AppImage 使用 TUN模式 不太正常: setcap会无效, 而root执行则会有错

[Binly42]

环境:

• clash-verge appimage 版本: 1.2.0
• OS: Debian bullseye 11.5 KDE

---

setcap 无效

setcap的方案 似乎是 不适用于 AppImage 的?

不过似乎可以在链接构建前用setcap提前处理下 ?
但是这个是否只能由每个用户自己构建才有用呢?

---

root 会有报错

用root用户来启动的话, 似乎也会有各种问题:

• 要先把 ~/.config/clash-verge/ 软链到 /root/.config/clash-verge/

  • 顺便求问, 是否有什么方法可以做到 *root权限执行的同时用回普通用户的身份和配置目录? 也许就能规避掉下面提到的坑?

• 启动之后会有这样的报错:

  2022-12-03 22:05:01 ERROR - failed to create the pid file
  

  不过倒似乎基本也能正常工作

• 执行过程中, 终端里会有不少这样的warning:

  (process:3597561): dconf-WARNING **: 22:05:02.081: failed to commit changes to dconf: Error spawning command line “dbus-launch --autolaunch=45a557c589954a4f9753dbe57fa9f047 --binary-syntax --close-stderr”: Child process exited with code 1
  

  (clash-verge:3597482): libayatana-appindicator-WARNING **: 22:05:02.378: Unable to get the session bus: Error spawning command line “dbus-launch --autolaunch=45a557c589954a4f9753dbe57fa9f047 --binary-syntax --close-stderr”: Child process exited with code 1
  
  (clash-verge:3597482): LIBDBUSMENU-GLIB-WARNING **: 22:05:02.378: Unable to get session bus: Error spawning command line “dbus-launch --autolaunch=45a557c589954a4f9753dbe57fa9f047 --binary-syntax --close-stderr”: Child process exited with code 1
  
  

• 另外在程序窗口里 点击更新profile 的时候, 也会报:

  2022-12-03 22:10:55 ERROR - failed to save file "/tmp/clash-verge-check.yaml"
  

• 有时(我没留意到规律, 也没确认过是否跟 root执行 本身相关) gui 会出问题, 比如:

  • 整个程序窗口 freeze
  • 内容消失只剩个透明窗口轮廓
  • proxies页变空白
  • 程序窗口里点击会很卡顿 (不过这个似乎是因为爆内存, 我印象里好像每次都是有 狂刷fake-ip的日志

  基本只能重启应用或者clash; (最后爆内存那个, 好像等待一段时间之后也有可能会恢复正常)

这个有可能会是因为 用 root 跑 GUI 本来就容易出各种问题 吗?

---

any workaround ?

比如: 支持自定义 clash path ?

或者, 就只是我漏做了什么操作吗 ?

[zzzgydi]

只对clash或clash-meta内核执行文件setcap 或 root试试吧

[Binly42]

只对clash或clash-meta内核执行文件setcap

问题就在于 AppImage 是一体只读的...

不过目前用下来, 直接root跑AppImage基本上也确实能用;
遇事不决重启应用就行, 基本都能恢复正常 (我这里有时候需要重启其他具体应用比如chromium的, 可能是我环境问题), 而且频率也不高.

---

一人血书大佬有空了之后看能不能支持下 自定义 clash path

[zzzgydi]

自定义 clash path

这个path是clash执行文件的path吗，自定义这个是为了干啥

[j4ger]

自定义 clash path

这个path是clash执行文件的path吗，自定义这个是为了干啥

如果能用指定位置的 clash/meta 内核，就能对内核 setcap 之后用普通权限运行 verge 了……？

[zzzgydi]

1.3.0支持GUI了对clash内核赋权，然后开启TUN应该就没问题了，可以试试

[Binly42]

1.3.0支持GUI了对clash内核赋权，然后开启TUN应该就没问题了，可以试试

1.3.0 appimage 会报 GLIBC 版本问题:

• 我是 Debian bullseye stable , 确实还只是 2.31 ...

• 报错原文

  clash-verge: /lib/x86_64-linux-gnu/libm.so.6: version `GLIBC_2.35' not found (required by clash-verge)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.32' not found (required by clash-verge)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by clash-verge)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by clash-verge)
  clash-verge: /lib/x86_64-linux-gnu/libm.so.6: version `GLIBC_2.35' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libwebkit2gtk-4.0.so.37)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.32' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libwebkit2gtk-4.0.so.37)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libwebkit2gtk-4.0.so.37)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libwebkit2gtk-4.0.so.37)
  clash-verge: /lib/x86_64-linux-gnu/libstdc++.so.6: version `GLIBCXX_3.4.29' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libwebkit2gtk-4.0.so.37)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libgtk-3.so.0)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libgdk-3.so.0)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libcairo.so.2)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libgio-2.0.so.0)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libgio-2.0.so.0)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libjavascriptcoregtk-4.0.so.18)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libjavascriptcoregtk-4.0.so.18)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.32' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libjavascriptcoregtk-4.0.so.18)
  clash-verge: /lib/x86_64-linux-gnu/libstdc++.so.6: version `GLIBCXX_3.4.30' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libjavascriptcoregtk-4.0.so.18)
  clash-verge: /lib/x86_64-linux-gnu/libstdc++.so.6: version `GLIBCXX_3.4.29' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libjavascriptcoregtk-4.0.so.18)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libglib-2.0.so.0)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.32' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libglib-2.0.so.0)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libglib-2.0.so.0)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libcrypto.so.3)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libcrypto.so.3)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libicuuc.so.70)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libicuuc.so.70)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libsystemd.so.0)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.32' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libsystemd.so.0)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libsystemd.so.0)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libxml2.so.2)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libxml2.so.2)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libsqlite3.so.0)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libsqlite3.so.0)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libxslt.so.1)
  clash-verge: /lib/x86_64-linux-gnu/libstdc++.so.6: version `GLIBCXX_3.4.29' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libwoff2dec.so.1.0.2)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libgcrypt.so.20)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libgstreamer-1.0.so.0)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libgstreamer-1.0.so.0)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libgstpbutils-1.0.so.0)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libopenjp2.so.7)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libwebp.so.7)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libenchant-2.so.2)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libgmodule-2.0.so.0)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libwayland-server.so.0)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libwayland-server.so.0)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libepoxy.so.0)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libxkbcommon.so.0)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libmount.so.1)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libmount.so.1)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libselinux.so.1)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libselinux.so.1)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.32' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/liblzma.so.5)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/liblzma.so.5)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libcap.so.2)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libunwind.so.8)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libunwind.so.8)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libdw.so.1)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libdw.so.1)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libgudev-1.0.so.0)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libpsl.so.5)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libgssapi_krb5.so.2)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libevdev.so.2)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libdbus-1.so.3)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libdbus-1.so.3)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libXau.so.6)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libblkid.so.1)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libelf.so.1)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libudev.so.1)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libudev.so.1)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.32' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libunistring.so.2)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libunistring.so.2)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libkrb5.so.3)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libkrb5.so.3)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libk5crypto.so.3)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libkrb5support.so.0)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libkrb5support.so.0)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libbsd.so.0)
  clash-verge: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /tmp/.mount_clash-lNEyqC/usr/lib/libmd.so.0)
  

额但是按我理解, appimage这种发布形式的依赖不是应该都闭环了的吗? ... @zzzgydi

---

注:

• 1.2.0 appimage 是正常的
• 另外几周前我在1.2.0的GUI里更新到1.2.?之后也是类似的报错, 不过我当时还以为只是没更新成功...

[sqwwqw5]

Steps to have working tun mode with appimage format.
cd "AppImage located folder"
./clash-verge_*.AppImage ---appimage-extract.
cd squashfs-root

Under apprun-hooks folder, delete the line with APPDIR= in linuxdepoly-plugin-gtk.sh

sudo ./AppRun and give permissions to Clash/Meta under core settings.
./AppRun enjoy working tun mode, you can now set your desktop exec location to this file.

[jiesou]

1.3.0支持GUI了对clash内核赋权，然后开启TUN应该就没问题了，可以试试

还是不行的

AppImage 挂载的 /tmp 路径应该就是没法用 setcap，即使 sudo 也一样：

sqwwqw5 的方法可以，但实际就是把 AppImage 展开运行，不挂载到 /tmp

[Binly42]

Steps to have working tun mode with appimage format. cd "AppImage located folder" ./clash-verge_*.AppImage ---appimage-extract. cd squashfs-root

Under apprun-hooks folder, delete the line with APPDIR= in linuxdepoly-plugin-gtk.sh

sudo ./AppRun and give permissions to Clash/Meta under core settings. ./AppRun enjoy working tun mode, you can now set your desktop exec location to this file.

亲测确实可行, 我这里稍微补充整理下具体操作:

./clash-verge_1.3.7_amd64.AppImage --appimage-extract
rsync -aP --delete --mkpath ./squashfs-root/ /tmp/.your_username.appimage/clash-verge
cd /tmp/.your_username.appimage/clash-verge
nano ./apprun-hooks/linuxdeploy-plugin-gtk.sh  # and comment that line
sudo setcap cap_net_bind_service,cap_net_admin=+ep ./usr/bin/clash-meta 
sudo setcap cap_net_bind_service,cap_net_admin=+ep ./usr/bin/clash  # 碰巧发现目前用meta版本的时候ping就会必不通, 而原版则会必成功 ...
cd -
gio trash ./squashfs-root/
desktop-file-install --dir=$HOME/.local/share/applications $HOME/tmp/clash-verge.appimage.desktop

其中, clash-verge.appimage.desktop 像这样:

[Desktop Entry]
Type=Application
Terminal=false
Categories=Development;Network;System;Settings;Utility;
Keywords=clash;proxy;
Name=clash-verge (appimage)
Comment=手动拆解再赋权
Icon=/tmp/.your_username.appimage/clash-verge/usr/share/icons/hicolor/256x256@2/apps/clash-verge.png
Path=/tmp/.your_username.appimage/clash-verge
# Exec 如果直接用 `./AppRun` 的话, dex 能正常启动, 但 KDE 就会报说找不到了...
Exec=sh -c "./AppRun"

---

注: debian stable 已经升级到了 bookworm 最新, 所以才能正常使用 1.3.7 的 appimage; 只不过直接跑 appimage 的话用不了 TUN模式, 所以才需要展开来运行

[chenxiex]

我也遇到了这个问题，但把appimage展开的话安装和升级都比较麻烦。还是希望能提供使用系统clash的选项。