Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 713694

Summary: net-vpn/libreswan: seccomp not enabled by USE flag
Product: Gentoo Linux Reporter: Sam James <sam>
Component: Current packagesAssignee: Hans de Graaff <graaff>
Status: UNCONFIRMED ---    
Severity: normal CC: jstein
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 713688    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-20 20:57:49 UTC
libreswan seems to compile with seccomp with USE=seccomp, but this is not seemingly enough to actually enable it at runtime.

Manual [0]:
>The current default is disabled, but it is expected that in the future this feature will be enabled on all supported operating systems. Similarly, it is expected that further privilege separation will reduce the allowed syscalls - for example for the crypto helpers or DNS helpers. 

[0] https://libreswan.org/man/ipsec.conf.5.html
Comment 1 Hans de Graaff gentoo-dev Security 2020-06-27 06:59:14 UTC
It is not clear to me what the issue is here.