Just an idea (without looking at the profile): The suggested fix says > 1. Execution of `/etc/openvpn/*` and `/usr/libexec/openvpn/*`.
Would allowing to run those scripts as PUx be an option? Obviously running the scripts unconfined is a security hole, but that's still better than not even confining openvpn. > 2. Write access to the systemd-resolved Unix socket (`/run/systemd/resolve/io.systemd.Resolve`). That sounds like the easier part ;-) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2146874 Title: OpenVPN fails to execute update-systemd-resolved scripts due to restrictive AppArmor profile To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2146874/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
