Simon, thank you.
Looks like lowering the amount of socket helps.
BR,
Ruslan.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1549436
Title:
AppArmor kills StronSwan daemon 'charon'
To manage
Simon, thank you.
Looks like lowering the amount of socket helps.
BR,
Ruslan.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to strongswan in Ubuntu.
https://bugs.launchpad.net/bugs/1549436
Title:
AppArmor kills StronSwan daemon
Hello Simon,
I'm not really sure should I post it here, report a new bug, or report a
bug to strongswan project directly.
I can reproduce this buffer overflow with 100% probability. It is a
resource independent and strongswan fail as on t1.micro or at any
instance with more resources.
Buffer
Hello Simon,
I'm not really sure should I post it here, report a new bug, or report a
bug to strongswan project directly.
I can reproduce this buffer overflow with 100% probability. It is a
resource independent and strongswan fail as on t1.micro or at any
instance with more resources.
Buffer
Looks like I've found the reason why charon want to open /dev/tty - just
to say about buffer overflow error:
01[IKE] CHILD_SA ikev2-with-eap-loadtest{221} established with SPIs c26fb333_i
c1ac3989_o and TS 172.31.59.95/32 === 10.0.0.221/32
16[IKE] CHILD_SA ikev2-with-eap-loadtest{222}
Looks like I've found the reason why charon want to open /dev/tty - just
to say about buffer overflow error:
01[IKE] CHILD_SA ikev2-with-eap-loadtest{221} established with SPIs c26fb333_i
c1ac3989_o and TS 172.31.59.95/32 === 10.0.0.221/32
16[IKE] CHILD_SA ikev2-with-eap-loadtest{222}
> I have no idea what can cause this access to /dev/tty. I never ran into
> this problem on my own server which is similar minus the EAP/RADIUS
> part, I use xauth-generic only.
xauth-eap works in a different way. It takes clear text password from client
and makes EAP request to a radius server
> I have no idea what can cause this access to /dev/tty. I never ran into
> this problem on my own server which is similar minus the EAP/RADIUS
> part, I use xauth-generic only.
xauth-eap works in a different way. It takes clear text password from client
and makes EAP request to a radius server
The server serves only incoming VPN requests, it is for mobile road-
warriors. And the error does not occur right after starting a
strongswan or bringing tunnels up. So it makes no sense to run it with
auto=add or not.
Strongswan is serving clients ok. It is working for a long time until a
first
The server serves only incoming VPN requests, it is for mobile road-
warriors. And the error does not occur right after starting a
strongswan or bringing tunnels up. So it makes no sense to run it with
auto=add or not.
Strongswan is serving clients ok. It is working for a long time until a
first
Hello Simon,
No, I do not have encrypted certs and StrongSwan works well as a service
without user interaction:
# sudo ipsec start --nofork
Starting strongSwan 5.1.2 IPsec [starter]...
00[DMN] Starting IKE charon daemon (strongSwan 5.1.2, Linux 3.13.0-48-generic,
x86_64)
00[CFG] loading ca
Hello Simon,
No, I do not have encrypted certs and StrongSwan works well as a service
without user interaction:
# sudo ipsec start --nofork
Starting strongSwan 5.1.2 IPsec [starter]...
00[DMN] Starting IKE charon daemon (strongSwan 5.1.2, Linux 3.13.0-48-generic,
x86_64)
00[CFG] loading ca
Public bug reported:
At some conditions AppArmor Deny access of /usr/lib/ipsec/charon to a
/dev/tty, which causes a daemon restart:
Feb 24 07:06:04 vpn-01 kernel: [548017.000283] type=1400
audit(1456297564.902:21): apparmor="DENIED" operation="open"
profile="/usr/lib/ipsec/charon"
Public bug reported:
At some conditions AppArmor Deny access of /usr/lib/ipsec/charon to a
/dev/tty, which causes a daemon restart:
Feb 24 07:06:04 vpn-01 kernel: [548017.000283] type=1400
audit(1456297564.902:21): apparmor="DENIED" operation="open"
profile="/usr/lib/ipsec/charon"
/701161/+subscribe
WBR,
Ruslan_ka
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/701161
Title:
package fglrx 2:8.723.1-0ubuntu5 failed to install/upgrade: попытка
перезаписи '/usr/share/fglrx
Public bug reported:
it appear's after update from 10.04 to 10.04.1.
ProblemType: Package
DistroRelease: Ubuntu 10.04
Package: fglrx 2:8.723.1-0ubuntu5
ProcVersionSignature: Ubuntu 2.6.32-27.49-generic 2.6.32.26+drm33.12
Uname: Linux 2.6.32-27-generic x86_64
Architecture: amd64
Date: Thu Jan 6
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/701161
Title:
package fglrx 2:8.723.1-0ubuntu5 failed to install/upgrade: попытка
перезаписи '/usr/share/fglrx/atigetsysteminfo.sh', котор(ый)ая
The same problem. Ubuntu 10.10, users via LDAP, home folder - on local disk.
uname -a
Linux ll-sta-005 2.6.35-22-generic #35-Ubuntu SMP Sat Oct 16 20:45:36 UTC 2010
x86_64 GNU/Linux
thunderbird -v
Thunderbird 3.1.6
Install nscd fix problem.
--
Thunderbird crashes with segmentation fault
18 matches
Mail list logo