diff options
author | everyx | 2023-01-19 12:45:11 +0800 |
---|---|---|
committer | everyx | 2023-01-19 12:45:11 +0800 |
commit | 3e388fcdba77144ca4e76d9d4bc75d0e92dafe1a (patch) | |
tree | bb0910b233ed119b6c63c37c5377ac9a8fe86a41 | |
parent | f05d9f6c06129ddb2fc80941157eedf830c29468 (diff) | |
download | aur-3e388fcdba77144ca4e76d9d4bc75d0e92dafe1a.tar.gz |
fix: systemd service caps for process sniffing
-rw-r--r-- | .SRCINFO | 2 | ||||
-rw-r--r-- | PKGBUILD | 4 |
2 files changed, 4 insertions, 2 deletions
@@ -1,7 +1,7 @@ pkgbase = sing-box pkgdesc = The universal proxy platform. pkgver = 1.1.4 - pkgrel = 1 + pkgrel = 2 url = https://sing-box.sagernet.org/ arch = x86_64 arch = i686 @@ -2,7 +2,7 @@ pkgname=sing-box pkgver=1.1.4 -pkgrel=1 +pkgrel=2 pkgdesc='The universal proxy platform.' arch=('x86_64' 'i686') @@ -40,6 +40,8 @@ build(){ ./cmd/sing-box sed -i "/^\[Service\]$/a User=${pkgname} + s|CapabilityBoundingSet=\(.*\)$|CapabilityBoundingSet=\1 CAP_SYS_PTRACE CAP_DAC_READ_SEARCH| + s|AmbientCapabilities=\(.*\)$|AmbientCapabilities=\1 CAP_SYS_PTRACE CAP_DAC_READ_SEARCH| s/WorkingDirectory=\(.*\)$/WorkingDirectory=-\1\nExecStartPre=+install -o ${pkgname} -g ${pkgname} -d -m 0700 \1/" release/config/${pkgname}*.service echo "u ${pkgname} - \"Sing-box Service\" - -" > "release/config/${pkgname}.sysusers" |