diff options
author | Alberto Gonzalez Iniesta <agi@inittab.org> | 2016-01-20 17:30:10 +0100 |
---|---|---|
committer | Alberto Gonzalez Iniesta <agi@inittab.org> | 2016-01-20 17:30:10 +0100 |
commit | c7db1569e9ff2b00683027cda315662304d9d772 (patch) | |
tree | 267f051048f9768575ec0bd0dd41f4b101a3e453 | |
parent | fcbae04d9e2349588b7969572f577d9f3ae72094 (diff) |
Fix #795313
-rw-r--r-- | debian/changelog | 2 | ||||
-rw-r--r-- | debian/openvpn@.service | 2 |
2 files changed, 3 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog index 06b2a6d..cc36009 100644 --- a/debian/changelog +++ b/debian/changelog @@ -7,6 +7,8 @@ openvpn (2.3.10-1) unstable; urgency=medium * Increase start-stop-daemon timeout on stop to let openvpn tear down the connection properly in some cases. (Closes: #799592, #796914) + * Add CAP_AUDIT_WRITE to openvpn@.service CapabilityBoundingSet + to fix auth-pam plugin. (Closes: #795313) -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 20 Jan 2016 12:01:36 +0100 diff --git a/debian/openvpn@.service b/debian/openvpn@.service index 1bb70b8..c60f785 100644 --- a/debian/openvpn@.service +++ b/debian/openvpn@.service @@ -15,7 +15,7 @@ PIDFile=/run/openvpn/%i.pid ExecReload=/bin/kill -HUP $MAINPID WorkingDirectory=/etc/openvpn ProtectSystem=yes -CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH +CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_AUDIT_WRITE LimitNPROC=10 DeviceAllow=/dev/null rw DeviceAllow=/dev/net/tun rw |