In other words, the attached patch is what was needed to make this work on
your machine?
Francois
--
https://fmarier.org/
--- a/extras/apparmor/usr.sbin.fwknopd
+++ b/extras/apparmor/usr.sbin.fwknopd
@@ -20,16 +20,23 @@
/bin/bash rix,
/etc/fwknop/access.conf r,
/etc/fwknop/fwknopd.conf r,
+ /etc/host.conf r,
/etc/nsswitch.conf r,
/etc/passwd r,
/etc/protocols r,
+ /etc/services r,
+ @{PROC}/@{pid}/net/ip_tables_names r,
/root/.gnupg/* rwkl,
/run/fwknop/ rw,
/run/fwknop/* rwk,
+ /run/resolvconf/resolv.conf r,
/run/xtables.lock rwk,
+ /sbin/ipset rix,
/sbin/xtables-multi rix,
/usr/bin/gpg rix,
/usr/sbin/fwknopd mr,
+ /usr/sbin/ipset rix,
+ /usr/sbin/xtables-nft-multi rix,
/var/cache/nscd/passwd r,
}
