Public bug reported:
openvpn can't use hardware tokens to connect. apparamor openvpn profile
denies access to pcscd. openvpn asks for token to be inserted since it
doesn't sees one. Disabling openvpn apparmor profile fixes the issue.
мая 28 10:28:57 and-sidorov-nb sudo[255345]: and-sidorov : TTY=pts/2 ;
PWD=/home/and-sidorov ; USER=root ; COMMAND=/usr/sbin/openvpn --config
/home/and-sidorov/.vpn/barbos_yubikey.conf
мая 28 10:28:57 and-sidorov-nb sudo[255345]: pam_unix(sudo:session): session
opened for user root(uid=0) by and-sidorov(uid=1000)
мая 28 10:28:57 and-sidorov-nb kernel: audit: type=1400
audit(1748417337.731:2116): apparmor="DENIED" operation="open" class="file"
profile="openvpn" name="/etc/machine-id" pid=255359 comm="openvpn"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
мая 28 10:28:57 and-sidorov-nb kernel: audit: type=1400
audit(1748417337.731:2117): apparmor="DENIED" operation="open" class="file"
profile="openvpn" name="/etc/machine-id" pid=255359 comm="openvpn"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
мая 28 10:28:57 and-sidorov-nb kernel: audit: type=1400
audit(1748417337.731:2118): apparmor="DENIED" operation="open" class="file"
profile="openvpn" name="/etc/opensc/opensc.conf" pid=255359 comm="openvpn"
requested_mask="r" denied_mask="r" fsuid=0 oui>
мая 28 10:28:57 and-sidorov-nb kernel: audit: type=1400
audit(1748417337.731:2119): apparmor="DENIED" operation="connect" class="file"
profile="openvpn" name="/run/pcscd/pcscd.comm" pid=255359 comm="openvpn"
requested_mask="wr" denied_mask="wr" fsuid=0 >
мая 28 10:28:57 and-sidorov-nb kernel: audit: type=1400
audit(1748417337.734:2120): apparmor="DENIED" operation="connect" class="file"
profile="openvpn" name="/run/pcscd/pcscd.comm" pid=255359 comm="openvpn"
requested_mask="wr" denied_mask="wr" fsuid=0 >
мая 28 10:29:02 and-sidorov-nb sudo[255345]: pam_unix(sudo:session): session
closed for user root
ProblemType: Bug
DistroRelease: Ubuntu 25.04
Package: apparmor 4.1.0~beta5-0ubuntu14
ProcVersionSignature: Ubuntu 6.14.0-15.15-generic 6.14.0
Uname: Linux 6.14.0-15-generic x86_64
ApportVersion: 2.32.0-0ubuntu5
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Wed May 28 10:29:55 2025
InstallationDate: Installed on 2024-03-06 (448 days ago)
InstallationMedia: Ubuntu 23.10.1 "Mantic Minotaur" - Release amd64 (20231016.1)
ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-6.14.0-15-generic
root=/dev/mapper/ubuntu--vg-ubuntu--lv ro quiet splash
crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M
vt.handoff=7
SourcePackage: apparmor
UpgradeStatus: Upgraded to plucky on 2025-05-27 (1 days ago)
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug plucky
** Summary changed:
- openvpn doesn't work with hw tokens (apparmor denied)
+ openvpn doesn't work with opensc hw tokens (apparmor denied)
** Description changed:
openvpn can't use hardware tokens to connect. apparamor openvpn profile
- denies access to pcsd. openvpn asks for token to be inserted since it
+ denies access to pcscd. openvpn asks for token to be inserted since it
doesn't sees one. Disabling openvpn apparmor profile fixes the issue.
мая 28 10:28:57 and-sidorov-nb sudo[255345]: and-sidorov : TTY=pts/2 ;
PWD=/home/and-sidorov ; USER=root ; COMMAND=/usr/sbin/openvpn --config
/home/and-sidorov/.vpn/barbos_yubikey.conf
мая 28 10:28:57 and-sidorov-nb sudo[255345]: pam_unix(sudo:session): session
opened for user root(uid=0) by and-sidorov(uid=1000)
мая 28 10:28:57 and-sidorov-nb kernel: audit: type=1400
audit(1748417337.731:2116): apparmor="DENIED" operation="open" class="file"
profile="openvpn" name="/etc/machine-id" pid=255359 comm="openvpn"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
мая 28 10:28:57 and-sidorov-nb kernel: audit: type=1400
audit(1748417337.731:2117): apparmor="DENIED" operation="open" class="file"
profile="openvpn" name="/etc/machine-id" pid=255359 comm="openvpn"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
мая 28 10:28:57 and-sidorov-nb kernel: audit: type=1400
audit(1748417337.731:2118): apparmor="DENIED" operation="open" class="file"
profile="openvpn" name="/etc/opensc/opensc.conf" pid=255359 comm="openvpn"
requested_mask="r" denied_mask="r" fsuid=0 oui>
мая 28 10:28:57 and-sidorov-nb kernel: audit: type=1400
audit(1748417337.731:2119): apparmor="DENIED" operation="connect" class="file"
profile="openvpn" name="/run/pcscd/pcscd.comm" pid=255359 comm="openvpn"
requested_mask="wr" denied_mask="wr" fsuid=0 >
мая 28 10:28:57 and-sidorov-nb kernel: audit: type=1400
audit(1748417337.734:2120): apparmor="DENIED" operation="connect" class="file"
profile="openvpn" name="/run/pcscd/pcscd.comm" pid=255359 comm="openvpn"
requested_mask="wr" denied_mask="wr" fsuid=0 >
мая 28 10:29:02 and-sidorov-nb sudo[255345]: pam_unix(sudo:session): session
closed for user root
ProblemType: Bug
DistroRelease: Ubuntu 25.04
Package: apparmor 4.1.0~beta5-0ubuntu14
ProcVersionSignature: Ubuntu 6.14.0-15.15-generic 6.14.0
Uname: Linux 6.14.0-15-generic x86_64
ApportVersion: 2.32.0-0ubuntu5
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Wed May 28 10:29:55 2025
InstallationDate: Installed on 2024-03-06 (448 days ago)
InstallationMedia: Ubuntu 23.10.1 "Mantic Minotaur" - Release amd64
(20231016.1)
ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-6.14.0-15-generic
root=/dev/mapper/ubuntu--vg-ubuntu--lv ro quiet splash
crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M
vt.handoff=7
SourcePackage: apparmor
UpgradeStatus: Upgraded to plucky on 2025-05-27 (1 days ago)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2111885
Title:
openvpn doesn't work with opensc hw tokens (apparmor denied)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2111885/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
