* Re: [tpm2] tpm2-abrmd in a container
@ 2019-02-06 7:50 Luke Hinds
0 siblings, 0 replies; 8+ messages in thread
From: Luke Hinds @ 2019-02-06 7:50 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 6800 bytes --]
On Wed, 6 Feb 2019, 00:43 Javier Martinez Canillas <javierm(a)redhat.com
wrote:
> Hello Luke,
>
> On 2/5/19 4:40 PM, Luke Hinds wrote:
>
> [snip]
>
> > Almost have this working now or perhaps getting warmer. I am now looking
> > for some advice on what values and arguments I should be using to make
> sure
> > connectivity goes from tpm2-tools > tpm2-abrmd > tpm2 mssim
> >
> > Within my container I run:
> >
> > mkdir -p /var/run/dbus/
> > dbus-daemon --fork --system
> >
> > start the simulator:
> >
> > tpm_server &
> > [1] 24
> > [root(a)a2d41fb37bb3 src]# TPM command server listening on port 2321
> > Platform server listening on port 2322
> >
> > If I now run:
> >
> > [root(a)a2d41fb37bb3 src]# /usr/local/sbin/tpm2-abrmd --allow-root
> > --tcti=mssim &
> >
> > I can see an active bus:
> >
> > [root(a)a2d41fb37bb3 src]# dbus-send --system --dest=org.freedesktop.DBus
> > --type=method_call --print-reply /org/freedesktop/DBus
> > org.freedesktop.DBus.ListNames
> > method return time=1549380992.829764 sender=org.freedesktop.DBus ->
> > destination=:1.7 serial=3 reply_serial=2
> > array [
> > string "org.freedesktop.DBus"
> > string ":1.7"
> > string "com.intel.tss2.Tabrmd"
> > string ":1.6"
> > ]
> >
> >
> > [root(a)a2d41fb37bb3 src]# dbus-send --system --dest=com.intel.tss2.Tabrmd
> > --type=method_call --print-reply /com/intel/tss2/Tabrmd/Tcti
> > org.freedesktop.DBus.Introspectable.Introspect
> > method return time=1549381010.989948 sender=:1.6 -> destination=:1.8
> > serial=7 reply_serial=2
> > string "<!DOCTYPE node PUBLIC "-//freedesktop//DTD D-BUS Object
> > Introspection 1.0//EN"
> > "
> > http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd">
> > <!-- GDBus 2.58.3 -->
> > <node>
> > <interface name="org.freedesktop.DBus.Properties">
> > <method name="Get">
> > <arg type="s" name="interface_name" direction="in"/>
> > <arg type="s" name="property_name" direction="in"/>
> > <arg type="v" name="value" direction="out"/>
> > </method>
> > <method name="GetAll">
> > <arg type="s" name="interface_name" direction="in"/>
> > <arg type="a{sv}" name="properties" direction="out"/>
> > </method>
> > <method name="Set">
> > <arg type="s" name="interface_name" direction="in"/>
> > <arg type="s" name="property_name" direction="in"/>
> > <arg type="v" name="value" direction="in"/>
> > </method>
> > <signal name="PropertiesChanged">
> > <arg type="s" name="interface_name"/>
> > <arg type="a{sv}" name="changed_properties"/>
> > <arg type="as" name="invalidated_properties"/>
> > </signal>
> > </interface>
> > <interface name="org.freedesktop.DBus.Introspectable">
> > <method name="Introspect">
> > <arg type="s" name="xml_data" direction="out"/>
> > </method>
> > </interface>
> > <interface name="org.freedesktop.DBus.Peer">
> > <method name="Ping"/>
> > <method name="GetMachineId">
> > <arg type="s" name="machine_uuid" direction="out"/>
> > </method>
> > </interface>
> > <interface name="com.intel.tss2.TctiTabrmd">
> > <method name="CreateConnection">
> > <arg type="ah" name="fds" direction="out"/>
> > <arg type="t" name="id" direction="out"/>
> > </method>
> > <method name="Cancel">
> > <arg type="t" name="id" direction="in"/>
> > <arg type="u" name="return_code" direction="out"/>
> > </method>
> > <method name="SetLocality">
> > <arg type="t" name="id" direction="in"/>
> > <arg type="y" name="locality" direction="in"/>
> > <arg type="u" name="return_code" direction="out"/>
> > </method>
> > </interface>
> > </node>
> >
>
> I believe the tpm2-abmrd + MSFT simulator part is correct.
>
> > The part I am now not sure of, is how to configure TPM2TOOLS_TCTI and
> what
> > args should be used for the RM.
> >
> > As it is, its expected with TPM2TOOLS_TCTI undeclared :
> >
> > [root(a)a2d41fb37bb3 src]# tpm2_pcrlist
> > ERROR:tcti:src/tss2-tcti/tcti-device.c:399:Tss2_Tcti_Device_Init() Failed
> > to open device file /dev/tpm0: No such file or directory
> > ERROR: tcti init allocation routine failed for library: "device" options:
> > "(null)"
> > ERROR: Could not load tcti, got: "device"
> >
> > I have then tried different variations:
> >
> > export TPM2TOOLS_TCTI="mssim:host=localhost,port=2321"
> > export TPM2TOOLS_TCTI="mssim:port=2321"
> > export TPM2TOOLS_TCTI="mssim:tcp://127.0.0.1:2321"
> >
> > I am guessing this would be wrong though? I don't want the tools
> connecting
> > to the mssim, I want them connecting to the resource manager.
> >
>
> That's correct. You have to use the abrmd TCTI since the tools don't care
> that
> the abrmd is talking to the simulator instead of a TPM device.
>
> > I should also mention, none of the above work - running `tpm2_pcrlist`
> just
> > results in the command hanging and needing a ctrl c to break out.
> >
> > [root(a)a2d41fb37bb3 src]# export
> >
> TPM2TOOLS_TCTI="tabrmd:bus_name=com.intel.tss2.Tabrmd,tabrmd:bus_type=session"
> > [root(a)a2d41fb37bb3 src]# tpm2_pcrlist
> > ERROR: Could not dlopen library: "tabrmd"
> > ERROR: Could not load tcti, got: "tabrmd"
> >
> > So I then tried try this:
> >
> > [root(a)a2d41fb37bb3 src]# /usr/local/sbin/tpm2-abrmd --allow-root
> > --tcti=libtss2-tcti-mssim.so &
> > [root(a)a2d41fb37bb3 src]# export TPM2TOOLS_TCTI="mssim:port=2321"
> > [root(a)a2d41fb37bb3 src]# tpm2_pcrlist
> >
> > Unfortunately the command just hangs, needing a ctrl-c to break the
> session.
> >
> > I am aware I may be "making a pigs ear" of this, if so excuse my
> > green'ness.
> >
> > If anyone can point me towards what args I should be using for the
> > connectivity flow I outlined towards the start of this email, that would
> be
> > great!
> >
>
> What's your exact version of the tpm2-abrmd, tpm2-tss and tpm2-tools? Can
> you
> do "export =all+TRACE" before executing tpm2_pcrlist to see where the
> libraries are hanging?
>
I am thinking it might have something to do with dbus now. I ran a systemd
based container with the same steps / versions. pcrlist was then returned
with no issues.
I will definitely check with TSS2_LOG set though, so we know what's
happening. I can run a privileged container for my needs (CI Tests) so
there is no security concerns, but I am sure others will in the future want
to run a limited instance.
Thanks Luke!
> > Thanks,
> >
> > Luke
> >
>
> Best regards,
> --
> Javier Martinez Canillas
> Software Engineer - Desktop Hardware Enablement
> Red Hat
>
[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 9767 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [tpm2] tpm2-abrmd in a container
@ 2019-02-06 0:43 Javier Martinez Canillas
0 siblings, 0 replies; 8+ messages in thread
From: Javier Martinez Canillas @ 2019-02-06 0:43 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 5950 bytes --]
Hello Luke,
On 2/5/19 4:40 PM, Luke Hinds wrote:
[snip]
> Almost have this working now or perhaps getting warmer. I am now looking
> for some advice on what values and arguments I should be using to make sure
> connectivity goes from tpm2-tools > tpm2-abrmd > tpm2 mssim
>
> Within my container I run:
>
> mkdir -p /var/run/dbus/
> dbus-daemon --fork --system
>
> start the simulator:
>
> tpm_server &
> [1] 24
> [root(a)a2d41fb37bb3 src]# TPM command server listening on port 2321
> Platform server listening on port 2322
>
> If I now run:
>
> [root(a)a2d41fb37bb3 src]# /usr/local/sbin/tpm2-abrmd --allow-root
> --tcti=mssim &
>
> I can see an active bus:
>
> [root(a)a2d41fb37bb3 src]# dbus-send --system --dest=org.freedesktop.DBus
> --type=method_call --print-reply /org/freedesktop/DBus
> org.freedesktop.DBus.ListNames
> method return time=1549380992.829764 sender=org.freedesktop.DBus ->
> destination=:1.7 serial=3 reply_serial=2
> array [
> string "org.freedesktop.DBus"
> string ":1.7"
> string "com.intel.tss2.Tabrmd"
> string ":1.6"
> ]
>
>
> [root(a)a2d41fb37bb3 src]# dbus-send --system --dest=com.intel.tss2.Tabrmd
> --type=method_call --print-reply /com/intel/tss2/Tabrmd/Tcti
> org.freedesktop.DBus.Introspectable.Introspect
> method return time=1549381010.989948 sender=:1.6 -> destination=:1.8
> serial=7 reply_serial=2
> string "<!DOCTYPE node PUBLIC "-//freedesktop//DTD D-BUS Object
> Introspection 1.0//EN"
> "
> http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd">
> <!-- GDBus 2.58.3 -->
> <node>
> <interface name="org.freedesktop.DBus.Properties">
> <method name="Get">
> <arg type="s" name="interface_name" direction="in"/>
> <arg type="s" name="property_name" direction="in"/>
> <arg type="v" name="value" direction="out"/>
> </method>
> <method name="GetAll">
> <arg type="s" name="interface_name" direction="in"/>
> <arg type="a{sv}" name="properties" direction="out"/>
> </method>
> <method name="Set">
> <arg type="s" name="interface_name" direction="in"/>
> <arg type="s" name="property_name" direction="in"/>
> <arg type="v" name="value" direction="in"/>
> </method>
> <signal name="PropertiesChanged">
> <arg type="s" name="interface_name"/>
> <arg type="a{sv}" name="changed_properties"/>
> <arg type="as" name="invalidated_properties"/>
> </signal>
> </interface>
> <interface name="org.freedesktop.DBus.Introspectable">
> <method name="Introspect">
> <arg type="s" name="xml_data" direction="out"/>
> </method>
> </interface>
> <interface name="org.freedesktop.DBus.Peer">
> <method name="Ping"/>
> <method name="GetMachineId">
> <arg type="s" name="machine_uuid" direction="out"/>
> </method>
> </interface>
> <interface name="com.intel.tss2.TctiTabrmd">
> <method name="CreateConnection">
> <arg type="ah" name="fds" direction="out"/>
> <arg type="t" name="id" direction="out"/>
> </method>
> <method name="Cancel">
> <arg type="t" name="id" direction="in"/>
> <arg type="u" name="return_code" direction="out"/>
> </method>
> <method name="SetLocality">
> <arg type="t" name="id" direction="in"/>
> <arg type="y" name="locality" direction="in"/>
> <arg type="u" name="return_code" direction="out"/>
> </method>
> </interface>
> </node>
>
I believe the tpm2-abmrd + MSFT simulator part is correct.
> The part I am now not sure of, is how to configure TPM2TOOLS_TCTI and what
> args should be used for the RM.
>
> As it is, its expected with TPM2TOOLS_TCTI undeclared :
>
> [root(a)a2d41fb37bb3 src]# tpm2_pcrlist
> ERROR:tcti:src/tss2-tcti/tcti-device.c:399:Tss2_Tcti_Device_Init() Failed
> to open device file /dev/tpm0: No such file or directory
> ERROR: tcti init allocation routine failed for library: "device" options:
> "(null)"
> ERROR: Could not load tcti, got: "device"
>
> I have then tried different variations:
>
> export TPM2TOOLS_TCTI="mssim:host=localhost,port=2321"
> export TPM2TOOLS_TCTI="mssim:port=2321"
> export TPM2TOOLS_TCTI="mssim:tcp://127.0.0.1:2321"
>
> I am guessing this would be wrong though? I don't want the tools connecting
> to the mssim, I want them connecting to the resource manager.
>
That's correct. You have to use the abrmd TCTI since the tools don't care that
the abrmd is talking to the simulator instead of a TPM device.
> I should also mention, none of the above work - running `tpm2_pcrlist` just
> results in the command hanging and needing a ctrl c to break out.
>
> [root(a)a2d41fb37bb3 src]# export
> TPM2TOOLS_TCTI="tabrmd:bus_name=com.intel.tss2.Tabrmd,tabrmd:bus_type=session"
> [root(a)a2d41fb37bb3 src]# tpm2_pcrlist
> ERROR: Could not dlopen library: "tabrmd"
> ERROR: Could not load tcti, got: "tabrmd"
>
> So I then tried try this:
>
> [root(a)a2d41fb37bb3 src]# /usr/local/sbin/tpm2-abrmd --allow-root
> --tcti=libtss2-tcti-mssim.so &
> [root(a)a2d41fb37bb3 src]# export TPM2TOOLS_TCTI="mssim:port=2321"
> [root(a)a2d41fb37bb3 src]# tpm2_pcrlist
>
> Unfortunately the command just hangs, needing a ctrl-c to break the session.
>
> I am aware I may be "making a pigs ear" of this, if so excuse my
> green'ness.
>
> If anyone can point me towards what args I should be using for the
> connectivity flow I outlined towards the start of this email, that would be
> great!
>
What's your exact version of the tpm2-abrmd, tpm2-tss and tpm2-tools? Can you
do "export TSS2_LOG=all+TRACE" before executing tpm2_pcrlist to see where the
libraries are hanging?
> Thanks,
>
> Luke
>
Best regards,
--
Javier Martinez Canillas
Software Engineer - Desktop Hardware Enablement
Red Hat
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [tpm2] tpm2-abrmd in a container
@ 2019-02-05 15:40 Luke Hinds
0 siblings, 0 replies; 8+ messages in thread
From: Luke Hinds @ 2019-02-05 15:40 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 8127 bytes --]
On Mon, Feb 4, 2019 at 6:55 PM Luke Hinds <lhinds(a)redhat.com> wrote:
>
>
> On Mon, Feb 4, 2019 at 6:05 PM Andersen, John <john.s.andersen(a)intel.com>
> wrote:
>
>> On Mon, Feb 04, 2019 at 04:57:12PM +0000, Luke Hinds wrote:
>> > On Mon, Feb 4, 2019 at 4:12 PM Roberts, William C
>> > <[1]william.c.roberts(a)intel.com> wrote:
>> >
>> > I run it in our CI system which is using a docker container, not
>> > sure if that helps
>> > But you can look at our scripts for it.
>> >
>> > Do you mean the following travis-ci file:
>> > [2]
>> https://github.com/tpm2-software/tpm2-abrmd/blob/master/.travis.yml#
>> > L2
>> > I noticed this, but I think its a VM (unless I am mistaken):
>> > [3]
>> https://docs.travis-ci.com/user/reference/overview/#virtualization-e
>> > nvironments
>> > Any pointers to files that reference your container use, would be
>> > helpful.
>> > Cheers,
>> > Luke
>> >
>> > > -----Original Message-----
>> > > From: tpm2 [mailto:[4]tpm2-bounces(a)lists.01.org] On Behalf Of
>> Luke
>> > Hinds
>> > > Sent: Monday, February 4, 2019 7:47 AM
>> > > To: [5]tpm2(a)lists.01.org
>> > > Subject: [tpm2] tpm2-abrmd in a container
>> > >
>> > > Hello,
>> > >
>> > > I have been working on trying to get tpm2-abrmd running in a
>> > container, but its
>> > > proving problematic as there is a requirement on system-d and
>> > dbus. This in turn
>> > > requires running the container as privileged and mounting the
>> > hosts cgroup (and
>> > > adding cap sys-admin).
>> > >
>> > > My reason for using a container, is for CI / functional testing
>> of
>> > a project that will
>> > > use abrmd and having a lightweight means to test against the
>> > resource manager
>> > > running in a container.
>> > >
>> > > I am still early in looking at ways to achieve this, so I wanted
>> > to ask if any others
>> > > have snippets of previous attempts (successful or not) they could
>> > share?
>> > >
>> > > Thanks,
>> > >
>> > > Luke
>> >
>> > --
>> > References
>> >
>> > 1. mailto:william.c.roberts(a)intel.com
>> > 2.
>> https://github.com/tpm2-software/tpm2-abrmd/blob/master/.travis.yml#L2
>> > 3.
>> https://docs.travis-ci.com/user/reference/overview/#virtualization-environments
>> > 4. mailto:tpm2-bounces(a)lists.01.org
>> > 5. mailto:tpm2(a)lists.01.org
>> > 6. mailto:lhinds(a)redhat.com
>>
>> Some dbus stuff happened in the tools repo recently. Not sure if this
>> would be
>> of help.
>>
>> https://github.com/tpm2-software/tpm2-tools/commit/9a6430ef293bc1a506224431af9370c7748f39b4
>>
>>
> That look's like just what I need, thanks!
>
>
>> > _______________________________________________
>> > tpm2 mailing list
>> > tpm2(a)lists.01.org
>> > https://lists.01.org/mailman/listinfo/tpm2
>>
>>
>
>
Almost have this working now or perhaps getting warmer. I am now looking
for some advice on what values and arguments I should be using to make sure
connectivity goes from tpm2-tools > tpm2-abrmd > tpm2 mssim
Within my container I run:
mkdir -p /var/run/dbus/
dbus-daemon --fork --system
start the simulator:
tpm_server &
[1] 24
[root(a)a2d41fb37bb3 src]# TPM command server listening on port 2321
Platform server listening on port 2322
If I now run:
[root(a)a2d41fb37bb3 src]# /usr/local/sbin/tpm2-abrmd --allow-root
--tcti=mssim &
I can see an active bus:
[root(a)a2d41fb37bb3 src]# dbus-send --system --dest=org.freedesktop.DBus
--type=method_call --print-reply /org/freedesktop/DBus
org.freedesktop.DBus.ListNames
method return time=1549380992.829764 sender=org.freedesktop.DBus ->
destination=:1.7 serial=3 reply_serial=2
array [
string "org.freedesktop.DBus"
string ":1.7"
string "com.intel.tss2.Tabrmd"
string ":1.6"
]
[root(a)a2d41fb37bb3 src]# dbus-send --system --dest=com.intel.tss2.Tabrmd
--type=method_call --print-reply /com/intel/tss2/Tabrmd/Tcti
org.freedesktop.DBus.Introspectable.Introspect
method return time=1549381010.989948 sender=:1.6 -> destination=:1.8
serial=7 reply_serial=2
string "<!DOCTYPE node PUBLIC "-//freedesktop//DTD D-BUS Object
Introspection 1.0//EN"
"
http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd">
<!-- GDBus 2.58.3 -->
<node>
<interface name="org.freedesktop.DBus.Properties">
<method name="Get">
<arg type="s" name="interface_name" direction="in"/>
<arg type="s" name="property_name" direction="in"/>
<arg type="v" name="value" direction="out"/>
</method>
<method name="GetAll">
<arg type="s" name="interface_name" direction="in"/>
<arg type="a{sv}" name="properties" direction="out"/>
</method>
<method name="Set">
<arg type="s" name="interface_name" direction="in"/>
<arg type="s" name="property_name" direction="in"/>
<arg type="v" name="value" direction="in"/>
</method>
<signal name="PropertiesChanged">
<arg type="s" name="interface_name"/>
<arg type="a{sv}" name="changed_properties"/>
<arg type="as" name="invalidated_properties"/>
</signal>
</interface>
<interface name="org.freedesktop.DBus.Introspectable">
<method name="Introspect">
<arg type="s" name="xml_data" direction="out"/>
</method>
</interface>
<interface name="org.freedesktop.DBus.Peer">
<method name="Ping"/>
<method name="GetMachineId">
<arg type="s" name="machine_uuid" direction="out"/>
</method>
</interface>
<interface name="com.intel.tss2.TctiTabrmd">
<method name="CreateConnection">
<arg type="ah" name="fds" direction="out"/>
<arg type="t" name="id" direction="out"/>
</method>
<method name="Cancel">
<arg type="t" name="id" direction="in"/>
<arg type="u" name="return_code" direction="out"/>
</method>
<method name="SetLocality">
<arg type="t" name="id" direction="in"/>
<arg type="y" name="locality" direction="in"/>
<arg type="u" name="return_code" direction="out"/>
</method>
</interface>
</node>
The part I am now not sure of, is how to configure TPM2TOOLS_TCTI and what
args should be used for the RM.
As it is, its expected with TPM2TOOLS_TCTI undeclared :
[root(a)a2d41fb37bb3 src]# tpm2_pcrlist
ERROR:tcti:src/tss2-tcti/tcti-device.c:399:Tss2_Tcti_Device_Init() Failed
to open device file /dev/tpm0: No such file or directory
ERROR: tcti init allocation routine failed for library: "device" options:
"(null)"
ERROR: Could not load tcti, got: "device"
I have then tried different variations:
export TPM2TOOLS_TCTI="mssim:host=localhost,port=2321"
export TPM2TOOLS_TCTI="mssim:port=2321"
export TPM2TOOLS_TCTI="mssim:tcp://127.0.0.1:2321"
I am guessing this would be wrong though? I don't want the tools connecting
to the mssim, I want them connecting to the resource manager.
I should also mention, none of the above work - running `tpm2_pcrlist` just
results in the command hanging and needing a ctrl c to break out.
[root(a)a2d41fb37bb3 src]# export
TPM2TOOLS_TCTI="tabrmd:bus_name=com.intel.tss2.Tabrmd,tabrmd:bus_type=session"
[root(a)a2d41fb37bb3 src]# tpm2_pcrlist
ERROR: Could not dlopen library: "tabrmd"
ERROR: Could not load tcti, got: "tabrmd"
So I then tried try this:
[root(a)a2d41fb37bb3 src]# /usr/local/sbin/tpm2-abrmd --allow-root
--tcti=libtss2-tcti-mssim.so &
[root(a)a2d41fb37bb3 src]# export TPM2TOOLS_TCTI="mssim:port=2321"
[root(a)a2d41fb37bb3 src]# tpm2_pcrlist
Unfortunately the command just hangs, needing a ctrl-c to break the session.
I am aware I may be "making a pigs ear" of this, if so excuse my
green'ness.
If anyone can point me towards what args I should be using for the
connectivity flow I outlined towards the start of this email, that would be
great!
Thanks,
Luke
[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 14114 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [tpm2] tpm2-abrmd in a container
@ 2019-02-04 18:55 Luke Hinds
0 siblings, 0 replies; 8+ messages in thread
From: Luke Hinds @ 2019-02-04 18:55 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 3155 bytes --]
On Mon, Feb 4, 2019 at 6:05 PM Andersen, John <john.s.andersen(a)intel.com>
wrote:
> On Mon, Feb 04, 2019 at 04:57:12PM +0000, Luke Hinds wrote:
> > On Mon, Feb 4, 2019 at 4:12 PM Roberts, William C
> > <[1]william.c.roberts(a)intel.com> wrote:
> >
> > I run it in our CI system which is using a docker container, not
> > sure if that helps
> > But you can look at our scripts for it.
> >
> > Do you mean the following travis-ci file:
> > [2]
> https://github.com/tpm2-software/tpm2-abrmd/blob/master/.travis.yml#
> > L2
> > I noticed this, but I think its a VM (unless I am mistaken):
> > [3]
> https://docs.travis-ci.com/user/reference/overview/#virtualization-e
> > nvironments
> > Any pointers to files that reference your container use, would be
> > helpful.
> > Cheers,
> > Luke
> >
> > > -----Original Message-----
> > > From: tpm2 [mailto:[4]tpm2-bounces(a)lists.01.org] On Behalf Of
> Luke
> > Hinds
> > > Sent: Monday, February 4, 2019 7:47 AM
> > > To: [5]tpm2(a)lists.01.org
> > > Subject: [tpm2] tpm2-abrmd in a container
> > >
> > > Hello,
> > >
> > > I have been working on trying to get tpm2-abrmd running in a
> > container, but its
> > > proving problematic as there is a requirement on system-d and
> > dbus. This in turn
> > > requires running the container as privileged and mounting the
> > hosts cgroup (and
> > > adding cap sys-admin).
> > >
> > > My reason for using a container, is for CI / functional testing of
> > a project that will
> > > use abrmd and having a lightweight means to test against the
> > resource manager
> > > running in a container.
> > >
> > > I am still early in looking at ways to achieve this, so I wanted
> > to ask if any others
> > > have snippets of previous attempts (successful or not) they could
> > share?
> > >
> > > Thanks,
> > >
> > > Luke
> >
> > --
> > Luke Hinds | NFV Partner Engineering | CTO Office | Red Hat
> > e: [6]lhinds(a)redhat.com | irc: lhinds @freenode | t: +44 12 52 36
> 2483
> >
> > References
> >
> > 1. mailto:william.c.roberts(a)intel.com
> > 2.
> https://github.com/tpm2-software/tpm2-abrmd/blob/master/.travis.yml#L2
> > 3.
> https://docs.travis-ci.com/user/reference/overview/#virtualization-environments
> > 4. mailto:tpm2-bounces(a)lists.01.org
> > 5. mailto:tpm2(a)lists.01.org
> > 6. mailto:lhinds(a)redhat.com
>
> Some dbus stuff happened in the tools repo recently. Not sure if this
> would be
> of help.
>
> https://github.com/tpm2-software/tpm2-tools/commit/9a6430ef293bc1a506224431af9370c7748f39b4
>
>
That look's like just what I need, thanks!
> > _______________________________________________
> > tpm2 mailing list
> > tpm2(a)lists.01.org
> > https://lists.01.org/mailman/listinfo/tpm2
>
>
--
Luke Hinds | NFV Partner Engineering | CTO Office | Red Hat
e: lhinds(a)redhat.com | irc: lhinds @freenode | t: +44 12 52 36 2483
[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 5787 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [tpm2] tpm2-abrmd in a container
@ 2019-02-04 18:08 Andersen, John
0 siblings, 0 replies; 8+ messages in thread
From: Andersen, John @ 2019-02-04 18:08 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 2712 bytes --]
On Mon, Feb 04, 2019 at 04:57:12PM +0000, Luke Hinds wrote:
> On Mon, Feb 4, 2019 at 4:12 PM Roberts, William C
> <[1]william.c.roberts(a)intel.com> wrote:
>
> I run it in our CI system which is using a docker container, not
> sure if that helps
> But you can look at our scripts for it.
>
> Do you mean the following travis-ci file:
> [2]https://github.com/tpm2-software/tpm2-abrmd/blob/master/.travis.yml#
> L2
> I noticed this, but I think its a VM (unless I am mistaken):
> [3]https://docs.travis-ci.com/user/reference/overview/#virtualization-e
> nvironments
> Any pointers to files that reference your container use, would be
> helpful.
> Cheers,
> Luke
>
> > -----Original Message-----
> > From: tpm2 [mailto:[4]tpm2-bounces(a)lists.01.org] On Behalf Of Luke
> Hinds
> > Sent: Monday, February 4, 2019 7:47 AM
> > To: [5]tpm2(a)lists.01.org
> > Subject: [tpm2] tpm2-abrmd in a container
> >
> > Hello,
> >
> > I have been working on trying to get tpm2-abrmd running in a
> container, but its
> > proving problematic as there is a requirement on system-d and
> dbus. This in turn
> > requires running the container as privileged and mounting the
> hosts cgroup (and
> > adding cap sys-admin).
> >
> > My reason for using a container, is for CI / functional testing of
> a project that will
> > use abrmd and having a lightweight means to test against the
> resource manager
> > running in a container.
> >
> > I am still early in looking at ways to achieve this, so I wanted
> to ask if any others
> > have snippets of previous attempts (successful or not) they could
> share?
> >
> > Thanks,
> >
> > Luke
>
> --
> Luke Hinds | NFV Partner Engineering | CTO Office | Red Hat
> e: [6]lhinds(a)redhat.com | irc: lhinds @freenode | t: +44 12 52 36 2483
>
> References
>
> 1. mailto:william.c.roberts(a)intel.com
> 2. https://github.com/tpm2-software/tpm2-abrmd/blob/master/.travis.yml#L2
> 3. https://docs.travis-ci.com/user/reference/overview/#virtualization-environments
> 4. mailto:tpm2-bounces(a)lists.01.org
> 5. mailto:tpm2(a)lists.01.org
> 6. mailto:lhinds(a)redhat.com
Some dbus stuff happened in the tools repo recently. Not sure if this would be
of help.
https://github.com/tpm2-software/tpm2-tools/commit/9a6430ef293bc1a506224431af9370c7748f39b4
> _______________________________________________
> tpm2 mailing list
> tpm2(a)lists.01.org
> https://lists.01.org/mailman/listinfo/tpm2
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [tpm2] tpm2-abrmd in a container
@ 2019-02-04 16:57 Luke Hinds
0 siblings, 0 replies; 8+ messages in thread
From: Luke Hinds @ 2019-02-04 16:57 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 1715 bytes --]
On Mon, Feb 4, 2019 at 4:12 PM Roberts, William C <
william.c.roberts(a)intel.com> wrote:
> I run it in our CI system which is using a docker container, not sure if
> that helps
> But you can look at our scripts for it.
>
Do you mean the following travis-ci file:
https://github.com/tpm2-software/tpm2-abrmd/blob/master/.travis.yml#L2
I noticed this, but I think its a VM (unless I am mistaken):
https://docs.travis-ci.com/user/reference/overview/#virtualization-environments
Any pointers to files that reference your container use, would be helpful.
Cheers,
Luke
>
> > -----Original Message-----
> > From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Luke Hinds
> > Sent: Monday, February 4, 2019 7:47 AM
> > To: tpm2(a)lists.01.org
> > Subject: [tpm2] tpm2-abrmd in a container
> >
> > Hello,
> >
> > I have been working on trying to get tpm2-abrmd running in a container,
> but its
> > proving problematic as there is a requirement on system-d and dbus. This
> in turn
> > requires running the container as privileged and mounting the hosts
> cgroup (and
> > adding cap sys-admin).
> >
> > My reason for using a container, is for CI / functional testing of a
> project that will
> > use abrmd and having a lightweight means to test against the resource
> manager
> > running in a container.
> >
> > I am still early in looking at ways to achieve this, so I wanted to ask
> if any others
> > have snippets of previous attempts (successful or not) they could share?
> >
> > Thanks,
> >
> > Luke
>
--
Luke Hinds | NFV Partner Engineering | CTO Office | Red Hat
e: lhinds(a)redhat.com | irc: lhinds @freenode | t: +44 12 52 36 2483
[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 3234 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [tpm2] tpm2-abrmd in a container
@ 2019-02-04 16:11 Roberts, William C
0 siblings, 0 replies; 8+ messages in thread
From: Roberts, William C @ 2019-02-04 16:11 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 1039 bytes --]
I run it in our CI system which is using a docker container, not sure if that helps
But you can look at our scripts for it.
> -----Original Message-----
> From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Luke Hinds
> Sent: Monday, February 4, 2019 7:47 AM
> To: tpm2(a)lists.01.org
> Subject: [tpm2] tpm2-abrmd in a container
>
> Hello,
>
> I have been working on trying to get tpm2-abrmd running in a container, but its
> proving problematic as there is a requirement on system-d and dbus. This in turn
> requires running the container as privileged and mounting the hosts cgroup (and
> adding cap sys-admin).
>
> My reason for using a container, is for CI / functional testing of a project that will
> use abrmd and having a lightweight means to test against the resource manager
> running in a container.
>
> I am still early in looking at ways to achieve this, so I wanted to ask if any others
> have snippets of previous attempts (successful or not) they could share?
>
> Thanks,
>
> Luke
^ permalink raw reply [flat|nested] 8+ messages in thread
* [tpm2] tpm2-abrmd in a container
@ 2019-02-04 15:46 Luke Hinds
0 siblings, 0 replies; 8+ messages in thread
From: Luke Hinds @ 2019-02-04 15:46 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 655 bytes --]
Hello,
I have been working on trying to get tpm2-abrmd running in a container, but
its proving problematic as there is a requirement on system-d and dbus.
This in turn requires running the container as privileged and mounting the
hosts cgroup (and adding cap sys-admin).
My reason for using a container, is for CI / functional testing of a
project that will use abrmd and having a lightweight means to test against
the resource manager running in a container.
I am still early in looking at ways to achieve this, so I wanted to ask if
any others have snippets of previous attempts (successful or not) they
could share?
Thanks,
Luke
[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 823 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2019-02-06 7:50 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-06 7:50 [tpm2] tpm2-abrmd in a container Luke Hinds
-- strict thread matches above, loose matches on Subject: below --
2019-02-06 0:43 Javier Martinez Canillas
2019-02-05 15:40 Luke Hinds
2019-02-04 18:55 Luke Hinds
2019-02-04 18:08 Andersen, John
2019-02-04 16:57 Luke Hinds
2019-02-04 16:11 Roberts, William C
2019-02-04 15:46 Luke Hinds
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.