Configuring communication between containers in QM and root partitions

Configuring communication between containers in QM and root partitions

Cross-environment communication enables containers in the root partition to communicate with containers in the quality-managed (QM) partition using UNIX domain sockets. This configuration requires mounting a shared volume in both partitions and configuring appropriate SELinux security labels to enable inter-process communication (IPC) between the containers.

About the demo code

The demo code uses a pair of C applications packaged as containers — a server running in the root partition and a client running in the QM partition — that communicate over a UNIX domain socket at /run/ipc/ipc_server.socket.

To configure the AutoSD OS image build, the Automotive Image Builder (AIB) manifest file specifies:

• The server container image to add to the root partition
• The client container image to add to the QM partition
• The Quadlet unit configurations for both applications
• A shared volume mount at /run/ipc for socket communication

When the built AutoSD system starts, the server creates and binds to the UNIX domain socket, and the client connects to it, enabling IPC between the two applications running in separate partitions.

The sample Containerfiles and C source code available in the demo directory illustrate how to create these containerized applications with proper socket handling.

Prerequisites

A custom aib.yml Automotive Image Builder (AIB) manifest file, such as the manifest file that you created in Configuring communication between containers in the root partition

Procedure

1. Using Podman, create local containerized versions of the server and client applications using the sample code located in the demo code.

   Note

   The demo code includes C source files (echo-uds-server.c and echo-uds-client.c) and Containerfiles for building the applications. You can use the provided build.sh script to build both container images locally. For AIB to find the the built container images during the build process, you must run the build script as a user with elevated privileges: sudo bash build.sh builds both the application containers and the AutoSD OS image from the AIB manifest, and sudo bash build.sh --noimage builds only the application containers.

2. To copy the local container images to their respective partitions in the OS image, add the following sections to your manifest file:

   1. Add the server container image to the root partition in the content section:

      console --8<-- "demos/ipc_between_qm_asil_2/ipc_between_qm_asil_2.aib.yml:13:18"

   2. Add the client container image to the QM partition in the qm section:

      console --8<-- "demos/ipc_between_qm_asil_2/ipc_between_qm_asil_2.aib.yml:52:57"

3. Create Quadlet unit files for both the server and client containers:

   1. Create an ipc_server.container Quadlet unit file for the server running in the root partition:

      console --8<-- "demos/ipc_between_qm_asil_2/ipc_server.container"

   2. Create an ipc_client.container Quadlet unit file for the client running in the QM partition:

      console --8<-- "demos/ipc_between_qm_asil_2/ipc_client.container"

   Note

   Both containers mount the same volume /run/ipc:/run/ipc but use different SELinux security label types:

   • Server (root partition): SecurityLabelType=ipc_t
   • Client (QM partition): SecurityLabelType=qm_container_ipc_t

4. Create a Quadlet drop-in configuration file for the QM container to ensure the shared volume is mounted. Create a 10-ipc-demo.conf file:

   console --8<-- "demos/ipc_between_qm_asil_2/10-ipc-demo.conf"

   Note

   QM configuration is built into the partition and should not be changed. By using drop-in files, you can make additional modifications to the QM partition without overwriting the built-in configuration settings.

5. Configure the manifest file to copy the Quadlet files and create necessary directories:

   1. Add the directory creation for the QM container drop-in configuration:

      console --8<-- "demos/ipc_between_qm_asil_2/ipc_between_qm_asil_2.aib.yml:20:24"

   2. Add the file copying configuration for all Quadlet files and configurations:

      console --8<-- "demos/ipc_between_qm_asil_2/ipc_between_qm_asil_2.aib.yml:26:32"

   3. Copy the client Quadlet file to the QM partition:

      console --8<-- "demos/ipc_between_qm_asil_2/ipc_between_qm_asil_2.aib.yml:59:61"

6. Configure the runtime directory creation by adding a systemd tmpfiles configuration. The demo includes a qm_ipc.conf file that creates the /run/ipc directory:

   console --8<-- "demos/ipc_between_qm_asil_2/qm_ipc.conf"

   This file is copied to /usr/lib/tmpfiles.d/qm_ipc.conf as shown in the manifest file above.

Sample code

The following is a fully functioning demo code sample of an AIB manifest so that two containerized C applications will be added to separate partitions and will automatically start communicating via an IPC Unix domain socket.

console title="Sample ipc_between_qm_asil_2.aib.yml file" --8<-- "demos/ipc_between_qm_asil_2/ipc_between_qm_asil_2.aib.yml"

Next steps

• Now that you have configured the manifest and Quadlet unit files to set up communication between containers in different partitions, you can build your AutoSD OS image. For more information, see Building an image from a custom manifest.
• Alternatively, you can continue customizing your image. For more information, see Containerized applications.

Additional resources

• Sample Automotive Image Builder manifest
• Embedding containerized applications in the QM partition