secanomalyd/secanomalyd.conf - third_party/platform2 - Git at Google

 # Copyright 2021 The ChromiumOS Authors
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 description     "Security anomaly detection daemon"
 author          "chromium-os-dev@chromium.org"

 start on starting system-services
 stop on stopping system-services

 # Let the daemon crash if its memory grows too much.
 # "as" is "address space" (VM size).
 # We are seeing a VM size of about 12 MiB. Set the limit to ~four times that for
 # safety.
 # -------------------------------------
 # $ cat /proc/$(pidof secanomalyd)/status
 # $ pmap $(pidof secanomalyd)
 # -------------------------------------
 # Syntax is "limit <resource> <limit> <max_settable_limit>".
 limit as 50000000 unlimited
 # secanomalyd keeps very little state and can recover trivially so allow the OOM
 # killer to terminate it.
 oom score -100
 respawn

 # The value of |DEV| determines whether the "--dev" flag is passed to the
 # executable. The flag is passed only when |DEV| is set to "true".
 # This is used in Tast tests, where metrics should be emitted despite being in
 # developer mode.
 env DEV="false"
 import DEV

 script
   if [ "${DEV}" = "true" ]; then
     test_args="--dev"
   else
     test_args=""
   fi
   # Inherit supplementary groups to gain membership to the 'crash-access' group.
   # Set NoNewPrivs.
   # Drop all capabilities except CAP_SYS_PTRACE to be able to filter processes
   # by their PID namespace and CAP_DAC_OVERRIDE to be able to open the audit log
   # file and read from it.
   # Stay in the init mount namespace to be able to report suspicious mounts in
   # that namespace.
   exec minijail0 --config /usr/share/minijail/secanomalyd.conf -- \
       /usr/sbin/secanomalyd --generate_reports \
       --forbidden_intersection_only_reports ${test_args}
 end script
	# Copyright 2021 The ChromiumOS Authors
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	description "Security anomaly detection daemon"
	author "chromium-os-dev@chromium.org"

	start on starting system-services
	stop on stopping system-services

	# Let the daemon crash if its memory grows too much.
	# "as" is "address space" (VM size).
	# We are seeing a VM size of about 12 MiB. Set the limit to ~four times that for
	# safety.
	# -------------------------------------
	# $ cat /proc/$(pidof secanomalyd)/status
	# $ pmap $(pidof secanomalyd)
	# -------------------------------------
	# Syntax is "limit <resource> <limit> <max_settable_limit>".
	limit as 50000000 unlimited
	# secanomalyd keeps very little state and can recover trivially so allow the OOM
	# killer to terminate it.
	oom score -100
	respawn

	# The value of \|DEV\| determines whether the "--dev" flag is passed to the
	# executable. The flag is passed only when \|DEV\| is set to "true".
	# This is used in Tast tests, where metrics should be emitted despite being in
	# developer mode.
	env DEV="false"
	import DEV

	script
	if [ "${DEV}" = "true" ]; then
	test_args="--dev"
	else
	test_args=""
	fi
	# Inherit supplementary groups to gain membership to the 'crash-access' group.
	# Set NoNewPrivs.
	# Drop all capabilities except CAP_SYS_PTRACE to be able to filter processes
	# by their PID namespace and CAP_DAC_OVERRIDE to be able to open the audit log
	# file and read from it.
	# Stay in the init mount namespace to be able to report suspicious mounts in
	# that namespace.
	exec minijail0 --config /usr/share/minijail/secanomalyd.conf -- \
	/usr/sbin/secanomalyd --generate_reports \
	--forbidden_intersection_only_reports ${test_args}
	end script