| # Copyright (c) 2014 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Metrics collection daemon" |
| author "chromium-os-dev@chromium.org" |
| |
| # The metrics daemon is responsible for receiving and forwarding to |
| # chrome UMA statistics not produced by chrome. |
| |
| # Wait for the crash reporter to check whether the previous session |
| # ended abnormally. |
| start on stopped crash-boot-collect |
| stop on stopping system-services |
| respawn |
| |
| # metrics will update the next line to add -uploader for embedded builds. |
| env DAEMON_FLAGS="" |
| |
| # Make the metrics daemon killable, because if it has a leak it's better to |
| # restart it than to OOM-panic. |
| oom score 0 |
| # Let the daemon crash if it grows too much. "as" is "address space" (vm |
| # size). We expect a typical VM size of about 30MB for the daemon. |
| limit as 150000000 unlimited |
| |
| expect fork |
| pre-start script |
| # We do not want to give write permission to the entire log or lib directory |
| # it is better to create (if doesn't exist) vmlog used by vmlog_writer |
| # /var/lib/metrics is used to store persistent data. |
| mkdir -p /var/log/vmlog /var/lib/metrics |
| # Change ownership of files used by metrics_daemon. |
| chown -R metrics:metrics /var/lib/metrics \ |
| /var/log/vmlog || true |
| end script |
| |
| # Minijail flags |
| # -G Inherit supplementary groups from user metrics to have debugfs access. |
| # -l Enter a new IPC namespace. |
| # -n Set no_new_privs. |
| # -e Enter a new network namespace |
| # --uts Enter a new UTS namespace. |
| # -r Remount /proc read only. |
| # -v Enter a new mount namespace. |
| # -i Exit immediately after fork(2). The jailed process will run in the |
| # background. |
| # -T static Tells Minijail metrics is a static binary, locksdown pre-exec |
| # --profile=minimalistic-mountns Setup a mount namespace with some |
| # basic mountpoints. |
| # -b /dev (Read only) Needed by rootdev to read and determine |
| # containing device, block. |
| # -k /run Create /run in tmpfs to mount subdirectories required by metrics. |
| # -b /run/dbus (Read only) Required by metrics for dbus. |
| # -b /run/metrics (Read/ Write) Required by metrics for reading flags from |
| # other services, e.g. crash reporter, hammer, crouton. |
| # -b /run/systemd/journal (Read only) Required by metrics for logging data. |
| # -b /sys (Read only) Required by rootdev to read device/block metadata. |
| # -b /sys/kernel/debug/ (Read only) Required by metrics for GPU frequency info. |
| # -k /var Create /var in tmpfs to mount its subdirectories. |
| # -b /var/lib/metrics (Read/Write) Metrics stores persistent data files. |
| # which then are read for writing to metrics/uma-events. |
| # -b /var/log/vmlog (Read/Write) Metrics logs crash/error or any other |
| # daemon related messages in log/vmlogs. |
| |
| exec minijail0 \ |
| -u metrics -g metrics -G \ |
| -l -n -e -rvi --uts \ |
| -T static \ |
| --profile=minimalistic-mountns \ |
| -b /dev/ \ |
| -k '/run,/run,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \ |
| -b /run/dbus \ |
| -b /run/metrics,,1 \ |
| -b /run/systemd/journal \ |
| -b /sys/ \ |
| -b /sys/kernel/debug/ \ |
| -k '/var,/var,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \ |
| -b /var/lib/metrics,,1 \ |
| -b /var/log/vmlog,,1 \ |
| /usr/bin/metrics_daemon --nodaemon ${DAEMON_FLAGS} |