search

snapcrafters / discord

A community-maintained package to easily install Discord on Linux
MIT License
76 stars 19 forks source link

AppArmor denial cluttering systemd logs #23

Open Ads20000 opened 6 years ago

Ads20000 commented 6 years ago

audit[6291]: AVC apparmor="DENIED" operation="ptrace" profile="snap.discord.discord" pid=6291 comm="Discord" requested_mask="trace" d (I can't see the rest of the line through systemctl and I can't open the file in Text Editor (it's too big) and cat and nano can't seem to read it (is that normal?)) is repeated many times in /var/log/journal/system.journal making it 100MB for just a few days of logging. The /var/log/journal directory is over 4GB.

popey commented 6 years ago

Yeah, it seems like discord likes to interrogate other applications on the system, probably so it can show to your friends what game you're currently playing. I don't know what we can do about this. I expect there needs to be a tweak to the apparmor policy. I think we may need to get jdstrand involved. Mind starting a forum thread?

Ads20000 commented 6 years ago

Will do, thanks for the speedy response :smiley:

Ads20000 commented 6 years ago

See https://forum.snapcraft.io/t/discord-ptrace-apparmor-denials/5099 and https://forum.snapcraft.io/t/auto-connections-for-discord/2392

Ads20000 commented 6 years ago

This is fixed with

snap connect discord:system-observe :system-observe
snap connect discord:unity7 :unity7

@popey should that last one be added to the README? Or maybe we could remove them all? I'm not sure Discord needs any of them and seems to only need system-observe and unity7 to end the denials? Perhaps system-observe and unity7 should be listed in the README and nothing listed on the snap store as at current...

danielesegato commented 5 years ago

Sorry, I know this is closed, but the issue is still there.

I do not consider it fixed by running those commands because of 2 reasons:

  1. Users should not be required to run a command line instruction manually after install
  2. Even running those commands (specifically the system-observe one, the other is already there) some logs are still there
[ 9217.259134] audit: type=1400 audit(1550748163.700:6490): apparmor="DENIED" operation="capable" profile="snap.discord.discord" pid=5462 comm="Discord" capability=19  capname="sys_ptrace"
[ 9222.258887] audit: type=1400 audit(1550748168.700:6491): apparmor="DENIED" operation="capable" profile="snap.discord.discord" pid=5462 comm="Discord" capability=19  capname="sys_ptrace"
[ 9227.261310] audit: type=1400 audit(1550748173.704:6492): apparmor="DENIED" operation="capable" profile="snap.discord.discord" pid=5462 comm="Discord" capability=19  capname="sys_ptrace"
[ 9242.263344] audit: type=1400 audit(1550748188.704:6493): apparmor="DENIED" operation="capable" profile="snap.discord.discord" pid=5462 comm="Discord" capability=19  capname="sys_ptrace"
[ 9247.264970] audit: type=1400 audit(1550748193.708:6494): apparmor="DENIED" operation="capable" profile="snap.discord.discord" pid=5462 comm="Discord" capability=19  capname="sys_ptrace"

this is not acceptable

Ads20000 commented 5 years ago

To remove the need to manually connect system-observe we need upstream Discord devs to comment here (or via @flexiondotorg I suppose? Martin can you please get in touch with them since that is what @jdstrand is requiring to get this fixed?) As for unity7, Martin didn't request for that to be auto-connected, could he please explain why? EDIT: unity7 is actually auto-connected, it just wasn't on my system, so you don't need that command. I've asked in the forum what could be causing your denials.

Also, please could you (Daniele) attach the outputs of: snap info discord snap version snap info core

You can use the HTML below to make it look nice!

<details>
<summary> Discord x.y.z yyyy-mm-dd (revision) </summary>
$ snap info discord
$ snap version
$ snap info core
</details>
danielesegato commented 5 years ago
Discord 0.0.8 2019-02-14 (91) ``` $ snap info discord name: discord summary: All-in-one voice and text chat for gamers publisher: Snapcrafters contact: https://github.com/snapcrafters/discord/issues license: unset description: | All-in-one voice and text chat for gamers that's free, secure, and works on both your desktop and phone. This snap is maintained by the Snapcrafters community, and is not necessarily endorsed or officially maintained by the upstream developers. commands: - discord snap-id: qHVefGEBezeuCeSfTND40uoUD6GRw8BO tracking: stable refresh-date: 9 days ago, at 16:23 CET channels: stable: 0.0.8 2019-02-14 (91) 69MB - candidate: ↑ beta: 0.0.8 2019-02-14 (91) 69MB - edge: 0.0.8 2019-02-13 (91) 69MB - installed: 0.0.8 (91) 69MB - ``` ``` $ snap version snap 2.37.2 snapd 2.37.2 series 16 ubuntu 18.04 kernel 4.15.0-45-generic ``` ``` $ snap info core name: core summary: snapd runtime environment publisher: Canonical✓ contact: snaps@canonical.com license: unset description: | The core runtime environment for snapd type: core snap-id: 99T7MUlRhtI3U0QFgl5mXXESAiSwt776 tracking: stable refresh-date: 8 days ago, at 09:28 CET channels: stable: 16-2.37.2 2019-02-14 (6405) 95MB - candidate: 16-2.37.2 2019-02-12 (6405) 95MB - beta: 16-2.37.3 2019-02-19 (6479) 95MB - edge: 16-2.37.3+git1157.1c9d322 2019-02-23 (6501) 93MB - installed: 16-2.37.2 (6405) 95MB core ```

thank you @Ads20000

Ads20000 commented 5 years ago

@danielesegato as @diddledan on the forum suggests, could you please run

sudo snap install snappy-debug

then 

snappy-debug.security scanlog

in a Terminal whilst Discord is running? Then provide the output (in <details>), thanks! :) Also, Daniel reckons that the (manual) solution to your problem is probably

snap connect discord:process-control :process-control

Note that it might not be possible to ever make this automatic because it might be that the snappy team are never convinced that Discord needs these permissions to run. Snaps are confined and should be reasonably safe for you to run, giving Discord automatic access to things like process-control (which it seems to want) may be considered unreasonable by the snappy developers.

danielesegato commented 5 years ago

@Ads20000 it's not gonna contains much usefulness

sys_ptrace snappy debug ``` = AppArmor = Time: Feb 25 16:55:33 Log: apparmor="DENIED" operation="capable" profile="snap.discord.discord" pid=7216 comm="Discord" capability=19 capname="sys_ptrace" Capability: sys_ptrace Suggestions: * adjust program to not require 'CAP_SYS_PTRACE' (see 'man 7 capabilities') * do nothing if program otherwise works properly ```
danielesegato commented 5 years ago

I totally agree about being unreasonable. But I still would like to have the log suppressed. (denied silently).

rigred commented 5 years ago

As far as I know, the apparmor logs are somewhat of an issue resulting from the fact that's surprisingly convoluted to deny specific apparmor messages silently in the autogenerated snap apparmor config files. I have a way for doing it manually, but every snap update/tiny change breaks that.

By adding to /var/lib/snapd/apparmor/profiles/snap.discord.discord:

deny capability sys_ptrace,

then running

sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap.discord.discord
Fuseteam commented 5 years ago

what is it even denying? can/should we allow it instead?

On Mon, Mar 11, 2019, 15:52 Rigo notifications@github.com wrote:

As far as I know, the apparmor logs are somewhat of an issue resulting from the fact that's surprisingly convoluted to deny specific apparmor messages silently in the autogenerated snap apparmor config files. I have a way for doing it manually, but every snap update/tiny change breaks that.

By adding to /var/lib/snapd/apparmor/profiles/snap.discord.discord:

deny capability sys_ptrace,

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/snapcrafters/discord/issues/23#issuecomment-471673592, or mute the thread https://github.com/notifications/unsubscribe-auth/AJ8GW17mcogqGq6q7PIcLb4PLXn7Au01ks5vVqX2gaJpZM4TfuTg .

jdstrand commented 5 years ago

As far as I know, the apparmor logs are somewhat of an issue resulting from the fact that's surprisingly convoluted to deny specific apparmor messages silently in the autogenerated snap apparmor config files. I have a way for doing it manually, but every snap update/tiny change breaks that.

By adding to /var/lib/snapd/apparmor/profiles/snap.discord.discord:

deny capability sys_ptrace,

then running

sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap.discord.discord

FYI, my comment here: https://forum.snapcraft.io/t/auto-connections-for-discord/2392/21 where we can update our conditional explicit deny policy.

themepresse commented 5 years ago

This is fixed with

snap connect discord:system-observe :system-observe
snap connect discord:unity7 :unity7

doing this and deactivating streamer mode (searching for running apps like obs, ..) and tracking of currently played games fixed the issue on my end.

douglasg14b commented 5 years ago

I agree with @danielesegato

I don't want to provide the access discord wants, but i don't want it cluttering my log files. I would like it to fail silently. The level of log spam is absurd.

ThePythonicCow commented 5 years ago

See my new analysis of what Discord is doing, and a possible workaround (if the Snap packagers think it is practical) at https://github.com/snapcrafters/discord/issues/43

mark-kubacki commented 5 years ago

It's not that hard to check if the syscall failed (EPERM and similar), set a flag, cease and desist further attempts. Indeed not checking return values is considered a bad practice in software development.

jdstrand commented 5 years ago

https://github.com/snapcore/snapd/pull/7019 (ie https://github.com/snapcore/snapd/commit/a87003c81407692dba692979344ea83cd463bdb7#diff-a34e166c5b3016c122430c5884f41e9b) was included in snapd 2.40. People who are still seeing this, can you perform snap version and verify you are running 2.40 and comment if you are and still seeing this issue?

wilx commented 5 years ago

I am still seeing this. I have manually connected discord:system-observe, discord:process-control, and discord:network-observe to work around the issue.

> snap version
snap    2.41
snapd   2.41
series  16
ubuntu  19.04
kernel  5.0.0-27-generic
jdstrand commented 5 years ago

I am still seeing this. I have manually connected discord:system-observe, discord:process-control, and discord:network-observe to work around the issue.

> snap version
snap    2.41
snapd   2.41
series  16
ubuntu  19.04
kernel  5.0.0-27-generic

Can you perform a:

$ grep 'deny capability sys_ptrace' /var/lib/snapd/apparmor/profiles/snap.discord.*

If I do that here, I see:

$ grep 'deny capability sys_ptrace' /var/lib/snapd/apparmor/profiles/snap.discord.*
deny capability sys_ptrace,

Also, can you paste some representative apparmor denials you are still seeing?

jdstrand commented 5 years ago

Also note, while discord plugs syste-observe, process-control and network-observe, these are not auto-connected by default.

wilx commented 5 years ago 
> grep 'deny capability sys_ptrace' /var/lib/snapd/apparmor/profiles/snap.discord.*
deny capability sys_ptrace,
[11016.951627] kauditd_printk_skb: 84 callbacks suppressed
[11016.951629] audit: type=1400 audit(1568315092.037:149127): apparmor="DENIED" operation="ptrace" profile="snap.discord.discord" pid=18216 comm="Discord" requested_mask="read" denied_mask="read" peer="unconfined"
[11016.951656] audit: type=1400 audit(1568315092.037:149128): apparmor="DENIED" operation="open" profile="snap.discord.discord" name="/proc/2027/cmdline" pid=18216 comm="Discord" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[11016.951670] audit: type=1400 audit(1568315092.037:149129): apparmor="DENIED" operation="open" profile="snap.discord.discord" name="/proc/2043/cmdline" pid=18216 comm="Discord" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[11016.951680] audit: type=1400 audit(1568315092.037:149130): apparmor="DENIED" operation="ptrace" profile="snap.discord.discord" pid=18216 comm="Discord" requested_mask="read" denied_mask="read" peer="unconfined"
[11016.951698] audit: type=1400 audit(1568315092.037:149131): apparmor="DENIED" operation="ptrace" profile="snap.discord.discord" pid=18216 comm="Discord" requested_mask="read" denied_mask="read" peer="unconfined"
[11016.951722] audit: type=1400 audit(1568315092.037:149132): apparmor="DENIED" operation="open" profile="snap.discord.discord" name="/proc/2178/cmdline" pid=18216 comm="Discord" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[11016.951731] audit: type=1400 audit(1568315092.037:149133): apparmor="DENIED" operation="ptrace" profile="snap.discord.discord" pid=18216 comm="Discord" requested_mask="read" denied_mask="read" peer="unconfined"
[11016.951751] audit: type=1400 audit(1568315092.037:149134): apparmor="DENIED" operation="ptrace" profile="snap.discord.discord" pid=18216 comm="Discord" requested_mask="read" denied_mask="read" peer="unconfined"
[11016.951770] audit: type=1400 audit(1568315092.037:149135): apparmor="DENIED" operation="ptrace" profile="snap.discord.discord" pid=18216 comm="Discord" requested_mask="read" denied_mask="read" peer="unconfined"
[11016.951790] audit: type=1400 audit(1568315092.037:149136): apparmor="DENIED" operation="ptrace" profile="snap.discord.discord" pid=18216 comm="Discord" requested_mask="read" denied_mask="read" peer="unconfined"
jdstrand commented 5 years ago

[11016.951629] audit: type=1400 audit(1568315092.037:149127): apparmor="DENIED" operation="ptrace" profile="snap.discord.discord" pid=18216 comm="Discord" requested_mask="read" denied_mask="read" peer="unconfined" [11016.951656] audit: type=1400 audit(1568315092.037:149128): apparmor="DENIED" operation="open" profile="snap.discord.discord" name="/proc/2027/cmdline" pid=18216 comm="Discord" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

@wilx - right, those are different denials that should go away once you 'snap connect discord:system-observe'.

douglasg14b commented 5 years ago

This is still a, frustrating, issue....

What if I don't want Discord to be connected to system-observe?

Fuseteam commented 5 years ago

@douglasg14b its a "feature" of discord to show off what your doing

xNinjaKittyx commented 4 years ago

For me, I went into 

vi /var/lib/snapd/apparmor/profiles/snap.discord.discord

And added these two lines at the end before the }

deny /proc/@{pid}/cmdline r,
deny ptrace (read),

And run

sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap.discord.discord

I have no idea what the implications of the 2nd deny is, so please use at your own risk.

begui commented 4 years ago

I really wish they would fix this.... I'm about to cause some trouble if i have to fix it myself.. very annoying

jdstrand commented 4 years ago

I thought I read somewhere the denials only show up when a certain feature was enabled, but I'm not sure about that (if true, the denial would be gone from the logs if the feature were disabled).

As mentioned, the system-observe interface does allow ptrace read (which does not allow ptracing and controlling other processes). For people trying to decide whether or not to connect the system-observe interface, I suggest reading the security policy at https://github.com/snapcore/snapd/blob/master/interfaces/builtin/system_observe.go#L32. Note, the interface is 'observe' and not 'control' so the accesses, while more than discord should need, are perhaps acceptable for your environment.

The choice today is to disable the feature in discord (assuming that is an option), connect the interface and let discord see, but not modify, some information from other processes or live with the denial (or make local modifications to the profile as mentioned above, but those changes won't persist and could conflict with future rules).

There is an apparmor feature on the horizon that will allow suppressing denials in a manner that snapd could robustly build upon for a feature to allow users a way to suppress noisy denials in some manner, but that feature is not available for snapd to use yet.

Fuseteam commented 4 years ago

Sadly i don't believe there's a way to disable rich presence

Ads20000 commented 4 years ago

According to a user on the snapcraft forums there is a way of disabling rich presence!!

https://forum.snapcraft.io/t/discord-ptrace-apparmor-denials/5099/15?u=ads20000

In discord, you can just disable the system process scan. To do this, go to, user settings, Activity and Games, Show the game i am currently playing. regards.

JXM464 commented 4 years ago

According to a user on the snapcraft forums there is a way of disabling rich presence!!

https://forum.snapcraft.io/t/discord-ptrace-apparmor-denials/5099/15?u=ads20000

In discord, you can just disable the system process scan. To do this, go to, user settings, Activity and Games, Show the game i am currently playing. regards.

I can confirm this doesn't work. Error messages are still generated when the "show game feature" is turned off - also when then "streamer mode" setting is turned off as well.

jdstrand commented 4 years ago

@JXM464 - keep in mind there are several variables at play. Can you paste a few representative journalctl entries along with the output of snap version and snap connections discord?

Ads20000 commented 4 years ago

I have now provided these (though I haven't turned the show game feature off)

queeup commented 4 years ago

Spamming hard...

$ head -2 /etc/os-release
NAME="elementary OS"
VERSION="5.1.4 Hera"

$ snap version
snap        2.44.3
snapd       2.44.3
series      16
elementary  5.1.4
kernel      4.15.0-101-generic

$ snap connections discord 
Interface                 Plug                            Slot                             Notes
browser-support           discord:browser-support         :browser-support                 -
camera                    discord:camera                  :camera                          -
content[gnome-3-28-1804]  discord:gnome-3-28-1804         gnome-3-28-1804:gnome-3-28-1804  -
content[gtk-3-themes]     discord:gtk-3-themes            gtk-common-themes:gtk-3-themes   manual
content[icon-themes]      discord:icon-themes             gtk-common-themes:icon-themes    manual
content[sound-themes]     discord:sound-themes            gtk-common-themes:sound-themes   manual
desktop                   discord:desktop                 :desktop                         -
desktop-legacy            discord:desktop-legacy          :desktop-legacy                  -
gsettings                 discord:gsettings               :gsettings                       -
home                      discord:home                    :home                            -
mount-observe             discord:mount-observe           -                                -
network                   discord:network                 :network                         -
network-observe           discord:network-observe         -                                -
opengl                    discord:opengl                  :opengl                          -
process-control           discord:process-control         -                                -
pulseaudio                discord:pulseaudio              :pulseaudio                      -
removable-media           discord:removable-media         -                                -
screen-inhibit-control    discord:screen-inhibit-control  :screen-inhibit-control          -
system-observe            discord:system-observe          :system-observe                  manual
unity7                    discord:unity7                  :unity7                          -
wayland                   discord:wayland                 :wayland                         -
x11                       discord:x11                     :x11                             -

May 20 01:57:49 ThinkPad-T430 audit[17671]: AVC apparmor="DENIED" operation="open" profile="snap.discord.discord" name="/home/queeup/.local/share/flatpak/exports/share/icons/hicolor/icon-theme.cache" pid=17671 comm="Discord" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
May 20 01:57:49 ThinkPad-T430 audit[17671]: AVC apparmor="DENIED" operation="open" profile="snap.discord.discord" name="/home/queeup/.local/share/flatpak/exports/share/icons/hicolor/256x256/apps/" pid=17671 comm="Discord" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
May 20 01:57:49 ThinkPad-T430 audit[17671]: AVC apparmor="DENIED" operation="open" profile="snap.discord.discord" name="/home/queeup/.local/share/flatpak/exports/share/icons/hicolor/icon-theme.cache" pid=17671 comm="Discord" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
May 20 01:57:49 ThinkPad-T430 audit[17671]: AVC apparmor="DENIED" operation="open" profile="snap.discord.discord" name="/home/queeup/.local/share/flatpak/exports/share/icons/hicolor/512x512/apps/" pid=17671 comm="Discord" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
May 20 01:57:49 ThinkPad-T430 audit[17671]: AVC apparmor="DENIED" operation="open" profile="snap.discord.discord" name="/home/queeup/.local/share/flatpak/exports/share/icons/hicolor/icon-theme.cache" pid=17671 comm="Discord" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
jdstrand commented 4 years ago

May 20 01:57:49 ThinkPad-T430 audit[17671]: AVC apparmor="DENIED" operation="open" profile="snap.discord.discord" name="/home/queeup/.local/share/flatpak/exports/share/icons/hicolor/icon-theme.cache" pid=17671 comm="Discord" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000

This suggests that your XDG_DATA_DIRS contains an entry for flatpak. @jhenstridge, I feel like ~/.local/share/flatpak/exports came up elsewhere... is this something we should also explicitly deny?

jhenstridge commented 4 years ago

@jdstrand: yep, Flatpak adds ~/.local/share/flatpak/exports/share to $XDG_DATA_DIRS, which in turn causes many libraries to attempt file access under that location. Silencing denials to that location would make sense.

With that said, perhaps we're just chasing symptoms here. I can trick many snap applications into accessing almost arbitrary locations by modifying $XDG_DATA_DIRS, and it will almost universally do the wrong thing. So does it even make sense to pass XDG base dir environment variables through to the sandbox of strict confined snaps?

jdstrand commented 4 years ago

@jdstrand: yep, Flatpak adds ~/.local/share/flatpak/exports/share to $XDG_DATA_DIRS, which in turn causes many libraries to attempt file access under that location. Silencing denials to that location would make sense.

With that said, perhaps we're just chasing symptoms here. I can trick many snap applications into accessing almost arbitrary locations by modifying $XDG_DATA_DIRS, and it will almost universally do the wrong thing. So does it even make sense to pass XDG base dir environment variables through to the sandbox of strict confined snaps?

Thanks. I agree it would be best to handle XDG_DATA_DIRS better. In the meantime, I will add a single deny rule for ~/.local/share/flatpak/exports/share while the details are being worked out.

jdstrand commented 4 years ago

Thanks. I agree it would be best to handle XDG_DATA_DIRS better. In the meantime, I will add a single deny rule for ~/.local/share/flatpak/exports/share while the details are being worked out.

FYI, https://github.com/snapcore/snapd/pull/8793 will address the noisy flatpak denials (as an aside, https://github.com/snapcore/snapd/pull/8301 should address noisy *.desktop denials)

uSpike commented 4 years ago

I'm still getting tons of:

AVC apparmor="DENIED" operation="ptrace" profile="snap.discord.discord" pid=4263 comm="Discord" requested_mask="read" denied_mask="read" peer="unconfined"

with

snap    2.45
snapd   2.45
series  16
ubuntu  20.04
kernel  5.4.0-33-generic

Had to run snap connect discord:system-observe :system-observe to silence messages.

Fuseteam commented 4 years ago

confirmed running snap connect discord:system-observe solves this bug

Fuseteam commented 4 years ago

for reference this is the output of cat /var/log/syslog|grep discord

Aug 13 08:44:05 fuseteam dbus-daemon[26563]: [session uid=1000 pid=26563] Activating via systemd: service name='org.freedesktop.portal.Documents' unit='xdg-document-portal.service' requested
by ':1.93' (uid=1000 pid=27458 comm="discord " label="unconfined")
Aug 13 08:44:13 fuseteam kernel: [ 2894.063130] audit: type=1107 audit(1597319053.772:217): pid=2570 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/" interface="org.freedesktop.DBus.ObjectManager" member="GetManagedObjects" mask="send" name="org.bluez" pid=27458 label="snap.discord.discord" peer_pid=2656 peer_label="unconfined"
Aug 13 08:44:24 fuseteam kernel: [ 2905.006776] audit: type=1107 audit(1597319064.716:220): pid=2570 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/login1" interface="org.freedesktop.login1.Manager" member="Inhibit" mask="send" name="org.freedesktop.login1" pid=27458 label="snap.discord.discord" peer_pid=2614 peer_label="unconfined"
Aug 13 08:44:37 fuseteam kernel: [ 2918.140171] audit: type=1400 audit(1597319077.848:221): apparmor="DENIED" operation="open" profile="snap.discord.discord" name="/proc/27458/clear_refs" pid=27458 comm="Discord" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
Aug 13 08:44:44 fuseteam kernel: [ 2925.087324] audit: type=1400 audit(1597319084.796:223): apparmor="DENIED" operation="open" profile="snap.discord.discord" name="/var/lib/snapd/desktop/applications/anbox_android-settings.desktop" pid=29165 comm="grep" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Aug 13 08:44:44 fuseteam kernel: [ 2925.087374] audit: type=1400 audit(1597319084.796:224): apparmor="DENIED" operation="open" profile="snap.discord.discord" name="/var/lib/snapd/desktop/applications/anbox_appmgr.desktop" pid=29165 comm="grep" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Aug 13 08:44:44 fuseteam kernel: [ 2925.087454] audit: type=1400 audit(1597319084.796:225): apparmor="DENIED" operation="open" profile="snap.discord.discord" name="/var/lib/snapd/desktop/applications/firefox_firefox.desktop" pid=29165 comm="grep" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Aug 13 08:44:44 fuseteam kernel: [ 2925.087493] audit: type=1400 audit(1597319084.796:226): apparmor="DENIED" operation="open" profile="snap.discord.discord" name="/var/lib/snapd/desktop/applications/fluffychat_fluffychat.desktop" pid=29165 comm="grep" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Aug 13 08:44:44 fuseteam kernel: [ 2925.087521] audit: type=1400 audit(1597319084.796:227): apparmor="DENIED" operation="open" profile="snap.discord.discord" name="/var/lib/snapd/desktop/applications/gimp_gimp.desktop" pid=29165 comm="grep" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Aug 13 08:44:44 fuseteam kernel: [ 2925.087541] audit: type=1400 audit(1597319084.796:228): apparmor="DENIED" operation="open" profile="snap.discord.discord" name="/var/lib/snapd/desktop/applications/inkscape_inkscape.desktop" pid=29165 comm="grep" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Aug 13 08:44:44 fuseteam kernel: [ 2925.087562] audit: type=1400 audit(1597319084.796:229): apparmor="DENIED" operation="open" profile="snap.discord.discord" name="/var/lib/snapd/desktop/applications/kdenlive_kdenlive.desktop" pid=29165 comm="grep" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Aug 13 08:44:44 fuseteam kernel: [ 2925.087583] audit: type=1400 audit(1597319084.796:230): apparmor="DENIED" operation="open" profile="snap.discord.discord" name="/var/lib/snapd/desktop/applications/krita_krita.desktop" pid=29165 comm="grep" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Aug 13 08:44:44 fuseteam kernel: [ 2925.087603] audit: type=1400 audit(1597319084.796:231): apparmor="DENIED" operation="open" profile="snap.discord.discord" name="/var/lib/snapd/desktop/applications/lbry_lbry.desktop" pid=29165 comm="grep" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Aug 13 08:44:44 fuseteam kernel: [ 2925.087627] audit: type=1400 audit(1597319084.796:232): apparmor="DENIED" operation="open" profile="snap.discord.discord" name="/var/lib/snapd/desktop/applications/zoom-client_zoom-client.desktop" pid=29165 comm="grep" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Aug 13 12:32:33 fuseteam snapd[2722]: storehelpers.go:438: cannot refresh: snap has no updates available: "bashtop", "core", "core18", "discord", "firefox", "fluffychat", "gimp", "gnome-3-28-1804", "gnome-3-34-1804", "gtk-common-themes", "gtk2-common-themes", "inkscape", "kde-frameworks-5-core18", "kde-frameworks-5-qt-5-14-core18", "kdenlive", "krita", "lbry", "nextcloud", "wormhole", "zoom-client"
jdstrand commented 4 years ago

FYI, the .desktop noisy denials should go away when https://github.com/snapcore/snapd/pull/8301 lands (which we are targeting for snapd 2.46, which is the upcoming release).

Fuseteam commented 4 years ago

cool thanks!

xzivzs commented 4 years ago

Snapd now on 2.46 but still the same issue:

Sep 15 19:59:35 xzi-vzs kernel: [ 278.769559] audit: type=1400 audit(1600225175.064:7033): apparmor="DENIED" operation="ptrace" profile="snap.discord.discord" pid=4195 comm="Discord" requested_mask="read" denied_mask="read" peer="unconfined"

Ben64 commented 4 years ago

This is ridiculous. Is there any way to stop the spam? Discord accounts for 199913 of 247121 lines in my syslog. That's just under 80.9% JUST for Discord!!!

-edit- Yes there is. Connect discord to just about every permission there is. Why this isn't already set up on install or just fails silently I don't know. Why discord needs to set affinity every second I don't know either...


[  199.206296] audit: type=1326 audit(1600233695.765:6442): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  199.449055] audit: type=1326 audit(1600233696.005:6443): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  199.449129] audit: type=1326 audit(1600233696.005:6444): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  199.660483] audit: type=1326 audit(1600233696.217:6445): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  199.660638] audit: type=1326 audit(1600233696.217:6446): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  201.338531] audit: type=1326 audit(1600233697.897:6447): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  201.338636] audit: type=1326 audit(1600233697.897:6448): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  201.592150] audit: type=1326 audit(1600233698.149:6449): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  201.592264] audit: type=1326 audit(1600233698.149:6450): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  205.385757] audit: type=1326 audit(1600233701.945:6459): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  205.385811] audit: type=1326 audit(1600233701.945:6460): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  205.827900] audit: type=1326 audit(1600233702.385:6461): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  205.828030] audit: type=1326 audit(1600233702.385:6462): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  206.073644] audit: type=1326 audit(1600233702.633:6463): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  206.073675] audit: type=1326 audit(1600233702.633:6464): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  206.335619] audit: type=1326 audit(1600233702.893:6465): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  206.335717] audit: type=1326 audit(1600233702.893:6466): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  207.625344] audit: type=1326 audit(1600233704.181:6467): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  207.625438] audit: type=1326 audit(1600233704.181:6468): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  210.598726] audit: type=1326 audit(1600233707.157:6481): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  210.598999] audit: type=1326 audit(1600233707.157:6482): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  211.657566] audit: type=1326 audit(1600233708.217:6483): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  211.657659] audit: type=1326 audit(1600233708.217:6484): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  212.650495] audit: type=1326 audit(1600233709.209:6485): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  212.650660] audit: type=1326 audit(1600233709.209:6486): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  213.185372] audit: type=1326 audit(1600233709.745:6487): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  213.185495] audit: type=1326 audit(1600233709.745:6488): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  213.406722] audit: type=1326 audit(1600233709.965:6489): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  213.406917] audit: type=1326 audit(1600233709.965:6490): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  216.029929] audit: type=1326 audit(1600233712.589:6505): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  216.030240] audit: type=1326 audit(1600233712.589:6506): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  216.225594] audit: type=1326 audit(1600233712.785:6507): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  216.225783] audit: type=1326 audit(1600233712.785:6508): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  216.425784] audit: type=1326 audit(1600233712.985:6509): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  216.425951] audit: type=1326 audit(1600233712.985:6510): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  217.037307] audit: type=1326 audit(1600233713.593:6511): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  217.037447] audit: type=1326 audit(1600233713.593:6512): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  217.260712] audit: type=1326 audit(1600233713.813:6513): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  217.260935] audit: type=1326 audit(1600233713.813:6514): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  221.076122] audit: type=1326 audit(1600233717.629:6519): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  221.076328] audit: type=1326 audit(1600233717.629:6520): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  227.064513] audit: type=1326 audit(1600233723.618:6521): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  227.064591] audit: type=1326 audit(1600233723.618:6522): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  227.720694] audit: type=1326 audit(1600233724.274:6523): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  227.720832] audit: type=1326 audit(1600233724.274:6524): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  228.166713] audit: type=1326 audit(1600233724.722:6525): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  228.166907] audit: type=1326 audit(1600233724.722:6526): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  228.664746] audit: type=1326 audit(1600233725.218:6527): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  228.664952] audit: type=1326 audit(1600233725.222:6528): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  230.286179] audit: type=1326 audit(1600233726.842:6529): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  230.286243] audit: type=1326 audit(1600233726.842:6530): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  233.882973] audit: type=1326 audit(1600233730.438:6537): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  233.883046] audit: type=1326 audit(1600233730.438:6538): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  234.082121] audit: type=1326 audit(1600233730.638:6539): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  234.082216] audit: type=1326 audit(1600233730.638:6540): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  268.768703] audit: type=1326 audit(1600233765.327:6541): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  268.768735] audit: type=1326 audit(1600233765.327:6542): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  311.565957] audit: type=1326 audit(1600233808.128:6543): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  311.566013] audit: type=1326 audit(1600233808.128:6544): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  311.823282] audit: type=1326 audit(1600233808.388:6545): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  311.823540] audit: type=1326 audit(1600233808.388:6546): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  312.036246] audit: type=1326 audit(1600233808.600:6547): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  312.036476] audit: type=1326 audit(1600233808.600:6548): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  312.244788] audit: type=1326 audit(1600233808.808:6549): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  312.244884] audit: type=1326 audit(1600233808.808:6550): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  312.628240] audit: type=1326 audit(1600233809.192:6551): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  312.628373] audit: type=1326 audit(1600233809.192:6552): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  317.975018] audit: type=1326 audit(1600233814.541:6563): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  317.975234] audit: type=1326 audit(1600233814.541:6564): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  319.513638] audit: type=1326 audit(1600233816.077:6565): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  319.513841] audit: type=1326 audit(1600233816.081:6566): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  320.826747] audit: type=1326 audit(1600233817.393:6567): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  320.826944] audit: type=1326 audit(1600233817.393:6568): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  321.467893] audit: type=1326 audit(1600233818.033:6569): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  321.468196] audit: type=1326 audit(1600233818.033:6570): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  322.060796] audit: type=1326 audit(1600233818.625:6571): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  322.060912] audit: type=1326 audit(1600233818.625:6572): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  323.102795] audit: type=1326 audit(1600233819.669:6573): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  323.103167] audit: type=1326 audit(1600233819.669:6574): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  323.321737] audit: type=1326 audit(1600233819.889:6575): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  323.321910] audit: type=1326 audit(1600233819.889:6576): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  323.527975] audit: type=1326 audit(1600233820.093:6577): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  323.528124] audit: type=1326 audit(1600233820.093:6578): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  323.731737] audit: type=1326 audit(1600233820.297:6579): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  323.731912] audit: type=1326 audit(1600233820.297:6580): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  323.940323] audit: type=1326 audit(1600233820.505:6581): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  323.940460] audit: type=1326 audit(1600233820.505:6582): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  328.170371] audit: type=1326 audit(1600233824.733:6621): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  328.170556] audit: type=1326 audit(1600233824.733:6622): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  328.394009] audit: type=1326 audit(1600233824.957:6623): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  328.394113] audit: type=1326 audit(1600233824.957:6624): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  328.636459] audit: type=1326 audit(1600233825.197:6625): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  328.636645] audit: type=1326 audit(1600233825.197:6626): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  328.990496] audit: type=1326 audit(1600233825.554:6627): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  328.990628] audit: type=1326 audit(1600233825.554:6628): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  329.220327] audit: type=1326 audit(1600233825.782:6629): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  329.220387] audit: type=1326 audit(1600233825.782:6630): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  333.924299] audit: type=1326 audit(1600233830.486:6645): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  333.924499] audit: type=1326 audit(1600233830.486:6646): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  334.729915] audit: type=1326 audit(1600233831.294:6647): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  334.730013] audit: type=1326 audit(1600233831.294:6648): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  335.306030] audit: type=1326 audit(1600233831.870:6649): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  335.306287] audit: type=1326 audit(1600233831.870:6650): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  336.042339] audit: type=1326 audit(1600233832.606:6651): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  336.042452] audit: type=1326 audit(1600233832.606:6652): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  337.025524] audit: type=1326 audit(1600233833.590:6653): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  337.025714] audit: type=1326 audit(1600233833.590:6654): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  468.954311] audit: type=1326 audit(1600233965.529:6657): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  468.954542] audit: type=1326 audit(1600233965.529:6658): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  469.779739] audit: type=1326 audit(1600233966.353:6659): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  469.779805] audit: type=1326 audit(1600233966.353:6660): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  470.323004] audit: type=1326 audit(1600233966.897:6661): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  470.323202] audit: type=1326 audit(1600233966.897:6662): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  470.906810] audit: type=1326 audit(1600233967.481:6663): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  470.906884] audit: type=1326 audit(1600233967.481:6664): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  471.123915] audit: type=1326 audit(1600233967.697:6665): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  471.124135] audit: type=1326 audit(1600233967.697:6666): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  474.148463] audit: type=1326 audit(1600233970.721:6677): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  474.148571] audit: type=1326 audit(1600233970.721:6678): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  474.895038] audit: type=1326 audit(1600233971.469:6679): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  474.895273] audit: type=1326 audit(1600233971.469:6680): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  477.142544] audit: type=1326 audit(1600233973.717:6681): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  477.142622] audit: type=1326 audit(1600233973.717:6682): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  520.878152] audit: type=1326 audit(1600234017.450:6683): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  520.878243] audit: type=1326 audit(1600234017.450:6684): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  521.926585] audit: type=1326 audit(1600234018.499:6685): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  521.926694] audit: type=1326 audit(1600234018.499:6686): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  549.328647] audit: type=1326 audit(1600234045.902:6687): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  549.328684] audit: type=1326 audit(1600234045.902:6688): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  604.776398] audit: type=1326 audit(1600234101.359:6689): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  604.776501] audit: type=1326 audit(1600234101.359:6690): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  607.342433] audit: type=1326 audit(1600234103.923:6691): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000
[  607.342580] audit: type=1326 audit(1600234103.923:6692): auid=500 uid=500 gid=1000 ses=3 pid=12181 comm="Discord" exe="/snap/discord/115/usr/share/discord/Discord" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff321858b9f code=0x50000```
jhenstridge commented 4 years ago

@Ben64: is the discord:process-control plug connected?

xzivzs commented 4 years ago

What would be the best solution then ? I don't want to compromise my system giving all access to discord. What do you guys recommend ?

Fuseteam commented 4 years ago

@xzivzs some well maintained third party discord client perhaps? nothing we do will prevent discord from trying to use that game activity/rich presence "feature". if this format is ever to be officially supported the snap will have to give just enough access for the feature responsible for the logs to just work

xzivzs commented 4 years ago

Thank you for your reply. If I'd install discord with the .deb package , would I get the same problem ? Meaning is it a snap / discord related " behavior" ?

Fuseteam commented 4 years ago

installing the deb would give discord "the access" that snap is denying atm. "the access" discord is asking from snap is part of this discord itself, no matter the package format. with snap you can deny the access, with debs you cannot