Netdata warning in Apparmor

Martin_Neumann · June 20, 2023, 12:36pm

Suggested template:

Problem/Question

I am finding lots of errors in the messages log like that:
Jun 20 12:01:13 manager-de1 kernel: [4116456.558305] audit: type=1400 audit(1687262473.350:1341938466): apparmor=“DENIED” operation=“ptrace” profile=“docker-default” pid=3704500 comm=“apps.plugin” requested_mask=“read” denied_mask=“read” peer=“unconfined”

Upon further investigation I found out it is related to:
/usr/libexec/netdata/plugins.d/apps.plugin

Do I need to give access to ptrace for this process? If yes, any hints on how to do that in the apparmor config?

francescor · January 30, 2024, 11:43am

we have exactly the same problem, and is filling up logs

(ubuntu 22.04 with netdata running with docker swarm)

francescor · January 30, 2024, 11:54am

and this solution My journalctl logs get spammed with apparmor messages · Issue #55 · titpetric/netdata · GitHub does not help in docker swarm since security-opt is ignored there

francescor · January 30, 2024, 3:31pm

Our solution was to disable plugin “apps” in /etc/netdata/netdata.conf

cat config/netdata/netdata.conf

[plugins]
apps = no

Martin_Neumann · January 30, 2024, 6:42pm

Looks good. Will be losing out on some data, but the memory footprint will be leaner as well.

Topic		Replies	Views
Issue with netdata Docker agent. Failed to create SQLITE Help agent , dbengine	5	530	May 3, 2023
docker monitoring with 1.39 config steps Help agent	3	387	May 23, 2023
Reinstall the Agent in docker and adding tokens make the container non functional Help agent	1	894	February 19, 2022
netdata in docker swarm behind traefik Help	2	520	November 4, 2022
Docker on Synology with permissions errors Help	2	74	April 2, 2024

Netdata warning in Apparmor

Problem/Question

Related Topics