DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
2,643 Commits 15 Branches 0 Tags
master
Commit Graph

9 Commits

Author SHA1 Message Date
Francois Marier
1f417ea829 Fix AppArmor profile for Debian unstable 2019-02-25 09:07:54 -08:00
Franck Joncourt
861111bd1e Fix apparmor profil for Ubuntu 
Refer to https://bugs.launchpad.net/ubuntu/+source/fwknop/+bug/1598506
 2016-11-11 22:19:02 +01:00
alteman
4855202c98 Fix Ubuntu AppArmor regression 
Error: 
$ sudo fwknopd -f -c /etc/fwknop/fwknopd.conf 
Starting fwknopd
Added jump rule from chain: INPUT to chain: FWKNOP_INPUT
iptables 'comment' match is available
Sniffing interface: ppp0
[*] pcap_open_live() error: ppp0: You don't have permission to capture on that device (socket: Permission denied)

Syslog:

[...] kernel: [...] type=1400 audit([...]): apparmor="DENIED" operation="create" profile="/usr/sbin/fwknopd" pid=[...] comm="fwknopd" family="packet" sock_type="dgram" protocol=768
 2016-02-04 00:55:39 +03:00
Ilya Tumaykin
f757b4ebda extras: adjust 'localstatedir' value for the AppArmor profile 
Comments in the shipped AppArmor profile state that fwknopd is assumed
to be built with 'localstatedir=/var', which is misleading for several
reasons:

* AppArmor profile assumes that fwknopd's pidfile and digest cache are
under /run/fwknop by the looks of it, i.e. 'localstatedir' is '/run'.

* By default these files are placed under /var/run/fwknop. Thus this
profile implicitly relies on the existence of '/var/run -> /run' symlink
and won't work otherwise when 'localstatedir' is '/var'

Since GitHub PR#152 was merged, 'localstatedir' can be simply set to
'/run' for AppArmor users to avoid this confusion. This changeset does
it.

If anyone had it working before, they should have it working now as the
shipped AppArmor profile required /run existence before as well.
 2015-04-20 14:32:37 +03:00
Michael Rash
46e8428e01 [extras] allow configure wrapper to pass on args to the configure script 2014-03-17 22:06:31 -04:00
Michael Rash
cba2873e22 AppArmor profile update to allow GnuPG link operations, closes #109 
This fix was submitted by Raybuntu through github.
 2013-11-22 22:36:17 -05:00
Michael Rash
af3d4fa926 minor extras/apparmor configure_args.sh path typo fix 2013-11-14 09:55:43 -05:00
Michael Rash
10ac35b344 added extras/apparmor configure_args.sh helper script for building fwknop with args that AppArmor expects 2013-11-14 09:54:38 -05:00
Michael Rash
a5c308f9c5 Added AppArmor policy 
This commit adds an AppArmor policy that is known to work in Debian and Ubuntu
systems.  The original version of this policy was contributed by Radostan Riedel
to the fwknop mailing list.
 2013-08-18 22:58:10 -04:00