| # Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Start the Chaps daemon (chapsd)" |
| author "chromium-os-dev@chromium.org" |
| |
| # Starts the Chaps daemon, which provides TPM-backed cryptographic services. |
| |
| start on started tpm_managerd and started boot-services |
| stop on stopping boot-services |
| respawn |
| |
| # 32MByte RLIMIT_MEMLOCK, this is required because chapsd uses SecureBlob |
| # extensively, and SecureBlob uses mlock(). |
| # TODO(crbug.com/1096198): Lower this once we found the root cause. |
| limit memlock 134217728 134217728 |
| |
| pre-start script |
| mkdir -p /var/lib/chaps |
| chown chaps:chronos-access /var/lib/chaps |
| end script |
| |
| exec /usr/sbin/chapsd --auto_load_system_token |
| |
| post-start script |
| # Wait for daemon to claim its D-Bus name. |
| minijail0 -u chaps -G \ |
| /usr/bin/gdbus wait --system --timeout 15 org.chromium.Chaps |
| # Running this in background to prevent upstart deadlock on chapsd. |
| # For example: chapsd crashed before the it restores TPM tokens. |
| (cryptohome --action=pkcs11_restore_tpm_tokens | logger -e -t chaps-restore) & |
| end script |
