Hi Micah, Thanks for the patch. I think this is mostly a legacy issue (i.e. when starting the daemon via starter). charon and it's derivatives don't check whether they are running as root, so it's possible to start them as any user given the appropriate capabilities are e.g. set on the executable.
> This patch allows for giving strongSwan only the runtime capabilities it > needs, rather than full root privileges. Does this provide a particular advantage over starting as root and then change to a non-root user/group while keeping the required capabilities? Do you build with --with-capabilities? > Adds preprocessor directives which allow strongSwan to be configured to > 1) start up as a non-root user I guess we could also just remove that check. However, an #ifdef is OK too, but perhaps name it differently (e.g. STARTER_ALLOW_NON_ROOT), because it's specific to starter and it doesn't "start" the daemon non-root, it just allows starting starter non-root. > 2) avoid modprobe()'ing IPsec kernel modules into the kernel, which > would normally require root or CAP_SYS_MODULE This stuff is not required anyway, it's just a relict from the early days of strongSwan. Is it a problem, though, if modprobe is called? (The exit status is not checked.) > Additionally, some small mods to charon/libstrongswan ensure that charon > supports starting as a non-root user. Looks OK. I've pushed the patch with some minor changes to the starter-non-root branch. Let me know if that works for you. Regards, Tobias
