support manual grant core permition

changelog.md

@@ -1,3 +1,7 @@
+### New Features
+
+- Linux支持手动授权内核
+
 ### Bug Fixes
 
 - 修改混合端口后系统代理没有更新

package.json

@@ -25,7 +25,7 @@
     "@electron-toolkit/utils": "^3.0.0",
     "@mihomo-party/sysproxy": "^2.0.0",
     "adm-zip": "^0.5.15",
-    "axios": "^1.7.3",
+    "axios": "^1.7.5",
     "dayjs": "^1.11.13",
     "webdav": "^5.7.1",
     "ws": "^8.18.0",
@@ -40,22 +40,22 @@
     "@electron-toolkit/tsconfig": "^1.0.1",
     "@nextui-org/react": "^2.4.6",
     "@types/adm-zip": "^0.5.5",
-    "@types/node": "^22.1.0",
+    "@types/node": "^22.5.0",
     "@types/pubsub-js": "^1.8.6",
-    "@types/react": "^18.3.3",
+    "@types/react": "^18.3.4",
     "@types/react-dom": "^18.3.0",
     "@types/ws": "^8.5.12",
     "@vitejs/plugin-react": "^4.3.1",
     "apexcharts": "^3.52.0",
     "autoprefixer": "^10.4.20",
-    "electron": "^31.3.1",
+    "electron": "^31.4.0",
-    "electron-builder": "^25.0.3",
+    "electron-builder": "^25.0.5",
     "electron-vite": "^2.3.0",
     "electron-window-state": "^5.0.3",
     "eslint": "^8.57.0",
     "eslint-plugin-react": "^7.35.0",
-    "framer-motion": "^11.3.21",
+    "framer-motion": "^11.3.30",
-    "meta-json-schema": "^1.18.6",
+    "meta-json-schema": "^1.18.7",
     "monaco-yaml": "^5.2.2",
     "nanoid": "^5.0.7",
     "next-themes": "^0.3.0",
@@ -66,18 +66,18 @@
     "react-apexcharts": "^1.4.1",
     "react-dom": "^18.3.1",
     "react-error-boundary": "^4.0.13",
-    "react-icons": "^5.2.1",
+    "react-icons": "^5.3.0",
     "react-markdown": "^9.0.1",
-    "react-monaco-editor": "^0.56.0",
+    "react-monaco-editor": "^0.56.1",
-    "react-router-dom": "^6.26.0",
+    "react-router-dom": "^6.26.1",
-    "react-virtuoso": "^4.9.0",
+    "react-virtuoso": "^4.10.1",
     "swr": "^2.2.5",
-    "tailwindcss": "^3.4.7",
+    "tailwindcss": "^3.4.10",
     "tar": "^7.4.3",
-    "tsx": "^4.16.5",
+    "tsx": "^4.18.0",
     "types-pac": "^1.0.2",
     "typescript": "^5.5.4",
-    "vite": "^5.3.5",
+    "vite": "^5.4.2",
     "vite-plugin-monaco-editor": "^1.1.0"
   }
 }

src/main/core/manager.ts

@@ -7,11 +7,12 @@ import {
   mihomoWorkDir
 } from '../utils/dirs'
 import { generateProfile } from './factory'
-import { getAppConfig, patchAppConfig } from '../config'
+import { getAppConfig, patchAppConfig, patchControledMihomoConfig } from '../config'
 import { dialog, safeStorage } from 'electron'
 import { pauseWebsockets } from './mihomoApi'
 import { writeFile } from 'fs/promises'
 import { promisify } from 'util'
+import { mainWindow } from '..'
 
 let child: ChildProcess
 let retry = 10
@@ -42,6 +43,11 @@ export async function startCore(): Promise<void> {
         stopCore()
         await startCore()
       }
+      if (data.toString().includes('configure tun interface: operation not permitted')) {
+        await patchControledMihomoConfig({ tun: { enable: false } })
+        mainWindow?.webContents.send('controledMihomoConfigUpdated')
+        dialog.showErrorBox('虚拟网卡启动失败', '请尝试手动授予内核权限')
+      }
       if (data.toString().includes('External controller listen error')) {
         if (retry) {
           retry--
@@ -121,7 +127,7 @@ export async function autoGrantCorePermition(corePath: string): Promise<void> {
   }
 }
 
-export async function manualGrantCorePermition(): Promise<void> {
+export async function manualGrantCorePermition(password?: string): Promise<void> {
   const { core = 'mihomo' } = await getAppConfig()
   const corePath = mihomoCorePath(core)
   const execPromise = promisify(exec)
@@ -130,6 +136,11 @@ export async function manualGrantCorePermition(): Promise<void> {
     const command = `do shell script "${shell}" with administrator privileges`
     await execPromise(`osascript -e '${command}'`)
   }
+  if (process.platform === 'linux') {
+    await execPromise(
+      `echo "${password}" | sudo -S setcap cap_net_bind_service,cap_net_admin,cap_sys_ptrace,cap_dac_read_search,cap_dac_override,cap_net_raw=+ep ${corePath}`
+    )
+  }
 }
 
 export function isEncryptionAvailable(): boolean {

src/main/utils/ipc.ts

@@ -143,7 +143,9 @@ export function registerIpcMainHandlers(): void {
   ipcMain.handle('triggerSysProxy', (_e, enable) => ipcErrorWrapper(triggerSysProxy)(enable))
   ipcMain.handle('isEncryptionAvailable', isEncryptionAvailable)
   ipcMain.handle('encryptString', (_e, str) => encryptString(str))
-  ipcMain.handle('manualGrantCorePermition', ipcErrorWrapper(manualGrantCorePermition))
+  ipcMain.handle('manualGrantCorePermition', (_e, password) =>
+    ipcErrorWrapper(manualGrantCorePermition)(password)
+  )
   ipcMain.handle('getFilePath', (_e, ext) => getFilePath(ext))
   ipcMain.handle('readTextFile', (_e, filePath) => ipcErrorWrapper(readTextFile)(filePath))
   ipcMain.handle('getRuntimeConfigStr', ipcErrorWrapper(getRuntimeConfigStr))

src/renderer/src/pages/tun.tsx

@@ -6,11 +6,13 @@ import { useControledMihomoConfig } from '@renderer/hooks/use-controled-mihomo-c
 import { manualGrantCorePermition, restartCore, setupFirewall } from '@renderer/utils/ipc'
 import { platform } from '@renderer/utils/init'
 import React, { Key, useState } from 'react'
+import BasePasswordModal from '@renderer/components/base/base-password-modal'
 
 const Tun: React.FC = () => {
   const { controledMihomoConfig, patchControledMihomoConfig } = useControledMihomoConfig()
   const { tun } = controledMihomoConfig || {}
   const [loading, setLoading] = useState(false)
+  const [openPasswordModal, setOpenPasswordModal] = useState(false)
   const {
     device = 'Mihomo',
     stack = 'mixed',
@@ -39,6 +41,22 @@ const Tun: React.FC = () => {
   }
 
   return (
+    <>
+      {openPasswordModal && (
+        <BasePasswordModal
+          onCancel={() => setOpenPasswordModal(false)}
+          onConfirm={async (password: string) => {
+            try {
+              await manualGrantCorePermition(password)
+              new Notification('内核授权成功')
+              await restartCore()
+              setOpenPasswordModal(false)
+            } catch (e) {
+              alert(e)
+            }
+          }}
+        />
+      )}
       <BasePage
         title="Tun 设置"
         header={
@@ -88,22 +106,22 @@ const Tun: React.FC = () => {
               </Button>
             </SettingItem>
           )}
-        {platform === 'darwin' && (
+          {platform !== 'win32' && (
             <SettingItem title="手动授权内核" divider>
               <Button
                 size="sm"
                 color="primary"
-              isLoading={loading}
                 onPress={async () => {
-                setLoading(true)
+                  if (platform === 'darwin') {
                     try {
                       await manualGrantCorePermition()
                       new Notification('内核授权成功')
                       await restartCore()
                     } catch (e) {
                       alert(e)
-                } finally {
+                    }
-                  setLoading(false)
+                  } else {
+                    setOpenPasswordModal(true)
                   }
                 }}
               >
@@ -195,6 +213,7 @@ const Tun: React.FC = () => {
           </SettingItem>
         </SettingCard>
       </BasePage>
+    </>
   )
 }
 

src/renderer/src/utils/ipc.ts

@@ -213,8 +213,10 @@ export async function encryptString(str: string): Promise<number[]> {
   return ipcErrorWrapper(await window.electron.ipcRenderer.invoke('encryptString', str))
 }
 
-export async function manualGrantCorePermition(): Promise<void> {
+export async function manualGrantCorePermition(password?: string): Promise<void> {
-  return ipcErrorWrapper(await window.electron.ipcRenderer.invoke('manualGrantCorePermition'))
+  return ipcErrorWrapper(
+    await window.electron.ipcRenderer.invoke('manualGrantCorePermition', password)
+  )
 }
 
 export async function getFilePath(ext: string[]): Promise<string[] | undefined> {