Web lists-archives.com

Re: openvpn fails to run a learn-address script




On 2019-02-27, Dominik <dr896543@xxxxxxxxx> wrote:
>
> I'm looking for help related to three questions:
>
> 1) How do I get additional information about what is causing the error?
> Why is systemd blocking sudo despite the modifications in the override.conf
>
> 2) More generally: How can I run openvpn in a daemon as user vpn with
> the ability to use sudo in a learn-address-script?
>
> 3) Would it be appropriate to file a bug report against systemd at this
> stage?
>
> Thanks in advance,
>
> kind regards
>
> Dominik
>

I can't grok your /etc/systemd/system/openvpn@.service.d/override.conf 
file.

My understanding is that for this workaround it should contain something like:

 Service]
 CapabilityBoundingSet=CAP_AUDIT_WRITE

Another approach is to run

 systemctl edit openvpn@.service

and in your $EDITOR write and save the same, i.e.

 [Service]
 CapabilityBoundingSet=CAP_AUDIT_WRITE

Apparently "CapabilityBoundingSet=" (empty) also works.

If that's what you've already done or I've misunderstood any or everything,
sorry, mate.

-- 
When you have fever you are heavy and light, you are small and swollen, you
climb endlessly a ladder which turns like a wheel. 
Jean Rhys, Voyage in the Dark