Since a few days (after an update of systemd and openvpn), openvpn fails while running the learn-address script with the following message:
Feb 25 09:07:56 vpn openvpn[27220]: sudo: unable to send audit message Feb 25 09:07:56 vpn openvpn[27220]: sudo: pam_open_session: System error Feb 25 09:07:56 vpn openvpn[27220]: sudo: policy plugin failed session initialization I found the following bug reports, that may be related and make me assume that systemd is causing the error: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792653 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868806 As a work around, openvpn is now running as superuser, instead of user vpn. However, I would like to change this back. I tried to give appropriate rights to the daemon using an override-file /etc/systemd/system/openvpn-server@.service.d/override.conf and restarting the service sudo systemctl daemon-reload sudo service openvpn-server@clstest restart The error persists with two different versions of override.conf version 1: > ProtectSystem > <https://isms.teleseo.eu/do/edit/Bugs/ProtectSystem?topicparent=Bugs.Item2025;nowysiwyg=0>=yes > CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE > CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE > CAP_AUDIT_WRITE version 2: > ProtectSystem > <https://isms.teleseo.eu/do/edit/Bugs/ProtectSystem?topicparent=Bugs.Item2025;nowysiwyg=0>=no > CapabilityBoundingSet=~ I reported the issue againstĀ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868806 which may have been wrong, since the bug was already closed and downgrading to the version before the update did not resolve the issue. I'm looking for help related to three questions: 1) How do I get additional information about what is causing the error? Why is systemd blocking sudo despite the modifications in the override.conf 2) More generally: How can I run openvpn in a daemon as user vpn with the ability to use sudo in a learn-address-script? 3) Would it be appropriate to file a bug report against systemd at this stage? Thanks in advance, kind regards Dominik