Hi Micah, > Thanks for the patch. I think this is mostly a legacy issue (i.e. when > starting the daemon via starter). charon and it's derivatives don't > check whether they are running as root, so it's possible to start them > as any user given the appropriate capabilities are e.g. set on the > executable. > > Thanks for the info, didn't realize starting via starter was the legacy > way of doing it :)
See [1] and [2]. Although, VICI/swanctl can also be used perfectly fine when starting via starter, it will definitely disappear in the long run (charon-systemd [3] will probably become the main daemon on most distros). > > Additionally, some small mods to charon/libstrongswan ensure that charon > > supports starting as a non-root user. > > Looks OK. I've pushed the patch with some minor changes to the > starter-non-root branch. Let me know if that works for you. > > Awesome! Thanks. > > Should I submit another patch for the suggested revisions to the starter > patch (e.g. #ifdef macro name change)? No, the name change is actually already part of the modified patch I pushed to the repo :) And the other ifndef is OK (I suppose we could prefix it with STARTER_ too, but it's not as ambiguous as the other one was). Regards, Tobias [1] https://wiki.strongswan.org/projects/strongswan/wiki/Vici [2] https://wiki.strongswan.org/projects/strongswan/wiki/Swanctl [3] https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd
