[docs] More review of QtApplicationManager documentation

* Add a diagram to that illustrates the architecture of Qt Application Manager for the Introduction topic * Swap out "app" for "application" where logical, to standardize terminology * Swap out "System-UI" for "System UI" * Swap out "application-manager" for "application manager" * Lots of simplification of sentences to improve readability Task-number: AUTOSUITE-778 Change-Id: Id4b8791d2750728892d9b0abc479dd7dd78ad450 Reviewed-by: Robert Griebl <robert.griebl@pelagicore.com>
author: Kavindra Palaraja <kpalaraja@luxoft.com> 2019-03-26 11:21:57 +0100
committer: Robert Griebl <robert.griebl@pelagicore.com> 2019-04-02 09:19:05 +0000
commit: af68559f1796475a896ffead313b2362267b1570 (patch)
tree: e0324240ad1c42d9a31200a3a5d5f39d2bfc80be /doc/container.qdoc
parent: 650d7718aac9c4aa335883d8a1ee4d2e46ce52b5 (diff)
1 files changed, 124 insertions, 122 deletions
diff --git a/doc/container.qdoc b/doc/container.qdoc
index e7de3645..246fc82c 100644
--- a/doc/container.qdoc
+++ b/doc/container.qdoc
@@ -31,26 +31,26 @@
 \page containers.html
 \title Containers
 
-A \b container in the application-manager world describes an execution environment for an
-executable (either an app's binary or its runtime binary) in multi-process mode. This does not have
-to be something sophisticated like a Docker container, but can be as simple as an Unix process.
+In the application manager context, a \b container describes an execution environment for an
+executable: either an application's binary or its runtime binary, in multi-process mode. The
+container does not have to be something sophisticated like a Docker container, but can be as
+simple as a Unix process.
 
 \section1 Predefined Containers
 
-The application-manager comes with a single type of container built-in: the \c process container,
-which simply spawns a new Unix process to execute the requested binary.
+The application manager comes with a one built-in container type: the \c process container,
+that spawns a new Unix process to execute the requested binary.
 
-In addition, a very basic integration of Pelagicore's
-\l{https://github.com/Pelagicore/softwarecontainer}{software-containers} is provided in \c
+In addition, you can find a basic integration of Pelagicore's
+\l{https://github.com/Pelagicore/softwarecontainer}{software-containers} in \c
 examples/softwarecontainers. This can be used as a blueprint to either create a customer-specific
 production version of a softwarecontainers plugin, or to integrate another container solution.
 
-\section1 Extending with Container Plugins
+\section1 Extend with Container Plugins
 
-Custom container solution can easily be added via plugins.
-These plugins need not to be built as part of the application-manager, but
-they need to be built against a private Qt module to get the interface
-definition:
+Custom container solutions can be added via plugins. These plugins need not to be built as part
+of the application manager, but they need to be built against a private Qt module to get the
+interface definition:
 
 \badcode
 TEMPLATE = lib
@@ -60,8 +60,8 @@ TARGET = mycontainer-plugin
 QT += appman_plugininterfaces-private
 \endcode
 
-The only thing you have to then implement are two classes that derive from \c ContainerInterface
-and from ContainerManagerInterface respectively, e.g.:
+Then, you only have to implement two classes that derive from \c ContainerInterface
+and from \c ContainerManagerInterface respectively:
 
 \code
 #include <QtAppManPluginInterfaces/containerinterface.h>
@@ -81,29 +81,30 @@ class SoftwareContainerManager : public QObject, public ContainerManagerInterfac
 };
 \endcode
 
-Please be aware that your container plugin has to support a few basic requirements in order to
-support UI clients in multi-process mode:
+Be aware that your container plugin has to support a few basic requirements to support UI clients
+in multi-process mode:
 \list 1
-\li The plugin has to be able to forward Unix local sockets into the container. This is needed for
-    both the Wayland socket as well as for the private peer-to-peer D-Bus connection. If the plugin
-    is not able to map these sockets to the exact same location within the container, it needs to
-    alter the environment variables for the respective locations before passing them into the
-    container. See below for a list of relevant environment variables.
-\li In order to support hardware OpenGL acceleration, the container needs to have access to the
-    necessary devices: for GPUs following Linux standards (e.g. Intel), you have to make sure to
-    have /c{/dev/dri/*} available within the container.
-\li If you want to make use of the application-manager's security features, you also have to
-    implement PID mapping in your plugin (this is unnecessary if your container solution shares its
-    PID namespace with the rest of the system). Every connection coming into the application-manager
-    via the Wayland or D-Bus Unix local sockets is queried for the PID of the application requesting
-    the connection. The application-manager will verify these PIDs against the PIDs of all running
-    applications via ContainerInterface::processId(). Connections that will not match a PID will
-    not be accepted. This behavior can be disable though by use of the \l{no-security}{\c{--no-security}}
-    command line option.
+  \li The plugin has to be able to forward Unix local sockets into the container. This is needed
+      for both the \l{Qt Wayland Compositor}{Wayland} socket as well as for the private peer-to-peer
+      D-Bus connection. If the plugin cannot map these sockets to the correct location within the
+      container, the plugin then needs to modify the environment variables for the respective
+      locations before passing them on to the container. The table below lists the relevant
+      environment variables.
+  \li To support hardware OpenGL acceleration, the container needs to have access to the necessary
+      device. For GPUs that follow Linux standards, such as Intel, make sure to have /c{/dev/dri/*}
+      available within the container.
+  \li You have to implement PID mapping in your plugin; unless your container solution shares its
+      PID namespace with the rest of the ssytem. This is necessary if you want to make use of the
+      application manager's security features. Each connection coming into the application manager
+      via the Wayland or D-Bus Unix local sockets is queried for the PID of the application that
+      requests the connection. The application manager verifies these PIDs against the PIDs of all
+      running applications via ContainerInterface::processId(). Connections that don't match a PID
+      are not accepted. However, you can disable this behavior via the
+      \l{no-security}{\c{--no-security}} command line option.
 \endlist
 
-The application-manager will use these environment variables to communicate various settings to the
-application. A custom container plugin has to make sure to forward these or adjust them accordingly:
+The application manager uses the following environment variables to communicate various settings to
+the application. A custom container plugin must forward these variables or adjust them accordingly:
 
 \table
 \header
@@ -112,33 +113,33 @@ application. A custom container plugin has to make sure to forward these or adju
 \row
   \li \c{WAYLAND_DISPLAY}
   \li The path to the Wayland server socket. If your container uses its own filesystem namespace,
-      you need to make sure that this socket gets forwarded accordingly.
+      make sure that this socket is forwarded accordingly.
 \row
   \li \c{QT_QPA_PLATFORM}
   \li Always set to \c{wayland}.
 \row
   \li \c{QT_IM_MODULE}
-  \li Not really set, but explicitly unset by the application-manager. Make sure to not set it, if
-      the automatic Wayland input method implementation should be used.
+  \li Not set, but explicitly unset by the application manager. Make sure to leave it unset it, to
+      use the automatic Wayland input method implementation.
 \row
   \li \c{DBUS_SESSION_BUS_ADDRESS}
-  \li The standard D-Bus session bus
+  \li The standard D-Bus session bus.
 \row
   \li \c{AM_DBUS_PEER_ADDRESS}
-  \li This variable holds the D-Bus socket identifier for the private peer-to-peer bus between the
-      application-manager and the application. If your container uses its own filesystem namespace,
-      you need to make sure that this socket gets forwarded accordingly.
+  \li Holds the D-Bus socket identifier for the private peer-to-peer bus between the application
+      manager and the application itself. If your container uses its own filesystem namespace,
+      make sure that this socket is forwarded accordingly.
 \row
   \li \c{AM_DBUS_NOTIFICATION_BUS_ADDRESS}
-  \li Since the \c{org.freedesktop.Notifications} interface could be on a different bus as the rest
-      of the D-Bus interfaces, the application-manager needs to tell the application explicitly
-      where to look for this interface.
+  \li Since the \c{org.freedesktop.Notifications} interface could be on a different bus from the
+      rest of the D-Bus interfaces, the application manager needs to explicitly tell the
+      application where to look for this interface.
 \row
   \li \c{AM_BASE_DIR}
-  \li The current directory of the application-manager.
+  \li The current directory for the application manager.
 \row
   \li \c{AM_RUNTIME_SYSTEM_PROPERTIES}
-  \li The public part of the \l{system-properties}{system properties}, encoded as an YAML document.
+  \li The public part of the \l{system-properties}{system properties}, encoded as a YAML document.
 \row
   \li \c{AM_NO_DLT_LOGGING}
   \li Tells the application to not use DLT for logging.
@@ -146,31 +147,35 @@ application. A custom container plugin has to make sure to forward these or adju
 
 \section1 Configuration
 
-There are three parts to the container configuration:
+A container configuration has three parts:
+
 \list 1
-\li Configure which containers are available at all.
-\li Add specific settings for each available container integration.
-\li Configure which container solution is selected to run a specific application.
+  \li Configure which containers are available when \l{load-plugins}{loading} the container plugins
+  \li Add specific settings for each \l{container-integration}{container integration} available
+  \li Configure which container solution to \l{container-selection}{select} to run a specific
+      application
 \endlist
 
+\target load-plugins
 \section1 Load Container Plugins
 
-In order to activate an existing container plugin for use in the application-manager, you need to
-add its full path to the list of plugins to load in the application-manager's config file:
+To configure an existing container plugin for use in the application manager, you need to
+add its full path to the list of plugins to load in the application manager's config file:
 
 \badcode
 plugins:
   container: [ "/full/path/to/softwarecontainers.so", "/another/plugin.so" ]
 \endcode
 
-Please note that the application-manager does \b not load plugins automatically if they are placed
+Note that the application manager does \b not load plugins automatically if they are placed
 in a specific directory, since container plugins control the central security mechanism for
 separating applications.
 
-\section1 Container Integration Configuration
+\target container-integration
+\section1 Add Container Integration Settings
 
-Each container integration has an unique id, which can be used to add settings to the
-application-manager's config file, e.g.
+Each container integration has a unique ID, which can be used to add settings to the
+application manager's config file, such as:
 
 \badcode
 containers:
@@ -183,79 +188,76 @@ containers:
 The \c process container accepts the following configuration settings:
 
 \table
-\header
-  \li Name
-  \li Type
-  \li Description
-\row
-  \target control group mapping
-  \li \c controlGroups
-  \li object
-  \li A two-stage mapping object to allow for more readable code when dealing with cgroups from the
-      System-UI via Container::controlGroup. The top-level keys are readable group names
-      that are used to interface Container::controlGroup, while the values are themselves
-      maps between multiple low-level cgroup sub-system names and the actual cgroup names within
-      those sub-systems, e.g.:
-
-\badcode
-controlGroups:
-  foreGround:
-    memory: mem1
-    cpu: cpu_full
-  backGround:
-    memory: mem2
-    cpu: cpu_minimal
-\endcode
-
-\row
-  \li \c defaultControlGroup
-  \li string
-  \li The default control group for an application when it is first launched.
+  \header
+    \li Settings Name
+    \li Type
+    \li Description
+  \row
+    \target control group mapping
+    \li \c controlGroups
+    \li object
+    \li A two-stage mapping object to allow for more readable code when dealing with \c cgroups
+        from the System UI via Container::controlGroup. The top-level keys are readable group names
+        that are used to interface with Container::controlGroup. The values themselves are maps
+        between multiple low-level \c cgroup sub-system names and the actual \c cgroup names within
+        those sub-systems, such as:
+
+    \badcode
+    controlGroups:
+      foreGround:
+        memory: mem1
+        cpu: cpu_full
+      backGround:
+        memory: mem2
+        cpu: cpu_minimal
+    \endcode
+
+  \row
+    \li \c defaultControlGroup
+    \li string
+    \li The default control group for an application when it is first launched.
 \endtable
 
-For other container plugins, please consult the respective documentation.
-
+For other container plugins, refer to their respective documentation.
 
+\target container-selection
 \section1 Container Selection Configuration
 
-There are multiple ways to control which container integration is used when
-starting an application from within the application-manager:
+When you start an application from within the application manager, there are multiple ways to
+control which container integration is used:
 
 \list 1
-\li If the config file does not contain the key \c containers/selection, the container integration
-    id will default to \c process
-
-\li If the aforementioned key exists, its contents will be parsed as a list of maps, where each map
-    only has a single mapping (this is a bit awkward, but needed to preserve the order of the
-    mappings). Each key is interpreted as a standard Unix wildcard expression that will be matched
-    against the application id.
-    The first match will stop this algorithm and the mapping's value will be used as the container
-    integration id. If no matches are found, the resulting containter integration id will be the
-    empty string.
-
-\badcode
-containers:
-  selection:
-  - com.pelagicore.*: "process"
-  - com.navigation: "special-container"
-  - '*': "softwarecontainers"  # a single asterisk needs to be quoted
-\endcode
-
-
-\li Afterwards, if the System-UI did set the ApplicationManager::containerSelectionFunction property
-    to a valid JavaScript function, this function will be called with the first parameter set to the
-    application's id and the second parameter set to the container integration id that resulted from
-    step 1 and 2.
-
-\badcode
-ApplicationManager.containerSelectionFunction = function(appId, containerId) {
-    var app = ApplicationManager.application(appId)
-    if (app.capabilities.indexOf("non-secure") != -1)
-        return "process"
-    else
-        return containerId
-}
-\endcode
+  \li If the config file does not contain the \c containers/selection key, the container
+      integration ID defaults to \c process.
+  \li If the \c containers/selection key exists, its contents are parsed as a list of maps, where
+      each map has a single mapping only. While this single mapping is awkward, it is necessary to
+      preserve the order of the mappings. Each key is interpreted as a standard Unix wildcard
+      expression that is matched against the application ID. The first match stops the algorithm
+      and the mapping's value is used as the container integration ID. If no matches are found,=
+      the resulting containter integration ID is an empty string.
+
+    \badcode
+    containers:
+      selection:
+      - com.pelagicore.*: "process"
+      - com.navigation: "special-container"
+      - '*': "softwarecontainers"  # a single asterisk needs to be quoted
+    \endcode
+
+  \li Afterwards, if the System UI did set the ApplicationManager::containerSelectionFunction
+      property to a valid JavaScript function, this function is called with the first parameter set
+      to the application's ID and the second parameter set to the container integration ID that
+      resulted from step 1 and 2.
+
+    \badcode
+    ApplicationManager.containerSelectionFunction = function(appId, containerId) {
+        var app = ApplicationManager.application(appId)
+        if (app.capabilities.indexOf("non-secure") != -1)
+            return "process"
+        else
+            return containerId
+    }
+    \endcode
 \endlist
 
 */
author	Kavindra Palaraja <kpalaraja@luxoft.com>	2019-03-26 11:21:57 +0100
committer	Robert Griebl <robert.griebl@pelagicore.com>	2019-04-02 09:19:05 +0000
commit	af68559f1796475a896ffead313b2362267b1570 (patch)
tree	e0324240ad1c42d9a31200a3a5d5f39d2bfc80be /doc/container.qdoc
parent	650d7718aac9c4aa335883d8a1ee4d2e46ce52b5 (diff)