I am trying to update the RTC through an application running in container.
The host operating system is TorizonCore (torizon-core-docker-apalis-imx6-Tezi_5.4.0+build.10) and I’ve done several tests with “hwclock” command (by console in the host OS) and I hav’nt been able to access write the RTC (at least if I use “sudo”).
I’m using an Apalis imx6Q 2GB IT, V1.1C
I test de setting system clock on boot, it’s ok:
apalis-imx6-10838922:~$ dmesg | grep rtc
[ 1.536308] imx-drm display-subsystem: bound imx-ipuv3-crtc.2 (ops ipu_crtc_ops)
[ 1.536410] imx-drm display-subsystem: bound imx-ipuv3-crtc.3 (ops ipu_crtc_ops)
[ 1.536531] imx-drm display-subsystem: bound imx-ipuv3-crtc.6 (ops ipu_crtc_ops)
[ 1.536641] imx-drm display-subsystem: bound imx-ipuv3-crtc.7 (ops ipu_crtc_ops)
[ 1.650936] rtc-ds1307 0-0068: registered as rtc0
[ 1.652797] snvs_rtc 20cc000.snvs:snvs-rtc-lp: registered as rtc1
[ 2.467024] rtc-ds1307 0-0068: setting system clock to 2015-01-31T11:15:17 UTC (1422702917)
I can’t access to write the RTC:
apalis-imx6-10838922:~$ hwclock -w
hwclock: Cannot access the Hardware Clock via any known method.
hwclock: Use the --verbose option to see the details of our search for an access method.
I change the file /dev/rtc0 access for user Torizon:
apalis-imx6-10838922:~$ sudo chgrp torizon /dev/rtc0
apalis-imx6-10838922:~$ sudo chmod 777 /dev/rtc0
apalis-imx6-10838922:~$ ls -l /dev/rtc*
lrwxrwxrwx 1 root root 4 Jan 31 11:15 /dev/rtc -> rtc0
crwxrwxrwx 1 root torizon 253, 0 Jan 31 11:15 /dev/rtc0
crw------- 1 root root 253, 1 Jan 31 11:15 /dev/rtc1
And now the respose is:
apalis-imx6-10838922:~$ hwclock -w
hwclock: ioctl(RTC_SET_TIME) to /dev/rtc0 to set the time failed: Permission denied
but, if I use
apalis-imx6-10838922:~$ sudo hwclock -w
I get the writing I expected.
The questions is, what is the correct way to change the RTC value in the host for Torizon user? And now, how to transmitt this propertie to an containerized app?
This text will be hidden
First of all what is your use-case, or goal here? Is it dynamically set the RTC from within a container? Or are you just trying to do this once outside of the container? Are you sure you need to set the RTC itself or maybe you just need to set the system time?
Also as a side-note, generally in most Linux distributions accessing the RTC via
hwclock typically requires root/sudo privileges. That is to say TorizonCore following this behavior is not uncommon in Linux.
Thanks for your answer!
My goal is to dynamically set the RTC inside a container as you describe. My first aproach was to access from the host operating system, to later understand how to access from the container.
Just to make sure I understand your system model here then.
- Your application will run in a container,
- This application will take some kind of input to change the time on the system to some new time
- Your application will take this input and change the RTC to the new value.
Is this more or less what you’re aiming for?
Furthermore, is it really the RTC you want to change or just the system-time? Will your system be turned off or lose power while it is running? In which case it would make sense why you want to set the RTC to save this value.
The reason I ask all this is because time changing/manipulation in a container is not the most straightforward of tasks. Which is why I wanna make sure we approach this the right way to avoid unneeded complexity.
It is exactly as you describe it. Our system run a UI that can update the system time and , In some case, the device loses power and must retain the date and time value.
With the information you provided it definitely sounds like you need RTC access inside a container then. RTC inside a container is possible, but keep in mind that you’ll of course need to give such a container elevated privileges and access as is typical with trying to access something like RTC.
I have a couple of methods here to access RTC from a container:
- First of all whichever method you do you should probably stop the auto-sync between system time and RTC time otherwise any time changes you do will be promptly overwritten by this syncing mechanism. This can be disabled with:
sudo timedatectl set-ntp false. You want to run this outside of a container so it affects the system as a whole.
- First method run any container with the following arguments:
docker run --privileged -v /dev:/dev <IMAGE NAME>
- While this method does work it requires you to run the entire container with high privileged access which is not desirable in a lot of cases.
- Second method:
docker run --security-opt seccomp:unconfined --cap-add SYS_TIME /dev:/dev --device-cgroup-rule='c 253:* rmw' <IMAGE NAME>
- This also has you run a container with higher than usual privileges but not as much as the first method. Meaning security-wise it’s better in that sense.
- Both of the above methods however, do require you to be the root user inside the container. It’s unknown to use at the moment if there’s a way around this.
These are the methods we know about that allow RTC access inside a container. These probably aren’t the only methods, just the ones we know about and have tried ourselves.
Let me know what you think, or if these methods for some reason don’t work for your use-case.