apparmor="DENIED" operation="file_inherit" profile="/usr/sbin/swanctl" pid=xxxxx comm="swanctl" family="packet" sock_type="dgram" protocol=0 requested_mask="send receive" denied_mask="send receive"
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
strongswan (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
The swanctl apparmor profile leads to a denied:
AVC apparmor="DENIED" operation=
I'm using charon-systemd instead of strongswan-starter.
$ dpkg -l|grep "strongswan\
ii charon-systemd 5.8.2-1ubuntu3 amd64 strongSwan IPsec client, systemd support
ii libcharon-
ii libcharon-
ii libcharon-
ii libstrongswan 5.8.2-1ubuntu3 amd64 strongSwan utility and crypto library
ii libstrongswan-
ii strongswan 5.8.2-1ubuntu3 all IPsec VPN solution metapackage
ii strongswan-charon 5.8.2-1ubuntu3 amd64 strongSwan Internet Key Exchange daemon
ii strongswan-
ii strongswan-pki 5.8.2-1ubuntu3 amd64 strongSwan IPsec client, pki command
ii strongswan-starter 5.8.2-1ubuntu3 amd64 strongSwan daemon starter and configuration file parser
ii strongswan-swanctl 5.8.2-1ubuntu3 amd64 strongSwan IPsec client, swanctl command
Changed in strongswan (Ubuntu): | |
status: | New → Triaged |
Hi Philipp,
Thank you for taking the time to file a bug report.
I was not able to reproduce the issue reported by you using the default configuration provided by the packages. Could you please provide your configuration files? They should live in:
- /etc/strongswan.d/ .conf
- /etc/swanctl/
- /etc/strongswan
- /etc/ipsec.conf
You can also use dpkg to help you identify the modified files:
$ sudo dpkg --verify charon-systemd libcharon- extauth- plugins libcharon- extra-plugins libstrongswan strongswan-charon strongswan- libcharon strongswan-pki strongswan-starter strongswan-swanctl
Since there is not enough information in your report to begin triage or to
differentiate between a local configuration problem and a bug in Ubuntu, I
am marking this bug as "Incomplete". We would be grateful if you would:
provide a more complete description of the problem, explain why you
believe this is a bug in Ubuntu rather than a problem specific to your
system, and then change the bug status back to "New".
For local configuration issues, you can find assistance here: www.ubuntu. com/support/ community
http://