[Bug 1330486] Re: strongSwan AppArmor profile doesn't allow smartcard configuration
Jacques
caramba696 at gmail.com
Mon Jul 6 09:59:32 UTC 2015
In particular, it is the charon profile which doesn't allow access to
the PC/SC layer and to the specific smartcard files (depending on the
vendor).
For example, with a Gemalto IDPrime .NET card, this is what I get in my
logs:
#Jun 29 08:29:46 ubuntu kernel: [ 873.811807] type=1400 audit(1435559386.465:51): apparmor="DENIED" operation="open" profile="/usr/lib/ipsec/charon" name="/run/shm/gemalto_idprime_sdata" pid=11356 comm="charon" requested_mask="rwc" denied_mask="rwc" fsuid=0 ouid=0
#Jun 29 08:29:46 ubuntu kernel: [ 873.817301] type=1400 audit(1435559386.469:52): apparmor="DENIED" operation="connect" profile="/usr/lib/ipsec/charon" name="/run/pcscd/pcscd.comm" pid=11356 comm="charon" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=0
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to strongswan in Ubuntu.
https://bugs.launchpad.net/bugs/1330486
Title:
strongSwan AppArmor profile doesn't allow smartcard configuration
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1330486/+subscriptions
More information about the Ubuntu-server-bugs
mailing list