diff options
| author | Alberto Gonzalez Iniesta <agi@inittab.org> | 2015-07-07 11:54:34 +0200 |
|---|---|---|
| committer | Alberto Gonzalez Iniesta <agi@inittab.org> | 2015-07-07 11:54:34 +0200 |
| commit | 0336c6cfc76634d7d636da11524397ad832180fd (patch) | |
| tree | fae8929eff3210af3361ba6ba52e48f19c9890da | |
| parent | 99445ba3da94a88f49b976ba8996aa33cbc10bb5 (diff) | |
Add upstream improvements to .service filedebian/2.3.7-1
| -rw-r--r-- | debian/openvpn@.service | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/debian/openvpn@.service b/debian/openvpn@.service index a136de9..07f9e5b 100644 --- a/debian/openvpn@.service +++ b/debian/openvpn@.service @@ -2,6 +2,9 @@ Description=OpenVPN connection to %i PartOf=openvpn.service ReloadPropagatedFrom=openvpn.service +Documentation=man:openvpn(8) +Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage +Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO [Service] Type=forking @@ -9,6 +12,9 @@ ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 ExecReload=/bin/kill -HUP $MAINPID WorkingDirectory=/etc/openvpn ProtectSystem=yes +CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH +DeviceAllow=/dev/null rw +DeviceAllow=/dev/net/tun rw [Install] WantedBy=multi-user.target |