Public bug reported:
If configured to do so, strongSwan will cache CRLs to /etc/ipsec.d/crls
but AppArmor blocks the creation of the file. Here is the relevant
syslog line:
kernel: [400994.988829] audit: type=1400 audit(1444649911.842:37):
apparmor="DENIED" operation="mknod" profile="/usr/lib/ipsec/charon"
name="/etc/ipsec.d/crls/REDACTED.crl" pid=6098 comm="charon"
requested_mask="c" denied_mask="c" fsuid=0 ouid=0
Attached is a patch that gives charon r/w access to the
/etc/ipsec.d/crls directory.
Package info:
strongswan:
Installed: 5.1.2-0ubuntu2.3
Candidate: 5.1.2-0ubuntu2.3
Ubuntu info:
Description: Ubuntu 14.04.3 LTS
Release: 14.04
** Affects: strongswan (Ubuntu)
Importance: Undecided
Status: New
** Patch added: "allow-crl-cache.patch"
https://bugs.launchpad.net/bugs/1505222/+attachment/4492434/+files/allow-crl-cache.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1505222
Title:
strongSwan AppArmor prevents CRL caching
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1505222/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
