Configuring communication between QM and ASIL containers¶
Cross-environment communication works similar to communication within the QM partition. In addition to mounting a volume, or storage area, that contains a UNIX domain socket inside the quality-managed (QM) container, you must create another UNIX domain socket in the Automotive Safety Integrity Level (ASIL) partition to enable inter-process communication (IPC) between the QM and ASIL partitions.
Prerequisites
- A custom manifest file, such as the manifest file that you created in Configuring communication between QM containers
- An ASIL container and a QM container that you want to communicate with each other
Procedure
-
To configure IPC between the two containers, update the Quadlet configuration to mount the volumes that contain the UNIX domain sockets in
/var/run/<another-dir>
. In the example code,<your-dir>
isasil-ipc-demo
, but you can name the directory according to your own conventions.-
To connect the
engine
application in the ASIL layer withmy-client-app
in the QM layer, add this line to theengine.container
file to mount the volume where the ASIL socket resides in the container, and set the correct SELinux label:[Container] Volume=/run/ipc/asil:/run/ipc/asil SecurityLabelType=ipc_t
-
Add this line to the
my-client-app.container
file to mount the volume where the ASIL socket resides in the container:[Container] Volume=/run/ipc/asil:/run/ipc/asil SecurityLabelType=qm_container_ipc_t
-
-
Create a Quadlet drop-in configuration for the QM container in the
files/root_fs/qm.container.d/10-extra-volume.conf
file:[Unit] Requires=ipc.socket [Container] Volume=/run/ipc/asil:/run/ipc/asil
Note
QM configuration is built in to the partition and should not be changed. Using drop-in files allows you to make additional modifications to the QM partition without overwriting the inherent configuration settings.
-
Copy the drop-in Quadlet QM configuration file to the image:
-
Add a new
org.osbuild.mkdir
stage in therootfs
pipeline of your manifest file:- type: org.osbuild.mkdir options: paths: - path: /etc/containers/systemd/qm.container.d exist_ok: true parents: true
-
Add a new input item to the
org.osbuild.copy
stage in therootfs
pipeline of your manifest file:- type: org.osbuild.copy inputs: [...] inlinefile4: type: org.osbuild.files origin: org.osbuild.source mpp-embed: id: qm_extra_volume path: ../files/root_fs/qm.container.d/10-extra-volume.conf options: paths: [...] - from: mpp-format-string: input://inlinefile4/{embedded['qm_extra_volume']} to: tree:///etc/containers/systemd/qm.container.d/10-extra-volume.conf
-
-
Optional: To use
systemd
to create a UNIX socket file, create a*.socket
file with the same name as the service with which the socket is associated, such asengine.socket
for the engine service.-
Create the
systemd
socket file infiles/root_fs/engine.socket
:[Unit] Description=An example systemd unix socket [Socket] ListenStream=%t/ipc/asil/ipc.socket RuntimeDirectory=ipc/asil [Install] WantedBy=sockets.target
Note
This step is optional because server application that binds and activates the UNIX socket can manage socket creation. However,
systemd
manages socket creation natively, which ultimately helps service synchronization. -
To enable the application to start after you create the socket, add these lines to the
engine.container
file to create a dependency with thesystemd
socket service:[Unit] Requires=engine.socket After=engine.socket
-
To copy the
systemd
socket file for the QM container into the image, add a new input item to theorg.osbuild.copy
stage in therootfs
pipeline of your manifest file:- type: org.osbuild.copy inputs: [...] inlinefile5: type: org.osbuild.files origin: org.osbuild.source mpp-embed: id: engine_socket path: ../files/root_fs/engine.socket options: paths: [...] - from: mpp-format-string: input://inlinefile5/{embedded['engine_socket']} to: tree:///etc/systemd/system/engine.socket
-
-
Optional: Set the
SELinux
configuration topermissive
in the OSBuild manifest:- type: org.osbuild.selinux.config options: state: permissive
Additional resources