[strongSwan-dev] Problems on test suite when running it with options --with-user and --with-group

Anaelle POGNOT anaellepognot at gmail.com
Wed Aug 7 17:29:50 CEST 2013


I was wondering if you could help me about a problem I have.
I'm working on StrongSwan 5.0.4 and I was trying to run the test suite with
a different configuration. In fact, I wanted to test the solution with
charon running as another user/group than root. So, I added three options
to the CONFIG_OPTS variable in
--with-group=charon --with-capabilities=libcap) and one
line at the end of the script testing/scripts/build-baseimage
(execute_chroot "useradd charon", to be sure that the user charon exists).

However, when I run the test suite, most of the tests fail when trying to
run the ping command. It says:
"ping: sendmsg: Operation not permitted"

In the xx.daemon.log, I always have the same message:
updown: iptables v1.4.14: can't initialize iptables table `filter':
Permission denied (you must be root)
updown: Perhaps iptables or your kernel needs to be upgraded.

When I checked on the hosts, I realized that the file /etc/iptables.rules
has the following default policy:
# default policy is DROP
If I change from DROP to ACCEPT on both sides, ping works.

Am I doing something wrong / forgetting an option or something? Or doesn't
the test suite work with these three options?

Best regards,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20130807/c50dd778/attachment.html>

More information about the Dev mailing list