diff options
| author | Chris Lea | 2023-02-14 09:30:01 -0700 |
|---|---|---|
| committer | Chris Lea | 2023-02-14 09:30:01 -0700 |
| commit | 25b002d096fb3f88f6705d5b9ad04df3b3f01243 (patch) | |
| tree | a8b17426d3636c84b1ee119d34d623c733cca115 /0001-unprivileged.patch | |
| parent | 88b762b5294e34d0447dd7d4f3c9b9c17326ac1f (diff) | |
| download | aur-25b002d096fb3f88f6705d5b9ad04df3b3f01243.tar.gz | |
openvpn 2.6.0-1: new upstream release
Diffstat (limited to '0001-unprivileged.patch')
| -rw-r--r-- | 0001-unprivileged.patch | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/0001-unprivileged.patch b/0001-unprivileged.patch index b33de3461cb1..aa0e37b656d3 100644 --- a/0001-unprivileged.patch +++ b/0001-unprivileged.patch @@ -1,5 +1,5 @@ diff --git a/distro/systemd/openvpn-client@.service.in b/distro/systemd/openvpn-client@.service.in -index cbcef653..71aa1335 100644 +index 159fb4dc..2277a7d9 100644 --- a/distro/systemd/openvpn-client@.service.in +++ b/distro/systemd/openvpn-client@.service.in @@ -11,6 +11,9 @@ Type=notify @@ -8,12 +8,12 @@ index cbcef653..71aa1335 100644 ExecStart=@sbindir@/openvpn --suppress-timestamps --nobind --config %i.conf +User=openvpn +Group=network -+AmbientCapabilities=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE - CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE ++AmbientCapabilities=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SETPCAP CAP_SYS_CHROOT CAP_DAC_OVERRIDE + CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SETPCAP CAP_SYS_CHROOT CAP_DAC_OVERRIDE LimitNPROC=10 DeviceAllow=/dev/null rw diff --git a/distro/systemd/openvpn-server@.service.in b/distro/systemd/openvpn-server@.service.in -index d1cc72cb..691f369e 100644 +index 6e8e7d94..b2814e4b 100644 --- a/distro/systemd/openvpn-server@.service.in +++ b/distro/systemd/openvpn-server@.service.in @@ -11,6 +11,9 @@ Type=notify @@ -22,7 +22,7 @@ index d1cc72cb..691f369e 100644 ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf +User=openvpn +Group=network -+AmbientCapabilities=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE - CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE ++AmbientCapabilities=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SETPCAP CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE + CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SETPCAP CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE LimitNPROC=10 DeviceAllow=/dev/null rw |