There are only three components in strongSwan that open TUN devices, charon-xpc (on macOS), the kernel-pfroute plugin (also not on Linux but macOS and *BSD) and kernel-libipsec, as pointed out by Simon. However, swanctl has no business loading kernel plugins (it doesn't by default), as it is no IKE daemon. It just loads configs/credentials and passes them to the daemon via VICI. So no idea where this comes from, unless strongswan.conf or any includes are somehow messed up and swanctl loads that plugin inadvertently.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1875504 Title: apparmor="DENIED" operation="file_inherit" profile="/usr/sbin/swanctl" name="/dev/net/tun" pid=490601 comm="swanctl" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1875504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
