Re: openvpn fails to run a learn-address script
On 2019-02-27, Dominik <dr896543@gmail.com> wrote:
>
> I'm looking for help related to three questions:
>
> 1) How do I get additional information about what is causing the error?
> Why is systemd blocking sudo despite the modifications in the override.conf
>
> 2) More generally: How can I run openvpn in a daemon as user vpn with
> the ability to use sudo in a learn-address-script?
>
> 3) Would it be appropriate to file a bug report against systemd at this
> stage?
>
> Thanks in advance,
>
> kind regards
>
> Dominik
>
I can't grok your /etc/systemd/system/openvpn@.service.d/override.conf
file.
My understanding is that for this workaround it should contain something like:
Service]
CapabilityBoundingSet=CAP_AUDIT_WRITE
Another approach is to run
systemctl edit openvpn@.service
and in your $EDITOR write and save the same, i.e.
[Service]
CapabilityBoundingSet=CAP_AUDIT_WRITE
Apparently "CapabilityBoundingSet=" (empty) also works.
If that's what you've already done or I've misunderstood any or everything,
sorry, mate.
--
When you have fever you are heavy and light, you are small and swollen, you
climb endlessly a ladder which turns like a wheel.
Jean Rhys, Voyage in the Dark
Reply to: