NAME¶

aa-notify - display information about logged AppArmor messages.

SYNOPSIS¶

aa-notify [option]

DESCRIPTION¶

aa-notify will display a summary or provide desktop notifications for AppArmor DENIED messages.

OPTIONS¶

aa-notify accepts the following arguments:

-p, --poll: poll AppArmor logs and display desktop notifications. Can be used with '-s' option to display a summary on startup.
--display $DISPLAY: set the DISPLAY environment variable to $DISPLAY (might be needed if sudo resets $DISPLAY)
-f FILE, --file=FILE: search FILE for AppArmor messages
-l, --since-last: show summary since last login.
-s NUM, --since-days=NUM: show summary for last NUM of days.
-u USER, --user=USER: user to drop privileges to when running privileged. When used with the -p option, this should be set to the user that will receive desktop notifications. This has no effect when running under sudo.
-w NUM, --wait=NUM: wait NUM seconds before displaying notifications (for use with -p)
-v, --verbose: show messages with summaries.
-h, --help: displays a short usage statement.

CONFIGURATION¶

System-wide configuration for aa-notify is done via /etc/apparmor/notify.conf:

  # Set to 'no' to disable AppArmor notifications globally
  show_notifications="yes"
  # Special profiles used to remove privileges for unconfined binaries using user namespaces. If unsure, leave as is.
  userns_special_profiles="unconfined,unprivileged_userns"
  # Theme for aa-notify GUI. See https://ttkthemes.readthedocs.io/en/latest/themes.html for available themes.
  interface_theme="ubuntu"
  # Binaries for which we ignore userns-related capability denials
  ignore_denied_capability="sudo,su"
  # OPTIONAL - kind of operations which display a popup prompt.
  prompt_filter="userns"
  # OPTIONAL - restrict using aa-notify to users in the given group
  # (if not set, everybody who has permissions to read the logfile can use it)
  # use_group="admin"
  # OPTIONAL - custom notification message body
  message_body="This is a custom notification message."
  # OPTIONAL - custom notification message footer
  message_footer="For more information visit https://foo.com"
  # OPTIONAL - custom notification filtering
  # Filters are used to reduce the output of information to only those entries that will match the filter. Filters use Python's regular expression syntax.
  filter.profile="^(foo|bar)$"  # Match the profile:            Only shows notifications for profiles "foo" or "bar"
  filter.operation="^open$"     # Match the operation:          Only shows notifications for "open" operation
  filter.name="^(?!/usr/lib/)"  # Match the name:               Excludes notifications for names starting by "/usr/lib/"
  filter.denied="^r$"           # Match the denied_mask:        Only shows notifications where "r", and only "r", was denied
  filter.family="^inet$"        # Match the network family:     Only shows notifications for "inet" family
  filter.socket="stream"        # Match the network socket type: Only shows notifications for "stream" sockets

Per-user configuration is done via $XDG_CONFIG_HOME/apparmor/notify.conf (or the deprecated ~/.apparmor/notify.conf if it exists):

  # set to 'yes' to enable AppArmor DENIED notifications
  show_notifications="yes"

BUGS¶

aa-notify needs to be able to read the logfiles containing the AppArmor DENIED messages.

If you find any additional bugs, please report them to Gitlab at <https://gitlab.com/apparmor/apparmor/-/issues>.

Source file:	aa-notify.8.en.gz (from apparmor-notify 4.1.0-1)
Source last updated:	2025-04-10T15:06:25Z
Converted to HTML:	2025-04-10T21:12:23Z