Hello, acmetool is an alternative client for Let's Encrypt. (https://github.com/hlandau/acme/)
It stores the certificates etc. in the following directory layout: /var/lib/acme/live/<domain> -> ../certs/<hash> /var/lib/acme/certs/<hash>/cert /var/lib/acme/certs/<hash>/chain /var/lib/acme/certs/<hash>/privkey -> ../../keys/<hash>/privkey /var/lib/acme/certs/<hash>/url /var/lib/acme/certs/<hash>/fullchain /var/lib/acme/keys/<hash>/privkey This patch adds the needed permissions to the ssl_certs and ssl_keys abstractions so that the certificates can be used. I propose this patch for trunk, 2.10 and 2.9. [ abstractions-ssl-acmetool.diff ] === modified file 'profiles/apparmor.d/abstractions/ssl_certs' --- profiles/apparmor.d/abstractions/ssl_certs 2015-01-31 15:51:17 +0000 +++ profiles/apparmor.d/abstractions/ssl_certs 2016-03-27 16:28:03 +0000 @@ -23,3 +23,7 @@ /usr/local/share/ca-certificates/** r, /var/lib/ca-certificates/ r, /var/lib/ca-certificates/** r, + + # acmetool + /var/lib/acme/certs/*/chain r, + /var/lib/acme/certs/*/cert r, === modified file 'profiles/apparmor.d/abstractions/ssl_keys' --- profiles/apparmor.d/abstractions/ssl_keys 2010-12-20 20:29:10 +0000 +++ profiles/apparmor.d/abstractions/ssl_keys 2016-03-27 16:32:32 +0000 @@ -16,3 +16,7 @@ /etc/ssl/ r, /etc/ssl/** r, + # acmetool + /var/lib/acme/live/* r, + /var/lib/acme/certs/** r, + /var/lib/acme/keys/** r, Regards, Christian Boltz -- das Gerät ist doch am USB-Port angeschlossen, also verfolge einfach das Kabel von USB-Anschluss, am Ende solltest du dein Gerät wiederfinden (vielleicht ist es ja nur vom Schreibtisch gefallen) [Kai Lindenberg in suse-linux]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor