| # Copyright 2018 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "CrosDns daemon for /etc/hosts modifications" |
| author "chromium-os-dev@chromium.org" |
| |
| # "-100" is the default OOM score for ChromeOS daemons that can recover. |
| oom score -100 |
| |
| # Starts the crosdns daemon which provides a service for making |
| # modifications to the /etc/hosts file. |
| start on starting vm_concierge |
| stop on stopped vm_concierge |
| respawn |
| |
| pre-start script |
| mount --no-canonicalize -o bind /run/crosdns/ /etc/hosts.d |
| end script |
| |
| post-stop script |
| umount --no-canonicalize --lazy /etc/hosts.d |
| end script |
| |
| script |
| # Execute in a minijail with IPC, cgroup, PID, UTS and mount namespaces, drop |
| # all caps, don't allow new privileges, change user/group to crosdns, and use |
| # the seccomp policy file. |
| exec minijail0 -l -N -p --uts -v -c 0 -n -u crosdns -g crosdns \ |
| -S /usr/share/policy/crosdns-seccomp.policy -- /usr/sbin/crosdns |
| end script |
