| # Copyright 2020 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Starts perfetto system tracing service and probes" |
| author "chromium-os-dev@chromium.org" |
| |
| start on started traced |
| stop on stopping traced |
| expect fork |
| respawn |
| respawn limit 10 10 |
| oom score -100 |
| # Use 10 times regular as usage, which is ~240 MiB for memory usage limit. |
| # Note that internally perfetto has it's own watchdog and will self-kill if its |
| # memory budget exceeds SUM(tracing buffers) + 32MB slack. |
| limit as 250000000 unlimited |
| |
| env PERFETTO_SOCK_DIR=/run/perfetto |
| env PERFETTO_PRODUCER_SOCK_NAME=/run/perfetto/traced-producer.sock |
| |
| pre-start script |
| # Make per_cpu trace file writable for group debugfs-access. |
| chgrp debugfs-access /sys/kernel/debug/tracing/per_cpu/cpu*/trace |
| chmod g+w /sys/kernel/debug/tracing/per_cpu/cpu*/trace |
| # Allow group debugfs-access to eanble tracing events through writing to the |
| # "enable" files. |
| find /sys/kernel/debug/tracing/events -name enable \ |
| -exec chgrp debugfs-access {} + -exec chmod g+w {} + |
| end script |
| |
| script |
| # Common mount flags for tmpfs. |
| tmpfs_flags="MS_NOSUID|MS_NODEV|MS_NOEXEC" |
| |
| # Build the tmpfs for bind-mounts under /sys: |
| sysfs_mnt_args="-k tmpfs,/sys,tmpfs,${tmpfs_flags}" |
| |
| # Bind-mount /sys/devices. traced_probes uses /sys/devices/system/cpu. |
| # Use the whole /sys/devices because there can be symlinks to it like |
| # /sys/class/devfreq/... |
| sysfs_mnt_args="${sysfs_mnt_args} -b /sys/devices" |
| |
| # /sys/class/ for bind-mounting /sys/class/devfreq (on ARM). |
| if [ -d /sys/class/devfreq ]; then |
| sysfs_mnt_args="${sysfs_mnt_args} -k tmpfs,/sys/class,tmpfs,${tmpfs_flags}" |
| sysfs_mnt_args="${sysfs_mnt_args} -b /sys/class/devfreq" |
| fi |
| |
| # Create tmpfs at /sys/kernel as the basedir of tracefs |
| sysfs_mnt_args="${sysfs_mnt_args} -k tmpfs,/sys/kernel,tmpfs,${tmpfs_flags}" |
| # Bind mount /sys/kernel/debug/tracing to /sys/kernel/tracing. traced_probes |
| # doesn't use debugfs and supports using tracefs from |
| # /sys/kernel/debug/tracing or /sys/kernel/tracing. Bind-mount |
| # /sys/kernel/debug/tracing to /sys/kernel/tracing so this works regardless of |
| # whether the kernel has separate tracefs (v4.1) or ftrace is part of debugfs. |
| sysfs_mnt_args="${sysfs_mnt_args} -b /sys/kernel/debug/tracing,/sys/kernel/tracing,1" |
| |
| # minijail0 args. |
| # -u traced-probes -g traced-probes: run as user: traced-probes, |
| # group: traced-probes. |
| # -G: Inherit supplementary groups from new uid. |
| # -c 0: Grant no caps. |
| # -i: fork immediately and don't block the startup. |
| # -l: enter a new IPC namespace. |
| # -N: enter a new cgroup namespace. |
| # -e: enter a new network namespace. |
| # --uts: enter a new UTS namespace. |
| # traced_probes runs without -p because it needs to see the PID of the traced |
| # processes. |
| # -n: set no new_privs. |
| # -b /sys: bind mount sysfs. |
| # ${tracefs_mnt_args}: mount tracefs. |
| exec /sbin/minijail0 -u traced-probes -g traced-probes \ |
| -G -c 0 -i -l -N -e --uts -n \ |
| --profile=minimalistic-mountns -t \ |
| -k "tmpfs,/run,tmpfs,${tmpfs_flags}" \ |
| -b "${PERFETTO_SOCK_DIR}",,1 \ |
| ${sysfs_mnt_args} \ |
| -S /usr/share/policy/traced_probes.policy \ |
| -- /usr/bin/traced_probes |
| end script |
