| # Copyright 2012 The ChromiumOS Authors |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Permission broker daemon" |
| author "chromium-os-dev@chromium.org" |
| |
| start on starting system-services |
| stop on stopping system-services |
| expect fork |
| # permission_broker maintains some state and will close network ports on |
| # shutdown, but can otherwise recover. |
| oom score -100 |
| respawn |
| |
| # Keep CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_FOWNER, and CAP_NET_ADMIN+CAP_NET_RAW |
| # for 'iptables'; set NoNewPrivs. |
| exec minijail0 \ |
| --config /usr/share/minijail/permission_broker.conf -- \ |
| /usr/bin/permission_broker |