| # Copyright 2020 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Start Chrome OS iio service" |
| author "chromium-os-dev@chromium.org" |
| |
| # Start when mems_setup has set proper group and ownership. |
| start on started boot-services |
| stop on stopping boot-services |
| expect fork |
| respawn |
| respawn limit 10 22 |
| |
| # Don't respawn too aggressively so that the respawn limitation is not |
| # exceeded during the tests (in CQ mostly). |
| env RESPAWN_DELAY=2 |
| |
| # Make iioservice killable, because if it has a leak it's better to |
| # restart it than to OOM-panic. |
| oom score -100 |
| # Let the daemon crash if it grows too much. "as" is "address space" (vm |
| # size). We expect a typical VM size of about 200MB for the daemon. |
| limit as 200000000 unlimited |
| |
| post-stop script |
| goal=$(status iioservice | awk '{split($2, a, "/"); print a[1]}') |
| if [ "${goal}" = "start" ]; then |
| # Sleep only if it's respawning, so we don't need to wait when doing `stop |
| # iioservice` in tests or manually. |
| sleep "${RESPAWN_DELAY}" |
| fi |
| end script |
| |
| # Need writable access to /sys/devices and /dev for IIO devices control. |
| # Need access to /sys/bus, /sys/firmware, and /sys/class for IIO devices' |
| # information. |
| # Need access to /run/dbus for DBus communications. |
| # Need (writable) access to /var/lib/metrics to log metrics. |
| # Set RLIMIT_NICE(=13) to 40,40 |
| exec minijail0 -i -u iioservice -g iioservice \ |
| -N --uts -e -p -P /mnt/empty -b / -b /sys \ |
| -k 'tmpfs,/run,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC' \ |
| -n -S /usr/share/policy/iioservice-seccomp.policy \ |
| -b /sys/bus -b /sys/devices,,1 -b /dev,,1 \ |
| -b /sys/firmware -b /sys/class -b /run/dbus \ |
| -k 'tmpfs,/var,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC' \ |
| -b /var/lib/metrics,,1 \ |
| -R 13,40,40 \ |
| -- /usr/sbin/iioservice |
