[SRU] OpenVPN will not reload due to misconfigured .service file
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openvpn (Ubuntu) |
Fix Released
|
Medium
|
Lucas Kanashiro | ||
Bionic |
Fix Released
|
Medium
|
Lucas Kanashiro | ||
Eoan |
Fix Released
|
Medium
|
Lucas Kanashiro | ||
Focal |
Fix Released
|
Medium
|
Lucas Kanashiro |
Bug Description
[Impact]
The command 'systemctl reload openvpn @ $ foo' is broken for a while and no one have reported that. Users should not be using it a lot. After some investigation we notice the restart command does basically the same thing, and users should be using restart and not reload. Our proposal here is to drop the reload support (it is not mandatory) to avoid users getting errors while trying to use it.
[Test Case]
* Setup an OpenVPN server
* Try to reload the service: $ systemctl reload openvpn@$foo
$ sudo systemctl reload openvpn@server
Job for <email address hidden> failed.
See "systemctl status <email address hidden>" and "journalctl -xe" for details.
[Regression Potential]
The legacy systemd unit file were changed (openvpn.service and openvpn@.service), so if a regression is going to happen is there. We did not change any existent config, we simply removed the reload related config.
[Original Description]
OpenVPN will not reload due to misconfigured .service file
You remove CAP_KILL (by not listing it in CapabilityBound
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: openvpn 2.4.4-2ubuntu1.3
ProcVersionSign
Uname: Linux 4.15.0-91-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.12
Architecture: amd64
Date: Thu Mar 19 10:48:18 2020
InstallationDate: Installed on 2018-05-02 (686 days ago)
InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
XDG_RUNTIME_
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: openvpn
UpgradeStatus: No upgrade log present (probably fresh install)
modified.
Related branches
- Christian Ehrhardt (community): Approve
- Ubuntu Server Developers: Pending requested
-
Diff: 46 lines (+6/-3)3 files modifieddebian/changelog (+6/-0)
debian/openvpn.service (+0/-1)
debian/openvpn@.service (+0/-2)
- Christian Ehrhardt (community): Approve
- Ubuntu Server Developers: Pending requested
-
Diff: 46 lines (+6/-3)3 files modifieddebian/changelog (+6/-0)
debian/openvpn.service (+0/-1)
debian/openvpn@.service (+0/-2)
- Christian Ehrhardt (community): Approve
- Ubuntu Server Developers: Pending requested
-
Diff: 46 lines (+6/-3)3 files modifieddebian/changelog (+6/-0)
debian/openvpn.service (+0/-1)
debian/openvpn@.service (+0/-2)
- Christian Ehrhardt (community): Approve
- Canonical Server: Pending requested
-
Diff: 46 lines (+6/-3)3 files modifieddebian/changelog (+6/-0)
debian/openvpn.service (+0/-1)
debian/openvpn@.service (+0/-2)
CVE References
tags: | added: server-next |
Changed in openvpn (Ubuntu): | |
status: | New → Triaged |
Changed in openvpn (Ubuntu Bionic): | |
status: | New → Triaged |
Changed in openvpn (Ubuntu Eoan): | |
status: | New → Triaged |
Changed in openvpn (Ubuntu Focal): | |
status: | New → Triaged |
Changed in openvpn (Ubuntu Bionic): | |
assignee: | nobody → Lucas Kanashiro (lucaskanashiro) |
Changed in openvpn (Ubuntu Eoan): | |
assignee: | nobody → Lucas Kanashiro (lucaskanashiro) |
Changed in openvpn (Ubuntu Focal): | |
assignee: | nobody → Lucas Kanashiro (lucaskanashiro) |
Changed in openvpn (Ubuntu Bionic): | |
status: | Triaged → In Progress |
Changed in openvpn (Ubuntu Eoan): | |
status: | Triaged → In Progress |
Changed in openvpn (Ubuntu Focal): | |
status: | Triaged → In Progress |
description: | updated |
summary: |
- OpenVPN will not reload due to misconfigured .service file + [SRU] OpenVPN will not reload due to misconfigured .service file |
description: | updated |
(PS: issue also exists in 2.4.7-1ubuntu2)