Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#75655 - [clash] 1.11.4-1 Add setcap attribute to systemd units to enable DNS server binding at port 53
Attached to Project:
Community Packages
Opened by Caesar Woo (caesarw) - Friday, 19 August 2022, 18:15 GMT
Last edited by Toolybird (Toolybird) - Friday, 19 August 2022, 22:30 GMT
Opened by Caesar Woo (caesarw) - Friday, 19 August 2022, 18:15 GMT
Last edited by Toolybird (Toolybird) - Friday, 19 August 2022, 22:30 GMT
|
DetailsDescription:
When using the clash package from the community repository and configured local DNS server with it, error occurs when clash tries to bind to port 53. Additional info: * package version(s): 1.11.4-1 Steps to reproduce: 1. Install clash package 2. Enable clash's local DNS server and bind it to 127.0.0.1:53 in the configuration 3. Start clash systemd service with "sudo systemctl start clash@[username]" 3. clash reports error with "ERRO[0000] Start DNS server error: listen udp 127.0.0.1:53: bind: permission denied" Proposed solution: 1. Adding these two lines to the [Service] section in the clash@.service unit CapabilityBoundingSet=CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_BIND_SERVICE to give a temporary capability to the clash process spawned by systemd. (Sample service unit is attached) 
clash@.service
(0.3 KiB)
|
This task depends upon