[strongSwan] strongSwan 5.1.2 on Ubuntu Trusty (14.0.4) and AppArmor

[Simon Deziel]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi Fabrice,

On 03/19/2015 09:22 AM, Fabrice Barconnière wrote:
> I've configured VPN on Ubuntu Trusty with strongSwan 5.1.2 and
> connections are OK.
> But when i execute "ipsec statusall" command, it replies :
> "reading from socket failed: Permission denied"
> 
> When i suppress "/etc/apparmor.d/usr.lib.ipsec.stroke" AppArmor
> profile, the command replies correctly.

Are you running with reduced privileges [1] by any chance?

If yes, then Ubuntu has almost everything in place (properly compiled,
user "strongswan" created by the package, etc). The only missing pieces
are little tweaks to the charon and stroke Apparmor profiles. Those are
available as patches at [2].

Regards,
Simon


1: https://wiki.strongswan.org/projects/strongswan/wiki/ReducedPrivileges
2: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1333655
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJVCtAxXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ1NjVDMzc0QUZCQUQyRkM2MjBDNkMxQkI3
MkZFMERBRTkwMEIyQzM0AAoJEHL+Da6QCyw0UGQP/17EChoBdN0g+BusuoKxhpVr
jOM/6fXTSaySziBjvXZGGHLox35z4xFWR2nSHhKM2p/mKFfsAQ/M+zGCFgyXMTYr
8DR1jowMbeXj6K0yh8DZOfgxhptV8+b8lrP8S7mz1Ba9zLM0vZVGu+xryXIO/dUD
Q3ceW2HIB3UEg5uTumuuyxUsW4fHgNLZcVhMQvxZvHLE4TaOxD1WYfBtFnOnDwBd
eemDilbADnXU8Bx+HnyLHxqb+8Y6wNOpat/XaonSckgG+5Q7Sm95X4Qkj4wy/m3h
ydLPW4PZFvBMeBqcVF6iwcVyGHeKSF3qxt+fQIyABHpcXwkI2ukl8QiZyLY1MI9w
bJEq4cTBIizMcDLj8rkXgm1FWiUcXnVUMGnJxaBZPlBQJgu3oOwfvDUTFeB6I3FV
DlOd1v5twqpBDwwTB8lp6KsJGduIqPFSOWI5VnPUIpG4QtL2TsHGmibytPixe5MC
H+V6JKo8NC6el7Z5rWPhQkPxErTcFerDrIoMJmD9dKW3A1IlVWAbHthDSSxueY8j
ASR/y3Qr8wW/NH4zMiP6Jnlqc0vzIc4/ibkrQsVKbdBuDg6kMfOYlUoqKcEhwi7/
RyqD0FszIGvQW9esE/4KLZTGjrRiJmmqYJ+Kf4Izt2H4dNXP8BwHCcTCJTHEs6Ur
Y+f5TqVqOaaqhkfxFLAb
=VwaL
-----END PGP SIGNATURE-----