| # Copyright 2018 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Start rmtfs server" |
| author "benchan@chromium.org" |
| |
| env RMTFS_DEV=/dev/qcom_rmtfs_mem1 |
| env RMTFS_DIR=/var/lib/rmtfs/boot |
| |
| start on started qrtr-ns and qcom-rmtfs-added |
| stop on stopping qrtr-ns |
| |
| expect fork |
| |
| pre-start script |
| # The rmtfs daemon will only utilize a file if it already exists. |
| mkdir -p "${RMTFS_DIR}" |
| for f in modem_fsc modem_fsg modem_fs1 modem_fs2; do |
| if [ ! -f "${RMTFS_DIR}/${f}" ]; then |
| touch "${RMTFS_DIR}/${f}" |
| fi |
| chown rmtfs:rmtfs "${RMTFS_DIR}/${f}" |
| done |
| end script |
| |
| # rmtfs needs CAP_NET_ADMIN to open AF_QIPCRTR socket. |
| # We provide read-only access to /var, so we can get a read/write bind mount |
| # for /var/lib/rmtfs/boot. |
| exec minijail0 --profile=minimalistic-mountns -inNlpvr --uts \ |
| -b "${RMTFS_DEV}",,1 -b /sys \ |
| -k '/var,/var,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \ |
| -b "${RMTFS_DIR}",,1 \ |
| -c cap_net_admin=e -u rmtfs -g rmtfs \ |
| -S /usr/share/policy/rmtfs-seccomp.policy \ |
| -- /usr/bin/rmtfs -o "${RMTFS_DIR}" |
