| # Copyright 2016 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "CUPS daemon" |
| author "chromium-os-dev@chromium.org" |
| |
| env user=cups |
| env lp_group=cups |
| env admin_group=lpadmin |
| env printer_root=/var/cache/cups/printers |
| env seccomp_flags="-S /usr/share/policy/cupsd-seccomp.policy" |
| |
| # Start only on request. |
| start on socket PROTO=unix SOCKET_PATH=/run/cups/cups.sock |
| stop on stopping ui |
| |
| pre-start script |
| # Wait for cups-clear-state.conf to finish running to prevent a potential |
| # race condition. |
| until [ -f /run/cups/stamp ]; do |
| logger -t "${UPSTART_JOB}" "Waiting for /run/cups/stamp" |
| sleep 1 |
| done |
| |
| fail_if_symlink() { |
| local abs="$(readlink -f .)" |
| if [ "$1" != "${abs}" ]; then |
| logger -t "${UPSTART_JOB}" "'$1' resolves to '${abs}'" |
| exit 1 |
| fi |
| } |
| |
| # dir: directory to create (if necessary) |
| # perm: permissions to set for the directory |
| # group (optional): group to own the directory; defaults to ${lp_group} |
| check_create() { |
| local dir="$1" |
| local perm="$2" |
| local group="${3:-${lp_group}}" |
| # If it's not a directory currently, clean it up. |
| rm -f "${dir}" 2>/dev/null || : |
| mkdir -p "${dir}" |
| # Use working directory instead of path to avoid chown and chmod being |
| # applied to a linked path. |
| local original_wd="${PWD}" |
| cd "${dir}" |
| fail_if_symlink "${dir}" |
| chown -h ${user}:${group} . |
| chmod "${perm}" . |
| cd "${original_wd}" |
| } |
| |
| check_create /var/spool/cups 0710 |
| check_create /var/spool/cups/tmp 0770 |
| check_create /var/cache/cups 0770 |
| check_create /var/cache/cups/rss 0775 |
| check_create /run/cups 0755 |
| check_create /run/cups/certs 0711 ${admin_group} |
| |
| # PrinterRoot keeps printers.conf and ppd/PRINTERNAME.ppd configuration |
| # data |
| check_create "${printer_root}" 0755 |
| check_create "${printer_root}"/ppd 0755 |
| |
| # Clear old job files and history |
| original_wd="${PWD}" |
| cd "/var/spool/cups" |
| fail_if_symlink "/var/spool/cups" |
| rm -f ./{c,d}* ./job.cache* |
| cd "${original_wd}" |
| end script |
| |
| # TODO(xiaochu): use -b instead of -K. crbug.com/811473 |
| exec minijail0 -u ${user} -g nobody -G -I -l -n -r -v -K ${seccomp_flags} -- \ |
| /usr/sbin/cupsd -f -l |