Bug#939903: openvpn: systemd does not start openvpn after upgrade from stretch tu buster

Mon, 09 Sep 2019 16:10:10 -0700 

Package: openvpn
Version: 2.4.7-1
Severity: normal

Dear Maintainer,

I am running openvpn in a Linux container. I have upgraded openvpn from stretch 
to buster version. I have tried to start openvpn with "systemctl start 
openvpn". The error in the syslog is:

Sep 10 00:31:17 vpn systemd[1]: Starting OpenVPN connection to server...
Sep 10 00:31:17 vpn systemd[3766]: openvpn@server.service: Failed to set up 
mount namespacing: Permission denied
Sep 10 00:31:17 vpn systemd[3766]: openvpn@server.service: Failed at step 
NAMESPACE spawning /usr/sbin/openvpn: Permission denied
Sep 10 00:31:17 vpn systemd[1]: openvpn@server.service: Main process exited, 
code=exited, status=226/NAMESPACE
Sep 10 00:31:17 vpn systemd[1]: openvpn@server.service: Failed with result 
'exit-code'.
Sep 10 00:31:17 vpn systemd[1]: Failed to start OpenVPN connection to server.

I would expect openvpn to start normally without errors.

I have tried to add the following lines to the systemd unit, but it has not 
helped:

PrivateTmp=false
NoNewPrivileges=yes

I have tried to manually run openvpn with these commands:

/usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 
--cd /etc/openvpn --config /etc/openvpn/server.conf --writepid 
/run/openvpn/server.pid
openvpn --config /etc/openvpn/server.conf

Both commands were successful.

Regards,
Mikolaj Menke

-- System Information:
Debian Release: 10.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.15.18-16-pve (SMP w/2 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8), 
LANGUAGE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages openvpn depends on:
ii  debconf [debconf-2.0]  1.5.71
ii  iproute2               4.20.0-2
ii  libc6                  2.28-10
ii  liblz4-1               1.8.3-1
ii  liblzo2-2              2.10-0.1
ii  libpam0g               1.3.1-5
ii  libpkcs11-helper1      1.25.1-1
ii  libssl1.1              1.1.1c-1
ii  libsystemd0            241-7~deb10u1
ii  lsb-base               10.2019051400

Versions of packages openvpn recommends:
ii  easy-rsa  3.0.6-1

Versions of packages openvpn suggests:
ii  openssl                   1.1.1c-1
pn  openvpn-systemd-resolved  <none>
pn  resolvconf                <none>

-- debconf information:
  openvpn/create_tun: false

Reply via email to