| # Copyright 2018 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Chrome OS Runtime Probe service" |
| author "chromium-os-dev@chromium.org" |
| |
| # This daemon is started by D-Bus service activation configured in |
| # dbus/org.chromium.RuntimeProbe.service. |
| stop on stopping system-services |
| expect fork |
| |
| # The vpd/ro and virtual/dmi mount is required to initialize cros_config. |
| # Ref: //src/platform2/chromeos-config/libcros_config/cros_config.cc |
| # TODO(hmchu): Make sure required file for cros_config on non-amd64 platform |
| # are also mounted correctly. |
| script |
| exec minijail0 -i -e -p -r -v -l --uts -n \ |
| -u runtime_probe -g runtime_probe -G \ |
| --profile=minimalistic-mountns \ |
| -k 'tmpfs,/run,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \ |
| -k 'tmpfs,/sys,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \ |
| -b /run/dbus \ |
| -b /sys/firmware/vpd/ro \ |
| -b /sys/devices/virtual/dmi \ |
| -S /usr/share/policy/runtime_probe-seccomp.policy \ |
| -- /usr/bin/runtime_probe --dbus --verbosity_level=1 |
| end script |
| # Wait for daemon to claim its D-Bus name before transitioning to started. |
| post-start exec minijail0 -u runtime_probe -g runtime_probe /usr/bin/gdbus \ |
| wait --system --timeout 15 org.chromium.RuntimeProbe |