Send connman mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.01.org/mailman/listinfo/connman
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of connman digest..."
Today's Topics:
1. Re: connman unser systemd --user session (Vasiliy Tolstov)
2. Re: [RFC] vpn: Restrict connman-vpnd capabilities (Patrik Flykt)
----------------------------------------------------------------------
Message: 1
Date: Fri, 19 Feb 2016 11:10:12 +0300
From: Vasiliy Tolstov <[email protected]>
To: Patrik Flykt <[email protected]>
Cc: connman <[email protected]>
Subject: Re: connman unser systemd --user session
Message-ID:
<cacaajqsyjctyamtzanc4t1iaquznra_omwogewhgmchcjbs...@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
2016-02-19 11:08 GMT+03:00 Patrik Flykt <[email protected]>:
> You are the first one to try it out. Remember that then the program
> needs more capabilities to perform its task in this case. I don't see a
> problem with storing passphrases in /var/lib, they are anyway shared
> with all the devices connecting to the network so...
If i lost my notebook all password goes away. I'm need to encrypt full
system partition, but when storing in .config i need to encrypt only
/home partition...
--
Vasiliy Tolstov,
e-mail: [email protected]
------------------------------
Message: 2
Date: Fri, 19 Feb 2016 11:29:22 +0200
From: Patrik Flykt <[email protected]>
To: Andrew Bibb <[email protected]>
Cc: "[email protected]" <[email protected]>
Subject: Re: [RFC] vpn: Restrict connman-vpnd capabilities
Message-ID: <[email protected]>
Content-Type: text/plain; charset="UTF-8"
Hi,
The below reply got stuck somewhere, I thought it had already been sent
to the mailing list...
On Wed, 2016-02-10 at 19:30 -0500, Andrew Bibb wrote:
> Lastly I decided to play around with the CapabiliyBoundingSet a bit
> based on your suggestion. Adding CAP_DAC_READ_SEARCH to the "as
> shipped" list will allow OpenVPN to connect. I never even knew these
> existed until this evening, and I only picked that one based on
> reading the manpage, so the probability of it being the proper one is
> likely not great. Using CAP_DAC_OVERRIDE also works, but that
> bypasses write permissions and seems to be overkill.
man paget says about CAP_DAC_READ_SEARCH that it:
* Bypass file read permission checks and directory read and execute
permission checks;
* Invoke open_by_handle_at(2).
Could it be that openvpn does not have read permissions to the config
file and/or path written to by ConnMan?
Cheers,
Patrik
------------------------------
Subject: Digest Footer
_______________________________________________
connman mailing list
[email protected]
https://lists.01.org/mailman/listinfo/connman
------------------------------
End of connman Digest, Vol 4, Issue 23
**************************************
