[strongSwan] agent plugin requires CAP_DAC_OVERRIDE capability

xalloc xalloc at protonmail.com
Fri May 17 12:22:54 CEST 2019

I also see now that in Ubuntu/Debian sources "--enable-agent" is there, so I'm clueless.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
Il mercoledì 15 maggio 2019 17:11, xalloc <xalloc at protonmail.com> ha scritto:

> Hello, I'm tring to run Strongswan unprivileged following your guide.
> I already added user and group in strongswan.conf and changed the files owner.
> When I start the vpn or do "swanctl -q" two messages appear:
> "agent plugin requires CAP_DAC_OVERRIDE capability" and "plugin agent failed to load - agent_plugin_create returned NULL".
> I'm on Ubuntu 19.04, already set to "complain" the apparmor module for charon.
> Also the command "getpcaps $(pidof charon)" gives:
> cap_dac_override, cap_net_admin, cap_net_raw+eip
> What else am I missing?

More information about the Users mailing list