On 5/14/21 9:40 AM, Brian Hutchinson
wrote:
Hi,
Pretty new to selinux. I've worked through a lot of issues
to get this far but am stumped at the moment so any pointers,
clues are appreciated.
I'm trying to add selinux to my custom image. After
running into problems, I decided it was best to start with
building core-image-selinux for my NXP imx8mm-evk board as a
reference for getting my custom image to work.
I'm using fscl-community-bsp meta-freescale Dunfell release
which is building a 5.4.114 kernel.
My first issues were getting kernel config options right
(.config attached). I kept booting my rootfs and sestatus
would result in selinux not being enabled.
After getting kernel config somewhat worked out, then I
started getting either boot loops or locked out.
I'll stay focused on my core-image-selinux image as
hopefully if I can get it working it will help me get my
custom image working too.
Here is my last iteration of my local.conf that results in
me not being able to log in. With core-image-selinux image,
it freezes before it gets to login prompt. On my custom
image, I get log in prompt but when I try to log in a root I
get audit messages and dropped back to login prompt.
local.conf for core-image-selinux:
MACHINE
??= 'imx8mmevk'
DISTRO ?= 'poky'
PACKAGE_CLASSES ?= 'package_rpm'
EXTRA_IMAGE_FEATURES ?= "debug-tweaks"
DISTRO_FEATURES_remove = " sysvinit"
DISTRO_FEATURES_append += " acl xattr pam selinux systemd"
VIRTUAL-RUNTIME_init_manager = "systemd"
DISTRO_FEATURES_BACKFILL_CONSIDERED = ""
PREFERRED_PROVIDER_virtual/refpolicy ?= "refpolicy-mls"
You can try refpolicy-mcs or refpolicy-targeted. The mls policy
doesn't work for systemed on dunfell.
//Yi
USER_CLASSES ?= "buildstats
image-mklibs image-prelink"
IMAGE_FSTYPES += " tar.bz2 ext4 wic.bz2 wic.bmap"
PATCHRESOLVE = "noop"
BB_DISKMON_DIRS ??= "\
STOPTASKS,${TMPDIR},1G,100K \
STOPTASKS,${DL_DIR},1G,100K \
STOPTASKS,${SSTATE_DIR},1G,100K \
STOPTASKS,/tmp,100M,100K \
ABORT,${TMPDIR},100M,1K \
ABORT,${DL_DIR},100M,1K \
ABORT,${SSTATE_DIR},100M,1K \
ABORT,/tmp,10M,1K"
PACKAGECONFIG_append_pn-qemu-system-native = " sdl"
CONF_VERSION = "1"
DL_DIR ?= "${BSPDIR}/downloads/"
ACCEPT_FSL_EULA = "1"
At first I did not have
DISTRO_FEATURES_remove = " sysvinit" or any systemd
settings. This is when I started getting boot loops as
described here:
The board would boot
and I'd get tons of these "/sbin/restorecon: Could
not set context for " bla, bla, bla "Read-only file system" messages ... but then
I'd get a login prompt and I'd be able to log in as root and
run sestatus:
Poky (Yocto Project
Reference Distro) 3.1.7 imx8mmevk ttymxc1
imx8mmevk login: root
root@imx8mmevk:~# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: mcs
Current mode: permissive
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: requested (insecure)
Max kernel policy version: 31
... and added the DISTRO_FEATURES_remove = " sysvinit" and
other systemd commands to my local.conf above since the "boot
loop" link above talked about issues with sysvinit etc.
This left me with a boot that looks like this for my
core-image-selinux build ... which locks up:
[ 0.000000] Dentry cache hash
table entries: 262144 (order: 9, 2097152 bytes, linear)
[ 0.000000] Inode-cache hash table entries: 131072
(order: 8, 1048576 bytes, linear)
[ 0.000000] mem auto-init: stack:off, heap alloc:off,
heap free:off
[ 0.000000] Memory: 1336216K/2064384K available
(16508K kernel code, 1234K rwdata, 6480K rodata, 2880K
init, 1038K bss, 72808K reserved, 655360K cma-reserved)
[ 0.000000] SLUB: HWalign=64, Order=0-3,
MinObjects=0, CPUs=4, Nodes=1
[ 0.000000] rcu: Preemptible hierarchical RCU
implementation.
[ 0.000000] rcu: RCU restricting CPUs from
NR_CPUS=256 to nr_cpu_ids=4.
[ 0.000000] Tasks RCU enabled.
[ 0.000000] rcu: RCU calculated value of
scheduler-enlistment delay is 25 jiffies.
[ 0.000000] rcu: Adjusting geometry for
rcu_fanout_leaf=16, nr_cpu_ids=4
[ 0.000000] NR_IRQS: 64, nr_irqs: 64, preallocated
irqs: 0
[ 0.000000] GICv3: GIC: Using split EOI/Deactivate
mode
[ 0.000000] GICv3: 128 SPIs implemented
[ 0.000000] GICv3: 0 Extended SPIs implemented
[ 0.000000] GICv3: Distributor has no Range Selector
support
[ 0.000000] GICv3: 16 PPIs implemented
[ 0.000000] GICv3: no VLPI support, no direct LPI
support
[ 0.000000] GICv3: CPU0: found redistributor 0 region
0:0x0000000038880000
[ 0.000000] ITS: No ITS available, not enabling LPIs
[ 0.000000] random: get_random_bytes called from
start_kernel+0x2b8/0x43c with crng_init=0
[ 0.000000] arch_timer: cp15 timer(s) running at
8.00MHz (phys).
[ 0.000000] clocksource: arch_sys_counter: mask:
0xffffffffffffff max_cycles: 0x1d854df40, max_idle_ns:
440795202120 ns
[ 0.000003] sched_clock: 56 bits at 8MHz, resolution
125ns, wraps every 2199023255500ns
[ 0.008459] Console: colour dummy device 80x25
[ 0.012580] Calibrating delay loop
(skipped), value calculated using timer frequency.. 16.00
BogoMIPS (lpj=32000)
[ 0.022844] pid_max: default: 32768 minimum: 301
[ 0.027543] LSM: Security
Framework initializing
[ 0.032140] SELinux: Initializing.
[ 0.035681] Mount-cache hash table entries: 4096
(order: 3, 32768 bytes, linear)
[ 0.043062] Mountpoint-cache hash table entries:
4096 (order: 3, 32768 bytes, linear)
[ 0.052070] ASID allocator initialised with 32768 entries
[ 0.056440] rcu: Hierarchical SRCU
implementation.
[ 0.062118] EFI services will not be available.
[ 0.065893] smp: Bringing up secondary CPUs ...
[ 0.070649] Detected VIPT I-cache on CPU1
[ 0.070672] GICv3: CPU1: found
redistributor 1 region 0:0x00000000388a0000
[ 0.070703] CPU1: Booted secondary processor
0x0000000001 [0x410fd034]
[ 0.071102] Detected VIPT I-cache on CPU2
[ 0.071119] GICv3: CPU2: found redistributor 2 region
0:0x00000000388c0000
[ 0.071137] CPU2: Booted secondary processor 0x0000000002
[0x410fd034]
[ 0.071503] Detected VIPT I-cache on CPU3
[ 0.071518] GICv3: CPU3: found redistributor 3 region
0:0x00000000388e0000
[ 0.071533] CPU3: Booted secondary processor 0x0000000003
[0x410fd034]
[ 0.071584] smp: Brought up 1 node, 4 CPUs
[ 0.126889] SMP: Total of 4 processors activated.
[ 0.131608] CPU features: detected: 32-bit EL0 Support
[ 0.136780] CPU features:
detected: CRC32 instructions
[ 0.148803] CPU: All CPU(s) started at EL2
[ 0.150075] alternatives: patching kernel code
[ 0.155994] devtmpfs: initialized
[ 0.163617] clocksource: jiffies: mask: 0xffffffff
max_cycles: 0xffffffff, max_idle_ns: 7645041785100000 ns
[ 0.170570] futex hash table entries: 1024 (order: 4,
65536 bytes, linear)
[ 0.194282] pinctrl core: initialized pinctrl subsystem
[ 0.197368] DMI not present or invalid.
[ 0.200798] NET: Registered protocol family 16
[ 0.212024] DMA: preallocated 256 KiB pool for atomic
allocations
[ 0.215321] audit: initializing netlink subsys (disabled)
[ 0.220974] audit: type=2000 audit(0.160:1):
state=initialized audit_enabled=0 res=1
[ 0.228526] cpuidle: using governor menu
[ 0.232929] hw-breakpoint: found 6 breakpoint and 4
watchpoint registers.
[ 0.240041] Serial: AMBA PL011 UART driver
[ 0.243431] imx mu driver is registered.
[ 0.247320] imx rpmsg driver is registered.
[ 0.256460] imx8mm-pinctrl 30330000.pinctrl: initialized
IMX pinctrl driver
[ 0.277607] HugeTLB registered 1.00 GiB page size,
pre-allocated 0 pages
[ 0.281501] HugeTLB registered 32.0 MiB page size,
pre-allocated 0 pages
[ 0.288221] HugeTLB registered 2.00 MiB page size,
pre-allocated 0 pages
[ 0.294958] HugeTLB registered 64.0 KiB page size,
pre-allocated 0 pages
[ 0.302578] cryptd: max_cpu_qlen set to 1000
[ 0.308925] ACPI: Interpreter disabled.
[ 0.310647] iommu: Default domain type: Translated
[ 0.314984] vgaarb: loaded
[ 0.317796] SCSI subsystem initialized
[ 0.321638] usbcore: registered new interface driver
usbfs
[ 0.326821] usbcore: registered new interface driver hub
[ 0.332166] usbcore: registered new device driver usb
[ 0.338386] mc: Linux media interface: v0.10
[ 0.341521] videodev: Linux video capture interface:
v2.00
[ 0.347069] pps_core: LinuxPPS API ver. 1 registered
[ 0.351999] pps_core: Software ver. 5.3.6 - Copyright
2005-2007 Rodolfo Giometti <giometti@...>
[ 0.361194] PTP clock support registered
[ 0.365250] EDAC MC: Ver: 3.0.0
[ 0.369031] No BMan portals available!
[ 0.372241] QMan: Allocated lookup table at
(____ptrval____), entry count 65537
[ 0.379650] No QMan portals available!
[ 0.383528] No USDPAA memory, no 'fsl,usdpaa-mem' in
device-tree
[ 0.389580] FPGA manager framework
[ 0.392665] Advanced Linux Sound Architecture Driver
Initialized.
[ 0.399103] Bluetooth: Core ver 2.22
[ 0.402325] NET: Registered protocol family 31
[ 0.406776] Bluetooth: HCI device and connection manager
initialized
[ 0.413165] Bluetooth: HCI socket layer initialized
[ 0.418063] Bluetooth: L2CAP socket layer initialized
[ 0.423145] Bluetooth: SCO socket layer initialized
[ 0.428729] clocksource: Switched to clocksource
arch_sys_counter
[ 0.434318] VFS: Disk quotas dquot_6.6.0
[ 0.438147] VFS: Dquot-cache hash table entries: 512
(order 0, 4096 bytes)
[ 0.445173] pnp: PnP ACPI: disabled
[ 0.454071] thermal_sys: Registered thermal governor
'step_wise'
[ 0.454075] thermal_sys: Registered thermal governor
'power_allocator'
[ 0.457567] NET: Registered protocol family 2
[ 0.468500] tcp_listen_portaddr_hash hash table entries:
1024 (order: 2, 16384 bytes, linear)
[ 0.476800] TCP established hash table entries: 16384
(order: 5, 131072 bytes, linear)
[ 0.484830] TCP bind hash table entries: 16384 (order: 6,
262144 bytes, linear)
[ 0.492297] TCP: Hash tables configured (established
16384 bind 16384)
[ 0.498720] UDP hash table entries: 1024 (order: 3, 32768
bytes, linear)
[ 0.505415] UDP-Lite hash table entries: 1024 (order: 3,
32768 bytes, linear)
[ 0.512695] NET: Registered protocol family 1
[ 0.517249] RPC: Registered named UNIX socket transport
module.
[ 0.522882] RPC: Registered udp transport module.
[ 0.527598] RPC: Registered tcp transport module.
[ 0.532323] RPC: Registered tcp NFSv4.1 backchannel
transport module.
[ 0.539172] PCI: CLS 0 bytes, default 64
[ 0.543460] hw perfevents: enabled with armv8_pmuv3 PMU
driver, 7 counters available
[ 0.550860] kvm [1]: IPA Size Limit: 40 bits
[ 0.555419] kvm [1]: GICv3: no
GICV resource entry
[ 0.559628] kvm [1]: disabling GICv2 emulation
[ 0.564099] kvm [1]: GIC system register CPU interface
enabled
[ 0.570004] kvm [1]: vgic interrupt IRQ1
[ 0.573975] kvm [1]: Hyp mode initialized successfully
[ 0.581824] Initialise system trusted keyrings
[ 0.583614] workingset: timestamp_bits=44 max_order=19
bucket_order=0
[ 0.595759] squashfs: version 4.0 (2009/01/31) Phillip
Lougher
[ 0.599368] NFS: Registering the id_resolver key type
[ 0.603857] Key type id_resolver registered
[ 0.608041] Key type id_legacy registered
[ 0.612067] nfs4filelayout_init: NFSv4 File Layout Driver
Registering...
[ 0.618796]
nfs4flexfilelayout_init: NFSv4 Flexfile Layout Driver
Registering...
[ 0.626246] jffs2: version 2.2. (NAND) �© 2001-2006 Red
Hat, Inc.
[ 0.632759] 9p: Installing v9fs 9p2000 file system
support
[ 0.650797] Key type asymmetric registered
[ 0.652038] Asymmetric key parser 'x509' registered
[ 0.656972] Block layer SCSI generic (bsg) driver version
0.4 loaded (major 244)
[ 0.664383] io scheduler mq-deadline registered
[ 0.668932] io scheduler kyber registered
[ 0.677135] EINJ: ACPI disabled.
[ 0.685891] imx-sdma 302c0000.dma-controller: Direct
firmware load for imx/sdma/sdma-imx7d.bin failed with error
-2
[ 0.693543] imx-sdma 302c0000.dma-controller: Falling
back to sysfs fallback for: imx/sdma/sdma-imx7d.bin
[ 0.710746] mxs-dma 33000000.dma-controller: initialized
[ 0.714250] Bus freq driver module loaded
[ 0.722266] Serial: 8250/16550 driver, 4 ports, IRQ
sharing enabled
[ 0.727674] 30890000.serial: ttymxc1 at MMIO 0x30890000
(irq = 34, base_baud = 1500000) is a IMX
[ 0.734595] printk: console [ttymxc1] enabled
[ 0.734595] printk: console [ttymxc1] enabled
[ 0.743235] printk: bootconsole [ec_imx6q0] disabled
[ 0.743235] printk: bootconsole [ec_imx6q0] disabled
[ 0.755182] imx-drm soc@0:bus@32c00000:display-subsystem:
no available port
[ 0.773488] loop: module loaded
[ 0.778553] imx ahci driver is registered.
[ 0.785346] spi_imx 30830000.spi: probed
[ 0.790183] spi-nor spi3.0: n25q256ax1 (32768 Kbytes)
[ 0.795277] 7 fixed-partitions partitions found on MTD
device 30bb0000.spi
[ 0.802157] Creating 7 MTD partitions on "30bb0000.spi":
[ 0.807477] 0x000000000000-0x000000200000 : "U-Boot"
[ 0.817371] 0x000000200000-0x000000202000 : "U-Boot Env"
[ 0.822696] mtd: partition "U-Boot Env" doesn't end on an
erase/write block -- force read-only
[ 0.833323] 0x000000202000-0x000000204000 : "U-Boot Env
2"
[ 0.838819] mtd: partition "U-Boot Env 2" doesn't start
on an erase/write block boundary -- force read-only
[ 0.853314] 0x000000204000-0x000000205000 : "boot.scr"
[ 0.858463] mtd: partition "boot.scr" doesn't start on an
erase/write block boundary -- force read-only
[ 0.869306] 0x000000205000-0x000000210000 : "Device Tree
Blob"
[ 0.875150] mtd: partition "Device Tree Blob" doesn't
start on an erase/write block boundary -- force read-only
[ 0.889320] 0x000000210000-0x000000e10000 : "Compressed
Kernel"
[ 0.897335] 0x000000e10000-0x000002000000 : "SquashFS"
[ 0.906575] libphy: Fixed MDIO Bus: probed
[ 0.911375] tun: Universal TUN/TAP device driver, 1.6
[ 0.917133] thunder_xcv, ver 1.0
[ 0.920386] thunder_bgx, ver 1.0
[ 0.923649] nicpf, ver 1.0
[ 0.927576] pps pps0: new PPS source ptp0
[ 0.944110] libphy: fec_enet_mii_bus: probed
[ 0.948923] fec 30be0000.ethernet eth0: registered PHC
device 0
[ 0.955395] Freescale FM module, FMD API version 21.1.0
[ 0.960856] Freescale FM Ports module
[ 0.964517] fsl_mac: fsl_mac: FSL FMan MAC API based
driver
[ 0.970260] fsl_dpa: FSL DPAA Ethernet driver
[ 0.974714] fsl_advanced: FSL DPAA Advanced drivers:
[ 0.979684] fsl_proxy: FSL DPAA Proxy initialization
driver
[ 0.985344] fsl_oh: FSL FMan Offline Parsing port driver
[ 0.991426] hclge is initializing
[ 0.994751] hns3: Hisilicon Ethernet Network Driver for
Hip08 Family - version
[ 1.001977] hns3: Copyright (c) 2017 Huawei Corporation.
[ 1.007347] e1000: Intel(R) PRO/1000 Network Driver -
version 7.3.21-k8-NAPI
[ 1.014400] e1000: Copyright (c) 1999-2006 Intel
Corporation.
[ 1.020176] e1000e: Intel(R) PRO/1000 Network Driver -
3.2.6-k
[ 1.026012] e1000e: Copyright(c) 1999 - 2015 Intel
Corporation.
[ 1.031967] igb: Intel(R) Gigabit Ethernet Network Driver
- version 5.6.0-k
[ 1.038938] igb: Copyright (c) 2007-2014 Intel
Corporation.
[ 1.044545] igbvf: Intel(R) Gigabit Virtual Function
Network Driver - version 2.4.0-k
[ 1.052378] igbvf: Copyright (c) 2009 - 2012 Intel
Corporation.
[ 1.058433] sky2: driver version 1.30
[ 1.062933] VFIO - User Level meta-driver version: 0.3
[ 1.069701] ehci_hcd: USB 2.0 'Enhanced' Host Controller
(EHCI) Driver
[ 1.076239] ehci-pci: EHCI PCI platform driver
[ 1.080767] ehci-platform: EHCI generic platform driver
[ 1.086146] ohci_hcd: USB 1.1 'Open' Host Controller
(OHCI) Driver
[ 1.092348] ohci-pci: OHCI PCI
platform driver
[ 1.096826] ohci-platform: OHCI generic platform driver
[ 1.102542] usbcore: registered new interface
driver usb-storage
[ 1.108613] usbcore: registered new interface driver
usbserial_generic
[ 1.115159] usbserial: USB Serial support registered for
generic
[ 1.121191] usbcore: registered new interface driver
ftdi_sio
[ 1.126952] usbserial: USB Serial support registered for
FTDI USB Serial Device
[ 1.134291] usbcore: registered new interface driver
usb_serial_simple
[ 1.140836] usbserial: USB Serial support registered for
carelink
[ 1.146944] usbserial: USB Serial support registered for
zio
[ 1.152619] usbserial: USB Serial support registered for
funsoft
[ 1.158641] usbserial: USB Serial support registered for
flashloader
[ 1.165010] usbserial: USB Serial support registered for
google
[ 1.170946] usbserial: USB Serial support registered for
libtransistor
[ 1.177489] usbserial: USB Serial support registered for
vivopay
[ 1.183513] usbserial: USB Serial support registered for
moto_modem
[ 1.189801] usbserial: USB Serial support registered for
motorola_tetra
[ 1.196438] usbserial: USB Serial support registered for
novatel_gps
[ 1.202809] usbserial: USB Serial support registered for
hp4x
[ 1.208572] usbserial: USB Serial support registered for
suunto
[ 1.214508] usbserial: USB Serial support registered for
siemens_mpi
[ 1.223211] input: 30370000.snvs:snvs-powerkey as
/devices/platform/soc@0/soc@0:bus@30000000/30370000.snvs/30370000.snvs:snvs-powerkey/input/input0
[ 1.238238] snvs_rtc 30370000.snvs:snvs-rtc-lp:
registered as rtc0
[ 1.244505] i2c /dev entries driver
[ 1.252447] imx2-wdt 30280000.watchdog: timeout 60 sec
(nowayout=0)
[ 1.258987] Bluetooth: HCI UART driver ver 2.3
[ 1.263444] Bluetooth: HCI UART protocol H4 registered
[ 1.268589] Bluetooth: HCI UART protocol BCSP registered
[ 1.273925] Bluetooth: HCI UART protocol LL registered
[ 1.279069] Bluetooth: HCI UART protocol ATH3K registered
[ 1.284486] Bluetooth: HCI UART protocol Three-wire (H5)
registered
[ 1.290836] Bluetooth: HCI UART protocol Broadcom
registered
[ 1.296520] Bluetooth: HCI UART protocol QCA registered
[ 1.303494] sdhci: Secure Digital Host Controller
Interface driver
[ 1.309687] sdhci: Copyright(c) Pierre Ossman
[ 1.314212] Synopsys Designware Multimedia Card Interface
Driver
[ 1.320736] sdhci-pltfm: SDHCI platform and OF driver
helper
[ 1.327135] mmc1: CQHCI version 5.10
[ 1.331200] mmc2: CQHCI version 5.10
[ 1.366866] mmc2: SDHCI controller on 30b60000.mmc
[30b60000.mmc] using ADMA
[ 1.376165] ledtrig-cpu: registered to indicate activity
on CPUs
[ 1.383297] caam 30900000.crypto: device ID =
0x0a16040100000000 (Era 9)
[ 1.390069] caam 30900000.crypto: job rings = 3, qi = 0
[ 1.404678] caam algorithms registered in /proc/crypto
[ 1.410556] caam 30900000.crypto: caam pkc algorithms
registered in /proc/crypto
[ 1.420079] caam_jr 30901000.jr: registering rng-caam
[ 1.429895] caam-snvs 30370000.caam-snvs: can't get snvs
clock
[ 1.435783] caam-snvs 30370000.caam-snvs: violation
handlers armed - non-secure state
[ 1.444200] usbcore: registered new interface driver
usbhid
[ 1.449780] usbhid: USB HID core driver
[ 1.455330] No fsl,qman node
[ 1.458228] Freescale USDPAA process driver
[ 1.462416] fsl-usdpaa: no region found
[ 1.466254] Freescale USDPAA process IRQ driver
[ 1.474284] optee: probing for conduit method from DT.
[ 1.479448] optee: revision 3.2 (6a22e6e8)
[ 1.480265] optee: dynamic shared memory is enabled
[ 1.489481] optee: initialized driver
[ 1.495289] mmc2: Command Queue Engine enabled
[ 1.496837] wm8524-codec audio-codec: Failed to get mute
line: -517
[ 1.499792] mmc2: new HS400 Enhanced strobe MMC card at
address 0001
[ 1.506505] OF: /sound-bt-sco/simple-audio-card,cpu:
could not get #sound-dai-cells for
/soc@0/bus@30000000/sai@30020000
[ 1.513508] mmcblk2: mmc2:0001 DG4016 7.49 GiB
[ 1.523248] asoc-simple-card sound-bt-sco: parse error
-22
[ 1.523265] asoc-simple-card: probe of sound-bt-sco
failed with error -22
[ 1.527908] mmcblk2boot0: mmc2:0001 DG4016 partition 1
4.00 MiB
[ 1.546163] mmcblk2boot1: mmc2:0001 DG4016 partition 2
4.00 MiB
[ 1.547285] pktgen: Packet Generator for packet
performance testing. Version: 2.75
[ 1.552232] mmcblk2gp0: mmc2:0001 DG4016 partition 4 3.52
GiB
[ 1.565904] mmcblk2rpmb: mmc2:0001 DG4016 partition 3
4.00 MiB, chardev (237:0)
[ 1.566798] NET: Registered protocol family 26
[ 1.578184] NET: Registered protocol family 10
[ 1.582998] mmcblk2: p1 p2
[ 1.583960] Segment Routing with IPv6
[ 1.589559] NET: Registered protocol family 17
[ 1.594201] mmcblk2gp0: p1 p2
[ 1.594430] Bluetooth: RFCOMM TTY layer initialized
[ 1.602179] Bluetooth: RFCOMM socket layer initialized
[ 1.607335] Bluetooth: RFCOMM ver 1.11
[ 1.611099] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
[ 1.616414] Bluetooth: BNEP filters: protocol multicast
[ 1.621653] Bluetooth: BNEP socket layer initialized
[ 1.626623] Bluetooth: HIDP (Human Interface Emulation)
ver 1.2
[ 1.632549] Bluetooth: HIDP socket layer initialized
[ 1.637554] 8021q: 802.1Q VLAN Support v1.8
[ 1.641764] lib80211: common routines for IEEE802.11
drivers
[ 1.647544] 9pnet: Installing 9P2000 support
[ 1.651845] tsn generic netlink module v1 init...
[ 1.656632] Key type dns_resolver registered
[ 1.661668] registered taskstats version 1
[ 1.665794] Loading compiled-in X.509 certificates
[ 1.692510] usb_phy_generic usbphynop1: usbphynop1 supply
vcc not found, using dummy regulator
[ 1.701297] usb_phy_generic usbphynop2: usbphynop2 supply
vcc not found, using dummy regulator
[ 1.733590] random: fast init done
[ 1.738992] LDO6: supplied by regulator-dummy
[ 1.743499] i2c i2c-0: IMX I2C adapter registered
[ 1.749209] i2c i2c-1: IMX I2C adapter registered
[ 1.754765] i2c i2c-2: IMX I2C adapter registered
[ 1.760259] i2c i2c-3: IMX I2C adapter registered
[ 1.765281] imx-cpufreq-dt imx-cpufreq-dt: cpu speed
grade 2 mkt segment 2 supported-hw 0x4 0x4
[ 1.777862] mmc1: CQHCI version 5.10
[ 1.781506] sdhci-esdhc-imx 30b50000.mmc: Got CD GPIO
[ 1.817451] mmc1: SDHCI controller on 30b50000.mmc
[30b50000.mmc] using ADMA
[ 1.826135] imx8mm-pinctrl 30330000.pinctrl: pin
MX8MM_IOMUXC_I2C4_SDA already requested by 30a50000.i2c;
cannot claim for audio-codec
[ 1.838253] imx8mm-pinctrl 30330000.pinctrl: pin-140
(audio-codec) status -22
[ 1.845397] imx8mm-pinctrl 30330000.pinctrl: could not
request pin 140 (MX8MM_IOMUXC_I2C4_SDA) from group
gpiowlfgrp on device 30330000.pinctrl
[ 1.858357] wm8524-codec audio-codec: Error applying
setting, reverse things back
[ 1.865856] wm8524-codec: probe of audio-codec failed
with error -22
[ 1.876549] input: bd718xx-pwrkey as
/devices/platform/soc@0/soc@0:bus@30800000/30a20000.i2c/i2c-0/0-004b/gpio-keys.1.auto/input/input1
[ 1.890300] snvs_rtc 30370000.snvs:snvs-rtc-lp: setting
system clock to 1970-01-01T00:00:00 UTC (0)
[ 1.899718] cfg80211: Loading compiled-in X.509
certificates for regulatory database
[ 1.911354] cfg80211: Loaded X.509 cert 'sforshee:
00b28ddf47aef9cea7'
[ 1.917963] platform regulatory.0: Direct firmware load
for regulatory.db failed with error -2
[ 1.923612] ALSA device list:
[ 1.926586] platform regulatory.0: Falling back to sysfs
fallback for: regulatory.db
[ 1.929550] No soundcards found.
[ 1.947317] EXT4-fs (mmcblk2p2): mounted filesystem with
ordered data mode. Opts: (null)
[ 1.955496] VFS: Mounted root (ext4 filesystem) readonly
on device 179:2.
[ 1.963119] devtmpfs: mounted
[ 1.966900] Freeing unused kernel memory: 2880K
[ 1.989378] Run /sbin/init as init process
[ 2.059403] audit: type=1404 audit(1.969:2): enforcing=1
old_enforcing=0 auid=4294967295 ses=4294967295 enabled=1
old-enabled=1 lsm=selinux res=1
[ 2.199361] SELinux: Permission watch in class
filesystem not defined in policy.
[ 2.206919] SELinux: Permission watch in class file not
defined in policy.
[ 2.213885] SELinux: Permission watch_mount in class
file not defined in policy.
[ 2.221377] SELinux: Permission watch_sb in class file
not defined in policy.
[ 2.228601] SELinux: Permission watch_with_perm in class
file not defined in policy.
[ 2.236441] SELinux: Permission watch_reads in class
file not defined in policy.
[ 2.243935] SELinux: Permission watch in class dir not
defined in policy.
[ 2.250819] SELinux: Permission watch_mount in class dir
not defined in policy.
[ 2.258216] SELinux: Permission watch_sb in class dir
not defined in policy.
[ 2.265361] SELinux: Permission watch_with_perm in class
dir not defined in policy.
[ 2.273105] SELinux: Permission watch_reads in class dir
not defined in policy.
[ 2.280520] SELinux: Permission watch in class lnk_file
not defined in policy.
[ 2.287830] SELinux: Permission watch_mount in class
lnk_file not defined in policy.
[ 2.295669] SELinux: Permission watch_sb in class
lnk_file not defined in policy.
[ 2.303239] SELinux: Permission watch_with_perm in class
lnk_file not defined in policy.
[ 2.311429] SELinux: Permission watch_reads in class
lnk_file not defined in policy.
[ 2.319266] SELinux: Permission watch in class chr_file
not defined in policy.
[ 2.326585] SELinux: Permission watch_mount in class
chr_file not defined in policy.
[ 2.334416] SELinux: Permission watch_sb in class
chr_file not defined in policy.
[ 2.341994] SELinux: Permission watch_with_perm in class
chr_file not defined in policy.
[ 2.350172] SELinux: Permission watch_reads in class
chr_file not defined in policy.
[ 2.358021] SELinux: Permission watch in class blk_file
not defined in policy.
[ 2.365332] SELinux: Permission watch_mount in class
blk_file not defined in policy.
[ 2.373171] SELinux: Permission watch_sb in class
blk_file not defined in policy.
[ 2.380742] SELinux: Permission watch_with_perm in class
blk_file not defined in policy.
[ 2.388927] SELinux: Permission watch_reads in class
blk_file not defined in policy.
[ 2.396765] SELinux: Permission watch in class sock_file
not defined in policy.
[ 2.404171] SELinux: Permission watch_mount in class
sock_file not defined in policy.
[ 2.412088] SELinux: Permission watch_sb in class
sock_file not defined in policy.
[ 2.419757] SELinux: Permission watch_with_perm in class
sock_file not defined in policy.
[ 2.428022] SELinux: Permission watch_reads in class
sock_file not defined in policy.
[ 2.435953] SELinux: Permission watch in class fifo_file
not defined in policy.
[ 2.443350] SELinux: Permission watch_mount in class
fifo_file not defined in policy.
[ 2.451275] SELinux: Permission watch_sb in class
fifo_file not defined in policy.
[ 2.458933] SELinux: Permission watch_with_perm in class
fifo_file not defined in policy.
[ 2.467206] SELinux: Permission watch_reads in class
fifo_file not defined in policy.
[ 2.475450] SELinux: the above unknown classes and
permissions will be allowed
[ 2.482716] SELinux: policy capability
network_peer_controls=1
[ 2.488638] SELinux: policy capability open_perms=1
[ 2.493612] SELinux: policy capability
extended_socket_class=1
[ 2.499534] SELinux: policy capability
always_check_network=0
[ 2.505375] SELinux: policy capability cgroup_seclabel=1
[ 2.510776] SELinux: policy capability
nnp_nosuid_transition=1
[ 2.551944] audit: type=1403 audit(2.461:3):
auid=4294967295 ses=4294967295 lsm=selinux res=1
[ 2.560140] systemd[1]: Successfully loaded SELinux
policy in 501.858ms.
[ 2.585453] systemd[1]: System time before build time,
advancing clock.
[ 2.596311] systemd[1]: Unable to fix SELinux security
context of /dev: Operation not permitted
[ 2.596451] audit: type=1401 audit(1600598638.004:4):
op=security_validate_transition seresult=denied
oldcontext=system_u:object_r:device_t:s15:c0.c1023
newcontext=system_u:object_r:device_t:s0
taskcontext=system_u:system_r:kernel_t:s15:c0.c1023 tclassr
[ 2.606247] systemd[1]: Failed to mount tmpfs at
/dev/shm: No such file or directory
[ 2.627743] audit: type=1400 audit(1600598638.016:5):
avc: denied { create } for pid=1 comm="systemd"
name="shm" scontext=system_u:system_r:kernel_t:s15:c0.c1023
tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
permissive=0
[ 2.637910] systemd[1]: Unable to fix SELinux security
context of /run: Operation not permitted
[ 2.655581] audit: type=1400 audit(1600598638.044:6):
avc: denied { create } for pid=1 comm="systemd"
name="pts" scontext=system_u:system_r:kernel_t:s15:c0.c1023
tcontext=system_u:object_r:devpts_t:s0-s15:c0.c1023
tclass=dir permissive=0
[ 2.665724] systemd[1]: Unable to fix SELinux security
context of /sys/fs/cgroup: Operation not permitted
[ 2.685536] audit: type=1401 audit(1600598638.048:7):
op=security_validate_transition seresult=denied
oldcontext=system_u:object_r:tmpfs_t:s15:c0.c1023
newcontext=system_u:object_r:var_run_t:s0-s15:c0.c1023
taskcontext=system_u:system_r:kernel_t:s15:c0r
[ 2.719230] audit: type=1401 audit(1600598638.076:8):
op=security_validate_transition seresult=denied
oldcontext=system_u:object_r:tmpfs_t:s15:c0.c1023
newcontext=system_u:object_r:cgroup_t:s0
taskcontext=system_u:system_r:kernel_t:s15:c0.c1023 tclass=r
[ 2.741846] audit: type=1400 audit(1600598638.108:9):
avc: denied { create } for pid=1 comm="systemd"
name="bpf" scontext=system_u:system_r:kernel_t:s15:c0.c1023
tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
permissive=0
[!!!!!!] Failed to
mount API filesystems.
[ 2.780814] systemd[1]: Freezing execution.
|
