Skip to content


Enhance AppArmor profile to allow GnuPG link operations #109

mrash opened this Issue · 1 comment

2 participants


In fwknop-2.5.1 with the extras/apparmor/usr.sbin.fwknopd policy deployed on Ubuntu-13.10, the following error is generated when receiving a GnuPG encrypted SPA packet:

Nov 10 22:13:51 minastirith kernel: [135833.317788] type=1400 audit(1384139631.460:82): apparmor="DENIED" operation="link" parent=1 profile="/usr/sbin/fwknopd" name="/root/.gnupg/.#lk0x10NNNN0.minastirith.19986x" pid=19986 comm="gpg" requested_mask="l" denied_mask="l" fsuid=0 ouid=0 target="/root/.gnupg/.#lk0x1NNNN30.minastirith.19986"

@mrash mrash was assigned

Hi Mike,
Try changing this line in the profile:
/root/.gnupg/* rw,
/root/.gnupg/* rwkl,

@mrash mrash added a commit that closed this issue
@mrash AppArmor profile update to allow GnuPG link operations, closes #109
This fix was submitted by Raybuntu through github.
@mrash mrash closed this in cba2873
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.