mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2025-11-05 13:30:02 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

systemd: add sandboxing and slice similar to pulseaudio

Browse source 
Adds as much sandboxing as seems to work with user sessions.
Adds pipewire to session slice per https://systemd.io/DESKTOP_ENVIRONMENTS/

Inspired from https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/blob/master/src/daemon/systemd/user/pulseaudio.service.in

Fixes: 763
This commit is contained in:
Bryan Quigley 2021-02-18 21:40:00 -08:00 committed by Wim Taymans
parent b9241b1d73
commit dd1bf796cb
2 changed files with 14 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/daemon/systemd/user/pipewire-pulse.service.in
View file

@ -17,9 +17,16 @@ Requires=pipewire-pulse.socket
ConditionUser=!root ConditionUser=!root
[Service] [Service]
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
RestrictNamespaces=yes
SystemCallArchitectures=native
SystemCallFilter=@system-service
Type=simple Type=simple
ExecStart=@PW_PULSE_BINARY@ ExecStart=@PW_PULSE_BINARY@
Restart=on-failure Restart=on-failure
Slice=session.slice
[Install] [Install]
Also=pipewire-pulse.socket Also=pipewire-pulse.socket

7
src/daemon/systemd/user/pipewire.service.in
View file

@ -16,9 +16,16 @@ Description=Multimedia Service
Requires=pipewire.socket Requires=pipewire.socket
[Service] [Service]
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
RestrictNamespaces=yes
SystemCallArchitectures=native
SystemCallFilter=@system-service
Type=simple Type=simple
ExecStart=@PW_BINARY@ ExecStart=@PW_BINARY@
Restart=on-failure Restart=on-failure
Slice=session.slice
[Install] [Install]
Also=pipewire.socket Also=pipewire.socket