Home Explore Help
Register Sign In
Apq
/
sing-box
mirror of https://github.com/SagerNet/sing-box.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

release: Fix systemd permissions

Gavin Luo 8 months ago
parent
93b68312cf
commit
7eb3535094
3 changed files with 6 additions and 6 deletions
Split View Show Diff Stats
  1. 2 2
      release/config/sing-box.service
  2. 2 2
      release/config/[email protected]
  3. 2 2
      release/local/sing-box.service

+ 2 - 2
release/config/sing-box.service
View File 

@@ -4,8 +4,8 @@ Documentation=https://sing-box.sagernet.org
 
 After=network.target nss-lookup.target network-online.target
 
 
 [Service]
 
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
 
-AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
 
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
 
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
 
 ExecStart=/usr/bin/sing-box -D /var/lib/sing-box -C /etc/sing-box run
 
 ExecReload=/bin/kill -HUP $MAINPID
 
 Restart=on-failure

+ 2 - 2
release/config/[email protected]
View File 

@@ -4,8 +4,8 @@ Documentation=https://sing-box.sagernet.org
 
 After=network.target nss-lookup.target network-online.target
 
 
 [Service]
 
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
 
-AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
 
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
 
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
 
 ExecStart=/usr/bin/sing-box -D /var/lib/sing-box-%i -c /etc/sing-box/%i.json run
 
 ExecReload=/bin/kill -HUP $MAINPID
 
 Restart=on-failure

+ 2 - 2
release/local/sing-box.service
View File 

@@ -4,8 +4,8 @@ Documentation=https://sing-box.sagernet.org
 
 After=network.target nss-lookup.target network-online.target
 
 
 [Service]
 
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
 
-AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
 
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
 
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
 
 ExecStart=/usr/local/bin/sing-box -D /var/lib/sing-box -C /usr/local/etc/sing-box run
 
 ExecReload=/bin/kill -HUP $MAINPID
 
 Restart=on-failure