| # Copyright 2018 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "systemd-journald" |
| author "chromium-os-dev@chromium.org" |
| |
| # Journald has been switched to syslog and is about to be removed. We do no |
| # longer start journald. |
| # TODO(yoshiki): remove this file when we remove journald. |
| |
| expect fork |
| respawn |
| |
| # Upstart has limitation on how it can track daemon readiness. See this report |
| # for more details: https://crbug.com/702794#27. net_poll_tool allows us to |
| # emit the started event only after the socket is ready. |
| # /run/systemd/journal/socket is the last socket created by journald. |
| # |
| # We don't use a pid namespace because it breaks journald's ability to log the |
| # remote pid. We don't use a network namespace because journald needs to read |
| # from the audit netlink socket. |
| # |
| # CAP_SYS_PTRACE is required to read /proc/<PID>/exe. |
| # We aren't going to give that capability to journald due to security concerns. |
| exec minijail0 -T static --ambient \ |
| -u syslog -g syslog -c 'cap_syslog,cap_audit_read+e' \ |
| -i -l --uts -f /run/systemd-journald.pid \ |
| -v -P /mnt/empty -b / -b /proc -t -r --mount-dev \ |
| -b /dev/kmsg,,1 \ |
| -k 'run,/run,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC' \ |
| -b /run/systemd,,1 \ |
| -b /run/log,,1 \ |
| -k 'var,/var,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC' \ |
| -b /var/log,,1 \ |
| /usr/lib/systemd/systemd-journald |
| |
| post-start script |
| # The timeout is high, but it should never be hit unless there's a serious |
| # problem, in which case we want to fall over anyways. We can't set it too |
| # low because we also run in slow environments like VMs. |
| net_poll_tool --timeout=60 --unix_socket=/run/systemd/journal/socket |
| |
| # This is needed to flush the journal to persistent storage |
| pkill -SIGUSR1 --pidfile /run/systemd-journald.pid |
| end script |
| |
| post-stop script |
| rm /run/systemd-journald.pid || true |
| end script |
| |