[Bug 1505222] [NEW] strongSwan AppArmor prevents CRL caching
You have been subscribed to a public bug by Robie Basak (racb): If configured to do so, strongSwan will cache CRLs to /etc/ipsec.d/crls but AppArmor blocks the creation of the file. Here is the relevant syslog line: kernel: [400994.988829] audit: type=1400 audit(1444649911.842:37): apparmor="DENIED" operation="mknod" profile="/usr/lib/ipsec/charon" name="/etc/ipsec.d/crls/REDACTED.crl" pid=6098 comm="charon" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 Attached is a patch that gives charon r/w access to the /etc/ipsec.d/crls directory. Package info: strongswan: Installed: 5.1.2-0ubuntu2.3 Candidate: 5.1.2-0ubuntu2.3 Ubuntu info: Description:Ubuntu 14.04.3 LTS Release:14.04 ** Affects: strongswan (Ubuntu) Importance: Undecided Status: New ** Tags: patch -- strongSwan AppArmor prevents CRL caching https://bugs.launchpad.net/bugs/1505222 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1505222] [NEW] strongSwan AppArmor prevents CRL caching
Public bug reported: If configured to do so, strongSwan will cache CRLs to /etc/ipsec.d/crls but AppArmor blocks the creation of the file. Here is the relevant syslog line: kernel: [400994.988829] audit: type=1400 audit(1444649911.842:37): apparmor="DENIED" operation="mknod" profile="/usr/lib/ipsec/charon" name="/etc/ipsec.d/crls/REDACTED.crl" pid=6098 comm="charon" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 Attached is a patch that gives charon r/w access to the /etc/ipsec.d/crls directory. Package info: strongswan: Installed: 5.1.2-0ubuntu2.3 Candidate: 5.1.2-0ubuntu2.3 Ubuntu info: Description:Ubuntu 14.04.3 LTS Release:14.04 ** Affects: strongswan (Ubuntu) Importance: Undecided Status: New ** Patch added: "allow-crl-cache.patch" https://bugs.launchpad.net/bugs/1505222/+attachment/4492434/+files/allow-crl-cache.patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1505222 Title: strongSwan AppArmor prevents CRL caching To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1505222/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1505222] [NEW] strongSwan AppArmor prevents CRL caching
Public bug reported: If configured to do so, strongSwan will cache CRLs to /etc/ipsec.d/crls but AppArmor blocks the creation of the file. Here is the relevant syslog line: kernel: [400994.988829] audit: type=1400 audit(1444649911.842:37): apparmor="DENIED" operation="mknod" profile="/usr/lib/ipsec/charon" name="/etc/ipsec.d/crls/REDACTED.crl" pid=6098 comm="charon" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 Attached is a patch that gives charon r/w access to the /etc/ipsec.d/crls directory. Package info: strongswan: Installed: 5.1.2-0ubuntu2.3 Candidate: 5.1.2-0ubuntu2.3 Ubuntu info: Description:Ubuntu 14.04.3 LTS Release:14.04 ** Affects: strongswan (Ubuntu) Importance: Undecided Status: New ** Patch added: "allow-crl-cache.patch" https://bugs.launchpad.net/bugs/1505222/+attachment/4492434/+files/allow-crl-cache.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1505222 Title: strongSwan AppArmor prevents CRL caching To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1505222/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs