You have been subscribed to a public bug by Robie Basak (racb):
If configured to do so, strongSwan will cache CRLs to /etc/ipsec.d/crls
but AppArmor blocks the creation of the file. Here is the relevant
syslog line:
kernel: [400994.988829] audit: type=1400 audit(1444649911.842:37):
apparmor="DENIED" operation="mknod" profile="/usr/lib/ipsec/charon"
name="/etc/ipsec.d/crls/REDACTED.crl" pid=6098 comm="charon"
requested_mask="c" denied_mask="c" fsuid=0 ouid=0
Attached is a patch that gives charon r/w access to the
/etc/ipsec.d/crls directory.
Package info:
strongswan:
Installed: 5.1.2-0ubuntu2.3
Candidate: 5.1.2-0ubuntu2.3
Ubuntu info:
Description: Ubuntu 14.04.3 LTS
Release: 14.04
** Affects: strongswan (Ubuntu)
Importance: Undecided
Status: New
** Tags: patch
--
strongSwan AppArmor prevents CRL caching
https://bugs.launchpad.net/bugs/1505222
You received this bug notification because you are a member of Ubuntu Server
Team, which is subscribed to the bug report.
--
Ubuntu-server-bugs mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
