[Bug 2098930] [NEW] openvpn profile doesn't allow access to files on home dir

Thomas Bechtold Thu, 20 Feb 2025 00:10:41 -0800

Public bug reported:

my VPN keys & certs are stored in my HOME directory. The current
apparmor update broke that. When I try to activate my VPN through
NetworkManager, the journal says:



Feb 20 07:48:57 paprika NetworkManager[3405]: <info>  [1740034137.4372] 
vpn[0x58db282782d0,132c9eee-2134-4f7a-8326-58bde38036de,"canonical-uk"]: 
starting openvpn
[snipped]
Feb 20 07:48:57 paprika nm-openvpn[10793]: Cannot pre-load keyfile 
(/home/tom/Documents/vpn/ta.key)
Feb 20 07:48:57 paprika nm-openvpn[10793]: Exiting due to fatal error
[snipped]
Feb 20 07:48:57 paprika kernel: audit: type=1400 audit(1740034137.454:789): 
apparmor="DENIED" operation="open" class="file" profile="openvpn" 
name="/home/tom/Documents/vpn/ta.key" pid=10793 comm="openvpn" 
requested_mask="r" denied_ma>


So openvpn can no longer access 
/home/tom/Documents/canonical/vpn/canonical_ta.key .

ProblemType: Bug
DistroRelease: Ubuntu 25.04
Package: apparmor 4.1.0~beta5-0ubuntu2
ProcVersionSignature: Ubuntu 6.12.0-15.15-generic 6.12.11
Uname: Linux 6.12.0-15-generic x86_64
NonfreeKernelModules: zfs
ApportVersion: 2.31.0-0ubuntu5
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Thu Feb 20 08:57:57 2025
InstallationDate: Installed on 2024-07-18 (217 days ago)
InstallationMedia: Ubuntu 24.04 LTS "Noble Numbat" - Release amd64 (20240424)
ProcEnviron:
 LANG=en_US.UTF-8
 PATH=(custom, no user)
 SHELL=/usr/bin/zsh
 TERM=xterm-256color
 XDG_RUNTIME_DIR=<set>
ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-6.12.0-15-generic 
root=/dev/mapper/ubuntu--vg-ubuntu--lv ro quiet splash vt.handoff=7
SourcePackage: apparmor
UpgradeStatus: Upgraded to plucky on 2024-12-20 (62 days ago)
modified.conffile..etc.apparmor.d.element-desktop: [modified]
mtime.conffile..etc.apparmor.d.element-desktop: 2025-02-11T18:32:02.077059

** Affects: apparmor (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug plucky wayland-session

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2098930

Title:
  openvpn profile doesn't allow access to files on home dir

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2098930/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2098930] [NEW] openvpn profile doesn't allow access to files on home dir

Reply via email to