You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 16
Next »
Introduction
The purpose of this section is to describe the new implemented solution to have a secure containerized RDK build on emulator. This implementation done from the reference of
Raspberry pi platform.
The intent of this page is to be used as a walk-through to all the relevant information present in the section.
Implementation details
Containers layer - meta-rdk-containers:
- Consists of main container image(rdk-generic-hybrid-lxc-image).
- Latest "lxc-container-generator" has been added for container generation at do_rootfs stage.
- Distro feature and latest lxc version updated in qemux86hybsecure.conf.
Emulator layer - meta-rdk-bsp-emulator:
- Added emulator specific package groups and plugins to the container image.
New Container generation process:
This subsection describes how the new container generation process is replacing the earlier process.
- In this process containers will be generated using "lxc-container-generator" recipe, which will use corresponding .xml files to generate containers.
- All dependencies(such as required binaries,libraries,script files) will be provided in each container .XML file.
- For permissions of files "add-users-groups-file-owners-and-permissions.inc" file has been added.
- At rootfs stage containers will be generated in /container path of rootfs.
- Each container will consists of corresponding script (.sh) file for launching that particular container.
- Every process will be launched from corresponding component service file. Single (or) multiple processes can be launched/attached to container.
XML and conf files:
- All required XML and configuration files are placed along with lxc-container-generator recipe in meta-rdk-bsp-emulator layer.
Service files:
- In platformcontrol container:
Three service files added for launching corresponding processes inside container (sysmgr.service, irmgr.service and dsmgr.service) .
- In rmfstreamer container:
rmfstreamer.service file has been added.
Implemented containers
- runs sysmgr,irmgr and dsmgr processes.
- sysmgr will be launched in new container using lxc-execute.
- irmgr and dsmgr processes has been attached to same container using lxc-attach.
Rmfstreamer
- runs rmfstreamer.
- rmfstreamer will be launched in new container using lxc-execute.
Building procedure
- repo init -u https://code.rdkcentral.com/r/manifests -b rdk-next -m rdkv-asp-extsrc.xml
- repo sync --no-tags
- source meta-cmf-bsp-emulator/setup-environment
- meta-rdk-containers/conf/machine/qemux86hybsecure.conf
- bitbake rdk-generic-hybrid-lxc-image
DEBUG Logs
- strace can give more debug information about containers:
Example:
strace -f -o lxc-execute.log /usr/bin/lxc-attach -n PLATFORMCONTROL -f /container/PLATFORMCONTROL/conf/lxc.conf -u 704 -g 704 -- /usr/bin/dsMgrMain
- lxc-execute.log for debugging purpose.
Test cases
- RMFAPP can be used to verify rmfstreamer container.