millerson.name/gentoo-overlay
1
0
Fork 0
Code Issues Pull Requests Releases Activity

net-proxy/youtubeUnblock: hardening service

Browse Source
This commit is contained in:
Alexander Miroshnichenko 2025-01-22 19:22:02 +03:00
parent b85c9c5a11
commit 5e7dfe235f
Signed by: alex
GPG Key ID: E93720C6C73A77F4
1 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
net-proxy/youtubeUnblock/youtubeUnblock-1.0.0_rc5.ebuild
View File

@ -6,7 +6,7 @@ EAPI=8
MY_P=${P/_/-}
MODULES_OPTIONAL_IUSE="+modules"
inherit linux-mod-r1
inherit linux-mod-r1 fcaps
DESCRIPTION="Bypasses Deep Packet Inspection (DPI) systems that rely on SNI"
HOMEPAGE="https://github.com/Waujito/youtubeUnblock"
@ -30,6 +30,14 @@ src_prepare() {
default
sed -i "s@^KERNEL_BUILDER_MAKEDIR:=.*@KERNEL_BUILDER_MAKEDIR:=/lib/modules/${KV_FULL}/build@" kmake.mk || die "Fail to set desired kernel version in the Makefile"
sed -i -e "/\[Service\]/a DynamicUser=true" \
-e "/\[Service\]/a AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN" \
-e "/\[Service\]/a CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW" \
-e "/\[Service\]/a RestrictNamespaces=yes" \
-e "/\[Service\]/a ProtectSystem=full" \
-e "/\[Service\]/a ProtectHome=true" \
-e "/\[Service\]/a PrivateTmp=true" \
youtubeUnblock.service
}
src_compile() {
@ -54,6 +62,10 @@ src_install() {
}
pkg_postinst() {
if use uspace; then
fcaps cap_net_raw,cap_net_admin "${EROOT}"/usr/bin/"${PN}"
fi
if use module-src && ! use modules; then
einfo
einfo "You have enabled the module-src USE flag without the modules USE"