BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

xray: allow binding lower ports

Browse source 
Set CapabilityBoundingSet, AmbientCapabilities and NoNewPrivileges as described in XTLS/xray-install.
This commit is contained in:
Marillindië 2023-06-06 03:12:48 +00:00 committed by Emery Hemingway
parent 954d3794ae
commit e394dc22f9
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
nixos/modules/services/networking/xray.nix
View file

@ -90,6 +90,9 @@ with lib;
serviceConfig = {
DynamicUser = true;
ExecStart = "${cfg.package}/bin/xray -config ${settingsFile}";
CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
NoNewPrivileges = true;
};
};
};