-
Overview
-
redpesk OS releases
-
Security updates
-
Application Framework Manager
-
Application Framework Binder
-
APIs & Services
-
Security manager
-
Trusted Boot
-
Recovery features
-
redpak
-
Minimal image
- Reduce image size
- Optimizing boot time
-
kernel fragments description
- Introduction to Linux Kernel Configuration
- 01 Disable IPC, Timers and Audit
- 02 Disable Kconfig, Scheduler and Initrd
- 03 Disable Perf, Profiling and Errata
- 04 Disable EFI, Power Management Debug and Energy Model
- 05 Disable Schedutil, CPUFreq Governors and Virtualization
- 06 Disable Kprobes and Jump Labels
- 07 Disable GCC Plugins and Function Alignment
- 08 Disable Partition Parsers
- 09 Enable Inline Spinlocks and Kernel Operations
- 10 Disable Swap, Memory Hotplug and KSM
- 11 Disable Networking IPv4, IPv6, Netfilter
- 12 Disable SCTP, VLAN, TIPC, BATMAN
- 13 Disable Wireless, Bluetooth, CAN and RFKILL
- 14 Disable PCI and Firmware
- 15 Disable GNSS and ProcEvents
- 16 Disable Block Storage NBD and AoE
- 17 Disable EEPROM and Misc Drivers
- 18 Disable Network Device Drivers
- 19 Disable PHY Drivers
- 20 Disable PPP, WLAN Coexistence, and Failover
- 21 Disable Input Devices
- 22 Disable Serial, TTY and TPM
- 23 Disable I2C, Power and Sensor Drivers
- 24 Disable MFD, Display and Media Drivers
- 25 Disable USB, Sound, RTC and VirtIO
- 26 Disable Filesystem Encodings and Compatibility
- 27 Enable Minimal Cryptographic Core with SHA3 and XTS
- 28 Disable Hardware Cryptography, Keep DRBG and Jitter Entropy
- 29 Disable Kernel Debugging Features
- 30 Disable Filesystem Verity and SecurityFS
-
Zephyr in Redpesk
-
Mender redpesk (OTA)
-
Hardware support
- Download images
- Image metrics
- Trusted Boot
- Boards - ARM64
- Boards - x86_64
- Boards - Virtual
- Miscs
Troubleshooting
Systemd Notify
If you want to use systemd to start your node and be notified, you can use
NotifyAccess=all, it will accept notifications from a different pid than the one
launched by the unit.
notify vs cgroup
When systemd daemon receives a message through the socket, it searches the unit matching the cgroup of the process, so if you use cgroup with redpak, redpak cgroup should be a child of the systemd unit cgroup.
For that, you can just remove the cgrouproot option in config files.
see https://www.freedesktop.org/software/systemd/man/latest/systemd.service.html#NotifyAccess=
Smack
Labels with vim
When you open a file with vim and save it, vim creates a copy of it and replace the original by the copy, and the label on the file can be lost.
Use chsmack command to relabel the file.
Cgroups
You can visit a specific chapter for correctly configuring and using cgroup
V2 Issue
Redpak handles cgroups only in pure v2 version. If you are in cgroup v1 or hybrid, you need to reboot by appending to the command line:
systemd.unified_cgroup_hierarchy=1
After reboot, you can check that `/sys/fs/cgroup’ is in v2 with:
mount -l | grep /sys/fs/cgroup
cgroup2 on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate)
User issue
If you don’t have right to create a sub cgroup into your current parent cgroup, it may be due to the fact that your not in a user cgroup session.
You can try to start one with:
# rp-owner
export XDG_RUNTIME_DIR=/run/user/$(id -u)
export DBUS_SESSION_BUS_ADDRESS=unix:path=${XDG_RUNTIME_DIR}/bus
systemd-run --user -p "Delegate=yes" --slice redpak --shell
Controller Issue
If you don’t manage to write into some controllers, it may be due to a issue in delegation. For that, you need to verify from /sys/fs/cgroup to your parent cgroup (cat /proc/self/cgroup), the available controllers cat cgroup.controllers and the delegated controllers to their children cgroup.subtree_control.
A temporary way to test it, is to append the missing ones at each level, for example:
echo "+cpuset +cpu +memory +io +pids" > cgroup.subtree_control
After you can check that in child, you have them in controllers
# in child
cat cgroup.controllers
Issue writing into controllers
All of the elements of redpak config file respects kernel definitions, please have a look at https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html.