[Swan-dev] nsrun --ns overwriting host's /etc/ipsec.* files :(
Andrew Cagney
andrew.cagney at gmail.com
Thu Sep 24 17:46:57 UTC 2020
On Thu, 24 Sep 2020 at 13:22, Paul Wouters <paul at nohats.ca> wrote:
> strongswan is installed on my host but it happens too on ikev2-05-basic-psk
>
>
Right. However, regardless of the below, swan-prep was completely deleting
/etc/strongswan. I see 2160e1389f893094831169418f4d02fd7bbf8bb8 has since
fixed it.
> On Sep 24, 2020, at 13:08, Andrew Cagney <andrew.cagney at gmail.com> wrote:
>
>
> Some of the old code used lsw_cp_file() some did not. Do you have a
> mysterious /etc/strongswan directory?
>
> On Thu, 24 Sep 2020 at 12:19, Paul Wouters <paul at nohats.ca> wrote:
>
>>
>> I ended up a few times with test configs on my laptop's /etc/ipsec.*
>> files.
>>
>> I did some testing and found out that kvmrunner.py does not do this, but
>> nsrun --ns does. I made the host files immutable after restoring them and
>> I
>> see this in the test when using nsrun:
>>
>> /testing/guestbin/swan-prep
>> Traceback (most recent call last):
>> File "/testing/guestbin/swan-prep", line 380, in <module>
>> copy_config_file(hostname, testpath, "/etc/ipsec.conf")
>> File "/testing/guestbin/swan-prep", line 162, in copy_config_file
>> shutil.copy(src, config_path)
>> File "PATH/lib64/python3.9/shutil.py", line 415, in copy
>> copyfile(src, dst, follow_symlinks=follow_symlinks)
>> File "PATH/lib64/python3.9/shutil.py", line 261, in copyfile
>> with open(src, 'rb') as fsrc, open(dst, 'wb') as fdst:
>> PermissionError: [Errno 1] Operation not permitted: '/etc/ipsec.conf'
>> east #
>>
>>
>> bisecting this lead to this commit breaking it:
>>
>> commit 1e0b14ec0b20c3ba93d41071c1bd2aee05bdcfbc (HEAD)
>> Author: Andrew Cagney <cagney at gnu.org>
>> Date: Wed Sep 16 20:19:37 2020 -0400
>>
>> testing: cleanup swan-prep's code looking for config files in ./,
>> baseconfigs/, ...
>>
>>
>> Paul
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20200924/f2a41b22/attachment.html>
More information about the Swan-dev
mailing list