Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create test for the IPC over unix socket scenario #469

Open
aesteve-rh opened this issue Jun 27, 2024 · 0 comments
Open

Create test for the IPC over unix socket scenario #469

aesteve-rh opened this issue Jun 27, 2024 · 0 comments
Labels

Comments

@aesteve-rh
Copy link
Collaborator

aesteve-rh commented Jun 27, 2024

Description

Recently, we have added new policies to support IPC usecase. However, there is no CI test that checks the scenario.

Let's add one such scenario to the gating tests.

Testing scenario

The socket needs to be created at (currently):

  • /run/ipc-demo/ipc.socket

Two containerized application shall mount the volume containing the socket and communicate. There are many interesting cases here, ASIL-QM communication probably is the most as it is also the most complex.

What we need

  • A containerized application running on the Safety layer.
    • SecurityContextLabel=ipc_t
  • A containerized application running on the QM layer.
    • SecurityContextLabel=qm_container_ipc_t
  • A systemd.socket file to create the socket at startup.
    • This is a nice way as otherwise we would need to create the subfolder in the /run/ipc directory before mounting the volume in the containers. And then one of the containerized application (the server-side), would need to create the socket file.
    • The socket file would look something like:
    [Unit]
    Description=An example systemd unix socket
    
    [Socket]
    ListenStream=%t/ipc-demo/ipc.socket
    RuntimeDirectory=ipc-demo
    SELinuxContextFromNet=yes
    
    [Install]
    WantedBy=sockets.target
    
  • Drop-in configuration to extend qm settings:
    [Unit]
    Requires=ipc.socket
    
    [Container]
    Volume=/run/ipc-demo:/run/ipc-demo
    
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants