VPNaaS: ipsec.secrets file permissions prevents LibreSwan from starting
Bug #1493492 reported by
Brent Eagles
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Undecided
|
Brent Eagles |
Bug Description
The man pages for ipsec.secrets generally state that the file should be owned by root or super-user and access blocked to everyone else (chmod 0600). Recent changes have dealt with the file permissions issue. However, in neutron vpnaas the file ownership is that of the process and due to strict permission checks through "capabilities", this actually results in a failure to establish connections with LibreSwan since pluto runs as root. This seems to be LibreSwan specific.
summary: |
- VPNaaS: ipsec.secrets file should be owned by root/super-user + VPNaaS: ipsec.secrets file permissions prevents LibreSwan from starting |
Changed in neutron: | |
assignee: | nobody → Brent Eagles (beagles) |
tags: | added: vpnaas |
Changed in neutron: | |
milestone: | none → liberty-rc1 |
status: | Fix Committed → Fix Released |
Changed in neutron: | |
milestone: | liberty-rc1 → 7.0.0 |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/222192
Review: https:/