RDK Resources
[*RDK Preferred*]
Code Management Facility
RDK Forums
[RDK Conferences]
RDK Support
Archives
Papers & Presentations Archive
Page History
...
This document explains about how to build RDKB containerization image and use it. In addition it also has some useful commands which can be used to handle the containers
Procedure to create new container
...
1) Create a *.xml file on the following path meta-cmf-raspberrypi/recipes-containers/lxc-container-generator/files/xml/*.xml
...
with Build steps
The code is developed and changes made in necessary files for containerization.
Code Sync/Download
To download code, following commands are needed to be executed
| Code Block | ||||
|---|---|---|---|---|
| ||||
$ repo init -u https://code.rdkcentral.com/r/manifests -m rdkb-raspberrypi.xml -b morty
$ repo sync -j4 --no-clone-bundle |
Changes needed in Code base
1) Create a *.xml file on the following path meta-
...
cmf-raspberrypi/recipes-containers/lxc-container-generator/files/xml/*.xml
| Code Block | ||
|---|---|---|
| ||
<?xml version="1.0" encoding="ISO-8859-1"?>
<CONTAINER SandboxName="CONTAINER_FOLDER_NAME">
<LxcParams>
<LauncherName>"LAUNCHER_SCRIPT_NAME"</LauncherName>
<ExecName>"APPLICATION_NAME_WITH_PATH"</ExecName>
<ExecParams>"COMMAND_LINE_ARGUMENTS"</ExecParams>
<SystemdNotify create="yes">
<PidFile>"PID_FILE_WITH_PATH"</PidFile>
</SystemdNotify>
<StopFunction enable="true"></StopFunction>
</LxcParams>
<LxcConfig>
- <UserName>"USER_NAME"</UserName>
<GroupName>"GROUP_NAME"</GroupName>
<CGroupSettings>
<DeviceCgroup>
<DevicesDeny>a</DevicesDeny>
<AllowDefaultDevices enable="yes"/>
</DeviceCgroup>
</CGroupSettings>
<Environment>
<Variable>DBUS_SESSION_BUS_ADDRESS=unix:path=/var/run/dbus/system_bus_socket</Variable>
</Environment>
<Network type="none"></Network>
<Dbus enable="true"></Dbus>
<Rootfs create="yes">
<MountPoints>
<!-- /bin -->
<Entry type="file">
<Source>/bin/sh</Source>
<Destination>bin/sh</Destination>
<Options>ro,bind,nosuid,nodev</Options>
</Entry>
<!-- /proc -->
<Entry type="dir">
<Source>proc</Source>
<Destination>proc</Destination>
<FsType>proc</FsType>
<Options>defaults,noexec,nosuid,nodev,hidepid=2</Options>
</Entry>
</MountPoints>
<LibsRoBindMounts>
<Entry>ld</Entry>
<Entry>libtr181</Entry>
<Entry>libxml2</Entry>
<Entry>libz</Entry>
<Entry>libccsp_common</Entry>
</LibsRoBindMounts>
</Rootfs>
</LxcConfig>
</CONTAINER>
----------------------------------------------------------------------------------------------------------------------
For example, lxc_conf_Psm.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<CONTAINER SandboxName="PSMSSP">
<LxcParams>
<LauncherName>PsmSsp</LauncherName>
<ExecName>/usr/bin/PsmSsp</ExecName>
<ExecParams>-subsys eRT.</ExecParams>
<SystemdNotify create="yes">
<PidFile>/var/tmp/PsmSsp.pid</PidFile>
</SystemdNotify>
<StopFunction enable="true"></StopFunction>
</LxcParams>
<LxcConfig>
- <UserName>psm</UserName>
<GroupName>psm</GroupName>
<CGroupSettings>
<DeviceCgroup>
<DevicesDeny>a</DevicesDeny>
<AllowDefaultDevices enable="yes"/>
</DeviceCgroup>
</CGroupSettings>
<Environment>
<Variable>DBUS_SESSION_BUS_ADDRESS=unix:path=/var/run/dbus/system_bus_socket</Variable>
</Environment>
<Network type="none"></Network>
<Dbus enable="true"></Dbus>
<Rootfs create="yes">
<MountPoints>
<!-- /bin -->
<Entry type="file">
<Source>/bin/sh</Source>
<Destination>bin/sh</Destination>
<Options>ro,bind,nosuid,nodev</Options>
</Entry>
<Entry type="file">
<Source>/usr/bin/PsmSsp</Source>
<Destination>usr/bin/PsmSsp</Destination>
<Options>ro,bind,nosuid,nodev</Options>
</Entry>
<Entry type="file">
<Source>/bin/touch</Source>
<Destination>bin/touch</Destination>
<Options>ro,bind,nosuid,nodev</Options>
</Entry>
<Entry type="file">
<!--rdklogs-->
<Entry type="dir">
<Source>/rdklogs</Source>
<Destination>rdklogs</Destination>
<Options>rw,bind,noexec,nosuid</Options>
</Entry>
</MountPoints>
<LibsRoBindMounts>
<Entry>ld</Entry>
<Entry>libtr181</Entry>
<Entry>libxml2</Entry>
<Entry>libz</Entry>
<Entry>libccsp_common</Entry>
<Entry>libsyscfg</Entry>
<Entry>libsysevent</Entry>
...
<Entry>liblzma</Entry>
<Entry>libdl</Entry>
<Entry>libtinfo</Entry>
</LibsRoBindMounts>
</Rootfs>
</LxcConfig>
</CONTAINER>
|
2) Include the lxc_conf_Psm<NAME>.xml file on SRC_URI of the bb file meta-cmf-raspberrypi/recipes-containers/lxc-container-generator/lxc-container-generator-native.bbappend
| Code Block | ||
|---|---|---|
| ||
#For example, Adding lxc_conf_Psm.xml to the recipie
SRC_URI_append = "${@bb.utils.contains('DISTRO_FEATURES', 'lxc-secure-containers-br', ' file://xml/lxc_conf_Psm.xml ', '', d)}"
do_install_append () {
${@bb.utils.contains('DISTRO_FEATURES', 'lxc-secure-containers-br', ' install_lxc_config secure lxc_conf_Psm.xml ', '', d)}
} |
3) Add the un-privileged user permission Provide user permission for the new container to run as unprivileged , in meta-cmf-raspberrypi/recipes-core/images/add-users-groups-file-owners-and-permissions-broadband.inc
...
4) Dbus socket should allow the newly created conatiner to access system bus, to do so ,we need to add the conatiner conatiner user name to system.conf
| Code Block | ||
|---|---|---|
| ||
#Add sed the new user name in below line , sed -i '/allow user/c\<deny user="*"/>\n<allow user="ccspcr"/>\n<allow user="psm"/>\n<allow user="pandm"/>\n<allow user="ccspwifi"/>\n<allow user="USER_NAME"/>\n<allow user="ccsplmlite"/>\n<allow user="root"/>' ${D}/usr/share/dbus-1/system.conf |
Build steps
The code is developed and changes made in necessary files for containerization.
Code Sync/Download
To download code, following commands are needed to be executed
| Code Block | ||||
|---|---|---|---|---|
| ||||
$ repo init -u https://code.rdkcentral.com/r/manifests -m rdkb-raspberrypi.xml -b morty
$ repo sync -j4 --no-clone-bundle |
Compile/build
Go to the <workspace>
...
Overview
Community Forums
Content Tools
Tasks