nfqws,tpws: add support for systemd readiness notifications (75660333) · Commits · git-mirror / Zapret

Makefile

+13 −0

Original line number	Diff line number	Diff line
		@@ -15,6 +15,19 @@ all: clean
		done \
		done

		systemd: clean
		@mkdir -p "$(TGT)"; \
		for dir in $(DIRS); do \
		find "$$dir" -type f $ -name ".c" -o -name ".h" -o -name "*akefile" $ -exec chmod -x {} \; ; \
		$(MAKE) -C "$$dir" systemd \|\| exit; \
		for exe in "$$dir/"*; do \
		if [ -f "$$exe" ] && [ -x "$$exe" ]; then \
		mv -f "$$exe" "${TGT}" ; \
		ln -fs "../${TGT}/$$(basename "$$exe")" "$$exe" ; \
		fi \
		done \
		done

		android: clean
		@mkdir -p "$(TGT)"; \
		for dir in $(DIRS); do \

0 → 100644

+48 −0

Original line number	Diff line number	Diff line
		# Example systemd service unit for nfqws. Adjust for your installation.

		[Unit]
		After=network.target

		[Service]
		Type=notify
		Restart=on-failure

		ExecSearchPath=/opt/zapret/binaries/my
		ExecStart=nfqws @${CONFIG_FILE}
		Environment=CONFIG_FILE=/etc/zapret/nfqws.config

		StateDirectory=nfqws
		StateDirectoryMode=0700
		WorkingDirectory=%S/nfqws

		DynamicUser=true
		AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW
		CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
		RestrictAddressFamilies=AF_NETLINK AF_UNIX AF_INET6 AF_INET

		LockPersonality=true
		MemoryDenyWriteExecute=true
		PrivateDevices=true
		PrivateMounts=true
		PrivateTmp=true
		ProcSubset=pid
		ProtectClock=true
		ProtectControlGroups=true
		ProtectHome=true
		ProtectHostname=true
		ProtectKernelLogs=true
		ProtectKernelModules=true
		ProtectKernelTunables=true
		ProtectProc=invisible
		ProtectSystem=strict
		RemoveIPC=true
		RestrictNamespaces=true
		RestrictRealtime=true
		RestrictSUIDSGID=true
		SystemCallArchitectures=native
		SystemCallFilter=@system-service
		SystemCallFilter=~@resources @privileged
		UMask=0077

		[Install]
		WantedBy=multi-user.target

+2 −0

Original line number	Diff line number	Diff line
		@@ -11,6 +11,8 @@ all: ip2net
		ip2net: $(SRC_FILES)
		$(CC) -s $(CFLAGS) -o ip2net $(SRC_FILES) $(LIBS) $(LDFLAGS)

		systemd: ip2net

		android: ip2net

		bsd: $(SRC_FILES)

+2 −0

Original line number	Diff line number	Diff line
		@@ -12,6 +12,8 @@ all: mdig
		mdig: $(SRC_FILES)
		$(CC) -s $(CFLAGS) -o mdig $(SRC_FILES) $(LIBS) $(LDFLAGS)

		systemd: mdig

		android: $(SRC_FILES)
		$(CC) -s $(CFLAGS) -o mdig $(SRC_FILES) $(LIBS_ANDROID) $(LDFLAGS)

+5 −0

Original line number	Diff line number	Diff line
		CC ?= gcc
		CFLAGS += -std=gnu99 -Os -flto=auto
		CFLAGS_SYSTEMD = -DUSE_SYSTEMD
		CFLAGS_BSD = -Wno-address-of-packed-member
		CFLAGS_CYGWIN = -Wno-address-of-packed-member -static
		LIBS_LINUX = -lnetfilter_queue -lnfnetlink -lz
		LIBS_SYSTEMD = -lsystemd
		LIBS_BSD = -lz
		LIBS_CYGWIN = -lz -Lwindows/windivert -Iwindows -lwlanapi -lole32 -loleaut32
		LIBS_CYGWIN32 = -lwindivert32
		@@ -16,6 +18,9 @@ all: nfqws
		nfqws: $(SRC_FILES)
		$(CC) -s $(CFLAGS) -o nfqws $(SRC_FILES) $(LIBS_LINUX) $(LDFLAGS)

		systemd: $(SRC_FILES)
		$(CC) -s $(CFLAGS) $(CFLAGS_SYSTEMD) -o nfqws $(SRC_FILES) $(LIBS_LINUX) $(LIBS_SYSTEMD) $(LDFLAGS)

		android: nfqws

		bsd: $(SRC_FILES)