1# 2# Copyright (C) 2013 The Android Open Source Project 3# 4# Licensed under the Apache License, Version 2.0 (the "License"); 5# you may not use this file except in compliance with the License. 6# You may obtain a copy of the License at 7# 8# http://www.apache.org/licenses/LICENSE-2.0 9# 10# Unless required by applicable law or agreed to in writing, software 11# distributed under the License is distributed on an "AS IS" BASIS, 12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13# See the License for the specific language governing permissions and 14# limitations under the License. 15# 16 17description "Run the netfilter-queue-helper multicast firewall extension" 18author "chromium-os-dev@chromium.org" 19 20start on started system-services 21stop on stopping system-services 22respawn 23 24script 25 EXEC_NAME="/usr/sbin/netfilter-queue-helper" 26 . /usr/sbin/netfilter-common 27 28 # use minijail (drop root, keep CAP_NET_ADMIN) 29 exec minijail0 -u nfqueue -g nfqueue -c 1000 \ 30 -S /usr/share/policy/nfqueue-seccomp.policy -n \ 31 ${EXEC_NAME} \ 32 --input-queue=${NETFILTER_INPUT_NFQUEUE} \ 33 --output-queue=${NETFILTER_OUTPUT_NFQUEUE} 34end script 35