chromeos-base/perfetto/files/init/traced.conf - third_party/overlays/chromiumos-overlay - Git at Google

 # Copyright 2020 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 description   "Starts perfetto system tracing service and probes"
 author        "chromium-os-dev@chromium.org"

 # Auto start of this job (and also job traced_probes that depends on this) is
 # disabled for the pending data privacy issue: trace collection across user
 # session boundaries reveals trace data of one user to another. Enable after
 # the issue is resolved.
 #start on started system-services
 stop on stopping system-services

 expect fork
 respawn
 respawn limit 10 10
 oom score -100
 # Use ~900 MiB, which is 10 times of peak VM usage from a local session, for the
 # limit of VM usage.
 # Note that internally perfetto has it's own watchdog and will self-kill if its
 # memory budget exceeds SUM(tracing buffers) + 32MB slack.
 limit as 900000000 unlimited

 # traced uses /run/perfetto as the base dir for the sockets.
 env PERFETTO_SOCK_DIR=/run/perfetto

 pre-start script
   # Create empty /run/perfetto and transfer the ownership to traced. Also enable
   # the sticky bit.
   # Using -p here to allow tracing from services that start before traced and to
   # allow tracing to continue after traced restarts without restarting other
   # services.
   mkdir -p "${PERFETTO_SOCK_DIR}"
   rm -rf "${PERFETTO_SOCK_DIR}"/*
   chown traced:traced "${PERFETTO_SOCK_DIR}"
 end script

 # minijail0 args.
 # -u traced -g traced: run as user: traced, group: traced.
 # -G: Inherit supplementary groups from new uid.
 # -c 0: Grant no caps.
 # -i: fork immediately and don't block the startup.
 # -l: enter a new IPC namespace.
 # -e: enter a new network namespace.
 # --uts: enter a new UTS namespace.
 # -n: set no new_privs.
 # --profile=minimalistic-mountns -t: set up minimalistic mounts and /tmp.
 # -k tmpfs,/run,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC: mount tmpfs at /run.
 # -b ${PERFETTO_SOCK_DIR},,1: bind mount ${PERFETTO_SOCK_DIR} that hosts the
 #    socket files.
 # -p: enter a new PID namespace.
 # -S /usr/share/policy/traced.policy: set up seccomp policy.
 exec /sbin/minijail0 -u traced -g traced \
   -G -c 0 -i -l -e --uts -n \
   --profile=minimalistic-mountns -t \
   -k 'tmpfs,/run,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC' \
   -b "${PERFETTO_SOCK_DIR}",,1 \
   -p \
   -S /usr/share/policy/traced.policy \
   -- /usr/bin/traced \
     --set-socket-permissions traced-producer:0660:traced-consumer:0660
	# Copyright 2020 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	description "Starts perfetto system tracing service and probes"
	author "chromium-os-dev@chromium.org"

	# Auto start of this job (and also job traced_probes that depends on this) is
	# disabled for the pending data privacy issue: trace collection across user
	# session boundaries reveals trace data of one user to another. Enable after
	# the issue is resolved.
	#start on started system-services
	stop on stopping system-services

	expect fork
	respawn
	respawn limit 10 10
	oom score -100
	# Use ~900 MiB, which is 10 times of peak VM usage from a local session, for the
	# limit of VM usage.
	# Note that internally perfetto has it's own watchdog and will self-kill if its
	# memory budget exceeds SUM(tracing buffers) + 32MB slack.
	limit as 900000000 unlimited

	# traced uses /run/perfetto as the base dir for the sockets.
	env PERFETTO_SOCK_DIR=/run/perfetto

	pre-start script
	# Create empty /run/perfetto and transfer the ownership to traced. Also enable
	# the sticky bit.
	# Using -p here to allow tracing from services that start before traced and to
	# allow tracing to continue after traced restarts without restarting other
	# services.
	mkdir -p "${PERFETTO_SOCK_DIR}"
	rm -rf "${PERFETTO_SOCK_DIR}"/*
	chown traced:traced "${PERFETTO_SOCK_DIR}"
	end script

	# minijail0 args.
	# -u traced -g traced: run as user: traced, group: traced.
	# -G: Inherit supplementary groups from new uid.
	# -c 0: Grant no caps.
	# -i: fork immediately and don't block the startup.
	# -l: enter a new IPC namespace.
	# -e: enter a new network namespace.
	# --uts: enter a new UTS namespace.
	# -n: set no new_privs.
	# --profile=minimalistic-mountns -t: set up minimalistic mounts and /tmp.
	# -k tmpfs,/run,tmpfs,MS_NOSUID\|MS_NODEV\|MS_NOEXEC: mount tmpfs at /run.
	# -b ${PERFETTO_SOCK_DIR},,1: bind mount ${PERFETTO_SOCK_DIR} that hosts the
	# socket files.
	# -p: enter a new PID namespace.
	# -S /usr/share/policy/traced.policy: set up seccomp policy.
	exec /sbin/minijail0 -u traced -g traced \
	-G -c 0 -i -l -e --uts -n \
	--profile=minimalistic-mountns -t \
	-k 'tmpfs,/run,tmpfs,MS_NOSUID\|MS_NODEV\|MS_NOEXEC' \
	-b "${PERFETTO_SOCK_DIR}",,1 \
	-p \
	-S /usr/share/policy/traced.policy \
	-- /usr/bin/traced \
	--set-socket-permissions traced-producer:0660:traced-consumer:0660