Apparmor messages for certbot snap

Everything seems to be working okay with certbot but I'm seeing these messages in my logs. Is this anything to be concerned about? Is there an easy way to get rid of these?

Nov  8 20:26:43 nl kernel: [21823218.095678] audit: type=1400 audit(1667960803.591:754): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap-update-ns.certbot-dns-cloudflare" pid=3967728 comm="apparmor_parser"
Nov  8 20:26:43 nl kernel: [21823218.192287] audit: type=1400 audit(1667960803.691:755): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap.certbot-dns-cloudflare.hook.post-refresh" pid=3967729 comm="apparmor_parser"
Nov  8 20:26:43 nl kernel: [21823218.193648] audit: type=1400 audit(1667960803.691:756): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap-update-ns.certbot" pid=3967730 comm="apparmor_parser"
Nov  8 20:26:43 nl kernel: [21823218.228939] audit: type=1400 audit(1667960803.727:757): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap.certbot.hook.configure" pid=3967734 comm="apparmor_parser"
Nov  8 20:26:43 nl kernel: [21823218.233231] audit: type=1400 audit(1667960803.731:758): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap.certbot.certbot" pid=3967733 comm="apparmor_parser"
Nov  8 20:26:43 nl kernel: [21823218.238866] audit: type=1400 audit(1667960803.735:759): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap.certbot.renew" pid=3967742 comm="apparmor_parser"
Nov  8 20:26:43 nl kernel: [21823218.243925] audit: type=1400 audit(1667960803.739:760): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap.certbot.hook.prepare-plug-plugin" pid=3967741 comm="apparmor_parser"
Nov  8 20:26:49 nl kernel: [21823223.786795] audit: type=1400 audit(1667960809.283:761): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap.certbot.certbot" pid=3967931 comm="apparmor_parser"
Nov  8 20:26:49 nl kernel: [21823223.809185] audit: type=1400 audit(1667960809.307:762): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap.certbot.hook.configure" pid=3967932 comm="apparmor_parser"
Nov  8 20:26:49 nl kernel: [21823223.818852] audit: type=1400 audit(1667960809.315:763): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap.certbot.hook.prepare-plug-plugin" pid=3967933 comm="apparmor_parser"
Nov  8 20:26:49 nl kernel: [21823223.828147] audit: type=1400 audit(1667960809.327:764): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap.certbot.renew" pid=3967934 comm="apparmor_parser"
Nov  8 20:26:49 nl kernel: [21823223.896747] audit: type=1400 audit(1667960809.395:765): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap-update-ns.certbot-dns-cloudflare" pid=3967935 comm="apparmor_parser"
Nov  8 20:26:49 nl kernel: [21823223.899059] audit: type=1400 audit(1667960809.395:766): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap-update-ns.certbot" pid=3967930 comm="apparmor_parser"
Nov  8 20:26:49 nl kernel: [21823224.058165] audit: type=1400 audit(1667960809.555:767): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap.certbot-dns-cloudflare.hook.post-refresh" pid=3967936 comm="apparmor_parser"
Nov  8 20:26:51 nl kernel: [21823225.879710] audit: type=1400 audit(1667960811.375:768): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap-update-ns.certbot-dns-cloudflare" pid=3967978 comm="apparmor_parser"
Nov  8 20:26:51 nl kernel: [21823226.035133] audit: type=1400 audit(1667960811.531:769): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap.certbot-dns-cloudflare.hook.post-refresh" pid=3967979 comm="apparmor_parser"
Nov  8 20:26:51 nl kernel: [21823226.041524] audit: type=1400 audit(1667960811.539:770): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap-update-ns.certbot" pid=3967980 comm="apparmor_parser"
Nov  9 03:46:45 nl kernel: [21849621.067690] audit: type=1400 audit(1667987205.525:775): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap-update-ns.certbot-dns-cloudflare" pid=3975713 comm="apparmor_parser"
Nov  9 03:46:45 nl kernel: [21849621.067690] audit: type=1400 audit(1667987205.525:775): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap-update-ns.certbot-dns-cloudflare" pid=3975713 comm="apparmor_parser"
Nov  9 03:46:45 nl kernel: [21849621.150047] audit: type=1400 audit(1667987205.605:776): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap-update-ns.certbot" pid=3975715 comm="apparmor_parser"
Nov  9 03:46:45 nl kernel: [21849621.150047] audit: type=1400 audit(1667987205.605:776): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap-update-ns.certbot" pid=3975715 comm="apparmor_parser"
Nov  9 03:46:45 nl kernel: [21849621.179173] audit: type=1400 audit(1667987205.637:777): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap.certbot-dns-cloudflare.hook.post-refresh" pid=3975714 comm="apparmor_parser"
Nov  9 03:46:45 nl kernel: [21849621.179173] audit: type=1400 audit(1667987205.637:777): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap.certbot-dns-cloudflare.hook.post-refresh" pid=3975714 comm="apparmor_parser"
Nov  9 03:46:45 nl kernel: [21849621.209242] audit: type=1400 audit(1667987205.665:778): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap.certbot.hook.configure" pid=3975718 comm="apparmor_parser"
Nov  9 03:46:45 nl kernel: [21849621.209242] audit: type=1400 audit(1667987205.665:778): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap.certbot.hook.configure" pid=3975718 comm="apparmor_parser"
Nov  9 03:46:45 nl kernel: [21849621.217609] audit: type=1400 audit(1667987205.673:779): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap.certbot.hook.prepare-plug-plugin" pid=3975719 comm="apparmor_parser"
Nov  9 03:46:45 nl kernel: [21849621.217609] audit: type=1400 audit(1667987205.673:779): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap.certbot.hook.prepare-plug-plugin" pid=3975719 comm="apparmor_parser"
Nov  9 03:46:45 nl kernel: [21849621.218754] audit: type=1400 audit(1667987205.677:780): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap.certbot.certbot" pid=3975717 comm="apparmor_parser"
Nov  9 03:46:45 nl kernel: [21849621.218754] audit: type=1400 audit(1667987205.677:780): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap.certbot.certbot" pid=3975717 comm="apparmor_parser"
Nov  9 03:46:45 nl kernel: [21849621.224967] audit: type=1400 audit(1667987205.681:781): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap.certbot.renew" pid=3975720 comm="apparmor_parser"
Nov  9 03:46:45 nl kernel: [21849621.224967] audit: type=1400 audit(1667987205.681:781): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap.certbot.renew" pid=3975720 comm="apparmor_parser"
[5481429.703842] kernel: audit: type=1400 audit(1651619649.739:262): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap-update-ns.certbot-dns-cloudflare" pid=730292 comm="apparmor_parser"
[5481429.952336] kernel: audit: type=1400 audit(1651619649.991:263): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap.certbot-dns-cloudflare.hook.post-refresh" pid=730293 comm="apparmor_parser"
[5481429.991892] kernel: audit: type=1400 audit(1651619650.027:264): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap-update-ns.certbot" pid=730299 comm="apparmor_parser"
[5481430.028801] kernel: audit: type=1400 audit(1651619650.067:265): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap.certbot.hook.configure" pid=730302 comm="apparmor_parser"
[5481430.029414] kernel: audit: type=1400 audit(1651619650.067:266): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap.certbot.certbot" pid=730301 comm="apparmor_parser"
[5481430.043101] kernel: audit: type=1400 audit(1651619650.079:267): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap.certbot.hook.prepare-plug-plugin" pid=730303 comm="apparmor_parser"
[5481430.044791] kernel: audit: type=1400 audit(1651619650.083:268): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap.certbot.renew" pid=730304 comm="apparmor_parser"
[5481432.004173] kernel: audit: type=1400 audit(1651619652.043:269): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap.certbot.certbot" pid=730319 comm="apparmor_parser"
[5481432.024231] kernel: audit: type=1400 audit(1651619652.063:270): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap.certbot.hook.configure" pid=730320 comm="apparmor_parser"
[5481432.044866] kernel: audit: type=1400 audit(1651619652.083:271): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap.certbot.hook.prepare-plug-plugin" pid=730321 comm="apparmor_parser"
1 Like

It's normal and will show up any time the Certbot snap (or plugins) get updated.

You could try suppressing the audit messages in your system journal by:

  1. Setting Audit=no in /etc/systemd/journald.conf and restarting systemd-journald
  2. Masking systemd-journald-audit.socket

But I'd just leave it.

6 Likes