Fix #792907 and improve @.service options

author: Alberto Gonzalez Iniesta <agi@inittab.org> 2015-08-13 11:55:01 +0200
committer: Alberto Gonzalez Iniesta <agi@inittab.org> 2015-08-13 11:55:01 +0200
commit: ef0882c8f90de0ee421ce243b263e806ffb714cc (patch)
tree: 5e94c90a83cbd801a69bf2955b5828dda086ac53 /debian/openvpn@.service
parent: 73009cc1255a93828980029f964dfd46a6d2fafc (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/debian/openvpn@.service b/debian/openvpn@.service
index 07f9e5b..b438168 100644
--- a/debian/openvpn@.service
+++ b/debian/openvpn@.service
@@ -7,12 +7,16 @@ Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
 Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
 
 [Service]
+PrivateTmp=true
+KillMode=mixed
 Type=forking
-ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.conf
+ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.conf --writepid /run/openvpn-%i.pid
+PIDFile=/run/openvpn-%i.pid
 ExecReload=/bin/kill -HUP $MAINPID
 WorkingDirectory=/etc/openvpn
 ProtectSystem=yes
 CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH
+LimitNPROC=10
 DeviceAllow=/dev/null rw
 DeviceAllow=/dev/net/tun rw
author	Alberto Gonzalez Iniesta <agi@inittab.org>	2015-08-13 11:55:01 +0200
committer	Alberto Gonzalez Iniesta <agi@inittab.org>	2015-08-13 11:55:01 +0200
commit	ef0882c8f90de0ee421ce243b263e806ffb714cc (patch)
tree	5e94c90a83cbd801a69bf2955b5828dda086ac53 /debian/openvpn@.service
parent	73009cc1255a93828980029f964dfd46a6d2fafc (diff)