Manpages - aa-notify.8

aa-notify - display information about logged AppArmor messages.

aa-notify [option]

aa-notify will display a summary or provide desktop notifications for AppArmor DENIED messages.

aa-notify accepts the following arguments:

-p, –poll

poll AppArmor logs and display desktop notifications. Can be used with ’-s’ option to display a summary on startup.

–display $DISPLAY

set the DISPLAY environment variable to $DISPLAY (might be needed if sudo resets $DISPLAY)

-f FILE, –file=FILE

search FILE for AppArmor messages

-l, –since-last

show summary since last login.

-s NUM, –since-days=NUM

show summary for last NUM of days.

-u USER, –user=USER

user to drop privileges to when running privileged. When used with the -p option, this should be set to the user that will receive desktop notifications. This has no effect when running under sudo.

-w NUM, –wait=NUM

wait NUM seconds before displaying notifications (for use with -p)

-v, –verbose

show messages with summaries.

-h, –help

displays a short usage statement.

System-wide configuration for aa-notify is done via /etc/apparmor/notify.conf:

show_notifications=“yes” # only people in use_group can use aa-notify use_group=“admin” # OPTIONAL - custom notification message body message_body=“This is a custom notification message.” # OPTIONAL - custom notification message footer message_footer=“For more information visit https://foo.com”

Per-user configuration is done via =$XDG_CONFIG_HOME=/apparmor/notify.conf (or the deprecated ~/.apparmor/notify.conf if it exists):

show_notifications=“yes”

aa-notify needs to be able to read the logfiles containing the AppArmor DENIED messages.

If you find any additional bugs, please report them to Gitlab at https://gitlab.com/apparmor/apparmor/-/issues.

apparmor (7)