On Thu, 27 Sep 2007, Brian A. Seklecki wrote:
> > Ok, it's running now. The cause was not the move from 4.0 -> 4.1, but
> > the move from a diskful to a diskless setup: The machine mounts its root
> > fs via nfs.
>
> WHAT?!?!?! What the heck kind of security-minded sanity check would
> fail based on the underlying VFS?
>
> Did you eventually get a PR open on this?
This has to do with a bug in isakmpd, where scanning a dir could skip
files. The bug could only be triggered on nfs mounts.
-Otto
>
> ~BAS
>
>
> > This runs just fine, except for isakmpd: It silently does
> > not read any certificates from a NFS mounted directory. After moving
> > /etc/isakmpd to a ramdisk, ipsec runs fine as well.
> >
> > Question: Is this a bug or a feature? If it is a feature, it really
> > should be documented. If it is a bug, i am unable to fix it. I started
> > digging into isakmpd's sources, but failed to further trace things in
> > monitor.c's forking and privilege separation.
> >
> > Regards,
> >
> > Heinrich
