1.11.4-1 Add setcap attribute to systemd units to enable DNS server binding at port 53
Task Info (Flyspray) | |
---|---|
Opened By | Caesar Woo (caesarw) |
Task ID | 75655 |
Type | Feature Request |
Project | Community Packages |
Category | Packages |
Version | None |
OS | All |
Opened | 2022-08-19 18:15:58 UTC |
Status | Assigned |
Assignee | Felix Yan (felixonmars) |
Details
Description:
When using the clash package from the community repository and configured local DNS server with it, error occurs when clash tries to bind to port 53.
Additional info:
- package version(s): 1.11.4-1
Steps to reproduce:
- Install clash package
- Enable clash's local DNS server and bind it to 127.0.0.1:53 in the configuration
- Start clash systemd service with "sudo systemctl start clash@[username]"
- clash reports error with "ERRO[0000] Start DNS server error: listen udp 127.0.0.1:53: bind: permission denied"
Proposed solution:
- Adding these two lines to the [Service] section in the clash@.service unit CapabilityBoundingSet=CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_BIND_SERVICE to give a temporary capability to the clash process spawned by systemd. (Sample service unit is attached)