Public bug reported:
After installing opencryptoki 3.20.0 on Ubuntu 23.04 the strength.conf
file that is installed into /etc/opencryptoki/ has a wrong mode.
After starting pkcsslotrd, command 'pkcsconf -t' shows
pkcsconf: Error initializing the PKCS11 library: 0x5 (CKR_GENERAL_ERROR)
and the syslog shows:
usr/lib/api/policy.c POLICY: Configuration file
/etc/opencryptoki/strength.conf has wrong permissions!
# ls -l /etc/opencryptoki/strength.conf
-rw-r--r-- 1 root pkcs11 866 Feb 13 09:10 /etc/opencryptoki/strength.conf
So it has a mode of 644, but it must have a mode of 640 ! This is
checked by the code, and opencryptoki is not usable if the mode is
wrong. The owner "root:pkcs11" is correct.
Circumvention: manually change the mode to 0640. After that 'pkcsconf
-t' works.
Note: This affects all architectures where opencryptoki is supported.
** Affects: linux (Ubuntu)
Importance: Undecided
Assignee: Skipper Bug Screeners (skipper-screen-team)
Status: New
** Tags: architecture-s39064 bugnameltc-202533 severity-medium
targetmilestone-inin2304
** Tags added: architecture-s39064 bugnameltc-202533 severity-medium
targetmilestone-inin2304
** Changed in: ubuntu
Assignee: (unassigned) => Skipper Bug Screeners (skipper-screen-team)
** Package changed: ubuntu => linux (Ubuntu)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2018908
Title:
[UBUNTU 23.04] opencryptoki 3.20.0: strength.conf has wrong mode
Status in linux package in Ubuntu:
New
Bug description:
After installing opencryptoki 3.20.0 on Ubuntu 23.04 the strength.conf
file that is installed into /etc/opencryptoki/ has a wrong mode.
After starting pkcsslotrd, command 'pkcsconf -t' shows
pkcsconf: Error initializing the PKCS11 library: 0x5 (CKR_GENERAL_ERROR)
and the syslog shows:
usr/lib/api/policy.c POLICY: Configuration file
/etc/opencryptoki/strength.conf has wrong permissions!
# ls -l /etc/opencryptoki/strength.conf
-rw-r--r-- 1 root pkcs11 866 Feb 13 09:10 /etc/opencryptoki/strength.conf
So it has a mode of 644, but it must have a mode of 640 ! This is
checked by the code, and opencryptoki is not usable if the mode is
wrong. The owner "root:pkcs11" is correct.
Circumvention: manually change the mode to 0640. After that 'pkcsconf
-t' works.
Note: This affects all architectures where opencryptoki is supported.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2018908/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
