Bump
This commit is contained in:
Mario Fetka
@@ -1,3 +1,4 @@
|
||||
AUX ipx.confd 552 BLAKE2B e953dfafdec15aed36928133ca9db9bd768112f814534fa1f13ae714af955abf2f7d3ce762e9f4c6f6440f80b2e3726f9d1c435eb8804cb3760e39394deb7be3 SHA512 ba7de25e2ee3b9997d51a4eed0b8eb6ede232b627962cbc0efe6c318c1b34911cb64e4c19786e44800d8b573c8730e355e71f78aaf17391f019cc17a49c6c84d
|
||||
AUX ipx.init 847 BLAKE2B 8814aa5c9bcb2cc4a19cd65c21ec92e9ef10084dffd82cbd794377c3a012ca122d3ddfa78c546565e009bfd6dba0c7e9dd3933458bb35f383501fe2fabd0964d SHA512 f8a9cb8e46988a010bf5df97b6e0e29500319ba91964a81fea515cf70e19f04889a4ad061e2aa79a1b75ba3d1ab2ab0abd89d8ebf4ed626267377bd8d05eb2db
|
||||
EBUILD ipx-utils-9999.ebuild 743 BLAKE2B 2a6e8b89838581ce2ce60ef59629a77998bcb574a75e87e52a2eb978971a01572da0e871c714105204af2191197c527e4aa64295af7e801444f40cf7136a0947 SHA512 67ddbb6bc92e0acd29eb2c3a4d5ecafb7038cf866a97059aa59858fda1178ebb88a55b519cb1ae77ef04d0e4ceff5501d99a6428e967ebe7e385d9fd2f08ebff
|
||||
AUX ipx.service 3397 BLAKE2B 8581d8ffc754b2130c2b0cdfc260a927414eccc2e6679d4390bc0eec72cf7849f7db3c92d50226f56dce2883ea5a0893faf157171745034db68d1626e61a702f SHA512 fb6dbede0c27996f5d37c16bcee0d9ef6c216b6f66704dd041c5375347640f908ef467555ffba7e1b784920136f4c0a8d3d8e7c9faa97db003542fc949a0f984
|
||||
EBUILD ipx-utils-9999.ebuild 743 BLAKE2B 450853689e9dc6b25e1995b0263ad7041ebf5af9de628833bd9e52b448462d3319ba665106b07eae6db9078c1e48ad839aeb0f534ac59335f6df848b5db088c3 SHA512 15d97870bbee8810a180a56a8c0e732c261c2fab9ac479b3062455015c1ec9468a5cf41d0bd6dea59b0738d0fa1007acc8bc5c3eb35d3e7c8d4b2e8cf3818e16
|
||||
|
||||
84
net-misc/ipx-utils/files/ipx.service
Normal file
84
net-misc/ipx-utils/files/ipx.service
Normal file
@@ -0,0 +1,84 @@
|
||||
# It's not recommended to modify this file in-place, because it will be
|
||||
# overwritten during upgrades. If you want to customize, the best
|
||||
# way is to use the "systemctl edit" command to create an override unit.
|
||||
#
|
||||
# For example, to pass additional options, create an override unit
|
||||
# (as is done by systemctl edit) and enter the following:
|
||||
#
|
||||
# [Service]
|
||||
# Environment=OPTIONS="-l 127.0.0.1,::1"
|
||||
|
||||
|
||||
[Unit]
|
||||
Description=IPX Network Config
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
EnvironmentFile=/etc/conf.d/ipx
|
||||
ExecStart=/usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS
|
||||
|
||||
# Set up a new file system namespace and mounts private /tmp and /var/tmp
|
||||
# directories so this service cannot access the global directories and
|
||||
# other processes cannot access this service's directories.
|
||||
PrivateTmp=true
|
||||
|
||||
# Mounts the /usr, /boot, and /etc directories read-only for processes
|
||||
# invoked by this unit.
|
||||
ProtectSystem=full
|
||||
|
||||
# Ensures that the service process and all its children can never gain new
|
||||
# privileges
|
||||
NoNewPrivileges=true
|
||||
|
||||
# Sets up a new /dev namespace for the executed processes and only adds API
|
||||
# pseudo devices such as /dev/null, /dev/zero or /dev/random (as well as
|
||||
# the pseudo TTY subsystem) to it, but no physical devices such as /dev/sda.
|
||||
PrivateDevices=true
|
||||
|
||||
# Required for dropping privileges and running as a different user
|
||||
CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE
|
||||
|
||||
# Restricts the set of socket address families accessible to the processes
|
||||
# of this unit. Protects against vulnerabilities such as CVE-2016-8655
|
||||
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
|
||||
|
||||
|
||||
# Some security features are not in the older versions of systemd used by
|
||||
# e.g. RHEL7/CentOS 7. The below settings are automatically edited at package
|
||||
# build time to uncomment them if the target platform supports them.
|
||||
|
||||
# Attempts to create memory mappings that are writable and executable at
|
||||
# the same time, or to change existing memory mappings to become executable
|
||||
# are prohibited.
|
||||
##safer##MemoryDenyWriteExecute=true
|
||||
|
||||
# Explicit module loading will be denied. This allows to turn off module
|
||||
# load and unload operations on modular kernels. It is recommended to turn
|
||||
# this on for most services that do not need special file systems or extra
|
||||
# kernel modules to work.
|
||||
##safer##ProtectKernelModules=true
|
||||
|
||||
# Kernel variables accessible through /proc/sys, /sys, /proc/sysrq-trigger,
|
||||
# /proc/latency_stats, /proc/acpi, /proc/timer_stats, /proc/fs and /proc/irq
|
||||
# will be made read-only to all processes of the unit. Usually, tunable
|
||||
# kernel variables should only be written at boot-time, with the sysctl.d(5)
|
||||
# mechanism. Almost no services need to write to these at runtime; it is hence
|
||||
# recommended to turn this on for most services.
|
||||
##safer##ProtectKernelTunables=true
|
||||
|
||||
# The Linux Control Groups (cgroups(7)) hierarchies accessible through
|
||||
# /sys/fs/cgroup will be made read-only to all processes of the unit.
|
||||
# Except for container managers no services should require write access
|
||||
# to the control groups hierarchies; it is hence recommended to turn this
|
||||
# on for most services
|
||||
##safer##ProtectControlGroups=true
|
||||
|
||||
# Any attempts to enable realtime scheduling in a process of the unit are
|
||||
# refused.
|
||||
##safer##RestrictRealtime=true
|
||||
|
||||
# Takes away the ability to create or manage any kind of namespace
|
||||
##safer##RestrictNamespaces=true
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@@ -1,7 +1,7 @@
|
||||
# Copyright 1999-2022 Gentoo Authors
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
EAPI=7
|
||||
EAPI=8
|
||||
|
||||
EGIT_REPO_URI="https://github.com/pasis/ipx-utils.git"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user