Skip to content
/ qm Public
forked from containers/qm

QM is a containerized environment for running Functional Safety qm (Quality Management) software

License

Notifications You must be signed in to change notification settings

telemaco/qm

 
 

Repository files navigation

QM is a containerized environment for running Functional Safety qm (Quality Management) software

The main purpose of this package is allow users to setup an environment which prevents applications and container tools from interfering with other processes on the system. For example ASIL (Automotive Safety Integrity Level) environments.

The QM environment uses containerization tools like cgroups, namespaces, and security isolation to prevent accidental interference by processes in the qm.

The QM will run its own version of systemd and Podman to isolate not only the applications and containers launched by systemd and Podman but systemd and Podman commands themselves.

This package requires the Podman package to establish the containerized environment and uses quadlet to set it up.

Software install into the qm environment under /usr/lib/qm/rootfs will be automatically isolated from the host. But if developers want to further isolate these processes from other processes in the QM they can use container tools like Podman to further isolate.

  • SELinux Policy

This policy is used to isolate Quality Management parts of the operating system from the other Domain-Specific Functional Safety Levels (ASIL).

The main purpose of this policy is to prevent applications and container tools with interfering with other processes on the system. The QM needs to support further isolate containers run within the qm from the qm_t process and from each other.

For now all of the control processes in the qm other then containers will run with the same qm_t type.

Still would like to discuss about a specific selinux prevision?
Please open an QM issue with the output of selinux error from a recent operation related to QM. The output of the following commands are appreciated for understanding the root cause.

ausearch -m avc -ts recent | audit2why  
journalctl -t setroubleshoot  
sealert -a /var/log/audit/audit.log  

The package configures the bluechi agent within the QM.

BlueChi is a systemd service controller intended for multi-node environments with a predefined number of nodes and with a focus on highly regulated ecosystems such as those requiring functional safety. Potential use cases can be found in domains such as transportation, where services need to be controlled across different edge devices and where traditional orchestration tools are not compliant with regulatory requirements.

Systems with QM installed will have two systemd's running on them. The QM bluechi-agent is based on the hosts /etc/bluechi/agent.conf file. By default any changes to the systems agent.conf file are reflected into the QM /etc/bluechi/agent.conf. You can further customize the QM bluechi agent by adding content to the /usr/lib/qm/rootfs/etc/bluechi/agent.conf.d/ directory.

RPM building dependencies

In order to build qm package on CentOS Stream 9 you'll need Code Ready Builder repository enabled in order to provide golang-github-cpuguy83-md2man package.

# dnf install -y python3-dnf-plugins-core
# dnf config-manager --set-enabled crb

Examples

Looking for quadlet examples files? See our docs dir.

Development

If your looking for contribute to the project use our development README guide as start point.

RPM Mirrors

Looking for a specific version of QM? Search in the mirrors list below.

CentOS Automotive SIG - qm package - noarch

About

QM is a containerized environment for running Functional Safety qm (Quality Management) software

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Shell 68.1%
  • Python 15.1%
  • Roff 8.9%
  • C 5.2%
  • Makefile 2.7%