Package: openvpn Version: 2.4.0-6+deb9u3 Followup-For: Bug #868806 Dear Maintainer,
After the latest update to openvpn 2.4.0-6+deb9u3 (at the same time, the systemd security update 232-25+deb9u9 was installed), openvpn reports errors while running a learn-address skript, that makes use of sudo: Feb 25 09:07:56 vpn openvpn[27220]: sudo: unable to send audit message Feb 25 09:07:56 vpn openvpn[27220]: sudo: pam_open_session: System error Feb 25 09:07:56 vpn openvpn[27220]: sudo: policy plugin failed session initialization This occurs, if the server is started from systemd The following work arounds resolve the problem: - Running openvpn as root instead of user vpn - Copying /lib/systemd/system/openvpn@.service to /etc/systemd/system/openvpn@.service and removing the CapabilityBoundingSet line from it Kind regards Dominik -- System Information: Debian Release: 9.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-8-amd64 (SMP w/1 CPU core) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages openvpn depends on: ii debconf [debconf-2.0] 1.5.61 ii init-system-helpers 1.48 ii iproute2 4.9.0-1+deb9u1 ii libc6 2.24-11+deb9u4 ii liblz4-1 0.0~r131-2+b1 ii liblzo2-2 2.08-1.2+b2 ii libpam0g 1.1.8-3.6 ii libpkcs11-helper1 1.21-1 ii libssl1.0.2 1.0.2q-1~deb9u1 ii libsystemd0 232-25+deb9u9 ii lsb-base 9.20161125 Versions of packages openvpn recommends: ii easy-rsa 2.2.2-2 Versions of packages openvpn suggests: ii openssl 1.1.0j-1~deb9u1 pn resolvconf <none> -- Configuration Files: /etc/default/openvpn changed: AUTOSTART="all" OPTARGS="" OMIT_SENDSIGS=0 -- debconf information: openvpn/create_tun: false
