I have the same problem. Plex snap version 1.41.6.9685-d301f511a running on Ubuntu 24.04.2. My journal file is about 5GiB and I get nearly the same errors as kasper8850. I get them in clusters, and they are correlated with client activity. Up to about 12 messages per second.
[Fri May 2 05:39:08 2025] audit: type=1400 audit(1746178759.340:139027): apparmor="DENIED" operation="open" class="file" profile="snap.plexmediaserver.plexmediaserver" name="/sys/devices/virtual/dmi/id/board_vendor" pid=2138 comm=504D53204275746C6572 requested_mask="r" denied_mask="r" fsuid=0 ouid=0
My understanding is that this log entry is made by apparmor because the activity is neither specifically allowed nor denied by the apparmor profile for plex media server. I don’t think that this being a snap has anything to do with apparmor except for the location that the profiles are stored. I believe the profile is located here:
/var/lib/snapd/apparmor/profiles/snap.plexmediaserver.plexmediaserver
After reading up on apparmor profiles, I tried adding these lines to that file to allow the access:
# Provide access to system vendor
/sys/devices/virtual/dmi/id/board_vendor r,
Then I restarted the apparmor service… and still get the log entries.
So I tried to prepend deny to the same directive, like so:
# Deny access to system vendor
deny /sys/devices/virtual/dmi/id/board_vendor r,
As I understand the profile syntax, this would deny the read, but not complain that it was attempted in the log file. … but I still get the log entries.
This is the first time I’ve had to work with apparmor, so any clues about why this didn’t work and how to work around would be really appreciated.
I assume that Plex provides the profile for apparmor as part of the software they distribute for Ubuntu and Mint. Is that true? If so, then this is a bug report and also a request for a work-around. If not, does Plex know who creates and distributes the profile? Thanks Again.
