Will disabling the charon and Apparmor profiles still let the VPN work? I
don't fully understand the technicality of this.
Thanks.
On Sun, Nov 20, 2016 at 12:22 AM, Douglas Kosovic <d...@uq.edu.au>
wrote:
> Sorry I gave bad advice, Apparmor complain mode won't help, it was the
> attach_disconnected in the patch which fixes the issue.
>
> Simplest solution without patching is to disable the charon and stroke
> Apparmor profiles as mentioned on:
> https://github.com/nm-l2tp/network-manager-l2tp/wiki
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1587886
>
> Title:
> strongswan ipsec status issue with apparmor
>
> Status in One Hundred Papercuts:
> Triaged
> Status in strongswan package in Ubuntu:
> In Progress
>
> Bug description:
> $ lsb_release -rd
> Description: Ubuntu 16.04 LTS
> Release: 16.04
>
> $ apt-cache policy strongswan
> strongswan:
> Installed: 5.3.5-1ubuntu3
> Candidate: 5.3.5-1ubuntu3
> Version table:
>*** 5.3.5-1ubuntu3 500
> 500 http://au.archive.ubuntu.com/ubuntu xenial/main amd64
> Packages
> 500 http://au.archive.ubuntu.com/ubuntu xenial/main i386
> Packages
> 100 /var/lib/dpkg/status
>
>
> Looks like 'ipsec status' might be causing strongswan's charon to
> write to run/systemd/journal/dev-log instead of /run/systemd/journal
> /dev-log and apparmor doesn't like it.
>
> Extract from /etc/apparmor.d/abstractions/base :
> /{,var/}run/systemd/journal/dev-log w,
>
> With an established ipsec connection, issue the following :
>
> $ sudo ipsec status
> connecting to 'unix:///var/run/charon.ctl' failed: Permission denied
> failed to connect to stroke socket 'unix:///var/run/charon.ctl'
>
>
> $ journalctl
> ...
> Jun 01 12:15:07 ThinkCentre-M900 kernel: audit: type=1400
> audit(1464785297.366:491): apparmor="DENIED" operation="connect"
> info="Failed name lookup - disconnected path" error=-13
> profile="/usr/lib/ipsec/charon" name="run/systemd/journal/dev-log"
> pid=4994 comm="charon" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
> ...
>
> ProblemType: Bug
> DistroRelease: Ubuntu 16.04
> Package: strongswan 5.3.5-1ubuntu3
> ProcVersionSignature: Ubuntu 4.4.0-22.40-generic 4.4.8
> Uname: Linux 4.4.0-22-generic x86_64
> NonfreeKernelModules: wl
> ApportVersion: 2.20.1-0ubuntu2.1
> Architecture: amd64
> CurrentDesktop: Unity
> Date: Wed Jun 1 23:06:53 2016
> InstallationDate: Installed on 2016-05-11 (21 days ago)
> InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64
> (20160420.1)
> PackageArchitecture: all
> SourcePackage: strongswan
> UpgradeStatus: No upgrade log present (probably fresh install)
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/hundredpapercuts/+bug/1587886/+subscriptions
>
--
Aquib Mir
c. 647.997.1982
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1587886
Title:
strongswan ipsec status issue with apparmor
To manage notifications about this bug go to:
https://bugs.launchpad.net/hundredpapercuts/+bug/1587886/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
