From ef0882c8f90de0ee421ce243b263e806ffb714cc Mon Sep 17 00:00:00 2001
From: Alberto Gonzalez Iniesta <agi@inittab.org>
Date: Thu, 13 Aug 2015 11:55:01 +0200
Subject: Fix #792907 and improve @.service options

---
 debian/openvpn@.service | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'debian/openvpn@.service')

diff --git a/debian/openvpn@.service b/debian/openvpn@.service
index 07f9e5b..b438168 100644
--- a/debian/openvpn@.service
+++ b/debian/openvpn@.service
@@ -7,12 +7,16 @@ Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
 Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
 
 [Service]
+PrivateTmp=true
+KillMode=mixed
 Type=forking
-ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.conf
+ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.conf --writepid /run/openvpn-%i.pid
+PIDFile=/run/openvpn-%i.pid
 ExecReload=/bin/kill -HUP $MAINPID
 WorkingDirectory=/etc/openvpn
 ProtectSystem=yes
 CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH
+LimitNPROC=10
 DeviceAllow=/dev/null rw
 DeviceAllow=/dev/net/tun rw
 
-- 
cgit v1.2.3