From 14217e7847e02cbf3e59e1af9ccd93b062e2639a Mon Sep 17 00:00:00 2001
From: xishang0128 <xishang02@gmail.com>
Date: Mon, 17 Mar 2025 13:21:23 +0800
Subject: [PATCH] chore: update service capabilities to include CAP_SYS_TIME
 and CAP_DAC_OVERRIDE

---
 .github/mihomo.service  | 4 ++--
 .github/mihomo@.service | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/mihomo.service b/.github/mihomo.service
index a3793fe3..7ecc8486 100644
--- a/.github/mihomo.service
+++ b/.github/mihomo.service
@@ -5,8 +5,8 @@ After=network.target nss-lookup.target network-online.target
 
 [Service]
 Type=simple
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
-AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_TIME CAP_SYS_PTRACE CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_TIME CAP_SYS_PTRACE CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE
 ExecStart=/usr/bin/mihomo -d /etc/mihomo
 ExecReload=/bin/kill -HUP $MAINPID
 Restart=on-failure
diff --git a/.github/mihomo@.service b/.github/mihomo@.service
index a3793fe3..7ecc8486 100644
--- a/.github/mihomo@.service
+++ b/.github/mihomo@.service
@@ -5,8 +5,8 @@ After=network.target nss-lookup.target network-online.target
 
 [Service]
 Type=simple
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
-AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_TIME CAP_SYS_PTRACE CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_TIME CAP_SYS_PTRACE CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE
 ExecStart=/usr/bin/mihomo -d /etc/mihomo
 ExecReload=/bin/kill -HUP $MAINPID
 Restart=on-failure