| # Copyright 2021 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Launch the OS installation D-Bus service" |
| author "chromium-os-dev@chromium.org" |
| |
| start on starting system-services |
| stop on stopping system-services |
| respawn |
| |
| # Before starting the service, check if we're running from an |
| # installer disk. If not (i.e. the system is already installed) then |
| # don't start the service. |
| pre-start script |
| if [ "$(is_running_from_installer)" != "yes" ]; then |
| stop |
| exit 0 |
| fi |
| end script |
| |
| # See the security section of platform2/os_install_service/README.md |
| # for details of why this service runs as root. |
| # |
| # The "-T static" and inner minijail are as recommended by |
| # docs/security/selinux.md. |
| exec minijail0 -T static -- \ |
| /sbin/minijail0 -n \ |
| -S /usr/share/policy/os_install_service-seccomp.policy \ |
| /usr/sbin/os_install_service |