Versions Compared

Old Version 21

changes.mady.by.user Z-Rajakumaran A

Saved on

compared with

New Version 22

changes.mady.by.user Z-Rajakumaran A

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagebash
titleCode sync
$ repo init -u <url> -m <manifest file> -b <branch>
$ repo sync -j4 --no-clone-bundle

#Container Branch 
$ repo init -u https://code.rdkcentral.com/r/manifests -b rdkb-container -m rdkb-container.xml
$ repo sync -j4 --no-clone-bundle

Changes needed in Code base

Creation of XML file

2) Create a *.xml file on the following path meta-cmf-raspberrypi/recipes-containers/lxc-container-generator/files/xml/*.xml

...

Code Block
languagexml
titleExample File: lxc_conf_Psm.xml 
<?xml version="1.0" encoding="ISO-8859-1"?>

<CONTAINER  SandboxName="PSMSSP">
    <LxcParams>
        <LauncherName>PsmSsp</LauncherName>
        <ExecName>/usr/bin/PsmSsp</ExecName>
        <ExecParams>-subsys eRT.</ExecParams>
                <SystemdNotify create="yes">
                        <PidFile>/var/tmp/PsmSsp.pid</PidFile>
                </SystemdNotify>
        <StopFunction enable="true"></StopFunction>
    </LxcParams>
        <LxcConfig>
-        <UserName>psm</UserName>
        <GroupName>psm</GroupName> 
        <CGroupSettings>
            <DeviceCgroup>
                <DevicesDeny>a</DevicesDeny>
                <AllowDefaultDevices enable="yes"/>
            </DeviceCgroup>
        </CGroupSettings>
                <Environment>
                   <Variable>DBUS_SESSION_BUS_ADDRESS=unix:path=/var/run/dbus/system_bus_socket</Variable>
                </Environment>


        <Network type="none"></Network>
                <Dbus enable="true"></Dbus>
        <Rootfs create="yes">
            <MountPoints>
<!-- /bin -->
                <Entry type="file">
                    <Source>/bin/sh</Source>
                    <Destination>bin/sh</Destination>
                    <Options>ro,bind,nosuid,nodev</Options>
                </Entry>
                <Entry type="file">
                    <Source>/usr/bin/PsmSsp</Source>
                    <Destination>usr/bin/PsmSsp</Destination>
                    <Options>ro,bind,nosuid,nodev</Options>
                </Entry>

                <Entry type="file">
                    <Source>/bin/touch</Source>
                    <Destination>bin/touch</Destination>
                    <Options>ro,bind,nosuid,nodev</Options>
                </Entry>
                <Entry type="file">
  

<!--rdklogs-->
                <Entry type="dir">
                                        <Source>/rdklogs</Source>
                                        <Destination>rdklogs</Destination>
                                        <Options>rw,bind,noexec,nosuid</Options>
                 </Entry>

            </MountPoints>

            <LibsRoBindMounts>
                <Entry>ld</Entry>
                <Entry>libtr181</Entry>
                <Entry>libxml2</Entry>
                <Entry>libz</Entry>
                <Entry>libccsp_common</Entry>
                <Entry>libsyscfg</Entry>
                <Entry>libsysevent</Entry>
				 ...
                <Entry>liblzma</Entry>
                <Entry>libdl</Entry>
                <Entry>libtinfo</Entry>
            
            </LibsRoBindMounts>
        </Rootfs>
</LxcConfig>
</CONTAINER>


Include XML file in container generator recipe - lxc-container-generator-native.bbappend

3) Include the lxc_conf_<NAME>.xml file on the bb file meta-cmf-raspberrypi/recipes-containers/lxc-container-generator/lxc-container-generator-native.bbappend

Code Block
titleAdding XML into recipie
#For example, Adding lxc_conf_Psm.xml to the recipie

SRC_URI_append = "${@bb.utils.contains('DISTRO_FEATURES', 'lxc-secure-containers-br', ' file://xml/lxc_conf_Psm.xml ', '', d)}"

do_install_append () {
    ${@bb.utils.contains('DISTRO_FEATURES', 'lxc-secure-containers-br', ' install_lxc_config secure lxc_conf_Psm.xml ', '', d)}
}


Providing File permission for the containers

4)  Provide user permission  for the new container to run as unprivileged , in meta-cmf-raspberrypi/recipes-core/images/add-users-groups-file-owners-and-permissions-broadband.inc

...

Code Block
titleAdding user and permission
EXTRA_USERS_PARAMS += "\
    useradd -u <uid> -G dbusgrp                            -r -s /bin/false <container_user_name>           ; \

   ROOTFS_CHOWN_SETCAP += " -o <container_user_name>:<container_group_name> -m o-rwx /usr/bin/application_name     \n"     

---------------------------------------------------------------------------------------------------------------------
#Adding PSM permission

 EXTRA_USERS_PARAMS += "\
    useradd -u 703 -G dbusgrp                            -r -s /bin/false psm           ; \

   ROOTFS_CHOWN_SETCAP += " -o psm:psm -m o-rwx /usr/bin/PsmSsp     \n"


Allowing D-Bus socket to access the containers (Specific to RDK-B Architecture)

 Dbus  5)  Dbus socket should allow the newly created conatiner to access system bus, to do so ,we need to add the conatiner user name  to system.conf

Code Block
titleAdding user and permission
#Add the new user name in below line ,

sed -i '/allow user/c\<deny user="*"/>\n<allow user="ccspcr"/>\n<allow user="psm"/>\n<allow user="pandm"/>\n<allow user="ccspwifi"/>\n<allow user="USER_NAME"/>\n<allow user="ccsplmlite"/>\n<allow user="root"/>' ${D}/usr/share/dbus-1/system.conf

Building the lxc image

...

Compile/build

Go to the <workspace>

Code Block
languagebash
$ cd <workspace>

...

raspberrypi-rdk-broadband-lxcrdk-generic-broadband-lxc-image_default_20190327101556.rootfs.rpi-sdimg

Flashing the container image

Command to flash the image

...