Hoi Piotjr, On 03/04/16 18:06, Piotr Dobrogost wrote: > Piotr Dobrogost <p <at> 2016.forums.dobrogost.net> writes: > >> On Wed, Mar 30, 2016 at 11:09 PM, Piotr Dobrogost wrote: >>> Your script does indeed work which left me wondering what's going on >>> in systemd that this environment is different... >> What's interesting the script works even when >> OPENSSL_ENABLE_MD5_VERIFY envvar is not being set in it. So the change >> in behavior has nothing to do with this envvar but with something >> else... > The above is (of course) wrong :) Setting OPENSSL_ENABLE_MD5_VERIFY envvar > is still required. However using bash script changes SELinux context > somehow and enables openssl to read environment which it can't read when > running openvpn directly by systemd (using ExecStart param in service > file). > > thanks for your detailed follow-up: on my FC22 box SElinux is disabled by default and hence I would have never seen this. The problem you've run into shows exactly what is failing with SElinux and/or with systemd: executing the binary does NOT allow access to an env var, but executing the binary via script does ?!?!?! Was anything logged in the SELinux logs (audit logs) about this?
JJK ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
