Here is my take on this: - we have a DEP8 test that creates a strongswan vpn, and I haven't seen this error there - that tells me that it's only certain configurations that trigger this (confirming what it's said in the bug description) - should we allow writing to resolv.conf in all cases? That's what we are a bit uncomfortable with. For such specific local configurations, the /etc/apparmor.d/local/ mechanism is a good fit and something the administrator can add - of course, it might not be easy to reach that conclusion: troubleshooting ipsec vpns is not easy - if the need to update resolv.conf is something we can easily detect at service startup time, and if it comes from a sane/secure source (like a config file that only root can write to), then one possible change we could make to the package, and which would be a compromise, is to dynamically adapt the profile if that scenario is detected.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970455 Title: AppArmor profile prevents DNS Servers from being added to resolv.conf To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1970455/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
