Comment 6 for bug 1786250

Hi,
could you add to the apparmor profile of charon this line
   @{PROC}/@{pid}/fd/ r,
Then reload it via:
   sudo apparmor_parser -r /etc/apparmor.d/usr.lib.ipsec.charon

While I never have heard of charon needing this, if the above works you could add it for youself as a config and I could make it part of future packages.

If the above makes those messages disappear but shows new apparmor denies afterwards let me know.