You've already forked KernelSU
mirror of
https://github.com/tiann/KernelSU.git
synced 2025-08-27 23:46:34 +00:00
8d31bd3e5a
These two permission is absolutely required: - CAP_NET_ADMIN is needed for modifying routes. - CAP_NET_RAW is for modifying iptables. When the app starts to set up a tunnel, it seems to execute "cat /sys/module/wireguard/version" to check if wireguard kernel module is loaded or not. Despite the permission seems okay, without CAP_DAC_READ_SEARCH it could not read the version number and threw an error in the application log. CAP_DAC_OVERRIDE is needed optionally for installing Wireguard command line tools. It could be turned back off once the binaries have been copied.