|
|
@@ -1,26 +1,22 @@
|
|
|
[Unit]
|
|
|
-Description=V2Ray - A unified platform for anti-censorship - Profile -> %i
|
|
|
-Documentation=https://v2ray.com https://guide.v2fly.org
|
|
|
+Description=V2Ray Service
|
|
|
+Documentation=https://www.v2ray.com/ https://www.v2fly.org/
|
|
|
After=network.target nss-lookup.target
|
|
|
-Wants=network-online.target
|
|
|
|
|
|
[Service]
|
|
|
# If the version of systemd is 240 or above, then uncommenting Type=exec and commenting out Type=simple
|
|
|
#Type=exec
|
|
|
Type=simple
|
|
|
-# Runs as root or add CAP_NET_BIND_SERVICE ability can bind 1 to 1024 port.
|
|
|
# This service runs as root. You may consider to run it as another user for security concerns.
|
|
|
-# By uncommenting User=v2ray and commenting out User=root, the service will run as user v2ray.
|
|
|
+# By uncommenting User=nobody and commenting out User=root, the service will run as user nobody.
|
|
|
# More discussion at https://github.com/v2ray/v2ray-core/issues/1011
|
|
|
User=root
|
|
|
-#User=v2ray
|
|
|
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_RAW
|
|
|
-NoNewPrivileges=yes
|
|
|
+#User=nobody
|
|
|
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
|
|
|
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
|
|
|
+NoNewPrivileges=true
|
|
|
ExecStart=/usr/bin/v2ray/v2ray -config /etc/v2ray/%i.json
|
|
|
Restart=on-failure
|
|
|
-# Don't restart in the case of configuration error
|
|
|
-RestartPreventExitStatus=23
|
|
|
|
|
|
[Install]
|
|
|
-DefaultInstance=default
|
|
|
WantedBy=multi-user.target
|
Dct Mei