summaryrefslogtreecommitdiff
path: root/debian/openvpn@.service
diff options
context:
space:
mode:
authorBernhard Schmidt <berni@debian.org>2019-02-20 14:32:33 +0100
committerBernhard Schmidt <berni@debian.org>2019-02-20 14:32:33 +0100
commit99c03fd1819e604fada367d984322c464041478b (patch)
treeb119fa5140d905cb0abe13adca51b62afac114d5 /debian/openvpn@.service
parent89368d36202104dd4bc3827ab0611b229de05b27 (diff)
openvpn@.service: Bump LimitNPROC to 100
This generally seems to be the wrong knob to protect against runaway forks (as it does not limit per instance, but per user systemwide), but a general mediation is still under discussion. Meanwhile bump the limit for the Debian unit to 100. Upstream openvpn-client@.service and openvpn-server@.service still use 10 See Bug#861923 for discussion.
Diffstat (limited to 'debian/openvpn@.service')
-rw-r--r--debian/openvpn@.service2
1 files changed, 1 insertions, 1 deletions
diff --git a/debian/openvpn@.service b/debian/openvpn@.service
index 70153e1..da7adc7 100644
--- a/debian/openvpn@.service
+++ b/debian/openvpn@.service
@@ -18,7 +18,7 @@ PIDFile=/run/openvpn/%i.pid
KillMode=process
ExecReload=/bin/kill -HUP $MAINPID
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
-LimitNPROC=10
+LimitNPROC=100
DeviceAllow=/dev/null rw
DeviceAllow=/dev/net/tun rw
ProtectSystem=true