From 9226415d30eb858bcf9d0f7d5eecb078315cc944 Mon Sep 17 00:00:00 2001 From: Michael Labiuk Date: Sun, 7 Jan 2024 22:59:23 +0200 Subject: [PATCH] Add systemd unit to setup application scope and add hardening. --- Telegram/CMakeLists.txt | 8 ++++++++ lib/xdg/org.telegram.desktop.service | 1 + lib/xdg/telegram-desktop.service | 13 +++++++++++++ 3 files changed, 22 insertions(+) create mode 100644 lib/xdg/telegram-desktop.service diff --git a/Telegram/CMakeLists.txt b/Telegram/CMakeLists.txt index 4f9db79398dba..67db6c67378e0 100644 --- a/Telegram/CMakeLists.txt +++ b/Telegram/CMakeLists.txt @@ -1875,6 +1875,7 @@ if (LINUX AND DESKTOP_APP_USE_PACKAGED) include(GNUInstallDirs) configure_file("../lib/xdg/org.telegram.desktop.service" "${CMAKE_CURRENT_BINARY_DIR}/org.telegram.desktop.service" @ONLY) configure_file("../lib/xdg/org.telegram.desktop.metainfo.xml" "${CMAKE_CURRENT_BINARY_DIR}/org.telegram.desktop.metainfo.xml" @ONLY) + configure_file("../lib/xdg/telegram-desktop.service" "${CMAKE_CURRENT_BINARY_DIR}/telegram-desktop.service" @ONLY) generate_appdata_changelog(Telegram "${CMAKE_SOURCE_DIR}/changelog.txt" "${CMAKE_CURRENT_BINARY_DIR}/org.telegram.desktop.metainfo.xml") install(TARGETS Telegram RUNTIME DESTINATION "${CMAKE_INSTALL_BINDIR}" BUNDLE DESTINATION "${CMAKE_INSTALL_BINDIR}") install(FILES "Resources/art/icon16.png" DESTINATION "${CMAKE_INSTALL_DATAROOTDIR}/icons/hicolor/16x16/apps" RENAME "telegram.png") @@ -1888,4 +1889,11 @@ if (LINUX AND DESKTOP_APP_USE_PACKAGED) install(FILES "../lib/xdg/org.telegram.desktop.desktop" DESTINATION "${CMAKE_INSTALL_DATAROOTDIR}/applications") install(FILES "${CMAKE_CURRENT_BINARY_DIR}/org.telegram.desktop.service" DESTINATION "${CMAKE_INSTALL_DATAROOTDIR}/dbus-1/services") install(FILES "${CMAKE_CURRENT_BINARY_DIR}/org.telegram.desktop.metainfo.xml" DESTINATION "${CMAKE_INSTALL_DATAROOTDIR}/metainfo") + + find_package(PkgConfig REQUIRED) + pkg_get_variable(SYSTEMD_USER_UNIT_DIR systemd systemduserunitdir) + if (NOT ${SYSTEMD_USER_UNIT_DIR} STREQUAL "") + install(FILES "${CMAKE_CURRENT_BINARY_DIR}/telegram-desktop.service" DESTINATION "${SYSTEMD_USER_UNIT_DIR}") + endif() + endif() diff --git a/lib/xdg/org.telegram.desktop.service b/lib/xdg/org.telegram.desktop.service index 525cac208cf3a..9cf5edfcd1c24 100644 --- a/lib/xdg/org.telegram.desktop.service +++ b/lib/xdg/org.telegram.desktop.service @@ -1,3 +1,4 @@ [D-BUS Service] Name=org.telegram.desktop Exec=@CMAKE_INSTALL_FULL_BINDIR@/telegram-desktop +SystemdService=telegram-desktop.service diff --git a/lib/xdg/telegram-desktop.service b/lib/xdg/telegram-desktop.service new file mode 100644 index 0000000000000..52b352c79614b --- /dev/null +++ b/lib/xdg/telegram-desktop.service @@ -0,0 +1,13 @@ +[Unit] +Description=Official desktop version of Telegram messaging app + +[Service] +Type=dbus +BusName=org.telegram.desktop +ExecStart=@CMAKE_INSTALL_FULL_BINDIR@/telegram-desktop +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +RestrictNamespaces=yes +SystemCallArchitectures=native +Slice=app.slice