swanctl apparmor DENIED on ppc64el LXD
Bug #1999935 reported by
Andreas Hasenack
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
strongswan (Ubuntu) |
Fix Released
|
Undecided
|
Andreas Hasenack |
Bug Description
Given a very peculiar set of conditions, swanctl will segfault because apparmor will deny its execution on a ppc64el lunar LXD:
root@l1:~# swanctl
Segmentation fault
[Fri Dec 16 18:55:58 2022] audit: type=1400 audit(167121695
This was flagged in the new DEP8 test I added to this package in the lunar cycle:
This does not happen in other architectures in lunar, just ppc64el.
Adding the "m" flag to the swanctl binary rule fixes the issue.
Related branches
~ahasenack/ubuntu/+source/strongswan:noble-strongswan-merge-2
Merged
into
ubuntu/+source/strongswan:debian/sid
at
revision 7ec4d6030e7a61cd5e1e93eeda8aa43a1a156dd3
- git-ubuntu bot: Approve
- Bryce Harrington (community): Approve
- Canonical Server Reporter: Pending requested
-
Diff: 2750 lines (+2431/-4)10 files modifieddebian/changelog (+1934/-0)
debian/control (+8/-3)
debian/libcharon-extra-plugins.install (+6/-0)
debian/libcharon-extra-plugins.maintscript (+8/-0)
debian/libstrongswan-extra-plugins.install (+3/-0)
debian/rules (+3/-0)
debian/tests/control (+6/-0)
debian/tests/host-to-host (+401/-0)
debian/tests/utils (+61/-0)
debian/usr.sbin.swanctl (+1/-1)
~ahasenack/ubuntu/+source/strongswan:noble-strongswan-merge-1
Merged
into
ubuntu/+source/strongswan:debian/sid
at
revision 07b4dc4e4447a9eb76b535120c9befbc4363f83b
- git-ubuntu bot: Approve
- Bryce Harrington (community): Approve
- Canonical Server Reporter: Pending requested
-
Diff: 2714 lines (+2402/-4)10 files modifieddebian/changelog (+1905/-0)
debian/control (+8/-3)
debian/libcharon-extra-plugins.install (+6/-0)
debian/libcharon-extra-plugins.maintscript (+8/-0)
debian/libstrongswan-extra-plugins.install (+3/-0)
debian/rules (+3/-0)
debian/tests/control (+6/-0)
debian/tests/host-to-host (+401/-0)
debian/tests/utils (+61/-0)
debian/usr.sbin.swanctl (+1/-1)
To post a comment you must log in.
This bug was fixed in the package strongswan - 5.9.8-3ubuntu2
---------------
strongswan (5.9.8-3ubuntu2) lunar; urgency=medium
* d/usr.sbin.swanctl: allow "m" flag for /usr/sbin/swanctl
(LP: #1999935)
-- Andreas Hasenack <email address hidden> Fri, 16 Dec 2022 16:07:51 -0300