Hi, On Wed, Jun 25, 2025 at 02:29:05PM +0200, Philipp Ewald wrote: > systemctl cat openvpn@<conf> > # [Service] > # Type=notify > # PrivateTmp=true > # WorkingDirectory=/etc/openvpn > # ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status > /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.conf > --writepid /run/openvpn/%i.pid > # PIDFile=/run/openvpn/%i.pid > [..] > # DeviceAllow=/dev/null rw > # DeviceAllow=/dev/net/tun rw > # ProtectSystem=true > # ProtectHome=true
So in case the issue here isn't obvious for any other readers, "ProtectSystem=true" only makes /usr, /boot and /efi read-only. "ProtectSystem=full" adds /etc to that list. "Protectsystem=strict" makes everything EXCEPT /dev, /proc and /sys read-only. This is documented in "man systemd.exec". Thanks, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting
