Re: [Openvpn-users] ERROR: setrlimit() failed: Operation not permitted (errno=1)

2021-03-20 Thread David Sommerseth
On 20/03/2021 22:13, Selva Nair wrote: HI, On Sat, Mar 20, 2021 at 4:57 PM Gert Doering > wrote: Hi, On Sat, Mar 20, 2021 at 12:20:45PM -0400, Selva Nair wrote: > We should have probably made this not a FATAL error. The rules could be twisted a bi

Re: [Openvpn-users] ERROR: setrlimit() failed: Operation not permitted (errno=1)

2021-03-20 Thread Selva Nair
HI, On Sat, Mar 20, 2021 at 4:57 PM Gert Doering wrote: > Hi, > > On Sat, Mar 20, 2021 at 12:20:45PM -0400, Selva Nair wrote: > > We should have probably made this not a FATAL error. > > The rules could be twisted a bit ("if uid == 0 then not fatal"), but > generally speaking, we setrlimit() to

Re: [Openvpn-users] ERROR: setrlimit() failed: Operation not permitted (errno=1)

2021-03-20 Thread Gert Doering
Hi, On Sat, Mar 20, 2021 at 12:20:45PM -0400, Selva Nair wrote: > We should have probably made this not a FATAL error. The rules could be twisted a bit ("if uid == 0 then not fatal"), but generally speaking, we setrlimit() to avoid running into memory issues later on - and if that fails, someone

Re: [Openvpn-users] ERROR: setrlimit() failed: Operation not permitted (errno=1)

2021-03-20 Thread tincanteksup
TYVM btw On 20/03/2021 16:20, Selva Nair wrote: Hi, If restricting capabilities, I think you will need to add CAP_SYS_RESOURCE to the bounding set in the systemd unit file. We should have probably made this not a FATAL error. Selva On Sat, Mar 20, 2021 at 12:00 PM tincanteksup wrote: It sh

Re: [Openvpn-users] ERROR: setrlimit() failed: Operation not permitted (errno=1)

2021-03-20 Thread tincanteksup
Hi, On 20/03/2021 16:20, Selva Nair wrote: Hi, If restricting capabilities, I think you will need to add CAP_SYS_RESOURCE to the bounding set in the systemd unit file. Confirmed: This solved it. We should have probably made this not a FATAL error. Selva On Sat, Mar 20, 2021 at 12:00 PM

Re: [Openvpn-users] ERROR: setrlimit() failed: Operation not permitted (errno=1)

2021-03-20 Thread Selva Nair
Hi, If restricting capabilities, I think you will need to add CAP_SYS_RESOURCE to the bounding set in the systemd unit file. We should have probably made this not a FATAL error. Selva On Sat, Mar 20, 2021 at 12:00 PM tincanteksup wrote: > It should make no difference but I do not use --user/-

Re: [Openvpn-users] ERROR: setrlimit() failed: Operation not permitted (errno=1)

2021-03-20 Thread tincanteksup
FTR: root@home:/etc/openvpn# /home/tct/openvpn/master/src/openvpn/openvpn --version OpenVPN 2.6_git [git:master/476990d41ad78ac4+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 17 2021 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10 Originally

Re: [Openvpn-users] ERROR: setrlimit() failed: Operation not permitted (errno=1)

2021-03-20 Thread tincanteksup
Starting from cmd line works, so something about systemd ? ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users

Re: [Openvpn-users] ERROR: setrlimit() failed: Operation not permitted (errno=1)

2021-03-20 Thread tincanteksup
It should make no difference but I do not use --user/--group or --chroot ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users

[Openvpn-users] ERROR: setrlimit() failed: Operation not permitted (errno=1)

2021-03-20 Thread tincanteksup
Hi, --mlock does not seem to work for me.. Same server as below, started without --mlock works normally. Same Server using --mlock fails. Using latest git/master/openvpn: 2021-03-20 15:27:03 us=127228 OpenVPN 2.6_git [git:master/476990d41ad78ac4+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO]