| # Copyright 2017 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "ippusb manager daemon" |
| author "chromium-os-dev@chromium.org" |
| |
| # Start only on request. |
| start on socket PROTO=unix SOCKET_PATH=/run/ippusb/ippusb_manager.sock |
| |
| expect fork |
| |
| # Capabilities: CAP_SYS_ADMIN |
| # This capability is required because ippusb_manager is responsible for |
| # launching ippusb_bridge within a minijail. |
| # TODO(valleau): Add pid namespace once this bug is fixed crbug.com/802889 |
| exec minijail0 -u "ippusb" -g "ippusb" -G \ |
| -S "/usr/share/policy/ippusb-manager-seccomp.policy" -n --uts \ |
| -c cap_sys_admin=e --ambient -e -i -l -r -t -v -- "/usr/bin/ippusb_manager" |