[Touch-packages] [Bug 2098930] Re: openvpn profile doesn't allow access to files on home dir

Tue, 04 Mar 2025 07:24:10 -0800 

I hit this too, and had to adapt the work-around to be slightly more 
permissive, since `openvpn` actually needs to load multiple files, making it 
look more like this:
sudo bash -c "echo '@{HOME}/Documents/canonical/vpn/* r,' >> 
/etc/apparmor.d/local/openvpn"

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2098930

Title:
  openvpn profile doesn't allow access to files on home dir

Status in apparmor package in Ubuntu:
  Confirmed
Status in gnome-control-center package in Ubuntu:
  Confirmed

Bug description:
  my VPN keys & certs are stored in my HOME directory. The current
  apparmor update broke that. When I try to activate my VPN through
  NetworkManager, the journal says:

  
  Feb 20 07:48:57 paprika NetworkManager[3405]: <info>  [1740034137.4372] 
vpn[0x58db282782d0,132c9eee-2134-4f7a-8326-58bde38036de,"canonical-uk"]: 
starting openvpn
  [snipped]
  Feb 20 07:48:57 paprika nm-openvpn[10793]: Cannot pre-load keyfile 
(/home/tom/Documents/vpn/ta.key)
  Feb 20 07:48:57 paprika nm-openvpn[10793]: Exiting due to fatal error
  [snipped]
  Feb 20 07:48:57 paprika kernel: audit: type=1400 audit(1740034137.454:789): 
apparmor="DENIED" operation="open" class="file" profile="openvpn" 
name="/home/tom/Documents/vpn/ta.key" pid=10793 comm="openvpn" 
requested_mask="r" denied_ma>

  
  So openvpn can no longer access 
/home/tom/Documents/canonical/vpn/canonical_ta.key .

  ProblemType: Bug
  DistroRelease: Ubuntu 25.04
  Package: apparmor 4.1.0~beta5-0ubuntu2
  ProcVersionSignature: Ubuntu 6.12.0-15.15-generic 6.12.11
  Uname: Linux 6.12.0-15-generic x86_64
  NonfreeKernelModules: zfs
  ApportVersion: 2.31.0-0ubuntu5
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Thu Feb 20 08:57:57 2025
  InstallationDate: Installed on 2024-07-18 (217 days ago)
  InstallationMedia: Ubuntu 24.04 LTS "Noble Numbat" - Release amd64 (20240424)
  ProcEnviron:
   LANG=en_US.UTF-8
   PATH=(custom, no user)
   SHELL=/usr/bin/zsh
   TERM=xterm-256color
   XDG_RUNTIME_DIR=<set>
  ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-6.12.0-15-generic 
root=/dev/mapper/ubuntu--vg-ubuntu--lv ro quiet splash vt.handoff=7
  SourcePackage: apparmor
  UpgradeStatus: Upgraded to plucky on 2024-12-20 (62 days ago)
  modified.conffile..etc.apparmor.d.element-desktop: [modified]
  mtime.conffile..etc.apparmor.d.element-desktop: 2025-02-11T18:32:02.077059

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2098930/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to