A better workaround until this is officially fixed might be to use the local/ includes like this:
echo ' capability setpcap,' >> /etc/apparmor.d/local/usr.lib.ipsec.charon echo ' capability setpcap,' >> /etc/apparmor.d/local/usr.sbin.charon-systemd apparmor_parser -r -T -W /etc/apparmor.d/usr.lib.ipsec.charon apparmor_parser -r -T -W /etc/apparmor.d/usr.sbin.charon-systemd service strongswan restart # or service strongswan-swanctl restart ** Bug watch added: Debian Bug tracker #927961 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927961 ** Also affects: strongswan (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927961 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1826238 Title: apparmor doesn't allow to start with a non-root user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1826238/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs