Bug 424373

Summary:	net-misc/strongswan-5.0.0 - Outdated description about (non-)root privileges
Product:	Gentoo Linux	Reporter:	Ronald <ronald645>
Component:	Current packages	Assignee:	Dennis Eisele <kernlpanic>
Status:	RESOLVED FIXED
Severity:	minor	CC:	gurligebis, proxy-maint, rndxelement
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-misc/strongswan/strongswan-5.0.0.ebuild?view=markup
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	Strongswan-5.0.0.ebuild patch correcting the issue (please check!)

Description Ronald 2012-07-01 12:49:00 UTC

The description about the implications of the 'non-root' USE-flag were not updated in the strongswan-5.0.0.ebuild. This could lead to people enabling root privileges were this is not necessary anymore.

Charon, in contrast with pluto, handles routing internally and thus no more requires root privileges for that. Pluto did and thus required these elevated privileges. The description (somewhat incorrectly now) states that this is still required.

The cause of all this is the fact that charon has been taught to deal with ikev1 and pluto has been removed. Effectively it's a merge of pluto into charon.

I have attached an untested patch that fixes this (along with other minor cosmetic changes). 

Is it an idea to create an /etc/sudoers.d/strongswan file and modify ipsec.conf if non-root is enabled? At first we disable the /etc/sudoers.d/strongswan and provide instructions on how to enable it if elevated privileges are required. Is that an 'allowed/correct idea'?

Reproducible: Always

Comment 1 Ronald 2012-07-01 12:50:08 UTC

Created attachment 316867 [details, diff]
Strongswan-5.0.0.ebuild patch correcting the issue (please check!)

This is the first time a created an .ebuild patch. Please check carefully.

Comment 2 Jeroen Roovers (RETIRED) gentoo-dev

2012-07-03 14:39:13 UTC

Bugzilla says: CC: 	ua_bugz_gentoo@mortal-soul.de did not match anything