Add usbvm

classes/openxt-image.bbclass

@@ -81,3 +81,11 @@ remove_nonessential_initscripts() {
     fi
 }
 ROOTFS_POSTPROCESS_COMMAND += "remove_nonessential_initscripts; "
+
+# Xenstore reboot
+ctrlaltdel_reboot() {
+    # PV driver synthesize ctrl+alt+del in response to a xenstore reboot
+    echo 'ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now' >> ${IMAGE_ROOTFS}/etc/inittab;
+}
+ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("IMAGE_FEATURES", "ctrlaltdel-reboot", "ctrlaltdel_reboot; ", "",d)}'
+IMAGE_FEATURES[validitems] += "ctrlaltdel-reboot"

conf/machine/usbvm.conf

@@ -0,0 +1,13 @@
+# Copyright (C) 2010 Citrix Systems
+# Released under the MIT license (see packages/COPYING)
+#@TYPE: Machine
+#@NAME: usbvm
+#@DESCRIPTION: Machine configuration for USB VM
+
+require xenclient-common.conf
+
+MACHINE_FEATURES = "pci ext2 x86"
+
+APPEND = "root=/dev/xvda2 ro console=hvc0 iommu=soft"
+
+USE_VT = "0"

recipes-core/base-files/files/usbvm/fstab

@@ -0,0 +1,24 @@
+# proc is presumably mounted by /etc/init.d/rcS script.
+# /etc/init.d/rcS might use this file, so match this entry with
+# /etc/fstab.early.
+proc        /proc              proc        nosuid,noexec,nodev      0 0
+
+# OpenXT read-only root tmpfs:
+# These have to be either absent from this file or match /etc/fstab.early
+# exactly for mountearly.sh and mountall.sh to work correctly.
+sysfs       /sys               sysfs       nosuid,noexec,nodev      0 0
+devtmpfs    /dev               devtmpfs    mode=0755,nosuid         0 0
+tmpfs       /run               tmpfs       defaults,size=5M         0 0
+
+tmpfs       /var/volatile      tmpfs       defaults,size=5M         0 0
+
+# OpenXT read-only root:
+# mountall.sh should take care of these.
+rootfs      /                  auto        defaults,ro,noatime      1 1
+
+devpts      /dev/pts           devpts      mode=0620,gid=5          0 0
+tmpfs       /dev/shm           tmpfs       mode=0777,size=1M        0 0
+
+xenfs       /proc/xen          xenfs       defaults                 0 0
+
+tmpfs       /var/lib/dbus      tmpfs       defaults,size=1M         0 0

recipes-core/base-files/files/usbvm/fstab.early

@@ -0,0 +1,13 @@
+# proc is presumably mounted by /etc/init.d/rcS script.
+# /etc/init.d/rcS might use /etc/fstab when not modified accordingly, so match
+# this entry with /etc/fstab.
+proc        /proc              proc        nosuid,noexec,nodev      0 0
+
+# OpenXT read-only root tmpfs:
+# These have to be either absent from this file or match /etc/fstab
+# exactly for mountearly.sh and mountall.sh to work correctly.
+sysfs       /sys               sysfs       nosuid,noexec,nodev      0 0
+devtmpfs    /dev               devtmpfs    mode=0755,nosuid         0 0
+tmpfs       /run               tmpfs       defaults,size=5M         0 0
+
+tmpfs       /var/volatile      tmpfs       defaults,size=5M         0 0

recipes-core/busybox/busybox_%.bbappend

@@ -1,5 +1,7 @@
 FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
 
+DEPENDS += "libselinux"
+
 SRC_URI += " \
     file://archive.cfg \
     file://console.cfg \

recipes-core/busybox/files/general.cfg

@@ -1,2 +1,3 @@
+CONFIG_SELINUX=y
 CONFIG_UNICODE_SUPPORT=y
 CONFIG_UNICODE_WIDE_WCHARS=y

recipes-core/busybox/files/process.cfg

@@ -8,3 +8,5 @@ CONFIG_FEATURE_SHOW_THREADS=y
 CONFIG_PS=y
 CONFIG_FEATURE_PS_TIME=n
 CONFIG_FEATURE_PS_ADDITIONAL_COLUMNS=n
+
+CONFIG_PKILL=y

recipes-core/images/usbvm-image.bb

@@ -0,0 +1,32 @@
+DESCRIPTION = "usbvm to isolate USB hardware"
+LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = " \
+    file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6 \
+"
+
+inherit openxt-selinux-image
+
+IMAGE_FEATURES += " \
+    read-only-rootfs \
+    empty-root-password \
+    ctrlaltdel-reboot \
+"
+
+IMAGE_FSTYPES = "ext4.disk.vhd.gz"
+
+IMAGE_LINGUAS = ""
+
+COMPATIBLE_MACHINE = "usbvm"
+
+IMAGE_INSTALL += " \
+    packagegroup-core-boot \
+    kmod \
+    openssh \
+    rsyslog \
+    usbutils \
+    argo-module \
+    grub-xen-conf \
+    kernel-modules \
+    vusb-daemon-stub \
+    argo-input-sender \
+"

recipes-core/images/xenclient-ndvm-image.bb

@@ -13,6 +13,7 @@ IMAGE_FEATURES += " \
     read-only-rootfs \
     empty-root-password \
     root-bash-shell \
+    ctrlaltdel-reboot \
 "
 
 IMAGE_FSTYPES = "ext3.disk.vhd.gz"
@@ -76,9 +77,6 @@ post_rootfs_shell_commands() {
     # Trick to resolve dom0 name with argo.
     echo '1.0.0.0 dom0' >> ${IMAGE_ROOTFS}/etc/hosts;
 
-    # enable ctrlaltdel reboot because PV driver uses ctrl+alt+del to interpret reboot issued via xenstore
-    echo 'ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now' >> ${IMAGE_ROOTFS}/etc/inittab;
-
     # NDVM doesn't have a /dev/tty1, disable the login shell on it
     sed -i 's/[^#].*getty.*tty1$/#&/' ${IMAGE_ROOTFS}/etc/inittab ;
 }

recipes-core/images/xenclient-syncvm-image.bb

@@ -12,6 +12,7 @@ IMAGE_FEATURES += " \
     package-management \
     read-only-rootfs \
     root-bash-shell \
+    ctrlaltdel-reboot \
 "
 
 IMAGE_FSTYPES = "ext3.vhd.gz"
@@ -47,9 +48,6 @@ require xenclient-version.inc
 inherit xenclient-licences
 
 post_rootfs_shell_commands() {
-    # enable ctrlaltdel reboot because PV driver uses ctrl+alt+del to interpret reboot issued via xenstore
-    echo 'ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now' >> ${IMAGE_ROOTFS}/etc/inittab;
-
     # Trick to resolve dom0 name with argo.
     echo '1.0.0.0 dom0' >> ${IMAGE_ROOTFS}/etc/hosts;
 }

recipes-core/images/xenclient-uivm-image.bb

@@ -13,6 +13,7 @@ IMAGE_FEATURES += " \
     read-only-rootfs \
     empty-root-password \
     root-bash-shell \
+    ctrlaltdel-reboot \
 "
 IMAGE_FSTYPES = "ext3.vhd.gz"
 export IMAGE_BASENAME = "xenclient-uivm-image"
@@ -107,9 +108,6 @@ post_rootfs_shell_commands() {
     # Start WM right away.
     echo 'x:5:respawn:/bin/su - root -c /usr/bin/startxfce4' >> ${IMAGE_ROOTFS}/etc/inittab
 
-    # enable ctrlaltdel reboot because PV driver uses ctrl+alt+del to interpret reboot issued via xenstore
-    echo 'ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now' >> ${IMAGE_ROOTFS}/etc/inittab
-
     # Trick to resolve dom0 name with argo.
     echo '1.0.0.0 dom0' >> ${IMAGE_ROOTFS}/etc/hosts
 }

recipes-core/initscripts/initscripts-1.0/populate-volatile.sh

@@ -28,9 +28,9 @@ RESTORECON="${ROOT_DIR}/sbin/restorecon"
 create_file() {
 	EXEC="
 	touch \"$1\";
-	[ -x ${RESTORECON} ] && ${RESTORECON} \"$1\" >/dev/tty0 2>&1;
-	chown ${TUSER}.${TGROUP} $1 || echo \"Failed to set owner -${TUSER}- for -$1-.\" >/dev/tty0 2>&1;
-	chmod ${TMODE} $1 || echo \"Failed to set mode -${TMODE}- for -$1-.\" >/dev/tty0 2>&1 "
+	[ -x ${RESTORECON} ] && ${RESTORECON} \"$1\" >/dev/console 2>&1;
+	chown ${TUSER}.${TGROUP} $1 || echo \"Failed to set owner -${TUSER}- for -$1-.\" >/dev/console 2>&1;
+	chmod ${TMODE} $1 || echo \"Failed to set mode -${TMODE}- for -$1-.\" >/dev/console 2>&1 "
 
 	test "$VOLATILE_ENABLE_CACHE" = yes && echo "$EXEC" >> /etc/volatile.cache.build
 
@@ -52,9 +52,9 @@ create_file() {
 mk_dir() {
 	EXEC="
 	mkdir -p \"$1\";
-	[ -x ${RESTORECON} ] && ${RESTORECON} \"$1\" >/dev/tty0 2>&1;
-	chown ${TUSER}.${TGROUP} $1 || echo \"Failed to set owner -${TUSER}- for -$1-.\" >/dev/tty0 2>&1;
-	chmod ${TMODE} $1 || echo \"Failed to set mode -${TMODE}- for -$1-.\" >/dev/tty0 2>&1 "
+	[ -x ${RESTORECON} ] && ${RESTORECON} \"$1\" >/dev/console 2>&1;
+	chown ${TUSER}.${TGROUP} $1 || echo \"Failed to set owner -${TUSER}- for -$1-.\" >/dev/console 2>&1;
+	chmod ${TMODE} $1 || echo \"Failed to set mode -${TMODE}- for -$1-.\" >/dev/console 2>&1 "
 
 	test "$VOLATILE_ENABLE_CACHE" = yes && echo "$EXEC" >> /etc/volatile.cache.build
 	[ -e "$1" ] && {

recipes-core/packagegroups/packagegroup-xenclient-dom0.bb

@@ -95,6 +95,7 @@ RDEPENDS_${PN} = " \
     xenclient-pcrdiff \
     eject \
     linux-input \
+    argo-input-receiver \
     iputils-ping \
     vusb-daemon \
     xenmgr-data \

recipes-kernel/linux/6.1/defconfigs/usbvm/defconfig

@@ -0,0 +1,176 @@
+# CONFIG_LOCALVERSION_AUTO is not set
+CONFIG_SYSVIPC=y
+CONFIG_POSIX_MQUEUE=y
+CONFIG_AUDIT=y
+CONFIG_PREEMPT_VOLUNTARY=y
+CONFIG_BSD_PROCESS_ACCT=y
+CONFIG_BSD_PROCESS_ACCT_V3=y
+CONFIG_TASKSTATS=y
+CONFIG_TASK_DELAY_ACCT=y
+CONFIG_LOG_BUF_SHIFT=16
+CONFIG_NAMESPACES=y
+# CONFIG_UTS_NS is not set
+# CONFIG_IPC_NS is not set
+# CONFIG_PID_NS is not set
+# CONFIG_NET_NS is not set
+CONFIG_BLK_DEV_INITRD=y
+# CONFIG_RD_BZIP2 is not set
+# CONFIG_RD_LZMA is not set
+# CONFIG_RD_XZ is not set
+# CONFIG_RD_LZO is not set
+# CONFIG_RD_LZ4 is not set
+CONFIG_EXPERT=y
+CONFIG_PROFILING=y
+CONFIG_SMP=y
+# CONFIG_X86_EXTENDED_PLATFORM is not set
+CONFIG_HYPERVISOR_GUEST=y
+CONFIG_PARAVIRT=y
+CONFIG_PARAVIRT_DEBUG=y
+CONFIG_XEN=y
+CONFIG_XEN_DEBUG_FS=y
+# CONFIG_XEN_DOM0 is not set
+# CONFIG_KVM_GUEST is not set
+CONFIG_PARAVIRT_TIME_ACCOUNTING=y
+CONFIG_MCORE2=y
+CONFIG_NR_CPUS=8
+# CONFIG_X86_MCE is not set
+# CONFIG_PERF_EVENTS_INTEL_UNCORE is not set
+# CONFIG_PERF_EVENTS_INTEL_RAPL is not set
+# CONFIG_PERF_EVENTS_INTEL_CSTATE is not set
+# CONFIG_X86_16BIT is not set
+# CONFIG_MICROCODE is not set
+CONFIG_X86_MSR=y
+CONFIG_X86_CPUID=y
+# CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS is not set
+CONFIG_HZ_100=y
+CONFIG_HIBERNATION=y
+CONFIG_ACPI_DOCK=y
+CONFIG_ACPI_PROCESSOR_AGGREGATOR=y
+# CONFIG_ACPI_TABLE_UPGRADE is not set
+CONFIG_ACPI_DEBUG=y
+CONFIG_ACPI_SBS=y
+CONFIG_CPU_IDLE_GOV_MENU=y
+# CONFIG_PCI_MMCONFIG is not set
+# CONFIG_ISA_DMA_API is not set
+CONFIG_IA32_EMULATION=y
+# CONFIG_VIRTUALIZATION is not set
+CONFIG_MODULES=y
+CONFIG_MODULE_FORCE_LOAD=y
+CONFIG_MODULE_UNLOAD=y
+CONFIG_MODULE_FORCE_UNLOAD=y
+CONFIG_MODVERSIONS=y
+CONFIG_MODULE_SRCVERSION_ALL=y
+CONFIG_MODULE_SIG=y
+CONFIG_MODULE_SIG_FORCE=y
+# CONFIG_MODULE_SIG_ALL is not set
+CONFIG_MODULE_SIG_SHA384=y
+CONFIG_BLK_DEV_BSGLIB=y
+CONFIG_PARTITION_ADVANCED=y
+# CONFIG_MQ_IOSCHED_DEADLINE is not set
+# CONFIG_MQ_IOSCHED_KYBER is not set
+CONFIG_SLAB=y
+# CONFIG_COMPAT_BRK is not set
+# CONFIG_COMPACTION is not set
+CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
+CONFIG_NET=y
+CONFIG_UNIX=y
+CONFIG_INET=y
+# CONFIG_INET_DIAG is not set
+# CONFIG_IPV6 is not set
+# CONFIG_WIRELESS is not set
+CONFIG_PCI=y
+CONFIG_PCI_MSI=y
+# CONFIG_VGA_ARB is not set
+CONFIG_UEVENT_HELPER=y
+CONFIG_DEVTMPFS=y
+CONFIG_DEVTMPFS_MOUNT=y
+# CONFIG_STANDALONE is not set
+CONFIG_CONNECTOR=y
+# CONFIG_DMIID is not set
+# CONFIG_PNP_DEBUG_MESSAGES is not set
+CONFIG_BLK_DEV_LOOP=y
+CONFIG_BLK_DEV_RAM=y
+CONFIG_NETDEVICES=y
+# CONFIG_NET_CORE is not set
+# CONFIG_ETHERNET is not set
+# CONFIG_USB_NET_DRIVERS is not set
+# CONFIG_WLAN is not set
+# CONFIG_XEN_NETDEV_FRONTEND is not set
+CONFIG_INPUT_EVDEV=y
+# CONFIG_INPUT_KEYBOARD is not set
+# CONFIG_INPUT_MOUSE is not set
+# CONFIG_SERIO is not set
+# CONFIG_VT is not set
+# CONFIG_LEGACY_PTYS is not set
+CONFIG_SERIAL_8250=y
+# CONFIG_HW_RANDOM is not set
+# CONFIG_DEVMEM is not set
+# CONFIG_DEVPORT is not set
+# CONFIG_HWMON is not set
+CONFIG_USB=y
+CONFIG_USB_ANNOUNCE_NEW_DEVICES=y
+CONFIG_USB_XHCI_HCD=m
+CONFIG_USB_EHCI_HCD=m
+CONFIG_USB_EHCI_ROOT_HUB_TT=y
+CONFIG_USB_OHCI_HCD=m
+CONFIG_USB_UHCI_HCD=m
+CONFIG_SYNC_FILE=y
+# CONFIG_VIRTIO_MENU is not set
+CONFIG_XEN_BACKEND=y
+CONFIG_XEN_GNTDEV=y
+CONFIG_XEN_GRANT_DEV_ALLOC=y
+CONFIG_XEN_PCIDEV_BACKEND=y
+# CONFIG_X86_PLATFORM_DEVICES is not set
+# CONFIG_IOMMU_SUPPORT is not set
+CONFIG_RAS=y
+CONFIG_EXT4_FS=y
+CONFIG_EXT4_FS_POSIX_ACL=y
+CONFIG_EXT4_FS_SECURITY=y
+CONFIG_VFAT_FS=m
+CONFIG_TMPFS=y
+CONFIG_TMPFS_POSIX_ACL=y
+CONFIG_CONFIGFS_FS=y
+# CONFIG_MISC_FILESYSTEMS is not set
+# CONFIG_NETWORK_FILESYSTEMS is not set
+CONFIG_NLS_DEFAULT="utf8"
+CONFIG_NLS_CODEPAGE_437=y
+CONFIG_NLS_ASCII=y
+CONFIG_NLS_ISO8859_1=y
+CONFIG_NLS_ISO8859_15=y
+CONFIG_NLS_UTF8=y
+CONFIG_SECURITY_DMESG_RESTRICT=y
+CONFIG_SECURITY=y
+CONFIG_SECURITYFS=y
+CONFIG_SECURITY_NETWORK=y
+CONFIG_SECURITY_PATH=y
+CONFIG_SECURITY_SELINUX=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM=y
+CONFIG_SECURITY_YAMA=y
+# CONFIG_INTEGRITY is not set
+CONFIG_CRYPTO_AES=y
+CONFIG_CRYPTO_HMAC=y
+CONFIG_CRYPTO_SHA1=y
+CONFIG_CRYPTO_SHA256=y
+CONFIG_CRYPTO_CRC32C_INTEL=y
+CONFIG_CRYPTO_CRCT10DIF_PCLMUL=y
+# CONFIG_CRYPTO_HW is not set
+CONFIG_CRC_CCITT=m
+CONFIG_CRC_T10DIF=y
+CONFIG_CRC_ITU_T=m
+CONFIG_CRC7=m
+CONFIG_LIBCRC32C=m
+CONFIG_PRINTK_TIME=y
+CONFIG_DYNAMIC_DEBUG=y
+CONFIG_STRIP_ASM_SYMS=y
+CONFIG_DEBUG_FORCE_WEAK_PER_CPU=y
+CONFIG_MAGIC_SYSRQ=y
+CONFIG_DETECT_HUNG_TASK=y
+CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=0
+CONFIG_RCU_CPU_STALL_TIMEOUT=60
+# CONFIG_RCU_TRACE is not set
+CONFIG_LATENCYTOP=y
+CONFIG_FTRACE_SYSCALLS=y
+CONFIG_BLK_DEV_IO_TRACE=y
+# CONFIG_UPROBE_EVENTS is not set
+CONFIG_EARLY_PRINTK_DBGP=y
+CONFIG_UNWINDER_FRAME_POINTER=y