From c7db1569e9ff2b00683027cda315662304d9d772 Mon Sep 17 00:00:00 2001
From: Alberto Gonzalez Iniesta <agi@inittab.org>
Date: Wed, 20 Jan 2016 17:30:10 +0100
Subject: Fix #795313

---
 debian/changelog        | 2 ++
 debian/openvpn@.service | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 06b2a6d..cc36009 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,8 @@ openvpn (2.3.10-1) unstable; urgency=medium
   * Increase start-stop-daemon timeout on stop to let openvpn
     tear down the connection properly in some cases.
     (Closes: #799592, #796914)
+  * Add CAP_AUDIT_WRITE to openvpn@.service CapabilityBoundingSet
+    to fix auth-pam plugin. (Closes: #795313)
 
  -- Alberto Gonzalez Iniesta <agi@inittab.org>  Wed, 20 Jan 2016 12:01:36 +0100
 
diff --git a/debian/openvpn@.service b/debian/openvpn@.service
index 1bb70b8..c60f785 100644
--- a/debian/openvpn@.service
+++ b/debian/openvpn@.service
@@ -15,7 +15,7 @@ PIDFile=/run/openvpn/%i.pid
 ExecReload=/bin/kill -HUP $MAINPID
 WorkingDirectory=/etc/openvpn
 ProtectSystem=yes
-CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH
+CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_AUDIT_WRITE
 LimitNPROC=10
 DeviceAllow=/dev/null rw
 DeviceAllow=/dev/net/tun rw
-- 
cgit v1.2.3