summaryrefslogtreecommitdiff
path: root/debian/openvpn@.service
diff options
context:
space:
mode:
authorBernhard Schmidt <berni@debian.org>2019-02-20 14:27:32 +0100
committerBernhard Schmidt <berni@debian.org>2019-02-20 14:27:32 +0100
commitd391b6992cfe5223aa58e714ec6710bd63013db4 (patch)
treec8f8119fa796c7a532b78ab05d6e6a135318a26b /debian/openvpn@.service
parent5fd18a24d4e47f0baba4a9b74a6308ca75f9d820 (diff)
Add CAP_AUDIT_WRITE for auth_pam
Same change has been done upstream in 2.4.7 Closes: #868806
Diffstat (limited to 'debian/openvpn@.service')
-rw-r--r--debian/openvpn@.service2
1 files changed, 1 insertions, 1 deletions
diff --git a/debian/openvpn@.service b/debian/openvpn@.service
index 7f0134b..70153e1 100644
--- a/debian/openvpn@.service
+++ b/debian/openvpn@.service
@@ -17,7 +17,7 @@ ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10
PIDFile=/run/openvpn/%i.pid
KillMode=process
ExecReload=/bin/kill -HUP $MAINPID
-CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
+CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
LimitNPROC=10
DeviceAllow=/dev/null rw
DeviceAllow=/dev/net/tun rw