diff options
author | Bernhard Schmidt <berni@debian.org> | 2019-02-20 14:32:33 +0100 |
---|---|---|
committer | Bernhard Schmidt <berni@debian.org> | 2019-02-20 14:32:33 +0100 |
commit | 99c03fd1819e604fada367d984322c464041478b (patch) | |
tree | b119fa5140d905cb0abe13adca51b62afac114d5 /debian | |
parent | 89368d36202104dd4bc3827ab0611b229de05b27 (diff) |
openvpn@.service: Bump LimitNPROC to 100
This generally seems to be the wrong knob to protect against runaway
forks (as it does not limit per instance, but per user systemwide), but
a general mediation is still under discussion. Meanwhile bump the limit
for the Debian unit to 100.
Upstream openvpn-client@.service and openvpn-server@.service still use
10
See Bug#861923 for discussion.
Diffstat (limited to 'debian')
-rw-r--r-- | debian/openvpn@.service | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/debian/openvpn@.service b/debian/openvpn@.service index 70153e1..da7adc7 100644 --- a/debian/openvpn@.service +++ b/debian/openvpn@.service @@ -18,7 +18,7 @@ PIDFile=/run/openvpn/%i.pid KillMode=process ExecReload=/bin/kill -HUP $MAINPID CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE -LimitNPROC=10 +LimitNPROC=100 DeviceAllow=/dev/null rw DeviceAllow=/dev/net/tun rw ProtectSystem=true |