Re: [Openvpn-devel] [PATCH v2] Retain CAP_NET_ADMIN when dropping privileges

2022-03-30 Thread Jan Just Keijser
Hi, On 30/03/22 22:55, Timo Rothenpieler wrote: --- Using libcap-ng now sorry to butt in late, but I've got a nasty feeling about this... the whole purpose of using   --user is, according to the man page    --user user   Change the user ID of the OpenVPN process to user after 

[Openvpn-devel] [PATCH v2] Retain CAP_NET_ADMIN when dropping privileges

2022-03-30 Thread Timo Rothenpieler
--- Using libcap-ng now configure.ac | 19 + distro/systemd/openvpn-cli...@.service.in | 2 +- distro/systemd/openvpn-ser...@.service.in | 2 +- src/openvpn/init.c| 25 ++- src/openvpn/platform.c| 91 +

[Openvpn-devel] [PATCH] Retain CAP_NET_ADMIN when dropping privileges

2022-03-30 Thread Timo Rothenpieler
--- configure.ac | 18 ++ distro/systemd/openvpn-cli...@.service.in | 2 +- distro/systemd/openvpn-ser...@.service.in | 2 +- src/openvpn/init.c| 25 ++- src/openvpn/platform.c| 79 +++ src/openv

Re: [Openvpn-devel] [PATCH] Retain CAP_NET_ADMIN when dropping privileges

2022-03-30 Thread Antonio Quartulli
Hi, On 30/03/2022 13:57, Gert Doering wrote: Hi, On Wed, Mar 30, 2022 at 01:31:24PM +0200, Timo Rothenpieler wrote: It is possible to argue that sitnl does low-level calls to the kernel as well.  But potential libraries had an API which was making everything far more complex on the OpenVPN sid

Re: [Openvpn-devel] [PATCH] Retain CAP_NET_ADMIN when dropping privileges

2022-03-30 Thread Gert Doering
Hi, On Wed, Mar 30, 2022 at 01:31:24PM +0200, Timo Rothenpieler wrote: > > It is possible to argue that sitnl does low-level calls to the kernel as > > well.  But potential libraries had an API which was making everything > > far more complex on the OpenVPN side.  For libcap-ng at least, that is

Re: [Openvpn-devel] [PATCH] Retain CAP_NET_ADMIN when dropping privileges

2022-03-30 Thread Timo Rothenpieler
On 30.03.2022 11:11, David Sommerseth wrote: On 30/03/2022 10:51, David Sommerseth wrote: On 29/03/2022 21:29, Timo Rothenpieler wrote: --- This patch sits on top of the current dco branch, and will not apply to latest master. It solves the issue of dropping root privileges breaking dco and si

[Openvpn-devel] Summary of the community meeting (30th March 2022)

2022-03-30 Thread Samuli Seppänen
Hi, Here's the summary of the IRC meeting. --- COMMUNITY MEETING Place: #openvpn-meeting on libera.chat Date: Wed 30th March 2022 Time: 10:30 CEST (8:30 UTC) Planned meeting topics for this meeting were here: Your local meeting

Re: [Openvpn-devel] [PATCH] Retain CAP_NET_ADMIN when dropping privileges

2022-03-30 Thread David Sommerseth
On 30/03/2022 10:51, David Sommerseth wrote: On 29/03/2022 21:29, Timo Rothenpieler wrote: --- This patch sits on top of the current dco branch, and will not apply to latest master. It solves the issue of dropping root privileges breaking dco and sitnl due to missing NET_ADMIN capabilities.  

Re: [Openvpn-devel] [PATCH] Retain CAP_NET_ADMIN when dropping privileges

2022-03-30 Thread David Sommerseth
On 29/03/2022 21:29, Timo Rothenpieler wrote: --- This patch sits on top of the current dco branch, and will not apply to latest master. It solves the issue of dropping root privileges breaking dco and sitnl due to missing NET_ADMIN capabilities. configure.ac | 3 ++ src/openvpn/