diff options
| author | Alberto Gonzalez Iniesta <agi@inittab.org> | 2015-08-13 11:55:01 +0200 |
|---|---|---|
| committer | Alberto Gonzalez Iniesta <agi@inittab.org> | 2015-08-13 11:55:01 +0200 |
| commit | ef0882c8f90de0ee421ce243b263e806ffb714cc (patch) | |
| tree | 5e94c90a83cbd801a69bf2955b5828dda086ac53 | |
| parent | 73009cc1255a93828980029f964dfd46a6d2fafc (diff) | |
Fix #792907 and improve @.service options
| -rw-r--r-- | debian/changelog | 4 | ||||
| -rw-r--r-- | debian/openvpn@.service | 6 | ||||
| -rwxr-xr-x | debian/rules | 2 |
3 files changed, 10 insertions, 2 deletions
diff --git a/debian/changelog b/debian/changelog index 23c2b61..105b97b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,6 +3,10 @@ openvpn (2.3.8-1) unstable; urgency=medium * debian/control: Move libsystemd-daemon-dev Build-Dep to libsystemd-dev. (Closes: #791904) * New upstream release. (Closes: #791829) + * debian/rules: remove obsolete options (*-path) to configure + * openvpn@.service: Use KillMode=mixed to fix signaling of some plugins. + (Closes: #792907). Also add PrivateTmp & LimitNPROC options. + Thanks Daniel Hahler for the patch. -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 10 Aug 2015 16:46:20 +0200 diff --git a/debian/openvpn@.service b/debian/openvpn@.service index 07f9e5b..b438168 100644 --- a/debian/openvpn@.service +++ b/debian/openvpn@.service @@ -7,12 +7,16 @@ Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO [Service] +PrivateTmp=true +KillMode=mixed Type=forking -ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.conf +ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.conf --writepid /run/openvpn-%i.pid +PIDFile=/run/openvpn-%i.pid ExecReload=/bin/kill -HUP $MAINPID WorkingDirectory=/etc/openvpn ProtectSystem=yes CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH +LimitNPROC=10 DeviceAllow=/dev/null rw DeviceAllow=/dev/net/tun rw diff --git a/debian/rules b/debian/rules index ba759c2..984c60c 100755 --- a/debian/rules +++ b/debian/rules @@ -14,7 +14,7 @@ export DEB_BUILD_MAINT_OPTIONS = hardening=+all dh $@ --with systemd override_dh_auto_configure: - dh_auto_configure -- $(shell dpkg-buildflags --export=configure) --enable-password-save --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) --prefix=/usr --mandir=\$${prefix}/share/man --with-ifconfig-path=/sbin/ifconfig $(ROUTE_ARGS) --with-plugindir=\$${prefix}/lib/openvpn --includedir=\$${prefix}/include/openvpn --enable-pkcs11 --enable-x509-alt-username --enable-systemd + dh_auto_configure -- $(shell dpkg-buildflags --export=configure) --enable-password-save --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) --prefix=/usr --mandir=\$${prefix}/share/man --with-plugindir=\$${prefix}/lib/openvpn --includedir=\$${prefix}/include/openvpn --enable-pkcs11 --enable-x509-alt-username --enable-systemd override_dh_auto_build: |