File 0101-harden_connman-vpn.service.patch of Package connman

Index: connman-1.40/vpn/connman-vpn.service.in
===================================================================
--- connman-1.40.orig/vpn/connman-vpn.service.in
+++ connman-1.40/vpn/connman-vpn.service.in
@@ -9,6 +9,15 @@ StandardOutput=null
 CapabilityBoundingSet=CAP_KILL CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_CHOWN CAP_FOWNER
 ProtectHome=read-only
 ProtectSystem=full
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 
 [Install]
 WantedBy=multi-user.target
openSUSE Build Service is sponsored by