Public bug reported: Binary package hint: apparmor
The default apparmor profile in /etc/apparmor.d/abstractions/ssl_certs is missing entries for the /usr/share/ca-certificates/mozilla directory. Many of the files in the /etc/ssl/certs directory (which apparmor allows access to) are actually links to files in the /usr/share/ca- certificates/mozilla directory. Apparmor currently denies access to the files that are in the /usr/share/ca-certificates/mozilla directory. This access would be needed if you wanted to run a SSL service (e.g. ldaps) and your SSL certificate were signed by a public CA and the public CA's certificate were in the /usr/share/ca-certificates/mozilla directory. A default Ubuntu install puts most public CAs in the /usr/share/ca-certificates/mozilla directory, and just has soft links to the files from the /etc/ssl/certs directory. Proposed addition to /etc/apparmor.d/abstractions/ssl_certs file: /usr/share/ca-certificates/mozilla r, /usr/share/ca-certificates/mozilla/* r, ProblemType: Bug DistroRelease: Ubuntu 10.04 Package: apparmor 2.5-0ubuntu3 ProcVersionSignature: Ubuntu 2.6.32-25.45-generic 2.6.32.21+drm33.7 Uname: Linux 2.6.32-25-generic x86_64 NonfreeKernelModules: openafs fglrx Architecture: amd64 Date: Fri Oct 29 13:04:51 2010 InstallationMedia: Ubuntu 10.04.1 LTS "Lucid Lynx" - Release amd64 (20100816.1) ProcEnviron: LANG=en_US SHELL=/bin/bash SourcePackage: apparmor ** Affects: apparmor (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug lucid -- apparmor missing entry for some ssl ca cert files https://bugs.launchpad.net/bugs/668436 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs