| # Copyright 2021 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "IPP-USB bridge daemon" |
| author "chromium-os-dev@chromium.org" |
| |
| import BUS |
| import DEV |
| import VID |
| import PID |
| instance $BUS:$DEV |
| |
| env IPPUSB_SOCKET_DIR="/run/ippusb" |
| |
| # ippusb_bridge can recover by restarting. |
| oom score -100 |
| |
| expect fork |
| kill signal INT |
| respawn |
| |
| tmpfiles /usr/lib/tmpfiles.d/on-demand/ippusb-bridge.conf |
| |
| pre-stop script |
| # Remove the socket before stopping ippusb_bridge so that |
| # processes can't make new connections while it is draining |
| # the existing requests. |
| rm -f "${IPPUSB_SOCKET_DIR}/${VID}-${PID}.sock" |
| end script |
| |
| exec minijail0 -ilnNprv -t -e --uts --mount-dev \ |
| -u ippusb -g ippusb -G \ |
| -S /usr/share/policy/ippusb-bridge-seccomp.policy \ |
| -P /mnt/empty \ |
| -b / \ |
| -b /proc \ |
| -b /sys \ |
| -b /dev/log \ |
| -b /dev/bus/usb/$BUS/$DEV \ |
| -k 'run,/run,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC' \ |
| -b /run/udev \ |
| -b /run/ippusb,/run/ippusb,1 \ |
| -k 'var,/var,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC' \ |
| -- /usr/bin/ippusb_bridge --upstart \ |
| -d $BUS:$DEV -s $IPPUSB_SOCKET_DIR/$VID-$PID.sock |
