[Service]
Type=dbus
+User=network_fw
+Group=network_fw
BusName=net.connman
Restart=on-failure
SmackProcessLabel=System
-ExecStart=@sbindir@/connmand -n --noplugin vpn
+ExecStart=@bindir@/connmand -n --nobacktrace --noplugin vpn
StandardOutput=null
-CapabilityBoundingSet=~CAP_MAC_ADMIN
-CapabilityBoundingSet=~CAP_MAC_OVERRIDE
+Capabilities=cap_setgid,cap_net_admin,cap_net_bind_service,cap_net_broadcast,cap_net_raw,cap_dac_override=i
+SecureBits=keep-caps
[Install]
WantedBy=multi-user.target