]> git.ipfire.org Git - thirdparty/openvpn.git/commit
projects / thirdparty / openvpn.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7170bef) | patch
systemd: extend CapabilityBoundingSet for auth_pam
authorChristian Ehrhardt <christian.ehrhardt@canonical.com>
Wed, 29 Aug 2018 14:27:14 +0000 (16:27 +0200)
committerGert Doering <gert@greenie.muc.de>
Mon, 3 Sep 2018 08:44:23 +0000 (10:44 +0200)
commita564781cfd9912d0f755394d1fa610706d93e707
treef64b0ee1b01e3c942ae149f614121b2d65d038actree
parent7170bef507bfe74ceb4a12f8f10df4d2d6ad39c9commit | diff
systemd: extend CapabilityBoundingSet for auth_pam

Auth_pam will require audit writes or the connection will be rejected
as the plugin fails to initialize like:
  openvpn[1111]: sudo: unable to send audit message
  openvpn[1111]: sudo: pam_open_session: System error
  openvpn[1111]: sudo: policy plugin failed session initialization

See links from https://community.openvpn.net/openvpn/ticket/918 for
more.

auth_pam is a common use case and capabilties for it should be allowed
by the .service file.

Fixes: #918
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20180829142715.417-2-christian.ehrhardt@canonical.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17432.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
distro/systemd/openvpn-server@.service.in diff | blob | blame | history
Mirror of https://github.com/OpenVPN/openvpn.git