blob: dedc7b2aafeff72648d1d3a6c8826d9b09f28501 [file] [log] [blame]
# Copyright 2018 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
description "Start the seneschal service"
author ""
# The file server uses O_PATH fds and so needs a higher limit than usual for the
# number of open files.
limit nofile 1024 262144
# Start the seneschal service, which acts as the steward of the user's /home.
start on starting vm_concierge
stop on stopped vm_concierge
expect fork
pre-start script
# Make sure the necessary kernel modules are loaded.
modprobe -q vhost-vsock
# Create the runtime directory.
mkdir -p /run/seneschal
chown seneschal:seneschal /run/seneschal
# Ensure arc mount point exists, even if arc is not running.
mkdir -p /run/arc/sdcard
end script
# Since we are in an unprivileged user namespace, all bind mounts require the
# MS_REC flag to also be set and bind mounting / recursively defeats the purpose
# of using pivot_root. Instead we use nested jails: one to set up the mounts
# and another to create the user namespace. /proc needs to be mounted read-
# write so that we can set the uid and gid maps.
# -Kslave is applied to propagate /media (drivefs and removable media), and
# /run/arc/sdcard (android) mounts into seneschal's mount namespace.
# Map uid/gid android-root (655360) and gid android-everybody (665357).
exec minijail0 -nplrvNiI --uts --profile=minimalistic-mountns \
-Kslave \
-b /dev/log,/dev/log,1 \
-k 'proc,/proc,proc,MS_NOSUID|MS_NODEV|MS_NOEXEC' \
-k 'run,/run,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC,mode=755,size=64M' \
-b /run/dbus,/run/dbus,1 \
-b /run/seneschal,/run/seneschal,1 \
-k '/home,/home,none,MS_BIND|MS_REC' \
-k '/media,/media,none,MS_BIND|MS_REC' \
-k '/run/arc/sdcard,/run/arc/sdcard,none,MS_BIND|MS_REC' \
-- /sbin/minijail0 -U -I -v -Kslave \
-m"0 20114 1,20115 20115 1,1000 1000 1,655360 655360 1" \
-M"0 20114 1,20115 20115 1,1000 1000 2,655360 655360 1,665357 665357 1" \
-- /usr/bin/seneschal