There appears to be a bug from upstream in openswan-2.4.9. The shell script /usr/lib/ipsec/_realsetup is missing two dollar signs starting on line 196: mkdir -p rundir > /dev/null 2>/dev/null mkdir -p subsysdir > /dev/null 2>/dev/null which results in the creation of two directories literally named "rundir" and "subsysdir". In order to solve the problem, I propose that the contents of the following patch be incorporated into the extant net-misc/openswan/files/openswan-2.4.9-gentoo.patch : diff -Naur openswan-2.4.9.original/programs/_realsetup/_realsetup.in openswan-2.4.9/programs/_realsetup/_realsetup.in --- openswan-2.4.9.original/programs/_realsetup/_realsetup.in 2007-06-19 11:18:52.000000000 -0400 +++ openswan-2.4.9/programs/_realsetup/_realsetup.in 2007-09-25 21:01:16.000000000 -0400 @@ -193,8 +193,8 @@ # preliminaries perform rm -f $lock - mkdir -p rundir > /dev/null 2>/dev/null - mkdir -p subsysdir > /dev/null 2>/dev/null + mkdir -p $rundir > /dev/null 2>/dev/null + mkdir -p $subsysdir > /dev/null 2>/dev/null # the meaning of $$ at a different runtime is questionable! perform echo '$$' ">" $lock Reproducible: Always Steps to Reproduce: 1. Become root, change into root's home directory, and observe that there exist no directories "rundir" or "subsysdir" chester ~ # whoami root chester ~ # pwd /root chester ~ # ls -ld rundir subsysdir ls: cannot access rundir: No such file or directory ls: cannot access subsysdir: No such file or directory 2. Start openswan. chester ~ # /etc/init.d/ipsec start * Starting IPSEC ... ... ipsec_setup: Starting Openswan IPsec 2.4.9... [ ok ] 3. Observe that the errant directories now exist. chester ~ # ls -ld rundir subsysdir drwxr-xr-x 2 root root 4096 Sep 25 21:15 rundir drwxr-xr-x 2 root root 4096 Sep 25 21:15 subsysdir Actual Results: Errant directories now exist. Expected Results: The aforementioned directories shouldn't be created. Portage 2.1.3.9 (default-linux/x86/2007.0, gcc-4.1.2, glibc-2.5-r4, 2.6.22-gentoo-r5 i686) ================================================================= System uname: 2.6.22-gentoo-r5 i686 Intel(R) Pentium(R) 4 CPU 2.53GHz Timestamp of tree: Tue, 25 Sep 2007 06:20:01 +0000 app-shells/bash: 3.2_p17 dev-lang/python: 2.4.4-r5 dev-python/pycrypto: 2.0.1-r6 sys-apps/baselayout: 1.12.9-r2 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.4_p6, 1.5, 1.7.9-r1, 1.9.6-r2, 1.10 sys-devel/binutils: 2.17-r1 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.21 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-O3 -march=pentium4 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-O3 -march=pentium4 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks metadata-transfer sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://mirror.datapipe.net/gentoo http://mirrors.tds.net/gentoo " PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/opt/portage-overlay" SYNC="rsync://gentoo-rsync.halibutdepot.org/gentoo-portage" USE="acl apache2 berkdb bitmap-fonts cli cracklib crypt cups dri fam fortran gdbm gpm iconv isdnlog midi mudflap ncurses nls nptl nptlonly openmp pam pcre perl pppd python readline reflection session spl ssl tcpd truetype-fonts type1-fonts unicode x86 zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i740 i810 imstt mach64 mga neomagic nsc nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, MAKEOPTS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Fixed in openswan-2.4.9-r1, in which I left the same keywords as in the previous revision. The -r1 version has a pkg_preinst that tries to detect and remove empty {/,/root/,/etc/}{rundir,subsysdir} directories. This code gets executed only if $ROOT==/ and =net-misc/openswan-2.4.9 is installed. Thanks!