As per LP #1786250, user noted audit failures in system log
against charon trying to read its own list of file descriptors
in /proc/<pid>/fd/.
We are uncertain when/why this started, however it is not
unreasonable for a process to attempt to read its own fd's,
so allow by extending the apparmor profile for charon.
Patched:
$ git status apparmor_ read_proc_ fd_LP_# 1786250
On branch allow_charon_
commit d0ec74d30d6742d 34b3dc72113bbc9 33c608fffa (HEAD -> allow_charon_ apparmor_ read_proc_ fd_LP_# 1786250)
Author: (SNIP) <fermulator>
Date: Mon Aug 20 09:40:38 2018 -0400
As per LP #1786250, user noted audit failures in system log
against charon trying to read its own list of file descriptors
in /proc/<pid>/fd/.
We are uncertain when/why this started, however it is not
unreasonable for a process to attempt to read its own fd's,
so allow by extending the apparmor profile for charon.
References: manpages. ubuntu. com/manpages/ bionic/ en/man5/ apparmor. d.5.html /linux. die.net/ man/5/proc
http://
https:/