| # Copyright 2021 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| # Type Path Mode User Group Age Arguments |
| |
| # Create state directory for shill. |
| d= /run/shill 0755 shill shill |
| |
| # Create state directory for IPsec. |
| d= /run/ipsec 0770 vpn vpn |
| |
| # Create state directory for entire L2TP/IPsec subtree. |
| d= /run/l2tpipsec_vpn 0770 vpn vpn |
| |
| # Create state directory for WireGuard. |
| d= /run/wireguard 0770 vpn vpn |
| |
| # Create storage for the shill global profile. |
| d= /var/cache/shill 0755 shill shill |
| # Like 'chown -R shill:shill /var/cache/shill' but doesn't follow symlinks. |
| Z /var/cache/shill - shill shill |
| |
| # TODO(crbug.com/1179904) Move this into a dhcpcd specific config. |
| # Set up dhcpcd's {/var/lib|/run} dirs to run as user 'dhcp'. |
| d= /run/dhcpcd 0755 dhcp dhcp |
| d= /var/lib/dhcpcd 0755 dhcp dhcp |
| # Like 'chown -R' and 'chmod -R' but doesn't follow symlinks. |
| Z /var/lib/dhcpcd/* 0644 dhcp dhcp |
| |
| # Shill needs read access to this file, which is part of the in-kernel |
| # Connection Tracking System. |
| z /proc/net/ip_conntrack 440 root shill |
| z /proc/net/nf_conntrack 440 root shill |
| |
| # Shill needs kernel debug access. |
| z- /sys/kernel/debug/ieee80211/phy0/iwlwifi/iwlmvm/fw_dbg_collect 660 root shill |
| |
| # Create private directory for data which needs to persists across sessions. |
| d= /var/lib/shill 0755 shill shill |
| |
| # Create directory for backing files for metrics. |
| d= /var/lib/shill/metrics 0755 shill shill |
