# Copyright 2021 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

# Type  Path  Mode  User  Group  Age  Arguments

# Create state directory for shill.
d /run/shill 0755 shill shill

# Create state directory for IPsec.
d /run/ipsec 0770 shill shill

# Create state directory for entire L2TP/IPsec subtree.
d /run/l2tpipsec_vpn 0750 shill shill

# Create state directory for WireGuard.
d /run/wireguard 0770 vpn vpn

# Create storage for the shill global profile.
d /var/cache/shill 0755 shill shill
# Like 'chown -R shill:shill /var/cache/shill' but doesn't follow symlinks.
Z /var/cache/shill - shill shill

# TODO(crbug.com/1179904) Move this into a dhcpcd specific config.
# Set up dhcpcd's {/var/lib|/run} dirs to run as user 'dhcp'.
d /run/dhcpcd 0755 dhcp dhcp
d /var/lib/dhcpcd 0755 dhcp dhcp
# Like 'chown -R' and 'chmod -R' but doesn't follow symlinks.
Z /var/lib/dhcpcd/* 0644 dhcp dhcp

# Shill needs read access to this file, which is part of the in-kernel
# Connection Tracking System.
z /proc/net/ip_conntrack 440 root shill
z /proc/net/nf_conntrack 440 root shill

# Create private directory for data which needs to persists across sessions.
d /var/lib/shill 0755 shill shill

# Create directory for backing files for metrics.
d /var/lib/shill/metrics 0755 shill shill