| % minijail-config-file v0 |
| |
| # Need writable access to /sys/devices and /dev for IIO devices control. |
| # Need access to /sys/bus, /sys/firmware, and /sys/class for IIO devices' |
| # information. |
| # Need access to /run/dbus for DBus communications. |
| # Need access to /run/mojo to connect to Mojo Service Manager. |
| # Need access to /run/udev to get devlinks info from udev. |
| # Need (writable) access to /var/lib/metrics to log metrics. |
| # Set RLIMIT_NICE(=13) to 40,40 |
| |
| i |
| u = iioservice |
| g = iioservice |
| N |
| uts |
| e |
| p |
| P = /mnt/empty |
| bind-mount = / |
| bind-mount = /sys |
| mount = tmpfs,/run,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC |
| n |
| S = /usr/share/policy/iioservice-seccomp.policy |
| bind-mount = /sys/bus |
| bind-mount = /sys/devices,,1 |
| bind-mount = /dev,,1 |
| bind-mount = /run/udev |
| bind-mount = /sys/firmware |
| bind-mount = /sys/class |
| bind-mount = /run/dbus |
| bind-mount = /run/mojo,,1 |
| mount = tmpfs,/var,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC |
| bind-mount = /var/lib/metrics,,1 |
| R = 13,40,40 |