Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[connman-vpn] Remove PrivateUsers option from service file. Contribut…
…es to JB#52008

Remove PrivateUsers option from connman-vpn.service because this breaks
connman-vpnd process access to the user's WLAN and VPN settings files.

When enabled this option creates new user namespace, but the process loses all
of the capabilities in the host (root) namespace. This means that connman-vpnd
loses CAP_DAC_IGNORE which prevents it from entering e.g. /home/defaultuser
directory. And because of the it can't access the saved WLAN and VPN settings,
so the connman service "forgets" all saved networks.

Also this option is not working on the old kernels like 3.10 making service
start fail.

Signed-off-by: Igor Zhbanov <i.zhbanov@omprussia.ru>
  • Loading branch information
izh1979 committed Dec 18, 2020
1 parent 9bab0f8 commit c98169c
Showing 1 changed file with 0 additions and 1 deletion.
1 change: 0 additions & 1 deletion connman/vpn/connman-vpn.service.in
Expand Up @@ -15,7 +15,6 @@ RestartSec=1
# Jolla Sandboxing
PrivateTmp=true
ProtectHome=false
PrivateUsers=true
ProtectControlGroups=true
DevicePolicy=closed
DeviceAllow=/dev/net/tun rw
Expand Down

0 comments on commit c98169c

Please sign in to comment.