| # Copyright 2020 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Start arc-host-clock-service" |
| author "chromium-os-dev@chromium.org" |
| |
| start on starting arcvm-pre-login-services |
| stop on stopping arcvm-pre-login-services |
| |
| oom score -100 |
| limit as 100000000 unlimited |
| |
| # Allow real-time priority as this service is time-critical. |
| # 10 is the same value as vm_concierge (RT vcpus for ARCVM). |
| limit rtprio 10 10 |
| |
| pre-start script |
| # Make sure the vsock module is loaded. |
| modprobe -q vhost-vsock |
| end script |
| |
| # Use minimalistic-mountns profile. |
| # -e for a new network namespace. |
| # -p for a new PID namespace. |
| # -l for a new IPC namespace. |
| # --uts for UTS namespace to isolate from host / domain names. |
| # -N for freeze cgroup settings. |
| exec minijail0 \ |
| --profile=minimalistic-mountns \ |
| -e \ |
| -p \ |
| -l \ |
| --uts \ |
| -N \ |
| -u arc-host-clock \ |
| -g arc-host-clock \ |
| -- /usr/bin/arc-host-clock-service |