Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 424373

Summary: net-misc/strongswan-5.0.0 - Outdated description about (non-)root privileges
Product: Gentoo Linux Reporter: Ronald <ronald645>
Component: Current packagesAssignee: Patrick Lauer <patrick>
Status: UNCONFIRMED ---    
Severity: minor CC: gurligebis
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-misc/strongswan/strongswan-5.0.0.ebuild?view=markup
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: Strongswan-5.0.0.ebuild patch correcting the issue (please check!)

Description Ronald 2012-07-01 12:49:00 UTC
The description about the implications of the 'non-root' USE-flag were not updated in the strongswan-5.0.0.ebuild. This could lead to people enabling root privileges were this is not necessary anymore.

Charon, in contrast with pluto, handles routing internally and thus no more requires root privileges for that. Pluto did and thus required these elevated privileges. The description (somewhat incorrectly now) states that this is still required.

The cause of all this is the fact that charon has been taught to deal with ikev1 and pluto has been removed. Effectively it's a merge of pluto into charon.

I have attached an untested patch that fixes this (along with other minor cosmetic changes). 

Is it an idea to create an /etc/sudoers.d/strongswan file and modify ipsec.conf if non-root is enabled? At first we disable the /etc/sudoers.d/strongswan and provide instructions on how to enable it if elevated privileges are required. Is that an 'allowed/correct idea'?

Reproducible: Always
Comment 1 Ronald 2012-07-01 12:50:08 UTC
Created attachment 316867 [details, diff]
Strongswan-5.0.0.ebuild patch correcting the issue (please check!)

This is the first time a created an .ebuild patch. Please check carefully.
Comment 2 Jeroen Roovers gentoo-dev 2012-07-03 14:39:13 UTC
Bugzilla says: CC: 	ua_bugz_gentoo@mortal-soul.de did not match anything