[Bug 2143810] Re: Cannot pre-load keyfile (/run/NetworkManager/cert/ )

Sung Jeho Wed, 11 Mar 2026 19:25:38 -0700

@rlee287

> Can you confirm whether adding
> file r @{run}/NetworkManager/@{rand6},
> to /etc/apparmor.d/local/openvpn fixes the issue?



## environment

```
jehos@gogunbuntu:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu Resolute Raccoon (development branch)
Release:        26.04
Codename:       resolute

jehos@gogunbuntu:~$ date
03/12/26 (목) 10:51:53 AM KST

jehos@gogunbuntu:~$ dpkg -l network-manager-openvpn apparmor
ii  network-manager-openvpn 1.12.5-1     amd64        network management 
framework (OpenVPN plugin core)
ii  apparmor       5.0.0~beta1-0ubuntu2 amd64        user-space parser utility 
for AppArmor
```


```
jehos@gogunbuntu:~$ sudo aa-enforce /usr/sbin/openvpn/openvpn
[sudo: authenticate] Password:      
Setting /usr/sbin/openvpn to enforce mode.
Warning: profile openvpn represents multiple programs

jehos@gogunbuntu:~$ sudo bash -c "echo 'file r
@{run}/NetworkManager/@{rand6},' > /etc/apparmor.d/local/openvpn"

jehos@gogunbuntu/etc/apparmor.d/local/openvpn/openvpn
file r @{run}/NetworkManager/@{rand6},

jehos@gogunbuntu:~$ grep "Cannot pre-load keyfile" /var/log/syslog | tail -n 1
2026-03-12T11:02:44.737056+09:00 gogunbuntu nm-openvpn[162625]: Cannot pre-load 
keyfile (/run/NetworkManager/cert/84RXBO)
```


I tried adding the lines you suggested to the appropriate section in 
/etc/apparmor.d/openvpn, but the connection is still failing.


```
 jehos@gogunbuntu:~$ sudo grep NetworkManager /etc/apparmor.d/openvpn 
   # Configurations set up by NetworkManager
   # integration with NetworkManager
   file rw @{run}/NetworkManager/nm-openvpn-*,
   file PUx /{usr/,}lib{exec,/NetworkManager}/nm-openvpn-service-openvpn-helper,
+  file r @{run}/NetworkManager/@{rand6},

 jehos@gogunbuntu:~$ sudo apparmor_parser -r /etc/apparmor.d/openvpn
```

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2143810

Title:
  Cannot pre-load keyfile (/run/NetworkManager/cert/ )

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2143810/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2143810] Re: Cannot pre-load keyfile (/run/NetworkManager/cert/ )

Reply via email to