From 99c03fd1819e604fada367d984322c464041478b Mon Sep 17 00:00:00 2001 From: Bernhard Schmidt Date: Wed, 20 Feb 2019 14:32:33 +0100 Subject: openvpn@.service: Bump LimitNPROC to 100 This generally seems to be the wrong knob to protect against runaway forks (as it does not limit per instance, but per user systemwide), but a general mediation is still under discussion. Meanwhile bump the limit for the Debian unit to 100. Upstream openvpn-client@.service and openvpn-server@.service still use 10 See Bug#861923 for discussion. --- debian/openvpn@.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/openvpn@.service b/debian/openvpn@.service index 70153e1..da7adc7 100644 --- a/debian/openvpn@.service +++ b/debian/openvpn@.service @@ -18,7 +18,7 @@ PIDFile=/run/openvpn/%i.pid KillMode=process ExecReload=/bin/kill -HUP $MAINPID CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE -LimitNPROC=10 +LimitNPROC=100 DeviceAllow=/dev/null rw DeviceAllow=/dev/net/tun rw ProtectSystem=true -- cgit v1.2.3