Drakoh

Members
  • Content Count

    37
  • Joined

  • Last visited


Reputation Activity

  1. Like
    Drakoh reacted to zador.blood.stained in APPARMOR kernel support/enablement (for SNAPD)   
    After 5 minutes on existing Ubuntu Xenial installation with default (untouched sun8i-dev) kernel config
    root@orangepiplus2e:~# sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: default Current mode: permissive Mode from config file: permissive Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 30 From shell history:
    apt install policycoreutils selinux-basics selinux-policy-default auditd selinux-activate vi /boot/armbianEnv.txt # add a line: extraargs=selinux=1 security=selinux # this is needed with stock config where security is unset and SElinux is disabled by default Then reboot and wait for some time, SElinux relabeling task will be running and the board will reboot again.
    Please make a backup or ensure you can access your filesystem in case anything goes wrong.
  2. Like
    Drakoh got a reaction from cpwtech in Kernel 4.1 or newer for Orange Pi PC   
    @cpwtech you can always create an Ubuntu 16.04 VM with KVM or VirtualBox. From there, the build script will do all the hard work.
    4.10 runs happily on my OpiPC.
  3. Like
    Drakoh got a reaction from lanefu in Setting onboard LEDs with rc.local or systemd   
    I'd like to add another method which I found "cleaner" and "easier".
    Debian provides an easy way to set sysfs values after reboot via the /etc/sysfs.conf file and the /etc/sysfs.d/ directory.
    (This is basically the same as the relation between the /proc/sys and sysctl.conf and sysctl.d.)
     
    My use-case:
    I wanted to set the red light on my OpiPC to the heartbeat effect.
    This can be set manually with:
    # echo heartbeat > /sys/class/leds/orangepi\:red\:status/trigger The sysfs files format is really simple:
    # the path omits the /sys/ path/to/the/settings = value So all I had to do was:
    # echo "class/leds/orangepi\:red\:status/trigger = heartbeat" > /etc/sysfs.d/red_led.conf One can modify the sysfs.conf itself, but it's more pluggable/manageable via .conf files under the sysfs.d directory.
  4. Like
    Drakoh reacted to davidahoward in APPARMOR kernel support/enablement (for SNAPD)   
    OK - with some help from a colleague we have this working now...
     
    into the 'armbian/userpatches' folder, I copied 'linux-sun8i-default.config' and 'linux-sun8i-dev.config' (from armbian/lib/config/kernel/)
     
    then added the following to the end of the file:
     
    #!dh
    CONFIG_SECURITY=y
    CONFIG_SECURITYFS=y
    CONFIG_SECURITY_APPARMOR=y
    CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
    CONFIG_DEFAULT_SECURITY_APPARMOR=y
    CONFIG_DEFAULT_SECURITY="apparmor"
    CONFIG_SECCOMP=y
    CONFIG_SECCOMP_FILTER=y
    #!dh
     
    (not sure this is exactly how it's supposed to be done - but the result was good...)
     
    ....
     
    root@bananapim2plus:/home/dhoward# snap list
    Name         Version  Rev  Developer  Notes
    core         16.04.1  645  canonical  -
    hello-world  6.3      27   canonical  -
     
    root@bananapim2plus:/home/dhoward# /snap/bin/hello-world
    Hello World!
    root@bananapim2plus:/home/dhoward# /snap/bin/hello-world.evil
    Hello Evil World!
    This example demonstrates the app confinement
    You should see a permission denied error next
     
    /snap/hello-world/27/bin/evil: 9: /snap/hello-world/27/bin/evil: cannot create /var/tmp/myevil.txt: Permission denied
  5. Like
    Drakoh reacted to tkaiser in Custom Kernel   
    That's why this commit implemented a 'per $LINUXFAMILY' override, eg. userpatches/sources/sun7i.conf
  6. Like
    Drakoh reacted to Code4Sale LLC in Support of Raspberry Pi   
    I suppose developing for the Raspberry Pi would seem like a step backwards, however, there I would think there would be some real benefits that might reap some huge rewards.
     
    When looking at the download list, I was impressed. And the second thing I looked for was a distro for the RasPi. It was missing. oh!
     
    I would think that RasPi org would work with you, assist you, and put your distro on the main page. Wow. That's a pretty large sign to put up, with lots of spotlights for the project.
     
    I could be wrong about that (getting help and assistance), and of that was the case, it sure would make a great story to tell.
     
    Having a RasPi disto would be very cool. I think most folks coming here probably have more than one board, and whatever boards you do have, I would bet one is a RasPi, and you use it as a benchmark to measure everything else against. With that, I would like to use armbain to bench with!
     
    So while dev'ing for a RasPi might not be a lot of fun, I do see a RasPi distro as essential, both as a benchmark, and for the shear publicity that would be derived from it.
     
    I also understand that there is only so much that everyone involved can take on, and for that, I am very thankful.
     
    And thank you for the time, space, and freedom to post an opinion!
     
    Thank you for being free (as in cost and open-source). and I urge folks to remember, it's not really free (as is cost), it is a "gift" of time, labor, love, and expense! Please support "free" software.
     
    In ending, please consider making the donation button larger, with a little more verbiage to entice folks to push the button, and consider adding more buttons that link to more ways to support the effort. 
     
    Who knows, given a "Google Pay" button, even I might press it!
     
    Thanks again,
     
    Joe
  7. Like
    Drakoh got a reaction from Bugg69s in PLS HELP   
    Hi there.
    Could you please describe you problem as much as you can?
    How did you burn the image to the sdcard?
    Do you have console access to your board?
     
    Normally you wouldn't have to press anything. Burn the image to the sdcard, boot from it, log in via SSH.
  8. Like
    Drakoh got a reaction from slinde in Setting onboard LEDs with rc.local or systemd   
    I'd like to add another method which I found "cleaner" and "easier".
    Debian provides an easy way to set sysfs values after reboot via the /etc/sysfs.conf file and the /etc/sysfs.d/ directory.
    (This is basically the same as the relation between the /proc/sys and sysctl.conf and sysctl.d.)
     
    My use-case:
    I wanted to set the red light on my OpiPC to the heartbeat effect.
    This can be set manually with:
    # echo heartbeat > /sys/class/leds/orangepi\:red\:status/trigger The sysfs files format is really simple:
    # the path omits the /sys/ path/to/the/settings = value So all I had to do was:
    # echo "class/leds/orangepi\:red\:status/trigger = heartbeat" > /etc/sysfs.d/red_led.conf One can modify the sysfs.conf itself, but it's more pluggable/manageable via .conf files under the sysfs.d directory.