summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlberto Gonzalez Iniesta <agi@inittab.org>2016-01-20 17:30:10 +0100
committerAlberto Gonzalez Iniesta <agi@inittab.org>2016-01-20 17:30:10 +0100
commitc7db1569e9ff2b00683027cda315662304d9d772 (patch)
tree267f051048f9768575ec0bd0dd41f4b101a3e453
parentfcbae04d9e2349588b7969572f577d9f3ae72094 (diff)
Fix #795313
-rw-r--r--debian/changelog2
-rw-r--r--debian/openvpn@.service2
2 files changed, 3 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog
index 06b2a6d..cc36009 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,8 @@ openvpn (2.3.10-1) unstable; urgency=medium
* Increase start-stop-daemon timeout on stop to let openvpn
tear down the connection properly in some cases.
(Closes: #799592, #796914)
+ * Add CAP_AUDIT_WRITE to openvpn@.service CapabilityBoundingSet
+ to fix auth-pam plugin. (Closes: #795313)
-- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 20 Jan 2016 12:01:36 +0100
diff --git a/debian/openvpn@.service b/debian/openvpn@.service
index 1bb70b8..c60f785 100644
--- a/debian/openvpn@.service
+++ b/debian/openvpn@.service
@@ -15,7 +15,7 @@ PIDFile=/run/openvpn/%i.pid
ExecReload=/bin/kill -HUP $MAINPID
WorkingDirectory=/etc/openvpn
ProtectSystem=yes
-CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH
+CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_AUDIT_WRITE
LimitNPROC=10
DeviceAllow=/dev/null rw
DeviceAllow=/dev/net/tun rw