| # Copyright 2021 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Fwupd daemon" |
| author "chromium-os-dev@chromium.org" |
| |
| # The service is started by Chrome via UpstartClient::StartAuthPolicyService(). |
| stop on stopping ui |
| respawn |
| |
| env CACHE_DIRECTORY="/var/cache/fwupd" |
| |
| pre-start script |
| mkdir -p /var/cache/fwupd /var/lib/fwupd |
| chown -R fwupd:fwupd /var/cache/fwupd /var/lib/fwupd |
| end script |
| |
| script |
| # Need access to original network namespace for udev (no -e), which passes |
| # uevents via netlink socket. |
| # Need access to /proc, /sys, /dev to perform USB enumeration. |
| # Need access to /run/dbus for DBus communications. |
| exec minijail0 \ |
| --uts -e -l -p -N \ |
| -v -P /mnt/empty -b / -b /proc -t -r -b /dev,,1 -b /sys,,1 \ |
| -k /var,/var,tmpfs -b /var/cache/fwupd,,1 -b /var/lib/fwupd,,1 \ |
| -k run,/run,tmpfs -b /run/dbus -b /run/shill -u fwupd -g fwupd -G \ |
| -- /usr/libexec/fwupd/fwupd |
| end script |
| |
| # Wait for daemon to claim its D-Bus name before transitioning to started. |
| post-start exec minijail0 -u fwupd -g fwupd /usr/bin/gdbus \ |
| wait --system --timeout 15 org.freedesktop.fwupd |
