[arch-dev-public] Preparing OpenVPN 2.4.x - possible incompatible changes

Giancarlo Razzolini grazzolini at archlinux.org
Fri Dec 2 14:39:20 UTC 2016

Em dezembro 2, 2016 12:08 Christian Hesse escreveu:
> Well, you could provide a sudoers file, a wrapper with 'sudo /usr/bin/ip $@'
> and add '--iproute /path/to/wrapper' in your unit file.

Sure. But I guess that the question we must ask is, do we want all this
on our OpenVPN package? I know they are small additions, but wouldn't they
be better on an optional dependency or something? If not, then we could add
a /usr/bin/unpriv-ip, and a /etc/sudoers.d file giving openvpn user permission
to run it.

I just need to come up with a proper sudo rule giving permission just to do
what OpenVPN needs to do and deny netns exec, for instance.

Giancarlo Razzolini.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 870 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-dev-public/attachments/20161202/f1699c08/attachment.asc>

More information about the arch-dev-public mailing list