Ubuntu
strongswan package

apparmor="DENIED" operation="file_inherit" profile="/usr/sbin/swanctl" pid=xxxxx comm="swanctl" family="packet" sock_type="dgram" protocol=0 requested_mask="send receive" denied_mask="send receive"

Bug #1875503 reported by Philipp Dreimann
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
strongswan (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

The swanctl apparmor profile leads to a denied:

AVC apparmor="DENIED" operation="file_inherit" profile="/usr/sbin/swanctl" pid=490601 comm="swanctl" family="packet" sock_type="dgram" protocol=0 requested_mask="send receive" denied_mask="send receive"

I'm using charon-systemd instead of strongswan-starter.

$ dpkg -l|grep "strongswan\|charon"
ii charon-systemd 5.8.2-1ubuntu3 amd64 strongSwan IPsec client, systemd support
ii libcharon-extauth-plugins 5.8.2-1ubuntu3 amd64 strongSwan charon library (extended authentication plugins)
ii libcharon-extra-plugins 5.8.2-1ubuntu3 amd64 strongSwan charon library (extra plugins)
ii libcharon-standard-plugins 5.8.2-1ubuntu3 all transitional package
ii libstrongswan 5.8.2-1ubuntu3 amd64 strongSwan utility and crypto library
ii libstrongswan-extra-plugins 5.8.2-1ubuntu3 amd64 strongSwan utility and crypto library (extra plugins)
ii strongswan 5.8.2-1ubuntu3 all IPsec VPN solution metapackage
ii strongswan-charon 5.8.2-1ubuntu3 amd64 strongSwan Internet Key Exchange daemon
ii strongswan-libcharon 5.8.2-1ubuntu3 amd64 strongSwan charon library
ii strongswan-pki 5.8.2-1ubuntu3 amd64 strongSwan IPsec client, pki command
ii strongswan-starter 5.8.2-1ubuntu3 amd64 strongSwan daemon starter and configuration file parser
ii strongswan-swanctl 5.8.2-1ubuntu3 amd64 strongSwan IPsec client, swanctl command

Lucas Kanashiro (lucaskanashiro)
Changed in strongswan (Ubuntu):
status: New → Triaged
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

Hi Philipp,

Thank you for taking the time to file a bug report.

I was not able to reproduce the issue reported by you using the default configuration provided by the packages. Could you please provide your configuration files? They should live in:

- /etc/strongswan.d/
- /etc/swanctl/
- /etc/strongswan.conf
- /etc/ipsec.conf

You can also use dpkg to help you identify the modified files:

$ sudo dpkg --verify charon-systemd libcharon-extauth-plugins libcharon-extra-plugins libstrongswan strongswan-charon strongswan-libcharon strongswan-pki strongswan-starter strongswan-swanctl

Since there is not enough information in your report to begin triage or to
differentiate between a local configuration problem and a bug in Ubuntu, I
am marking this bug as "Incomplete". We would be grateful if you would:
provide a more complete description of the problem, explain why you
believe this is a bug in Ubuntu rather than a problem specific to your
system, and then change the bug status back to "New".

For local configuration issues, you can find assistance here:
http://www.ubuntu.com/support/community

Changed in strongswan (Ubuntu):
status: Triaged → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for strongswan (Ubuntu) because there has been no activity for 60 days.]

Changed in strongswan (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.