Public bug reported:
The man pages for ipsec.secrets generally state that the file should be
owned by root or super-user and access blocked to everyone else (chmod
0600). Recent changes have dealt with the file permissions issue.
However, in neutron vpnaas the file ownership is that of the process and
due to strict permission checks through "capabilities", this actually
results in a failure to establish connections with LibreSwan since pluto
runs as root. This seems to be LibreSwan specific.
** Affects: neutron
Importance: Undecided
Assignee: Brent Eagles (beagles)
Status: New
** Summary changed:
- VPNaaS: ipsec.secrets file should be owned by root/super-user
+ VPNaaS: ipsec.secrets file permissions prevents LibreSwan from starting
** Changed in: neutron
Assignee: (unassigned) => Brent Eagles (beagles)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1493492
Title:
VPNaaS: ipsec.secrets file permissions prevents LibreSwan from
starting
Status in neutron:
New
Bug description:
The man pages for ipsec.secrets generally state that the file should
be owned by root or super-user and access blocked to everyone else
(chmod 0600). Recent changes have dealt with the file permissions
issue. However, in neutron vpnaas the file ownership is that of the
process and due to strict permission checks through "capabilities",
this actually results in a failure to establish connections with
LibreSwan since pluto runs as root. This seems to be LibreSwan
specific.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1493492/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
