blob: fdc20b2b043fce9600cd1e539c64038391227878 [file] [log] [blame]
# Copyright 2018 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
description "CrosDns daemon for /etc/hosts modifications"
author "chromium-os-dev@chromium.org"
# Starts the crosdns daemon which provides a service for making
# modifications to the /etc/hosts file.
start on starting vm_concierge
stop on stopped vm_concierge
respawn
pre-start script
# Create the directory we use for storing our copy of /etc/hosts and then
# copy the existing version there as a baseline and bind mount it on top of
# the existing one.
mkdir -p -m 0755 /run/crosdns/
chown crosdns:crosdns /run/crosdns/
cp /etc/hosts /run/crosdns/hosts
chown crosdns:crosdns /run/crosdns/hosts
chmod 0644 /run/crosdns/hosts
mount -o bind /run/crosdns/ /etc/hosts.d
end script
post-stop script
umount --lazy /etc/hosts.d
end script
script
# Execute in a minijail with IPC, PID, UTS and mount namespaces, drop all
# caps, don't allow new privileges, change user/group to crosdns, and use
# the seccomp policy file.
exec minijail0 -l -p --uts -v -c 0 -n -u crosdns -g crosdns \
-S /usr/share/policy/crosdns-seccomp.policy -- /usr/sbin/crosdns
end script