Re: Generic IPSEC vpn plugin

From: Dan Williams <dcbw redhat com>
To: David Woodhouse <dwmw2 infradead org>
Cc: dev openswan org, networkmanager-list gnome org
Subject: Re: Generic IPSEC vpn plugin
Date: Tue, 28 Apr 2009 13:56:26 -0400

On Tue, 2009-04-28 at 18:35 +0100, David Woodhouse wrote:
> On Tue, 2009-04-28 at 12:32 -0400, Dan Williams wrote:
> > That's fine, since NM (and the VPN plugin) would be running as root for
> > the time being.  David woodhouse wants to make them not run as root, but
> > that might only happen for the VPN daemons that don't actually need
> > root.  Sounds like for now, the openswan one would.
> 
> We already have that working for OpenConnect. It's optional, and I
> haven't changed any other VPN dæmons to do it.

I assume that would mean the vpn daemon opening the pluto socket before
dropping privs, right?

Dan

References:
- Generic IPSEC vpn plugin
  - From: Peter Robinson
- Re: Generic IPSEC vpn plugin
  - From: Paul Wouters
- Re: Generic IPSEC vpn plugin
  - From: David Woodhouse
- Re: Generic IPSEC vpn plugin
  - From: Dan Williams
- Re: Generic IPSEC vpn plugin
  - From: Paul Wouters
- Re: Generic IPSEC vpn plugin
  - From: Dan Williams
- Re: Generic IPSEC vpn plugin
  - From: Paul Wouters
- Re: Generic IPSEC vpn plugin
  - From: Dan Williams
- Re: Generic IPSEC vpn plugin
  - From: David Woodhouse

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]