| # Copyright 2018 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Fine-grained memory stats collector" |
| author "chromium-os-dev@chromium.org" |
| |
| # The memory daemon collects memory stats around |
| # events of interest (such as tab discards). |
| start on started metrics_daemon |
| stop on stopped metrics_daemon |
| |
| # Sacrifice before OOM panic. |
| oom score 0 |
| |
| # Limit rss to 30MB (normally using 3MB at this point). |
| # Syntax is "limit <kind> <limit> <max_settable_limit>". |
| limit as 30000000 unlimited |
| |
| # Stop respawining after 10 tries in 10 seconds. |
| respawn |
| respawn limit 10 10 |
| |
| # minijail0 does the forking. |
| expect fork |
| |
| pre-start exec mkdir -p /var/log/memd |
| |
| # basic mounts: --profile minimalistic-mountns |
| # log to syslog: -b /dev/log |
| # receive low-mem notifications: -b /dev/chromeos-low-mem |
| # read /sys/kernel/mm: -b /sys |
| # /sys/kernel/debug is a separate mount: -b /sys/kernel/debug,,1 |
| # get a writeable and empty /var path: -k tmpfs,/var,tmpfs,0xe |
| # mount /var/log/memd on it: -b /var/log/memd,,1 |
| # get a writeable and empty /run path: -k tmpfs,/run,tmpfs,0xe |
| # mount /run/dbus for dbus socket: -b /run/dbus |
| # create new hostname namespace: --uts |
| # also: pid ns (-p), network ns (-e), no new privs (-n), IPC ns (-l) |
| # seccomp policy: -S /usr/share/policy/memd-seccomp.policy |
| # fork and exit: -i |
| exec minijail0 \ |
| --profile minimalistic-mountns \ |
| -b /dev/log \ |
| -b /dev/chromeos-low-mem \ |
| -b /sys \ |
| -k '/var,/var,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \ |
| -b /var/log/memd,,1 \ |
| -k '/run,/run,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \ |
| -b /run/dbus \ |
| --uts \ |
| -p -e -n -l \ |
| -S /usr/share/policy/memd-seccomp.policy \ |
| -i \ |
| -- /usr/bin/memd |