I also don't think the issue of reading the key in /etc/ssl/private has been addressed. I don't see that directory mentioned in the apparmor rules at all.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2072702 Title: AppArmor profile prevents use of TLS keys and certificates Status in apparmor package in Ubuntu: New Bug description: I'm trying to use the following configuration: # certificate files $DefaultNetstreamDriverCAFile /etc/ipa/ca.crt $DefaultNetstreamDriverCertFile /etc/ssl/certs/FQDN.crt $DefaultNetstreamDriverKeyFile /etc/ssl/private/FQDN.key But AppArmor prevents the loading of /etc/ipa/ca.crt and the key file. I think rsyslog-gnutls should allow reading the key file. But perhaps /etc/ipa/ca.crt needs to be added to /etc/apparmor.d/abstractions/ssl_certs which is in the apparmor package. Version 8.2312.0-3ubuntu9 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2072702/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
