> Ok, it's running now. The cause was not the move from 4.0 -> 4.1, but > the move from a diskful to a diskless setup: The machine mounts its root > fs via nfs.
WHAT?!?!?! What the heck kind of security-minded sanity check would fail based on the underlying VFS? Did you eventually get a PR open on this? ~BAS > This runs just fine, except for isakmpd: It silently does > not read any certificates from a NFS mounted directory. After moving > /etc/isakmpd to a ramdisk, ipsec runs fine as well. > > Question: Is this a bug or a feature? If it is a feature, it really > should be documented. If it is a bug, i am unable to fix it. I started > digging into isakmpd's sources, but failed to further trace things in > monitor.c's forking and privilege separation. > > Regards, > > Heinrich
