Public bug reported:
In /etc/apparmor.d/usr.lib.ipsec.charon the apparmor profile allows
charon to call dash.
If you then do 'dpkg-reconfigure dash' and say 'no' to the question,
'Use dash as the default system shell (/bin/sh)?', the system shell will
change to bash.
Now if you have a line like leftupdown=/path/to/my/script in
/etc/ipsec.conf, it'll fail to run because bash isn't listed as an
allowed program in the apparmor profile.
(I can't see a good way to fix this - I can't see an abstraction
corresponding to the current system's default shell - so you might
consider that as the bug instead.)
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: strongswan-charon 5.6.2-1ubuntu2.5
ProcVersionSignature: Ubuntu 4.15.0-91.92-generic 4.15.18
Uname: Linux 4.15.0-91-generic x86_64
NonfreeKernelModules: nvidia_modeset nvidia
ApportVersion: 2.20.9-0ubuntu7.12
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Mon Mar 30 13:07:48 2020
SourcePackage: strongswan
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.apparmor.d.usr.lib.ipsec.charon: [modified]
mtime.conffile..etc.apparmor.d.usr.lib.ipsec.charon: 2020-03-30T12:58:55.491020
** Affects: strongswan (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug bionic
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1869710
Title:
charon+apparmor can't run updown script unless the system shell is
dash
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1869710/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
