summarylogtreecommitdiffstats
diff options
context:
space:
mode:
authorlilac2024-04-11 20:32:54 +0800
committerlilac2024-04-11 20:32:54 +0800
commit0412d35910c32b44c9ddde080b25fdcdb040d318 (patch)
tree17931554db6cfd50cf1d12a2e19fa9baf1f95646
parenta617c6be3cbe0437c5bbec832d773be1b556b494 (diff)
downloadaur-0412d35910c32b44c9ddde080b25fdcdb040d318.tar.gz
[lilac] updated to 0.1.1.r23.g07eafd1-1
Diffstat
-rw-r--r--.SRCINFO4
-rw-r--r--PKGBUILD9
-rw-r--r--einat.service37
3 files changed, 46 insertions, 4 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 34e2db80f0c5..cf99fa49153f 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,6 +1,6 @@
pkgbase = einat-ebpf-git
pkgdesc = eBPF-based Endpoint-Independent NAT
- pkgver = 0.1.0.r17.g3c81872
+ pkgver = 0.1.1.r23.g07eafd1
pkgrel = 1
url = https://github.com/EHfive/einat-ebpf
arch = x86_64
@@ -17,6 +17,8 @@ pkgbase = einat-ebpf-git
options = !lto
options = !debug
source = einat-ebpf::git+https://github.com/EHfive/einat-ebpf.git
+ source = einat.service
sha512sums = SKIP
+ sha512sums = 84948ad7dd40677eb723d8cc6820718e2f0b5bb5226871e5ded3d5bfc680a64af16dd72cd2ef5e36e1677d74505ec942c7ca1e4444fd7535d89214c5e730bd4f
pkgname = einat-ebpf-git
diff --git a/PKGBUILD b/PKGBUILD
index 6dfa6343fe14..ab99d77ab61c 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -3,7 +3,7 @@
pkgname=einat-ebpf-git
_pkgname=einat-ebpf
_target=einat
-pkgver=0.1.0.r17.g3c81872
+pkgver=0.1.1.r23.g07eafd1
pkgrel=1
pkgdesc="eBPF-based Endpoint-Independent NAT"
arch=('x86_64')
@@ -13,8 +13,10 @@ depends=('glibc' 'gcc-libs' 'zlib' 'libelf')
provides=('einat')
conflicts=('einat')
makedepends=('git' 'cargo' 'clang')
-source=("$_pkgname::git+https://github.com/EHfive/einat-ebpf.git")
-sha512sums=('SKIP')
+source=("$_pkgname::git+https://github.com/EHfive/einat-ebpf.git"
+ "einat.service")
+sha512sums=('SKIP'
+ '84948ad7dd40677eb723d8cc6820718e2f0b5bb5226871e5ded3d5bfc680a64af16dd72cd2ef5e36e1677d74505ec942c7ca1e4444fd7535d89214c5e730bd4f')
options=(!lto !debug)
pkgver(){
@@ -42,6 +44,7 @@ package() {
install -Dm 755 "target/release/$_target" -t "$pkgdir/usr/bin"
install -Dm 644 README.md -t "$pkgdir/usr/share/doc/$pkgname"
install -Dm 644 config.sample.toml -t "$pkgdir/usr/share/doc/$pkgname"
+ install -Dm 644 "$srcdir/einat.service" -t "$pkgdir/usr/lib/systemd/system"
}
# vim: ts=2 sw=2 et:
diff --git a/einat.service b/einat.service
new file mode 100644
index 000000000000..fb3d1ec26dfe
--- /dev/null
+++ b/einat.service
@@ -0,0 +1,37 @@
+[Unit]
+Description=eBPF-based Endpoint-Independent NAT
+Documentation=https://github.com/EHfive/einat-ebpf
+Requires=modprobe@cls_bpf.service
+Requires=modprobe@act_bpf.service
+Wants=network.target
+Wants=network-online.target
+After=networkt.target
+After=network-online.target
+After=modprobe@cls_bpf.service
+After=modprobe@act_bpf.service
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/einat --config /etc/einat/config.toml
+# Environment
+User=einat
+DynamicUser=yes
+CapabilityBoundingSet=CAP_NET_ADMIN
+# TODO: CAP_BPF instead CAP_SYS_ADMIN?
+CapabilityBoundingSet=CAP_SYS_ADMIN
+NoNewPrivileges=yes
+# Sandboxing
+ProtectSystem=strict
+ProtectHome=yes
+ConfigurationDirectory=einat
+PrivateTmp=yes
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+ProtectControlGroups=yes
+LockPersonality=yes
+RestrictRealtime=yes
+PrivateMounts=yes
+# TODO: SystemCallFilter
+
+[Install]
+WantedBy=multi-user.target \ No newline at end of file