You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 10
Next »
Summary
The purpose of this section is to describe the new implemented solution to have a secure containerized RDK build on emulator. This implementation done from the reference of
Raspberry pi platform.
The intent of this page is to be used as a walk-through to all the relevant information present in the section.
Detailed organization
The section is organized in two main subsections, as the following:
- Implementation details: here is described all the relevant developments to have containers working.
- Implemented containers: here is detailed information about each container that is already implemented.
- Building procedure.
Most of the information is present in Implementation details, that is organized as the following:
- Containers layer - meta-rdk-containers: The main container image(rdk-generic-hybrid-lxc-image) is taken from this layer. Modifications made to this image file so that it
will be using latest "lxc-container-generator" for container generation at do_rootfs stage.
Distro feature and lxc preferred version also updated in qemux86hybsecure.conf of this layer. - Emulator layer - meta-rdk-bsp-emulator: This layer has been used for adding emulator specific package groups and plugins to the container image.
Container generation process:
This subsection describes how the new container generation process is replacing the earlier process. Main focus in the following topics:
- In this process containers will be generated using "lxc-container-generator" recipe which will use corresponding .xml files to generate containers. Here all dependencies(such as required binaries,libraries,script files) will be provided in each container .XML file.
- For permissions of files we also maintain separate "add-users-groups-file-owners-and-permissions.inc" file.
- While doing rootfs this lxc-container-generator-native component will generate containers in /container path of rootfs.
- Each container will consists of corresponding script (.sh) file for launching that particular container.
- Here every process will be launched from corresponding component service file. Single (or) multiple processes can be launched/attached to container.
- XML and conf files: All required XML and configuration files are placed along with lxc-container-generator recipe in meta-rdk-bsp-emulator layer.
Service files: - In platformcontrol container: As we are running three processes we need three service files for launching these processes inside container.
- Three services are
- sysmgr.service
- irmgr.service
- dsmgr.service
- In rmfstreamer container: As we are launching rmfstreamer process we need
rmfstreamer.service
Note: All these service files are overridden in corresponding receipe .bbappend files based on distro feature "lxc-secure-containers" . - For exmaple sysmgr.service,irmgr.service and dsmgr.service files are overridden in iarmmgrs_git.bbappend file in meta-rdk-bsp-emulator.
- rmfstreamer.service file overridden in rmfstreamer_git.bbappend in meta-rdk-bsp-emulator.
Implemented containers is updated with all containers that are already implemented. Currently, the following ones are available:
- platformcontrol: runs sysmgr,irmgr and dsmgr processes;
- rmfstreamer: runs rmfstreamer;
- wpelauncher: runs wpelauncher;
Now deprecated. So trying to replace this container with rdkbrowser2.
Building procedure:
- repo init -u https://code.rdkcentral.com/r/manifests -b rdk-next -m rdkv-asp-extsrc.xml
- repo sync --no-tags
- source meta-cmf-bsp-emulator/setup-environment
- meta-rdk-containers/conf/machine/qemux86hybsecure.conf
- bitbake rdk-generic-hybrid-lxc-image