[Bug 1505222] [NEW] strongSwan AppArmor prevents CRL caching
Brian Turek
brian.turek at gmail.com
Mon Oct 12 12:45:30 UTC 2015
Public bug reported:
If configured to do so, strongSwan will cache CRLs to /etc/ipsec.d/crls
but AppArmor blocks the creation of the file. Here is the relevant
syslog line:
kernel: [400994.988829] audit: type=1400 audit(1444649911.842:37):
apparmor="DENIED" operation="mknod" profile="/usr/lib/ipsec/charon"
name="/etc/ipsec.d/crls/REDACTED.crl" pid=6098 comm="charon"
requested_mask="c" denied_mask="c" fsuid=0 ouid=0
Attached is a patch that gives charon r/w access to the
/etc/ipsec.d/crls directory.
Package info:
strongswan:
Installed: 5.1.2-0ubuntu2.3
Candidate: 5.1.2-0ubuntu2.3
Ubuntu info:
Description: Ubuntu 14.04.3 LTS
Release: 14.04
** Affects: strongswan (Ubuntu)
Importance: Undecided
Status: New
** Patch added: "allow-crl-cache.patch"
https://bugs.launchpad.net/bugs/1505222/+attachment/4492434/+files/allow-crl-cache.patch
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to strongswan in Ubuntu.
https://bugs.launchpad.net/bugs/1505222
Title:
strongSwan AppArmor prevents CRL caching
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1505222/+subscriptions
More information about the Ubuntu-server-bugs
mailing list