| # Copyright 2021 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Set up /run/arc[vm]/host_generated" |
| author "chromium-os-dev@chromium.org" |
| |
| # This task is started by Chrome. No start stanza is needed. |
| |
| # /usr/sbin/arc-prepare-host-generated-dir reads these boolean ("0" or "1") |
| # environment variables. |
| import IS_ARCVM |
| import ADD_NATIVE_BRIDGE_64BIT_SUPPORT |
| |
| oom score never |
| |
| # Make this a task so that 'start arc-prepare-host-generated-dir' will block |
| # until the script finishes. |
| task |
| |
| script |
| die() { |
| logger -t "${UPSTART_JOB}" "$1" |
| exit 1 |
| } |
| |
| if [ -d /run/arc/host_generated ]; then |
| ARC_HOST_GENERATED_BIND_ARG="-b /run/arc/host_generated,,1" |
| elif [ -d /run/arcvm/host_generated ]; then |
| ARC_HOST_GENERATED_BIND_ARG="-b /run/arcvm/host_generated,,1" |
| else |
| die "host_generated directory is not found" |
| fi |
| |
| exec /sbin/minijail0 \ |
| --profile=minimalistic-mountns --uts -e -l -p -N \ |
| -k 'tmpfs,/mnt,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC' \ |
| -k 'tmpfs,/run,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC' \ |
| -k 'tmpfs,/var,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC' \ |
| -k '/run/chromeos-config,/run/chromeos-config,none,MS_BIND|MS_REC' \ |
| -b /sys \ |
| ${ARC_HOST_GENERATED_BIND_ARG} \ |
| -- /usr/sbin/arc-prepare-host-generated-dir \ |
| --log_tag=arc-prepare-host-generated-dir || |
| die "Failed to execute arc-prepare-host-generated-dir" |
| end script |
