sing-box icon indicating copy to clipboard operation
sing-box copied to clipboard

Published 20 hours ago verified publisher icon SagerNet

Security hardening

Open yingziwu opened this issue 2 years ago • 3 comments

yingziwu avatar Sep 06 '22 07:09 yingziwu

pls see my comment there: https://aur.archlinux.org/packages/sing-box-git, some features will not work with this systemd unit

mazzz1y avatar Sep 06 '22 14:09 mazzz1y

@mazzz1y Thanks for report. The AUR package has updated.

yingziwu avatar Sep 06 '22 15:09 yingziwu

@yingziwu it is just demonstration and my trying to fix permission issues. I'm not sure that other security flags make sense when process have CAP_SYS_PTRACE capability and has access to trace other processes.

I think need to keep systemd unit as it is. Users who wants to add some security flags(who don't use tun or process sniffing, for example) always can override it.

I might be wrong. Just my opinion

mazzz1y avatar Sep 07 '22 08:09 mazzz1y