| // The only difference between test-fshost.cml and the main fshost.cml is that the main one has |
| // main_process_critical, but we can't set that flag in tests. |
| // TODO(fxbug.dev/73189): template the two cml files so they don't fall out of sync. |
| // IMPORTANT: this means any changes made here should be made in test-fshost.cml |
| { |
| include: [ |
| "sdk/lib/diagnostics/inspect/client.shard.cml", |
| "sdk/lib/diagnostics/syslog/client.shard.cml", |
| ], |
| program: { |
| runner: "elf", |
| binary: "bin/fshost", |
| lifecycle: { stop_event: "notify" }, |
| main_process_critical: "true", |
| }, |
| capabilities: [ |
| { |
| directory: "pkgfs-delayed", |
| rights: [ "rx*" ], |
| path: "/delayed/fs/pkgfs", |
| }, |
| { |
| directory: "system-delayed", |
| rights: [ "rx*" ], |
| path: "/delayed/fs/system", |
| }, |
| { |
| directory: "bin", |
| rights: [ "rx*" ], |
| path: "/fs/bin", |
| }, |
| { |
| directory: "blob", |
| rights: [ "rw*" ], |
| path: "/fs/blob", |
| }, |
| { |
| directory: "factory", |
| rights: [ "r*" ], |
| path: "/fs/factory", |
| }, |
| { |
| directory: "durable", |
| rights: [ "rw*" ], |
| path: "/fs/durable", |
| }, |
| { |
| directory: "minfs", |
| rights: [ "rw*" ], |
| path: "/fs/data", |
| }, |
| { |
| directory: "install", |
| rights: [ "rw*" ], |
| path: "/fs/install", |
| }, |
| { |
| directory: "pkgfs", |
| rights: [ |
| "execute", |
| "rw*", |
| ], |
| path: "/fs/pkgfs", |
| }, |
| { |
| directory: "config-data", |
| rights: [ "r*" ], |
| path: "/delayed/fs/pkgfs/packages/config-data/0/meta/data", |
| }, |
| { |
| directory: "root-ssl-certificates", |
| rights: [ "r*" ], |
| path: "/delayed/fs/pkgfs/packages/root_ssl_certificates/0/data", |
| }, |
| { |
| directory: "build-info", |
| rights: [ "r*" ], |
| path: "/delayed/fs/pkgfs/packages/build-info/0/data", |
| }, |
| { |
| directory: "system", |
| rights: [ "rx*" ], |
| path: "/fs/system", |
| }, |
| { |
| directory: "tmp", |
| rights: [ |
| "admin", |
| "rw*", |
| ], |
| path: "/fs/tmp", |
| }, |
| |
| // TODO: this volume directory is only used by the paver lib in netsvc under |
| // devcoordinator. The paver lib could create its own memfs instead, so |
| // this should eventually be removed. |
| { |
| directory: "volume", |
| rights: [ |
| "admin", |
| "rw*", |
| ], |
| path: "/fs/volume", |
| }, |
| { |
| protocol: "fuchsia.fshost.Filesystems", |
| path: "/fs-manager-svc/fuchsia.fshost.Filesystems", |
| }, |
| { |
| protocol: "fuchsia.fshost.Registry", |
| path: "/fs-manager-svc/fuchsia.fshost.Registry", |
| }, |
| { |
| protocol: [ |
| "fuchsia.fshost.Admin", |
| "fuchsia.fshost.BlockWatcher", |
| "fuchsia.fshost.Loader", |
| |
| // This service is forwarded from blobfs when blobfs is present. |
| "fuchsia.update.verify.BlobfsVerifier", |
| ], |
| }, |
| ], |
| use: [ |
| { |
| directory: "dev", |
| rights: [ "rw*" ], |
| path: "/dev", |
| }, |
| { |
| directory: "boot", |
| rights: [ "rx*" ], |
| path: "/boot", |
| }, |
| { |
| protocol: [ |
| "fuchsia.boot.Arguments", |
| "fuchsia.boot.Items", |
| "fuchsia.boot.WriteOnlyLog", |
| "fuchsia.cobalt.LoggerFactory", |
| "fuchsia.device.manager.Administrator", |
| "fuchsia.process.Launcher", |
| "fuchsia.tracing.provider.Registry", |
| ], |
| }, |
| |
| // Use fuchsia.kernel.VmexResource but locate it under a separate directory in fshost's |
| // namespace. This enables providing the service only to the blobfs process but not other |
| // filesystems. fshost should not use this itself, only provide to blobfs. |
| // TODO: Once blobfs is a component this can be routed directly to it. |
| { |
| protocol: "fuchsia.kernel.VmexResource", |
| path: "/svc_blobfs/fuchsia.kernel.VmexResource", |
| }, |
| { |
| protocol: "fuchsia.scheduler.ProfileProvider", |
| path: "/svc_blobfs/fuchsia.scheduler.ProfileProvider", |
| }, |
| { |
| protocol: "fuchsia.blobfs.internal.DecompressorCreator", |
| path: "/svc_blobfs/fuchsia.blobfs.internal.DecompressorCreator", |
| }, |
| ], |
| expose: [ |
| { |
| directory: "pkgfs-delayed", |
| from: "self", |
| }, |
| { |
| directory: "system-delayed", |
| from: "self", |
| }, |
| { |
| directory: "bin", |
| from: "self", |
| }, |
| { |
| directory: "blob", |
| from: "self", |
| }, |
| { |
| directory: "factory", |
| from: "self", |
| }, |
| { |
| directory: "durable", |
| from: "self", |
| }, |
| { |
| directory: "minfs", |
| from: "self", |
| }, |
| { |
| directory: "install", |
| from: "self", |
| }, |
| { |
| directory: "pkgfs", |
| from: "self", |
| }, |
| { |
| directory: "config-data", |
| from: "self", |
| }, |
| { |
| directory: "root-ssl-certificates", |
| from: "self", |
| }, |
| { |
| directory: "build-info", |
| from: "self", |
| }, |
| { |
| directory: "system", |
| from: "self", |
| }, |
| { |
| directory: "tmp", |
| from: "self", |
| }, |
| { |
| directory: "volume", |
| from: "self", |
| }, |
| { |
| protocol: [ |
| "fuchsia.fshost.Admin", |
| "fuchsia.fshost.BlockWatcher", |
| "fuchsia.fshost.Filesystems", |
| "fuchsia.fshost.Registry", |
| "fuchsia.update.verify.BlobfsVerifier", |
| ], |
| from: "self", |
| }, |
| |
| // This service name is breaking the convention whereby the directory entry |
| // name matches the protocol name. This is an implementation of |
| // fuchsia.ldsvc.Loader, and is renamed to make it easier to identify that |
| // this implementation comes from fshost. |
| // TODO(fxbug.dev/34633): This service is deprecated and should only be routed to |
| // devcoordinator |
| { |
| protocol: "fuchsia.fshost.Loader", |
| from: "self", |
| }, |
| ], |
| } |
