realtime: add --realtime to setup

By default realtime is False but users will have the option to set it to True user setup --realtime Signed-off-by: Douglas Schilling Landgraf <[email protected]>
containers · Jan 19, 2025 · 115735b · 115735b
1 parent 4f3a2eb
commit 115735b
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 2 deletions.
diff --git a/rpm/qm.spec b/rpm/qm.spec
@@ -108,7 +108,6 @@ install -d %{buildroot}%{_sysconfdir}/containers/containers.conf.d
 %_format MODULES %{_datadir}/selinux/packages/$x.pp.bz2
 %selinux_modules_install -s %{selinuxtype} $MODULES
 # Execute the script to create seccomp rules after the package is installed
-/usr/share/qm/create-seccomp-rules
 /usr/share/qm/comment-tz-local # FIX-ME GH-issue: 367
 modprobe ip_tables # podmand netavark requires at host to load
 

diff --git a/setup b/setup
@@ -1,4 +1,4 @@
-#!/bin/bash -ex
+#!/bin/bash
 #
 # This setup script is an unofficial solution designed to deploy QM in
 # non-automotive environments like baremetal, desktop, or CICD.
@@ -11,6 +11,7 @@
 # Globals
 SYSTEMCTL_SKIP="N"
 REMOVE_QM_ROOTFS="N"
+REALTIME="N"
 INSTALLDIR="/usr/share/qm"
 QM_ROOTFS_TOOL="${INSTALLDIR}/qm-rootfs"
 ROOTFS="/usr/lib/qm/rootfs"
@@ -42,6 +43,16 @@ root_check() {
     fi
 }
 
+realtime_check() {
+    if [ "$REALTIME" == "N" ]; then
+	# Creates seccomp rules, do not use with realtime OS
+        /usr/share/qm/create-seccomp-rules
+    else
+	sed -i '/^SeccompProfile=\/usr\/share\/qm\/seccomp\.json/s/^/#/' qm.container
+    fi
+}
+
+
 usage()
 {
    echo "This script is an unofficial solution designed to deploy QM in"
@@ -62,6 +73,8 @@ usage()
    echo "--rwvarfs             set rwvarfs (default: /var/qm)"
    echo "--skip-systemctl      skip systemctl daemon commands (default: false)"
    echo "--hostname            custom agent hostname to use (default: \$\(hostname\))"
+   echo -e "--realtime	      set requirements for realtime OS.\n\t\t"\
+                              "     i.e: NOT enabling seccomp rules to sched_setscheduler()\n\t\t      and sched_setattr()"
    echo "--remove-qm-rootfs    WARNING: remove qm rootfs created during setup"
    echo
    echo "Example:"
@@ -213,6 +226,7 @@ eval set --"${opts}"
 
 # main()
 root_check
+realtime_check
 
 while [[ $# -gt 0 ]]; do
   case "$1" in
@@ -236,6 +250,10 @@ while [[ $# -gt 0 ]]; do
       SYSTEMCTL_SKIP="Y"
       shift
       ;;
+    --realtime)
+      REALTIME="Y"
+      shift
+      ;;
     --hostname)
       AGENT_HOSTNAME="${2}"
       shift 2
@@ -261,6 +279,7 @@ echo  "  * rwetcfs: ${RWETCFS}"
 echo  "  * rwvarfs: ${RWVARFS}"
 echo  "  * install dir: ${INSTALLDIR}"
 echo  "  * skip-systemctl: ${SYSTEMCTL_SKIP}"
+echo  "  * realtime: ${REALTIME}"
 echo  "  * remove-qm-rootfs: ${REMOVE_QM_ROOTFS}"
 echo  "  * agent hostname: ${AGENT_HOSTNAME}"
 echo
@@ -313,5 +332,6 @@ case "$1" in
     else
       /usr/libexec/podman/quadlet /run/systemd/generator/
     fi
+
 	;;
 esac