New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Build scripts? #5
Comments
selinux modules, logging commands run (as root)In reading With fedora-arm-image-installer, you can specify Inlined copy of `/root/modules/*.te`[root@mb2 modules]# (for f in *.te; do echo "#### $f ####"; cat "$f"; echo -e "\n"; done)
#### disk1.te ####
module disk1 1.0;
require {
type unlabeled_t;
type local_login_t;
class file read;
}
#============= local_login_t ==============
allow local_login_t unlabeled_t:file read;
#### mod1.te ####
module mod1 1.0;
require {
type iptables_t;
type kernel_t;
class fifo_file read;
}
#============= iptables_t ==============
allow iptables_t kernel_t:fifo_file read;
#### mod2.te ####
module mod2 1.0;
require {
type systemd_logind_t;
type unlabeled_t;
type system_dbusd_t;
type systemd_hostnamed_t;
type systemd_localed_t;
type xdm_t;
class file { getattr open read };
}
#============= system_dbusd_t ==============
allow system_dbusd_t unlabeled_t:file { getattr open };
#============= systemd_hostnamed_t ==============
allow systemd_hostnamed_t unlabeled_t:file { getattr open read };
#============= systemd_localed_t ==============
allow systemd_localed_t unlabeled_t:file { getattr open read };
#============= systemd_logind_t ==============
allow systemd_logind_t unlabeled_t:file { getattr open read };
#============= xdm_t ==============
allow xdm_t unlabeled_t:file { getattr open read };
#### mod4.te ####
module mod4 1.0;
require {
type initrc_t;
type policykit_auth_t;
type init_t;
type chkpwd_t;
type unconfined_service_t;
type policykit_t;
type user_devpts_t;
class process { noatsecure rlimitinh siginh };
class chr_file { read write };
}
#============= chkpwd_t ==============
allow chkpwd_t user_devpts_t:chr_file { read write };
#============= init_t ==============
allow init_t initrc_t:process siginh;
allow init_t unconfined_service_t:process siginh;
#============= policykit_t ==============
allow policykit_t policykit_auth_t:process { noatsecure rlimitinh siginh };
#### mod5.te ####
module mod5 1.0;
require {
type chkpwd_t;
type unconfined_t;
type unlabeled_t;
type xdm_t;
class file { getattr open read };
class process noatsecure;
}
#============= xdm_t ==============
allow xdm_t chkpwd_t:process noatsecure;
allow xdm_t unconfined_t:process noatsecure;
#!!!! This avc is allowed in the current policy
allow xdm_t unlabeled_t:file { getattr open read };
#### mod6.te ####
module mod6 1.0;
require {
type rpm_var_lib_t;
type xdm_t;
type unlabeled_t;
type init_t;
type chkpwd_t;
type unconfined_t;
type abrt_t;
class dir mounton;
class process { noatsecure rlimitinh siginh };
class file write;
}
#============= abrt_t ==============
allow abrt_t rpm_var_lib_t:file write;
#============= init_t ==============
allow init_t chkpwd_t:process siginh;
allow init_t unconfined_t:process siginh;
allow init_t unlabeled_t:dir mounton;
#============= xdm_t ==============
#!!!! This avc is allowed in the current policy
allow xdm_t chkpwd_t:process noatsecure;
allow xdm_t chkpwd_t:process { rlimitinh siginh };
#!!!! This avc is allowed in the current policy
allow xdm_t unconfined_t:process noatsecure;
allow xdm_t unconfined_t:process siginh;
#### mod8.te ####
module mod8 1.0;
require {
type unlabeled_t;
type groupadd_t;
type useradd_t;
class file read;
}
#============= groupadd_t ==============
allow groupadd_t unlabeled_t:file read;
#============= useradd_t ==============
allow useradd_t unlabeled_t:file read;
#### mod9.te ####
module mod9 1.0;
require {
type session_dbusd_tmp_t;
type systemd_logind_t;
class sock_file unlink;
}
#============= systemd_logind_t ==============
allow systemd_logind_t session_dbusd_tmp_t:sock_file unlink;
I think
Boot configSearch terms:
Rockchip docs:
fedora-arm-image-installerhttps://pagure.io/arm-image-installer/blob/master/f/arm-image-installer
how to dd u-boot for rk3399 devices
manjaro-arm-tools
pbp-uboot: U-Boot with Pinebook Pro support patches"U-Boot with pinebook pro support patches"
debian u-boot packageThe debian u-boot changelog mentions "pinebookpro" and "rk3399":
fedora uboot-images-armv8Source: https://apps.fedoraproject.org/packages/uboot-tools Changelog: https://apps.fedoraproject.org/packages/uboot-images-armv8/changelog/ :
Package Build Spec: https://apps.fedoraproject.org/packages/uboot-images-armv8/sources/spec/ pinebook-pro files in https://fedora.pkgs.org/32/fedora-aarch64/uboot-images-armv8-2020.04-2.fc32.noarch.rpm.html :
rockchip U-Boot Custodian Tree
rockchip-linuxhttps://github.com/rockchip-linux/u-boot/tree/next-dev/board/rockchip kernel args
|
https://pagure.io/arm-image-installer/issue/52#comment-658679 suggests:
|
Wondering how much of these setup scripts can be used for the Pinebook Pro? Is this script all that's specific to the PinePhone? |
I copy/paste together a script that is working. It is nice if somone can help testing. |
Hey are those selinux modules (from |
Are there build scripts for this?
The text was updated successfully, but these errors were encountered: