smbprovider/etc/init/smbproviderd.conf - mirrors/cros/chromiumos/platform2 - Git at Google

 # Copyright 2018 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 description     "SmbProvider daemon"
 author          "chromium-os-dev@chromium.org"

 # This is started by D-Bus service activation through
 # org.chromium.SmbProvider.service
 stop on stopping ui
 respawn

 # Minijail actually forks off the desired process.
 expect fork

 pre-start script
   # Check if ui is still running before starting smbproviderd.
   # This is to prevent new dbus-activated instances from getting started once
   # the system is beginning to shut down.
   if ! initctl status ui | grep -q running; then
     stop
     exit 0
   fi
 end script

 # -i makes sure minijail0 exits right away.
 # -p Enter a new PID namespace and run the process as init (pid=1).
 # -I Runs program as init inside a new pid namespace.
 # -l Enter a new IPC namespace.
 # --uts Enters a new UTS namespace.
 # --profile=minimalistic-mountns Mount namespace with basic mounts
 #     includes /var/empty, /, /proc (RO), /dev/log, /tmp (tmpfs)
 # -k tmpfs,/run,tmpfs Empty tmpfs for /run
 # -b /run/dbus bind in for dbus communication
 # -b /run/shill For /etc/resolv.conf
 # -b /run/lockbox Needed to access "install attributes"
 # -k /run/daemon-store... Needed to access saved passwords
 # -S Apply seccomp filters.
 # --mount-dev Creates a new /dev with a minimal set of nodes.
 # -b Binds <src> to <dest> in chroot.
 # -u Run as smbproviderd user.
 # -g Run as smbproviderd group.
 exec minijail0 \
     -i \
     -p \
     -I \
     -l \
     --uts \
     --profile=minimalistic-mountns \
     -k tmpfs,/run,tmpfs \
     -b /run/dbus \
     -b /run/shill \
     -b /run/lockbox \
     -k '/run/daemon-store/smbproviderd,/run/daemon-store/smbproviderd,\
         none,MS_BIND|MS_REC' \
     -S /usr/share/policy/smbprovider-seccomp.policy \
     -u smbproviderd -g smbproviderd \
     /usr/sbin/smbproviderd

 post-start exec minijail0 -u smbproviderd -g smbproviderd /usr/bin/gdbus \
     wait --system --timeout 15 org.chromium.SmbProvider
	# Copyright 2018 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	description "SmbProvider daemon"
	author "chromium-os-dev@chromium.org"

	# This is started by D-Bus service activation through
	# org.chromium.SmbProvider.service
	stop on stopping ui
	respawn

	# Minijail actually forks off the desired process.
	expect fork

	pre-start script
	# Check if ui is still running before starting smbproviderd.
	# This is to prevent new dbus-activated instances from getting started once
	# the system is beginning to shut down.
	if ! initctl status ui \| grep -q running; then
	stop
	exit 0
	fi
	end script

	# -i makes sure minijail0 exits right away.
	# -p Enter a new PID namespace and run the process as init (pid=1).
	# -I Runs program as init inside a new pid namespace.
	# -l Enter a new IPC namespace.
	# --uts Enters a new UTS namespace.
	# --profile=minimalistic-mountns Mount namespace with basic mounts
	# includes /var/empty, /, /proc (RO), /dev/log, /tmp (tmpfs)
	# -k tmpfs,/run,tmpfs Empty tmpfs for /run
	# -b /run/dbus bind in for dbus communication
	# -b /run/shill For /etc/resolv.conf
	# -b /run/lockbox Needed to access "install attributes"
	# -k /run/daemon-store... Needed to access saved passwords
	# -S Apply seccomp filters.
	# --mount-dev Creates a new /dev with a minimal set of nodes.
	# -b Binds <src> to <dest> in chroot.
	# -u Run as smbproviderd user.
	# -g Run as smbproviderd group.
	exec minijail0 \
	-i \
	-p \
	-I \
	-l \
	--uts \
	--profile=minimalistic-mountns \
	-k tmpfs,/run,tmpfs \
	-b /run/dbus \
	-b /run/shill \
	-b /run/lockbox \
	-k '/run/daemon-store/smbproviderd,/run/daemon-store/smbproviderd,\
	none,MS_BIND\|MS_REC' \
	-S /usr/share/policy/smbprovider-seccomp.policy \
	-u smbproviderd -g smbproviderd \
	/usr/sbin/smbproviderd

	post-start exec minijail0 -u smbproviderd -g smbproviderd /usr/bin/gdbus \
	wait --system --timeout 15 org.chromium.SmbProvider