arc/setup/init/arcvm-prepare-data.conf - third_party/platform2 - Git at Google

 # Copyright 2024 The ChromiumOS Authors
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 description   "Prepare /data for ARCVM"
 author        "chromium-os-dev@chromium.org"

 start on starting arcvm-post-login-services
 stop on stopping arcvm-post-login-services

 # Derived from arcvm-post-login-services.
 oom score -100
 task

 import CHROMEOS_USER
 import ARCVM_DATA_TYPE

 env ANDROID_MUTABLE_SOURCE=/run/arcvm/android-data/mount

 pre-start script
   # Use different minijail configs depending on the type of /data:
   # 1) For virtio-fs /data, it needs to be set up and mounted on
   #    /run/arcvm/android-data/mount in the concierge namespace.
   # 2) For virtio-blk /data, the job temporarily mounts /data, which is safer to
   #    perform in a confined minimalistic namespace.
   if [ "${ARCVM_DATA_TYPE}" = "virtiofs" ]; then
     exec /sbin/minijail0 \
       --config /usr/share/minijail/arcvm-prepare-virtio-fs-data.conf \
       -- /usr/sbin/arcvm-prepare-data --log_tag=arcvm-prepare-data \
           --data_type="${ARCVM_DATA_TYPE}"
   else
     if [ "${ARCVM_DATA_TYPE}" != "lvm_volume" ] &&
        [ "${ARCVM_DATA_TYPE}" != "concierge_disk" ]; then
       logger -t "${UPSTART_JOB}" "Invalid /data type: ${ARCVM_DATA_TYPE}"
       exit 1
     fi

     CHROMEOS_USER_HOME=$(cryptohome-path system "${CHROMEOS_USER}")
     if [ ! -d "${CHROMEOS_USER_HOME}" ]; then
       logger -t "${UPSTART_JOB}" \
         "User home ${CHROMEOS_USER_HOME} does not exist"
       exit 1
     fi

     exec /sbin/minijail0 \
       --config /usr/share/minijail/arcvm-prepare-virtio-blk-data.conf \
       -k "${CHROMEOS_USER_HOME},${CHROMEOS_USER_HOME},none,MS_BIND|MS_REC" \
       -- /usr/sbin/arcvm-prepare-data --log_tag=arcvm-prepare-data \
           --data_type="${ARCVM_DATA_TYPE}"
   fi
 end script

 # This is needed to ensure this job doesn't remain in the started state.
 exec /bin/true
	# Copyright 2024 The ChromiumOS Authors
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	description "Prepare /data for ARCVM"
	author "chromium-os-dev@chromium.org"

	start on starting arcvm-post-login-services
	stop on stopping arcvm-post-login-services

	# Derived from arcvm-post-login-services.
	oom score -100
	task

	import CHROMEOS_USER
	import ARCVM_DATA_TYPE

	env ANDROID_MUTABLE_SOURCE=/run/arcvm/android-data/mount

	pre-start script
	# Use different minijail configs depending on the type of /data:
	# 1) For virtio-fs /data, it needs to be set up and mounted on
	# /run/arcvm/android-data/mount in the concierge namespace.
	# 2) For virtio-blk /data, the job temporarily mounts /data, which is safer to
	# perform in a confined minimalistic namespace.
	if [ "${ARCVM_DATA_TYPE}" = "virtiofs" ]; then
	exec /sbin/minijail0 \
	--config /usr/share/minijail/arcvm-prepare-virtio-fs-data.conf \
	-- /usr/sbin/arcvm-prepare-data --log_tag=arcvm-prepare-data \
	--data_type="${ARCVM_DATA_TYPE}"
	else
	if [ "${ARCVM_DATA_TYPE}" != "lvm_volume" ] &&
	[ "${ARCVM_DATA_TYPE}" != "concierge_disk" ]; then
	logger -t "${UPSTART_JOB}" "Invalid /data type: ${ARCVM_DATA_TYPE}"
	exit 1
	fi

	CHROMEOS_USER_HOME=$(cryptohome-path system "${CHROMEOS_USER}")
	if [ ! -d "${CHROMEOS_USER_HOME}" ]; then
	logger -t "${UPSTART_JOB}" \
	"User home ${CHROMEOS_USER_HOME} does not exist"
	exit 1
	fi

	exec /sbin/minijail0 \
	--config /usr/share/minijail/arcvm-prepare-virtio-blk-data.conf \
	-k "${CHROMEOS_USER_HOME},${CHROMEOS_USER_HOME},none,MS_BIND\|MS_REC" \
	-- /usr/sbin/arcvm-prepare-data --log_tag=arcvm-prepare-data \
	--data_type="${ARCVM_DATA_TYPE}"
	fi
	end script

	# This is needed to ensure this job doesn't remain in the started state.
	exec /bin/true