| # Copyright 2018 The ChromiumOS Authors |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "OOBE Config Restore daemon" |
| author "chromium-os-dev@chromium.org" |
| |
| start on started boot-services and started tpm_managerd |
| stop on stopping boot-services |
| |
| # 32MByte RLIMIT_MEMLOCK, this is required because oobe_config_restore uses |
| # SecureBlob to store owner key, install attributes and shill default profile, |
| # and SecureBlob uses mlock(). |
| limit memlock 33554432 33554432 |
| |
| # Process is not system critical but may also not recover if killed. |
| oom score -400 |
| |
| pre-start script |
| # If OOBE is already completed then don't start the service, instead cleanup |
| # any files that may have been left by a preceeding rollback. |
| if [ -f "/home/chronos/.oobe_completed" ]; then |
| /usr/sbin/rollback_cleanup |
| stop |
| else |
| # Make sure /var/lib/oobe_config_restore exists and has the correct |
| # permissions. |
| systemd-tmpfiles --create --remove --clean \ |
| /usr/lib/tmpfiles.d/on-demand/oobe_config_restore.conf |
| fi |
| end script |
| |
| # Minijail actually forks off the desired process. |
| expect fork |
| |
| exec minijail0 --config=/usr/share/minijail/oobe_config_restore.conf \ |
| /usr/sbin/oobe_config_restore |
| |
| post-start exec minijail0 -u oobe_config_restore -G \ |
| /usr/bin/gdbus wait --system --timeout 15 org.chromium.OobeConfigRestore |