| # Copyright (c) 2012 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Syslog daemon" |
| author "chromium-os-dev@chromium.org" |
| |
| start on starting boot-services |
| stop on stopping boot-services |
| expect fork |
| respawn |
| |
| pre-start script |
| setup() { |
| touch "$1" |
| chown syslog "$1" |
| } |
| setup /var/log/messages |
| setup /var/log/net.log |
| setup /var/log/secure |
| setup /var/log/boot.log |
| setup /var/log/tlsdate.log |
| setup /var/log/authpolicy.log |
| setup /var/log/arc.log |
| mkdir -p /var/lib/timezone |
| end script |
| |
| # The way upstart tracks daemon readiness is not the way we need it to. In the |
| # normal forking/daemon mode (no -n), rsyslog will fork and then wait for the |
| # child to prepare /dev/log before exiting. However, upstart will see the first |
| # fork and mark the service started immediately and not wait for rsyslog itself |
| # to exit. That creates a small window where other services may start and try |
| # to use syslog which would fail. That's why we don't bother using daemon mode |
| # (we pass -n), and why we need the poll command below. |
| # See this report for more details: https://crbug.com/702794#27 |
| # |
| # We don't use --mount-dev because of the way the /dev/log unix socket works. |
| # See https://crbug.com/764455#c6 for details. |
| # |
| # We don't use a pid namespace because that breaks syslog's ability to log the |
| # remote pid. Otherwise the logs would look like (where [0] is the pid): |
| # INFO sshd[0]: ... |
| exec /sbin/minijail0 -l --uts -i -v -e -t -P /var/empty -T static \ |
| -b / -b /dev,,1 -b /proc -k tmpfs,/var,tmpfs,0xe -b /var/log,,1 \ |
| -b /var/lib/timezone \ |
| /usr/sbin/rsyslogd -n -f /etc/rsyslog.chromeos -i /tmp/rsyslogd.pid |
| |
| # See above comment for why we need to poll ourselves. |
| # |
| # The timeout is high, but it should never be hit unless there's a serious |
| # problem, in which case we want to fall over anyways. We can't set it too |
| # low because we also run in slow environments like VMs. |
| post-start exec net_poll_tool --timeout=60 --unix_socket=/dev/log |