| # Copyright 2018 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Downloadable content service daemon" |
| author "chromium-os-dev@chromium.org" |
| |
| start on starting system-services |
| stop on stopping system-services |
| expect fork |
| respawn |
| respawn limit 3 10 # if the job respawns 3 times in 10 seconds, stop trying. |
| |
| pre-start script |
| # Initialize: |
| # -The DLC preload directory. |
| # -The DLC module image root directory. |
| # -The DLC metadata directory. |
| dlc_preload_path="/mnt/stateful_partition/var_overlay/cache/dlc-images" |
| if [ -d "${dlc_preload_path}" ]; then |
| chmod -R u+rwX,go+rX,go-w "${dlc_preload_path}" > /dev/null |
| chown -R dlcservice:dlcservice "${dlc_preload_path}" > /dev/null |
| fi |
| for dlc_path in "/var/cache/dlc" "/var/lib/dlcservice" |
| do |
| mkdir -p "${dlc_path}" |
| chmod -R u+rwX,go+rX,go-w "${dlc_path}" |
| chown -R dlcservice:dlcservice "${dlc_path}" |
| done |
| end script |
| |
| # -i Exit immediately after fork. |
| # -u Run as dlcservice user. |
| # -g Run as dlcservice group. |
| # -v Enter new mount namespace, allows to change mounts inside jail. |
| # -G Inherit supplementary groups from new uid. |
| # -n prevents the executable from gaining new privileges. |
| # -b /var/lib/metrics Mount with write permissions for uma metrics. |
| # -S Set seccomp filter using dlcservice-seccomp.policy. |
| exec minijail0 -i -u dlcservice -g dlcservice -v -G -n \ |
| -b /var/lib/metrics,,1 \ |
| -S /usr/share/policy/dlcservice-seccomp.policy /usr/sbin/dlcservice |
