On 06/04/2022 14:44, Timo Rothenpieler wrote:
--- a/configure.ac
+++ b/configure.ac
@@ -794,6 +794,25 @@ dnl
esac
fi
+dnl
+dnl Depend on libcap-ng on Linux
+dnl
+case "$host" in
+ *-*-linux*)
+ PKG_CHECK_MODULES([LIBCAPNG],
+ [libcap-ng],
+ [ha
On 06/04/2022 14:44, Timo Rothenpieler wrote:
'man cap_change_id' does not mention setting errno at all.
What do we expect to see with M_ERRNO?
Every function it internally calls sets errno, so in case of failure
errno will reflect what went wrong. Like, for example EPERM will be the
most
On 06.04.2022 11:52, Antonio Quartulli wrote:
Hi,
On 30/03/2022 22:55, Timo Rothenpieler wrote:
---
Using libcap-ng now
A commit message would be good, but I see that David has already
proposed one.
The latest rebased version of this patch already has that message.
Just seemed silly to re-
Hi,
On 30/03/2022 22:55, Timo Rothenpieler wrote:
---
Using libcap-ng now
A commit message would be good, but I see that David has already
proposed one.
configure.ac | 19 +
distro/systemd/openvpn-cli...@.service.in | 2 +-
distro/systemd/openvpn-ser
Hi,
On Thu, Mar 31, 2022 at 04:38:06PM +0200, David Sommerseth wrote:
> We could "fix" --down now, but I will not recommend it at all. We could
> add the CAP_DAC_OVERRIDE capability. But that's a massive sledge
> hammer, giving read/write access to any file on the system. Only
> security modu
On 31/03/2022 15:26, Gert Doering wrote:
Hi,
On Thu, Mar 31, 2022 at 03:20:59PM +0200, David Sommerseth wrote:
I've also run a few tests using an --up script which modified
/etc/resolv.conf, which also worked as expected with capabilities enabled.
This is actually an interesting corner case.
Hi,
On Thu, Mar 31, 2022 at 03:20:59PM +0200, David Sommerseth wrote:
> I've also run a few tests using an --up script which modified
> /etc/resolv.conf, which also worked as expected with capabilities enabled.
This is actually an interesting corner case. As far as I understand,
--up runs befor
On 30/03/2022 22:55, Timo Rothenpieler wrote:
---
Using libcap-ng now
configure.ac | 19 +
distro/systemd/openvpn-cli...@.service.in | 2 +-
distro/systemd/openvpn-ser...@.service.in | 2 +-
src/openvpn/init.c| 25 ++-
src/ope
On 31/03/2022 13:34, Gert Doering wrote:
Hi,
On Thu, Mar 31, 2022 at 01:29:28PM +0200, Timo Rothenpieler wrote:
That's exactly what the patch does.
Which I very much like :-) (I said that on IRC already, repeating here
for the list archive)
Only difference is that for sitnl, to avoid break
Hi,
On Thu, Mar 31, 2022 at 01:29:28PM +0200, Timo Rothenpieler wrote:
> That's exactly what the patch does.
Which I very much like :-) (I said that on IRC already, repeating here
for the list archive)
> Only difference is that for sitnl, to avoid breaking existing setups, it
> will fall back
On 31.03.2022 13:02, Gert Doering wrote:
Hi,
On Thu, Mar 31, 2022 at 12:06:06PM +0200, David Sommerseth wrote:
There is however another related challenge in OpenVPN 2.x, which became
even clearer than be fore with the sitnl implementation we switched over
to on Linux by default with v2.5. When
Hi,
On Thu, Mar 31, 2022 at 12:06:06PM +0200, David Sommerseth wrote:
> There is however another related challenge in OpenVPN 2.x, which became
> even clearer than be fore with the sitnl implementation we switched over
> to on Linux by default with v2.5. When using --user/--group without
> --p
I am willing to work on making the netcfg service even less "OpenVPN 3
centric", and it has a potential to grow towards a generic VPN API on
Linux. The current D-Bus interface it uses is highly inspired by the
Android VPN API. But this won't happen in a short time and not in time
for the Op
On 31/03/2022 08:53, Jan Just Keijser wrote:
Hi,
On 30/03/22 22:55, Timo Rothenpieler wrote:
---
Using libcap-ng now
sorry to butt in late, but I've got a nasty feeling about this... the
whole purpose of using
--user
is, according to the man page
--user user
Change t
Hi,
On 30/03/22 22:55, Timo Rothenpieler wrote:
---
Using libcap-ng now
sorry to butt in late, but I've got a nasty feeling about this... the
whole purpose of using
--user
is, according to the man page
--user user
Change the user ID of the OpenVPN process to user after
---
Using libcap-ng now
configure.ac | 19 +
distro/systemd/openvpn-cli...@.service.in | 2 +-
distro/systemd/openvpn-ser...@.service.in | 2 +-
src/openvpn/init.c| 25 ++-
src/openvpn/platform.c| 91 +
16 matches
Mail list logo
