xray: allow binding lower ports · pyrox.dev/nixpkgs@e394dc2

pyrox.dev / nixpkgs

fork atom

lol

fork atom

xray: allow binding lower ports

Set CapabilityBoundingSet, AmbientCapabilities and NoNewPrivileges as described in XTLS/xray-install.

authored by

Marillindië and committed by

Emery Hemingway 2 years ago e394dc22 954d3794

1 changed file

expand all

nixos

modules

services

networking

xray.nix

nixos/modules/services/networking/xray.nix

··· 90 90 serviceConfig = { 91 91 DynamicUser = true; 92 92 ExecStart = "${cfg.package}/bin/xray -config ${settingsFile}"; 93 + CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE"; 94 + AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE"; 95 + NoNewPrivileges = true; 93 96 }; 94 97 }; 95 98 };