> Hi,
> On Fri, Dec 09, 2016 at 07:13:03PM +0100, Christian Hesse wrote:
> > From: Christian Hesse <m...@eworm.de>
> > 
> > ProtectSystem=strict mounts the entire file system hierarchy read-only,
> > except for the API file system subtrees /dev, /proc and /sys (which can
> > be protected using PrivateDevices=, ProtectKernelTunables=,
> > ProtectControlGroups=).
> Unless the temp directories are still writeable, this will break 
> server configs with --client-connect scripts or plugins trying to hand 
> back config settings via temp files.
> (I do not think an openvpn *client* config will need a to create
> files, but this needs testing)

Even if you find a way to store temporary files, I'm still not sure what can be 
done with ifconfig-pool-persist. It's not a temp file, it should be persistent.
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
Openvpn-devel mailing list

Reply via email to