| # Copyright 2016 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "CUPS daemon" |
| author "chromium-os-dev@chromium.org" |
| |
| env user=cups |
| env lp_group=cups |
| env admin_group=lpadmin |
| env printer_root=/var/cache/cups/printers |
| env seccomp_flags="-S /usr/share/policy/cupsd-seccomp.policy" |
| |
| # Start only on request. |
| start on socket PROTO=unix SOCKET_PATH=/run/cups/cups.sock |
| stop on stopping ui |
| |
| pre-start script |
| # It may be necessary to remove privileged directories. Please see |
| # also cups-clear-state.conf for details. |
| /usr/share/cros/init/cups-clear-state.sh |
| |
| # dir: directory to create (if necessary) |
| # perm: permissions to set for the directory |
| # group (optional): group to own the directory; defaults to ${lp_group} |
| check_create() { |
| local dir="$1" |
| local perm="$2" |
| local group="${3:-${lp_group}}" |
| # If it's not a directory currently, clean it up. |
| rm -f "${dir}" 2>/dev/null || : |
| mkdir -p "${dir}" |
| chown ${user}:${group} "${dir}" |
| chmod "${perm}" "${dir}" |
| } |
| |
| check_create /var/spool/cups 0710 |
| check_create /var/spool/cups/tmp 0770 |
| check_create /var/cache/cups 0770 |
| check_create /var/cache/cups/rss 0775 |
| check_create /run/cups 0755 |
| check_create /run/cups/certs 0711 ${admin_group} |
| |
| # PrinterRoot keeps printers.conf and ppd/PRINTERNAME.ppd configuration |
| # data |
| check_create "${printer_root}" 0755 |
| check_create "${printer_root}"/ppd 0755 |
| |
| # Clear old job files and history |
| rm -f /var/spool/cups/{c,d}* /var/cache/cups/job.cache* |
| end script |
| |
| # TODO(xiaochu): use -b instead of -K. crbug.com/811473 |
| exec minijail0 -u ${user} -g nobody -G -I -l -n -r -v -K ${seccomp_flags} -- \ |
| /usr/sbin/cupsd -f -l |