On Wed, 2017-06-28 at 13:58 -0700, Gerald Turner wrote: > Control: tags -1 + patch > > Attached is a patch adapts the work Canonical had done for > /usr/lib/ipsec/charon policy for /usr/sbin/charon-systemd. > > I've tested the swanctl (client) profile thoroughly, however the > charon-systemd (daemon) profile had only been tested with relatively few > plugins.
Thanks! I've integrated your changes locally and will test a few days, but I have a quite simple setup too. Once thing I noticed: juin 30 15:35:03 scapa kernel: audit: type=1400 audit(1498829703.597:80): apparmor="DENIED" operation="open" profile="/usr/sbin/charon-systemd" name="/proc/8865/fd/" pid=8865 comm="charon-systemd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 But it doesn't seem to prevent it to work correctly. Regards, -- Yves-Alexis
signature.asc
Description: This is a digitally signed message part
