net-print/cups/files/init/cupsd.conf - third_party/overlays/chromiumos-overlay - Git at Google

 # Copyright 2016 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 description     "CUPS daemon"
 author          "chromium-os-dev@chromium.org"

 env user=cups
 env lp_group=cups
 env admin_group=lpadmin
 env printer_root=/var/cache/cups/printers
 env seccomp_flags="-S /usr/share/policy/cupsd-seccomp.policy"

 # Start only on request.
 start on socket PROTO=unix SOCKET_PATH=/run/cups/cups.sock
 stop on stopping ui

 pre-start script
 	# Wait for cups-clear-state.conf to finish running to prevent a potential
 	# race condition.
 	until [ -f /run/cups/stamp ]; do
 		logger -t "${UPSTART_JOB}" "Waiting for /run/cups/stamp"
 		sleep 1
 	done

 	fail_if_symlink() {
 		local abs="$(readlink -f .)"
 		if [ "$1" != "${abs}" ]; then
 			logger -t "${UPSTART_JOB}" "'$1' resolves to '${abs}'"
 			exit 1
 		fi
 	}

 	# dir: directory to create (if necessary)
 	# perm: permissions to set for the directory
 	# group (optional): group to own the directory; defaults to ${lp_group}
 	check_create() {
 		local dir="$1"
 		local perm="$2"
 		local group="${3:-${lp_group}}"
 		# If it's not a directory currently, clean it up.
 		rm -f "${dir}" 2>/dev/null || :
 		mkdir -p "${dir}"
 		# Use working directory instead of path to avoid chown and chmod being
 		# applied to a linked path.
 		local original_wd="${PWD}"
 		cd "${dir}"
 		fail_if_symlink "${dir}"
 		chown -h ${user}:${group} .
 		chmod "${perm}" .
 		cd "${original_wd}"
 	}

 	check_create /var/spool/cups 0710
 	check_create /var/spool/cups/tmp 0770
 	check_create /var/cache/cups 0770
 	check_create /var/cache/cups/rss 0775
 	check_create /run/cups 0755
 	check_create /run/cups/certs 0711 ${admin_group}

 	# PrinterRoot keeps printers.conf and ppd/PRINTERNAME.ppd configuration
 	# data
 	check_create "${printer_root}" 0755
 	check_create "${printer_root}"/ppd 0755

 	# Clear old job files and history
 	original_wd="${PWD}"
 	cd "/var/spool/cups"
 	fail_if_symlink "/var/spool/cups"
 	rm -f ./{c,d}* ./job.cache*
 	cd "${original_wd}"
 end script

 # TODO(xiaochu): use -b instead of -K. crbug.com/811473
 exec minijail0 -u ${user} -g nobody -G -I -l -n -r -v -K ${seccomp_flags} -- \
   /usr/sbin/cupsd -f -l
	# Copyright 2016 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	description "CUPS daemon"
	author "chromium-os-dev@chromium.org"

	env user=cups
	env lp_group=cups
	env admin_group=lpadmin
	env printer_root=/var/cache/cups/printers
	env seccomp_flags="-S /usr/share/policy/cupsd-seccomp.policy"

	# Start only on request.
	start on socket PROTO=unix SOCKET_PATH=/run/cups/cups.sock
	stop on stopping ui

	pre-start script
	# Wait for cups-clear-state.conf to finish running to prevent a potential
	# race condition.
	until [ -f /run/cups/stamp ]; do
	logger -t "${UPSTART_JOB}" "Waiting for /run/cups/stamp"
	sleep 1
	done

	fail_if_symlink() {
	local abs="$(readlink -f .)"
	if [ "$1" != "${abs}" ]; then
	logger -t "${UPSTART_JOB}" "'$1' resolves to '${abs}'"
	exit 1
	fi
	}

	# dir: directory to create (if necessary)
	# perm: permissions to set for the directory
	# group (optional): group to own the directory; defaults to ${lp_group}
	check_create() {
	local dir="$1"
	local perm="$2"
	local group="${3:-${lp_group}}"
	# If it's not a directory currently, clean it up.
	rm -f "${dir}" 2>/dev/null \|\| :
	mkdir -p "${dir}"
	# Use working directory instead of path to avoid chown and chmod being
	# applied to a linked path.
	local original_wd="${PWD}"
	cd "${dir}"
	fail_if_symlink "${dir}"
	chown -h ${user}:${group} .
	chmod "${perm}" .
	cd "${original_wd}"
	}

	check_create /var/spool/cups 0710
	check_create /var/spool/cups/tmp 0770
	check_create /var/cache/cups 0770
	check_create /var/cache/cups/rss 0775
	check_create /run/cups 0755
	check_create /run/cups/certs 0711 ${admin_group}

	# PrinterRoot keeps printers.conf and ppd/PRINTERNAME.ppd configuration
	# data
	check_create "${printer_root}" 0755
	check_create "${printer_root}"/ppd 0755

	# Clear old job files and history
	original_wd="${PWD}"
	cd "/var/spool/cups"
	fail_if_symlink "/var/spool/cups"
	rm -f ./{c,d}* ./job.cache*
	cd "${original_wd}"
	end script

	# TODO(xiaochu): use -b instead of -K. crbug.com/811473
	exec minijail0 -u ${user} -g nobody -G -I -l -n -r -v -K ${seccomp_flags} -- \
	/usr/sbin/cupsd -f -l