Debugging missing capability in systemd services

by Francis   Last Updated July 11, 2019 20:00 PM

My OpenVPN server is unable to execute a python script configured as --learn-address when the daemon is launched as a systemd service. It works fine when launched manually as root. I found that it also work as a systemd service if I comment the following line in /etc/systemd/system/[email protected]:

CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_AUDIT_WRITE

So, I guess my problem is related to a missing Capability. How can I debug that to find out what's missing? OpenVPN log just say WARNING: Failed running command (--learn-address): external program exited with error status: 1. I find nothing related to this in the syslog either.



Related Questions


OpenVpn server mode + systemd -- unable to run

Updated May 27, 2017 06:00 AM


ubuntu 16.04 openvpn 2.3 disable

Updated May 21, 2018 09:00 AM

Systemd dependency not working

Updated February 21, 2019 23:00 PM