From: Matthias Maier <tamiko@kyomu.43-1.org>
Date: Sat, 14 Jun 2014 11:51:59 +0200
Subject: [PATCH] Add uid/gid and chroot separation

---
 src/nm-openvpn-service.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c
index 7b4cbd7..9208e0b 100644
--- a/src/nm-openvpn-service.c
+++ b/src/nm-openvpn-service.c
@@ -1058,6 +1058,13 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
 		return FALSE;
 	}
 
+        add_openvpn_arg (args, "--user");
+        add_openvpn_arg (args, "nm-openvpn");
+        add_openvpn_arg (args, "--group");
+        add_openvpn_arg (args, "nm-openvpn");
+        add_openvpn_arg (args, "--chroot");
+        add_openvpn_arg (args, "/var/lib/openvpn/chroot");
+
 	g_ptr_array_add (args, NULL);
 
 	if (!g_spawn_async (NULL, (char **) args->pdata, NULL,
-- 
1.8.5.5