RDK Resources
[*RDK Preferred*]
Code Management Facility
RDK Forums
[RDK Conferences]
RDK Support
Archives
Papers & Presentations Archive
...
The code is developed and changes made in necessary files for containerization.
Below are the list of steps that needs to performed for creating a container for any component or application
To download code, following commands are needed to be executed
To download code, following commands are needed to be executed
Code Block | ||||
---|---|---|---|---|
| ||||
$ repo init -u <url> -m <manifest file> -b <branch>
$ repo sync -j4 --no-clone-bundle
#Container Branch
$ repo init -u https://code.rdkcentral.com/r/manifests -b rdkb-container -m rdkb-container.xml | ||||
Code Block | ||||
| ||||
$ repo init -u https://code.rdkcentral.com/r/manifests -m rdkb-raspberrypi.xml -b morty
$ repo sync -j4 --no-clone-bundle |
1) Create a *.xml file on the following path meta-cmf-raspberrypi/recipes-containers/lxc-container-generator/files/xml/*.xml
This xml file would describe the following parameters for an container generation
Code Block | ||
---|---|---|
Code Block | ||
| ||
<?xml version="1.0" encoding="ISO-8859-1"?>
<CONTAINER SandboxName="CONTAINER_FOLDER_NAME">
<LxcParams>
<LauncherName>"LAUNCHER_SCRIPT_NAME"</LauncherName>
<ExecName>"APPLICATION_NAME_WITH_PATH"</ExecName>
<ExecParams>"COMMAND_LINE_ARGUMENTS"</ExecParams>
<SystemdNotify create="yes">
<PidFile>"PID_FILE_WITH_PATH"</PidFile>
</SystemdNotify>
<StopFunction enable="true"></StopFunction>
</LxcParams>
<LxcConfig>
- <UserName>"USER_NAME"</UserName>
<GroupName>"GROUP_NAME"</GroupName>
<CGroupSettings>
<DeviceCgroup>
<DevicesDeny>a</DevicesDeny>
<AllowDefaultDevices enable="yes"/>
</DeviceCgroup>
</CGroupSettings>
<Environment>
<Variable>DBUS_SESSION_BUS_ADDRESS=unix:path=/var/run/dbus/system_bus_socket</Variable>
</Environment>
<Network type="none"></Network>
<Dbus enable="true"></Dbus>
<Rootfs create="yes">
<MountPoints>
<!-- /bin -->
<Entry type="file">
<Source>/bin/sh</Source>
<Destination>bin/sh</Destination>
<Options>ro,bind,nosuid,nodev</Options>
</Entry>
<!-- /proc -->
<Entry type="dir">
<Source>proc</Source>
<Destination>proc</Destination>
<FsType>proc</FsType>
<Options>defaults,noexec,nosuid,nodev,hidepid=2</Options>
</Entry>
</MountPoints>
<LibsRoBindMounts>
<Entry>ld</Entry>
<Entry>libtr181</Entry>
<Entry>libxml2</Entry>
<Entry>libz</Entry>
<Entry>libccsp_common</Entry>
</LibsRoBindMounts>
</Rootfs>
</LxcConfig>
</CONTAINER>
----------------------------------------------------------------------------------------------------------------------
For example, |
Code Block | ||||
---|---|---|---|---|
| ||||
<?xml version="1.0" encoding="ISO-8859-1"?> <CONTAINER SandboxName="PSMSSP"> <LxcParams> <LauncherName>PsmSsp</LauncherName> <ExecName>/usr/bin/PsmSsp</ExecName> <ExecParams>-subsys eRT.</ExecParams> <SystemdNotify create="yes"> <PidFile>/var/tmp/PsmSsp.pid</PidFile> </SystemdNotify> <StopFunction enable="true"></StopFunction> </LxcParams> <LxcConfig> - <UserName>psm</UserName> <GroupName>psm</GroupName> <CGroupSettings> <DeviceCgroup> <DevicesDeny>a</DevicesDeny> <AllowDefaultDevices enable="yes"/> </DeviceCgroup> </CGroupSettings> <Environment> <Variable>DBUS_SESSION_BUS_ADDRESS=unix:path=/var/run/dbus/system_bus_socket</Variable> </Environment> <Network type="none"></Network> <Dbus enable="true"></Dbus> <Rootfs create="yes"> <MountPoints> <!-- /bin --> <Entry type="file"> <Source>/bin/sh</Source> <Destination>bin/sh</Destination> <Options>ro,bind,nosuid,nodev</Options> </Entry> <Entry type="file"> <Source>/usr/bin/PsmSsp</Source> <Destination>usr/bin/PsmSsp</Destination> <Options>ro,bind,nosuid,nodev</Options> </Entry> <Entry type="file"> <Source>/bin/touch</Source> <Destination>bin/touch</Destination> <Options>ro,bind,nosuid,nodev</Options> </Entry> <Entry type="file"> <!--rdklogs--> <Entry type="dir"> <Source>/rdklogs</Source> <Destination>rdklogs</Destination> <Options>rw,bind,noexec,nosuid</Options> </Entry> </MountPoints> <LibsRoBindMounts> <Entry>ld</Entry> <Entry>libtr181</Entry> <Entry>libxml2</Entry> <Entry>libz</Entry> <Entry>libccsp_common</Entry> <Entry>libsyscfg</Entry> <Entry>libsysevent</Entry> ... <Entry>liblzma</Entry> <Entry>libdl</Entry> <Entry>libtinfo</Entry> </LibsRoBindMounts> </Rootfs> </LxcConfig> </CONTAINER> |
2) Include the lxc_conf_<NAME>.xml file on the bb file meta-cmf-raspberrypi/recipes-containers/lxc-container-generator/lxc-container-generator-native.bbappend
Code Block | ||
---|---|---|
| ||
#For example, Adding lxc_conf_Psm.xml to the recipie SRC_URI_append = "${@bb.utils.contains('DISTRO_FEATURES', 'lxc-secure-containers-br', ' file://xml/lxc_conf_Psm.xml ', '', d)}" do_install_append () { ${@bb.utils.contains('DISTRO_FEATURES', 'lxc-secure-containers-br', ' install_lxc_config secure lxc_conf_Psm.xml ', '', d)} } |
3) Provide user permission for the new container to run as unprivileged , in meta-cmf-raspberrypi/recipes-core/images/add-users-groups-file-owners-and-permissions-broadband.inc
...
Code Block | ||
---|---|---|
| ||
EXTRA_USERS_PARAMS += "\ useradd -u <uid> -G dbusgrp -r -s /bin/false <container_user_name> ; \ ROOTFS_CHOWN_SETCAP += " -o <container_user_name>:<container_group_name> -m o-rwx /usr/bin/application_name \n" --------------------------------------------------------------------------------------------------------------------- #Adding PSM permission EXTRA_USERS_PARAMS += "\ useradd -u 703 -G dbusgrp -r -s /bin/false psm ; \ ROOTFS_CHOWN_SETCAP += " -o psm:psm -m o-rwx /usr/bin/PsmSsp \n" |
Dbus 4) Dbus socket should allow the newly created conatiner to access system bus, to do so ,we need to add the conatiner user name to system.conf
Code Block | ||
---|---|---|
| ||
#Add the new user name in below line , sed -i '/allow user/c\<deny user="*"/>\n<allow user="ccspcr"/>\n<allow user="psm"/>\n<allow user="pandm"/>\n<allow user="ccspwifi"/>\n<allow user="USER_NAME"/>\n<allow user="ccsplmlite"/>\n<allow user="root"/>' ${D}/usr/share/dbus-1/system.conf |
Go to the <workspace>
...
raspberrypi-rdk-broadband-lxcrdk-generic-broadband-lxc-image_default_20190327101556.rootfs.rpi-sdimg
...
5530 | root | 0.00 | /usr/bin/lxc-execute -n PSMSSP -f /container/PSMSSP/conf/lxc.conf -- /usr/bin/PsmSsp -subsys eRT . |
5534 | psm | 0.00 | /init.lxc.static –gid 705 –uid 705 -- /usr/bin/PsmSsp -subsys eRT . |
6433 | root | 0.00 | /usr/bin/lxc-execute -n CCSPPANDM -f /container/CCSPPANDM/conf/lxc.conf -- /usr/bin/gw_prov_utopia |
6435 | pandm | 0.00 | /init.lxc.static –gid 706 –uid 706 -- /usr/bin/gw_prov_utopia |
6520 | root | 0.00 | /usr/bin/lxc-execute -n DBUS -f /container/DBUS/conf/lxc.conf -- /usr/bin/dbus-daemon –system –nofork –nopidfile –systemd-activation |
6532 | dbus | 0.00 | /init.lxc.static –gid 703 –uid 703 -- /usr/bin/dbus-daemon –system –nofork –nopidfile –systemd-activation |
6574 | root | 0.00 | /usr/bin/lxc-execute -n CCSPCR -f /container/CCSPCR/conf/lxc.conf -- /usr/bin/CcspCrSsp -subsys eRT . |
6577 | ccspcr | 0.00 | /init.lxc.static –gid 704 –uid 704 -- /usr/bin/CcspCrSsp -subsys eRT . |
6737 | root | 0.00 | grep lxc |
Due to some limitations in invoking wifi driver with container permission, ccspwifi container has to be run manually in latest environment with below procedure
...