metrics/init/metrics_daemon.conf - mirrors/cros/chromiumos/platform2 - Git at Google

 # Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 description     "Metrics collection daemon"
 author          "chromium-os-dev@chromium.org"

 # The metrics daemon is responsible for receiving and forwarding to
 # chrome UMA statistics not produced by chrome.

 # Wait for the crash reporter to check whether the previous session
 # ended abnormally.
 start on stopped crash-boot-collect
 stop on stopping system-services
 respawn

 # metrics will update the next line to add -uploader for embedded builds.
 env DAEMON_FLAGS=""

 # Make the metrics daemon killable, because if it has a leak it's better to
 # restart it than to OOM-panic.
 oom score 0
 # Let the daemon crash if it grows too much.  "as" is "address space" (vm
 # size).  We expect a typical VM size of about 30MB for the daemon.
 limit as 150000000 unlimited

 expect fork
 pre-start script
   # Remove metrics_daemon files with bad permissions. systemd-tmpfiles will not
   # correct the permissions and ownership
   # (https://github.com/systemd/systemd/issues/19618), so the easiest thing to
   # do is delete the files and let metrics_daemon recreate the files with the
   # correct owner/permission.
   (/usr/bin/find /var/lib/metrics \( -name 'Platform.*' -o -name '*.cycle' \) \
    \( -not -user metrics -o -not -group metrics -o -not -perm 644 \) \
    -delete -print 2>&1 | logger -t metrics-init-cleanup) || true
 end script

 # Minijail flags
 # -G    Inherit supplementary groups from user metrics to have debugfs access.
 # -l    Enter a new IPC namespace.
 # -n    Set no_new_privs.
 # -e    Enter a new network namespace
 # -N    Enter a new cgroup namesapce.
 # --uts    Enter a new UTS namespace.
 # -r    Remount /proc read only.
 # -v    Enter a new mount namespace.
 # -i    Exit immediately after fork(2). The jailed process will run in the
 #       background.
 # -T static    Tells Minijail metrics is a static binary, locksdown pre-exec
 # --profile=minimalistic-mountns    Setup a mount namespace with some
 #                                   basic mountpoints.
 # -b /dev    (Read only) Needed by rootdev to read and determine
 #             containing device, block.
 # -k /run    Create /run in tmpfs to mount subdirectories required by metrics.
 # -b /run/containers    (Read only) Required for collecting ARC++ metrics.
 #                        login_manager/init/scripts/ui-pre-start creates the
 #                        directory at the very early stage of the boot.
 # -b /run/dbus    (Read only) Required by metrics for dbus.
 # -b /run/metrics    (Read/ Write) Required by metrics for reading flags from
 #                     other services, e.g. crash reporter, hammer, crouton.
 # -b /sys    (Read only) Required by rootdev to read device/block metadata.
 # -b /sys/kernel/debug/ (Read only) Required by metrics for GPU frequency info.
 # -k /var    Create /var in tmpfs to mount its subdirectories.
 # -b /var/lib/metrics    (Read/Write) Metrics stores persistent data files.
 #                        which then are read for writing to metrics/uma-events.
 # -b /var/log/vmlog    (Read/Write) Metrics logs crash/error or any other
 #                      daemon related messages in log/vmlogs.

 exec minijail0 \
   -u metrics -g metrics -G \
   -l -n -e -N -rvi --uts \
   -T static \
   --profile=minimalistic-mountns \
   -b /dev/ \
   -k '/run,/run,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \
   -b /run/containers \
   -b /run/dbus \
   -b /run/metrics,,1 \
   -b /sys/ \
   -b /sys/kernel/debug/ \
   -k '/var,/var,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \
   -b /var/lib/metrics,,1 \
   -b /var/log/vmlog,,1 \
   /usr/bin/metrics_daemon --nodaemon ${DAEMON_FLAGS}
	# Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	description "Metrics collection daemon"
	author "chromium-os-dev@chromium.org"

	# The metrics daemon is responsible for receiving and forwarding to
	# chrome UMA statistics not produced by chrome.

	# Wait for the crash reporter to check whether the previous session
	# ended abnormally.
	start on stopped crash-boot-collect
	stop on stopping system-services
	respawn

	# metrics will update the next line to add -uploader for embedded builds.
	env DAEMON_FLAGS=""

	# Make the metrics daemon killable, because if it has a leak it's better to
	# restart it than to OOM-panic.
	oom score 0
	# Let the daemon crash if it grows too much. "as" is "address space" (vm
	# size). We expect a typical VM size of about 30MB for the daemon.
	limit as 150000000 unlimited

	expect fork
	pre-start script
	# Remove metrics_daemon files with bad permissions. systemd-tmpfiles will not
	# correct the permissions and ownership
	# (https://github.com/systemd/systemd/issues/19618), so the easiest thing to
	# do is delete the files and let metrics_daemon recreate the files with the
	# correct owner/permission.
	(/usr/bin/find /var/lib/metrics \( -name 'Platform.' -o -name '.cycle' \) \
	\( -not -user metrics -o -not -group metrics -o -not -perm 644 \) \
	-delete -print 2>&1 \| logger -t metrics-init-cleanup) \|\| true
	end script

	# Minijail flags
	# -G Inherit supplementary groups from user metrics to have debugfs access.
	# -l Enter a new IPC namespace.
	# -n Set no_new_privs.
	# -e Enter a new network namespace
	# -N Enter a new cgroup namesapce.
	# --uts Enter a new UTS namespace.
	# -r Remount /proc read only.
	# -v Enter a new mount namespace.
	# -i Exit immediately after fork(2). The jailed process will run in the
	# background.
	# -T static Tells Minijail metrics is a static binary, locksdown pre-exec
	# --profile=minimalistic-mountns Setup a mount namespace with some
	# basic mountpoints.
	# -b /dev (Read only) Needed by rootdev to read and determine
	# containing device, block.
	# -k /run Create /run in tmpfs to mount subdirectories required by metrics.
	# -b /run/containers (Read only) Required for collecting ARC++ metrics.
	# login_manager/init/scripts/ui-pre-start creates the
	# directory at the very early stage of the boot.
	# -b /run/dbus (Read only) Required by metrics for dbus.
	# -b /run/metrics (Read/ Write) Required by metrics for reading flags from
	# other services, e.g. crash reporter, hammer, crouton.
	# -b /sys (Read only) Required by rootdev to read device/block metadata.
	# -b /sys/kernel/debug/ (Read only) Required by metrics for GPU frequency info.
	# -k /var Create /var in tmpfs to mount its subdirectories.
	# -b /var/lib/metrics (Read/Write) Metrics stores persistent data files.
	# which then are read for writing to metrics/uma-events.
	# -b /var/log/vmlog (Read/Write) Metrics logs crash/error or any other
	# daemon related messages in log/vmlogs.

	exec minijail0 \
	-u metrics -g metrics -G \
	-l -n -e -N -rvi --uts \
	-T static \
	--profile=minimalistic-mountns \
	-b /dev/ \
	-k '/run,/run,tmpfs,MS_NODEV\|MS_NOEXEC\|MS_NOSUID,mode=755,size=10M' \
	-b /run/containers \
	-b /run/dbus \
	-b /run/metrics,,1 \
	-b /sys/ \
	-b /sys/kernel/debug/ \
	-k '/var,/var,tmpfs,MS_NODEV\|MS_NOEXEC\|MS_NOSUID,mode=755,size=10M' \
	-b /var/lib/metrics,,1 \
	-b /var/log/vmlog,,1 \
	/usr/bin/metrics_daemon --nodaemon ${DAEMON_FLAGS}