FS#52959 - [shadowsocks-libev] Please change the service owner from nobody to root.

Attached to Project: Community Packages
Opened by Eric Wang (enihcam) - Tuesday, 14 February 2017, 02:40 GMT
Last edited by Doug Newgard (Scimmia) - Tuesday, 27 June 2017, 15:55 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Felix Yan (felixonmars)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:
Please change the service owner from nobody to root, because ss-redir requires ROOT permission to access IP_TRANSPARENT. For more details: https://github.com/shadowsocks/shadowsocks-libev/issues/1252

Additional info:
* package version(s)
* config and/or log files etc.


Steps to reproduce:
This task depends upon

Closed by  Doug Newgard (Scimmia)
Tuesday, 27 June 2017, 15:55 GMT
Reason for closing:  Fixed
Additional comments about closing:  shadowsocks-libev 3.0.7-2
Comment by Eric Wang (enihcam) - Tuesday, 14 February 2017, 02:42 GMT
Forgot to mention: The issue only affects shadowsocks-libev-redir@.service.
Comment by Eric Wang (enihcam) - Wednesday, 15 February 2017, 00:41 GMT
According to https://github.com/shadowsocks/shadowsocks-libev/commit/7467f0798468cac7a78fc0ecbf59cc645327a858, the issue can be fixed by

diff --git a/shadowsocks-libev/trunk/shadowsocks-libev.install b/shadowsocks-libev/trunk/shadowsocks-libev.install
index b8e175c..d6088f8 100644
--- a/shadowsocks-libev/trunk/shadowsocks-libev.install
+++ b/shadowsocks-libev/trunk/shadowsocks-libev.install
@@ -2,7 +2,7 @@ post_install() {
setcap cap_net_bind_service+ep usr/bin/ss-local 2>/dev/null
setcap cap_net_bind_service+ep usr/bin/ss-server 2>/dev/null
setcap cap_net_bind_service+ep usr/bin/ss-tunnel 2>/dev/null
- setcap cap_net_bind_service+ep usr/bin/ss-redir 2>/dev/null
+ setcap cap_net_bind_service,cap_net_admin+ep usr/bin/ss-redir 2>/dev/null
}

Loading...