DA: Add exception check for time logic

[platform/upstream/connman.git] / vpn / connman-vpn.service.in

diff --git a/vpn/connman-vpn.service.in b/vpn/connman-vpn.service.in
old mode 100644 (file)
new mode 100755 (executable)
index de65a70..a8f2948
--- a/vpn/connman-vpn.service.in
+++ b/vpn/connman-vpn.service.in
@@ -5,9 +5,16 @@ After=dbus.socket
 
 [Service]
 Type=dbus
+User=network_fw
+Group=network_fw
 BusName=net.connman.vpn
-ExecStart=@sbindir@/connman-vpnd -n
+SmackProcessLabel=System
+ExecStart=@bindir@/connman-vpnd -n
 StandardOutput=null
+Capabilities=cap_net_admin,cap_net_bind_service,cap_net_broadcast,cap_net_raw,cap_dac_override=i
+SecureBits=keep-caps
+ProtectHome=read-only
+ProtectSystem=full
 
 [Install]
 WantedBy=multi-user.target