[Openswan dev] openswan init script (setup.in) related issues

avesh agarwal avagarwa at redhat.com
Mon Oct 27 13:21:21 EDT 2008

Hi Paul,

During local testing of Openswan, we noticed couple of issues with the 
init script (setup.in) which I am outlining below.

1.  As It can be noticed that two temporary files  
"/var/run/pluto/ipsec_setup.st"  and "/var/run/pluto/ipsec_setup.out" 
are being created  during initialization of Openswan. The file 
"/var/run/pluto/ipsec_setup.st" is being used just to restore a return 
value, whereas "/var/run/pluto/ipsec_setup.out" is used to store some 
output. I think both of these files are really not needed, as  the same 
functionality can be achieved without creating these files. Moreover the 
way, these files are being created, conflicts with selinux policies, 
which is  captured in the redhat bugzilla 466861. So omitting these 
files also avoids conflicts with selinux policies.

2. "/etc/init.d/ipsec version" command does not output any version 
number, even though I found that the  "--version" option is there in the 
init file.

3. Similarly, I found that "/etc/init.d/ipsec help" does not work.

4. Another thing is that we feel that the organization of the init 
script could be improved so that It becomes much more easy to handle 
with and also much more readable.

I have attached a patch with this email, which addresses the above 
issues. I have tested it locally and it seems to be working fine.

I would be very happy to know your views.

Thanks and Regards

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: openswan-2.6-466861.patch
Url: http://lists.openswan.org/pipermail/dev/attachments/20081027/82e57bf6/attachment.ksh 

More information about the Dev mailing list