** Description changed: [Impact] The command 'systemctl reload openvpn @ $ foo' is broken for a while and no one have reported that. Users should not be using it a lot. After some investigation we notice the restart command does basically the same thing, and users should be using restart and not reload. Our proposal here is to drop the reload support (it is not mandatory) to avoid users getting errors while trying to use it. [Test Case] * Setup an OpenVPN server * Try to reload the service: $ systemctl reload openvpn@$foo + + $ sudo systemctl reload openvpn@server + Job for openvpn@server.service failed. + See "systemctl status openvpn@server.service" and "journalctl -xe" for details. [Regression Potential] The legacy systemd unit file were changed (openvpn.service and openvpn@.service), so if a regression is going to happen is there. We did not change any existent config, we simply removed the reload related config. [Original Description] OpenVPN will not reload due to misconfigured .service file You remove CAP_KILL (by not listing it in CapabilityBoundingSet). OpenVPN should be configured to drop privileges, which means that it will no longer be running as root, while kill is running with root, which means CAP_KILL is required to send a signal. It either needs to be listed in CapabilityBoundingSet, or (preferably) "ExecReload=/bin/kill -HUP $MAINPID" needs to become "ExecReload=+/bin/kill -HUP $MAINPID" ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openvpn 2.4.4-2ubuntu1.3 ProcVersionSignature: Ubuntu 4.15.0-91.92-generic 4.15.18 Uname: Linux 4.15.0-91-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.12 Architecture: amd64 Date: Thu Mar 19 10:48:18 2020 InstallationDate: Installed on 2018-05-02 (686 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: openvpn UpgradeStatus: No upgrade log present (probably fresh install) modified.conffile..etc.openvpn.update-resolv-conf: [deleted]
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1868127 Title: [SRU] OpenVPN will not reload due to misconfigured .service file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1868127/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
