mirror of
https://github.com/SagerNet/sing-box.git
synced 2024-11-22 00:21:30 +00:00
Fix systemd service caps for process sniffing
This commit is contained in:
parent
9db3cb5cb7
commit
4833f6d5db
|
@ -5,8 +5,8 @@ After=network.target nss-lookup.target
|
|||
|
||||
[Service]
|
||||
WorkingDirectory=/var/lib/sing-box
|
||||
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
|
||||
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
|
||||
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
|
||||
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
|
||||
ExecStart=/usr/bin/sing-box run -c /etc/sing-box/config.json
|
||||
Restart=on-failure
|
||||
RestartSec=10s
|
||||
|
|
|
@ -5,8 +5,8 @@ After=network.target nss-lookup.target
|
|||
|
||||
[Service]
|
||||
WorkingDirectory=/var/lib/sing-box-%i
|
||||
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
|
||||
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
|
||||
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
|
||||
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
|
||||
ExecStart=/usr/bin/sing-box run -c /etc/sing-box/%i.json
|
||||
Restart=on-failure
|
||||
RestartSec=10s
|
||||
|
|
|
@ -5,8 +5,8 @@ After=network.target nss-lookup.target
|
|||
|
||||
[Service]
|
||||
WorkingDirectory=/var/lib/sing-box
|
||||
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
|
||||
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
|
||||
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
|
||||
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
|
||||
ExecStart=/usr/local/bin/sing-box run -c /usr/local/etc/sing-box/config.json
|
||||
Restart=on-failure
|
||||
RestartSec=10s
|
||||
|
|
Loading…
Reference in a new issue