Public bug reported:
If the remote openvpn server is pushing DNS settings that include a domain,
the "/etc/openvpn/update-resolv-conf" script will fail. The apparmor
settings are missing a rule to allow setting a dns domain.
Error from openvpn:
sd_bus_open_system: Permission denied
Error from apparmor:
audit: type=1107 audit(1744925540.893:328): pid=1907 uid=102 auid=4294967295
ses=4294967295 subj=unconfined msg='apparmor="DENIED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/resolve1"
interface="org.freedesktop.resolve1.Manager" member="SetLinkDomains"
mask="send" name="org.freedesktop.resolve1" pid=10292
label="openvpn//update-resolv" peer_pid=888 peer_label="unconfined"
Thanks for looking into this.
# lsb_release -rd
Description: Ubuntu 25.04
Release: 25.04
# apt-cache policy apparmor
apparmor:
Installed: 4.1.0~beta5-0ubuntu14
Candidate: 4.1.0~beta5-0ubuntu14
Version table:
*** 4.1.0~beta5-0ubuntu14 500
500 http://de.archive.ubuntu.com/ubuntu plucky/main amd64 Packages
100 /var/lib/dpkg/status
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Tags: plucky
** Patch added: "Proposed patch for plucky"
https://bugs.launchpad.net/bugs/2107596/+attachment/5872548/+files/0001-fix-broken-dns-config-in-openvpn.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2107596
Title:
Apparmor is missing rule for openvpn to set DNS domain
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2107596/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
