blob: 1ec14fe3998a0d3b16a81ce5b9e9027957299031 [file] [log] [blame]
# Copyright 2022 The ChromiumOS Authors
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
description "Chrome OS mojo service manager"
author "chromium-os-dev@chromium.org"
start on started boot-services
stop on stopping boot-services
respawn
# If the job respawns 3 times in 10 seconds, stop trying.
respawn limit 3 10
# -900 for CrOS daemons that are needed to auto-update, but can restart. Mojo is
# used by update_engine, so this is needed to auto-update.
oom score -900
tmpfiles /usr/lib/tmpfiles.d/on-demand/mojo_service_manager.conf
script
# TODO(237029609): Move sandboxing logic into mojo_service_manager daemon.
set --
if [ -d /usr/local/etc/mojo/service_manager/policy ]; then
set -- "$@" \
-k \
'tmpfs,/usr/local,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC,mode=755,size=10M' \
-b /usr/local/etc/mojo/service_manager/policy
fi
exec minijail0 --config /usr/share/minijail/mojo_service_manager.conf \
"$@" \
-S /usr/share/policy/mojo_service_manager.policy \
-- /usr/bin/mojo_service_manager
end script