tjh.dev
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
1diff --git a/server.go b/server.go
2index c2a6be0..8aeca1c 100644
3--- a/server.go
4+++ b/server.go
5@@ -11,6 +11,7 @@ import (
6 E "github.com/sagernet/sing/common/exceptions"
7 "github.com/sagernet/sing/common/metadata"
8 "github.com/sagernet/sing/service"
9+ "golang.org/x/sys/unix"
10 "log"
11 "nekobox_core/gen"
12 "nekobox_core/internal/boxbox"
13@@ -359,13 +360,25 @@ func (s *server) CompileGeoSiteToSrs(ctx context.Context, in *gen.CompileGeoSite
14 }
15
16 func (s *server) IsPrivileged(ctx context.Context, _ *gen.EmptyReq) (*gen.IsPrivilegedResponse, error) {
17- if runtime.GOOS == "windows" {
18- return &gen.IsPrivilegedResponse{
19- HasPrivilege: false,
20- }, nil
21+ ret := false
22+ if runtime.GOOS == "windows" || os.Geteuid() == 0 {
23+ ret = true
24+ } else if runtime.GOOS == "linux" {
25+ caps := unix.CapUserHeader{
26+ Version: unix.LINUX_CAPABILITY_VERSION_3,
27+ Pid: 0, // current
28+ }
29+ var data [2]unix.CapUserData
30+ err := unix.Capget(&caps, &data[0])
31+ if err != nil {
32+ ret = false
33+ } else {
34+ // CAP_NET_ADMIN = 12
35+ ret = (data[0].Effective & (1 << unix.CAP_NET_ADMIN)) != 0
36+ }
37 }
38
39- return &gen.IsPrivilegedResponse{HasPrivilege: os.Geteuid() == 0}, nil
40+ return &gen.IsPrivilegedResponse{HasPrivilege: ret}, nil
41 }
42
43 func (s *server) SpeedTest(ctx context.Context, in *gen.SpeedTestRequest) (*gen.SpeedTestResponse, error) {