blob: 1a416e5e578c6b930a52e82735a0d1a7f97ed8b3 [file] [log] [blame]
# Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
description "Metrics collection daemon"
author ""
# The metrics daemon is responsible for receiving and forwarding to
# chrome UMA statistics not produced by chrome.
# Wait for the crash reporter to check whether the previous session
# ended abnormally.
start on stopped crash-boot-collect
stop on stopping system-services
# metrics will update the next line to add -uploader for embedded builds.
# Make the metrics daemon killable, because if it has a leak it's better to
# restart it than to OOM-panic.
oom score 0
# Let the daemon crash if it grows too much. "as" is "address space" (vm
# size). We expect a typical VM size of about 30MB for the daemon.
limit as 150000000 unlimited
expect fork
pre-start script
# Remove metrics_daemon files with bad permissions. systemd-tmpfiles will not
# correct the permissions and ownership
# (, so the easiest thing to
# do is delete the files and let metrics_daemon recreate the files with the
# correct owner/permission.
(/usr/bin/find /var/lib/metrics \( -name 'Platform.*' -o -name '*.cycle' \) \
\( -not -user metrics -o -not -group metrics -o -not -perm 644 \) \
-delete -print 2>&1 | logger -t metrics-init-cleanup) || true
end script
# Minijail flags
# -G Inherit supplementary groups from user metrics to have debugfs access.
# -l Enter a new IPC namespace.
# -n Set no_new_privs.
# -e Enter a new network namespace
# -N Enter a new cgroup namesapce.
# --uts Enter a new UTS namespace.
# -r Remount /proc read only.
# -v Enter a new mount namespace.
# -i Exit immediately after fork(2). The jailed process will run in the
# background.
# -T static Tells Minijail metrics is a static binary, locksdown pre-exec
# --profile=minimalistic-mountns Setup a mount namespace with some
# basic mountpoints.
# -b /dev (Read only) Needed by rootdev to read and determine
# containing device, block.
# -k /run Create /run in tmpfs to mount subdirectories required by metrics.
# -b /run/containers (Read only) Required for collecting ARC++ metrics.
# login_manager/init/scripts/ui-pre-start creates the
# directory at the very early stage of the boot.
# -b /run/dbus (Read only) Required by metrics for dbus.
# -b /run/metrics (Read/ Write) Required by metrics for reading flags from
# other services, e.g. crash reporter, hammer, crouton.
# -b /sys (Read only) Required by rootdev to read device/block metadata.
# -b /sys/kernel/debug/ (Read only) Required by metrics for GPU frequency info.
# -k /var Create /var in tmpfs to mount its subdirectories.
# -b /var/lib/metrics (Read/Write) Metrics stores persistent data files.
# which then are read for writing to metrics/uma-events.
# -b /var/log/vmlog (Read/Write) Metrics logs crash/error or any other
# daemon related messages in log/vmlogs.
exec minijail0 \
-u metrics -g metrics -G \
-l -n -e -N -rvi --uts \
-T static \
--profile=minimalistic-mountns \
-b /dev/ \
-k '/run,/run,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \
-b /run/containers \
-b /run/dbus \
-b /run/metrics,,1 \
-b /sys/ \
-b /sys/kernel/debug/ \
-k '/var,/var,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \
-b /var/lib/metrics,,1 \
-b /var/log/vmlog,,1 \
/usr/bin/metrics_daemon --nodaemon ${DAEMON_FLAGS}