openvpn@.service: Bump LimitNPROC to 100

This generally seems to be the wrong knob to protect against runaway forks (as it does not limit per instance, but per user systemwide), but a general mediation is still under discussion. Meanwhile bump the limit for the Debian unit to 100. Upstream openvpn-client@.service and openvpn-server@.service still use 10 See Bug#861923 for discussion.
author: Bernhard Schmidt <berni@debian.org> 2019-02-20 14:32:33 +0100
committer: Bernhard Schmidt <berni@debian.org> 2019-02-20 14:32:33 +0100
commit: 99c03fd1819e604fada367d984322c464041478b (patch)
tree: b119fa5140d905cb0abe13adca51b62afac114d5 /debian/openvpn@.service
parent: 89368d36202104dd4bc3827ab0611b229de05b27 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/debian/openvpn@.service b/debian/openvpn@.service
index 70153e1..da7adc7 100644
--- a/debian/openvpn@.service
+++ b/debian/openvpn@.service
@@ -18,7 +18,7 @@ PIDFile=/run/openvpn/%i.pid
 KillMode=process
 ExecReload=/bin/kill -HUP $MAINPID
 CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
-LimitNPROC=10
+LimitNPROC=100
 DeviceAllow=/dev/null rw
 DeviceAllow=/dev/net/tun rw
 ProtectSystem=true
author	Bernhard Schmidt <berni@debian.org>	2019-02-20 14:32:33 +0100
committer	Bernhard Schmidt <berni@debian.org>	2019-02-20 14:32:33 +0100
commit	99c03fd1819e604fada367d984322c464041478b (patch)
tree	b119fa5140d905cb0abe13adca51b62afac114d5 /debian/openvpn@.service
parent	89368d36202104dd4bc3827ab0611b229de05b27 (diff)