[Touch-packages] [Bug 2101796] Re: openvpn profile doesn't allow access to /run/systemd/notify

Tue, 11 Mar 2025 19:11:29 -0700 

This bug was fixed in the package apparmor - 4.1.0~beta5-0ubuntu8

---------------
apparmor (4.1.0~beta5-0ubuntu8) plucky; urgency=medium

  * Add a patch to allow OpenVPN access to the systemd notify socket
    (LP: #2101796):
    - d/p/u/openvpn-systemd-notify.patch
  * Add a patch to allow OpenVPN to read NetworkManager imported certs
    (LP: #2101909):
    - d/p/u/openvpn-networkmanager-imports.patch
  * Add a patch to allow utils to parse the fusermount profile
    (LP: #2101869):
    - d/p/u/utils-fix-mount-handling-hyphens.patch

apparmor (4.1.0~beta5-0ubuntu7) plucky; urgency=medium

  * Add patch to add os-prober and linux-boot-prober profiles
    (LP: #2099811):
    - d/p/u/os_prober_mr_1569.patch
  * debian/apparmor.install: add entries for the os-prober and
    linux-boot-prober profiles

 -- Ryan Lee <ryan....@canonical.com>  Mon, 10 Mar 2025 09:43:48 -0700

** Changed in: apparmor (Ubuntu Plucky)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2101796

Title:
  openvpn profile doesn't allow access to /run/systemd/notify

Status in apparmor package in Ubuntu:
  Fix Released
Status in apparmor source package in Plucky:
  Fix Released

Bug description:
  Hi,

  Just upgraded my system from Oracular to Plucky over the weekend.
  Unfortunately, OpenVPN fails to start:

  | 2025-03-10T08:15:26.607201+11:00 dharkan kernel: audit: type=1400 
audit(1741554926.605:2470): apparmor="DENIED" operation="sendmsg" class="file" 
profile="openvpn" name="/run/systemd/notify" pid=53793 comm="openvpn" 
requested_mask="w" denied_mask="w" fsuid=0 ouid=0
  | 2025-03-10T08:15:26.608201+11:00 dharkan kernel: audit: type=1400 
audit(1741554926.606:2471): apparmor="DENIED" operation="sendmsg" class="file" 
profile="openvpn" name="/run/systemd/notify" pid=53794 comm="openvpn" 
requested_mask="w" denied_mask="w" fsuid=0 ouid=0
  | 2025-03-10T08:15:29.266120+11:00 dharkan kernel: audit: type=1400 
audit(1741554929.263:2472): apparmor="DENIED" operation="sendmsg" class="file" 
profile="openvpn" name="/run/systemd/notify" pid=53794 comm="openvpn" 
requested_mask="w" denied_mask="w" fsuid=65534 ouid=0

  Adding `/run/systemd/notify w,` to `/etc/apparmor.d/openvpn` fixed it
  for me.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2101796/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to