[strongSwan-dev] Problems on test suite when running it with options --with-user and --with-group
Anaelle POGNOT
anaellepognot at gmail.com
Wed Aug 7 17:29:50 CEST 2013
Hello,
I was wondering if you could help me about a problem I have.
I'm working on StrongSwan 5.0.4 and I was trying to run the test suite with
a different configuration. In fact, I wanted to test the solution with
charon running as another user/group than root. So, I added three options
to the CONFIG_OPTS variable in
testing/scripts/recipes/xxx_strongswan.mk(--with-user=charon
--with-group=charon --with-capabilities=libcap) and one
line at the end of the script testing/scripts/build-baseimage
(execute_chroot "useradd charon", to be sure that the user charon exists).
However, when I run the test suite, most of the tests fail when trying to
run the ping command. It says:
"ping: sendmsg: Operation not permitted"
In the xx.daemon.log, I always have the same message:
updown: iptables v1.4.14: can't initialize iptables table `filter':
Permission denied (you must be root)
updown: Perhaps iptables or your kernel needs to be upgraded.
When I checked on the hosts, I realized that the file /etc/iptables.rules
has the following default policy:
# default policy is DROP
-P INPUT DROP
-P OUTPUT DROP
-P FORWARD DROP
If I change from DROP to ACCEPT on both sides, ping works.
Am I doing something wrong / forgetting an option or something? Or doesn't
the test suite work with these three options?
Best regards,
Anaëlle
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20130807/c50dd778/attachment.html>
More information about the Dev
mailing list