On 12/12/16 20:44, Gert Doering wrote:
> Hi,
>
> On Fri, Dec 09, 2016 at 07:13:03PM +0100, Christian Hesse wrote:
>> From: Christian Hesse
>>
>> ProtectSystem=strict mounts the entire file system hierarchy read-only,
>> except for the API file system subtrees /dev, /proc and /sys (which can
>> be
>>
>> (I do not think an openvpn *client* config will need a to create
>> files, but this needs testing)
>>
No, it does not. You compile with CLIENT_ONLY the tmp-dir option will
throw an error.
Arne
--
Check out the vib
> Hi,
>
> On Fri, Dec 09, 2016 at 07:13:03PM +0100, Christian Hesse wrote:
> > From: Christian Hesse
> >
> > ProtectSystem=strict mounts the entire file system hierarchy read-only,
> > except for the API file system subtrees /dev, /proc and /sys (which can
> > be protected using PrivateDevices=,
Hi,
On Fri, Dec 09, 2016 at 07:13:03PM +0100, Christian Hesse wrote:
> From: Christian Hesse
>
> ProtectSystem=strict mounts the entire file system hierarchy read-only,
> except for the API file system subtrees /dev, /proc and /sys (which can
> be protected using PrivateDevices=, ProtectKernelTu
On 10/12/16 12:57, Christian Hesse wrote:
> SviMik on Sat, 2016/12/10 06:06:
>>> You can break this with something like:
>>>
>>> status /etc/openvpn/client/status.log
>>>
>>> in your configuration. Writing a status file
>>> to /run/openvpn-{client,server}/status.log works, though. So the default
>
SviMik on Sat, 2016/12/10 06:06:
> > You can break this with something like:
> >
> > status /etc/openvpn/client/status.log
> >
> > in your configuration. Writing a status file
> > to /run/openvpn-{client,server}/status.log works, though. So the default
> > setups should be fine. Do we have any m
> You can break this with something like:
>
> status /etc/openvpn/client/status.log
>
> in your configuration. Writing a status file
> to /run/openvpn-{client,server}/status.log works, though. So the default
> setups should be fine. Do we have any more cases where openvpn wants write
> access for
David Sommerseth on Fri, 2016/12/09 20:42:
> On 09/12/16 19:13, Christian Hesse wrote:
> > From: Christian Hesse
> >
> > ProtectSystem=strict mounts the entire file system hierarchy read-only,
> > except for the API file system subtrees /dev, /proc and /sys (which can
> > be protected using Priv
On 09/12/16 19:13, Christian Hesse wrote:
> From: Christian Hesse
>
> ProtectSystem=strict mounts the entire file system hierarchy read-only,
> except for the API file system subtrees /dev, /proc and /sys (which can
> be protected using PrivateDevices=, ProtectKernelTunables=,
> ProtectControlGro
From: Christian Hesse
ProtectSystem=strict mounts the entire file system hierarchy read-only,
except for the API file system subtrees /dev, /proc and /sys (which can
be protected using PrivateDevices=, ProtectKernelTunables=,
ProtectControlGroups=).
ProtectHome=true makes the directories /home,
10 matches
Mail list logo
