| # Copyright 2017 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Start the VM concierge service" |
| author "chromium-os-dev@chromium.org" |
| |
| # Start the VM concierge service, which is responsible for managing all the |
| # VMs running in the system. |
| |
| # If we are using plugin VMs then we will start concierge together with the |
| # dispatcher, otherwise concierge will be started explicitly. |
| start on starting vmplugin_dispatcher |
| stop on stopping ui |
| respawn |
| expect fork |
| |
| # Give any running VMs enough time to attempt an orderly shutdown. |
| kill timeout 30 |
| |
| pre-start script |
| # Make sure the vsock module is loaded. |
| modprobe -q vhost-vsock |
| |
| # Create the runtime directory. |
| mkdir -p /run/vm |
| chown crosvm:crosvm /run/vm |
| |
| # Create the runtime directory for plugin VMs. |
| mkdir -p /run/pvm |
| chmod 770 /run/pvm |
| chown pluginvm:crosvm /run/pvm |
| |
| # Create the cicerone runtime directory, we need to do this here because it |
| # has to be mounted into the namespace for concierge. |
| mkdir -p /run/vm_cicerone |
| chown vm_cicerone:vm_cicerone /run/vm_cicerone |
| |
| # Create the directory for UNIX socket communication with plugin VMs. |
| mkdir -p /run/vm_cicerone/client |
| chmod 770 /run/vm_cicerone/client |
| chown vm_cicerone:crosvm /run/vm_cicerone/client |
| |
| # Create the directory for various services that we need to mount in |
| # concierge's namespace. Individual service scripts will adjust ownership |
| # and permissions as needed. |
| mkdir -p /run/camera /run/cups |
| |
| end script |
| |
| # Allow the following capabilities: |
| # |
| # CAP_SETGID for allowing mapping additional gids in user namespaces |
| # of jailed children. It will be added to the ambient set |
| # by concierge |
| # CAP_NET_ADMIN for creating tap devices |
| # |
| # /proc is also remounted read-write because crosvm needs to be able to set the |
| # uid_map and gid_map for its child processes and that needs a writable /proc. |
| # |
| # The following mount flags are used below: |
| # MS_BIND = 0x1000 |
| # MS_REC = 0x4000 |
| # |
| # -Kslave is applied to propagate imageloader mounts into concierge's mount |
| # namespace. |
| exec minijail0 -nplrvd -t -i -I --uts \ |
| -u crosvm -g crosvm -G \ |
| -c 'cap_net_admin,cap_setgid+eip' \ |
| -Kslave \ |
| -P /mnt/empty \ |
| -b /,/ \ |
| -k proc,/proc,proc,0xe \ |
| -b /sys,/sys \ |
| -b /dev/chromeos-low-mem \ |
| -b /dev/log,/dev/log,1 \ |
| -b /dev/kvm,/dev/kvm,1 \ |
| -b /dev/net,/dev/net,1 \ |
| -b /dev/vhost-vsock,/dev/vhost-vsock,1 \ |
| -b /dev/dri,/dev/dri,1 \ |
| -k run,/run,tmpfs,0xe \ |
| -b /run/camera/,,1 \ |
| -b /run/chrome,/run/chrome,1 \ |
| -b /run/cras,,1 \ |
| -b /run/cups,,1 \ |
| -b /run/dbus,/run/dbus,1 \ |
| -b /run/pvm,,1 \ |
| -b /run/vm,/run/vm,1 \ |
| -b /run/vm_cicerone/client,/run/vm_cicerone/client,1 \ |
| -k var,/var,tmpfs,0xe,mode=755,size=32M \ |
| -k empty,/var/empty,tmpfs,0xf,mode=755,size=32M \ |
| -k /run/imageloader,/run/imageloader,none,0x5000 \ |
| -k /home,/home,none,0x5000 \ |
| -- /usr/bin/vm_concierge |
| |
| # Put the concierge and all VMs it starts in a cpu cgroup. |
| # Default cpu.shares is 1024. Limit the VMs to 7/8ths of that. |
| post-start script |
| cgroup_dir="/sys/fs/cgroup/cpu/vms" |
| mkdir -p "${cgroup_dir}" |
| echo $(status | cut -f 4 -d ' ') > "${cgroup_dir}/tasks" |
| echo 896 > "${cgroup_dir}/cpu.shares" |
| end script |
