FS#75655 - [clash] 1.11.4-1 Add setcap attribute to systemd units to enable DNS server binding at port 53

Attached to Project: Community Packages
Opened by Caesar Woo (caesarw) - Friday, 19 August 2022, 18:15 GMT
Last edited by Buggy McBugFace (bugbot) - Saturday, 25 November 2023, 20:08 GMT
Task Type Feature Request
Category Packages
Status Closed
Assigned To Felix Yan (felixonmars)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:

When using the clash package from the community repository and configured local DNS server with it, error occurs when clash tries to bind to port 53.

Additional info:
* package version(s): 1.11.4-1

Steps to reproduce:
1. Install clash package
2. Enable clash's local DNS server and bind it to 127.0.0.1:53 in the configuration
3. Start clash systemd service with "sudo systemctl start clash@[username]"
3. clash reports error with "ERRO[0000] Start DNS server error: listen udp 127.0.0.1:53: bind: permission denied"

Proposed solution:
1. Adding these two lines to the [Service] section in the clash@.service unit
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
to give a temporary capability to the clash process spawned by systemd. (Sample service unit is attached)
This task depends upon

Closed by  Buggy McBugFace (bugbot)
Saturday, 25 November 2023, 20:08 GMT
Reason for closing:  Moved
Additional comments about closing:  https://gitlab.archlinux.org/archlinux/p ackaging/packages/clash/issues/1

Loading...