Advanced Science and Technology Letters Vol.136 (ITCS 2016), pp.137-143 http://dx.doi.org/10.14257/astl.2016.136.33
A Design and Implementation of Universal Container Xin Li1, Hee-Kyung Moon1, Sung-Kook Han1, 1
Department of Computer Engineering, Wonkwang University 460 Iksandae-ro, Iksan, Jeonbuk, Republic of Korea
[email protected], {ybnjcw, skhan}@wku.ac.kr
Abstract. This paper proposes an Android terminal mobile virtualization
scheme based on the Linux Container technology. In this scheme, by changing the function of kernel adaptation to the tools in LXC user space in Android system, Debian OS is constructed in the SD card as the host environment of virtualization management. In this environment, through configuration of Android and various resources such as the document system, network and device in the container, we build a container environment that could operate the Android system, and he modified Android system can operate in it to realize the mobile virtualization scheme of operation system. Finally, through analysis of the result, we draw the conclusion that by applying the container technology, the Android system has the advantages of high efficiency and isolated phase balance. Mobile Virtualization; Operating System Level Virtualization; Container technology; Cgroup System; Namespace Keywords:
1
Introduction
With the explosive growth in the number of mobile intelligent terminals and the rise in wearable devices, it have become a hotspot in current researches how to effective utilize terminal resources and apply them into different scenarios. For example, a new development direction - mobile virtualization - has occurred by combining the traditional virtualization technology and mobile intelligent terminal. Mobile virtualization can not only satisfy the requirement of different operation systems in single intelligent terminal, which can save the cost for different platform functional software, but also realize the separation of corporate system through the isolation of virtualization technology, in this way to provide higher security. From the market perspective, the virtualization technology has significantly reduce the cost of mobile phone, which makes it possible for low-performance mobile phone to carry more functions. In this paper, we will propose a new approach to universal container.
ISSN: 2287-1233 ASTL Copyright © 2016 SERSC
Advanced Science and Technology Letters Vol.136 (ITCS 2016)
2
LXC Container Technology
With full name of Linux Container, LXC is an operation system level virtualization technology, and to put it simply, it isolates the progress and resources without the need to provide instruction interpretation mechanism and other complexity such as overall virtualization, which is similar to NameSpace in C++. The container can effectively allocate management resources for single OS into isolated groups, so that it can better balance conflicting resource use demands among isolated groups[1].
Fig. 1 Comparison between common virtualization and LXC virtualization [2]
The LXC program provides a tool set for user space in Linux system, the resource management framework Cgroup (control groups) provided by the Linux kernel is called with the LXC kit to conduct resource management and restriction of container, and the Namespace mechanism is used to conduct isolation within the container. Therefore, two critical kernel characteristics to realize Linux container are Cgroup and the Namespace mechanism.
3
Overall System Architecture of Universal Container
The overall architecture of universal container for Android mobile virtualization is as the following:
Fig. 2. Overall System Architecture
138
Copyright © 2016 SERSC
Advanced Science and Technology Letters Vol.136 (ITCS 2016)
The hardware resources on Android terminal are maintained as the same. On the hardware level, a modified Android kernel is operated, and this kernel supports the Cgroup system and Namespace mechanism. What has replaced the original ecological operation system is a system which supports using LXC’s Linux system as the host system for virtualization management. LXC interacts with the kernel through the Cgroup system and Namespace mechanism, and by dividing progress groups, it can operate in independent Namespace to form container. LXC provides a group of tools in the user space that the host system can create and management the operation in container through explicit command, which can also monitor the progress and operation within container at any time. Because Namespace has instantly created independent file system view for each container, therefore, if the operation of Android OS is realized in the Linux container, the root file system in Android system must makes corresponding transplantation and modification.
4
Adaptation of Android Kernel
At present, there is almost no kernel in market that supports the Cgroup system and Namespace mechanism as the basis of LXC, so we need to conduct related modification and configuration of the Android kernel to make it supports the Cgroup system and Namespace mechanism. The Android kernel version adopted in this paper is 2.6.29, the experiment terminal for simulation operation is Nexus, the busybox is also accurately allocated, and the CPU is Qualcomm series, so that the sound code can be directly obtained from the Android tree. $ git clone https://Android.googlesouree.com/kernel/msm.git Extract the branch kernel source code through the checkout instruction of git tool. In the native Android kernel source code, if it lacks certain critical call, or some unpredictable bug have been generated when the Android OS is operated in the container, corresponding modification should be made on the kernel source code. In the following, we list several important places that require source code modification. 4.1
Increase the call of setns system
When the Namespace mechanism is added to the kernel, setns has not appeared in the kernel source code, and the role of this system call is to add progress into an existing Namespace. 4.2
Add the proc entrance and operation interface of Namespace
After initiating the Namespace mechanism in kernel, the location with no explicit formulation originally now has explicit formulation. By adding the Namespace entrance, it can convenient check the Namespace cases existing in the system, and various Namespace sub modules are used to realize related operation, including get add reference count, put reduced reference count and installing Namespace into specified nsproxy Namespace proxy instances.
Copyright © 2016 SERSC
139
Advanced Science and Technology Letters Vol.136 (ITCS 2016)
4.3
Modification during the process to call and realize fork
During the fork call, the copy process function is called at last to copy the progress information, including the memory information and namespace of parent process. During adaptation to this kernel version, when cloning a process group, determine whether the CLONE flag NEWPID is suitable. By checking whether the actual ID number of numbers member saved in corresponding namespace of its PID is 1, determine whether it is fine to make this progress the ancestor progress of this Namespace, which should carry out the task to recover orphan process in this Namespace. In the meantime, in the fork.c source file, the unshared system call lacks judgment of multiple Namespace signs in this kernel version, including CLONE_NEWPID. 4.4 Modification of kernel startup parameters and the generation of boot partition (Kernel startup command line CMDLINE ) For the scheme adopted by this paper, because it requires starting the Linux system as the OS-level virtualization management system in the Android tester, i.e., the host system, the original Android OS is installed in the ROM of mobile phone, and its file system format is yaffs, which is not suitable to be installed in the Linux system. In order to save memory space and prevent polluting the original Android OS, this paper adopts the method to start the host system from the external memory SD card, i.e., install the host system in the SD card. Therefore, it requires that the kernel should support starting the OS from the SD card, and during kernel start-up, the start-up root file path must be added as the path start-up parameter of SD card device[3].
5
Implementation of the Host Environment
The virtualization scheme adopted in this paper uses a standard Linux system as the host system for virtualization management, so that the LXC kit can directly operate in the host system without any modification. Therefore, this paper chooses the Debian system based on armel architecture as the host system. 5.1
Download and install the Debian host system into the SD card
The downloading and installation of Debian system mainly depends on the debootstrap tool. The debootstrap tool is an official Debian tool to install the Debian Base system, which provides the function to install the Debian Base system into a subdirectory in a system that has been installed. The debootstrap does not require installing CD, which only requires Internet access and connecting to the repository of Debian.
140
Copyright © 2016 SERSC
Advanced Science and Technology Letters Vol.136 (ITCS 2016)
5.2
Start scripting configuration
Once the new kernel becomes effective and starts the Debian system, because it is not connected to the network, and the ssh application software has not been installed, if there is no serial line to connect it to the mobile phone, the PC terminal will finally lose its connection to mobile phone, and we cannot operate the mobile phone, so after the system loading is completed, we should start the adbd program for the PC terminal to control the mobile phone through the adb protocol. On the common system start-up level, the system will execute commands in the /etc/rc.local script. In this file, add the following command before the “exit 0” exit command. /sbin/adbd & Then, it will execute adbd after starting the system. The precondition is that the adbd in original system must be copied to corresponding directory. The configuration for /etc/fstab is very important, and if the configuration of this file is wrong, the kernel will be unable to mount the root file system, which will make it impossible the execute the follow-up start-up procedure. For the Linux system, the device path of SD card is /dev/mmcblk0p2, which refers to the second partition of MMC device. In the fstab file, in addition to mounting common virtual file systems such as proc and sysfs, the Cgroup file system must also be mounted. none /cgroup cgroup defaults 0 0 Of course, in order to conduct data interaction in the system partition and user data partition of original mobile phone system, corresponding mtd device can also be mounted [4].
5.3
Transplant LXC and implementation of Android container
In this way, after flashing into the modified start-up partition image boot.img, it will restart and enter pure Linux system. In the host system, the LXC user kit is used to create and configure the container environment, so that it can run the Android OS as a virtual machine.
5.4
Evaluation of Android container
The tester is Nexus One, the kernel version is Modified 2.6.35.7, and it is based on the Debian (armel) Host system built within SD in last section. After starting the machine, the tester enters the Debian system, which connects through the adb protocol at the PC terminal. We can check the Cgroup system and Namespace function start-up situation in current kernel through the LXC-check config tool.
Copyright © 2016 SERSC
141
Advanced Science and Technology Letters Vol.136 (ITCS 2016)
Fig.3 Special function check in kernel
With the config file as the container configuration file, start the container through LXC-start command, and operate the Android system. After starting the container, the system operation interface will enter the Android system.
Fig.4 Android container start-up completion interface
6
Conclusion
At present, cloud computing is a hotspot in the computer field, while virtualization technology is the basis of cloud computing. This paper tries to look for a balance point in the efficiency and isolation of virtualization technology, and the OS-level virtualization technology of Linux Container is adopted. Based on analysis of how Linux Container realizes progress resource restriction and data isolation, we provide specific scheme to realize mobile virtualization at Android intelligent terminal.
142
Copyright © 2016 SERSC
Advanced Science and Technology Letters Vol.136 (ITCS 2016)
References 1. 2. 3. 4. 5. 6.
Wikipedia https://en.wikipedia.org/wiki/LXC Linux Containers https:/linuxcontainers.org/ Heiser, G.: The role of virtualization in embedded systems[C]. Proceedings of the 1st workshop on Isolation and integration in embedded systems. ACM, 2008 11-16. Härtig, H., Roitzsch, M.: Ten years of research on L4-based real-time systems[C]. Proceedings of the Eighth Real-Time Linux Workshop,2006 Peng, S.: Research and Application of Smartphone Mobile Office based on Virtual Technology [D]. Fudan University, 2011. OKL4 Microvisor[EB/OL].http://www.ok-labs.com/products/okl4-microvisor
Copyright © 2016 SERSC
143
