Re: openvpn fails to run a learn-address script

To: debian-user@lists.debian.org
Subject: Re: openvpn fails to run a learn-address script
From: Curt <curty@free.fr>
Date: Wed, 27 Feb 2019 13:37:46 -0000 (UTC)
Message-id: <[🔎] slrnq7d4la.2qu.curty@einstein.electron.org>
References: <[🔎] 60a1a3bb-fbd6-faaf-d386-59c7b2d98cc7@gmail.com>

On 2019-02-27, Dominik <dr896543@gmail.com> wrote:
>
> I'm looking for help related to three questions:
>
> 1) How do I get additional information about what is causing the error?
> Why is systemd blocking sudo despite the modifications in the override.conf
>
> 2) More generally: How can I run openvpn in a daemon as user vpn with
> the ability to use sudo in a learn-address-script?
>
> 3) Would it be appropriate to file a bug report against systemd at this
> stage?
>
> Thanks in advance,
>
> kind regards
>
> Dominik
>

I can't grok your /etc/systemd/system/openvpn@.service.d/override.conf 
file.

My understanding is that for this workaround it should contain something like:

 Service]
 CapabilityBoundingSet=CAP_AUDIT_WRITE

Another approach is to run

 systemctl edit openvpn@.service

and in your $EDITOR write and save the same, i.e.

 [Service]
 CapabilityBoundingSet=CAP_AUDIT_WRITE

Apparently "CapabilityBoundingSet=" (empty) also works.

If that's what you've already done or I've misunderstood any or everything,
sorry, mate.

-- 
When you have fever you are heavy and light, you are small and swollen, you
climb endlessly a ladder which turns like a wheel. 
Jean Rhys, Voyage in the Dark

Reply to:

Follow-Ups:
- Re: openvpn fails to run a learn-address script
  - From: Dominik <dr896543@gmail.com>

References:
- openvpn fails to run a learn-address script
  - From: Dominik <dr896543@gmail.com>

Prev by Date: openvpn fails to run a learn-address script
Next by Date: Apt Update Problem
Previous by thread: openvpn fails to run a learn-address script
Next by thread: Re: openvpn fails to run a learn-address script
Index(es):
- Date
- Thread