我正在尝试使用 iptables 根据特定应用程序的有效所有者 ID (--gid-owner) 过滤流量。为此,我创建了一个组
$ sudo addgroup net-user
,在可执行文件上设置此组
$ sudo chown :net-user /opt/Signal/signal-desktop
并设置sgid位
$ sudo chmod g+s /opt/Signal/signal-desktop
现在应用程序无法加载库:
$ signal-desktop
signal-desktop: error while loading shared libraries: libffmpeg.so: cannot open shared object file: No such file or directory
其他应用无法连接 d-bus
$ dolphin
QStandardPaths: wrong ownership on runtime directory /run/user/1001, 1001 instead of 1000
No protocol specified
qt.qpa.screen: QXcbConnection: Could not connect to display :0
Could not connect to any X display.
我究竟做错了什么?