Apparmor and laptop modes

Framework Laptop 16 Linux
1

Hi all,
wondering - coming from the monitoring world and knowing what some file write operations mean for a system, I am coming to wonder what it is doing on a laptop.

Now - after having installed Ubuntu on my FW16 and on the one of my daughter’s FW13, I noticed that the system load was between 0.5 and 1.5 on both systems.

What I also noticed when checking the logs is an excessive amount of logging while using firefox. You guys just run journalctl -f if using Ubuntu and Firefox - and you’ll see what I mean.
Loads of entries, all the time, looking like this:

mars 14 10:10:35 jupiter.solsys.org kernel: audit: type=1400 audit(1710407435.682:2458): apparmor="DENIED" operation="connect" class="file" info="Failed name lookup - disconnected path" error=-13 profile="firefox" name="run/systemd/resolve/io.systemd.Resolve" pid=2134 comm=444E53205265736F6C766572202338 requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=101
mars 14 10:10:35 jupiter.solsys.org kernel: audit: type=1400 audit(1710407435.686:2459): apparmor="DENIED" operation="connect" class="file" info="Failed name lookup - disconnected path" error=-13 profile="firefox" name="run/systemd/resolve/io.systemd.Resolve" pid=2134 comm=444E53205265736F6C766572202338 requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=101
mars 14 10:10:38 jupiter.solsys.org audit[2134]: AVC apparmor="DENIED" operation="connect" class="file" info="Failed name lookup - disconnected path" error=-13 profile="firefox" name="run/systemd/resolve/io.systemd.Resolve" pid=2134 comm=444E53205265736F6C766572202335 requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=101
mars 14 10:10:38 jupiter.solsys.org kernel: audit: type=1400 audit(1710407438.346:2460): apparmor="DENIED" operation="connect" class="file" info="Failed name lookup - disconnected path" error=-13 profile="firefox" name="run/systemd/resolve/io.systemd.Resolve" pid=2134 comm=444E53205265736F6C766572202335 requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=101

Coming also from the security side, I tend to deactivate apparmor on my “laptops”.
But my daughters??? (Artist and Literature).

I bet that if I disable apparmor, or reconfigure it correctly, it would reduce the amount of disk writes which in turn would reduce the used energy.
After having reconfigured the firefox apparmor profile on my laptop just after arrival of the latter, the last update add new issues.

What’s the best approach here? I really think I’ll dump it all together (apparmor), because in the end it is more of a pain than a security advantage in my eyes.

Any comments? hints?
PS: 5 days I have my FW16 - and journald is already 185MBytes in size.

2

This might not be useful to you, but as a software developer, I long ago learned that it’s a really good idea to have solid measurements proving that a specific optimization would actually do something useful before spending time on it. They also give you a way to see exactly how useful the optimization was, afterwards.

Do you have any way to measure the impact of apparmor on disk writes and/or battery life?

3

Not related to the particular issue, but still might be worth lookin at, if you have ram to spare.
It reduces disk writes by a lot and Firefox runs a lot snappier and smoother.
https://wiki.archlinux.org/title/Firefox/Profile_on_RAM

4

Coming from the same side, and putting monitoring to the lot, from experience, you need the data when you need to troubleshoot something. Not when in production.
When you have on a ESX host for example, 50VM’s writing out logs at the same time, the ESX server performance simply dies. Too much I/O.

In this case, we are alone on our laptops, but not only does the constant log writing wear on the SSD’s, but it requests CPU time to write the data out, RAM to buffer the data etc. and so on. So - if not specifically required, disable it if I can’t do it by configuration.
Because on calculation (taking into account that the laptop is powered around 14Hours/day), I get 37MBytes of logs per day - which cause roughly 200K log lines for ~14hours.
With the assumption that the average line size is ~200 bytes - this accounts to 3.67 lines per seconds written down. Means, the disk does not go to idle mode.

As I said, waste of resources. I’ll disable apparmor on my devices if a fix is not found for that Firefox spamming.

1 Like
5

That is an interesting approach. I’ll have to see if I want to check it out.
Note that with 64Gb of Ram - there enough RAM available used for caching.

top - 14:38:59 up  3:38,  6 users,  load average: 1,45, 1,36, 1,21
Tasks: 451 total,   1 running, 450 sleeping,   0 stopped,   0 zombie
%Cpu(s):  0,7 us,  0,5 sy,  0,0 ni, 98,5 id,  0,1 wa,  0,0 hi,  0,2 si,  0,0 st
MiB Mem :  63474,6 total,  47779,1 free,   8182,6 used,   7513,0 buff/cache
MiB Swap:      0,0 total,      0,0 free,      0,0 used.  52837,4 avail Mem

It would make sense when you are limited in resources (like I did on my weather station running on a raspberry PI) - to reserve portion of the RAM to specific tasks (tmpfs for creation of weather-data csv files).