Netdata warning in Apparmor

Suggested template:


I am finding lots of errors in the messages log like that:
Jun 20 12:01:13 manager-de1 kernel: [4116456.558305] audit: type=1400 audit(1687262473.350:1341938466): apparmor=“DENIED” operation=“ptrace” profile=“docker-default” pid=3704500 comm=“apps.plugin” requested_mask=“read” denied_mask=“read” peer=“unconfined”

Upon further investigation I found out it is related to:

Do I need to give access to ptrace for this process? If yes, any hints on how to do that in the apparmor config?

1 Like

we have exactly the same problem, and is filling up logs

(ubuntu 22.04 with netdata running with docker swarm)

and this solution My journalctl logs get spammed with apparmor messages · Issue #55 · titpetric/netdata · GitHub does not help in docker swarm since security-opt is ignored there

Our solution was to disable plugin “apps” in /etc/netdata/netdata.conf

cat config/netdata/netdata.conf

apps = no

Looks good. Will be losing out on some data, but the memory footprint will be leaner as well.