mirror of
https://codeberg.org/icewind/evtype.git
synced 2026-06-03 09:34:11 +02:00
add systemd service
This commit is contained in:
parent
bc974d72d8
commit
cf048aa2e7
2 changed files with 31 additions and 1 deletions
|
|
@ -8,7 +8,7 @@ EvType is made to replace the `xdotool type` command for wayland systems, where
|
|||
|
||||
## Usage
|
||||
|
||||
- Start the `evtype_daemon` as root using your favorite init daemon.
|
||||
- Start the `evtype_daemon` as root using your favorite init daemon (a systemd unit is [included](evtype.service)).
|
||||
- Run `evtype <text>` to enter some text trough the virtual keyboard.
|
||||
|
||||
## Why a separate daemon
|
||||
|
|
|
|||
30
evtype.service
Normal file
30
evtype.service
Normal file
|
|
@ -0,0 +1,30 @@
|
|||
[Unit]
|
||||
Description=EvType
|
||||
|
||||
[Service]
|
||||
# restrict permissions as much as possible
|
||||
ProtectControlGroups=true
|
||||
ProtectHome=true
|
||||
ProtectKernelTunables=true
|
||||
ProtectSystem=strict
|
||||
RestrictSUIDSGID=true
|
||||
PrivateNetwork=true
|
||||
CapabilityBoundingSet=true
|
||||
RestrictNamespaces=true
|
||||
RestrictAddressFamilies=AF_UNIX
|
||||
PrivateUsers=true
|
||||
PrivateTmp=true
|
||||
ProtectKernelModules=true
|
||||
ProtectKernelLogs=true
|
||||
NoNewPrivileges=true
|
||||
SystemCallFilter=@system-service
|
||||
SystemCallFilter=~@resources
|
||||
MemoryDenyWriteExecute=true
|
||||
IPAddressDeny=any
|
||||
ReadWritePaths=/var/run
|
||||
|
||||
ExecStart=/usr/bin/evtype_daemon
|
||||
ExecStopPost=/usr/bin/rm /var/run/evtype.sock
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Loading…
Add table
Add a link
Reference in a new issue