New commits:
commit 809cde3f633b00129593107fe2b2727ae1e48286
Author: Paul Wouters <[email protected]>
Date: Wed Mar 26 00:16:33 2014 -0400
pluto: Create socket before dropping CAP_DAC_OVERRIDE for openstack
This is to facilitate openstack that generates dynamic pluto
configurations and uses --ctlbase /some/parent/dir where /some/parent
is owned by the user neutron, not root. When we drop CAP_DAC_OVERRIDE,
even root is not allowed to write files in directories it does not own.
Note that in such a deployment, pluto is prevented from cleaning up on
shutdown because it is also not allowed to remove the pid and socket
files, so whoever created /some/parent should also cleanup after pluto
has shut down.
This is https://bugzilla.redhat.com/show_bug.cgi?id=1041576
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
