Tâche #10948: apparmor empêche la commande "ipsec statusall" - Distribution EOLE - Ensemble Ouvert Libre Évolutif

Tâche #10948

Scénario #10794: Faire fonctionner les VPN sur EOLE 2.5

apparmor empêche la commande "ipsec statusall"

Added by Fabrice Barconnière about 8 years ago. Updated about 8 years ago.

Status:

Fermé

Priority:

Normal

Assigned To:

Daniel Dehennin

Target version:

sprint 2015 11-13

Start date:

02/26/2015

Due date:

% Done:

Estimated time:

3.00 h

Spent time:

3.00 h

Remaining (hours):

0.0

Description

root@sphynx:~# ipsec statusall
reading from socket failed: Permission denied

Après suppression des fichiers apparmor liés à stronSwan et reload de la conf apparmor :

root@sphynx:~# ipsec statusall
Status of IKE charon daemon (strongSwan 5.1.2, Linux 3.16.0-31-generic, x86_64):
  uptime: 14 minutes, since Mar 18 14:30:54 2015
  malloc: sbrk 1486848, mmap 0, used 322912, free 1163936
  worker threads: 27 of 32 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
  loaded plugins: charon test-vectors aes sha1 sha2 md5 random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default stroke updown eap-identity addrblock
Listening IP addresses:
  192.168.0.11
  172.30.101.11
Connections:
Sphynx-amon_1-adm-eth1:  192.168.0.11...192.168.0.31  IKEv1/2, dpddelay=120s
Sphynx-amon_1-adm-eth1:   local:  [C=fr, O=gouv, OU=education, OU=ac-test, CN=sphynx] uses public key authentication
Sphynx-amon_1-adm-eth1:    cert:  "C=fr, O=gouv, OU=education, OU=ac-test, CN=sphynx" 
Sphynx-amon_1-adm-eth1:   remote: [C=fr, O=gouv, OU=education, OU=ac-test, CN=amon] uses public key authentication
Sphynx-amon_1-adm-eth1:   child:  172.30.101.0/24 === 10.1.1.0/24 TUNNEL, dpdaction=clear
Security Associations (0 up, 0 connecting):
  none