| # Copyright 2020 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Handle any necessary ARC upgrades" |
| author "chromium-os-dev@chromium.org" |
| |
| start on starting arcvm-post-login-services |
| stop on stopping ui or stopping arcvm-post-login-services |
| |
| # Use 'never' since terminating this job fails ARC to start. |
| oom score never |
| task |
| |
| import CHROMEOS_USER |
| |
| pre-start script |
| CHROMEOS_USER_HOME=$(cryptohome-path system "${CHROMEOS_USER}") |
| if [ ! -d "${CHROMEOS_USER_HOME}" ]; then |
| logger -t "${UPSTART_JOB}" \ |
| "User home ${CHROMEOS_USER_HOME} does not exist" |
| exit 1 |
| fi |
| |
| exec /sbin/minijail0 \ |
| -c 'cap_dac_override,cap_dac_read_search,cap_chown,cap_fowner+eip' \ |
| --profile=minimalistic-mountns --uts -e -l -p -N -K -v \ |
| -b /home \ |
| -k "${CHROMEOS_USER_HOME},${CHROMEOS_USER_HOME},none,MS_BIND|MS_REC" \ |
| -k "tmpfs,/run,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC" \ |
| -k '/run/arcvm,/run/arcvm,none,MS_BIND|MS_REC' \ |
| -k 'tmpfs,/var,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC' \ |
| -k '/var/lib/metrics,/var/lib/metrics,none,MS_BIND|MS_REC' \ |
| -- /usr/sbin/arc-handle-upgrade --log_tag=arc-handle-upgrade |
| end script |
| |
| # This is needed to ensure this job doesn't remain in the started state. |
| exec /bin/true |
