...
- Code Sync /Download
- Creation of XML file
- Include XML file in container generator recipe - lxc-container-generator-native.bbappend
- Providing File permission for the containers
- Allowing D-Bus socket to access the containers (Specific to RDK-B Architecture)
- Building the lxc image
- Flashing the container image
Code Sync/Download
To download code, following commands are needed to be executed
Code Block |
---|
language | bash |
---|
title | Code sync |
---|
|
$ repo init -u <url> -m <manifest file> -b <branch>
$ repo sync -j4 --no-clone-bundle
#Container Branch
$ repo init -u https://code.rdkcentral.com/r/manifests -mb rdkb-raspberrypi.xmlcontainer -bm rdkb-container.xml
$ repo sync -j4 --no-clone-bundle |
Changes needed in Code base
12) Create a *.xml file on the following path meta-cmf-raspberrypi/recipes-containers/lxc-container-generator/files/xml/*.xml
...
Code Block |
---|
language | xml |
---|
title | Example File: lxc_conf_Psm.xml |
---|
|
<?xml version="1.0" encoding="ISO-8859-1"?>
<CONTAINER SandboxName="PSMSSP">
<LxcParams>
<LauncherName>PsmSsp</LauncherName>
<ExecName>/usr/bin/PsmSsp</ExecName>
<ExecParams>-subsys eRT.</ExecParams>
<SystemdNotify create="yes">
<PidFile>/var/tmp/PsmSsp.pid</PidFile>
</SystemdNotify>
<StopFunction enable="true"></StopFunction>
</LxcParams>
<LxcConfig>
- <UserName>psm</UserName>
<GroupName>psm</GroupName>
<CGroupSettings>
<DeviceCgroup>
<DevicesDeny>a</DevicesDeny>
<AllowDefaultDevices enable="yes"/>
</DeviceCgroup>
</CGroupSettings>
<Environment>
<Variable>DBUS_SESSION_BUS_ADDRESS=unix:path=/var/run/dbus/system_bus_socket</Variable>
</Environment>
<Network type="none"></Network>
<Dbus enable="true"></Dbus>
<Rootfs create="yes">
<MountPoints>
<!-- /bin -->
<Entry type="file">
<Source>/bin/sh</Source>
<Destination>bin/sh</Destination>
<Options>ro,bind,nosuid,nodev</Options>
</Entry>
<Entry type="file">
<Source>/usr/bin/PsmSsp</Source>
<Destination>usr/bin/PsmSsp</Destination>
<Options>ro,bind,nosuid,nodev</Options>
</Entry>
<Entry type="file">
<Source>/bin/touch</Source>
<Destination>bin/touch</Destination>
<Options>ro,bind,nosuid,nodev</Options>
</Entry>
<Entry type="file">
<!--rdklogs-->
<Entry type="dir">
<Source>/rdklogs</Source>
<Destination>rdklogs</Destination>
<Options>rw,bind,noexec,nosuid</Options>
</Entry>
</MountPoints>
<LibsRoBindMounts>
<Entry>ld</Entry>
<Entry>libtr181</Entry>
<Entry>libxml2</Entry>
<Entry>libz</Entry>
<Entry>libccsp_common</Entry>
<Entry>libsyscfg</Entry>
<Entry>libsysevent</Entry>
...
<Entry>liblzma</Entry>
<Entry>libdl</Entry>
<Entry>libtinfo</Entry>
</LibsRoBindMounts>
</Rootfs>
</LxcConfig>
</CONTAINER> |
23) Include the lxc_conf_<NAME>.xml file on the bb file meta-cmf-raspberrypi/recipes-containers/lxc-container-generator/lxc-container-generator-native.bbappend
Code Block |
---|
title | Adding XML into recipie |
---|
|
#For example, Adding lxc_conf_Psm.xml to the recipie
SRC_URI_append = "${@bb.utils.contains('DISTRO_FEATURES', 'lxc-secure-containers-br', ' file://xml/lxc_conf_Psm.xml ', '', d)}"
do_install_append () {
${@bb.utils.contains('DISTRO_FEATURES', 'lxc-secure-containers-br', ' install_lxc_config secure lxc_conf_Psm.xml ', '', d)}
} |
34) Provide user permission for the new container to run as unprivileged , in meta-cmf-raspberrypi/recipes-core/images/add-users-groups-file-owners-and-permissions-broadband.inc
...
Code Block |
---|
title | Adding user and permission |
---|
|
EXTRA_USERS_PARAMS += "\
useradd -u <uid> -G dbusgrp -r -s /bin/false <container_user_name> ; \
ROOTFS_CHOWN_SETCAP += " -o <container_user_name>:<container_group_name> -m o-rwx /usr/bin/application_name \n"
---------------------------------------------------------------------------------------------------------------------
#Adding PSM permission
EXTRA_USERS_PARAMS += "\
useradd -u 703 -G dbusgrp -r -s /bin/false psm ; \
ROOTFS_CHOWN_SETCAP += " -o psm:psm -m o-rwx /usr/bin/PsmSsp \n" |
4 5) Dbus socket should allow the newly created conatiner to access system bus, to do so ,we need to add the conatiner user name to system.conf
Code Block |
---|
title | Adding user and permission |
---|
|
#Add the new user name in below line ,
sed -i '/allow user/c\<deny user="*"/>\n<allow user="ccspcr"/>\n<allow user="psm"/>\n<allow user="pandm"/>\n<allow user="ccspwifi"/>\n<allow user="USER_NAME"/>\n<allow user="ccsplmlite"/>\n<allow user="root"/>' ${D}/usr/share/dbus-1/system.conf
|
6) Compile/build
Go to the <workspace>
Code Block |
---|
|
$ cd <workspace>
|
...