| # Copyright 2020 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Create ARC data directories for the user" |
| author "chromium-os-dev@chromium.org" |
| |
| start on starting arcvm-post-login-services |
| stop on stopping arcvm-post-login-services |
| |
| # Use 'never' since terminating this job fails ARC to start. |
| oom score never |
| task |
| |
| import CHROMEOS_USER |
| |
| env ANDROID_MUTABLE_SOURCE=/run/arcvm/android-data/mount |
| |
| pre-start script |
| CHROMEOS_USER_HOME=$(cryptohome-path system "${CHROMEOS_USER}") |
| if [ ! -d "${CHROMEOS_USER_HOME}" ]; then |
| logger -t "${UPSTART_JOB}" \ |
| "User home ${CHROMEOS_USER_HOME} does not exist" |
| exit 1 |
| fi |
| mount --bind ${CHROMEOS_USER_HOME} /run/arcvm/userhome |
| # Enter mnt_concierge namespace then launch arc-create-data. This namespace |
| # is created by vm_concierge.conf, so Concierge must be running in order for |
| # nsenter to succeed. This relies on ArcVmClientAdapter in Chrome to ensure |
| # that Concierge is started before arc-create-data. |
| exec nsenter --mount=/run/namespaces/mnt_concierge --no-fork \ |
| -- /sbin/minijail0 \ |
| -c 'cap_dac_override,cap_dac_read_search,cap_chown,cap_fowner,cap_sys_admin+eip' \ |
| --profile=minimalistic-mountns --uts -e -l -p -N -K -v \ |
| -b /home \ |
| -k "/run/arcvm/userhome,${CHROMEOS_USER_HOME},none,MS_BIND|MS_REC" \ |
| -k "tmpfs,/run,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC" \ |
| -k '/run/arcvm,/run/arcvm,none,MS_BIND|MS_REC' \ |
| -- /usr/sbin/arc-create-data --log_tag=arc-create-data |
| end script |
| |
| # This is needed to ensure this job doesn't remain in the started state. |
| exec /bin/true |
| |
| post-stop script |
| if mountpoint -q /run/arcvm/userhome; then |
| umount /run/arcvm/userhome |
| fi |
| end script |
