[Bug 1648634] [NEW] opencryptoki breaks p11-kit

dwmw2 dwmw2 at infradead.org
Thu Dec 8 21:33:59 UTC 2016 

Public bug reported:

When opencryptoki is installed, it creates a symlink from /etc/pkcs11 to
/var/lib/opencryptoki, which is readable only by root.

This means that anything using p11-kit to find the PKCS#11 modules which
are configured to be available in the system (which is basically any
well-behaved application) now breaks:

$ openconnect -c 'pkcs11:token=eToken;id=%01' server.example.com
POST https://server.example.com/
Attempting to connect to server [fec0::1]:443
p11-kit: couldn't open config file: /etc/pkcs11/pkcs11.conf: Permission denied
Error loading certificate from PKCS#11: PKCS #11 initialization error.
Loading certificate failed. Aborting.

$ p11tool --list-tokens
p11-kit: couldn't open config file: /etc/pkcs11/pkcs11.conf: Permission denied
pkcs11_init: PKCS #11 initialization error.

** Affects: opencryptoki (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: p11-kit (Ubuntu)
     Importance: Undecided
         Status: New

** Also affects: p11-kit (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to p11-kit in Ubuntu.
https://bugs.launchpad.net/bugs/1648634

Title:
  opencryptoki breaks p11-kit

Status in opencryptoki package in Ubuntu:
  New
Status in p11-kit package in Ubuntu:
  New

Bug description:
  When opencryptoki is installed, it creates a symlink from /etc/pkcs11
  to /var/lib/opencryptoki, which is readable only by root.

  This means that anything using p11-kit to find the PKCS#11 modules
  which are configured to be available in the system (which is basically
  any well-behaved application) now breaks:

  $ openconnect -c 'pkcs11:token=eToken;id=%01' server.example.com
  POST https://server.example.com/
  Attempting to connect to server [fec0::1]:443
  p11-kit: couldn't open config file: /etc/pkcs11/pkcs11.conf: Permission denied
  Error loading certificate from PKCS#11: PKCS #11 initialization error.
  Loading certificate failed. Aborting.

  $ p11tool --list-tokens
  p11-kit: couldn't open config file: /etc/pkcs11/pkcs11.conf: Permission denied
  pkcs11_init: PKCS #11 initialization error.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/opencryptoki/+bug/1648634/+subscriptions

More information about the foundations-bugs mailing list