thanks for the workaround. that works. But how is that expected to work for a normal Desktop user who needs to add a VPN through the GNOME Control Center network panel? You have to select there the files through the file manager so very likely the user downloaded the VPN configuration from somewhere and the keys will be in ~/Downloads . Then the user selects those keys and trying to enable VPN will fail.
This workaround can't be the solution for non-cli-oriented users. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2098930 Title: openvpn profile doesn't allow access to files on home dir Status in apparmor package in Ubuntu: Confirmed Bug description: my VPN keys & certs are stored in my HOME directory. The current apparmor update broke that. When I try to activate my VPN through NetworkManager, the journal says: Feb 20 07:48:57 paprika NetworkManager[3405]: <info> [1740034137.4372] vpn[0x58db282782d0,132c9eee-2134-4f7a-8326-58bde38036de,"canonical-uk"]: starting openvpn [snipped] Feb 20 07:48:57 paprika nm-openvpn[10793]: Cannot pre-load keyfile (/home/tom/Documents/vpn/ta.key) Feb 20 07:48:57 paprika nm-openvpn[10793]: Exiting due to fatal error [snipped] Feb 20 07:48:57 paprika kernel: audit: type=1400 audit(1740034137.454:789): apparmor="DENIED" operation="open" class="file" profile="openvpn" name="/home/tom/Documents/vpn/ta.key" pid=10793 comm="openvpn" requested_mask="r" denied_ma> So openvpn can no longer access /home/tom/Documents/canonical/vpn/canonical_ta.key . ProblemType: Bug DistroRelease: Ubuntu 25.04 Package: apparmor 4.1.0~beta5-0ubuntu2 ProcVersionSignature: Ubuntu 6.12.0-15.15-generic 6.12.11 Uname: Linux 6.12.0-15-generic x86_64 NonfreeKernelModules: zfs ApportVersion: 2.31.0-0ubuntu5 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Thu Feb 20 08:57:57 2025 InstallationDate: Installed on 2024-07-18 (217 days ago) InstallationMedia: Ubuntu 24.04 LTS "Noble Numbat" - Release amd64 (20240424) ProcEnviron: LANG=en_US.UTF-8 PATH=(custom, no user) SHELL=/usr/bin/zsh TERM=xterm-256color XDG_RUNTIME_DIR=<set> ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-6.12.0-15-generic root=/dev/mapper/ubuntu--vg-ubuntu--lv ro quiet splash vt.handoff=7 SourcePackage: apparmor UpgradeStatus: Upgraded to plucky on 2024-12-20 (62 days ago) modified.conffile..etc.apparmor.d.element-desktop: [modified] mtime.conffile..etc.apparmor.d.element-desktop: 2025-02-11T18:32:02.077059 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2098930/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
