52 lines
1.3 KiB
Bash
52 lines
1.3 KiB
Bash
|
# Maintainer: Edward Shen <code@eddie.sh>
|
||
|
|
|
||
|
|
pkgname=assign-cgroups
|
||
|
|
pkgver=0.1.1
|
||
|
|
pkgrel=1
|
||
|
|
pkgdesc="Automatic per-GUI-application cgroup assignment"
|
||
|
|
arch=('i686' 'x86_64')
|
||
|
|
url="https://github.com/alebastr/sway-systemd"
|
||
|
|
license=('MIT')
|
||
|
|
depends=('python' 'python-dbus-next' 'python-i3ipc' 'python-psutil' 'python-xlib')
|
||
|
|
source=("$pkgname-$pkgver.tar.gz::https://github.com/alebastr/sway-systemd/archive/v$pkgver.tar.gz")
|
||
|
|
sha512sums=('7039fe4073258bfcfd3aa3687459cd63800e55c9092397249b1f8a6499d1540aab2c1d3b05b02616a5be1868548d119c6fe6ac5977979240932a8d106f57995a')
|
||
|
|
|
||
|
|
package() {
|
||
|
|
cd "sway-systemd-$pkgver"
|
||
|
|
|
||
|
|
cat > "$pkgname.service" << EOF
|
||
|
|
[Unit]
|
||
|
|
Description=Automatic per-GUI-application cgroup assignment
|
||
|
|
StartLimitIntervalSec=0
|
||
|
|
|
||
|
|
[Service]
|
||
|
|
Type=simple
|
||
|
|
Restart=always
|
||
|
|
RestartSec=1
|
||
|
|
ExecStart=/usr/bin/$pkgname.py
|
||
|
|
|
||
|
|
Slice=session.slice
|
||
|
|
NoNewPrivileges=yes
|
||
|
|
PrivateTmp=yes
|
||
|
|
DevicePolicy=closed
|
||
|
|
ProtectSystem=strict
|
||
|
|
ProtectHome=read-only
|
||
|
|
ProtectKernelTunables=yes
|
||
|
|
RestrictNamespaces=yes
|
||
|
|
RestrictRealtime=yes
|
||
|
|
RestrictSUIDSGID=yes
|
||
|
|
MemoryDenyWriteExecute=yes
|
||
|
|
LockPersonality=yes
|
||
|
|
|
||
|
|
# The following cannot be enabled as we need access to cgroups
|
||
|
|
# PrivateDevices=yes
|
||
|
|
# ProtectKernelModules=yes
|
||
|
|
|
||
|
|
[Install]
|
||
|
|
WantedBy=default.target
|
||
|
|
EOF
|
||
|
|
|
||
|
|
install -Dm755 "src/$pkgname.py" -t "$pkgdir/usr/bin"
|
||
|
|
install -Dm644 "$pkgname.service" -t "$pkgdir/usr/lib/systemd/user"
|
||
|
|
}
|