[Pkg-swan-devel] Bug#866327: Bug#866327: charon-systemd: Create AppArmor profiles for /usr/sbin/swanctl and /usr/sbin/charon-systemd
Yves-Alexis Perez
corsac at debian.org
Fri Jun 30 13:36:42 UTC 2017
On Wed, 2017-06-28 at 13:58 -0700, Gerald Turner wrote:
> Control: tags -1 + patch
>
> Attached is a patch adapts the work Canonical had done for
> /usr/lib/ipsec/charon policy for /usr/sbin/charon-systemd.
>
> I've tested the swanctl (client) profile thoroughly, however the
> charon-systemd (daemon) profile had only been tested with relatively few
> plugins.
Thanks! I've integrated your changes locally and will test a few days, but I
have a quite simple setup too.
Once thing I noticed:
juin 30 15:35:03 scapa kernel: audit: type=1400 audit(1498829703.597:80):
apparmor="DENIED" operation="open" profile="/usr/sbin/charon-systemd"
name="/proc/8865/fd/" pid=8865 comm="charon-systemd" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
But it doesn't seem to prevent it to work correctly.
Regards,
--
Yves-Alexis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-swan-devel/attachments/20170630/7d556137/attachment.sig>
More information about the Pkg-swan-devel
mailing list