| # Copyright 2019 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Updates devices using fwupdtool" |
| author "chromium-os-dev@chromium.org" |
| |
| # This job is started by udev via custom events. |
| # Job duration is expected to be O(minutes) depending on the number of |
| # devices with pending updates. |
| start on fwupdtool-update |
| task |
| |
| # FWUPD plugin to be used by fwupdtool update invokation. |
| import PLUGIN |
| |
| env MINIJAIL_ARGS="--uts -e -l -p -N \ |
| -v -P /mnt/empty -b / -b /proc -t -r -b /dev,,1 -b /sys \ |
| -k run,/run,tmpfs -b /run/dbus -b /run/udev \ |
| -k /var,/var,tmpfs -b /var/cache/fwupd,,1 -b /var/lib/fwupd,,1 \ |
| -u fwupd -g fwupd" |
| env MINIJAIL_CAP="-c cap_dac_override+e" |
| |
| pre-start script |
| mkdir -p /var/cache/fwupd /var/lib/fwupd |
| chown -R fwupd:fwupd /var/cache/fwupd /var/lib/fwupd |
| if ! minijail0 ${MINIJAIL_ARGS} ${MINIJAIL_CAP} \ |
| -- /usr/bin/fwupdtool get-plugins | grep -x -F "${PLUGIN}"; then |
| logger -p err -t "${UPSTART_JOB}" "Unsupported plugin: ${PLUGIN}" |
| exit 1 |
| fi |
| end script |
| |
| script |
| # Grant cap_sys_admin for nvme plugin to issue admin ioctl commands. |
| if [ "${PLUGIN}" = "nvme" ]; then |
| MINIJAIL_CAP="-c cap_dac_override,cap_sys_admin+e" |
| fi |
| exec minijail0 ${MINIJAIL_ARGS} ${MINIJAIL_CAP} \ |
| -- /usr/bin/fwupdtool update --plugin-whitelist="${PLUGIN}" \ |
| --enable-json-state 2>&1 | logger -t "${UPSTART_JOB}" |
| end script |