please allow alg socket for af-alg
Bug #1807962 reported by
Christian Ehrhardt
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
strongswan (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
af-alg is set to load=yes by default
No other component hit this yet, but swanctl complaind about
apparmor="DENIED" operation="create" profile=
lets add a rule for that to swanctl (since we didn#t see it anywhere else not added to other strongswan profiles yet)
This rule will do it:
network alg seqpacket,
Related branches
~paelzer/ubuntu/+source/strongswan:merge-disco-5.7.1-1-ubuntu2
Merged
into
ubuntu/+source/strongswan:ubuntu/disco-devel
at
revision 891ab057597eb2f27dbc7328e009f8179a1f0465
- Andreas Hasenack: Approve
- Canonical Server packageset reviewers: Pending requested
- git-ubuntu developers: Pending requested
-
Diff: 81 lines (+26/-2)4 files modifieddebian/changelog (+10/-0)
debian/usr.lib.ipsec.charon (+7/-0)
debian/usr.sbin.charon-systemd (+6/-2)
debian/usr.sbin.swanctl (+3/-0)
Changed in strongswan (Ubuntu): | |
status: | New → Triaged |
To post a comment you must log in.
This bug was fixed in the package strongswan - 5.7.1-1ubuntu2
---------------
strongswan (5.7.1-1ubuntu2) disco; urgency=medium
* d/usr.sbin. charon- systemd: fix rule for CLUSTERIP to match effective ipsec.charon, d/usr.sbin. charon- systemd: resync apparmor
path (LP: #1773956)
* d/usr.lib.
profiles of both ways to start charon (LP: #1807664)
* d/usr.sbin.swanctl: add apparmor rule for af-alg plugin (LP: #1807962)
-- Christian Ehrhardt <email address hidden> Mon, 10 Dec 2018 08:30:01 +0100