On 27.02.19 14:37, Curt wrote:
On 2019-02-27, Dominik<dr896...@gmail.com> wrote:
I'm looking for help related to three questions:
1) How do I get additional information about what is causing the error?
Why is systemd blocking sudo despite the modifications in the override.conf
2) More generally: How can I run openvpn in a daemon as user vpn with
the ability to use sudo in a learn-address-script?
3) Would it be appropriate to file a bug report against systemd at this
stage?
Thanks in advance,
kind regards
Dominik
I can't grok your /etc/systemd/system/openvpn@.service.d/override.conf
file.
Sorry, this was a mistake. The override.conf I used are
version 1:
ProtectSystem=yes
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE
CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
CAP_AUDIT_WRITE
version 2:
ProtectSystem=no
CapabilityBoundingSet=~
My understanding is that for this workaround it should contain something like:
Service]
CapabilityBoundingSet=CAP_AUDIT_WRITE
Another approach is to run
systemctl editopenvpn@.service
and in your $EDITOR write and save the same, i.e.
[Service]
CapabilityBoundingSet=CAP_AUDIT_WRITE
Apparently "CapabilityBoundingSet=" (empty) also works.
If that's what you've already done or I've misunderstood any or everything,
sorry, mate.
Thanks for pointing this out. My mistake was the missing [Service]
Greetings
Dominik
