net-wireless/floss/files/upstart/btmanagerd.conf - third_party/overlays/chromiumos-overlay - Git at Google

 # Copyright 2021 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 description "Bluetooth Manager"
 author "ChromeOS BT <chromeos-bt-team@google.com>"

 start on started system-services
 stop on stopping system-services

 # Limit respawning in case of crashloop
 respawn limit 10 5
 respawn

 # This daemon manages the Bluetooth controllers on a system. It can be killed at
 # the cost of an interruption in Bluetooth connectivity.
 oom score -100

 script
   # -u bluetooth changes user.
   # -g bluetooth changes group.
   # -G inherit bluetooth's supplementary groups.
   # -n prevents that execve gains privileges, required for seccomp filters.
   # -l creates IPC namespace (isolates System V IPC objects/POSIX message
   #    queues).
   # --uts enters a new UTS namespace.
   # -e enters new network namespace.
   # --profile minimalistic-mountns sets up minimalistic mount namespace.
   #   equivalent to -v -t -r --mount-dev -P /var/empty -b / -b /proc -b /dev/log
   # -k /run,/run,tmpfs,... mounts tmpfs at /run
   # -k /var,/var,tmpfs,... mounts tmpfs at /var
   # -k /sys,/sys,tmpfs... mounts tmpfs at /sys
   # -b /run/dbus mount read-only, required for D-Bus.
   # -b /sys/class/bluetooth mount read-only, required for hci devices.
   # -b /var/run/bluetooth mount read-only, required for pid files.
   # -b /var/lib/misc/ allows read-write access to select floss/bluez daemon
   # -b /var/lib/bluetooth/ allows read-write access to bluetooth config
   exec minijail0 \
   -u bluetooth -g bluetooth -G -n -l --uts -e \
   --profile minimalistic-mountns \
   -k '/run,/run,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \
   -k '/var,/var,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \
   -k '/sys,/sys,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \
   -b /run/dbus \
   -b /sys/class/bluetooth \
   -b /var/run/bluetooth \
   -b /var/lib/misc,,1 \
   -b /var/lib/bluetooth,,1 \
   -- /usr/bin/btmanagerd
 end script
	# Copyright 2021 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	description "Bluetooth Manager"
	author "ChromeOS BT <chromeos-bt-team@google.com>"

	start on started system-services
	stop on stopping system-services

	# Limit respawning in case of crashloop
	respawn limit 10 5
	respawn

	# This daemon manages the Bluetooth controllers on a system. It can be killed at
	# the cost of an interruption in Bluetooth connectivity.
	oom score -100

	script
	# -u bluetooth changes user.
	# -g bluetooth changes group.
	# -G inherit bluetooth's supplementary groups.
	# -n prevents that execve gains privileges, required for seccomp filters.
	# -l creates IPC namespace (isolates System V IPC objects/POSIX message
	# queues).
	# --uts enters a new UTS namespace.
	# -e enters new network namespace.
	# --profile minimalistic-mountns sets up minimalistic mount namespace.
	# equivalent to -v -t -r --mount-dev -P /var/empty -b / -b /proc -b /dev/log
	# -k /run,/run,tmpfs,... mounts tmpfs at /run
	# -k /var,/var,tmpfs,... mounts tmpfs at /var
	# -k /sys,/sys,tmpfs... mounts tmpfs at /sys
	# -b /run/dbus mount read-only, required for D-Bus.
	# -b /sys/class/bluetooth mount read-only, required for hci devices.
	# -b /var/run/bluetooth mount read-only, required for pid files.
	# -b /var/lib/misc/ allows read-write access to select floss/bluez daemon
	# -b /var/lib/bluetooth/ allows read-write access to bluetooth config
	exec minijail0 \
	-u bluetooth -g bluetooth -G -n -l --uts -e \
	--profile minimalistic-mountns \
	-k '/run,/run,tmpfs,MS_NODEV\|MS_NOEXEC\|MS_NOSUID,mode=755,size=10M' \
	-k '/var,/var,tmpfs,MS_NODEV\|MS_NOEXEC\|MS_NOSUID,mode=755,size=10M' \
	-k '/sys,/sys,tmpfs,MS_NODEV\|MS_NOEXEC\|MS_NOSUID,mode=755,size=10M' \
	-b /run/dbus \
	-b /sys/class/bluetooth \
	-b /var/run/bluetooth \
	-b /var/lib/misc,,1 \
	-b /var/lib/bluetooth,,1 \
	-- /usr/bin/btmanagerd
	end script