-
-
Notifications
You must be signed in to change notification settings - Fork 5.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"IP_TRANSPARENT: Operation not permitted", but CAP_NET_ADMIN is enabled. #1252
Comments
root can start the service, but that is not what we want, right? |
would it be more flexible to use socket-base activation? |
|
@rogers0, are you saying 'CapabilityBoundingSet=CAP_NET_ADMIN' in the .service does not work? |
@enihcam It won't work if you just change that service file.
|
@rogers0 according to the setcap step has run already. |
@enihcam I fixed it by debian postinst script. sudo setcap cap_net_bind_service,cap_net_admin+ep /usr/bin/ss-redir |
Thank you @rogers0 . I'm trying to contact the arch package owner to update the post-install script. |
echo 3 > /proc/sys/net/ipv4/tcp_fastopen |
sudo setcap cap_net_bind_service,cap_net_admin+ep /usr/local/bin/ss-redir |
Please answer these questions before submitting your issue. Thanks!
(Please mention that if the issue you filed is solved, you may wish to close it by yourself. Thanks again.)
(PS, you can remove 3 lines above, including this one, before post your issue.)
What version of shadowsocks-libev are you using?
3.0.2
What operating system are you using?
Archlinux
What did you do?
-pacman update
-enable reuse_port
What did you expect to see?
-ss-redir starts in systemd
What did you see instead?
Feb 14 08:09:19 archnet ss-redir[900]: 2017-02-14 08:09:19 ERROR: [udp] setsockopt IP_TRANSPARENT:
Feb 14 08:09:19 archnet systemd[1]: shadowsocks-libev-redir@r0.service: Main process exited, code=ex
Feb 14 08:09:19 archnet systemd[1]: Failed to start Shadowsocks-Libev Client Service Redir Mode.
What is your config in detail (with all sensitive info masked)?
{
"server":"____",
"server_port":12345,
"local_address":"0.0.0.0",
"local_port":1234,
"nameserver":"_____",
"password":"",
"timeout":60,
"method":"chacha20-ietf",
"fast_open":true,
"reuse_port":true,
"nofile":16384,
"mode":"tcp_and_udp"
}
[Unit]
Description=Shadowsocks-Libev Client Service Redir Mode
After=network.target
[Service]
Type=simple
User=nobody
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
ExecStart=/usr/bin/ss-redir -c /etc/shadowsocks/%i.json
[Install]
WantedBy=multi-user.target
The text was updated successfully, but these errors were encountered: