Bug 1777474
Summary: | ipsec service does not work correctly when seccomp filtering is enabled | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Ondrej Moriš <omoris> |
Component: | libreswan | Assignee: | Paul Wouters <pwouters> |
Status: | CLOSED DUPLICATE | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
Severity: | medium | Docs Contact: | Mirek Jahoda <mjahoda> |
Priority: | medium | ||
Version: | 8.2 | CC: | jaster, mjahoda, omoris, pasik, pvrabec, pwouters, qe-baseos-security |
Target Milestone: | rc | Keywords: | Triaged |
Target Release: | 8.0 | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Known Issue | |
Doc Text: |
.`Libreswan` does not work properly with `seccomp=enabled` on all configurations
The set of allowed syscalls in the `Libreswan` SECCOMP support implementation is currently not complete. Consequently, when SECCOMP is enabled in the `ipsec.conf` file, the syscall filtering rejects even syscalls needed for the proper functioning of the `pluto` daemon; the daemon is killed, and the `ipsec` service is restarted.
To work around this problem, set the `seccomp=` option back to the `disabled` state. SECCOMP support must remain disabled to run `ipsec` properly.
|
Story Points: | --- |
Clone Of: | 1544463 | Environment: | |
Last Closed: | 2020-05-26 14:11:30 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1820206 | ||
Bug Blocks: |
Description
Ondrej Moriš
2019-11-27 16:02:28 UTC
will be in 3.30 upstream, come in via rebase *** This bug has been marked as a duplicate of bug 544463 *** *** This bug has been marked as a duplicate of bug 1544463 *** |