service microdroid_manager /system/bin/microdroid_manager
    disabled
    # print android log to kmsg
    file /dev/kmsg w
    # redirect stdout/stderr to kmsg_debug
    stdio_to_kmsg
    setenv RUST_LOG info
    # TODO(jooyung) remove this when microdroid_manager becomes a daemon
    oneshot
    # CAP_SYS_BOOT is required to exec kexecload from microdroid_manager
    # CAP_SETPCAP is required to allow microdroid_manager to drop capabilities
    #   before executing the payload
    capabilities AUDIT_CONTROL SYS_ADMIN SYS_BOOT SETPCAP SETUID SETGID
    user root
    socket vm_payload_service stream 0666 system system