From 662e31d618870e77a371a422d5d623dcd42b1e55 Mon Sep 17 00:00:00 2001 From: Chris Down Date: Fri, 17 Feb 2017 11:45:03 -0500 Subject: [PATCH] Add systemd unit Closes #39, #40. --- README.md | 3 +++ init/clipmenud.service | 31 +++++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+) create mode 100644 init/clipmenud.service diff --git a/README.md b/README.md index 4d2dc9b..360eb74 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,9 @@ clipmenu is a simple clipboard manager using [dmenu][] and [xsel][]. Start `clipmenud`, then run `clipmenu` to select something to put on the clipboard. +A systemd user service for starting clipmenud is included at +[init/clipmenud.service](https://github.com/cdown/clipmenu/blob/develop/init/clipmenud.service). + All args passed to clipmenu are transparently dispatched to dmenu. That is, if you usually call dmenu with args to set colours and other properties, you can invoke clipmenu in exactly the same way to get the same effect, like so: diff --git a/init/clipmenud.service b/init/clipmenud.service new file mode 100644 index 0000000..029ad0c --- /dev/null +++ b/init/clipmenud.service @@ -0,0 +1,31 @@ +[Unit] +Description=Clipmenu daemon + +[Service] +ExecStart=/usr/bin/clipmenud +Restart=always +RestartSec=0 +Environment=DISPLAY=:0 + +SystemCallFilter=@basic-io @default @io-event @ipc @network-io @process \ + brk fadvise64 getegid geteuid getgid getgroups getpgrp \ + getpid getppid getrlimit getuid ioctl mprotect rt_sigaction \ + rt_sigprocmask setitimer setsid sysinfo umask uname wait4 + +# @file-system will handle this once v233 is released, see +# http://bit.ly/2l1r8Ah for more details. +SystemCallFilter=access chdir close faccessat fcntl fstat getcwd mkdir mmap \ + munmap open stat statfs unlink + +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +ProtectControlGroups=yes +ProtectKernelTunables=yes +RestrictAddressFamilies= +RestrictRealtime=yes + +ProtectSystem=strict +ReadWritePaths=/tmp + +[Install] +WantedBy=default.target