I just set up fwknop on Ubuntu 20.04 Server, but unfortunately fwknop service does not start with the apparmor profile in enforcing (which is the standard mode). This gives following error:
[...]
Mai 12 17:19:08 audit[5272]: AVC apparmor="DENIED" operation="exec" profile="/usr/sbin/fwknopd" name="/usr/sbin/xtables-legacy-multi" pid=5272 comm="fwknopd" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
Mai 12 17:19:08 fwknopd[5272]: run_extcmd(): execvpe() failed: Permission denied
Mai 12 17:19:08 fwknopd[5242]: Warning: Could not use the 'comment' match
[...]
Mai 12 17:19:08 audit[5294]: AVC apparmor="DENIED" operation="exec" profile="/usr/sbin/fwknopd" name="/usr/sbin/xtables-legacy-multi" pid=5294 comm="fwknopd" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
Mai 12 17:19:08 fwknopd[5294]: run_extcmd(): execvpe() failed: Permission denied
Mai 12 17:19:08 systemd[1]: fwknop-server.service: Main process exited, code=exited, status=1/FAILURE
-- Subject: Unit process exited
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- An ExecStart= process belonging to unit fwknop-server.service has exited.
--
-- The process' exit code is 'exited' and its exit status is 1.
Mai 12 17:19:08 systemd[1]: fwknop-server.service: Failed with result 'exit-code'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
Setting the fwknop apparmor profile to just complaining, enables me to start the service, but that is not a satisfying solution.
I've just pushed out a fix for this in Debian unstable. Version 2.6.10-10 should work for you on Ubuntu 20.04:
https:/