permission_broker/permission_broker.conf - mirrors/cros/chromiumos/platform2 - Git at Google

 # Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 description     "Permission Broker Daemon"
 author          "chromium-os-dev@chromium.org"

 env PERMISSION_BROKER_GRANT_GROUP=devbroker-access

 start on started firewalld
 stop on stopping firewalld
 expect fork
 respawn

 # TODO(gdk): Unclaimed devices that are handled by the permission broker
 # should, in the future, be owned by the devbroker user so that the permission
 # broker does not need to run with enhanced capabilities.

 # Grant CAP_CHOWN, CAP_DAC_OVERRIDE, and CAP_FOWNER; set NoNewPrivs.
 exec minijail0 -u devbroker -c 000b -i -n -- /usr/bin/permission_broker \
     --access_group=${PERMISSION_BROKER_GRANT_GROUP}
	# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	description "Permission Broker Daemon"
	author "chromium-os-dev@chromium.org"

	env PERMISSION_BROKER_GRANT_GROUP=devbroker-access

	start on started firewalld
	stop on stopping firewalld
	expect fork
	respawn

	# TODO(gdk): Unclaimed devices that are handled by the permission broker
	# should, in the future, be owned by the devbroker user so that the permission
	# broker does not need to run with enhanced capabilities.

	# Grant CAP_CHOWN, CAP_DAC_OVERRIDE, and CAP_FOWNER; set NoNewPrivs.
	exec minijail0 -u devbroker -c 000b -i -n -- /usr/bin/permission_broker \
	--access_group=${PERMISSION_BROKER_GRANT_GROUP}