This bug was fixed in the package apparmor - 4.1.0~beta5-0ubuntu9
---------------
apparmor (4.1.0~beta5-0ubuntu9) plucky; urgency=medium
* Remove the patch enabling the unshare-userns-restrict profile by
default (LP: #2102081):
- d/p/u/Move-the-unshare-userns-restrict-profile-out-of-extras.patch
* Add patch allowing openvpn --genkey and homedir key locations
(LP: #2098930):
- d/p/u/openvpn-permissive-paths.patch
* Add patch for parser attach_disconnected.ipc mediation (LP: #2102237):
- d/p/u/attach_disconnected_ipc.patch
* debian/apparmor.install: remove entry for unshare-userns-restrict
* debian/apparmor-profiles.install: add entry for
unshare-userns-restrict
* debian/apparmor.maintscript: remove unshare-userns-restrict profile
if it was previously installed
* Add a patch to support "yes"/"no" literal values for the
unconfined_restrictions/userns sysctl (LP: #2102680):
- d/p/u/userns-runtime-disable-fix-for-6_14.patch
-- Ryan Lee <[email protected]> Thu, 13 Mar 2025 09:49:44 -0700
** Changed in: apparmor (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/2098930
Title:
openvpn profile doesn't allow access to files on home dir
Status in apparmor package in Ubuntu:
Fix Released
Status in gnome-control-center package in Ubuntu:
Confirmed
Status in network-manager package in Ubuntu:
Confirmed
Bug description:
my VPN keys & certs are stored in my HOME directory. The current
apparmor update broke that. When I try to activate my VPN through
NetworkManager, the journal says:
Feb 20 07:48:57 paprika NetworkManager[3405]: <info> [1740034137.4372]
vpn[0x58db282782d0,132c9eee-2134-4f7a-8326-58bde38036de,"canonical-uk"]:
starting openvpn
[snipped]
Feb 20 07:48:57 paprika nm-openvpn[10793]: Cannot pre-load keyfile
(/home/tom/Documents/vpn/ta.key)
Feb 20 07:48:57 paprika nm-openvpn[10793]: Exiting due to fatal error
[snipped]
Feb 20 07:48:57 paprika kernel: audit: type=1400 audit(1740034137.454:789):
apparmor="DENIED" operation="open" class="file" profile="openvpn"
name="/home/tom/Documents/vpn/ta.key" pid=10793 comm="openvpn"
requested_mask="r" denied_ma>
So openvpn can no longer access
/home/tom/Documents/canonical/vpn/canonical_ta.key .
ProblemType: Bug
DistroRelease: Ubuntu 25.04
Package: apparmor 4.1.0~beta5-0ubuntu2
ProcVersionSignature: Ubuntu 6.12.0-15.15-generic 6.12.11
Uname: Linux 6.12.0-15-generic x86_64
NonfreeKernelModules: zfs
ApportVersion: 2.31.0-0ubuntu5
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Thu Feb 20 08:57:57 2025
InstallationDate: Installed on 2024-07-18 (217 days ago)
InstallationMedia: Ubuntu 24.04 LTS "Noble Numbat" - Release amd64 (20240424)
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/usr/bin/zsh
TERM=xterm-256color
XDG_RUNTIME_DIR=<set>
ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-6.12.0-15-generic
root=/dev/mapper/ubuntu--vg-ubuntu--lv ro quiet splash vt.handoff=7
SourcePackage: apparmor
UpgradeStatus: Upgraded to plucky on 2024-12-20 (62 days ago)
modified.conffile..etc.apparmor.d.element-desktop: [modified]
mtime.conffile..etc.apparmor.d.element-desktop: 2025-02-11T18:32:02.077059
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2098930/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
