Add option for dropping capability

Change-Id: Ia599762b6b92307d9e87b8ef2836db12051a3567
Signed-off-by: Yu jiung <jiung.yu@samsung.com>

diff --git a/conf/options/charon-logging.conf b/conf/options/charon-logging.conf
index 24b68bd..2acf1eb 100644 (file)
--- a/conf/options/charon-logging.conf
+++ b/conf/options/charon-logging.conf
@@ -5,7 +5,7 @@ charon {
     filelog {
 
         # <filename> is the full path to the log file.
-        /var/log/charon.log {
+        /opt/usr/data/network/charon.log {
 
             # Loglevel for a specific subsystem.
             # <subsystem> = <default>

diff --git a/conf/options/charon.conf b/conf/options/charon.conf
index 9c52d8f..1f58a9c 100644 (file)
--- a/conf/options/charon.conf
+++ b/conf/options/charon.conf
@@ -64,7 +64,7 @@ charon {
     # fragment_size = 1280
 
     # Name of the group the daemon changes to after startup.
-    # group =
+    group = network_fw
 
     # Timeout in seconds for connecting IKE_SAs (also see IKE_SA_INIT DROPPING).
     # half_open_timeout = 30
@@ -240,7 +240,7 @@ charon {
     # threads = 16
 
     # Name of the user the daemon changes to after startup.
-    # user =
+    user = network_fw
 
     crypto_test {
 

diff --git a/packaging/strongswan.spec b/packaging/strongswan.spec
index 950ff1f..7bbd331 100755 (executable)
--- a/packaging/strongswan.spec
+++ b/packaging/strongswan.spec
@@ -1,7 +1,7 @@
 Name:       strongswan
 Summary:    StrongSwan - An OpenSource IPsec-based VPN Solution
 Version:    5.5.1
-Release:    2
+Release:    3
 Group:      Security/Service
 License:    GPL-2.0+
 URL:        http://www.strongswan.org/
@@ -15,6 +15,7 @@ BuildRequires:  pkgconfig(openssl)
 #BuildRequires:  pkgconfig(sqlite3)
 #BuildRequires:  pkgconfig(cert-svc)
 #BuildRequires:  pkgconfig(secure-storage)
+BuildRequires:  pkgconfig(libcap)
 BuildRequires:  bison
 BuildRequires:  gperf
 BuildRequires:  flex
@@ -34,7 +35,7 @@ cp -a %{SOURCE1001} .
 export CFLAGS="${CFLAGS} -fPIE"
 export LDFLAGS="${LDFLAGS} -pie %{?asan:-lpthread}"
 
-%configure --libexecdir=%{_bindir} --with-ipsecdir=%{_bindir} --with-ipseclibdir=%{_libdir} --with-strongswan-conf=%{_sysconfdir}/strongswan.conf --enable-monolithic --enable-openssl --enable-unity --disable-gmp --disable-pki --disable-stroke --disable-swanctl
+%configure --libexecdir=%{_bindir} --with-ipsecdir=%{_bindir} --with-ipseclibdir=%{_libdir} --with-strongswan-conf=%{_sysconfdir}/strongswan.conf --enable-monolithic --enable-openssl --enable-unity --disable-gmp --disable-pki --disable-stroke --with-capabilities=libcap --with-user=network_fw --with-group=network_fw
 
 make %{?_smp_mflags}
 
@@ -54,18 +55,18 @@ rm -rf %{buildroot}%{_libdir}/libvici.so
 %files
 %manifest strongswan.manifest
 %license LICENSE
-%defattr(-,root,root)
+%defattr(-,network_fw,network_fw)
 %config %{_sysconfdir}/strongswan.conf
-%attr(500,root,root) %{_bindir}/*
-%attr(500,root,root) %{_libdir}/libcharon.so.*
-%attr(500,root,root) %{_libdir}/libstrongswan.so.*
-%attr(500,root,root) %{_libdir}/libvici.so.*
+%attr(500,network_fw,network_fw) %{_bindir}/*
+%attr(500,network_fw,network_fw) %{_libdir}/libcharon.so.*
+%attr(500,network_fw,network_fw) %{_libdir}/libstrongswan.so.*
+%attr(500,network_fw,network_fw) %{_libdir}/libvici.so.*
 #%attr(500,root,root) %{_libdir}/libipsec*
 #%attr(500,root,root) %{_libdir}/libsimaka*
 
 /usr/sbin/ipsec
 /etc/strongswan.d/*
-#/etc/swanctl/swanctl.conf
-#/usr/sbin/swanctl
+%attr(500,network_fw,network_fw) /etc/swanctl/swanctl.conf
+%attr(500,network_fw,network_fw) /usr/sbin/swanctl
 
 %changelog