Package: openvpn Version: 2.3.4-4 Severity: wishlist Hello,
If you add the option ProtectSystem=yes to the service file, then the daemon will not have the ability to write to /usr. There is no reason why it needs to write there, so enabling this option should not cause any problems. This option is one of the systemd security features for systemd service files that was detailed in a talk[0] given by Lennart which details various security features you can enable in your package's service files. micah [0] http://ftp.nluug.nl/video/nluug/2014-11-20_nj14/zaal-2/5_Lennart_Poettering_-_Systemd.webm -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openvpn depends on: ii debconf [debconf-2.0] 1.5.54 ii init-system-helpers 1.22 ii initscripts 2.88dsf-58 ii iproute2 3.16.0-2 ii libc6 2.19-13 ii liblzo2-2 2.08-1 ii libpam0g 1.1.8-3.1 ii libpkcs11-helper1 1.11-2 ii libssl1.0.0 1.0.1j-1 Versions of packages openvpn recommends: ii easy-rsa 2.2.2-1 Versions of packages openvpn suggests: ii openssl 1.0.1j-1 ii resolvconf 1.76 -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
