net-misc/rmtfs/files/rmtfs.conf - mirrors/cros/chromiumos/overlays/chromiumos-overlay - Git at Google

 # Copyright 2018 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 description   "Start rmtfs server"
 author        "benchan@chromium.org"

 env RMTFS_DEV=/dev/qcom_rmtfs_mem1
 env RMTFS_DIR=/var/lib/rmtfs
 env RMTFS_BOOT_DIR=/var/lib/rmtfs/boot
 env SOC_DIR=/sys/devices/platform/soc@0

 # qcom-rmtfs-added: One of the devices we need is ready.
 # qcom-modem-added: The other device we need is ready.
 # syslog: minijail bind mounts /dev/log, which won't exist until syslog starts.
 # verify_fsg: is in charge of creating files in ${RMTFS_DIR}
 start on started syslog and stopped verify_fsg and ((qcom-rmtfs-added and qcom-modem-added) or rmtfs-early)
 stop on starting pre-shutdown

 # This service handles modem file system storage requests. Other than
 # the connection to the modem itself, it keeps no state. So it should
 # be okay, though not preferable, to kill and restart this service.
 oom score -100
 respawn

 expect fork

 pre-start script
   # Make the directory just in case something went weird with verify_fsg
   mkdir -p "${RMTFS_BOOT_DIR}"

   # Set restrictive permissions.  We don't combine this with the mkdir -p
   # above (using a "-m 0700") for two reasons:
   # a) mkdir -p only applies permissions to the last dir in the chain.
   # b) If the dir already exists (maybe an old version of the software
   #    created it) the permissions won't change.
   chmod 0700 "${RMTFS_BOOT_DIR}" "${RMTFS_DIR}"

   # The verify_fsg script creates things w/ root.  Change to the right owner
   chown rmtfs:rmtfs "${RMTFS_BOOT_DIR}" "${RMTFS_DIR}"

   for f in modem_fsc modem_fsg modem_fs1 modem_fs2; do
     if [ ! -f "${RMTFS_BOOT_DIR}/${f}" ]; then
       touch "${RMTFS_BOOT_DIR}/${f}"
     fi
     chown rmtfs:rmtfs "${RMTFS_BOOT_DIR}/${f}"
   done
   # Allow the rmtfs user to control the remoteproc sysfs state file.
   chown rmtfs:rmtfs /sys/bus/platform/drivers/qcom-q6v5-mss/[0-9]*/remoteproc/remoteproc*/state
 end script

 # rmtfs needs CAP_NET_ADMIN to open AF_QIPCRTR socket.
 # We provide read-only access to /var, so we can get a read/write bind mount
 # for /var/lib/rmtfs/boot.
 exec minijail0 --profile=minimalistic-mountns -inNlvr --uts \
   -b "${RMTFS_DEV}",,1 -b /sys -b "${SOC_DIR}",,1 \
   -k '/var,/var,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \
   -b "${RMTFS_BOOT_DIR}",,1 \
   -c cap_net_admin=e -u rmtfs -g rmtfs \
   -S /usr/share/policy/rmtfs-seccomp.policy \
   -- /usr/bin/rmtfs -so "${RMTFS_BOOT_DIR}"
	# Copyright 2018 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	description "Start rmtfs server"
	author "benchan@chromium.org"

	env RMTFS_DEV=/dev/qcom_rmtfs_mem1
	env RMTFS_DIR=/var/lib/rmtfs
	env RMTFS_BOOT_DIR=/var/lib/rmtfs/boot
	env SOC_DIR=/sys/devices/platform/soc@0

	# qcom-rmtfs-added: One of the devices we need is ready.
	# qcom-modem-added: The other device we need is ready.
	# syslog: minijail bind mounts /dev/log, which won't exist until syslog starts.
	# verify_fsg: is in charge of creating files in ${RMTFS_DIR}
	start on started syslog and stopped verify_fsg and ((qcom-rmtfs-added and qcom-modem-added) or rmtfs-early)
	stop on starting pre-shutdown

	# This service handles modem file system storage requests. Other than
	# the connection to the modem itself, it keeps no state. So it should
	# be okay, though not preferable, to kill and restart this service.
	oom score -100
	respawn

	expect fork

	pre-start script
	# Make the directory just in case something went weird with verify_fsg
	mkdir -p "${RMTFS_BOOT_DIR}"

	# Set restrictive permissions. We don't combine this with the mkdir -p
	# above (using a "-m 0700") for two reasons:
	# a) mkdir -p only applies permissions to the last dir in the chain.
	# b) If the dir already exists (maybe an old version of the software
	# created it) the permissions won't change.
	chmod 0700 "${RMTFS_BOOT_DIR}" "${RMTFS_DIR}"

	# The verify_fsg script creates things w/ root. Change to the right owner
	chown rmtfs:rmtfs "${RMTFS_BOOT_DIR}" "${RMTFS_DIR}"

	for f in modem_fsc modem_fsg modem_fs1 modem_fs2; do
	if [ ! -f "${RMTFS_BOOT_DIR}/${f}" ]; then
	touch "${RMTFS_BOOT_DIR}/${f}"
	fi
	chown rmtfs:rmtfs "${RMTFS_BOOT_DIR}/${f}"
	done
	# Allow the rmtfs user to control the remoteproc sysfs state file.
	chown rmtfs:rmtfs /sys/bus/platform/drivers/qcom-q6v5-mss/[0-9]/remoteproc/remoteproc/state
	end script

	# rmtfs needs CAP_NET_ADMIN to open AF_QIPCRTR socket.
	# We provide read-only access to /var, so we can get a read/write bind mount
	# for /var/lib/rmtfs/boot.
	exec minijail0 --profile=minimalistic-mountns -inNlvr --uts \
	-b "${RMTFS_DEV}",,1 -b /sys -b "${SOC_DIR}",,1 \
	-k '/var,/var,tmpfs,MS_NODEV\|MS_NOEXEC\|MS_NOSUID,mode=755,size=10M' \
	-b "${RMTFS_BOOT_DIR}",,1 \
	-c cap_net_admin=e -u rmtfs -g rmtfs \
	-S /usr/share/policy/rmtfs-seccomp.policy \
	-- /usr/bin/rmtfs -so "${RMTFS_BOOT_DIR}"