| # Copyright 2021 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Chrome OS RMA service" |
| author "chromium-os-dev@chromium.org" |
| |
| env RMAD_LIBDIR=/var/lib/rmad |
| |
| # This daemon is started by D-Bus service activation configured in |
| # dbus/org.chromium.Rmad.service. |
| stop on stopping system-services |
| |
| pre-start script |
| mkdir -p -m 750 "${RMAD_LIBDIR}" |
| chown -R rmad:rmad "${RMAD_LIBDIR}" |
| end script |
| |
| expect fork |
| |
| # Make it killable. |
| oom score -100 |
| # Let the daemon crash if it grows too much. "as" for "address space". |
| # TODO(chenghan): Check memory usage after some development. Currently set |
| # to 100 MB. |
| limit as 100000000 unlimited |
| |
| exec minijail0 -i -e -p -r -v -l --uts -n \ |
| -u rmad -g rmad -G \ |
| --profile=minimalistic-mountns \ |
| -k 'tmpfs,/run,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \ |
| -k 'tmpfs,/var,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \ |
| -b /run/dbus \ |
| -b /var/lib/rmad,,1 \ |
| -- /usr/sbin/rmad |
