missive/init/missived.conf - mirrors/cros/chromiumos/platform2 - Git at Google

 # Copyright 2021 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 description   "Missive Daemon"
 author        "chromium-os-dev@chromium.org"

 # TODO(zatrudo): added for testing remove to allow dbus serivce activation
 start on started system-services

 stop on stopping system-services

 respawn
 respawn limit 3 10  # if the job respawns 3 times in 10 seconds, stop trying.

 # Allow us to be killed as we are not critical to the system.  If we have a
 # leak while collecting reports, better to crash & restart than to OOM-panic
 # the system.
 oom score -100
 # TODO(zatrudo): Add a "limit as" after doing some runtime analysis.

 # Minijail forks off the desired process.
 expect fork

 # TODO(zatrudo): Add '-S "${SECCOMP_POLICY_FILE}" \' to exec when ready
 # env SECCOMP_POLICY_FILE=/usr/share/policy/missived-seccomp.policy

 pre-start script
   # Prepare directory used as storage for reports.
   mkdir -p /var/cache/reporting
   chown missived:missived /var/cache/reporting
 end script

 # -u run as user missived
 # -g run as group missived
 # -i exit immediately after fork (do not act as init).
 # -l enter new IPC namespace
 # -N enter new cgroup namespace
 # -p enter new pid namespace
 # -n set no_new_privs
 # -t mount a new /tmp inside chroot
 # -b/-k directories to mount into chroot
 # -b /run/dbus: enables DBus communication
 exec minijail0 -u missived -g missived -i -l -N -p -n -t \
      --profile=minimalistic-mountns \
      -k '/run,/run,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M'  \
      -k '/var,/var,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=100M' \
      -b /var/cache/reporting,,1  \
      -b /run/dbus --uts \
      -- /usr/bin/missived

 # Wait for daemon to claim its D-Bus name before transitioning to started.
 post-start exec minijail0 -u missived -g missived /usr/bin/gdbus \
     wait --system --timeout 15 org.chromium.Missived
	# Copyright 2021 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	description "Missive Daemon"
	author "chromium-os-dev@chromium.org"

	# TODO(zatrudo): added for testing remove to allow dbus serivce activation
	start on started system-services

	stop on stopping system-services

	respawn
	respawn limit 3 10 # if the job respawns 3 times in 10 seconds, stop trying.

	# Allow us to be killed as we are not critical to the system. If we have a
	# leak while collecting reports, better to crash & restart than to OOM-panic
	# the system.
	oom score -100
	# TODO(zatrudo): Add a "limit as" after doing some runtime analysis.

	# Minijail forks off the desired process.
	expect fork

	# TODO(zatrudo): Add '-S "${SECCOMP_POLICY_FILE}" \' to exec when ready
	# env SECCOMP_POLICY_FILE=/usr/share/policy/missived-seccomp.policy

	pre-start script
	# Prepare directory used as storage for reports.
	mkdir -p /var/cache/reporting
	chown missived:missived /var/cache/reporting
	end script

	# -u run as user missived
	# -g run as group missived
	# -i exit immediately after fork (do not act as init).
	# -l enter new IPC namespace
	# -N enter new cgroup namespace
	# -p enter new pid namespace
	# -n set no_new_privs
	# -t mount a new /tmp inside chroot
	# -b/-k directories to mount into chroot
	# -b /run/dbus: enables DBus communication
	exec minijail0 -u missived -g missived -i -l -N -p -n -t \
	--profile=minimalistic-mountns \
	-k '/run,/run,tmpfs,MS_NODEV\|MS_NOEXEC\|MS_NOSUID,mode=755,size=10M' \
	-k '/var,/var,tmpfs,MS_NODEV\|MS_NOEXEC\|MS_NOSUID,mode=755,size=100M' \
	-b /var/cache/reporting,,1 \
	-b /run/dbus --uts \
	-- /usr/bin/missived

	# Wait for daemon to claim its D-Bus name before transitioning to started.
	post-start exec minijail0 -u missived -g missived /usr/bin/gdbus \
	wait --system --timeout 15 org.chromium.Missived