bluetooth/init/upstart/btdispatch.conf - mirrors/cros/chromiumos/platform2 - Git at Google

 # Copyright 2018 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 description   "Start the Chromium OS Bluetooth daemon"
 author        "chromium-os-dev@chromium.org"

 env seccomp_flags="-S /usr/share/policy/btdispatch-seccomp.policy"
 env BLUETOOTH_LIBDIR=/var/lib/bluetooth

 start on started system-services
 stop on stopping system-services
 respawn

 pre-start script
   mkdir -p -m 0750 "${BLUETOOTH_LIBDIR}"
   chown -R bluetooth:bluetooth "${BLUETOOTH_LIBDIR}"
 end script

 # Minijail actually forks off our desired process.
 expect fork

 # Add modules here in --vmodule format for debugging.
 env VMODULE_ARG=

 # -u bluetooth changes user.
 # -g bluetooth changes group.
 # -G inherit bluetooth's supplementary groups.
 # -i makes sure minijail0 exits right away and won't block upstart.
 # -n prevents that execve gains privileges, required for seccomp filters.
 # -l creates IPC namespace (isolates System V IPC objects/POSIX message queues).
 # -p creates PID namespace (process won't see any other processes).
 # -v enters new mount namespace, allows to change mounts inside jail.
 # -r remounts /proc read-only (prevents any messing with it).
 # -t creates new, empty tmp directory (technically, mounts tmpfs).
 # --uts enters a new UTS namespace.
 # -e enters new network namespace.
 # --profile minimalistic-mountns sets up minimalistic mount namespace.
 # -k /run,/run,tmpfs,... mounts tmpfs at /run
 # -k /var,/var,tmpfs,... mounts tmpfs at /var
 # -k /sys,/sys,tmpfs... mounts tmpfs at /sys
 # -b /run/chromeos-config/v1 is required to access chromeos-config.
 # -b /dev/log,/dev/log,1 is required for syslog.
 # -b /run/dbus mount read-only, required for D-Bus.
 # -b /var/lib/bluetooth allows read-write access to config files.
 # -b /sys/devices/virtual/dmi/id is required for chromeos-config on x86
 # -b /sys/firmware/devicetree is required for chromeos-config on arm
 script

   set --

   if [ -e /sys/devices/virtual/dmi/id ]; then
     set -- "$@" -b /sys/devices/virtual/dmi/id
   fi

   if [ -e /sys/firmware/devicetree ]; then
     set -- "$@" -b /sys/firmware/devicetree
   fi

   exec minijail0 -u bluetooth -g bluetooth -G -i -n -l -p -v -r -t --uts -e \
       --profile minimalistic-mountns \
       -k '/run,/run,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \
       -k '/var,/var,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \
       -k '/sys,/sys,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \
       -b /run/chromeos-config/v1 \
       -b /dev/log,/dev/log,1 -b /run/dbus -b /var/lib/bluetooth,,1 \
       "$@" \
       ${seccomp_flags} \
       -- \
       /usr/bin/btdispatch \
       --vmodule="${VMODULE_ARG}"

 end script
	# Copyright 2018 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	description "Start the Chromium OS Bluetooth daemon"
	author "chromium-os-dev@chromium.org"

	env seccomp_flags="-S /usr/share/policy/btdispatch-seccomp.policy"
	env BLUETOOTH_LIBDIR=/var/lib/bluetooth

	start on started system-services
	stop on stopping system-services
	respawn

	pre-start script
	mkdir -p -m 0750 "${BLUETOOTH_LIBDIR}"
	chown -R bluetooth:bluetooth "${BLUETOOTH_LIBDIR}"
	end script

	# Minijail actually forks off our desired process.
	expect fork

	# Add modules here in --vmodule format for debugging.
	env VMODULE_ARG=

	# -u bluetooth changes user.
	# -g bluetooth changes group.
	# -G inherit bluetooth's supplementary groups.
	# -i makes sure minijail0 exits right away and won't block upstart.
	# -n prevents that execve gains privileges, required for seccomp filters.
	# -l creates IPC namespace (isolates System V IPC objects/POSIX message queues).
	# -p creates PID namespace (process won't see any other processes).
	# -v enters new mount namespace, allows to change mounts inside jail.
	# -r remounts /proc read-only (prevents any messing with it).
	# -t creates new, empty tmp directory (technically, mounts tmpfs).
	# --uts enters a new UTS namespace.
	# -e enters new network namespace.
	# --profile minimalistic-mountns sets up minimalistic mount namespace.
	# -k /run,/run,tmpfs,... mounts tmpfs at /run
	# -k /var,/var,tmpfs,... mounts tmpfs at /var
	# -k /sys,/sys,tmpfs... mounts tmpfs at /sys
	# -b /run/chromeos-config/v1 is required to access chromeos-config.
	# -b /dev/log,/dev/log,1 is required for syslog.
	# -b /run/dbus mount read-only, required for D-Bus.
	# -b /var/lib/bluetooth allows read-write access to config files.
	# -b /sys/devices/virtual/dmi/id is required for chromeos-config on x86
	# -b /sys/firmware/devicetree is required for chromeos-config on arm
	script

	set --

	if [ -e /sys/devices/virtual/dmi/id ]; then
	set -- "$@" -b /sys/devices/virtual/dmi/id
	fi

	if [ -e /sys/firmware/devicetree ]; then
	set -- "$@" -b /sys/firmware/devicetree
	fi

	exec minijail0 -u bluetooth -g bluetooth -G -i -n -l -p -v -r -t --uts -e \
	--profile minimalistic-mountns \
	-k '/run,/run,tmpfs,MS_NODEV\|MS_NOEXEC\|MS_NOSUID,mode=755,size=10M' \
	-k '/var,/var,tmpfs,MS_NODEV\|MS_NOEXEC\|MS_NOSUID,mode=755,size=10M' \
	-k '/sys,/sys,tmpfs,MS_NODEV\|MS_NOEXEC\|MS_NOSUID,mode=755,size=10M' \
	-b /run/chromeos-config/v1 \
	-b /dev/log,/dev/log,1 -b /run/dbus -b /var/lib/bluetooth,,1 \
	"$@" \
	${seccomp_flags} \
	-- \
	/usr/bin/btdispatch \
	--vmodule="${VMODULE_ARG}"

	end script