dco: disable DCO if --user specified but unable to retain capabilities
If run under network manager, OpenVPN starts with uid=0 and
'--user nm-openvpn', but is lacking the CAP_SETPCAP capabilities
to retain CAP_NET_ADMIN after dropping root privileges.
In DCO mode, OpenVPN must have CAP_NET_ADMIN today, always, otherwise
TLS renegotiation / key rotation will not be possible.
So, check at startup, if --user is specified, if CAP_NET_ADMIN is
permitted and CAP_SETPCAP is available. If either of the capabilities
is missing, disable DCO. Traditional tun/tap works with "uid=0 on
tun open, and setuid() afterwards".
Long-Term, get NM to enable OpenVPN to run with CAP_NET_ADMIN.
Debian bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=
1017379
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
Tested-By: Bernhard Schmidt <berni@birkenwald.de>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <
20220817131817.467-1-timo@rothenpieler.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24952.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
projects / thirdparty / openvpn.git / commit
