Hi, On Fri, Dec 09, 2016 at 07:13:03PM +0100, Christian Hesse wrote: > From: Christian Hesse <m...@eworm.de> > > ProtectSystem=strict mounts the entire file system hierarchy read-only, > except for the API file system subtrees /dev, /proc and /sys (which can > be protected using PrivateDevices=, ProtectKernelTunables=, > ProtectControlGroups=).
Unless the temp directories are still writeable, this will break
server configs with --client-connect scripts or plugins trying to hand
back config settings via temp files.
(I do not think an openvpn *client* config will need a to create
files, but this needs testing)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
