[arch-dev-public] Preparing OpenVPN 2.4.x - possible incompatible changes
Giancarlo Razzolini
grazzolini at archlinux.org
Fri Dec 2 14:39:20 UTC 2016
Em dezembro 2, 2016 12:08 Christian Hesse escreveu:
>
> Well, you could provide a sudoers file, a wrapper with 'sudo /usr/bin/ip $@'
> and add '--iproute /path/to/wrapper' in your unit file.
Sure. But I guess that the question we must ask is, do we want all this
on our OpenVPN package? I know they are small additions, but wouldn't they
be better on an optional dependency or something? If not, then we could add
a /usr/bin/unpriv-ip, and a /etc/sudoers.d file giving openvpn user permission
to run it.
I just need to come up with a proper sudo rule giving permission just to do
what OpenVPN needs to do and deny netns exec, for instance.
Cheers,
Giancarlo Razzolini.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 870 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-dev-public/attachments/20161202/f1699c08/attachment.asc>
More information about the arch-dev-public
mailing list