Re: [Openvpn-devel] Discussion: Moving forward with compression and voracle

> On 29-08-18 17:18, Jan Just Keijser wrote: >> Since when can I not type in >>   rm -rf / >> any more ?  did someone build in a flag into the "rm" command to stop me >> from doing so? I sure hope not. > > $ sudo docker run --rm debian rm -rf / > rm: it is dangerous to operate recursively on '/' >

Re: [Openvpn-devel] [PATCH 2/2] systemd: extend CapabilityBoundingSet for learn-address

On 29/08/18 21:05, Christian Hesse wrote: > Christian Ehrhardt on Wed, 2018/08/29 > 16:27: >> It seems a not too uncommon case that learn-address needs to recycle >> dnsmasq - to do so it would need CAP_KILL. >> >> This was suggested on https://community.openvpn.net/openvpn/ticket/918 >> >>

Re: [Openvpn-devel] [PATCH 2/2] systemd: extend CapabilityBoundingSet for learn-address

Christian Ehrhardt on Wed, 2018/08/29 16:27: > It seems a not too uncommon case that learn-address needs to recycle > dnsmasq - to do so it would need CAP_KILL. > > This was suggested on https://community.openvpn.net/openvpn/ticket/918 > > Signed-off-by: Christian Ehrhardt > --- >

Re: [Openvpn-devel] Discussion: Moving forward with compression and voracle

On 29-08-18 17:18, Jan Just Keijser wrote: > Since when can I not type in >   rm -rf / > any more ?  did someone build in a flag into the "rm" command to stop me > from doing so? I sure hope not. $ sudo docker run --rm debian rm -rf / rm: it is dangerous to operate recursively on '/' rm: use

[Openvpn-devel] [PATCH 0/2] extend systemd service files for common use cases

Hi, tracking down an Ubuntu bug I found what seemed to be a circular dependency around https://community.openvpn.net/openvpn/ticket/918 Realizing that your process requires the patches sent to the list I thought it might help to prep those. I'd highly sak to consider the first change, the second

[Openvpn-devel] [PATCH 1/2] systemd: extend CapabilityBoundingSet for auth_pam

Auth_pam will require audit writes or the connection will be rejected as the plugin fails to initialize like: openvpn[]: sudo: unable to send audit message openvpn[]: sudo: pam_open_session: System error openvpn[]: sudo: policy plugin failed session initialization See links from

[Openvpn-devel] [PATCH 2/2] systemd: extend CapabilityBoundingSet for learn-address

It seems a not too uncommon case that learn-address needs to recycle dnsmasq - to do so it would need CAP_KILL. This was suggested on https://community.openvpn.net/openvpn/ticket/918 Signed-off-by: Christian Ehrhardt --- distro/systemd/openvpn-ser...@.service.in | 2 +- 1 file changed, 1

[Openvpn-devel] [PATCH] Fix memory leak after sighup

The c.es env_set is (re)allocated for each "sighup loop iteration", while it was free'd only once at process shutdown. Move the env_set_destroy() call to match the same level as the env_set_create() call to fix that. Signed-off-by: Steffan Karger --- src/openvpn/openvpn.c | 3 +-- 1 file

[Openvpn-devel] [PATCH] mbedtls: print warning if random personalisation fails

... instead of when it doesn't fail. Looks like 'someone' mixed up the mbedtls return style (0 means success) with the openvpn internal return style (true means success). Signed-off-by: Steffan Karger --- src/openvpn/ssl_mbedtls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff