summarylogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.SRCINFO4
-rw-r--r--PKGBUILD4
-rw-r--r--einat.service7
3 files changed, 7 insertions, 8 deletions
diff --git a/.SRCINFO b/.SRCINFO
index cf99fa49153f..0934bd0713b1 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,6 +1,6 @@
pkgbase = einat-ebpf-git
pkgdesc = eBPF-based Endpoint-Independent NAT
- pkgver = 0.1.1.r23.g07eafd1
+ pkgver = 0.1.2.r0.g871646c
pkgrel = 1
url = https://github.com/EHfive/einat-ebpf
arch = x86_64
@@ -19,6 +19,6 @@ pkgbase = einat-ebpf-git
source = einat-ebpf::git+https://github.com/EHfive/einat-ebpf.git
source = einat.service
sha512sums = SKIP
- sha512sums = 84948ad7dd40677eb723d8cc6820718e2f0b5bb5226871e5ded3d5bfc680a64af16dd72cd2ef5e36e1677d74505ec942c7ca1e4444fd7535d89214c5e730bd4f
+ sha512sums = 52ce570ef64664cc9eb1180c9f98fbc00249db7ed28352835d4574383e399fd5b2f142515169e609344538680b4c949c5342a0607b31a16ae4857491da052b91
pkgname = einat-ebpf-git
diff --git a/PKGBUILD b/PKGBUILD
index ab99d77ab61c..a926540a3930 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -3,7 +3,7 @@
pkgname=einat-ebpf-git
_pkgname=einat-ebpf
_target=einat
-pkgver=0.1.1.r23.g07eafd1
+pkgver=0.1.2.r0.g871646c
pkgrel=1
pkgdesc="eBPF-based Endpoint-Independent NAT"
arch=('x86_64')
@@ -16,7 +16,7 @@ makedepends=('git' 'cargo' 'clang')
source=("$_pkgname::git+https://github.com/EHfive/einat-ebpf.git"
"einat.service")
sha512sums=('SKIP'
- '84948ad7dd40677eb723d8cc6820718e2f0b5bb5226871e5ded3d5bfc680a64af16dd72cd2ef5e36e1677d74505ec942c7ca1e4444fd7535d89214c5e730bd4f')
+ '52ce570ef64664cc9eb1180c9f98fbc00249db7ed28352835d4574383e399fd5b2f142515169e609344538680b4c949c5342a0607b31a16ae4857491da052b91')
options=(!lto !debug)
pkgver(){
diff --git a/einat.service b/einat.service
index fb3d1ec26dfe..2f15708c01bd 100644
--- a/einat.service
+++ b/einat.service
@@ -16,9 +16,8 @@ ExecStart=/usr/bin/einat --config /etc/einat/config.toml
# Environment
User=einat
DynamicUser=yes
-CapabilityBoundingSet=CAP_NET_ADMIN
-# TODO: CAP_BPF instead CAP_SYS_ADMIN?
-CapabilityBoundingSet=CAP_SYS_ADMIN
+AmbientCapabilities=CAP_SYS_ADMIN CAP_NET_ADMIN
+CapabilityBoundingSet=CAP_SYS_ADMIN CAP_NET_ADMIN
NoNewPrivileges=yes
# Sandboxing
ProtectSystem=strict
@@ -34,4 +33,4 @@ PrivateMounts=yes
# TODO: SystemCallFilter
[Install]
-WantedBy=multi-user.target \ No newline at end of file
+WantedBy=multi-user.target