From e750cc7a6c29fcfd57ecb933a6a3283ab065d43f Mon Sep 17 00:00:00 2001
From: Edward Shen <code@eddie.sh>
Date: Thu, 15 Apr 2021 15:26:54 -0400
Subject: [PATCH] initial commit

---
 PKGBUILD | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 PKGBUILD

diff --git a/PKGBUILD b/PKGBUILD
new file mode 100644
index 0000000..38204a9
--- /dev/null
+++ b/PKGBUILD
@@ -0,0 +1,51 @@
+# Maintainer: Edward Shen <code@eddie.sh>
+
+pkgname=assign-cgroups
+pkgver=0.1.1
+pkgrel=1
+pkgdesc="Automatic per-GUI-application cgroup assignment"
+arch=('i686' 'x86_64')
+url="https://github.com/alebastr/sway-systemd"
+license=('MIT')
+depends=('python' 'python-dbus-next' 'python-i3ipc' 'python-psutil' 'python-xlib')
+source=("$pkgname-$pkgver.tar.gz::https://github.com/alebastr/sway-systemd/archive/v$pkgver.tar.gz")
+sha512sums=('7039fe4073258bfcfd3aa3687459cd63800e55c9092397249b1f8a6499d1540aab2c1d3b05b02616a5be1868548d119c6fe6ac5977979240932a8d106f57995a')
+
+package() {
+	cd "sway-systemd-$pkgver"
+
+	cat > "$pkgname.service" << EOF
+[Unit]
+Description=Automatic per-GUI-application cgroup assignment
+StartLimitIntervalSec=0
+
+[Service]
+Type=simple
+Restart=always
+RestartSec=1
+ExecStart=/usr/bin/$pkgname.py
+
+Slice=session.slice
+NoNewPrivileges=yes
+PrivateTmp=yes
+DevicePolicy=closed
+ProtectSystem=strict
+ProtectHome=read-only
+ProtectKernelTunables=yes
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+MemoryDenyWriteExecute=yes
+LockPersonality=yes
+
+# The following cannot be enabled as we need access to cgroups
+# PrivateDevices=yes
+# ProtectKernelModules=yes
+
+[Install]
+WantedBy=default.target
+EOF
+
+  install -Dm755 "src/$pkgname.py" -t "$pkgdir/usr/bin"
+  install -Dm644 "$pkgname.service" -t "$pkgdir/usr/lib/systemd/user"
+}