crash-reporter/init/anomaly-detector.conf - mirrors/cros/chromiumos/platform2 - Git at Google

 # Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 description "Runs a daemon which collects and reports kernel log anomalies"
 author      "chromium-os-dev@chromium.org"

 start on started system-services
 stop on stopping system-services
 respawn
 expect fork

 env TESTONLY_SEND_ALL
 import TESTONLY_SEND_ALL

 # Allow us to be killed as we are not critical to the system.  If we have a
 # leak, better to crash & restart than to OOM-panic the system.
 oom score -100
 # Let the daemon crash if it grows too much.  "as" is "address space" (vm
 # size).  Since anomaly_detector maps in the journal files which are currently
 # limited to 200MiB in size, we set the limit to three times that for safety.
 # The VM size of the daemon when it's not mapping in journals is about 30MiB,
 # so it fits well within this limit.
 limit as 600000000 unlimited

 pre-start script
   mkdir -p /var/lib/whitelist
 end script

 # /dev/log: We use syslog for error messages.
 # /var/log: We monitor /var/log/messages for anomalies.  But we can't bind mount
 #   that path directly because it gets rotated.
 # /var/spool: We write out our crash reports here.
 #   TODO: We should mount just /var/spool/crash.
 # /var/lib/metrics: We write out uma stats directly.
 # /sys: Some kernel detectors will read PCI device information.
 # /run/crash_reporter: We need to indicate runtime state.
 # /run/dbus: We need to talk to dbus.
 # /home/chronos: crash_reporter running inside this minijail needs to read user
 #   consent of error collection.
 # /var/lib/whitelist: crash_reporter running inside this minijail needs to read
 #   device policy file.
 exec /sbin/minijail0 \
   -T static \
   --profile=minimalistic-mountns \
   -i -p -v -r --uts -l -g syslog \
   --mount-dev -b /dev/log \
   -b /sys \
   -k '/var,/var,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \
   -b /var/log -b /var/spool,,1 -b /var/lib/metrics,,1 \
   -b /var/lib/whitelist \
   -k '/run,/run,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \
   -b /run/crash_reporter,,1 \
   -b /run/dbus \
   -b /home/chronos \
   -- /usr/bin/anomaly_detector $TESTONLY_SEND_ALL
	# Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	description "Runs a daemon which collects and reports kernel log anomalies"
	author "chromium-os-dev@chromium.org"

	start on started system-services
	stop on stopping system-services
	respawn
	expect fork

	env TESTONLY_SEND_ALL
	import TESTONLY_SEND_ALL

	# Allow us to be killed as we are not critical to the system. If we have a
	# leak, better to crash & restart than to OOM-panic the system.
	oom score -100
	# Let the daemon crash if it grows too much. "as" is "address space" (vm
	# size). Since anomaly_detector maps in the journal files which are currently
	# limited to 200MiB in size, we set the limit to three times that for safety.
	# The VM size of the daemon when it's not mapping in journals is about 30MiB,
	# so it fits well within this limit.
	limit as 600000000 unlimited

	pre-start script
	mkdir -p /var/lib/whitelist
	end script

	# /dev/log: We use syslog for error messages.
	# /var/log: We monitor /var/log/messages for anomalies. But we can't bind mount
	# that path directly because it gets rotated.
	# /var/spool: We write out our crash reports here.
	# TODO: We should mount just /var/spool/crash.
	# /var/lib/metrics: We write out uma stats directly.
	# /sys: Some kernel detectors will read PCI device information.
	# /run/crash_reporter: We need to indicate runtime state.
	# /run/dbus: We need to talk to dbus.
	# /home/chronos: crash_reporter running inside this minijail needs to read user
	# consent of error collection.
	# /var/lib/whitelist: crash_reporter running inside this minijail needs to read
	# device policy file.
	exec /sbin/minijail0 \
	-T static \
	--profile=minimalistic-mountns \
	-i -p -v -r --uts -l -g syslog \
	--mount-dev -b /dev/log \
	-b /sys \
	-k '/var,/var,tmpfs,MS_NODEV\|MS_NOEXEC\|MS_NOSUID,mode=755,size=10M' \
	-b /var/log -b /var/spool,,1 -b /var/lib/metrics,,1 \
	-b /var/lib/whitelist \
	-k '/run,/run,tmpfs,MS_NODEV\|MS_NOEXEC\|MS_NOSUID,mode=755,size=10M' \
	-b /run/crash_reporter,,1 \
	-b /run/dbus \
	-b /home/chronos \
	-- /usr/bin/anomaly_detector $TESTONLY_SEND_ALL