blob: 673d54e29c74ffa3da01190ba82c850f96491653 [file] [log] [blame]
# Copyright 2020 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
description "Start Chrome OS iio service"
author ""
# Start when mems_setup has set proper group and ownership.
start on started boot-services
stop on stopping boot-services
expect fork
respawn limit 5 30
# Don't respawn too aggressively so kernel has some room to breathe and
# initialize sensors.
# Make iioservice killable, because if it has a leak it's better to
# restart it than to OOM-panic.
oom score -100
# Let the daemon crash if it grows too much. "as" is "address space" (vm
# size). We expect a typical VM size of about 200MB for the daemon.
limit as 200000000 unlimited
# Need writable access to /sys/devices and /dev for IIO devices control.
# Need access to /sys/bus, /sys/firmware, and /sys/class for IIO devices'
# information.
# Need access to /run/systemd/journal for logging.
# Need access to /run/dbus for DBus communications.
# Set RLIMIT_NICE(=13) to 40,40
exec minijail0 -i -u iioservice -g iioservice \
-N --uts -e -p -P /mnt/empty -b / -b /sys \
-k 'tmpfs,/run,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC' \
-n -S /usr/share/policy/iioservice-seccomp.policy \
-b /sys/bus -b /sys/devices,,1 -b /dev,,1 \
-b /sys/firmware -b /sys/class -b /run/dbus -b /run/systemd/journal \
-R 13,40,40 \
-- /usr/sbin/iioservice