| # Copyright 2018 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Start the seneschal service" |
| author "chromium-os-dev@chromium.org" |
| |
| # The file server uses O_PATH fds and so needs a higher limit than usual for the |
| # number of open files. |
| limit nofile 1024 262144 |
| |
| # Start the seneschal service, which acts as the steward of the user's /home. |
| start on starting vm_concierge |
| stop on stopped vm_concierge |
| respawn |
| expect fork |
| |
| pre-start script |
| # If the pre-start script fails, by default nothing gets written to |
| # the logs. Make sure we can find out what went wrong by |
| # re-directing stderr to a temp file and sending it to the syslog if |
| # we encounter an error. |
| tmp_log="$(mktemp)" |
| exec 2>"${tmp_log}" |
| dump_log() { |
| if [ $? != 0 ]; then |
| set +x |
| # Split up lines before calling logger to avoid running into line limits. |
| xargs -n 1 -d"\n" logger --tag "${UPSTART_JOB}" < "${tmp_log}" |
| fi |
| } |
| trap dump_log EXIT |
| set -x |
| |
| # Make sure the necessary kernel modules are loaded. |
| modprobe -q vhost-vsock |
| |
| # Create the runtime directory. |
| mkdir -p /run/seneschal |
| chown seneschal:seneschal /run/seneschal |
| |
| # Ensure arc mount point exists, even if arc is not running. |
| mkdir -p /run/arc/sdcard |
| |
| end script |
| |
| # Since we are in an unprivileged user namespace, all bind mounts require the |
| # MS_REC flag to also be set and bind mounting / recursively defeats the purpose |
| # of using pivot_root. Instead we use nested jails: one to set up the mounts |
| # and another to create the user namespace. /proc needs to be mounted read- |
| # write so that we can set the uid and gid maps. |
| # |
| # -Kslave is applied to propagate /media (drivefs and removable media), and |
| # /run/arc/sdcard (android) mounts into seneschal's mount namespace. |
| # |
| # Map uid/gid android-root (655360) and gid android-everybody (665357). |
| exec minijail0 -nplrvNiI --uts --profile=minimalistic-mountns \ |
| -Kslave \ |
| -b /dev/log,/dev/log,1 \ |
| -k 'proc,/proc,proc,MS_NOSUID|MS_NODEV|MS_NOEXEC' \ |
| -k 'run,/run,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC,mode=755,size=64M' \ |
| -b /run/dbus,/run/dbus,1 \ |
| -b /run/seneschal,/run/seneschal,1 \ |
| -k '/home,/home,none,MS_BIND|MS_REC' \ |
| -k '/media,/media,none,MS_BIND|MS_REC' \ |
| -k '/run/arc/sdcard,/run/arc/sdcard,none,MS_BIND|MS_REC' \ |
| -- /sbin/minijail0 -U -I -v -Kslave \ |
| -m"0 20114 1,20115 20115 1,1000 1000 1,655360 655360 1" \ |
| -M"0 20114 1,20115 20115 1,1000 1000 2,655360 655360 1,665357 665357 1" \ |
| -- /usr/bin/seneschal |
| |