Package: fwknop-apparmor-profile Version: 2.6.9-1 Severity: important The AppArmor profile that comes with fwknop-server is not complete.
These are the errors I have when running in complain mode: ----------------------------------------------------- audit[29328]: AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/fwknopd" name="/var/fwknop/fwknopd.pid" comm="fwknopd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 audit[29329]: AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/fwknopd" name="/var/fwknop/digest.cache" comm="fwknopd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 audit[29412]: AVC apparmor="ALLOWED" operation="file_lock" profile="/usr/sbin/fwknopd" name="/run/xtables.lock" comm="iptables" requested_mask="wk" denied_mask="wk" fsuid=0 ouid=0 fwknop-server[29322]: Error trying to open PID file: : Permission denied fwknop-server[31175]: Error trying to open PID file: : Permission denied ----------------------------------------------------- This is solved by adding the following lines to the profile: ----------------------------------------------------- /run/xtables.lock wk, /var/fwknop/fwknopd.pid r, /var/fwknop/fwknopd.pid wkl, /var/fwknop/digest.cache r, /var/fwknop/digest.cache wkl, ----------------------------------------------------- -- System Information: Debian Release: 9.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-8-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages fwknop-apparmor-profile depends on: pn fwknop-server <none> fwknop-apparmor-profile recommends no packages. fwknop-apparmor-profile suggests no packages.