Hi,
On 08/04/2022 13:18, Timo Rothenpieler wrote:
This one does not really look like it should be in "fallback:" - because
that way it always gets called, even if we jump there right at function
entry, if keep_caps == 0.
No, it's intentional. It ensures that it's printed even if we don't
HAVE
On 08/04/2022 11:35, Gert Doering wrote:
Hi,
On Thu, Apr 07, 2022 at 08:40:24PM +0200, Timo Rothenpieler wrote:
+else if (res < 0)
+{
+if (res == -3)
+{
+msg(M_NONFATAL, "Following error likely due to missing capability
CAP_SETPCAP.");
+}
+ms
Hi,
On Thu, Apr 07, 2022 at 08:40:24PM +0200, Timo Rothenpieler wrote:
> +else if (res < 0)
> +{
> +if (res == -3)
> +{
> +msg(M_NONFATAL, "Following error likely due to missing
> capability CAP_SETPCAP.");
> +}
> +msg(err_flags | M_ERRNO, "capn
On Linux, when dropping privileges, interaction with
the network configuration, such as tearing down routes
or ovpn-dco interfaces will fail when --user/--group are
used.
This patch sets the CAP_NET_ADMIN capability, which grants
the needed privileges during the lifetime of the OpenVPN
process whe
