| # Copyright 2021 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Fwupd daemon" |
| author "chromium-os-dev@chromium.org" |
| |
| start on started system-services |
| stop on stopping boot-services or stopping powerd |
| respawn |
| |
| env LANG=en_US.UTF-8 |
| env CACHE_DIRECTORY="/var/cache/fwupd" |
| |
| pre-start script |
| mkdir -p /var/cache/fwupd /var/lib/fwupd |
| chown -R fwupd:fwupd /var/cache/fwupd /var/lib/fwupd |
| |
| # Check if boot-services is still running before starting. |
| # This is to prevent new dbus-activated instances from getting started once |
| # the system is beginning to shut down. |
| if ! initctl status boot-services | grep -q running; then |
| logger -t "${UPSTART_JOB}" "ERROR: boot services not running, quit." |
| stop |
| exit 0 |
| fi |
| end script |
| |
| script |
| # Need access to original network namespace for udev (no -e), which passes |
| # uevents via netlink socket. |
| # Need access to /proc, /sys, /dev to perform USB enumeration. |
| # Need access to /run/dbus for DBus communications. |
| # Need /run/udev/data for enumerating emmc. |
| # Need cap_sys_rawio for communicating with emmc. |
| exec minijail0 \ |
| --uts -l -p -N \ |
| -v -P /mnt/empty -b / -b /proc -t -r -b /dev,,1 -b /sys,,1 \ |
| -k /var,/var,tmpfs -b /var/cache/fwupd,,1 -b /var/lib/fwupd,,1 \ |
| -k run,/run,tmpfs -b /run/dbus -b /run/lock,,1 -b /run/shill \ |
| -b /run/udev/data,,1 -u fwupd -g fwupd -G -c cap_sys_rawio+e \ |
| -- /usr/libexec/fwupd/fwupd |
| end script |
| |
| # Wait for daemon to claim its D-Bus name before transitioning to started. |
| post-start exec minijail0 -u fwupd -g fwupd /usr/bin/gdbus \ |
| wait --system --timeout 15 org.freedesktop.fwupd |