main/strongswan: run as non-root

Make charon use 'ipsec' user and group, and enable the libcap support as few capabilities need to be retained for configuring IPsec SAs in to kernel. This also introduces charon.initd which starts charon daemon only and uses swanctl for configuration. It is a little bit more light weight than running the 'starter' which seems to be deprecated. Also the config format is completely different, but more flexible and extensive.
author: Timo Teräs <timo.teras@iki.fi> 2015-05-01 05:01:20 +0000
committer: Timo Teräs <timo.teras@iki.fi> 2015-05-01 05:11:03 +0000
commit: 1cdfa2e4073e45686ec4ce62e46c9d6ebc76b8f9 (patch)
tree: fa3752e9300dea212241ca0e282bd5f9bc1266bf /main/strongswan/strongswan.initd
parent: c3d7d0d514e68332b5b9d81a08b6919ac35f23fa (diff)
download: aports-1cdfa2e4073e45686ec4ce62e46c9d6ebc76b8f9.tar.bz2
aports-1cdfa2e4073e45686ec4ce62e46c9d6ebc76b8f9.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/main/strongswan/strongswan.initd b/main/strongswan/strongswan.initd
index 4220eac7fa..dfe7add8ec 100644
--- a/main/strongswan/strongswan.initd
+++ b/main/strongswan/strongswan.initd
@@ -3,6 +3,7 @@
 depend() {
 	need net
 	after firewall
+	provide ipsec
 }
 
 start() {
author	Timo Teräs <timo.teras@iki.fi>	2015-05-01 05:01:20 +0000
committer	Timo Teräs <timo.teras@iki.fi>	2015-05-01 05:11:03 +0000
commit	1cdfa2e4073e45686ec4ce62e46c9d6ebc76b8f9 (patch)
tree	fa3752e9300dea212241ca0e282bd5f9bc1266bf /main/strongswan/strongswan.initd
parent	c3d7d0d514e68332b5b9d81a08b6919ac35f23fa (diff)
download	aports-1cdfa2e4073e45686ec4ce62e46c9d6ebc76b8f9.tar.bz2 aports-1cdfa2e4073e45686ec4ce62e46c9d6ebc76b8f9.tar.xz