chunyu/sing-box
1
0
Fork 0
mirror of https://github.com/SagerNet/sing-box.git synced 2025-06-08 11:44:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix tun mode bug

Browse Source
This commit is contained in:
yingziwu 2022-09-06 23:26:18 +08:00 committed by GitHub
parent 824d807f24
commit e2f0467c70
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
release/config/sing-box.service
View File

@ -19,14 +19,15 @@ StateDirectory=sing-box
Environment=XDG_DATA_HOME=/var/lib/sing-box Environment=XDG_DATA_HOME=/var/lib/sing-box
# Hardening options # Hardening options
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
DevicePolicy=closed DevicePolicy=closed
LockPersonality=true LockPersonality=true
MemoryAccounting=true MemoryAccounting=true
MemoryDenyWriteExecute=true MemoryDenyWriteExecute=true
NoNewPrivileges=true NoNewPrivileges=true
PrivateDevices=true DeviceAllow=/dev/net/tun
PrivateDevices=false
PrivateTmp=true PrivateTmp=true
ProcSubset=pid ProcSubset=pid
ProtectClock=true ProtectClock=true

7
release/config/sing-box@.service
View File

@ -19,14 +19,15 @@ StateDirectory=sing-box
Environment=XDG_DATA_HOME=/var/lib/sing-box Environment=XDG_DATA_HOME=/var/lib/sing-box
# Hardening options # Hardening options
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
DevicePolicy=closed DevicePolicy=closed
LockPersonality=true LockPersonality=true
MemoryAccounting=true MemoryAccounting=true
MemoryDenyWriteExecute=true MemoryDenyWriteExecute=true
NoNewPrivileges=true NoNewPrivileges=true
PrivateDevices=true DeviceAllow=/dev/net/tun
PrivateDevices=false
PrivateTmp=true PrivateTmp=true
ProcSubset=pid ProcSubset=pid
ProtectClock=true ProtectClock=true