Hi Jim, On 2016-05-13 08:19 AM, BARBER, Jim wrote: > I tried Simon Deziel's technique first. > I ran: systemctl edit openvpn@.service > It opened a blank editor and I added the following lines: > > [Service] > CapabilityBoundingSet=
I'm sorry to have induce you in error. Apparently you need to set it like that to properly under any previous effect: [Service] CapabilityBoundingSet=~ This is explained here [1]: > If set to "~" (without any further argument), the bounding set is > reset to the full set of available capabilities, also undoing any > previous settings. Sorry about the confusion. Simon 1: https://www.freedesktop.org/software/systemd/man/systemd.exec.html#CapabilityBoundingSet=
