realtime: add --realtime to setup

By default realtime is False but users will have the option to set it to True user setup --realtime Signed-off-by: Douglas Schilling Landgraf <[email protected]>
containers · Jan 19, 2025 · ff98496 · ff98496
1 parent 4f3a2eb
commit ff98496
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 3 deletions.
diff --git a/rpm/qm.spec b/rpm/qm.spec
@@ -108,7 +108,6 @@ install -d %{buildroot}%{_sysconfdir}/containers/containers.conf.d
 %_format MODULES %{_datadir}/selinux/packages/$x.pp.bz2
 %selinux_modules_install -s %{selinuxtype} $MODULES
 # Execute the script to create seccomp rules after the package is installed
-/usr/share/qm/create-seccomp-rules
 /usr/share/qm/comment-tz-local # FIX-ME GH-issue: 367
 modprobe ip_tables # podmand netavark requires at host to load
 

diff --git a/setup b/setup
@@ -1,4 +1,4 @@
-#!/bin/bash -ex
+#!/bin/bash
 #
 # This setup script is an unofficial solution designed to deploy QM in
 # non-automotive environments like baremetal, desktop, or CICD.
@@ -11,6 +11,8 @@
 # Globals
 SYSTEMCTL_SKIP="N"
 REMOVE_QM_ROOTFS="N"
+REALTIME="N"
+QM_CONTAINER_CONF="/usr/share/containers/systemd/qm.container"
 INSTALLDIR="/usr/share/qm"
 QM_ROOTFS_TOOL="${INSTALLDIR}/qm-rootfs"
 ROOTFS="/usr/lib/qm/rootfs"
@@ -33,6 +35,7 @@ CMDLINE_ARGUMENT_LIST=(
   "rwetcfs"
   "rwvarfs"
   "skip-systemctl"
+  "realtime"
 )
 
 root_check() {
@@ -42,6 +45,16 @@ root_check() {
     fi
 }
 
+realtime_check() {
+    if [ "$1" == "N" ]; then
+	# Creates seccomp rules, do not use with realtime OS
+        /usr/share/qm/create-seccomp-rules
+    else
+	sed -i '/^SeccompProfile=\/usr\/share\/qm\/seccomp\.json/s/^/#/' "${QM_CONTAINER_CONF}"
+    fi
+}
+
+
 usage()
 {
    echo "This script is an unofficial solution designed to deploy QM in"
@@ -62,6 +75,8 @@ usage()
    echo "--rwvarfs             set rwvarfs (default: /var/qm)"
    echo "--skip-systemctl      skip systemctl daemon commands (default: false)"
    echo "--hostname            custom agent hostname to use (default: \$\(hostname\))"
+   echo -e "--realtime	      set requirements for realtime OS.\n\t\t"\
+                              "     i.e: NOT enabling seccomp rules to sched_setscheduler()\n\t\t      and sched_setattr()"
    echo "--remove-qm-rootfs    WARNING: remove qm rootfs created during setup"
    echo
    echo "Example:"
@@ -203,7 +218,7 @@ EOF
 
 # read command line arguments
 opts=$(getopt \
-  --longoptions "$(printf "help,skip-systemctl,remove-qm-rootfs,%s:," "${CMDLINE_ARGUMENT_LIST[@]}")" \
+  --longoptions "$(printf "help,realtime,skip-systemctl,remove-qm-rootfs,%s:," "${CMDLINE_ARGUMENT_LIST[@]}")" \
   --name "$(basename "$0")" \
   --options "" \
   -- "$@"
@@ -236,6 +251,10 @@ while [[ $# -gt 0 ]]; do
       SYSTEMCTL_SKIP="Y"
       shift
       ;;
+    --realtime)
+      REALTIME="Y"
+      shift
+      ;;
     --hostname)
       AGENT_HOSTNAME="${2}"
       shift 2
@@ -261,6 +280,7 @@ echo  "  * rwetcfs: ${RWETCFS}"
 echo  "  * rwvarfs: ${RWVARFS}"
 echo  "  * install dir: ${INSTALLDIR}"
 echo  "  * skip-systemctl: ${SYSTEMCTL_SKIP}"
+echo  "  * realtime: ${REALTIME}"
 echo  "  * remove-qm-rootfs: ${REMOVE_QM_ROOTFS}"
 echo  "  * agent hostname: ${AGENT_HOSTNAME}"
 echo
@@ -301,6 +321,8 @@ case "$1" in
 	replaceIDs /etc/subuid containers   ${CONTAINER_IDS}
 	replaceIDs /etc/subgid containers   ${CONTAINER_IDS}
 
+    realtime_check $REALTIME
+
     if [ "$SYSTEMCTL_SKIP" == "N" ]; then
 	    systemctl daemon-reload
 	    systemctl start qm.service