strongSwan AppArmor prevents CRL caching
Bug #1505222 reported by
Brian Turek
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
strongswan (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
If configured to do so, strongSwan will cache CRLs to /etc/ipsec.d/crls but AppArmor blocks the creation of the file. Here is the relevant syslog line:
kernel: [400994.988829] audit: type=1400 audit(144464991
Attached is a patch that gives charon r/w access to the /etc/ipsec.d/crls directory.
Package info:
strongswan:
Installed: 5.1.2-0ubuntu2.3
Candidate: 5.1.2-0ubuntu2.3
Ubuntu info:
Description: Ubuntu 14.04.3 LTS
Release: 14.04
Changed in strongswan (Ubuntu): | |
importance: | Undecided → Medium |
To post a comment you must log in.
The attachment "allow- crl-cache. patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]