blob: a079f6f6a1d32c8f46a113d5d5c22f716e030ef6 [file] [log] [blame]
# Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
description "Metrics collection daemon"
author "chromium-os-dev@chromium.org"
# The metrics daemon is responsible for receiving and forwarding to
# chrome UMA statistics not produced by chrome.
# Wait for the crash reporter to check whether the previous session
# ended abnormally.
start on stopped crash-boot-collect
stop on stopping system-services
respawn
# metrics will update the next line to add -uploader for embedded builds.
env DAEMON_FLAGS=""
# Make the metrics daemon killable, because if it has a leak it's better to
# restart it than to OOM-panic.
oom score 0
# Let the daemon crash if it grows too much. "as" is "address space" (vm
# size). We expect a typical VM size of about 30MB for the daemon.
limit as 150000000 unlimited
expect fork
pre-start script
# We do not want to give write permission to the entire log or lib directory
# it is better to create (if doesn't exist) vmlog used by vmlog_writer
# /var/lib/metrics is used to store persistent data.
mkdir -p /var/log/vmlog /var/lib/metrics
# Change ownership of files used by metrics_daemon.
chown -R metrics:metrics /var/lib/metrics \
/var/log/vmlog || true
end script
# Minijail flags
# -G Inherit supplementary groups from user metrics to have debugfs access.
# -l Enter a new IPC namespace.
# -n Set no_new_privs.
# -e Enter a new network namespace
# --uts Enter a new UTS namespace.
# -r Remount /proc read only.
# -v Enter a new mount namespace.
# -i Exit immediately after fork(2). The jailed process will run in the
# background.
# -T static Tells Minijail metrics is a static binary, locksdown pre-exec
# --profile=minimalistic-mountns Setup a mount namespace with some
# basic mountpoints.
# -b /dev (Read only) Needed by rootdev to read and determine
# containing device, block.
# -k /run Create /run in tmpfs to mount subdirectories required by metrics.
# -b /run/dbus (Read only) Required by metrics for dbus.
# -b /run/metrics (Read/ Write) Required by metrics for reading flags from
# other services, e.g. crash reporter, hammer, crouton.
# -b /run/systemd/journal (Read only) Required by metrics for logging data.
# -b /sys (Read only) Required by rootdev to read device/block metadata.
# -b /sys/kernel/debug/ (Read only) Required by metrics for GPU frequency info.
# -k /var Create /var in tmpfs to mount its subdirectories.
# -b /var/lib/metrics (Read/Write) Metrics stores persistent data files.
# which then are read for writing to metrics/uma-events.
# -b /var/log/vmlog (Read/Write) Metrics logs crash/error or any other
# daemon related messages in log/vmlogs.
exec minijail0 \
-u metrics -g metrics -G \
-l -n -e -rvi --uts \
-T static \
--profile=minimalistic-mountns \
-b /dev/ \
-k '/run,/run,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \
-b /run/dbus \
-b /run/metrics,,1 \
-b /run/systemd/journal \
-b /sys/ \
-b /sys/kernel/debug/ \
-k '/var,/var,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \
-b /var/lib/metrics,,1 \
-b /var/log/vmlog,,1 \
/usr/bin/metrics_daemon --nodaemon ${DAEMON_FLAGS}