From e4544ee49501928e15c2174d1e4936dc6ff7d97e Mon Sep 17 00:00:00 2001
From: taesub kim <taesub.kim@samsung.com>
Date: Thu, 22 Jun 2017 17:49:20 +0900
Subject: Migrate root daemon to non root

Change-Id: I0d0afacc8a11fadc8128f6eef3f64f7a4ca8675b
Signed-off-by: Taesub Kim <taesub.kim@samsung.com>
---
 vpn/connman-vpn.service.in | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'vpn/connman-vpn.service.in')

diff --git a/vpn/connman-vpn.service.in b/vpn/connman-vpn.service.in
index 6cc59cbc..a4c294ec 100755
--- a/vpn/connman-vpn.service.in
+++ b/vpn/connman-vpn.service.in
@@ -5,12 +5,14 @@ After=dbus.socket
 
 [Service]
 Type=dbus
+User=network_fw
+Group=network_fw
 BusName=net.connman.vpn
 SmackProcessLabel=System
-ExecStart=@sbindir@/connman-vpnd -n
+ExecStart=@bindir@/connman-vpnd -n
 StandardOutput=null
-CapabilityBoundingSet=~CAP_MAC_ADMIN
-CapabilityBoundingSet=~CAP_MAC_OVERRIDE
+Capabilities=cap_net_admin,cap_net_bind_service,cap_net_broadcast,cap_net_raw=i
+SecureBits=keep-caps
 
 [Install]
 WantedBy=multi-user.target
-- 
cgit v1.2.3