| # Copyright 2021 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Data Leak Prevention daemon" |
| author "chromium-os-dev@chromium.org" |
| |
| # The service is started by Chrome on demand. |
| stop on stopping ui |
| respawn |
| respawn limit 3 10 |
| |
| # Do not respawn if the service is terminated on purpose. |
| normal exit 0 |
| |
| # Sacrifice before OOM panic. |
| oom score 0 |
| # TODO (poromov) Add virtual memory size limit after |
| # run-time analysis. |
| |
| # Minijail actually forks off the desired process. |
| expect fork |
| |
| pre-start script |
| # Check if ui is still running before starting the daemon. |
| # This is to prevent new dbus-activated instances from getting started once |
| # the system is beginning to shut down. |
| if ! initctl status ui | grep -q running; then |
| stop |
| exit 0 |
| fi |
| end script |
| |
| script |
| # Start constructing minijail0 args... |
| args="" |
| |
| # Make sure minijail0 exits right away and won't block upstart. |
| args="${args} -i" |
| |
| # Create a cgroup namespace. |
| args="${args} -N" |
| |
| # Create a UTS namespace to isolate changes to the host / domain name. |
| args="${args} --uts" |
| |
| # Create an IPC namespace (isolate System V IPC objects/POSIX message queues). |
| args="${args} -l" |
| |
| # Prevent that execve gains privileges, required for seccomp filters. |
| args="${args} -n" |
| |
| # Prevent network connections. |
| args="${args} -e" |
| |
| #TODO(crbug.com/1184871) Apply seccomp policy. |
| #args="${args} -S ..." |
| |
| #TODO(crbug.com/1200577) Use user data mount namespace once it's ready. |
| #args="${args} -V ..." |
| |
| # cap_sys_admin are needed for fanotify_init() |
| args="${args} -c cap_sys_admin=e" |
| |
| # Run as dlp user and group. |
| args="${args} -u dlp -g dlp -G" |
| |
| # Execute dlp. |
| args="${args} /usr/sbin/dlp" |
| |
| exec minijail0 ${args} |
| end script |
| |
| # Wait for daemon to claim its D-Bus name before transitioning to started. |
| post-start exec minijail0 -u dlp -g dlp /usr/bin/gdbus \ |
| wait --system --timeout 15 org.chromium.Dlp |
| |
| post-stop exec logger -t "${UPSTART_JOB}" "Post-stop dlp" |