vtpm/vtpmd.conf - mirrors/cros/chromiumos/platform2 - Git at Google

 # Copyright 2022 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 description     "Chromium OS device service."
 author          "chromium-os-dev@chromium.org"

 # Until it is stable, this daemon is controlled by admin only.
 # TODO(b/227341806): set proper start and stop criteria.

 oom score -100

 respawn

 expect fork

 # Uses minijail (drop root, set no_new_privs, set seccomp filter).
 exec minijail0 -u vtpm -g vtpm --profile=minimalistic-mountns \
     --uts -i -I -l -n -N -p -v \
     -k 'tmpfs,/run,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC' \
     -b /run/dbus \
     -k '/var,/var,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC' \
     -b /var/lib/vtpm,,1 \
     -S /usr/share/policy/vtpmd-seccomp.policy \
     -- /usr/sbin/vtpmd
	# Copyright 2022 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	description "Chromium OS device service."
	author "chromium-os-dev@chromium.org"

	# Until it is stable, this daemon is controlled by admin only.
	# TODO(b/227341806): set proper start and stop criteria.

	oom score -100

	respawn

	expect fork

	# Uses minijail (drop root, set no_new_privs, set seccomp filter).
	exec minijail0 -u vtpm -g vtpm --profile=minimalistic-mountns \
	--uts -i -I -l -n -N -p -v \
	-k 'tmpfs,/run,tmpfs,MS_NOSUID\|MS_NODEV\|MS_NOEXEC' \
	-b /run/dbus \
	-k '/var,/var,tmpfs,MS_NOSUID\|MS_NODEV\|MS_NOEXEC' \
	-b /var/lib/vtpm,,1 \
	-S /usr/share/policy/vtpmd-seccomp.policy \
	-- /usr/sbin/vtpmd