Add Bosch iccom support into AGL IC integration
Description
Environment
Activity
Keiya Nobuta October 11, 2021 at 12:45 AM
I wonder if I can fix iccom driver by using pernet_operations.
iccom driver uses `init_net` to create sock for default namespace.
If iccom driver registers pernet_operations using register_pernet_subsys(), ops->init will be called for each namespace.
So iccom will create socks for each namespace and will be able to communicate with all users.
https://github.com/agl-ic-eg/linux-iccom/blob/6abd5ca9ff80f4bdffdec18776c30725b7e9d77b/src/iccom_socket_if.c#L507-L509
I think there are good examples of usage in crypto/crypto_user_base.c and drivers/net/vxlan.c, etc.
https://github.com/torvalds/linux/blob/v5.10/crypto/crypto_user_base.c#L480-L509
https://github.com/torvalds/linux/blob/v5.10/include/net/net_namespace.h#L361-L391
https://github.com/torvalds/linux/blob/v5.10/net/core/net_namespace.c#L1239-L1266
Keiya Nobuta October 11, 2021 at 12:33 AM
The current implementation of bosch iccom has namespace issue.
iccom uses NETLINK socket. On the kernel side, iccom driver create sock for only default namespace.
So communicable userland sockets only exist in the same namespace, users on lxc containers cannot communicate kernel side.
If add the `lxc.namespace.keep = usernet` option to lxc config, this option inherit the net namespace to the container and allowing communication.
But there are security concerns. For example, the container may be able to shut down the host.
https://linuxcontainers.org/lxc/manpages/man5/lxc.container.conf.5.html
Jan-Simon Moeller August 23, 2021 at 1:20 PM
Jan-Simon Moeller August 17, 2021 at 12:29 PM
There is no dunfell branch, who will test it and port the layer to dunfell ?
Jan-Simon Moeller July 28, 2021 at 8:01 PM
Will there be a dunfell branch ? Or who will port to dunfell ?
Details
Details
Assignee
Keiya NobutaReporter
Naoto YAMAGUCHIFix versions
Priority
Major
AGL IC architecture use bosch iccom network stack.
Need to port it.