Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 424373 - net-misc/strongswan-5.0.0 - Outdated description about (non-)root privileges
Summary: net-misc/strongswan-5.0.0 - Outdated description about (non-)root privileges
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Dennis Eisele
Depends on:
Reported: 2012-07-01 12:49 UTC by Ronald
Modified: 2022-01-28 00:14 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Strongswan-5.0.0.ebuild patch correcting the issue (please check!) (strongswan_update_description.patch,1.67 KB, patch)
2012-07-01 12:50 UTC, Ronald
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Ronald 2012-07-01 12:49:00 UTC
The description about the implications of the 'non-root' USE-flag were not updated in the strongswan-5.0.0.ebuild. This could lead to people enabling root privileges were this is not necessary anymore.

Charon, in contrast with pluto, handles routing internally and thus no more requires root privileges for that. Pluto did and thus required these elevated privileges. The description (somewhat incorrectly now) states that this is still required.

The cause of all this is the fact that charon has been taught to deal with ikev1 and pluto has been removed. Effectively it's a merge of pluto into charon.

I have attached an untested patch that fixes this (along with other minor cosmetic changes). 

Is it an idea to create an /etc/sudoers.d/strongswan file and modify ipsec.conf if non-root is enabled? At first we disable the /etc/sudoers.d/strongswan and provide instructions on how to enable it if elevated privileges are required. Is that an 'allowed/correct idea'?

Reproducible: Always
Comment 1 Ronald 2012-07-01 12:50:08 UTC
Created attachment 316867 [details, diff]
Strongswan-5.0.0.ebuild patch correcting the issue (please check!)

This is the first time a created an .ebuild patch. Please check carefully.
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2012-07-03 14:39:13 UTC
Bugzilla says: CC: did not match anything