openvpn: added --user, --group, --chroot

author: Toni Uhlig <matzeton@googlemail.com> 2018-02-18 12:11:01 +0100
committer: Toni Uhlig <matzeton@googlemail.com> 2018-07-15 20:29:54 +0200
commit: 9d8ce72f7c0aea0e0e17ce50ed4543ac04ca7c1c (patch)
tree: 7f290558b53d383f2202cc8914ec0cc15f4260ed
parent: 0f54489f754e7bd34e0430c57a11b6a54740d58e (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/package/network/services/openvpn/files/openvpn.init b/package/network/services/openvpn/files/openvpn.init
index ab4f7dba0d..704f7ac483 100644
--- a/package/network/services/openvpn/files/openvpn.init
+++ b/package/network/services/openvpn/files/openvpn.init
@@ -65,7 +65,10 @@ openvpn_add_instance() {
 		--syslog "openvpn($name)" \
 		--status "/var/run/openvpn.$name.status" \
 		--cd "$dir" \
-		--config "$conf"
+		--config "$conf" \
+		--user nobody \
+		--group nogroup \
+		--chroot /var/tmp/openvpn
 	procd_set_param file "$dir/$conf"
 	procd_set_param respawn
 	procd_append_param respawn 3600
@@ -86,6 +89,7 @@ start_instance() {
 	}
 
 	[ ! -d "/var/run" ] && mkdir -p "/var/run"
+	[ ! -d "/var/tmp/openvpn" ] && mkdir -p "/var/tmp/openvpn"
 
 	if [ ! -z "$config" ]; then
 		append UCI_STARTED "$config" "$LIST_SEP"
author	Toni Uhlig <matzeton@googlemail.com>	2018-02-18 12:11:01 +0100
committer	Toni Uhlig <matzeton@googlemail.com>	2018-07-15 20:29:54 +0200
commit	9d8ce72f7c0aea0e0e17ce50ed4543ac04ca7c1c (patch)
tree	7f290558b53d383f2202cc8914ec0cc15f4260ed
parent	0f54489f754e7bd34e0430c57a11b6a54740d58e (diff)