fwknop service unable to start due to apparmor
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
fwknop (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
I just set up fwknop on Ubuntu 20.04 Server, but unfortunately fwknop service does not start with the apparmor profile in enforcing (which is the standard mode). This gives following error:
[...]
Mai 12 17:19:08 audit[5272]: AVC apparmor="DENIED" operation="exec" profile=
Mai 12 17:19:08 fwknopd[5272]: run_extcmd(): execvpe() failed: Permission denied
Mai 12 17:19:08 fwknopd[5242]: Warning: Could not use the 'comment' match
[...]
Mai 12 17:19:08 audit[5294]: AVC apparmor="DENIED" operation="exec" profile=
Mai 12 17:19:08 fwknopd[5294]: run_extcmd(): execvpe() failed: Permission denied
Mai 12 17:19:08 systemd[1]: fwknop-
-- Subject: Unit process exited
-- Defined-By: systemd
-- Support: http://
--
-- An ExecStart= process belonging to unit fwknop-
--
-- The process' exit code is 'exited' and its exit status is 1.
Mai 12 17:19:08 systemd[1]: fwknop-
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: http://
Setting the fwknop apparmor profile to just complaining, enables me to start the service, but that is not a satisfying solution.
I've just pushed out a fix for this in Debian unstable. Version 2.6.10-10 should work for you on Ubuntu 20.04:
https:/ /packages. debian. org/unstable/ fwknop- apparmor- profile