allow_charon_apparmor_read_proc_fd_LP_#1786250 : lp:~fermulator/ubuntu/+source/strongswan : Git : Code : strongswan package : Ubuntu

Get this branch:: git clone -b allow_charon_apparmor_read_proc_fd_LP_#1786250 https://git.launchpad.net/~fermulator/ubuntu/+source/strongswan

Only fermulator can upload to this branch. If you are fermulator please log in for upload directions.

Branch merges

Rejected for merging into ubuntu/+source/strongswan:ubuntu/devel

Canonical Server packageset reviewers: Pending requested 2018-08-23

Canonical Server: Pending requested 2018-08-23

Karl Stenerud: Pending requested 2018-08-20

Branch information

Name:: allow_charon_apparmor_read_proc_fd_LP_#1786250

Repository:: lp:~fermulator/ubuntu/+source/strongswan

Recent commits

d0ec74d... by Matt Callaghan <fermulator> on 2018-08-20

As per LP #1786250, user noted audit failures in system log
against charon trying to read its own list of file descriptors
in /proc/<pid>/fd/.

We are uncertain when/why this started, however it is not
unreasonable for a process to attempt to read its own fd's,
so allow by extending the apparmor profile for charon.

References:
http://manpages.ubuntu.com/manpages/bionic/en/man5/apparmor.d.5.html
https://linux.die.net/man/5/proc

5a19dba... by Christian Ehrhardt  on 2018-05-29

Import patches-unapplied version 5.6.2-2ubuntu1 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Upload parent: 160ffc1245f6373f9875244a91b7a9d8e78d0957

160ffc1... by Christian Ehrhardt  on 2018-05-31

changelog: DROP: fix dependencies of strongswan-libcharon