Confirmed based on
https://wiki.strongswan.org/projects/strongswan/wiki/ConfigSetupSection:
"if enabled, certificate revocation lists (CRLs) fetched via HTTP or
LDAP will be cached in /etc/ipsec.d/crls/ under a unique file name
derived from the certification authority's public key"
So /etc/ipsec.d/crls/* does need write access in the AppArmor profile as
you have suggested.
** Changed in: strongswan (Ubuntu)
Status: New => Triaged
** Tags added: bitesize
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1505222
Title:
strongSwan AppArmor prevents CRL caching
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1505222/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
