| # Copyright 2022 The ChromiumOS Authors |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Start the UWB daemon" |
| author "chromium-os-dev@chromium.org" |
| |
| start on started system-services |
| stop on stopping system-services |
| respawn |
| respawn limit 3 10 # if the job respawns 3 times in 10 seconds, stop trying. |
| |
| # uwbd is a CrOS daemons that can recover. |
| oom score -100 |
| |
| # Minijail actually forks off the desired process. |
| expect fork |
| |
| # -i: Exit immediately after fork |
| # -u: Run as uwbd user. |
| # -g: Run as uwbd group. |
| # --profile=minimalistic-mountns: Minimal mount |
| # --uts: Enter a new UTS namespace |
| # -e: Enter new network namespace |
| # -l: Enter new IPC namespace |
| # -p: Enter new pid namespace |
| # -N: Enter a new cgroup namespace |
| # Mount /run/dbus for D-Bus connection |
| # Mount /var/tmp for storing the UCI logs |
| # -S: Set seccomp filter |
| exec minijail0 \ |
| -i \ |
| -u uwbd -g uwbd \ |
| --profile=minimalistic-mountns \ |
| --uts \ |
| -e \ |
| -l \ |
| -p \ |
| -N \ |
| -k 'tmpfs,/run,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC' \ |
| -b /run/dbus \ |
| -k 'tmpfs,/var,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC' \ |
| -b /var/tmp,,1 \ |
| -S /usr/share/policy/uwbd-seccomp.policy \ |
| -- /usr/bin/uwbd |
