From: Frank Lichtenheld <[email protected]> There were some complaints about valid setups that ran into problems with LimitNPROC. This is especially true since LimitNPROC limits the total amounts of threads running for the same uid, so if multiple openvpn services run under the same user, they will compete for resources. As suggested in the systemd documentation change this to TasksMax which really counts the threads running in one specific service.
Github: Fixes #929 Change-Id: Ic877f9a9c6459c6eb97cde1099f47f0b196b8084 Signed-off-by: Frank Lichtenheld <[email protected]> Acked-by: Arne Schwabe <[email protected]> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1539 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1539 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Arne Schwabe <[email protected]> diff --git a/distro/systemd/[email protected] b/distro/systemd/[email protected] index 326bb73..e311978 100644 --- a/distro/systemd/[email protected] +++ b/distro/systemd/[email protected] @@ -12,7 +12,7 @@ WorkingDirectory=/etc/openvpn/client ExecStart=@sbindir@/openvpn --suppress-timestamps --nobind --config %i.conf CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SETPCAP CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_SYS_NICE -LimitNPROC=10 +TasksMax=10 DeviceAllow=/dev/null rw DeviceAllow=/dev/net/tun rw ProtectSystem=true diff --git a/distro/systemd/[email protected] b/distro/systemd/[email protected] index d43bce1..e3e9895 100644 --- a/distro/systemd/[email protected] +++ b/distro/systemd/[email protected] @@ -12,7 +12,7 @@ WorkingDirectory=/etc/openvpn/server ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SETPCAP CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_SYS_NICE CAP_AUDIT_WRITE -LimitNPROC=10 +TasksMax=10 DeviceAllow=/dev/null rw DeviceAllow=/dev/net/tun rw ProtectSystem=true _______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
