vtpm/vtpmd.conf - mirrors/cros/chromiumos/platform2 - Git at Google

 # Copyright 2022 The ChromiumOS Authors
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 description     "Chromium OS device service."
 author          "chromium-os-dev@chromium.org"

 start on started trunksd \
       and started tpm_managerd \
       and started attestationd \
       and started boot-services
 stop on stopping boot-services
 respawn

 oom score -100

 respawn

 expect fork

 # Uses minijail (drop root, set no_new_privs, set seccomp filter).
 exec minijail0 -u vtpm -g vtpm --profile=minimalistic-mountns \
     --uts -i -I -l -n -N -p -v \
     -k 'tmpfs,/run,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC' \
     -b /run/dbus \
     -k '/var,/var,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC' \
     -b /var/lib/vtpm,,1 \
     -S /usr/share/policy/vtpmd-seccomp.policy \
     -- /usr/sbin/vtpmd
	# Copyright 2022 The ChromiumOS Authors
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	description "Chromium OS device service."
	author "chromium-os-dev@chromium.org"

	start on started trunksd \
	and started tpm_managerd \
	and started attestationd \
	and started boot-services
	stop on stopping boot-services
	respawn

	oom score -100

	respawn

	expect fork

	# Uses minijail (drop root, set no_new_privs, set seccomp filter).
	exec minijail0 -u vtpm -g vtpm --profile=minimalistic-mountns \
	--uts -i -I -l -n -N -p -v \
	-k 'tmpfs,/run,tmpfs,MS_NOSUID\|MS_NODEV\|MS_NOEXEC' \
	-b /run/dbus \
	-k '/var,/var,tmpfs,MS_NOSUID\|MS_NODEV\|MS_NOEXEC' \
	-b /var/lib/vtpm,,1 \
	-S /usr/share/policy/vtpmd-seccomp.policy \
	-- /usr/sbin/vtpmd