diff options
| author |   Brian Harring <ferringb@gmail.com> | 2020-03-22 17:07:14 -0700 |
|---|---|---|
| committer |   Joonas Niilola <juippis@gentoo.org> | 2020-03-28 09:01:19 +0200 |
| commit | 5d7497c63f27f8b8cd65736ac400714a3614d7b4 (patch) | |
| tree | 534bcf214e98c9ea2329c37550a4d4018808fda5 | |
| parent | x11-drivers/nvidia-drivers: Old (diff) | |
| download | gentoo-5d7497c63f27f8b8cd65736ac400714a3614d7b4.tar.gz gentoo-5d7497c63f27f8b8cd65736ac400714a3614d7b4.tar.bz2 gentoo-5d7497c63f27f8b8cd65736ac400714a3614d7b4.zip | |
sci-biology/foldingathome: systemd cleanup, various fixes.
1) force the `foldingathome` user group for the process for obvious
reasons.
2) link in the video group and add it to the foldingathome user- this
is necessary for GPU utilization.
3) force nice=19 from systemd level. The batch processing attempts to
do this for workers, but we might as well force it for the scheduler.
4) Add explicit configuration directives to force- irregardless of host config-
the scheduler to be foreground'd and running in a fashion that integrates w/
systemd more sanely.
5) Lockdown some basic systemd security while I'm in here.
6) Finally, drop the pidfile directive for systemd. Foreground process-
no pidfile to track (nor should we have the unit create it).
Bug: https://bugs.gentoo.org/712744
Signed-off-by: Brian Harring <ferringb@gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/15145
Signed-off-by: Joonas Niilola <juippis@gentoo.org>
| -rw-r--r-- | sci-biology/foldingathome/foldingathome-7.5.1-r2.ebuild | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/sci-biology/foldingathome/foldingathome-7.5.1-r2.ebuild b/sci-biology/foldingathome/foldingathome-7.5.1-r2.ebuild index 502ff39266a9..cb7ce89a604b 100644 --- a/sci-biology/foldingathome/foldingathome-7.5.1-r2.ebuild +++ b/sci-biology/foldingathome/foldingathome-7.5.1-r2.ebuild @@ -25,7 +25,9 @@ RDEPEND="app-arch/bzip2 ) sys-devel/gcc sys-libs/glibc - sys-libs/zlib" + sys-libs/zlib + acct-group/video +" S="${WORKDIR}/fahclient_${PV}-64bit-release" @@ -44,7 +46,7 @@ pkg_setup() { elog "" enewgroup foldingathome - enewuser foldingathome -1 -1 "${EPREFIX}"/opt/foldingathome + enewuser foldingathome -1 -1 "${EPREFIX}"/opt/foldingathome video } src_install() { @@ -83,12 +85,16 @@ Documentation=https://foldingathome.org [Service] Type=simple User=foldingathome +Group=foldingathome +Nice=19 WorkingDirectory=${EPREFIX}/opt/foldingathome -PIDFile=/run/fahclient.pid -ExecStart=${EPREFIX}/opt/foldingathome/FAHClient -v -#ExecReload=${EPREFIX}/opt/foldingathome/FAHClient -v restart -#ExecStop=${EPREFIX}/opt/foldingathome/FAHClient -v stop -KillMode=process +ExecStart=${EPREFIX}/opt/foldingathome/FAHClient --fork=false --pid=false --respawn=false --service=false +NoNewPrivileges=yes +PrivateTmp=yes +ProtectControlGroups=yes +ProtectSystem=full +RestrictRealtime=true +ProtectControlGroups=yes [Install] WantedBy=multi-user.target |