** Description changed: Hello, I'm using 19.04 (Disco Dingo), kernel: 5.0.0-13-generic amd64 packages: ii libcharon-standard-plugins 5.7.1-1ubuntu2 ii libstrongswan 5.7.1-1ubuntu2 ii libstrongswan-standard-plugins 5.7.1-1ubuntu2 ii strongswan 5.7.1-1ubuntu2 ii strongswan-charon 5.7.1-1ubuntu2 ii strongswan-libcharon 5.7.1-1ubuntu2 ii strongswan-starter 5.7.1-1ubuntu2 /etc/strongswan.conf - https://pastebin.com/gwPfedeS strongswan error: Apr 24 15:47:23 ubuntu-1904-2 ipsec[1422]: 00[LIB] dropping capabilities failed: Operation not permitted Apr 24 15:47:23 ubuntu-1904-2 ipsec[1422]: 00[DMN] capability dropping failed - aborting charon strongswan logs - https://pastebin.com/VeqBewZx - starter charon - https://pastebin.com/QNYPGSN8 + strace charon - https://pastebin.com/QNYPGSN8 capset({version=_LINUX_CAPABILITY_VERSION_3, pid=0}, {effective=1<<CAP_DAC_OVERRIDE|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW, permitted=1<<CAP_DAC_OVERRIDE|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW, inheritable=1<<CAP_DAC_OVERRIDE|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW}) = -1 EPERM (Operation not permitted) I enabled the complain mode, but aa-logprof found nothing. With user=root in strongswan.conf it starts perfectly. Also, I downgraded to strongswan-5.3 and everything works well with the same apparmor profile. Any ideas?
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1826238 Title: apparmor doesn't allow to start with a non-root user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1826238/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
