> Hi, > > On Fri, Dec 09, 2016 at 07:13:03PM +0100, Christian Hesse wrote: > > From: Christian Hesse <m...@eworm.de> > > > > ProtectSystem=strict mounts the entire file system hierarchy read-only, > > except for the API file system subtrees /dev, /proc and /sys (which can > > be protected using PrivateDevices=, ProtectKernelTunables=, > > ProtectControlGroups=). > > Unless the temp directories are still writeable, this will break > server configs with --client-connect scripts or plugins trying to hand > back config settings via temp files. > > (I do not think an openvpn *client* config will need a to create > files, but this needs testing) >
Even if you find a way to store temporary files, I'm still not sure what can be done with ifconfig-pool-persist. It's not a temp file, it should be persistent. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
