~paelzer/ubuntu/+source/strongswan:lp-1786250-self-fd-reads-cosmic

Branch merges

Propose for merging

Rejected for merging into ubuntu/+source/strongswan:ubuntu/cosmic-devel

Andreas Hasenack: Needs Fixing on 2018-10-04

fermulator (community): Approve (code inspection) on 2018-09-26

Canonical Server packageset reviewers: Pending requested 2018-09-25

Canonical Server: Pending requested 2018-09-25

Diff: 30 lines (+11/-0)

2 files modified

debian/changelog (+7/-0)
debian/usr.lib.ipsec.charon (+4/-0)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

0ad07e7... by Christian Ehrhardt  on 2018-09-24

changelog: fix apparmor denies reading the own FDs (LP: #1786250)

Signed-off-by: Christian Ehrhardt <email address hidden>

d74a857... by Christian Ehrhardt  on 2018-08-20

fix apparmor denies reading the own FDs (LP: #1786250)

As per LP #1786250, user noted audit failures in system log
against charon trying to read its own list of file descriptors
in /proc/<pid>/fd/.

We are uncertain when/why this started, however it is not
unreasonable for a process to attempt to read its own fd's,
so allow by extending the apparmor profile for charon.

References:
http://manpages.ubuntu.com/manpages/bionic/en/man5/apparmor.d.5.html
https://linux.die.net/man/5/proc

582ccbd... by Andreas Hasenack on 2018-08-23

Import patches-unapplied version 5.6.3-1ubuntu1 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Upload parent: 914d0606e00afd407437ea850454beba437a0ea2

914d060... by Andreas Hasenack on 2018-08-23

Cleanup d/changelog (removed signed-off lines)

bcb24b5... by Andreas Hasenack on 2018-08-23

update-maintainer

1c941f6... by Andreas Hasenack on 2018-08-23

reconstruct-changelog

bb919ae... by Andreas Hasenack on 2018-08-23

merge-changelogs

810dd28... by Andreas Hasenack on 2018-08-22

  * Dropped:
    - d/usr.sbin.charon-systemd: allow systemd notifications (LP: #1765652)
      [Fixed in 5.6.3-1]

c2bbd12... by Andreas Hasenack on 2018-08-22

    - d/usr.lib.ipsec.charon, d/usr/sbin/charon-systemd: Add support for
      usr-merge, thanks to Christian Ehrhardt. LP: #1784023

f5b8c3b... by Christian Ehrhardt  on 2018-05-29

    - d/usr.sbin.charon-systemd: allow to contact mysql for sql and
      attr-sql plugins (LP: #1766240)

Signed-off-by: Christian Ehrhardt <email address hidden>