doff

tested on Odroid XU4 with armbian bullseyes # uname -a Linux thor 5.4.225-odroidxu4 #22.11.1 SMP PREEMPT Wed Nov 30 10:55:16 UTC 2022 armv7l GNU/Linux # cat /etc/armbian-release # PLEASE DO NOT EDIT THIS FILE BOARD=odroidxu4 BOARD_NAME="Odroid XU4" BOARDFAMILY=odroidxu4 BUILD_REPOSITORY_URL=https://github.com/armbian/build BUILD_REPOSITORY_COMMIT=84940abbbe3d VERSION=22.11.1 LINUXFAMILY=odroidxu4 ARCH=arm IMAGE_TYPE=stable BOARD_TYPE=conf INITRD_ARCH=arm KERNEL_IMAGE_TYPE=Image BRANCH=current I've added in /boot/boot.ini # activate selinux setenv extraargs "selinux=1 security=selinux" before line # final boot args setenv bootargs "${bootrootfs} ${videoconfig} smsc95xx.macaddr=${macaddr} governor=${governor} ${hdmi_phy_control} usb-storage.quirks=${usbstoragequirks} ${extraargs}" and rebooted. After reboot : root~# getenforce Permissive

mmmm, this worth trying :

I'm facing the same issue with my armbian XU4 bullseyes. I've noticed in the /boot/config-5.4.225-odroidxu4 file, that there are multiple security modules compiled in the kernel $ grep SECURITY /boot/config-5.4.225-odroidxu4 ONFIG_SECURITY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_PATH=y CONFIG_SECURITY_SELINUX=y CONFIG_SECURITY_SELINUX_BOOTPARAM=y # CONFIG_SECURITY_SELINUX_DISABLE is not set CONFIG_SECURITY_SELINUX_DEVELOP=y CONFIG_SECURITY_SELINUX_AVC_STATS=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 CONFIG_SECURITY_SMACK=y # CONFIG_SECURITY_SMACK_BRINGUP is not set CONFIG_SECURITY_SMACK_NETFILTER=y CONFIG_SECURITY_SMACK_APPEND_SIGNALS=y CONFIG_SECURITY_TOMOYO=y CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 # CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init" CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init" # CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING is not set CONFIG_SECURITY_APPARMOR=y CONFIG_SECURITY_APPARMOR_HASH=y CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y # CONFIG_SECURITY_APPARMOR_DEBUG is not set # CONFIG_SECURITY_LOADPIN is not set CONFIG_SECURITY_YAMA=y CONFIG_SECURITY_SAFESETID=y CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y # CONFIG_DEFAULT_SECURITY_SELINUX is not set # CONFIG_DEFAULT_SECURITY_SMACK is not set # CONFIG_DEFAULT_SECURITY_TOMOYO is not set CONFIG_DEFAULT_SECURITY_APPARMOR=y # CONFIG_DEFAULT_SECURITY_DAC is not set I see SElinux, AppArmor, Smack and Tomoyo. But if you look at the last lines, it seems that the default security module loaded, is AppArmor. I remember that the choice of the security module can be done by adding the parameter security= in the boot line. I haven't tested it, because I'm a bit lost on "how to change this parameter" for the XU4. Would it be in the /boot/boot.ini ? I do not see where. In the initrd ? How to update this ?