pciguard/init/pciguard-watchdog.conf - third_party/platform2 - Git at Google

 # Copyright 2021 The ChromiumOS Authors
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 description "A watchdog to protect the system if pciguard goes into crash loop"
 author      "chromium-os-dev@chromium.org"

 oom score -200

 start on stopped pciguard RESULT="failed" PROCESS="respawn"
 task

 script
   logger -p ERR "pciguard in crash loop, locking down the system!"
   for f in /sys/bus/thunderbolt/devices/*/authorized; do
     echo 0 > "${f}" || logger -p ERR "Unable to deauthorize ${f}"
   done
   echo 1 > /sys/bus/pci/drivers_allowlist_lockdown
 end script
	# Copyright 2021 The ChromiumOS Authors
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	description "A watchdog to protect the system if pciguard goes into crash loop"
	author "chromium-os-dev@chromium.org"

	oom score -200

	start on stopped pciguard RESULT="failed" PROCESS="respawn"
	task

	script
	logger -p ERR "pciguard in crash loop, locking down the system!"
	for f in /sys/bus/thunderbolt/devices/*/authorized; do
	echo 0 > "${f}" \|\| logger -p ERR "Unable to deauthorize ${f}"
	done
	echo 1 > /sys/bus/pci/drivers_allowlist_lockdown
	end script