init/upstart/journald.conf - mirrors/cros/chromiumos/platform2 - Git at Google

 # Copyright 2018 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 description      "systemd-journald"
 author           "chromium-os-dev@chromium.org"

 start on starting boot-services
 stop on stopping boot-services

 expect fork
 respawn

 pre-start script
   # File mode includes group write permission to allow rsyslogd to create its
   # socket. The directory group is root; syslog starts as root, and only after
   # initialization switches to the syslog user.
   mkdir -m 0775 -p /run/systemd/journal
   mkdir -p /run/systemd/journal/pids

   chown -R syslog /run/systemd/journal

   mkdir -p /run/log
   chown syslog /run/log

   ln -sf /run/systemd/journal/dev-log /dev/log
 end script

 # Upstart has limitation on how it can track daemon readiness.  See this report
 # for more details: https://crbug.com/702794#27. net_poll_tool allows us to
 # emit the started event only after the socket is ready.
 # /run/systemd/journal/socket is the last socket created by journald.
 #
 # We don't use a pid namespace because it breaks journald's ability to log the
 # remote pid. We don't use a network namespace because journald needs to read
 # from the audit netlink socket.
 #
 # CAP_SYS_PTRACE is required to read /proc/<PID>/exe.
 # We aren't going to give that capability to journald due to security concerns.
 exec minijail0 -T static --ambient \
                -u syslog -g syslog -c 'cap_syslog,cap_audit_read+e' \
                -i -l --uts -f /run/systemd-journald.pid \
                -v -P /mnt/empty -b / -b /proc -t -r --mount-dev \
                -b /dev/kmsg,,1 \
                -k 'run,/run,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC' \
                -b /run/systemd,,1 \
                -b /run/log,,1 \
                -k 'var,/var,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC' \
                -b /var/log,,1 \
                 /usr/lib/systemd/systemd-journald

 post-start script
   # The timeout is high, but it should never be hit unless there's a serious
   # problem, in which case we want to fall over anyways.  We can't set it too
   # low because we also run in slow environments like VMs.
   net_poll_tool --timeout=60 --unix_socket=/run/systemd/journal/socket

   # This is needed to flush the journal to persistent storage
   pkill -SIGUSR1 --pidfile /run/systemd-journald.pid
 end script

 post-stop script
   rm /dev/log || true
   rm /run/systemd-journald.pid || true
 end script
	# Copyright 2018 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	description "systemd-journald"
	author "chromium-os-dev@chromium.org"

	start on starting boot-services
	stop on stopping boot-services

	expect fork
	respawn

	pre-start script
	# File mode includes group write permission to allow rsyslogd to create its
	# socket. The directory group is root; syslog starts as root, and only after
	# initialization switches to the syslog user.
	mkdir -m 0775 -p /run/systemd/journal
	mkdir -p /run/systemd/journal/pids

	chown -R syslog /run/systemd/journal

	mkdir -p /run/log
	chown syslog /run/log

	ln -sf /run/systemd/journal/dev-log /dev/log
	end script

	# Upstart has limitation on how it can track daemon readiness. See this report
	# for more details: https://crbug.com/702794#27. net_poll_tool allows us to
	# emit the started event only after the socket is ready.
	# /run/systemd/journal/socket is the last socket created by journald.
	#
	# We don't use a pid namespace because it breaks journald's ability to log the
	# remote pid. We don't use a network namespace because journald needs to read
	# from the audit netlink socket.
	#
	# CAP_SYS_PTRACE is required to read /proc/<PID>/exe.
	# We aren't going to give that capability to journald due to security concerns.
	exec minijail0 -T static --ambient \
	-u syslog -g syslog -c 'cap_syslog,cap_audit_read+e' \
	-i -l --uts -f /run/systemd-journald.pid \
	-v -P /mnt/empty -b / -b /proc -t -r --mount-dev \
	-b /dev/kmsg,,1 \
	-k 'run,/run,tmpfs,MS_NOSUID\|MS_NODEV\|MS_NOEXEC' \
	-b /run/systemd,,1 \
	-b /run/log,,1 \
	-k 'var,/var,tmpfs,MS_NOSUID\|MS_NODEV\|MS_NOEXEC' \
	-b /var/log,,1 \
	/usr/lib/systemd/systemd-journald

	post-start script
	# The timeout is high, but it should never be hit unless there's a serious
	# problem, in which case we want to fall over anyways. We can't set it too
	# low because we also run in slow environments like VMs.
	net_poll_tool --timeout=60 --unix_socket=/run/systemd/journal/socket

	# This is needed to flush the journal to persistent storage
	pkill -SIGUSR1 --pidfile /run/systemd-journald.pid
	end script

	post-stop script
	rm /dev/log \|\| true
	rm /run/systemd-journald.pid \|\| true
	end script