Patched:
$ git status
On branch allow_charon_apparmor_read_proc_fd_LP_#1786250
commit d0ec74d30d6742d34b3dc72113bbc933c608fffa (HEAD ->
allow_charon_apparmor_read_proc_fd_LP_#1786250)
Author: (SNIP) <fermulator>
Date: Mon Aug 20 09:40:38 2018 -0400
As per LP #1786250, user noted audit failures in system log
against charon trying to read its own list of file descriptors
in /proc/<pid>/fd/.
We are uncertain when/why this started, however it is not
unreasonable for a process to attempt to read its own fd's,
so allow by extending the apparmor profile for charon.
References:
http://manpages.ubuntu.com/manpages/bionic/en/man5/apparmor.d.5.html
https://linux.die.net/man/5/proc
** Patch added: "proposal for fix to charon apparmor profile"
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1786250/+attachment/5178029/+files/0001-As-per-LP-1786250-user-noted-audit-failures-in-syste.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786250
Title:
strongswan (charon) is rejected by apparmor to read /proc/<PID>/fd
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1786250/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
