Compare commits
4 Commits
v0.108.0-b
...
4728-cap-c
| Author | SHA1 | Date | |
|---|---|---|---|
|
3918789ca7 | ||
|
|
da1b53a3b4 | ||
|
|
6a032bb821 | ||
|
|
b82c67405f |
@@ -23,6 +23,12 @@ See also the [v0.107.24 GitHub milestone][ms-v0.107.24].
|
||||
NOTE: Add new changes BELOW THIS COMMENT.
|
||||
-->
|
||||
|
||||
### Fixed
|
||||
|
||||
- The icon for League Of Legends on the Blocked services page ([#5433]).
|
||||
|
||||
[#5433]: https://github.com/AdguardTeam/AdGuardHome/issues/5433
|
||||
|
||||
<!--
|
||||
NOTE: Add new changes ABOVE THIS COMMENT.
|
||||
-->
|
||||
|
||||
@@ -80,6 +80,11 @@ func CanBindPrivilegedPorts() (can bool, err error) {
|
||||
return canBindPrivilegedPorts()
|
||||
}
|
||||
|
||||
// AcquirePermissions tries to acquire permissions to bind to privileged ports.
|
||||
func AcquirePermissions() (err error) {
|
||||
return acquirePermissions()
|
||||
}
|
||||
|
||||
// NetInterface represents an entry of network interfaces map.
|
||||
type NetInterface struct {
|
||||
// Addresses are the network interface addresses.
|
||||
|
||||
@@ -7,3 +7,7 @@ import "github.com/AdguardTeam/AdGuardHome/internal/aghos"
|
||||
func canBindPrivilegedPorts() (can bool, err error) {
|
||||
return aghos.HaveAdminRights()
|
||||
}
|
||||
|
||||
func acquirePermissions() (err error) {
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -23,17 +23,17 @@ const dhcpcdConf = "etc/dhcpcd.conf"
|
||||
|
||||
func canBindPrivilegedPorts() (can bool, err error) {
|
||||
res, err := unix.PrctlRetInt(
|
||||
unix.PR_CAP_AMBIENT,
|
||||
unix.PR_CAP_AMBIENT_IS_SET,
|
||||
unix.PR_CAPBSET_READ,
|
||||
unix.CAP_NET_BIND_SERVICE,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
)
|
||||
if err != nil {
|
||||
if errors.Is(err, unix.EINVAL) {
|
||||
// Older versions of Linux kernel do not support this. Print a
|
||||
// warning and check admin rights.
|
||||
log.Info("warning: cannot check capability cap_net_bind_service: %s", err)
|
||||
log.Info("warning: cannot check cap_net_bind_service: %s", err)
|
||||
} else {
|
||||
return false, err
|
||||
}
|
||||
@@ -45,6 +45,21 @@ func canBindPrivilegedPorts() (can bool, err error) {
|
||||
return res == 1 || adm, nil
|
||||
}
|
||||
|
||||
func acquirePermissions() (err error) {
|
||||
_, err = unix.PrctlRetInt(
|
||||
unix.PR_CAP_AMBIENT,
|
||||
unix.PR_CAP_AMBIENT_RAISE,
|
||||
unix.CAP_NET_BIND_SERVICE,
|
||||
0,
|
||||
0,
|
||||
)
|
||||
if err != nil {
|
||||
return fmt.Errorf("raising cap_net_bind_service: %w", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// dhcpcdStaticConfig checks if interface is configured by /etc/dhcpcd.conf to
|
||||
// have a static IP.
|
||||
func (n interfaceName) dhcpcdStaticConfig(r io.Reader) (subsources []string, cont bool, err error) {
|
||||
|
||||
@@ -43,3 +43,7 @@ func closePortChecker(c io.Closer) (err error) {
|
||||
func isAddrInUse(err syscall.Errno) (ok bool) {
|
||||
return errors.Is(err, windows.WSAEADDRINUSE)
|
||||
}
|
||||
|
||||
func acquirePermissions() (err error) {
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -1283,7 +1283,7 @@ var blockedServices = []blockedService{{
|
||||
}, {
|
||||
ID: "leagueoflegends",
|
||||
Name: "League of Legends",
|
||||
IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 30 30\" width=\"60px\" height=\"60px\"><path d=\"M 7 4 L 9 7.25 L 9 22.75 L 6.875 26 L 21.957031 26 L 25 22 L 14 22 L 14 4 L 7 4 z M 16 4.0507812 L 16 6.0585938 C 20.493 6.5575937 24 10.375 24 15 C 24 16.849 23.438516 18.569 22.478516 20 L 24.785156 20 C 25.556156 18.498 26 16.801 26 15 C 26 9.272 21.598 4.5577812 16 4.0507812 z M 6.8730469 7.6113281 C 5.0940469 9.5663281 4 12.155 4 15 C 4 17.837 5.0884219 20.418094 6.8574219 22.371094 L 7 22.154297 L 7 19.105469 C 6.365 17.872469 6 16.479 6 15 C 6 13.521 6.365 12.127531 7 10.894531 L 7 7.8164062 L 6.8730469 7.6113281 z\"/></svg>"),
|
||||
IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 0 30 30\"><path d=\"M 7 4 L 9 7.25 L 9 22.75 L 6.875 26 L 21.957031 26 L 25 22 L 14 22 L 14 4 L 7 4 z M 16 4.0507812 L 16 6.0585938 C 20.493 6.5575937 24 10.375 24 15 C 24 16.849 23.438516 18.569 22.478516 20 L 24.785156 20 C 25.556156 18.498 26 16.801 26 15 C 26 9.272 21.598 4.5577812 16 4.0507812 z M 6.8730469 7.6113281 C 5.0940469 9.5663281 4 12.155 4 15 C 4 17.837 5.0884219 20.418094 6.8574219 22.371094 L 7 22.154297 L 7 19.105469 C 6.365 17.872469 6 16.479 6 15 C 6 13.521 6.365 12.127531 7 10.894531 L 7 7.8164062 L 6.8730469 7.6113281 z\"/></svg>"),
|
||||
Rules: []string{
|
||||
"||leagueoflegends.co.kr^",
|
||||
"||leagueoflegends.com^",
|
||||
|
||||
@@ -570,14 +570,21 @@ func startMods() (err error) {
|
||||
func checkPermissions() {
|
||||
log.Info("Checking if AdGuard Home has necessary permissions")
|
||||
|
||||
if ok, err := aghnet.CanBindPrivilegedPorts(); !ok || err != nil {
|
||||
log.Fatal("This is the first launch of AdGuard Home. You must run it as Administrator.")
|
||||
err := aghnet.AcquirePermissions()
|
||||
if err != nil {
|
||||
log.Debug("acquiring necessary permissions: %s", err)
|
||||
|
||||
var ok bool
|
||||
if ok, err = aghnet.CanBindPrivilegedPorts(); !ok || err != nil {
|
||||
log.Fatal("This is the first launch of AdGuard Home. You must run it as Administrator.")
|
||||
}
|
||||
}
|
||||
|
||||
// We should check if AdGuard Home is able to bind to port 53
|
||||
err := aghnet.CheckPort("tcp", netip.AddrPortFrom(netutil.IPv4Localhost(), defaultPortDNS))
|
||||
err = aghnet.CheckPort("tcp", netip.AddrPortFrom(netutil.IPv4Localhost(), defaultPortDNS))
|
||||
if err != nil {
|
||||
if errors.Is(err, os.ErrPermission) {
|
||||
log.Debug("checking permissions via binding: %v", err)
|
||||
log.Fatal(`Permission check failed.
|
||||
|
||||
AdGuard Home is not allowed to bind to privileged ports (for instance, port 53).
|
||||
|
||||
Reference in New Issue
Block a user