From d391b6992cfe5223aa58e714ec6710bd63013db4 Mon Sep 17 00:00:00 2001
From: Bernhard Schmidt <berni@debian.org>
Date: Wed, 20 Feb 2019 14:27:32 +0100
Subject: Add CAP_AUDIT_WRITE for auth_pam

Same change has been done upstream in 2.4.7

Closes: #868806
---
 debian/openvpn@.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/openvpn@.service b/debian/openvpn@.service
index 7f0134b..70153e1 100644
--- a/debian/openvpn@.service
+++ b/debian/openvpn@.service
@@ -17,7 +17,7 @@ ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10
 PIDFile=/run/openvpn/%i.pid
 KillMode=process
 ExecReload=/bin/kill -HUP $MAINPID
-CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
+CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
 LimitNPROC=10
 DeviceAllow=/dev/null rw
 DeviceAllow=/dev/net/tun rw
-- 
cgit v1.2.3