net-wireless/wpa_supplicant-2_9/files/init/wpasupplicant.conf - third_party/overlays/chromiumos-overlay - Git at Google

 # Copyright 2020 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 description     "WPA Supplicant daemon"
 author          "chromium-os-dev@chromium.org"

 # Default log level for wpa_supplicant.
 env WPA_DEBUG=

 # OpenSSL compatibility settings.
 # TODO(crbug.com/1047146): Drop these stop-gaps after addressing the underlying
 # problems described in the bug.
 env OPENSSL_CONF=/etc/ssl/openssl.cnf.compat
 env OPENSSL_CHROMIUM_SKIP_TRUSTED_PURPOSE_CHECK=1
 env OPENSSL_CHROMIUM_GENERATE_METRICS=1
 env seccomp_flags='--seccomp-bpf-binary /usr/share/policy/wpa_supplicant.bpf'
 # Use a canary flag, such that we only enable seccomp once per boot. If it
 # crashes for some reason (possibly incomplete seccomp filter?), next time
 # we'll start it without seccomp.
 # TODO(b/177454191): remove this once stabilized.
 env seccomp_disable='/run/wpa_supplicant/tried-seccomp'

 # https://crbug.com/783125: "started boot-services" is relatively early in the
 # boot process. This is necessary for getting online quickly, a metric which we
 # optimize for alongside "time to login screen," because networking is a
 # critical service.
 start on started boot-services
 stop on stopping boot-services
 respawn

 # make sure the control interface dir exists and has the right owner
 pre-start script
   mkdir -p -m 0750 /run/wpa_supplicant
   chown wpa:wpa /run/wpa_supplicant
 end script

 # minijail0 will jail the wpa_supplicant instance it forks off.
 expect fork

 # use minijail (drop root, keep CAP_NET_ADMIN|CAP_NET_RAW, set NoNewPrivs)
 # enable dbus, syslog msgs, wpa_cli over unix domain socket
 script
   ARGS=""
   case ${WPA_DEBUG} in
     excessive) ARGS='-ddd';;
     msgdump)   ARGS='-dd';;
     debug)     ARGS='-d';;
     info)      ARGS='';;
     warning)   ARGS='-q';;
     error)     ARGS='-qq';;
   esac
   if [ -e "${seccomp_disable}" ]; then
     seccomp_flags=''
   else
     echo 1 > "${seccomp_disable}"
   fi
   exec minijail0 -u wpa -g wpa -c 3000 -n -i ${seccomp_flags} -- \
     /usr/sbin/wpa_supplicant -u -s ${ARGS} -O/run/wpa_supplicant
 end script
	# Copyright 2020 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	description "WPA Supplicant daemon"
	author "chromium-os-dev@chromium.org"

	# Default log level for wpa_supplicant.
	env WPA_DEBUG=

	# OpenSSL compatibility settings.
	# TODO(crbug.com/1047146): Drop these stop-gaps after addressing the underlying
	# problems described in the bug.
	env OPENSSL_CONF=/etc/ssl/openssl.cnf.compat
	env OPENSSL_CHROMIUM_SKIP_TRUSTED_PURPOSE_CHECK=1
	env OPENSSL_CHROMIUM_GENERATE_METRICS=1
	env seccomp_flags='--seccomp-bpf-binary /usr/share/policy/wpa_supplicant.bpf'
	# Use a canary flag, such that we only enable seccomp once per boot. If it
	# crashes for some reason (possibly incomplete seccomp filter?), next time
	# we'll start it without seccomp.
	# TODO(b/177454191): remove this once stabilized.
	env seccomp_disable='/run/wpa_supplicant/tried-seccomp'

	# https://crbug.com/783125: "started boot-services" is relatively early in the
	# boot process. This is necessary for getting online quickly, a metric which we
	# optimize for alongside "time to login screen," because networking is a
	# critical service.
	start on started boot-services
	stop on stopping boot-services
	respawn

	# make sure the control interface dir exists and has the right owner
	pre-start script
	mkdir -p -m 0750 /run/wpa_supplicant
	chown wpa:wpa /run/wpa_supplicant
	end script

	# minijail0 will jail the wpa_supplicant instance it forks off.
	expect fork

	# use minijail (drop root, keep CAP_NET_ADMIN\|CAP_NET_RAW, set NoNewPrivs)
	# enable dbus, syslog msgs, wpa_cli over unix domain socket
	script
	ARGS=""
	case ${WPA_DEBUG} in
	excessive) ARGS='-ddd';;
	msgdump) ARGS='-dd';;
	debug) ARGS='-d';;
	info) ARGS='';;
	warning) ARGS='-q';;
	error) ARGS='-qq';;
	esac
	if [ -e "${seccomp_disable}" ]; then
	seccomp_flags=''
	else
	echo 1 > "${seccomp_disable}"
	fi
	exec minijail0 -u wpa -g wpa -c 3000 -n -i ${seccomp_flags} -- \
	/usr/sbin/wpa_supplicant -u -s ${ARGS} -O/run/wpa_supplicant
	end script