Comment 1 for bug 1773956

Looks like here is the bug where apparmor support was added for charon-system:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866327

There does not seem to be any reference to ipt_CLUSTERIP there and from the source it appears the libcharon does appear to try to write to the referenced dir:

./src/libcharon/plugins/ha/ha_kernel.c:#define CLUSTERIP_DIR "/proc/net/ipt_CLUSTERIP"