arc/setup/init/arc-prepare-host-generated-dir.conf - third_party/platform2 - Git at Google

 # Copyright 2021 The ChromiumOS Authors
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 description    "Set up /run/arc[vm]/host_generated"
 author         "chromium-os-dev@chromium.org"

 # This task is started by Chrome. No start stanza is needed.

 # /usr/sbin/arc-prepare-host-generated-dir reads these boolean ("0" or "1")
 # environment variables.
 import IS_ARCVM

 # Use 'never' since terminating this job fails ARC to start.
 oom score never

 # Make this a task so that 'start arc-prepare-host-generated-dir' will block
 # until the script finishes.
 task

 script
   die() {
     logger -t "${UPSTART_JOB}" "$1"
     exit 1
   }

   if [ -d /run/arc/host_generated ]; then
       ARC_HOST_GENERATED_BIND_ARG="-b /run/arc/host_generated,,1"
   elif [ -d /run/arcvm/host_generated ]; then
       ARC_HOST_GENERATED_BIND_ARG="-b /run/arcvm/host_generated,,1"
   else
       die "host_generated directory is not found"
   fi

   ARCVM_IMAGE_BIND_ARG=""
   if [ -d /opt/google/vms/android ]; then
     ARCVM_IMAGE_BIND_ARG="-b /opt/google/vms/android"
   fi

   exec /sbin/minijail0 \
       --profile=minimalistic-mountns --uts -e -l -p -N \
       -k 'tmpfs,/mnt,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC' \
       -k 'tmpfs,/run,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC' \
       -k 'tmpfs,/var,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC' \
       -k '/run/chromeos-config,/run/chromeos-config,none,MS_BIND|MS_REC' \
       -b /sys \
       -b /run/dbus \
       ${ARCVM_IMAGE_BIND_ARG} \
       ${ARC_HOST_GENERATED_BIND_ARG} \
       -- /usr/sbin/arc-prepare-host-generated-dir \
            --log_tag=arc-prepare-host-generated-dir ||
       die "Failed to execute arc-prepare-host-generated-dir"
 end script
	# Copyright 2021 The ChromiumOS Authors
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	description "Set up /run/arc[vm]/host_generated"
	author "chromium-os-dev@chromium.org"

	# This task is started by Chrome. No start stanza is needed.

	# /usr/sbin/arc-prepare-host-generated-dir reads these boolean ("0" or "1")
	# environment variables.
	import IS_ARCVM

	# Use 'never' since terminating this job fails ARC to start.
	oom score never

	# Make this a task so that 'start arc-prepare-host-generated-dir' will block
	# until the script finishes.
	task

	script
	die() {
	logger -t "${UPSTART_JOB}" "$1"
	exit 1
	}

	if [ -d /run/arc/host_generated ]; then
	ARC_HOST_GENERATED_BIND_ARG="-b /run/arc/host_generated,,1"
	elif [ -d /run/arcvm/host_generated ]; then
	ARC_HOST_GENERATED_BIND_ARG="-b /run/arcvm/host_generated,,1"
	else
	die "host_generated directory is not found"
	fi

	ARCVM_IMAGE_BIND_ARG=""
	if [ -d /opt/google/vms/android ]; then
	ARCVM_IMAGE_BIND_ARG="-b /opt/google/vms/android"
	fi

	exec /sbin/minijail0 \
	--profile=minimalistic-mountns --uts -e -l -p -N \
	-k 'tmpfs,/mnt,tmpfs,MS_NOSUID\|MS_NODEV\|MS_NOEXEC' \
	-k 'tmpfs,/run,tmpfs,MS_NOSUID\|MS_NODEV\|MS_NOEXEC' \
	-k 'tmpfs,/var,tmpfs,MS_NOSUID\|MS_NODEV\|MS_NOEXEC' \
	-k '/run/chromeos-config,/run/chromeos-config,none,MS_BIND\|MS_REC' \
	-b /sys \
	-b /run/dbus \
	${ARCVM_IMAGE_BIND_ARG} \
	${ARC_HOST_GENERATED_BIND_ARG} \
	-- /usr/sbin/arc-prepare-host-generated-dir \
	--log_tag=arc-prepare-host-generated-dir \|\|
	die "Failed to execute arc-prepare-host-generated-dir"
	end script