If this is of importance to you, there are two courses of action. First,
please create a ticket on the OpenVPN community trac. Please be as detailed as
possible. Another option is to fix this in the source tree, based of
git-master, and submit a working patch. This second option is going to be the
quickest way to get a resolution.
Cheers
-
Eric F Crist
On Oct 11, 2012, at 10:21:35, Alberto Gonzalez Iniesta wrote:
> Hi,
>
> There's an open bug in Debian [1] since 2007, that seems to be quite
> documented right now. To sum up, when you run openvpn with --mlock and
> --user, the daemon will die with "out of memory", possibly due to
> mlock(2):
>
> BUGS
> Since kernel 2.6.9, if a privileged process calls mlockall(MCL_FUTURE)
> and later drops privileges (loses the CAP_IPC_LOCK capability by, for
> example, setting its effective UID to a nonzero value), then
> subsequent memory allocations (e.g., mmap(2), brk(2)) will fail if the
> RLIMIT_MEMLOCK resource limit is encountered.
>
> The bug report contains a workaround (editing PAM limits) and a plea to
> document this behaviour. I guess it's better to document this (after
> verification of the facts) in OpenVPN's man page rather than just
> Debian's package.
>
> Regards,
>
> Alberto
>
>
> [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=406895
> --
> Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico
> agi@(inittab.org|debian.org)| en GNU/Linux y software libre
> Encrypted mail preferred| http://inittab.com
>
> Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3
>
> --
> Don't let slow site performance ruin your business. Deploy New Relic APM
> Deploy New Relic app performance management and know exactly
> what is happening inside your Ruby, Python, PHP, Java, and .NET app
> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> http://p.sf.net/sfu/newrelic-dev2dev
> ___
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel