Open demarcush opened 3 months ago
I Will tinker around to see if I can get it to work with a user unit. Will open a PR if successful.
I Will tinker around to see if I can get it to work with a user unit. Will open a PR if successful.
This is not a bug. In your KDE6, there was no kwriteconfig5
, so actually the KDE system proxy was not successfully set in the previous version, leading you to mistakenly believe that the KDE system proxy can be set by systemd unit.
And please specify your linux distro before asking because normally if you run sing-box by systemd unit it will tell you that set system proxy: unable to set as root
.
https://github.com/SagerNet/sing-box/blob/a18400503366a46445cf5cefea83a2f2e6ddd134/common/settings/proxy_linux.go#L130-L138
kwriteconfig
and dbus-send
should be run as current user in order to set up the KDE system proxy correctly.
If you really want to use systemd, then just create a user unit by yourself.
The installation is from the AUR and there's this line in the pkgbuild:
sed -i "/^\[Service\]$/a StateDirectory=$pkgname" release/config/$pkgname.service
sed -i "/^\[Service\]$/a StateDirectory=$pkgname-%i" release/config/$pkgname@.service
sed -i "/^\[Service\]$/a User=$pkgname" release/config/$pkgname*.service
Which makes the system service run as sing-box
user instead of root (current .service files omit User=
). So with no access to dbus under sing-box user, I simply encountered that error instead of the defined unable to set as root
.
Still, I think my pull request (which includes DynamicUser=true
) is something that should be considered.
And yes, I'm aware that sing-box drops privileges during start on its own.
The installation is from the AUR and there's this line in the pkgbuild:
sed -i "/^\[Service\]$/a StateDirectory=$pkgname" release/config/$pkgname.service sed -i "/^\[Service\]$/a StateDirectory=$pkgname-%i" release/config/$pkgname@.service sed -i "/^\[Service\]$/a User=$pkgname" release/config/$pkgname*.service
Which makes the system service run as
sing-box
user instead of root (current .service files omitUser=
). So with no access to dbus under sing-box user, I simply encountered that error instead of the definedunable to set as root
. Still, I think my pull request (which includesDynamicUser=true
) is something that should be considered. And yes, I'm aware that sing-box drops privileges during start on its own.
dbus-send
requires the current user's DBUS_SESSION_BUS_ADDRESS
, and kwriteconfig
requires the current user's XDG_CONFIG_HOME
, which I think should these enviroment variables can only be obtained through the user unit.
Your PR has too many commits, you need to remove the useless commits and merge them together.
And I don't know whether the systemd versions of other distributions are new enough to support these security options.
I'll turn the PR to draft until I merge them. Will test the new service files under Debian Stable. Does that count?
@nekohasekai: What do you think?
Operating system
Linux (Arch deriv.)
System version
latest
Installation type
Original sing-box Command Line (From AUR)
If you are using a graphical client, please provide the version of the client.
No response
Version
Description
When declaring
set_system_proxy
in the config file, default system unit file fails, whether running as userroot
orsing-box
.Providing a user unit file is the first solution that came to my mind, cause I suspect this would also be the case under GNOME too.
Reproduction
/release/config
under KDE6set_system_proxy
formixed
inbound.sudo systemctl enable --now sing-box.service
Logs
Supporter
Integrity requirements