From 4855202c98d4f448cc919b8429955b114faee228 Mon Sep 17 00:00:00 2001
From: alteman <kirill.novichikhin+alteman@gmail.com>
Date: Thu, 4 Feb 2016 00:55:39 +0300
Subject: [PATCH] Fix Ubuntu AppArmor regression

Error:
$ sudo fwknopd -f -c /etc/fwknop/fwknopd.conf
Starting fwknopd
Added jump rule from chain: INPUT to chain: FWKNOP_INPUT
iptables 'comment' match is available
Sniffing interface: ppp0
[*] pcap_open_live() error: ppp0: You don't have permission to capture on that device (socket: Permission denied)

Syslog:

[...] kernel: [...] type=1400 audit([...]): apparmor="DENIED" operation="create" profile="/usr/sbin/fwknopd" pid=[...] comm="fwknopd" family="packet" sock_type="dgram" protocol=768
---
 extras/apparmor/usr.sbin.fwknopd | 1 +
 1 file changed, 1 insertion(+)

diff --git a/extras/apparmor/usr.sbin.fwknopd b/extras/apparmor/usr.sbin.fwknopd
index e0aba356..73f4aff6 100644
--- a/extras/apparmor/usr.sbin.fwknopd
+++ b/extras/apparmor/usr.sbin.fwknopd
@@ -12,6 +12,7 @@
 
   network inet raw,
   network packet raw,
+  network packet dgram,
 
   /bin/dash rix,
   /bin/bash rix,