor="DENIED" operation="open" class="file" profile="snap.krdc.krdc" name="/home/bonnaudl/.config/kdedefaults/kdeglobals" pid=24602 comm="krdc" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
[23340.957849] audit: type=1400 audit(1745260192.856:621): apparmor="DENIED" operation="open" class="file" profile="snap.krdc.krdc" name="/home/bonnaudl/.config/kwalletrc" pid=24602 comm="krdc" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
[23340.957930] audit: type=1400 audit(1745260192.856:622): apparmor="DENIED" operation="open" class="file" profile="snap.krdc.krdc" name="/home/bonnaudl/.config/kwalletrc" pid=24602 comm="krdc" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000

EXPECTED RESULT

No audit logs.

SOFTWARE/OS VERSIONS

$ kinfo
Operating System: Kubuntu 25.04
KDE Plasma Version: 6.3.4
KDE Frameworks Version: 6.12.0
Qt Version: 6.8.3
Kernel Version: 6.14.3-061403-generic (64-bit)
Graphics Platform: X11
Comment 1 Scarlett Moore 2025-06-11 12:55:33 UTC 
Hi, I don't actually have any control over the apparmor profiles. Please report this upstream snapd https://bugs.launchpad.net/snapd/+filebug
Comment 2 Laurent Bonnaud 2025-06-11 13:38:03 UTC 
Thank you for your answer!
I reported the bug there:
https://bugs.launchpad.net/kde-snap-krdc/+bug/2113940
Comment 3 Bug Janitor Service 2025-06-26 03:48:04 UTC 
๐Ÿ›๐Ÿงน โš ๏ธ This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information, then set the bug status to REPORTED. If there is no change for at least 30 days, it will be automatically closed as RESOLVED WORKSFORME.

For more information about our bug triaging procedures, please read https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging.

Thank you for helping us make KDE software even better for everyone!
Comment 4 Bug Janitor Service 2025-07-11 03:47:48 UTC 
๐Ÿ›๐Ÿงน This bug has been in NEEDSINFO status with no change for at least 30 days. Closing as RESOLVED WORKSFORME.