Public bug reported: When opencryptoki is installed, it creates a symlink from /etc/pkcs11 to /var/lib/opencryptoki, which is readable only by root.
This means that anything using p11-kit to find the PKCS#11 modules which are configured to be available in the system (which is basically any well-behaved application) now breaks: $ openconnect -c 'pkcs11:token=eToken;id=%01' server.example.com POST https://server.example.com/ Attempting to connect to server [fec0::1]:443 p11-kit: couldn't open config file: /etc/pkcs11/pkcs11.conf: Permission denied Error loading certificate from PKCS#11: PKCS #11 initialization error. Loading certificate failed. Aborting. $ p11tool --list-tokens p11-kit: couldn't open config file: /etc/pkcs11/pkcs11.conf: Permission denied pkcs11_init: PKCS #11 initialization error. ** Affects: opencryptoki (Ubuntu) Importance: Undecided Status: New ** Affects: p11-kit (Ubuntu) Importance: Undecided Status: New ** Also affects: p11-kit (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1648634 Title: opencryptoki breaks p11-kit To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opencryptoki/+bug/1648634/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
