| # Copyright 2018 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "CrosDns daemon for /etc/hosts modifications" |
| author "chromium-os-dev@chromium.org" |
| |
| # Starts the crosdns daemon which provides a service for making |
| # modifications to the /etc/hosts file. |
| start on starting vm_concierge |
| stop on stopped vm_concierge |
| respawn |
| |
| pre-start script |
| # Create the directory we use for storing our copy of /etc/hosts and then |
| # copy the existing version there as a baseline and bind mount it on top of |
| # the existing one. |
| mkdir -p -m 0755 /run/crosdns/ |
| chown crosdns:crosdns /run/crosdns/ |
| cp /etc/hosts /run/crosdns/hosts |
| chown crosdns:crosdns /run/crosdns/hosts |
| chmod 0644 /run/crosdns/hosts |
| mount -o bind /run/crosdns/ /etc/hosts.d |
| end script |
| |
| post-stop script |
| umount --lazy /etc/hosts.d |
| end script |
| |
| script |
| # Execute in a minijail with IPC, PID, UTS and mount namespaces, drop all |
| # caps, don't allow new privileges, change user/group to crosdns, and use |
| # the seccomp policy file. |
| exec minijail0 -l -p --uts -v -c 0 -n -u crosdns -g crosdns \ |
| -S /usr/share/policy/crosdns-seccomp.policy -- /usr/sbin/crosdns |
| end script |