| # Copyright 2018 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "SmbProvider daemon" |
| author "chromium-os-dev@chromium.org" |
| |
| # This is started by D-Bus service activation through |
| # org.chromium.SmbProvider.service |
| stop on stopping ui |
| respawn |
| |
| # Minijail actually forks off the desired process. |
| expect fork |
| |
| # -i makes sure minijail0 exits right away. |
| # -p Enter a new PID namespace and run the process as init (pid=1). |
| # -I Runs program as init inside a new pid namespace. |
| # -l Enter a new IPC namespace. |
| # -v Enters new mount namespace, allows to change mounts inside jail. |
| # -r Remount /proc read-only. |
| # --uts Enters a new UTS namespace. |
| # -t Mounts tmpfs as /tmp. |
| # -S Apply seccomp filters. |
| # --mount-dev Creates a new /dev with a minimal set of nodes. |
| # -b Binds <src> to <dest> in chroot. |
| # -u Run as smbproviderd user. |
| # -g Run as smbproviderd group. |
| |
| exec minijail0 \ |
| -i \ |
| -p -I \ |
| -l \ |
| -v -r \ |
| --uts \ |
| -t \ |
| -S /usr/share/policy/smbprovider-seccomp.policy \ |
| --mount-dev -b /dev/log,/dev/log \ |
| -u smbproviderd -g smbproviderd \ |
| /usr/sbin/smbproviderd |
| |
| post-start exec minijail0 -u smbproviderd -g smbproviderd /usr/bin/gdbus \ |
| wait --system --timeout 15 org.chromium.SmbProvider |