yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1493492] Re: VPNaaS: ipsec.secrets file permissions prevents LibreSwan from starting

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Thu, 24 Sep 2015 07:31:25 -0000
Reply-to: Bug 1493492 <1493492@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: neutron
       Status: Fix Committed => Fix Released

** Changed in: neutron
    Milestone: None => liberty-rc1

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1493492

Title:
  VPNaaS: ipsec.secrets file permissions prevents LibreSwan from
  starting

Status in neutron:
  Fix Released

Bug description:
  The man pages for ipsec.secrets generally state that the file should
  be owned by root or super-user and access blocked to everyone else
  (chmod 0600).  Recent changes have dealt with the file permissions
  issue. However, in neutron vpnaas the file ownership is that of the
  process and due to strict permission checks through "capabilities",
  this actually results in a failure to establish connections with
  LibreSwan since pluto runs as root. This seems to be LibreSwan
  specific.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1493492/+subscriptions

References

[Bug 1493492] [NEW] VPNaaS: ipsec.secrets file permissions prevents LibreSwan from starting
From: Brent Eagles, 2015-09-08