| # Copyright 2022 The ChromiumOS Authors |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Private Computing Device Active daemon" |
| author "chromium-os-dev@chromium.org" |
| |
| # The service is started by Chrome on demand. |
| stop on stopping ui |
| respawn |
| |
| tmpfiles /usr/lib/tmpfiles.d/private_computing.conf |
| |
| # Sacrifice before OOM panic. |
| oom score -100 |
| |
| # Minijail actually forks off the desired process. |
| expect fork |
| |
| pre-start script |
| # Check if ui is still running before starting private_computingd. |
| # This is to prevent new dbus-activated instances from getting startd |
| # once the system is beginning to shut down. |
| if ! initctl status ui | grep -q running; then |
| stop |
| exit 0 |
| fi |
| end script |
| |
| script |
| exec minijail0 --config /usr/share/minijail/private_computing.conf \ |
| -- /usr/sbin/private_computingd |
| end script |
| |
| # Wait for daemon to claim its D-Bus name before transitioning to started. |
| post-start exec minijail0 -u private_computing -g private_computing \ |
| /usr/bin/gdbus \ |
| wait --system --timeout 15 org.chromium.PrivateComputing |
