[strongSwan] agent plugin requires CAP_DAC_OVERRIDE capability

xalloc xalloc at protonmail.com
Wed May 15 17:11:15 CEST 2019

Hello, I'm tring to run Strongswan unprivileged following your guide.
I already added user and group in strongswan.conf and changed the files owner.
When I start the vpn or do "swanctl -q" two messages appear:
"agent plugin requires CAP_DAC_OVERRIDE capability" and "plugin agent failed to load - agent_plugin_create returned NULL".

I'm on Ubuntu 19.04, already set to "complain" the apparmor module for charon.

Also the command "getpcaps $(pidof charon)" gives:
cap_dac_override, cap_net_admin, cap_net_raw+eip

What else am I missing?

More information about the Users mailing list