NC Box SYSLOG apparmor-"DENIED" and ld.so.preload of libarmmem.so messages

NC Box - Linux ubuntu-standard 4.4.0-1017-raspi2 #23-Ubuntu SMP Thu Jun 30 21:50:40 UTC 2016 armv7l armv7l armv7l GNU/Linux
/etc/issue - Ubuntu 16.04.1 LTS \n \l

I’ve been a bit lax in log watching, but had a look in syslog and spotted lots of recurring error messages that are both linked to /etc/ld.so.preload.
The first may be from quite a while ago, syslog archive only goes back a week, so the first instance I have is likely not the first occurrence:

Dec 8 06:25:05 ubuntu-standard kernel: [3170838.096985] audit: type=1400 audit(1481178305.659:3149136): apparmor="DENIED" operation="open" profile="snap.nextcloud.mysql" name="/etc/ld.so.preload" pid=32065 comm="sleep" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

This happens every second, unitl… the next message starts after what appears to be an update of the Nextcloud snap

Dec 11 02:45:00 ubuntu-standard snap[10464]: ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.

The previous error is replaced by this one, which again happens every second. Has apparmor locked the file? Is the file even needed?

-rw-r--r-- 1 root root 42 Aug 24 03:27 /etc/ld.so.preload

$ cat /etc/ld.so.preload 
/usr/lib/arm-linux-gnueabihf/libarmmem.so

You’re not alone in this! I’ve been getting the same thing in my syslog as well:

Jan 14 18:42:52 nextcloud snap[1231]: message repeated 238 times: [ ERROR: ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.]

I’m also getting the apparmor denies in kern.log, not only for mysql but also for redis and the certificate renewal script.

Jan 14 18:22:42 nextcloud kernel: [   33.670218] audit: type=1400 audit(1484418162.535:33): apparmor="DENIED" operation="capable" profile="snap.nextcloud.redis-server" pid=1382 comm="redis-server" capability=24  capname="sys_resource"
Jan 14 18:22:43 nextcloud kernel: [   35.082526] audit: type=1400 audit(1484418163.947:34): apparmor="DENIED" operation="capable" profile="snap.nextcloud.mysql" pid=1368 comm="mysqld" capability=24  capname="sys_resource"
Jan 14 18:22:45 nextcloud kernel: [   36.376586] audit: type=1400 audit(1484418165.243:35): apparmor="DENIED" operation="exec" profile="snap.nextcloud.mysql" name="/bin/systemctl" pid=1407 comm="mysql.server" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
Jan 14 18:22:46 nextcloud kernel: [   37.628967] audit: type=1400 audit(1484418166.495:36): apparmor="DENIED" operation="ptrace" profile="snap.nextcloud.mysql" pid=1538 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
Jan 14 18:22:46 nextcloud kernel: [   37.661473] audit: type=1400 audit(1484418166.527:37): apparmor="DENIED" operation="ptrace" profile="snap.nextcloud.mysql" pid=1538 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
Jan 14 18:22:46 nextcloud kernel: [   37.662685] audit: type=1400 audit(1484418166.527:38): apparmor="DENIED" operation="ptrace" profile="snap.nextcloud.mysql" pid=1538 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
Jan 14 18:22:46 nextcloud kernel: [   37.664038] audit: type=1400 audit(1484418166.531:39): apparmor="DENIED" operation="ptrace" profile="snap.nextcloud.mysql" pid=1538 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
Jan 14 18:22:46 nextcloud kernel: [   37.667339] audit: type=1400 audit(1484418166.535:40): apparmor="DENIED" operation="ptrace" profile="snap.nextcloud.mysql" pid=1538 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
Jan 14 18:22:46 nextcloud kernel: [   37.667869] audit: type=1400 audit(1484418166.535:41): apparmor="DENIED" operation="ptrace" profile="snap.nextcloud.mysql" pid=1538 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
Jan 14 18:22:46 nextcloud kernel: [   37.669105] audit: type=1400 audit(1484418166.535:42): apparmor="DENIED" operation="ptrace" profile="snap.nextcloud.mysql" pid=1538 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
Jan 14 18:22:52 nextcloud kernel: [   43.568779] audit_printk_skb: 111 callbacks suppressed
Jan 14 18:22:52 nextcloud kernel: [   43.568807] audit: type=1400 audit(1484418172.435:80): apparmor="DENIED" operation="open" profile="snap.nextcloud.renew-certs" name="/proc/1365/mounts" pid=1365 comm="python" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

I’m hesitant to go tinkering with apparmor profiles, as I’ve never done it before. @__@

I’ve got the same, reoccurs every second.

Jan 15 18:41:53 nextcloud kernel: [333207.635281] audit: type=1400 audit(1484505713.194:332517): apparmor="DENIED" operation="open" profile="snap.nextcloud.mysql" name="/etc/ld.so.preload" pid=15900 comm="sleep" requested_mask="r" denied_mask="r" fsuid=0 ouid=0