[arch-commits] Commit in interception-tools/trunk (PKGBUILD udevmon.service)
Brett Cornwall
ainola at archlinux.org
Fri Jan 1 00:25:11 UTC 2021
Date: Friday, January 1, 2021 @ 00:25:10
Author: ainola
Revision: 801429
upgpkg: 0.4.3; re-add udevmon.service
Including udevmon.service downstream until upstream accepts the changes.
Added:
interception-tools/trunk/udevmon.service
Modified:
interception-tools/trunk/PKGBUILD
-----------------+
PKGBUILD | 13 ++++++++-----
udevmon.service | 44 ++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 52 insertions(+), 5 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2021-01-01 00:24:27 UTC (rev 801428)
+++ PKGBUILD 2021-01-01 00:25:10 UTC (rev 801429)
@@ -2,13 +2,12 @@
# Contributor: Francisco Lopes
pkgname=interception-tools
-pkgver=0.3.4
+pkgver=0.4.3
pkgrel=1
pkgdesc='A minimal composable infrastructure on top of libudev and libevdev'
arch=('x86_64')
license=('GPL3')
url='https://gitlab.com/interception/linux/tools'
-# Add 'libevdev.so' once https://bugs.archlinux.org/task/69112 is fixed
depends=(
'libevdev' 'libevdev.so'
'yaml-cpp' 'libyaml-cpp.so'
@@ -15,8 +14,12 @@
'systemd-libs' 'libudev.so'
)
makedepends=('cmake' 'systemd' 'boost')
-source=("$pkgname-$pkgver.tar.gz::https://gitlab.com/interception/linux/tools/-/archive/v$pkgver/tools-v$pkgver.tar.gz")
-sha256sums=('0c56fc123b2cb1b71c8390e56a1c72dab59456cde8896e23c18198c9e9b60678')
+source=(
+ "$pkgname-$pkgver.tar.gz::https://gitlab.com/interception/linux/tools/-/archive/v$pkgver/tools-v$pkgver.tar.gz"
+ udevmon.service
+)
+sha256sums=('7a755cfcf511dbc86aa19a16906a539eccfdc3a5b83e13c27e17a5488696d27a'
+ 'cb4e046aa95cf591492f99543ce2fdc6d3dc94420893cc069fd568f9822d9e4b')
build() {
cmake -B build \
@@ -29,7 +32,7 @@
package() {
install -dm755 "$pkgdir/etc/interception/udevmon.d"
- install -Dm644 "tools-v$pkgver/udevmon.service" -t "$pkgdir/usr/lib/systemd/system"
+ install -Dm644 udevmon.service -t "$pkgdir/usr/lib/systemd/system"
install -Dm644 "tools-v$pkgver/README.md" -t "$pkgdir/usr/share/doc/$pkgname"
cd build
Added: udevmon.service
===================================================================
--- udevmon.service (rev 0)
+++ udevmon.service 2021-01-01 00:25:10 UTC (rev 801429)
@@ -0,0 +1,44 @@
+[Unit]
+Description=Monitor input devices for launching tasks
+Wants=systemd-udev-settle.service
+After=systemd-udev-settle.service
+Documentation=man:udev(7)
+
+[Service]
+ExecStart=/usr/bin/udevmon -c /etc/interception/udevmon.yaml
+Nice=-20
+Restart=on-failure
+OOMScoreAdjust=-1000
+
+CapabilityBoundingSet=~CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_NET_ADMIN CAP_SYS_RAWIO CAP_SYS_BOOT
+DeviceAllow=char-* rw
+DevicePolicy=strict
+IPAddressDeny=any
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+PrivateMounts=yes
+PrivateTmp=yes
+ProtectControlGroups=yes
+ProtectClock=yes
+ProtectHome=yes
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+PrivateUsers=yes
+ProtectProc=invisible
+ProtectSystem=strict
+RestrictAddressFamilies=AF_NETLINK
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+SystemCallArchitectures=native
+SystemCallErrorNumber=EPERM
+SystemCallFilter=@system-service
+SystemCallFilter=~@privileged @resources
+UMask=077
+ProcSubset=pid
+
+[Install]
+WantedBy=multi-user.target
More information about the arch-commits
mailing list