Re: openvpn fails to run a learn-address script
- Date: Thu, 28 Feb 2019 08:47:00 +0100
- From: Dominik <dr896543@xxxxxxxxx>
- Subject: Re: openvpn fails to run a learn-address script
On 27.02.19 14:37, Curt wrote:
On 2019-02-27, Dominik <dr896543@xxxxxxxxx> wrote:I'm looking for help related to three questions: 1) How do I get additional information about what is causing the error? Why is systemd blocking sudo despite the modifications in the override.conf 2) More generally: How can I run openvpn in a daemon as user vpn with the ability to use sudo in a learn-address-script? 3) Would it be appropriate to file a bug report against systemd at this stage? Thanks in advance, kind regards DominikI can't grok your /etc/systemd/system/openvpn@.service.d/override.conf file.
Sorry, this was a mistake. The override.conf I used are
ProtectSystem=yes CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
My understanding is that for this workaround it should contain something like: Service] CapabilityBoundingSet=CAP_AUDIT_WRITE Another approach is to run systemctl edit openvpn@.service and in your $EDITOR write and save the same, i.e. [Service] CapabilityBoundingSet=CAP_AUDIT_WRITE Apparently "CapabilityBoundingSet=" (empty) also works. If that's what you've already done or I've misunderstood any or everything, sorry, mate.
Thanks for pointing this out. My mistake was the missing [Service]