- meta-dca
- Requirements
- How to use this layer
- Getting started
- Available modules
- Further documentation
- Get involved
- Security Policy
This layer is an addition to meta-sca. It enables dynamic code analysis, such as
- checking capabilties
- memleak checking
- files/path checking
These checks are suppose to be done on the build host only (using qemu/testimage support)
You need the following to use meta-dca
-
a sufficient
oeqabased test suite -
systemdset inDISTRO_FEATURES
As the name implies, this layer uses dynamic code analysis to check certain (configurable features), so we have to execute the code that needs to be checked. Therefore we are using testimage provided by upstream poky.
The checks itself will only be done when you execute bitbake <your-image-recipe> -c testimage.
Results will be stored in the way meta-sca was configured for the build
It's highly recommended to
- enable KVM support (
QEMU_USE_KVM = "1") - have at least 1G of RAM for QEMU (
QB_MEM = "-m 1024")
For a quick start how to use this layer see getting started guide
| module | purpose | more info |
|---|---|---|
| caplint | Identify needed capabilities of a systemd unit | https://github.com/iovisor/bcc |
| filelife | Find shortlived files written to non-volatile storage | https://github.com/iovisor/bcc |
| filemiss | Find inaccessible files | https://github.com/iovisor/bpftrace |
| opensnoop | Lint ReadOnlyPaths/ReadWritePaths settings of a systemd unit | https://github.com/iovisor/bpftrace |
To get involved following things can be done
- create an issue
- fix an issue and create a pull request
- see the pinned issues in the bugtracker
For the project's security policy please see here