Looks like 'ipsec status' might be causing strongswan's charon to write to run/systemd/journal/dev-log instead of /run/systemd/journal/dev-log and apparmor doesn't like it.
Extract from /etc/apparmor.d/abstractions/base :
/{,var/}run/systemd/journal/dev-log w,
With an established ipsec connection, issue the following :
$ sudo ipsec status
connecting to 'unix:///var/run/charon.ctl' failed: Permission denied
failed to connect to stroke socket 'unix:///var/run/charon.ctl'
$ lsb_release -rd
Description: Ubuntu 16.04 LTS
Release: 16.04
$ apt-cache policy strongswan au.archive. ubuntu. com/ubuntu xenial/main amd64 Packages au.archive. ubuntu. com/ubuntu xenial/main i386 Packages dpkg/status
strongswan:
Installed: 5.3.5-1ubuntu3
Candidate: 5.3.5-1ubuntu3
Version table:
*** 5.3.5-1ubuntu3 500
500 http://
500 http://
100 /var/lib/
Looks like 'ipsec status' might be causing strongswan's charon to write to run/systemd/ journal/ dev-log instead of /run/systemd/ journal/ dev-log and apparmor doesn't like it.
Extract from /etc/apparmor. d/abstractions/ base : }run/systemd/ journal/ dev-log w,
/{,var/
With an established ipsec connection, issue the following :
$ sudo ipsec status //var/run/ charon. ctl' failed: Permission denied //var/run/ charon. ctl'
connecting to 'unix:/
failed to connect to stroke socket 'unix:/
$ journalctl 7.366:491) : apparmor="DENIED" operation="connect" info="Failed name lookup - disconnected path" error=-13 profile= "/usr/lib/ ipsec/charon" name="run/ systemd/ journal/ dev-log" pid=4994 comm="charon" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
...
Jun 01 12:15:07 ThinkCentre-M900 kernel: audit: type=1400 audit(146478529
...
ProblemType: Bug ature: Ubuntu 4.4.0-22.40-generic 4.4.8 dules: wl ture: all
DistroRelease: Ubuntu 16.04
Package: strongswan 5.3.5-1ubuntu3
ProcVersionSign
Uname: Linux 4.4.0-22-generic x86_64
NonfreeKernelMo
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: Unity
Date: Wed Jun 1 23:06:53 2016
InstallationDate: Installed on 2016-05-11 (21 days ago)
InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1)
PackageArchitec
SourcePackage: strongswan
UpgradeStatus: No upgrade log present (probably fresh install)