git.ipfire.org Git - thirdparty/openvpn.git/commit

author	David Sommerseth <davids@openvpn.net>
	Wed, 7 Dec 2016 02:51:52 +0000 (03:51 +0100)
committer	David Sommerseth <davids@openvpn.net>
	Fri, 9 Dec 2016 19:57:11 +0000 (20:57 +0100)
commit	65140a3acfa42e5d42cdfcf8108f00a62d5767ff
tree	170238218bf3a239bde36d3e959ae7cc00f3f3cc	tree \| snapshot
parent	54e386b4a89b33947314e1192f7d34a3e16c451b	commit \| diff

systemd: Intermediate --chroot fix with the new sd_notify() implementation

Commit c5931897ae8d663e7e introduced support for talking directly
to the systemd service manager about the situation for the OpenVPN
tunnel. This approach makes a lot of sense and is mostly the proper
way to do it.  But it was discovered that it breaks OpenVPN
configurations using --chroot.

The reason sd_notify() calls fails when using chroot() is that
sd_notify() expects to have access to a file as declared in the
$NOTIFY_SOCKET environment variable.  It is the main systemd
instance which is responsible to provide both the environment variable
as well as the socket file sd_nodify() should use.  When --chroot
comes into play, the $NOTIFY_SOCKET file will not be available
for OpenVPN any more.

As things are getting close to the 2.4_rc2 release we will not dare
to bring a too invasive fix.  As well we need some time to discuss
an approrpriate solution.  So this intermediate fix will only
provide a "successful start" message to the systemd service manager
right before chroot() happens.  This will at least resolve the issue
in a safe and non-intrusive way.

Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Christian Hesse <mail@eworm.de>
Message-Id: <1481079112-22990-1-git-send-email-davids@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13416.html