| # Copyright (c) 2013 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Runs a daemon which collects and reports kernel log anomalies" |
| author "chromium-os-dev@chromium.org" |
| |
| start on started system-services |
| stop on stopping system-services |
| respawn |
| expect fork |
| |
| # Allow us to be killed as we are not critical to the system. If we have a |
| # leak, better to crash & restart than to OOM-panic the system. |
| oom score -100 |
| # Let the daemon crash if it grows too much. "as" is "address space" (vm |
| # size). We expect a typical VM size of about 30MiB for the daemon, so set |
| # the ceiling to 5 times that for safety. |
| limit as 150000000 unlimited |
| |
| pre-start script |
| mkdir -p /var/lib/whitelist |
| end script |
| |
| # /dev/log: We use syslog for error messages. |
| # /var/log: We monitor /var/log/messages for anomalies. But we can't bind mount |
| # that path directly because it gets rotated. |
| # /var/spool: We write out our crash reports here. |
| # TODO: We should mount just /var/spool/crash. |
| # /var/lib/metrics: We write out uma stats directly. |
| # /sys: Some kernel collectors will read PCI device information. |
| # /run/dbus: We need to talk to dbus. |
| # /home/chronos: crash_reporter running inside this minijail needs to read user |
| # consent of error collection. |
| # /var/lib/whitelist: crash_reporter running inside this minijail needs to read |
| # device policy file. |
| exec /sbin/minijail0 \ |
| --profile=minimalistic-mountns \ |
| -i -p -v -r --uts -l \ |
| --mount-dev -b /dev/log \ |
| -b /sys \ |
| -k '/var,/var,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \ |
| -b /var/log -b /var/spool,,1 -b /var/lib/metrics,,1 \ |
| -b /var/lib/whitelist \ |
| -k '/run,/run,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \ |
| -b /run/dbus \ |
| -b /home/chronos \ |
| -- /usr/bin/anomaly_collector |