FS#75655 - [clash] 1.11.4-1 Add setcap attribute to systemd units to enable DNS server binding at port 53
Attached to Project:
Community Packages
Opened by Caesar Woo (caesarw) - Friday, 19 August 2022, 18:15 GMT
Last edited by Buggy McBugFace (bugbot) - Saturday, 25 November 2023, 20:08 GMT
Opened by Caesar Woo (caesarw) - Friday, 19 August 2022, 18:15 GMT
Last edited by Buggy McBugFace (bugbot) - Saturday, 25 November 2023, 20:08 GMT
|
Details
Description:
When using the clash package from the community repository and configured local DNS server with it, error occurs when clash tries to bind to port 53. Additional info: * package version(s): 1.11.4-1 Steps to reproduce: 1. Install clash package 2. Enable clash's local DNS server and bind it to 127.0.0.1:53 in the configuration 3. Start clash systemd service with "sudo systemctl start clash@[username]" 3. clash reports error with "ERRO[0000] Start DNS server error: listen udp 127.0.0.1:53: bind: permission denied" Proposed solution: 1. Adding these two lines to the [Service] section in the clash@.service unit CapabilityBoundingSet=CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_BIND_SERVICE to give a temporary capability to the clash process spawned by systemd. (Sample service unit is attached) |
This task depends upon
Closed by Buggy McBugFace (bugbot)
Saturday, 25 November 2023, 20:08 GMT
Reason for closing: Moved
Additional comments about closing: https://gitlab.archlinux.org/archlinux/p ackaging/packages/clash/issues/1
Saturday, 25 November 2023, 20:08 GMT
Reason for closing: Moved
Additional comments about closing: https://gitlab.archlinux.org/archlinux/p ackaging/packages/clash/issues/1