FS#46132 - [networkmanager-openvpn] add tmpfiles.d configuration file to allow chrooting
Attached to Project:
Arch Linux
Opened by Mauro Santos (R00KIE) - Friday, 28 August 2015, 15:18 GMT
Last edited by Jan Alexander Steffens (heftig) - Saturday, 03 June 2023, 00:29 GMT
Opened by Mauro Santos (R00KIE) - Friday, 28 August 2015, 15:18 GMT
Last edited by Jan Alexander Steffens (heftig) - Saturday, 03 June 2023, 00:29 GMT
|
Details
Description:
This feature request is related to (nm-openvpn-service:29276): nm-openvpn-WARNING **: Directory '/var/lib/openvpn/chroot' not usable for chroot by 'nm-openvpn', openvpn will not be chrooted. To make this work the following configuration file for tmpfiles.d can be used: nm-openvpn.conf: d /var/lib/openvpn/chroot - nm-openvpn nm-openvpn - d /var/lib/openvpn/chroot/tmp - nm-openvpn nm-openvpn - When /var/lib/openvpn/chroot and /var/lib/openvpn/chroot/tmp exist with the correct permissions (both must be writable by nm-openvpn) the following can be found in the logs: nm-openvpn[29367]: chroot to '/var/lib/openvpn/chroot' and cd to '/' succeeded nm-openvpn[29367]: GID set to nm-openvpn nm-openvpn[29367]: UID set to nm-openvpn nm-openvpn[29367]: Initialization Sequence Completed Additional info: networkmanager-openvpn 1.0.6-2 Steps to reproduce: Connect to a vpn without the proper temporary directories in place and check the logs. Create /usr/lib/tmpfiles.d/nm-openvpn.conf with the contents previously described, run 'systemd-tmpfiles --create /usr/lib/tmpfiles.d/nm-openvpn.conf' as root, connect to a vpn and check the logs. |
This task depends upon
Closed by Jan Alexander Steffens (heftig)
Saturday, 03 June 2023, 00:29 GMT
Reason for closing: Won't implement
Additional comments about closing: Seems to be buggy.
Saturday, 03 June 2023, 00:29 GMT
Reason for closing: Won't implement
Additional comments about closing: Seems to be buggy.
I suppose that those directories could also be owned by the package and be tracked by pacman instead of being untracked if created in the post_upgrade or post_install.
Yes, that would be even better...
Also as a rule the install script should probably be replaced by sysusers.d
If the chroot directory needs to be owned by the nm-openvpn user, tmpfiles.d has precedence as something to use in preference to another hardcoded UID/GID. ;)
I don't use it, but AFAICT the issue still exists. The PM always has the option to close as "Won't implement"...
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820554
https://salsa.debian.org/utopia-team/network-manager-openvpn/-/commit/4d3c6694cd8bff884c00dad968dd8709d71f6e6f