diff options
author | lilac | 2024-04-11 20:32:54 +0800 |
---|---|---|
committer | lilac | 2024-04-11 20:32:54 +0800 |
commit | 0412d35910c32b44c9ddde080b25fdcdb040d318 (patch) | |
tree | 17931554db6cfd50cf1d12a2e19fa9baf1f95646 | |
parent | a617c6be3cbe0437c5bbec832d773be1b556b494 (diff) | |
download | aur-0412d35910c32b44c9ddde080b25fdcdb040d318.tar.gz |
[lilac] updated to 0.1.1.r23.g07eafd1-1
-rw-r--r-- | .SRCINFO | 4 | ||||
-rw-r--r-- | PKGBUILD | 9 | ||||
-rw-r--r-- | einat.service | 37 |
3 files changed, 46 insertions, 4 deletions
@@ -1,6 +1,6 @@ pkgbase = einat-ebpf-git pkgdesc = eBPF-based Endpoint-Independent NAT - pkgver = 0.1.0.r17.g3c81872 + pkgver = 0.1.1.r23.g07eafd1 pkgrel = 1 url = https://github.com/EHfive/einat-ebpf arch = x86_64 @@ -17,6 +17,8 @@ pkgbase = einat-ebpf-git options = !lto options = !debug source = einat-ebpf::git+https://github.com/EHfive/einat-ebpf.git + source = einat.service sha512sums = SKIP + sha512sums = 84948ad7dd40677eb723d8cc6820718e2f0b5bb5226871e5ded3d5bfc680a64af16dd72cd2ef5e36e1677d74505ec942c7ca1e4444fd7535d89214c5e730bd4f pkgname = einat-ebpf-git @@ -3,7 +3,7 @@ pkgname=einat-ebpf-git _pkgname=einat-ebpf _target=einat -pkgver=0.1.0.r17.g3c81872 +pkgver=0.1.1.r23.g07eafd1 pkgrel=1 pkgdesc="eBPF-based Endpoint-Independent NAT" arch=('x86_64') @@ -13,8 +13,10 @@ depends=('glibc' 'gcc-libs' 'zlib' 'libelf') provides=('einat') conflicts=('einat') makedepends=('git' 'cargo' 'clang') -source=("$_pkgname::git+https://github.com/EHfive/einat-ebpf.git") -sha512sums=('SKIP') +source=("$_pkgname::git+https://github.com/EHfive/einat-ebpf.git" + "einat.service") +sha512sums=('SKIP' + '84948ad7dd40677eb723d8cc6820718e2f0b5bb5226871e5ded3d5bfc680a64af16dd72cd2ef5e36e1677d74505ec942c7ca1e4444fd7535d89214c5e730bd4f') options=(!lto !debug) pkgver(){ @@ -42,6 +44,7 @@ package() { install -Dm 755 "target/release/$_target" -t "$pkgdir/usr/bin" install -Dm 644 README.md -t "$pkgdir/usr/share/doc/$pkgname" install -Dm 644 config.sample.toml -t "$pkgdir/usr/share/doc/$pkgname" + install -Dm 644 "$srcdir/einat.service" -t "$pkgdir/usr/lib/systemd/system" } # vim: ts=2 sw=2 et: diff --git a/einat.service b/einat.service new file mode 100644 index 000000000000..fb3d1ec26dfe --- /dev/null +++ b/einat.service @@ -0,0 +1,37 @@ +[Unit] +Description=eBPF-based Endpoint-Independent NAT +Documentation=https://github.com/EHfive/einat-ebpf +Requires=modprobe@cls_bpf.service +Requires=modprobe@act_bpf.service +Wants=network.target +Wants=network-online.target +After=networkt.target +After=network-online.target +After=modprobe@cls_bpf.service +After=modprobe@act_bpf.service + +[Service] +Type=simple +ExecStart=/usr/bin/einat --config /etc/einat/config.toml +# Environment +User=einat +DynamicUser=yes +CapabilityBoundingSet=CAP_NET_ADMIN +# TODO: CAP_BPF instead CAP_SYS_ADMIN? +CapabilityBoundingSet=CAP_SYS_ADMIN +NoNewPrivileges=yes +# Sandboxing +ProtectSystem=strict +ProtectHome=yes +ConfigurationDirectory=einat +PrivateTmp=yes +ProtectKernelTunables=yes +ProtectKernelModules=yes +ProtectControlGroups=yes +LockPersonality=yes +RestrictRealtime=yes +PrivateMounts=yes +# TODO: SystemCallFilter + +[Install] +WantedBy=multi-user.target
\ No newline at end of file |