+++ This bug was initially created as a clone of Bug #1883666 +++ As of libreswan 4.0, the NSS database used is moved from /etc/ipsec.d to /var/lib/nss/ipsec/ This requires a selinux policy addition: /var/lib/ipsec(/.*)? gen_context(system_u:object_r:ipsec_key_file_t,s0) --- Additional comment from Remco Luitwieler on 2020-11-06 06:02:28 UTC --- Fedora 32 has the same problem --- Additional comment from Stuart on 2020-11-06 11:05:55 UTC --- I'm also experiencing this on Fedora 32 after downgrading(reinstalling) from 33 --- Additional comment from Paul Wouters on 2020-11-06 13:38:39 UTC --- as a workaround, you can specify nssdir=/etc/ipsec.d in /etc/ipsec.conf in "config setup" --- Additional comment from Stuart on 2020-11-06 13:44:16 UTC --- Thats good to know. I've already posted this on the libswan's github tracker and a kind sole there gave me the following SELinux workaround: semanage fcontext --add --type ipsec_key_file_t '/var/lib/ipsec(/.*)?' restorecon -rv /var/lib/ipsec And to undo after the package is fixed semanage fcontext --delete --type ipsec_key_file_t '/var/lib/ipsec(/.*)?'
Waiting for the fix being agreed on in https://bugzilla.redhat.com/show_bug.cgi?id=1883666
The fix should be a part of the next package build. *** This bug has been marked as a duplicate of bug 1883666 ***