Home Explore Help
Sign In
wytfy
/
v2ray-core
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fix missing permissions

Dct Mei 5 years ago
parent
ea62c9314d
commit
c5842b91e6
2 changed files with 14 additions and 21 deletions
Unified View Show Diff Stats
  1. 7 10
      release/config/systemd/v2ray.service
  2. 7 11
      release/config/systemd/v2ray@.service

+ 7 - 10
release/config/systemd/v2ray.service
View File 

@@ -1,25 +1,22 @@
 
 [Unit]
 
 [Unit]
 
-Description=V2Ray - A unified platform for anti-censorship
 
-Documentation=https://v2ray.com https://guide.v2fly.org
 
+Description=V2Ray Service
 
+Documentation=https://www.v2ray.com/ https://www.v2fly.org/
 
 After=network.target nss-lookup.target
 
 After=network.target nss-lookup.target
 
-Wants=network-online.target
 
 
 
 [Service]
 
 [Service]
 
 # If the version of systemd is 240 or above, then uncommenting Type=exec and commenting out Type=simple
 
 # If the version of systemd is 240 or above, then uncommenting Type=exec and commenting out Type=simple
 
 #Type=exec
 
 #Type=exec
 
 Type=simple
 
 Type=simple
 
-# Runs as root or add CAP_NET_BIND_SERVICE ability can bind 1 to 1024 port.
 
 # This service runs as root. You may consider to run it as another user for security concerns.
 
 # This service runs as root. You may consider to run it as another user for security concerns.
 
-# By uncommenting User=v2ray and commenting out User=root, the service will run as user v2ray.
 
+# By uncommenting User=nobody and commenting out User=root, the service will run as user nobody.
 
 # More discussion at https://github.com/v2ray/v2ray-core/issues/1011
 
 # More discussion at https://github.com/v2ray/v2ray-core/issues/1011
 
 User=root
 
 User=root
 
-#User=v2ray
 
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_RAW
 
-NoNewPrivileges=yes
 
+#User=nobody
 
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
 
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
 
+NoNewPrivileges=true
 
 ExecStart=/usr/bin/v2ray/v2ray -config /etc/v2ray/config.json
 
 ExecStart=/usr/bin/v2ray/v2ray -config /etc/v2ray/config.json
 
 Restart=on-failure
 
 Restart=on-failure
 
-# Don't restart in the case of configuration error
 
-RestartPreventExitStatus=23
 
 
 
 [Install]
 
 [Install]
 
 WantedBy=multi-user.target
 
 WantedBy=multi-user.target

+ 7 - 11
release/config/systemd/v2ray@.service
View File 

@@ -1,26 +1,22 @@
 
 [Unit]
 
 [Unit]
 
-Description=V2Ray - A unified platform for anti-censorship - Profile -> %i
 
-Documentation=https://v2ray.com https://guide.v2fly.org
 
+Description=V2Ray Service
 
+Documentation=https://www.v2ray.com/ https://www.v2fly.org/
 
 After=network.target nss-lookup.target
 
 After=network.target nss-lookup.target
 
-Wants=network-online.target
 
 
 
 [Service]
 
 [Service]
 
 # If the version of systemd is 240 or above, then uncommenting Type=exec and commenting out Type=simple
 
 # If the version of systemd is 240 or above, then uncommenting Type=exec and commenting out Type=simple
 
 #Type=exec
 
 #Type=exec
 
 Type=simple
 
 Type=simple
 
-# Runs as root or add CAP_NET_BIND_SERVICE ability can bind 1 to 1024 port.
 
 # This service runs as root. You may consider to run it as another user for security concerns.
 
 # This service runs as root. You may consider to run it as another user for security concerns.
 
-# By uncommenting User=v2ray and commenting out User=root, the service will run as user v2ray.
 
+# By uncommenting User=nobody and commenting out User=root, the service will run as user nobody.
 
 # More discussion at https://github.com/v2ray/v2ray-core/issues/1011
 
 # More discussion at https://github.com/v2ray/v2ray-core/issues/1011
 
 User=root
 
 User=root
 
-#User=v2ray
 
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_RAW
 
-NoNewPrivileges=yes
 
+#User=nobody
 
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
 
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
 
+NoNewPrivileges=true
 
 ExecStart=/usr/bin/v2ray/v2ray -config /etc/v2ray/%i.json
 
 ExecStart=/usr/bin/v2ray/v2ray -config /etc/v2ray/%i.json
 
 Restart=on-failure
 
 Restart=on-failure
 
-# Don't restart in the case of configuration error
 
-RestartPreventExitStatus=23
 
 
 
 [Install]
 
 [Install]
 
-DefaultInstance=default
 
 WantedBy=multi-user.target
 
 WantedBy=multi-user.target