diff options
| author | Bernhard Schmidt <berni@debian.org> | 2019-03-07 21:38:56 +0100 |
|---|---|---|
| committer | Bernhard Schmidt <berni@debian.org> | 2019-03-07 21:38:56 +0100 |
| commit | cfcec33bd88faeb354a33bd5f8052486ac848f9a (patch) | |
| tree | 8e1ace9a34f5ee12b34416b02d514da67d54c907 /debian/openvpn@.service | |
| parent | 7486cf05cdeb6996fdf249e5a2f15d93a47dbac1 (diff) | |
| parent | a351f71e82badcc71a2ce881bbb97eccfcebc06b (diff) | |
Merge tag 'debian/2.4.7-1' into stretch-backports
openvpn Debian release 2.4.7-1
Diffstat (limited to 'debian/openvpn@.service')
| -rw-r--r-- | debian/openvpn@.service | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/debian/openvpn@.service b/debian/openvpn@.service index 7f0134b..da7adc7 100644 --- a/debian/openvpn@.service +++ b/debian/openvpn@.service @@ -17,8 +17,8 @@ ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 PIDFile=/run/openvpn/%i.pid KillMode=process ExecReload=/bin/kill -HUP $MAINPID -CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE -LimitNPROC=10 +CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE +LimitNPROC=100 DeviceAllow=/dev/null rw DeviceAllow=/dev/net/tun rw ProtectSystem=true |