| # Copyright 2019 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Run file_attrs_cleaner_tool on the encrypted home directories." |
| author "chromium-os-dev@chromium.org" |
| |
| # The file attributer cleaner tool should run when the user logs in and clean |
| # up the attributes on files in the user's cryptohome. However, if the user |
| # logs out while the tool is running, the tool should be killed immediately. |
| stop on stopping logout |
| |
| # Get the obfuscated username from cryptohome. In case of secondary logins, we |
| # need to run multiple instances of this job for each home directory. |
| import OBFUSCATED_USERNAME |
| |
| instance ${OBFUSCATED_USERNAME} |
| |
| # Check that the username hasn't been corrupted. |
| pre-start script |
| if ! echo "${OBFUSCATED_USERNAME}" | grep -Eq '^[a-z0-9]+$'; then |
| stop |
| logger -t "${UPSTART_JOB}" \ |
| "Invalid obfuscated username: ${OBFUSCATED_USERNAME}" |
| exit 0 |
| fi |
| end script |
| |
| # Use the mounted user directory instead of the shadow user directory |
| # to avoid the file attribute cleaner tool from accessing user files after |
| # cryptohome has invalidated the encryption key. |
| exec ionice -c 3 -- /sbin/file_attrs_cleaner_tool --enable_metrics \ |
| "/home/user/${OBFUSCATED_USERNAME}" \ |
| "/home/root/${OBFUSCATED_USERNAME}" |