diff options
| author | spyophobia | 2023-06-01 11:06:47 +0800 |
|---|---|---|
| committer | spyophobia | 2023-06-01 11:12:19 +0800 |
| commit | 035e05943786c96bac7c000d347964c1d45a98ba (patch) | |
| tree | 89a14fa7048d341874d75e92a5c770cdc6aec1e8 | |
| parent | 47bbe31c33bb87fbdb7793ea587b246b078c5568 (diff) | |
| download | aur-035e05943786c96bac7c000d347964c1d45a98ba.tar.gz | |
Add required capabilities to units
| -rw-r--r-- | .SRCINFO | 4 | ||||
| -rw-r--r-- | PKGBUILD | 4 | ||||
| -rw-r--r-- | shadowsocks-rust-server@.service | 4 | ||||
| -rw-r--r-- | shadowsocks-rust@.service | 4 |
4 files changed, 10 insertions, 6 deletions
@@ -19,8 +19,8 @@ pkgbase = shadowsocks-rust-bin source = https://github.com/shadowsocks/shadowsocks-rust/raw/v1.15.3/examples/config.json source = https://github.com/shadowsocks/shadowsocks-rust/raw/v1.15.3/examples/config_ext.json sha512sums = 6d7014061bf4014faec823aa1da91f990d034c21005cbee30de7ee62744201fba7d09d58a9e536d8e63bfa6fe951107ee68482b583d887b6e358f3c3eec89b85 - sha512sums = 3a79d6958e61e891d208cea17b02ed5fe0318bbecc8d1bda7b8297e6ffdad186a86cf0fc55cb2904ed67bd460856f7136b6550ab493de31435df97285279d47d - sha512sums = 23a33b6e43ac5e91866c0aab8b0166790559ebdb49b3ea91393a977d2636a0c75f99544f559e0a248be1eb54e6bf8ad1cda8887a85d773a9214de16c4f223f1f + sha512sums = 1aa9e629bb3bf3bbf834cb1b8fe96ed86d400e60c95294b0f67f5b4d7a897ea9acfff6744b457b2850c397f97cd284c8d7fff5de555e5b11740733cd96f809a2 + sha512sums = d52ea3fa8f0673a831db33557e1b1aae2b2ddde91e03e86a69f6bde4ba714d63fea277de314693cb6a941fe5745b945ca1b688b86180fb8e2707cdecc1eb9445 sha512sums = 9a0b81d82bf897c5461d75d941cd604cbd7f32d00c2bf775f17b37b77fcf5734903d2ec666ba9a6a340e77f31018b5dbbb8ea597797c6a00c6b1f3e2f47127e6 sha512sums = 4ac52e6fe04e02543f54d57fccfd863f18b157fd28fb61c9a56ba46269b9dff410a80960943d911afa55b45c3fc42e98d91f8bb75e9103abf3f3dbfffb73a6e0 source_x86_64 = https://github.com/shadowsocks/shadowsocks-rust/releases/download/v1.15.3/shadowsocks-v1.15.3.x86_64-unknown-linux-gnu.tar.xz @@ -25,8 +25,8 @@ source_armv7h=("${url}/releases/download/v${pkgver}/shadowsocks-v${pkgver}.arm-u source_aarch64=("${url}/releases/download/v${pkgver}/shadowsocks-v${pkgver}.aarch64-unknown-linux-gnu.tar.xz") sha512sums=('6d7014061bf4014faec823aa1da91f990d034c21005cbee30de7ee62744201fba7d09d58a9e536d8e63bfa6fe951107ee68482b583d887b6e358f3c3eec89b85' - '3a79d6958e61e891d208cea17b02ed5fe0318bbecc8d1bda7b8297e6ffdad186a86cf0fc55cb2904ed67bd460856f7136b6550ab493de31435df97285279d47d' - '23a33b6e43ac5e91866c0aab8b0166790559ebdb49b3ea91393a977d2636a0c75f99544f559e0a248be1eb54e6bf8ad1cda8887a85d773a9214de16c4f223f1f' + '1aa9e629bb3bf3bbf834cb1b8fe96ed86d400e60c95294b0f67f5b4d7a897ea9acfff6744b457b2850c397f97cd284c8d7fff5de555e5b11740733cd96f809a2' + 'd52ea3fa8f0673a831db33557e1b1aae2b2ddde91e03e86a69f6bde4ba714d63fea277de314693cb6a941fe5745b945ca1b688b86180fb8e2707cdecc1eb9445' '9a0b81d82bf897c5461d75d941cd604cbd7f32d00c2bf775f17b37b77fcf5734903d2ec666ba9a6a340e77f31018b5dbbb8ea597797c6a00c6b1f3e2f47127e6' '4ac52e6fe04e02543f54d57fccfd863f18b157fd28fb61c9a56ba46269b9dff410a80960943d911afa55b45c3fc42e98d91f8bb75e9103abf3f3dbfffb73a6e0') sha512sums_x86_64=('e0a44815ed884f09df337fce30ba2ff85dcede138dfce7e49623fe8766452f7cdb24f4be528fd0eba9d0a761d6cc8843bdf8531854a8273d078b8900f7008712') diff --git a/shadowsocks-rust-server@.service b/shadowsocks-rust-server@.service index cd7d406fa782..ab6ed35ae23c 100644 --- a/shadowsocks-rust-server@.service +++ b/shadowsocks-rust-server@.service @@ -6,7 +6,9 @@ Wants=network-online.target [Service] Type=simple DynamicUser=yes -CapabilityBoundingSet=CAP_NET_BIND_SERVICE +NoNewPrivileges=yes +CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_ADMIN +AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_ADMIN ExecStart=/usr/bin/ssservice server --log-without-time -c /etc/shadowsocks-rust/%i.json [Install] diff --git a/shadowsocks-rust@.service b/shadowsocks-rust@.service index e4485af028e0..044a204d1396 100644 --- a/shadowsocks-rust@.service +++ b/shadowsocks-rust@.service @@ -6,7 +6,9 @@ Wants=network-online.target [Service] Type=simple DynamicUser=yes -CapabilityBoundingSet=CAP_NET_BIND_SERVICE +NoNewPrivileges=yes +CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_ADMIN +AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_ADMIN ExecStart=/usr/bin/ssservice local --log-without-time -c /etc/shadowsocks-rust/%i.json [Install] |