On Tue, 2015-12-01 at 15:32 +0200, Patrik Flykt wrote:
Have systemd set /home and /run/users read only as VPN certificates
be stored also in these directories. Protect other directories in the
system by making also them read only. The directory options affect also
all VPN applications started by connman-vpnd.
Restrict capabilities to a subset necessary for normal operations.
Applied, works at least for me with openconnect.