| # Copyright (c) 2013 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Start the p2p server" |
| author "chromium-os-dev@chromium.org" |
| |
| # NOTE: this job is not automatically started on boot-up as it is |
| # expected to be started manually (e.g. "initctl start p2p" or |
| # similar) by software (such as the auto-update system) that |
| # wants to advertise or find content. |
| |
| env P2P_PORT=16725 |
| |
| # Stop the p2p service on stopping system services to ensure that it is not |
| # running during shutdown. |
| stop on stopping system-services |
| expect fork |
| respawn |
| |
| pre-start script |
| P2P_DIR=/var/cache/p2p |
| mkdir -p $P2P_DIR |
| chown root:root $P2P_DIR |
| chmod 755 $P2P_DIR |
| |
| # Ensure Avahi is running |
| initctl start avahi || true |
| |
| # Add a rule to the firewall to allow HTTP traffic except from the |
| # loopback interface (to prevent e.g. Chrome from connecting.) |
| iptables -I INPUT -i lo -p tcp --dport ${P2P_PORT} -j REJECT -w |
| ip6tables -I INPUT -i lo -p tcp --dport ${P2P_PORT} -j REJECT -w |
| iptables -A INPUT -p tcp --dport ${P2P_PORT} -j ACCEPT -w |
| ip6tables -A INPUT -p tcp --dport ${P2P_PORT} -j ACCEPT -w |
| end script |
| |
| exec minijail0 -u p2p -g p2p -i /usr/sbin/p2p-server --port=${P2P_PORT} |
| |
| post-stop script |
| # Delete the rules we previously added |
| iptables -D INPUT -p tcp --dport ${P2P_PORT} -j ACCEPT -w |
| ip6tables -D INPUT -p tcp --dport ${P2P_PORT} -j ACCEPT -w |
| iptables -D INPUT -i lo -p tcp --dport ${P2P_PORT} -j REJECT -w |
| ip6tables -D INPUT -i lo -p tcp --dport ${P2P_PORT} -j REJECT -w |
| end script |