China
Africa
Explore chapters and articles related to this topic
Automotive Grade Linux
Published in P. Sivakumar, B. Vinoth Kumar, R. S. Sandhya Devi, Software Engineering for Automotive Systems, 2022
P. Sivakumar, A Neeraja Lakshmi, A. Angamuthu, R. S. Sandhya Devi, B. Vinoth Kumar, S. Studener
The virtualization solution as shown in Figure 6.6 is entirely consistent with existing AGL proposals and implementations, as is the AGL technology architecture. The AGL virtualization model introduced is also orthogonal. The AGL applications frame supports programmed separation based on namespaces, Cgroups, and SMACK, which uses files/process protection attributes that any time an operation process is tested and which function well with protected booting techniques by the Linux kernel. However, where multiple systems are to be performed with various safety and security criteria (infotainment, instruments cluster, telematics, etc.), the control of these safety features becomes more complicated and an additional degree of separation is required to better separate these systems. This is the position of the AGL virtualization platform to improve device stability and separate numerous applications from AGL groups but even developers from third parties.
The Journey to Cloud
Published in Haishi Bai, Zen of Cloud, 2019
Just to be clear—Docker didn't invent workload isolation. Isolation techniques have long existed in Linux systems such as cgroups (which can be traced back to 2006, when Google engineer Rohit Seth added to the Linux kernel the feature that grouped processes together under a common resource control), namespaces (which was added to Linux kernel in 2002), and Copy-on-Write (CoW) file systems. Windows has similar isolation constructs such as job objects.
A Container-Based Technique to Improve Virtual Machine Migration in Cloud Computing
Published in IETE Journal of Research, 2022
Aditya Bhardwaj, C. Rama Krishna
LXD is an open source container hypervisor which is built on top of LXC to improve the experience of the user. It uses liblxc to create and manage containers through a command-line tool. This tool allows the user to give an overview of all the existing containers on the network and also create new containers if necessary. To strengthen the security of containers running in LXD, we used AppArmor which is an important feature of the Linux kernel. Furthermore, in order to provide management and isolation of resources among containers, we implemented two key mechanisms namely, cgroup and namespace. The control group (cgroup) provides management of resources based on process hierarchy system, and isolation among containers is achieved using six kinds of namespaces outlined in the following: