[Bug 1330486] Re: strongSwan AppArmor profile doesn't allow smartcard configuration
@sdeziel @paelzer sorry for my delay... I haven't followed this topic since a while. I will give Xenial a try as soon as possible. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1330486 Title: strongSwan AppArmor profile doesn't allow smartcard configuration To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1330486/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1330486] Re: strongSwan AppArmor profile doesn't allow smartcard configuration
according to last update and no response setting to incomplete for now ** Changed in: strongswan (Ubuntu) Status: In Progress => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1330486 Title: strongSwan AppArmor profile doesn't allow smartcard configuration To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1330486/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1330486] Re: strongSwan AppArmor profile doesn't allow smartcard configuration
@caramba696, smartcard should be improved in Xenial so you might want to re-test. The Apparmor profile allows charon to access /run/pcscd/pcscd.comm and also include other rules related to smartcards. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1330486 Title: strongSwan AppArmor profile doesn't allow smartcard configuration To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1330486/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1330486] Re: strongSwan AppArmor profile doesn't allow smartcard configuration
@caramba696, smartcard should be improved in Xenial so you might want to re-test. The Apparmor profile allows charon to access /run/pcscd/pcscd.comm and also include other rules related to smartcards. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1330486 Title: strongSwan AppArmor profile doesn't allow smartcard configuration To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1330486/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1330486] Re: strongSwan AppArmor profile doesn't allow smartcard configuration
In particular, it is the charon profile which doesn't allow access to the PC/SC layer and to the specific smartcard files (depending on the vendor). For example, with a Gemalto IDPrime .NET card, this is what I get in my logs: #Jun 29 08:29:46 ubuntu kernel: [ 873.811807] type=1400 audit(1435559386.465:51): apparmor=DENIED operation=open profile=/usr/lib/ipsec/charon name=/run/shm/gemalto_idprime_sdata pid=11356 comm=charon requested_mask=rwc denied_mask=rwc fsuid=0 ouid=0 #Jun 29 08:29:46 ubuntu kernel: [ 873.817301] type=1400 audit(1435559386.469:52): apparmor=DENIED operation=connect profile=/usr/lib/ipsec/charon name=/run/pcscd/pcscd.comm pid=11356 comm=charon requested_mask=rw denied_mask=rw fsuid=0 ouid=0 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1330486 Title: strongSwan AppArmor profile doesn't allow smartcard configuration To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1330486/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1330486] Re: strongSwan AppArmor profile doesn't allow smartcard configuration
In particular, it is the charon profile which doesn't allow access to the PC/SC layer and to the specific smartcard files (depending on the vendor). For example, with a Gemalto IDPrime .NET card, this is what I get in my logs: #Jun 29 08:29:46 ubuntu kernel: [ 873.811807] type=1400 audit(1435559386.465:51): apparmor=DENIED operation=open profile=/usr/lib/ipsec/charon name=/run/shm/gemalto_idprime_sdata pid=11356 comm=charon requested_mask=rwc denied_mask=rwc fsuid=0 ouid=0 #Jun 29 08:29:46 ubuntu kernel: [ 873.817301] type=1400 audit(1435559386.469:52): apparmor=DENIED operation=connect profile=/usr/lib/ipsec/charon name=/run/pcscd/pcscd.comm pid=11356 comm=charon requested_mask=rw denied_mask=rw fsuid=0 ouid=0 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1330486 Title: strongSwan AppArmor profile doesn't allow smartcard configuration To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1330486/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1330486] Re: strongSwan AppArmor profile doesn't allow smartcard configuration
** Changed in: strongswan (Ubuntu) Status: New = In Progress ** Changed in: strongswan (Ubuntu) Importance: Undecided = Medium ** Changed in: strongswan (Ubuntu) Assignee: (unassigned) = Jonathan Davies (jpds) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1330486 Title: strongSwan AppArmor profile doesn't allow smartcard configuration To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1330486/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1330486] Re: strongSwan AppArmor profile doesn't allow smartcard configuration
** Changed in: strongswan (Ubuntu) Status: New = In Progress ** Changed in: strongswan (Ubuntu) Importance: Undecided = Medium ** Changed in: strongswan (Ubuntu) Assignee: (unassigned) = Jonathan Davies (jpds) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1330486 Title: strongSwan AppArmor profile doesn't allow smartcard configuration To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1330486/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs