[Unit]
Description=Connection service
-DefaultDependencies=false
Conflicts=shutdown.target
RequiresMountsFor=@localstatedir@/lib/connman
-After=dbus.service network-pre.target systemd-sysusers.service
+After=dbus.service network-pre.target systemd-sysusers.service net-config.service
Before=network.target multi-user.target shutdown.target
Wants=network.target
[Service]
Type=dbus
+User=network_fw
+Group=network_fw
BusName=net.connman
Restart=on-failure
-ExecStart=@sbindir@/connmand -n
+SmackProcessLabel=System
+ExecStart=@bindir@/connmand -n --nobacktrace --noplugin vpn
StandardOutput=null
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_ADMIN
-ProtectHome=true
-ProtectSystem=full
+Capabilities=cap_setgid,cap_net_admin,cap_net_bind_service,cap_net_broadcast,cap_net_raw,cap_dac_override=i
+SecureBits=keep-caps
[Install]
WantedBy=multi-user.target