[strongSwan-dev] [PATCH] Allow strongSwan to be spawned as non-root user. (patch file attached)
tobias at strongswan.org
Mon Apr 23 10:42:19 CEST 2018
> Thanks for the patch. I think this is mostly a legacy issue (i.e. when
> starting the daemon via starter). charon and it's derivatives don't
> check whether they are running as root, so it's possible to start them
> as any user given the appropriate capabilities are e.g. set on the
> Thanks for the info, didn't realize starting via starter was the legacy
> way of doing it :)
See  and . Although, VICI/swanctl can also be used perfectly fine
when starting via starter, it will definitely disappear in the long run
(charon-systemd  will probably become the main daemon on most distros).
> > Additionally, some small mods to charon/libstrongswan ensure that charon
> > supports starting as a non-root user.
> Looks OK. I've pushed the patch with some minor changes to the
> starter-non-root branch. Let me know if that works for you.
> Awesome! Thanks.
> Should I submit another patch for the suggested revisions to the starter
> patch (e.g. #ifdef macro name change)?
No, the name change is actually already part of the modified patch I
pushed to the repo :) And the other ifndef is OK (I suppose we could
prefix it with STARTER_ too, but it's not as ambiguous as the other one
More information about the Dev