| # Copyright 2020 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Start the boot notification server for arcvm" |
| author "chromium-os-dev@chromium.org" |
| |
| # This job is started by Chrome. |
| stop on stopping ui |
| |
| # The server does work after receiving SIGTERM (sending commands to client over |
| # the socket), so allow time for that to happen. |
| kill timeout 10 |
| |
| # Let the process be killed if necessary. |
| oom score 0 |
| # Virtual memory size is ~16M in test runs, set 160M limit. |
| limit as 167772160 unlimited |
| |
| pre-start script |
| modprobe -q vhost-vsock |
| # Create runtime socket directory. |
| rm -rf /run/arcvm_boot_notification_server |
| mkdir -m 733 -p /run/arcvm_boot_notification_server |
| chown arcvm-boot-notification-server:arcvm-boot-notification-server \ |
| /run/arcvm_boot_notification_server |
| end script |
| |
| exec minijail0 \ |
| --profile=minimalistic-mountns \ |
| -k "tmpfs,/run,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC" \ |
| -b /run/arcvm_boot_notification_server,,1 \ |
| --uts -e -l -N -n -v -r -l -p -c 0 -w \ |
| -S /usr/share/policy/arcvm_boot_notification_server-seccomp.policy \ |
| -u arcvm-boot-notification-server -g arcvm-boot-notification-server \ |
| /usr/sbin/arcvm_boot_notification_server |
| |
| post-stop exec rm -rf /run/arcvm_boot_notification_server |