Public bug reported:
Binary package hint: apparmor
The default apparmor profile in /etc/apparmor.d/abstractions/ssl_certs
is missing entries for the /usr/share/ca-certificates/mozilla directory.
Many of the files in the /etc/ssl/certs directory (which apparmor allows
access to) are actually links to files in the /usr/share/ca-
certificates/mozilla directory. Apparmor currently denies access to the
files that are in the /usr/share/ca-certificates/mozilla directory.
This access would be needed if you wanted to run a SSL service (e.g.
ldaps) and your SSL certificate were signed by a public CA and the
public CA's certificate were in the /usr/share/ca-certificates/mozilla
directory. A default Ubuntu install puts most public CAs in the
/usr/share/ca-certificates/mozilla directory, and just has soft links to
the files from the /etc/ssl/certs directory.
Proposed addition to /etc/apparmor.d/abstractions/ssl_certs file:
/usr/share/ca-certificates/mozilla r,
/usr/share/ca-certificates/mozilla/* r,
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: apparmor 2.5-0ubuntu3
ProcVersionSignature: Ubuntu 2.6.32-25.45-generic 2.6.32.21+drm33.7
Uname: Linux 2.6.32-25-generic x86_64
NonfreeKernelModules: openafs fglrx
Architecture: amd64
Date: Fri Oct 29 13:04:51 2010
InstallationMedia: Ubuntu 10.04.1 LTS "Lucid Lynx" - Release amd64 (20100816.1)
ProcEnviron:
LANG=en_US
SHELL=/bin/bash
SourcePackage: apparmor
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug lucid
--
apparmor missing entry for some ssl ca cert files
https://bugs.launchpad.net/bugs/668436
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
