Public bug reported: OS : Ubuntu 14.04 LTS server i386 ( with all packages obtained from Ubuntu repos ) Kernel : Linux 3.13.0-66-generic, i686
Running StrongSwan 5.1.2. Found it was necessary to edit the apparmor profile to permit "strongswan-plugin-farp" to be loaded at 'ipsec start'. Reproducable 100% of time. Following errors are reported in "/var/log/charon.log" : Nov 6 14:39:55 00[NET] opening ARP packet socket failed: Permission denied Nov 6 14:39:55 00[LIB] plugin 'farp': failed to load - farp_plugin_create returned NULL "/var/log/syslog" : Nov 6 14:39:55 VMserver1 kernel: [15238.662619] type=1400 audit(1446820795.972:29): apparmor="DENIED" operation="create" profile="/usr/lib/ipsec/charon" pid=3143 comm="charon" family="packet" sock_type="dgram" protocol=1544 Nov 6 14:39:55 VMserver1 kernel: [15238.677435] type=1400 audit(1446820795.988:30): apparmor="DENIED" operation="create" profile="/usr/lib/ipsec/charon" pid=3143 comm="charon" family="packet" sock_type="dgram" protocol=8 Proposed fix ------------ --- /etc/apparmor.d/usr.lib.ipsec.charon 2015-11-06 16:27:22.068674462 +0000 +++ /tmp/tmpvcipywp2 2015-11-06 16:46:16.552658984 +0000 @@ -27,6 +27,8 @@ # network all, network raw, + network packet dgram, + /bin/dash mrPUx, /etc/ipsec.*.secrets r, /etc/ipsec.conf r, ** Affects: strongswan (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1514794 Title: package:strongswan-plugin-farp may need apparmor config change To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1514794/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs