gpm/gpm.service

[Unit]
Description=Console Mouse Manager
ConditionVirtualization=!container

# This could probably benefit from socket activation, but honestly I think it
# is time for gpm to go away, and hence I am not planning to spend the time
# to add socket activation here.

[Service]
ExecStart=gpm -m /dev/input/mice -t exps2
Type=forking
PIDFile=/run/gpm.pid

ProtectSystem=full
ProtectHome=yes
ProtectProc=invisible
ProtectControlGroups=yes
ProtectKernelTunables=yes
PrivateNetwork=yes
CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_SYS_ADMIN
DeviceAllow=char-tty
DeviceAllow=char-input
SystemCallFilter=@basic-io @io-event @network-io @file-system @process ioctl
SystemCallArchitectures=native
SystemCallErrorNumber=EPERM
RestrictAddressFamilies=AF_UNIX

# Note that "special commands" are disallowed by default.
# To enable, add '-S' to ExecStart= line, and tweak the SystemCallFilter= as appropriate.

[Install]
WantedBy=multi-user.target
add systemd unit Signed-off-by: Nikola Pajkovsky <npajkovs@redhat.com> 2010-08-19 09:35:33 +00:00			`[Unit]`
Use a systemd sandbox for the gpm service The sandbox is designed to allow standard select&paste operation on the text console. More fancy uses of gpm are unlikely to work, but that's on purpose: the only thing that people should be using gpm for is the occasional text copying when they land in rescue mode. This serves as an alternative to [1]. The replacement policy is probably stricter in some regards, while less strict in others… But I think it's much less magic and should be easier to maintain. [1] https://src.fedoraproject.org/rpms/gpm/pull-request/4 2021-09-08 14:15:00 +00:00			`Description=Console Mouse Manager`
Use ConditionVirtualization to skip the service in containers 2020-06-24 21:16:38 +00:00			`ConditionVirtualization=!container`
add systemd unit Signed-off-by: Nikola Pajkovsky <npajkovs@redhat.com> 2010-08-19 09:35:33 +00:00
			`# This could probably benefit from socket activation, but honestly I think it`
			`# is time for gpm to go away, and hence I am not planning to spend the time`
			`# to add socket activation here.`

			`[Service]`
Use a systemd sandbox for the gpm service The sandbox is designed to allow standard select&paste operation on the text console. More fancy uses of gpm are unlikely to work, but that's on purpose: the only thing that people should be using gpm for is the occasional text copying when they land in rescue mode. This serves as an alternative to [1]. The replacement policy is probably stricter in some regards, while less strict in others… But I think it's much less magic and should be easier to maintain. [1] https://src.fedoraproject.org/rpms/gpm/pull-request/4 2021-09-08 14:15:00 +00:00			`ExecStart=gpm -m /dev/input/mice -t exps2`
Incomplete systemd service file for gpm and fix url Signed-off-by: Nikola Pajkovsky <npajkovs@redhat.com> 2010-10-25 11:05:15 +00:00			`Type=forking`
updating /var/run/gpm.pid → /run/gpm.pid (rhbz #1692104) 2019-03-24 19:01:50 +00:00			`PIDFile=/run/gpm.pid`
add systemd unit Signed-off-by: Nikola Pajkovsky <npajkovs@redhat.com> 2010-08-19 09:35:33 +00:00
Use a systemd sandbox for the gpm service The sandbox is designed to allow standard select&paste operation on the text console. More fancy uses of gpm are unlikely to work, but that's on purpose: the only thing that people should be using gpm for is the occasional text copying when they land in rescue mode. This serves as an alternative to [1]. The replacement policy is probably stricter in some regards, while less strict in others… But I think it's much less magic and should be easier to maintain. [1] https://src.fedoraproject.org/rpms/gpm/pull-request/4 2021-09-08 14:15:00 +00:00			`ProtectSystem=full`
			`ProtectHome=yes`
			`ProtectProc=invisible`
			`ProtectControlGroups=yes`
			`ProtectKernelTunables=yes`
			`PrivateNetwork=yes`
			`CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_SYS_ADMIN`
			`DeviceAllow=char-tty`
			`DeviceAllow=char-input`
			`SystemCallFilter=@basic-io @io-event @network-io @file-system @process ioctl`
			`SystemCallArchitectures=native`
			`SystemCallErrorNumber=EPERM`
			`RestrictAddressFamilies=AF_UNIX`

			`# Note that "special commands" are disallowed by default.`
			`# To enable, add '-S' to ExecStart= line, and tweak the SystemCallFilter= as appropriate.`

add systemd unit Signed-off-by: Nikola Pajkovsky <npajkovs@redhat.com> 2010-08-19 09:35:33 +00:00			`[Install]`
			`WantedBy=multi-user.target`