Bernhard, > Unfortunately I'm a total DAC illiterate, can anyone explain the > difference between > > Upstream: > CAP_DAC_OVERRIDE > > Debian: > CAP_DAC_READ_SEARCH CAP_AUDIT_WRITE > > and what they actually mean? What is allowed by the Debian unit that > is not allowed by the Upstream unit, and when would you need this?
I too am DAC illiterate. I merely took the list of capabilities from http://man7.org/linux/man-pages/man7/capabilities.7.html and binary chopped to find the missing one. > Can you file an upstream bug about this? > https://community.openvpn.net/openvpn/report I've submitted a bug upstream: https://community.openvpn.net/openvpn/ticket/918. Regards, John
