Public bug reported: I just set up fwknop on Ubuntu 20.04 Server, but unfortunately fwknop service does not start with the apparmor profile in enforcing (which is the standard mode). This gives following error:
[...] Mai 12 17:19:08 audit[5272]: AVC apparmor="DENIED" operation="exec" profile="/usr/sbin/fwknopd" name="/usr/sbin/xtables-legacy-multi" pid=5272 comm="fwknopd" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 Mai 12 17:19:08 fwknopd[5272]: run_extcmd(): execvpe() failed: Permission denied Mai 12 17:19:08 fwknopd[5242]: Warning: Could not use the 'comment' match [...] Mai 12 17:19:08 audit[5294]: AVC apparmor="DENIED" operation="exec" profile="/usr/sbin/fwknopd" name="/usr/sbin/xtables-legacy-multi" pid=5294 comm="fwknopd" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 Mai 12 17:19:08 fwknopd[5294]: run_extcmd(): execvpe() failed: Permission denied Mai 12 17:19:08 systemd[1]: fwknop-server.service: Main process exited, code=exited, status=1/FAILURE -- Subject: Unit process exited -- Defined-By: systemd -- Support: http://www.ubuntu.com/support -- -- An ExecStart= process belonging to unit fwknop-server.service has exited. -- -- The process' exit code is 'exited' and its exit status is 1. Mai 12 17:19:08 systemd[1]: fwknop-server.service: Failed with result 'exit-code'. -- Subject: Unit failed -- Defined-By: systemd -- Support: http://www.ubuntu.com/support Setting the fwknop apparmor profile to just complaining, enables me to start the service, but that is not a satisfying solution. ** Affects: fwknop (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880009 Title: fwknop service unable to start due to apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fwknop/+bug/1880009/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
