Home Explore Help
Register Sign In
Apq
/
sing-box
mirror of https://github.com/SagerNet/sing-box.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Fix systemd service caps for process sniffing

Gavin Luo 2 years ago
parent
9db3cb5cb7
commit
4833f6d5db
3 changed files with 6 additions and 6 deletions
Split View Show Diff Stats
  1. 2 2
      release/config/sing-box.service
  2. 2 2
      release/config/[email protected]
  3. 2 2
      release/local/sing-box.service

+ 2 - 2
release/config/sing-box.service
View File 

@@ -5,8 +5,8 @@ After=network.target nss-lookup.target
 
 
 [Service]
 
 WorkingDirectory=/var/lib/sing-box
 
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
 
-AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
 
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
 
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
 
 ExecStart=/usr/bin/sing-box run -c /etc/sing-box/config.json
 
 Restart=on-failure
 
 RestartSec=10s

+ 2 - 2
release/config/[email protected]
View File 

@@ -5,8 +5,8 @@ After=network.target nss-lookup.target
 
 
 [Service]
 
 WorkingDirectory=/var/lib/sing-box-%i
 
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
 
-AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
 
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
 
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
 
 ExecStart=/usr/bin/sing-box run -c /etc/sing-box/%i.json
 
 Restart=on-failure
 
 RestartSec=10s

+ 2 - 2
release/local/sing-box.service
View File 

@@ -5,8 +5,8 @@ After=network.target nss-lookup.target
 
 
 [Service]
 
 WorkingDirectory=/var/lib/sing-box
 
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
 
-AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
 
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
 
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
 
 ExecStart=/usr/local/bin/sing-box run -c /usr/local/etc/sing-box/config.json
 
 Restart=on-failure
 
 RestartSec=10s