On Fri, Dec 09, 2016 at 07:13:03PM +0100, Christian Hesse wrote:
> From: Christian Hesse <m...@eworm.de>
> ProtectSystem=strict mounts the entire file system hierarchy read-only,
> except for the API file system subtrees /dev, /proc and /sys (which can
> be protected using PrivateDevices=, ProtectKernelTunables=,
> ProtectControlGroups=).

Unless the temp directories are still writeable, this will break 
server configs with --client-connect scripts or plugins trying to hand 
back config settings via temp files.

(I do not think an openvpn *client* config will need a to create
files, but this needs testing)

USENET is *not* the non-clickable part of WWW!
Gert Doering - Munich, Germany                             g...@greenie.muc.de
fax: +49-89-35655025                        g...@net.informatik.tu-muenchen.de

Attachment: signature.asc
Description: PGP signature

Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
Openvpn-devel mailing list

Reply via email to