Skip to content

Loading…

Enhance AppArmor profile to allow GnuPG link operations #109

Closed
mrash opened this Issue · 1 comment

2 participants

@mrash
Owner

In fwknop-2.5.1 with the extras/apparmor/usr.sbin.fwknopd policy deployed on Ubuntu-13.10, the following error is generated when receiving a GnuPG encrypted SPA packet:

Nov 10 22:13:51 minastirith kernel: [135833.317788] type=1400 audit(1384139631.460:82): apparmor="DENIED" operation="link" parent=1 profile="/usr/sbin/fwknopd" name="/root/.gnupg/.#lk0x10NNNN0.minastirith.19986x" pid=19986 comm="gpg" requested_mask="l" denied_mask="l" fsuid=0 ouid=0 target="/root/.gnupg/.#lk0x1NNNN30.minastirith.19986"

@mrash mrash was assigned
@Raybuntu

Hi Mike,
Try changing this line in the profile:
/root/.gnupg/* rw,
to:
/root/.gnupg/* rwkl,

@mrash mrash added a commit that closed this issue
@mrash AppArmor profile update to allow GnuPG link operations, closes #109
This fix was submitted by Raybuntu through github.
cba2873
@mrash mrash closed this in cba2873
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.