| # Copyright 2022 The ChromiumOS Authors |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Face Authentication Service" |
| author "chromium-os-dev@chromium.org" |
| |
| start on started system-services |
| stop on stopping system-services |
| |
| respawn |
| respawn limit 3 10 |
| |
| # Do not respawn if the service is terminated on purpose. |
| normal exit 0 |
| |
| # Sacrifice before OOM panic. |
| oom score 0 |
| |
| env LOG_LEVEL=-1 |
| #env SECCOMP_POLICY_FILE=/usr/share/policy/faced-seccomp.policy |
| |
| script |
| logger -t "${UPSTART_JOB}" "Start ${UPSTART_JOB}" |
| set -x |
| |
| # Start constructing minijail0 args... |
| args="" |
| |
| # Use Minijail config file. |
| args="${args} --config /usr/share/minijail/faced.conf" |
| |
| # Bind-mount (writeable) the metrics directory. |
| # args="${args} -b /var/lib/metrics,,1" |
| |
| # No new privileges (no_new_privs). |
| # args="${args} -n" |
| |
| # Use faced seccomp policy. |
| # args="${args} -S ${SECCOMP_POLICY_FILE}" |
| |
| # Execute the daemon. |
| args="${args} -- /usr/sbin/faced" |
| |
| args="${args} --log_level=${LOG_LEVEL}" |
| |
| exec minijail0 ${args} |
| end script |
| |
| # Wait for daemon to claim its D-Bus name before transitioning to started. |
| post-start exec minijail0 -u faced -g faced /usr/bin/gdbus \ |
| wait --system --timeout 15 org.chromium.FaceAuthDaemon |
