Hello, I was wondering if you could help me about a problem I have. I'm working on StrongSwan 5.0.4 and I was trying to run the test suite with a different configuration. In fact, I wanted to test the solution with charon running as another user/group than root. So, I added three options to the CONFIG_OPTS variable in testing/scripts/recipes/xxx_strongswan.mk(--with-user=charon --with-group=charon --with-capabilities=libcap) and one line at the end of the script testing/scripts/build-baseimage (execute_chroot "useradd charon", to be sure that the user charon exists).
However, when I run the test suite, most of the tests fail when trying to run the ping command. It says: "ping: sendmsg: Operation not permitted" In the xx.daemon.log, I always have the same message: updown: iptables v1.4.14: can't initialize iptables table `filter': Permission denied (you must be root) updown: Perhaps iptables or your kernel needs to be upgraded. When I checked on the hosts, I realized that the file /etc/iptables.rules has the following default policy: # default policy is DROP -P INPUT DROP -P OUTPUT DROP -P FORWARD DROP If I change from DROP to ACCEPT on both sides, ping works. Am I doing something wrong / forgetting an option or something? Or doesn't the test suite work with these three options? Best regards, Anaƫlle
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
