Bug 636572 - ipsec service is started by default
ipsec service is started by default
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: openswan (Show other bugs)
14
All Linux
low Severity medium
: ---
: ---
Assigned To: Avesh Agarwal
Fedora Extras Quality Assurance
:
Depends On:
Blocks: F14Target
  Show dependency treegraph
 
Reported: 2010-09-22 11:38 EDT by Orion Poplawski
Modified: 2010-11-09 20:06 EST (History)
5 users (show)

See Also:
Fixed In Version: openswan-2.6.29-2.fc14
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-11-09 12:47:17 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Orion Poplawski 2010-09-22 11:38:38 EDT
Description of problem:

The presence of:

# Default-Start:     2 3 4 5

in /etc/rc.d/init.d/ipsec causes it to be started by default. This should be empty, e.g.:

# Default-Start:

Version-Release number of selected component (if applicable):
openswan-2.6.27-1.fc14.x86_64
Comment 1 Avesh Agarwal 2010-09-30 11:43:17 EDT
Fixed and made a new build openswan-2.6.29-2.fc14.
Comment 2 Paul Wouters 2010-09-30 12:07:11 EDT
This conflicts with http://wiki.debian.org/LSBInitScripts

Can Debian/Fedora talk and decide on what the LSB really means?
Comment 3 Paul Wouters 2010-09-30 12:07:42 EDT
just to clarify, Debian wanted us to put the numbers us. Fedora wants us not to put the numbers in......
Comment 5 Orion Poplawski 2010-09-30 12:12:43 EDT
But what decides whether the service is enabled by default or not?
Comment 6 Steve Grubb 2010-09-30 17:16:31 EDT
Unnecessary daemons should not run by default. If you look at /etc/rc.d/init.d/raccoon, you will see that it does not run by default. Pluto is a replacement for it.

There should also be a way for NetworkManager to start pluto if its not running and it needs to be running...
Comment 7 Paul Wouters 2010-09-30 19:09:13 EDT
I understand openswan should not run per default after install. However, debian asked us to change this, because Default-Start is used by their update-rc.d to know what symlinks to create. However, they do not run update-rc.d on package install - the sysadmin does that.

So, as stated above, Fedora and Debian do not agree on the meaning of Default-Start in the LSB, and openswan seems to be stuck in the middle.
Comment 8 Avesh Agarwal 2010-10-13 10:33:11 EDT
(In reply to comment #6)
> 
> There should also be a way for NetworkManager to start pluto if its not running
> and it needs to be running...

Actually NetworkManager-openswan already does this.
Comment 9 Orion Poplawski 2010-10-13 10:41:41 EDT
Same issue in openswan-2.6.29-1.fc13
Comment 10 Avesh Agarwal 2010-10-13 10:45:01 EDT
The patch to fix this issue is only in F14/F15 right now. Once it gets some testing there, I can commit the patch in F13 too.
Comment 11 Orion Poplawski 2010-10-13 10:51:44 EDT
I don't see an update for F14.
Comment 13 Orion Poplawski 2010-10-13 11:00:40 EDT
Can you please submit an update to testing with bodhi?
Comment 14 Fedora Update System 2010-10-13 11:05:55 EDT
openswan-2.6.29-2.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/openswan-2.6.29-2.fc14
Comment 15 Fedora Update System 2010-10-13 17:22:55 EDT
openswan-2.6.29-2.fc14 has been pushed to the Fedora 14 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update openswan'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/openswan-2.6.29-2.fc14
Comment 16 Avesh Agarwal 2010-11-09 12:47:17 EST
Closing this as the issue has been resolved. Please reopen if the issue still persists.
Comment 17 Fedora Update System 2010-11-09 20:06:43 EST
openswan-2.6.29-2.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.