| # Copyright 2017 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Start the VM concierge service" |
| author "chromium-os-dev@chromium.org" |
| |
| # Start the VM concierge service, which is responsible for managing all the |
| # VMs running in the system. |
| |
| # If we are using plugin VMs then we will start concierge together with the |
| # dispatcher, otherwise concierge will be started explicitly. |
| start on starting vmplugin_dispatcher |
| stop on stopping ui |
| respawn |
| expect fork |
| |
| # Force gRPC to use poll instead of epoll. |
| # TODO(crbug.com/987390): Remove once epoll1 poller is removed or fixed. |
| env GRPC_POLL_STRATEGY=poll |
| |
| # Force gRPC to use the native resolver instead of ares. |
| # TODO(crbug.com/1044665): Remove once gRPC doesn't use ares resolver for vsock. |
| env GRPC_DNS_RESOLVER=native |
| |
| # Give any running VMs enough time to attempt an orderly shutdown. |
| kill timeout 30 |
| |
| # The virtio-fs device opens a lot of fds and so the whole process tree needs a |
| # much higher limit. |
| limit nofile 1024 262144 |
| |
| # Give rtprio to vms to set threads to real-time priority. |
| # 10 is for audio client threads in AC'97 device. |
| limit rtprio 10 10 |
| |
| pre-start script |
| # Make sure the vsock module is loaded. |
| modprobe -q vhost-vsock |
| |
| # Create the runtime directory. |
| mkdir -p /run/vm |
| chown crosvm:crosvm /run/vm |
| |
| # Create the directory for mojo proxy. |
| mkdir -p /run/arcvm/mojo |
| chmod 770 /run/arcvm/mojo |
| chown crosvm:crosvm /run/arcvm/mojo |
| |
| # Create the directory for android-data bind mount. |
| mkdir -p /run/arcvm/android-data |
| chown crosvm:crosvm /run/arcvm/android-data |
| |
| # Create the runtime directory for plugin VMs. |
| mkdir -p /run/pvm |
| chmod 770 /run/pvm |
| chown pluginvm:crosvm /run/pvm |
| |
| # Create the cicerone runtime directory, we need to do this here because it |
| # has to be mounted into the namespace for concierge. |
| mkdir -p /run/vm_cicerone |
| chown vm_cicerone:vm_cicerone /run/vm_cicerone |
| |
| # Create the directory for UNIX socket communication with plugin VMs. |
| mkdir -p /run/vm_cicerone/client |
| chmod 770 /run/vm_cicerone/client |
| chown vm_cicerone:crosvm /run/vm_cicerone/client |
| |
| # Create the directory for various services that we need to mount in |
| # concierge's namespace. Individual service scripts will adjust ownership |
| # and permissions as needed. |
| mkdir -p /run/camera /run/cups_proxy |
| |
| # Create persistent mount namespace at /run/namespaces/mnt_concierge and |
| # make /run/arcvm a shared mountpoint in that namespace. |
| touch /run/namespaces/mnt_concierge |
| unshare --mount=/run/namespaces/mnt_concierge --propagation unchanged \ |
| -- bash -c \ |
| "mount --bind /run/arcvm /run/arcvm && mount --make-shared /run/arcvm" |
| |
| if crossystem "cros_debug?1"; then |
| touch /run/vm/dev_mode |
| else |
| rm -f /run/vm/dev_mode |
| fi |
| end script |
| |
| # Allow the following capabilities: |
| # |
| # CAP_SETGID for allowing mapping additional gids in user namespaces |
| # of jailed children. It will be added to the ambient set |
| # by concierge |
| # |
| # /proc is also remounted read-write because crosvm needs to be able to set the |
| # uid_map and gid_map for its child processes and that needs a writable /proc. |
| # |
| # The following mount flags are used below: |
| # MS_BIND = 0x1000 |
| # MS_REC = 0x4000 |
| # |
| # -Kslave is applied to propagate imageloader mounts into concierge's mount |
| # namespace. |
| |
| script |
| gpu_args="" |
| set -- |
| if [ -c "/dev/mali0" ]; then |
| set -- "$@" -b /dev/mali0,,1 |
| fi |
| if [ -c "/dev/pvr_sync" ]; then |
| set -- "$@" -b /dev/pvr_sync,,1 |
| fi |
| # (crbug.com/892806): remove check when udmabuf is built for all target kernels. |
| if [ -c "/dev/udmabuf" ]; then |
| set -- "$@" -b /dev/udmabuf,,1 |
| fi |
| if [ -f /run/vm/dev_mode -a -d /usr/local/vms ]; then |
| set -- "$@" -k 'local,/usr/local,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC' |
| set -- "$@" -b /usr/local/vms,,1 |
| fi |
| |
| exec nsenter --mount=/run/namespaces/mnt_concierge --no-fork \ |
| -- minijail0 -nplrvd -t -i -I --uts \ |
| -u crosvm -g crosvm -G \ |
| -c 'cap_setuid,cap_setgid+eip' \ |
| --ambient \ |
| -Kslave \ |
| -P /mnt/empty \ |
| -b /,/ \ |
| -k 'proc,/proc,proc,MS_NOSUID|MS_NODEV|MS_NOEXEC' \ |
| -b /sys,/sys \ |
| -k 'tmpfs,/sys/fs/cgroup,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \ |
| -b /sys/fs/cgroup/cpu,,1 \ |
| -b /dev/chromeos-low-mem \ |
| -b /dev/log,/dev/log,1 \ |
| -b /dev/kvm,/dev/kvm,1 \ |
| -b /dev/net,/dev/net,1 \ |
| -b /dev/vhost-vsock,/dev/vhost-vsock,1 \ |
| -b /dev/dri,/dev/dri,1 \ |
| "$@" \ |
| -k 'run,/run,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC' \ |
| -b /run/camera/,,1 \ |
| -b /run/chrome,/run/chrome,1 \ |
| -b /run/cras/vms,/run/cras,1 \ |
| -b /run/cups_proxy,,1 \ |
| -b /run/dbus,/run/dbus,1 \ |
| -b /run/pvm,,1 \ |
| -b /run/vm,/run/vm,1 \ |
| -b /run/vm_cicerone/client,/run/vm_cicerone/client,1 \ |
| -k /run/imageloader,/run/imageloader,none,0x5000 \ |
| -k 'var,/var,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC' \ |
| -b /var/lib/timezone \ |
| -k '/run/daemon-store/crosvm,/run/daemon-store/crosvm,none,MS_BIND|MS_REC' \ |
| -k '/run/daemon-store/pvm,/run/daemon-store/pvm,none,MS_BIND|MS_REC' \ |
| -k '/run/arcvm,/run/arcvm,none,MS_BIND|MS_REC' \ |
| -- /usr/bin/vm_concierge |
| end script |
| |
| post-stop script |
| if mountpoint -q /run/namespaces/mnt_concierge; then |
| umount /run/namespaces/mnt_concierge |
| fi |
| end script |