1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
# rhbz#1313816
west #
mkdir /tmp/rhbz1313816
west #
rm -f /etc/ipsec.d/*.*
west #
# should abort, not crash, due to missing nss
west #
ipsec pluto --rundir /tmp/rhbz1313816 --nofork --stderrlog --log-no-time
Starting Pluto (Libreswan Version ...) pid:PID
operating system: ...
core dump dir: /run/pluto
secrets file: /etc/ipsec.secrets
Initializing NSS using read-only database "sql:/etc/ipsec.d"
FATAL ERROR: NSS: initialization using read-only database "sql:/etc/ipsec.d" failed: SEC_ERROR_BAD_DATABASE: security library: bad database.
west #
# rhbz#1041576 start pluto in dir not owned by root
west #
# should not fail with "pluto: unable to create lock dir:"
west #
# not using /tmp or /var/tmp/ due to specialness of parent dir in test
west #
/testing/guestbin/swan-prep --nokeys
Creating empty NSS database
west #
rm -rf /var/cache/otheruser
west #
mkdir -p /var/cache/otheruser/var/run/pluto /var/cache/otheruser/etc
west #
cp /etc/ipsec.d/*.* /var/cache/otheruser/etc/
west #
mv /etc/ipsec.conf /var/cache/otheruser/etc/
west #
chown -R bin:bin /var/cache/otheruser/var/run/pluto /var/cache/otheruser/etc
west #
chmod -R 755 /var/cache/otheruser
west #
ipsec pluto --rundir /var/cache/otheruser/var/run/pluto --secretsfile /var/cache/otheruser/etc/ipsec.secrets
west #
# give pluto time to start and create its socket and pid files
west #
sleep 3
west #
# show it is running
west #
ipsec whack --rundir /var/cache/otheruser/var/run/pluto --briefstatus
State Information: DDoS cookies not required, Accepting new IKE connections
IKE SAs: total(0), half-open(0), open(0), authenticated(0), anonymous(0)
IPsec SAs: total(0), authenticated(0), anonymous(0)
west #
# shut it down
west #
ipsec whack --rundir /var/cache/otheruser/var/run/pluto --shutdown
Pluto is shutting down
west #
echo "initdone"
initdone
west #
|
