Requirements#
Launching Processes#
Support for launching processes
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for launching Processes. |
|||||
Process dependency handling
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for ordering the launching of Processes based on the dependencies. |
|||||
Launching processes in parallel
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for launching Processes in parallel. |
|||||
Control interface support
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support to wait for configurable custom conditions, which can be signaled from applications via Control Interface. |
|||||
Forward process information
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support to pass the output of one or multiple Processes as input arguments to another process. |
|||||
Handling process args
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for launching a process with a given set of arguments. |
|||||
Launching process in debug mode
|
status: invalid
security: NO
safety: QM
|
||||
The Launch Manager shall provide support for launching process with a given set of debug arguments in debug mode. |
|||||
Launching process in state waiting for a debugger connection
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for launching a process in a state waiting for a debugger connection. |
|||||
Process user, group IDs support
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for launching a process with a given UID/GID (user name/Group Identifier). |
|||||
Process priority support
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for launching a process with a given priority. |
|||||
CWD support
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for launching a process with a given Working Directory. |
|||||
Launching terminal
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for launching a terminal or a session leader. |
|||||
Standard handle redirection
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for stdin, stdout, stderr redirection. |
|||||
Non-root support
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support to be started with security policy as non-root. |
|||||
Configurable amount of retries
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall support a configurable amount of retries in case error occurs during startup of a component (e.g. file not available) occurs. |
|||||
Process capability support
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for launching Processes with configured OS-specific capabilities and privileges. |
|||||
File descriptor inheritance support
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for launching a process with given File Descriptor inheritance restrictions. |
|||||
Security policy support
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for launching a process with a given security policy. |
|||||
Supplementary group support
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for launching a process with a given set of supplementary groups. |
|||||
Scheduling support
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for launching a process with certain scheduling policy. |
|||||
CPU runmask support
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for launching a process with a given runmask. |
|||||
ASLR support
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for launching process with ASLR (Address Space Layout Randomization). |
|||||
Resource limit support
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for launching a process with a given set of system resource limits (rlimit). |
|||||
Process detach from parent support
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for launching a process to detach from parent. |
|||||
Conditional Launching#
Conditional launching
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide launching processes based on conditions. |
|||||
Conditionally launch of processes
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support to conditionally start a process or process group based on the return value of a single or multiple Processes executed before. |
|||||
Condition timeout
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for per condition configurable total wait time for launch conditions to be satisfied. |
|||||
Conditional launch polling interval
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for per condition configurable Polling Interval for launch conditions to be checked. |
|||||
Pre-start validation
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall be able to validate the pre-start conditions of the executable using the conditions. |
|||||
post-start validation
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall be able to validate the start of the executable using the conditions. |
|||||
Launched Process status
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide a way to store the status of the launched process. |
|||||
Condition check based on status
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide a method for condition check based on process state. |
|||||
Configuration of action based on condition evaluation
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide a way to configure actions based on condition evaluation i.e. to be able to configure SUCCESS and FAILURE case. |
|||||
Condition check based on path
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide a method for condition check for a path. |
|||||
Condition check based on ENV
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide a method for condition check for environment variable. |
|||||
Condition check based on all dependency
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide a method to check if all dependencies have been executed. |
|||||
Condition check based on at least one dependency
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide a method to check if at least one dependency has been executed. |
|||||
Condition check for each SWC its dependencies
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide a way to define for each SWC (Software Components), its dependencies. |
|||||
Condition check for each SWC its stop sequence
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide a way to define the stop sequence for each SWC (Software Components). |
|||||
Process Management#
Process adoption
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall be able to adopt already running Processes. |
|||||
Dropping process responsibility
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support to dropping all surveillance and failure reaction activities of Processes. |
|||||
Multiple instance of executable
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall permit an executable to be launched more than once. |
|||||
Invalid dependency
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall reject an inconsistent definition of set of executables dependencies. |
|||||
Dangling dependency
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall be able to stop a process when all it’s dependents are stopped if specified in the set of executables. |
|||||
Coordination stop dependency
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall permit the stop order of non-dependent processes to be specified. |
|||||
OCI Compliant
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall be compliant to the OCI Specification v1.2.0. |
|||||
Run targets#
Run target support
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for run targets to define collections of Processes that can be launched together. |
|||||
Launching run target
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall be able to start a named Run target. |
|||||
Switch between run targets
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall be able to switch between different run targets. |
|||||
Process state
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall have a means for the launched Processes to communicate a state, which represents the launched processes’ internal state, to the launcher. |
|||||
Terminating Processes#
Stop timeout
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for configurable timeout Interval to wait for the process to be stopped. |
|||||
Terminating process
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for terminating Processes. |
|||||
Handling process dependency in termination
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall terminate the Processes based on the dependency order. |
|||||
Configurable delay between SIGTERM and SIGKILL
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The time to wait, before SIGKILL is sent shall be configurable. In case “0” is stated, the SIGKILL shall be sent immediately. |
|||||
Normal shutdown
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall support normal shutdown by terminating all process in the dependency order. |
|||||
Slow shutdown
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall support slow shutdown by terminating the Processes in the dependency order. |
|||||
Fast shutdown
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall support fast shutdown by terminating itself without affecting the started Processes. |
|||||
Launch Manager shutdown
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall exit after performing shutdown operation by stopping all the Processes it owns in the dependency order when requested. |
|||||
Shutdown signal handling
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall implement a shutdown by sending a SIGTERM to the process. In case the process does not terminate itself, a SIGKILL shall be sent. |
|||||
Control Interface#
Control commands
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for commands to control component states. |
|||||
Query commands
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for commands to query component states. |
|||||
Report "started/running/degraded"
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall be able to report status on components via the Control Interface. Note: status can be “started/running/degraded” - refer to documentation for details |
|||||
Request run target launch
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall be able to start a named Run target respecting the dependencies when requested. |
|||||
Monitoring, Notification and Recovery#
Process crash monitoring
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for monitoring abnormal termination of Processes. |
|||||
Process state notification
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for external monitors to get notified on process life status. |
|||||
Recovery action
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall support Recovery Action for the abnormally terminated Processes. |
|||||
Run target switch as recovery action
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall support switching to a different Run target as recovery action in case a single process terminated abnormally or lost its Liveliness. |
|||||
Monitoring and recovery: watchdog support
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall support a smart Watchdog, configurable per process. |
|||||
Monitoring and recovery: recovery wait time
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for configurable wait time that shall elapse before repeating Recovery Action. |
|||||
Monitoring and recovery: adopted process monitoring
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for monitoring adopted Processes. |
|||||
Process launch monitoring
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall be able to detect and react to failure of the process launch. |
|||||
Process liveliness detection
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall be able to detect and react to loss of Liveliness of the Processes it owns. |
|||||
Process monitoring
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall monitor the state of the Processes as specified by the set of executables. |
|||||
Recovery
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall be able to react to a process failure by optionally performing one of relaunching the process, stopping the process, stopping the process and starting another process, or triggering QNX Operating System (QOS) Device Safe State (DSS). |
|||||
Multi-instance
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall be able to run in multiple instances with its own configurations on a system. |
|||||
Launch manager self health check
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall implement time based cyclical monitoring of itself. |
|||||
Launch manager external watchdog notification
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall trigger a notification to an external Watchdog for each successful self monitoring test execution. |
|||||
Launch manager external watchdog notification - failed test
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall not trigger an external Watchdog notification if an internal health check failed. |
|||||
Launch manager external monitoring configuration
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall support configuring the Interval of the internal health check executions. |
|||||
Logging#
Logging slog2 and file support
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall support OS specific logging facilities to analyze the early boot sequence. |
|||||
Logging state transitions
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for logging process launches, Processes exit/recovery, internal tasks, and interaction with external monitor. |
|||||
Logging timestamp
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager logs shall contain timestamp information. |
|||||
Logging DAG
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide the possibility to log the DAG in a human readable format, triggered via Control Interface. |
|||||
Configuration dependency view
|
status: invalid
security: NO
safety: QM
|
||||
The Launch Manager shall have the means to log the current dependencies in a format that can be visualized when requested. |
|||||
Configuration file#
Configuration file support
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The launch manager shall provide modular configuration file support to configure process attributes. |
|||||
Runtime configuration compliance
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The launch manager shall provide modular configuration files support for configurations coming from OCI runtime configuration<https://github.com/opencontainers/runtime-spec/blob/v1.2.0/config.md>. |
|||||
Updating configuration
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support for extending already running session with additional new configuration file. |
|||||
Module support
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall provide support to clustering set of components as modules. |
|||||
Global process properties
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall be able to centrally define defaults for specific properties for the set of executables. |
|||||
Lazy check of configured commands
|
status: invalid
security: NO
safety: ASIL_B
|
||||
The Launch Manager shall check availability of executables in the filesystem only when the executable shall required to be executed. |
|||||
Configuration Dependency view
|
status: invalid
security: NO
safety: QM
|
||||
The Launch Manager shall have the means to generate the specified dependencies in a format that can be visualized. |
|||||
Configuration Verification tool
|
status: invalid
security: NO
safety: QM
|
||||
The Launch Manager shall have a means to validate the configuration offline. |
|||||