| # Copyright 2020 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Start Chrome OS iio service" |
| author "chromium-os-dev@chromium.org" |
| |
| # Start when mems_setup has set proper group and ownership. |
| start on started cros-ec-accel |
| stop on stopping boot-services |
| expect fork |
| respawn |
| respawn limit 5 30 |
| |
| # Don't respawn too aggressively so kernel has some room to breathe and |
| # initialize sensors. |
| env RESPAWN_DELAY=3 |
| |
| # Make iioservice killable, because if it has a leak it's better to |
| # restart it than to OOM-panic. |
| oom score -100 |
| # Let the daemon crash if it grows too much. "as" is "address space" (vm |
| # size). We expect a typical VM size of about 200MB for the daemon. |
| limit as 200000000 unlimited |
| |
| exec minijail0 -i -u iioservice -g iioservice -G \ |
| -N --uts -e -p -P /mnt/empty \ |
| -n -S /usr/share/policy/iioservice-seccomp.policy \ |
| -b /usr/sbin -b /sys/bus/iio/devices -b /sys/devices,,1 \ |
| -b /sys/firmware -b /run/dbus -b /dev,,1 -b /run/systemd/journal \ |
| -R 13,40,40 \ |
| -- /usr/sbin/iioservice |
| |