Date   

Re: Automate updating of SRCREV

Martin Jansa
 

On Fri, May 14, 2021 at 07:58:02AM -0700, Oliver Westermann wrote:
Hey,

maybe somebody already has something for this before I reinvent the wheel ;-) We've several internal tools that mostly have their own CI and are referenced in our yocto layers to be picked up by the nightly build. Usually we manually update the SRCREV and add a `git log --oneline --no-decorate <old_rev>...<new_rev>` into the update commit. That way you can easily scroll over your eg kernel repo to figure out which commit went in when. But by now we have more and more internal tools, all require regular updates so we would like to add a little CI task to update our SRCREVs.

Is there an easy way to tell bitbake / devtool to change a variable like SRCREV? I played around with various combinations of devtool modify, update-recipe and edit-recipe, but I could not get it to work as I expect.

My current goal for my script would be to use a flow roughly following this:

* Get the repo URL & branch from SRC_URI (eg by a bitbake -e <recipe> and some grep magic)
* Do a shallow clone in a temp dir
* Get new HEAD commit for branch, compare with current
* create git log for commit message
* update REV in recipe
* commit

Looking forward to suggestions, Olli
If you really want to update SRCREVs often for CI jobs, then I would
setup separate job with some .inc file which sets SRCREVs of all the
components you want to test to AUTOREV and let it run as often you can
afford (even triggered from every push if your builds are quick or you
have many builders available).

Then whenever you want to "release" you can either dump the last built
revisions from this AUTOREV-build (either directly from
cache/bb_persist_data.sqlite3 or from e.g. buildhistory and dump them in
some release-1.2.3.inc included by your DISTRO (or update SRCREVs in the
individual recipes).

Regards,


Automate updating of SRCREV

Oliver Westermann
 

Hey,

maybe somebody already has something for this before I reinvent the wheel ;-) We've several internal tools that mostly have their own CI and are referenced in our yocto layers to be picked up by the nightly build. Usually we manually update the SRCREV and add a `git log --oneline --no-decorate <old_rev>...<new_rev>` into the update commit. That way you can easily scroll over your eg kernel repo to figure out which commit went in when. But by now we have more and more internal tools, all require regular updates so we would like to add a little CI task to update our SRCREVs.

Is there an easy way to tell bitbake / devtool to change a variable like SRCREV? I played around with various combinations of devtool modify, update-recipe and edit-recipe, but I could not get it to work as I expect.

My current goal for my script would be to use a flow roughly following this:

* Get the repo URL & branch from SRC_URI (eg by a bitbake -e <recipe> and some grep magic)
* Do a shallow clone in a temp dir
* Get new HEAD commit for branch, compare with current
* create git log for commit message
* update REV in recipe
* commit

Looking forward to suggestions, Olli



Wic partition dir ownership #yocto

Alessandro Tagliapietra
 

Hi everyone,

I'm building an image for a raspberrypi 4, I have a readonly rootfs and I have multiple configs in a custom partition mounted in rw mode at /data
My wks file is

part --source bootimg-partition --ondisk mmcblk0 --fstype=vfat --label boot --active --align 4096 --size 100
part / --source rootfs --ondisk mmcblk0 --fstype=ext4 --label rootfs_A --align 4096 --overhead-factor 1
part / --source rootfs --ondisk mmcblk0 --fstype=ext4 --label rootfs_B --align 4096 --overhead-factor 1
part --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/data --ondisk mmcblk0 --fstype=ext4 --label data --align 1024 --size 1024

mount points for /boot and /data are skipped because I have a custom fstab file because otherwise rauc bundle won't mount them.

The problem is that while the rootfs has the correct permissions:

% wic ls tmp/deploy/images/raspberrypi4/myapp-dev-image-raspberrypi4.wic:3/data
debugfs 1.45.7 (28-Jan-2021)
    100   40755 (2)      0      0    4096  9-Mar-2018 04:34 .
      2   40755 (2)      0      0    4096 14-May-2021 02:26 ..
    101   40740 (2)      0      0    4096  9-Mar-2018 04:34 dropbear
    102   40755 (2)   1000   1000    4096  9-Mar-2018 04:34 node-red
    105   40740 (2)      0      0    4096  9-Mar-2018 04:34 openvpn

the partition created by wic (which should copy rootfs/data) doesn't:

alex-desktop% wic ls tmp/deploy/images/raspberrypi4/myapp-dev-image-raspberrypi4.wic:4     
debugfs 1.45.7 (28-Jan-2021)
      2   40755 (2)      0      0    4096 14-May-2021 02:26 .
      2   40755 (2)      0      0    4096 14-May-2021 02:26 ..
     11   40700 (2)      0      0   16384 14-May-2021 02:26 lost+found
     12   40740 (2)   1000   1000    4096  9-Mar-2018 04:34 dropbear
     13   40755 (2)   1000   1000    4096  9-Mar-2018 04:34 node-red
     16   40740 (2)   1000   1000    4096  9-Mar-2018 04:34 openvpn

where is this difference coming from? Isn't possible for wic to maintain the same dir ownership?

Thanks


[meta-selinux][PATCH 2/2] MAINTAINERS: update email address

Armin Kuster
 

Include example send-email

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
MAINTAINERS | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 36c451f..0dc492e 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1,7 +1,14 @@
This file contains a list of maintainers for the meta-selinux layer.

Please submit any patches against meta-selinux to the Yocto Project mailing
-list (yocto@yoctoproject.org).
+list (yocto@lists.yoctoproject.org).
+
+git send-email -1 --to yocto@lists.yoctoproject.org --subject-prefix=meta-selinux][PATCH
+
+These values can be set as defaults for this repository:
+
+$ git config sendemail.to yocto@lists.yoctoproject.org
+$ git config format.subjectPrefix meta-selinux][PATCH

You may also contact the maintainers directly.

--
2.17.1


[meta-selinux][PATCH 1/2] audit: pkg now in meta-oe

Armin Kuster
 

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../Fixed-swig-host-contamination-issue.patch | 57 -------
.../audit/audit/audit-volatile.conf | 1 -
recipes-security/audit/audit/auditd | 153 ------------------
recipes-security/audit/audit/auditd.service | 28 ----
recipes-security/audit/audit_3.0.1.bb | 109 -------------
5 files changed, 348 deletions(-)
delete mode 100644 recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch
delete mode 100644 recipes-security/audit/audit/audit-volatile.conf
delete mode 100644 recipes-security/audit/audit/auditd
delete mode 100644 recipes-security/audit/audit/auditd.service
delete mode 100644 recipes-security/audit/audit_3.0.1.bb

diff --git a/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch b/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch
deleted file mode 100644
index 740bcb5..0000000
--- a/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 3d13f92c1bb293523670ba01aea7e655b00a6709 Mon Sep 17 00:00:00 2001
-From: Li xin <lixin.fnst@cn.fujitsu.com>
-Date: Sun, 19 Jul 2015 02:42:58 +0900
-Subject: [PATCH] audit: Fixed swig host contamination issue
-
-The audit build uses swig to generate a python wrapper.
-Unfortunately, the swig info file references host include
-directories. Some of these were previously noticed and
-eliminated, but the one fixed here was not.
-
-Upstream-Status: Inappropriate [embedded specific]
-
-Signed-off-by: Anders Hedlund <anders.hedlund@windriver.com>
-Signed-off-by: Joe Slater <jslater@windriver.com>
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- bindings/swig/python3/Makefile.am | 3 ++-
- bindings/swig/src/auditswig.i | 2 +-
- 2 files changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/bindings/swig/python3/Makefile.am b/bindings/swig/python3/Makefile.am
-index dd9d934..61b486d 100644
---- a/bindings/swig/python3/Makefile.am
-+++ b/bindings/swig/python3/Makefile.am
-@@ -22,6 +22,7 @@
- CONFIG_CLEAN_FILES = *.loT *.rej *.orig
- AM_CFLAGS = -fPIC -DPIC -fno-strict-aliasing $(PYTHON3_CFLAGS)
- AM_CPPFLAGS = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES)
-+STDINC ?= /usr/include
- LIBS = $(top_builddir)/lib/libaudit.la
- SWIG_FLAGS = -python -py3 -modern
- SWIG_INCLUDES = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES)
-@@ -36,7 +37,7 @@ _audit_la_DEPENDENCIES =${top_srcdir}/lib/libaudit.h ${top_builddir}/lib/libaudi
- _audit_la_LIBADD = ${top_builddir}/lib/libaudit.la
- nodist__audit_la_SOURCES = audit_wrap.c
- audit.py audit_wrap.c: ${srcdir}/../src/auditswig.i
-- swig -o audit_wrap.c ${SWIG_FLAGS} ${SWIG_INCLUDES} ${srcdir}/../src/auditswig.i
-+ swig -o audit_wrap.c ${SWIG_FLAGS} ${SWIG_INCLUDES} -I$(STDINC) ${srcdir}/../src/auditswig.i
-
- CLEANFILES = audit.py* audit_wrap.c *~
-
-diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i
-index 21aafca..dd0f62c 100644
---- a/bindings/swig/src/auditswig.i
-+++ b/bindings/swig/src/auditswig.i
-@@ -39,7 +39,7 @@ signed
- #define __attribute(X) /*nothing*/
- typedef unsigned __u32;
- typedef unsigned uid_t;
--%include "/usr/include/linux/audit.h"
-+%include "linux/audit.h"
- #define __extension__ /*nothing*/
- %include <stdint.i>
- %include "../lib/libaudit.h"
---
-2.17.1
-
diff --git a/recipes-security/audit/audit/audit-volatile.conf b/recipes-security/audit/audit/audit-volatile.conf
deleted file mode 100644
index 9cbe154..0000000
--- a/recipes-security/audit/audit/audit-volatile.conf
+++ /dev/null
@@ -1 +0,0 @@
-d /var/log/audit 0750 root root -
diff --git a/recipes-security/audit/audit/auditd b/recipes-security/audit/audit/auditd
deleted file mode 100644
index 6aa7f94..0000000
--- a/recipes-security/audit/audit/auditd
+++ /dev/null
@@ -1,153 +0,0 @@
-#! /bin/sh
-### BEGIN INIT INFO
-# Provides: auditd
-# Required-Start: $local_fs
-# Required-Stop: $local_fs
-# Default-Start: 2 3 4 5
-# Default-Stop: 0 1 6
-# Short-Description: Audit Daemon
-# Description: Collects audit information from Linux 2.6 Kernels.
-### END INIT INFO
-
-# Author: Philipp Matthias Hahn <pmhahn@debian.org>
-# Based on Debians /etc/init.d/skeleton and Auditds init.d/auditd.init
-
-# June, 2012: Adopted for yocto <amy.fong@windriver.com>
-
-# PATH should only include /usr/* if it runs after the mountnfs.sh script
-PATH=/sbin:/bin:/usr/sbin:/usr/bin
-DESC="audit daemon"
-NAME=auditd
-DAEMON=/sbin/auditd
-PIDFILE=/var/run/"$NAME".pid
-SCRIPTNAME=/etc/init.d/"$NAME"
-
-# Exit if the package is not installed
-[ -x "$DAEMON" ] || exit 0
-
-# Read configuration variable file if it is present
-[ -r /etc/default/"$NAME" ] && . /etc/default/"$NAME"
-
-. /etc/default/rcS
-
-. /etc/init.d/functions
-
-#
-# Function that starts the daemon/service
-#
-do_start()
-{
- # Return
- # 0 if daemon has been started
- # 1 if daemon was already running
- # 2 if daemon could not be started
- start-stop-daemon -S --quiet --pidfile "$PIDFILE" --exec "$DAEMON" --test > /dev/null \
- || return 1
- start-stop-daemon -S --quiet --pidfile "$PIDFILE" --exec "$DAEMON" -- \
- $EXTRAOPTIONS \
- || return 2
- if [ -f /etc/audit/audit.rules ]
- then
- /sbin/auditctl -R /etc/audit/audit.rules >/dev/null
- fi
-}
-
-#
-# Function that stops the daemon/service
-#
-do_stop()
-{
- # Return
- # 0 if daemon has been stopped
- # 1 if daemon was already stopped
- # 2 if daemon could not be stopped
- # other if a failure occurred
- start-stop-daemon -K --quiet --pidfile "$PIDFILE" --name "$NAME"
- RETVAL="$?"
- [ "$RETVAL" = 2 ] && return 2
- # Many daemons don't delete their pidfiles when they exit.
- rm -f "$PIDFILE"
- rm -f /var/run/audit_events
- # Remove watches so shutdown works cleanly
- case "$AUDITD_CLEAN_STOP" in
- no|NO) ;;
- *) /sbin/auditctl -D >/dev/null ;;
- esac
- return "$RETVAL"
-}
-
-#
-# Function that sends a SIGHUP to the daemon/service
-#
-do_reload() {
- start-stop-daemon -K --signal HUP --quiet --pidfile $PIDFILE --name $NAME
- return 0
-}
-
-if [ ! -e /var/log/audit ]; then
- mkdir -p /var/log/audit
- [ -x /sbin/restorecon ] && /sbin/restorecon -F $(readlink -f /var/log/audit)
-fi
-
-case "$1" in
- start)
- [ "$VERBOSE" != no ] && echo "Starting $DESC" "$NAME"
- do_start
- case "$?" in
- 0|1) [ "$VERBOSE" != no ] && echo 0 ;;
- 2) [ "$VERBOSE" != no ] && echo 1 ;;
- esac
- ;;
- stop)
- [ "$VERBOSE" != no ] && echo "Stopping $DESC" "$NAME"
- do_stop
- case "$?" in
- 0|1) [ "$VERBOSE" != no ] && echo 0 ;;
- 2) [ "$VERBOSE" != no ] && echo 1 ;;
- esac
- ;;
- reload|force-reload)
- echo "Reloading $DESC" "$NAME"
- do_reload
- echo $?
- ;;
- restart)
- echo "Restarting $DESC" "$NAME"
- do_stop
- case "$?" in
- 0|1)
- do_start
- case "$?" in
- 0) echo 0 ;;
- 1) echo 1 ;; # Old process is still running
- *) echo 1 ;; # Failed to start
- esac
- ;;
- *)
- # Failed to stop
- echo 1
- ;;
- esac
- ;;
- rotate)
- echo "Rotating $DESC logs" "$NAME"
- start-stop-daemon -K --signal USR1 --quiet --pidfile "$PIDFILE" --name "$NAME"
- echo $?
- ;;
- status)
- pidofproc "$DAEMON" >/dev/null
- status=$?
- if [ $status -eq 0 ]; then
- echo "$NAME is running."
- else
- echo "$NAME is not running."
- fi
- exit $status
- ;;
- *)
- echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload|rotate|status}" >&2
- exit 3
- ;;
-esac
-
-:
diff --git a/recipes-security/audit/audit/auditd.service b/recipes-security/audit/audit/auditd.service
deleted file mode 100644
index 06c63f0..0000000
--- a/recipes-security/audit/audit/auditd.service
+++ /dev/null
@@ -1,28 +0,0 @@
-[Unit]
-Description=Security Auditing Service
-DefaultDependencies=no
-After=local-fs.target systemd-tmpfiles-setup.service
-Before=sysinit.target shutdown.target
-Conflicts=shutdown.target
-ConditionKernelCommandLine=!audit=0
-
-[Service]
-Type=forking
-PIDFile=/run/auditd.pid
-ExecStart=/sbin/auditd
-## To use augenrules, uncomment the next line and comment/delete the auditctl line.
-## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/
-#ExecStartPost=-/sbin/augenrules --load
-ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
-# By default we don't clear the rules on exit.
-# To enable this, uncomment the next line.
-#ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules
-
-### Security Settings ###
-MemoryDenyWriteExecute=true
-LockPersonality=true
-ProtectControlGroups=true
-ProtectKernelModules=true
-
-[Install]
-WantedBy=multi-user.target
diff --git a/recipes-security/audit/audit_3.0.1.bb b/recipes-security/audit/audit_3.0.1.bb
deleted file mode 100644
index ba24d36..0000000
--- a/recipes-security/audit/audit_3.0.1.bb
+++ /dev/null
@@ -1,109 +0,0 @@
-SUMMARY = "User space tools for kernel auditing"
-DESCRIPTION = "The audit package contains the user space utilities for \
-storing and searching the audit records generated by the audit subsystem \
-in the Linux kernel."
-HOMEPAGE = "http://people.redhat.com/sgrubb/audit/"
-SECTION = "base"
-LICENSE = "GPLv2+ & LGPLv2+"
-LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
-
-SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=master \
- file://Fixed-swig-host-contamination-issue.patch \
- file://auditd \
- file://auditd.service \
- file://audit-volatile.conf \
-"
-
-S = "${WORKDIR}/git"
-SRCREV = "46cb7d92443c9ec7b3af15fb0baa65f65f6415d3"
-
-inherit autotools python3native update-rc.d systemd
-
-UPDATERCPN = "auditd"
-INITSCRIPT_NAME = "auditd"
-INITSCRIPT_PARAMS = "defaults"
-
-SYSTEMD_PACKAGES = "auditd"
-SYSTEMD_SERVICE_auditd = "auditd.service"
-
-DEPENDS = "python3 tcp-wrappers libcap-ng linux-libc-headers swig-native"
-
-EXTRA_OECONF = " --with-libwrap \
- --enable-gssapi-krb5=no \
- --with-libcap-ng=yes \
- --with-python3=yes \
- --libdir=${base_libdir} \
- --sbindir=${base_sbindir} \
- --without-python \
- --without-golang \
- --disable-zos-remote \
- --with-arm=yes \
- --with-aarch64=yes \
- "
-
-EXTRA_OEMAKE = "PYLIBVER='python${PYTHON_BASEVERSION}' \
- PYINC='${STAGING_INCDIR}/$(PYLIBVER)' \
- pyexecdir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \
- STDINC='${STAGING_INCDIR}' \
- pkgconfigdir=${libdir}/pkgconfig \
- "
-
-SUMMARY_audispd-plugins = "Plugins for the audit event dispatcher"
-DESCRIPTION_audispd-plugins = "The audispd-plugins package provides plugins for the real-time \
-interface to the audit system, audispd. These plugins can do things \
-like relay events to remote machines or analyze events for suspicious \
-behavior."
-
-PACKAGES =+ "audispd-plugins"
-PACKAGES += "auditd ${PN}-python"
-
-FILES_${PN} = "${sysconfdir}/libaudit.conf ${base_libdir}/libaudit.so.1* ${base_libdir}/libauparse.so.*"
-FILES_auditd = "${bindir}/* ${base_sbindir}/* ${sysconfdir}/* ${datadir}/audit/*"
-FILES_audispd-plugins = "${sysconfdir}/audit/audisp-remote.conf \
- ${sysconfdir}/audit/plugins.d/au-remote.conf \
- ${sysconfdir}/audit/plugins.d/syslog.conf \
- ${base_sbindir}/audisp-remote \
- ${base_sbindir}/audisp-syslog \
- ${localstatedir}/spool/audit \
- "
-FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug"
-FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}"
-
-CONFFILES_auditd = "${sysconfdir}/audit/audit.rules"
-RDEPENDS_auditd = "bash"
-
-do_install_append() {
- rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a
- rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la
-
- # reuse auditd config
- [ ! -e ${D}/etc/default ] && mkdir ${D}/etc/default
- mv ${D}/etc/sysconfig/auditd ${D}/etc/default
- rmdir ${D}/etc/sysconfig/
-
- # replace init.d
- install -D -m 0755 ${WORKDIR}/auditd ${D}/etc/init.d/auditd
- rm -rf ${D}/etc/rc.d
-
- if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
- # install systemd unit files
- install -d ${D}${systemd_unitdir}/system
- install -m 0644 ${WORKDIR}/auditd.service ${D}${systemd_unitdir}/system
-
- install -d ${D}${sysconfdir}/tmpfiles.d/
- install -m 0644 ${WORKDIR}/audit-volatile.conf ${D}${sysconfdir}/tmpfiles.d/
- fi
-
- # audit-2.5 doesn't install any rules by default, so we do that here
- mkdir -p ${D}/etc/audit ${D}/etc/audit/rules.d
- cp ${S}/rules/10-base-config.rules ${D}/etc/audit/rules.d/audit.rules
-
- chmod 750 ${D}/etc/audit ${D}/etc/audit/rules.d
- chmod 640 ${D}/etc/audit/auditd.conf ${D}/etc/audit/rules.d/audit.rules
-
- # Based on the audit.spec "Copy default rules into place on new installation"
- cp ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules
-
- # Create /var/spool/audit directory for audisp-remote
- install -m 0700 -d ${D}${localstatedir}/spool/audit
-}
--
2.17.1


Re: meta-selinux issues. Depending on what I put in my local.conf, I get boot loops or can't log in.

Yi Zhao
 


On 5/14/21 9:40 AM, Brian Hutchinson wrote:
Hi,

Pretty new to selinux.  I've worked through a lot of issues to get this far but am stumped at the moment so any pointers, clues are appreciated.

I'm trying to add selinux to my custom image.  After running into problems, I decided it was best to start with building core-image-selinux for my NXP imx8mm-evk board as a reference for getting my custom image to work.

I'm using fscl-community-bsp meta-freescale Dunfell release which is building a 5.4.114 kernel.

My first issues were getting kernel config options right (.config attached).  I kept booting my rootfs and sestatus would result in selinux not being enabled.

After getting kernel config somewhat worked out, then I started getting either boot loops or locked out.

I'll stay focused on my core-image-selinux image as hopefully if I can get it working it will help me get my custom image working too.

Here is my last iteration of my local.conf that results in me not being able to log in.  With core-image-selinux image, it freezes before it gets to login prompt.  On my custom image, I get log in prompt but when I try to log in a root I get audit messages and dropped back to login prompt.

local.conf for core-image-selinux:

MACHINE ??= 'imx8mmevk'
DISTRO ?= 'poky'
PACKAGE_CLASSES ?= 'package_rpm'
EXTRA_IMAGE_FEATURES ?= "debug-tweaks"
DISTRO_FEATURES_remove = " sysvinit"
DISTRO_FEATURES_append += " acl xattr pam selinux systemd"
VIRTUAL-RUNTIME_init_manager = "systemd"
DISTRO_FEATURES_BACKFILL_CONSIDERED = ""
PREFERRED_PROVIDER_virtual/refpolicy ?= "refpolicy-mls"


You can try refpolicy-mcs or refpolicy-targeted. The mls policy doesn't work for systemed on dunfell.

//Yi

USER_CLASSES ?= "buildstats image-mklibs image-prelink"
IMAGE_FSTYPES += " tar.bz2 ext4 wic.bz2 wic.bmap"
PATCHRESOLVE = "noop"
BB_DISKMON_DIRS ??= "\
   STOPTASKS,${TMPDIR},1G,100K \
   STOPTASKS,${DL_DIR},1G,100K \
   STOPTASKS,${SSTATE_DIR},1G,100K \
   STOPTASKS,/tmp,100M,100K \
   ABORT,${TMPDIR},100M,1K \
   ABORT,${DL_DIR},100M,1K \
   ABORT,${SSTATE_DIR},100M,1K \
   ABORT,/tmp,10M,1K"
PACKAGECONFIG_append_pn-qemu-system-native = " sdl"
CONF_VERSION = "1"

DL_DIR ?= "${BSPDIR}/downloads/"
ACCEPT_FSL_EULA = "1"

At first I did not have DISTRO_FEATURES_remove = " sysvinit" or any systemd settings.  This is when I started getting boot loops as described here:

The board would boot and I'd get tons of these "/sbin/restorecon: Could not set context for " bla, bla, bla "Read-only file system" messages ... but then I'd get a login prompt and I'd be able to log in as root and run sestatus:

Poky (Yocto Project Reference Distro) 3.1.7 imx8mmevk ttymxc1

imx8mmevk login: root
root@imx8mmevk:~# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             mcs
Current mode:                   permissive
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     requested (insecure)
Max kernel policy version:      31

This is when I paid more attention to the meta-selinux README https://git.yoctoproject.org/cgit/cgit.cgi/meta-selinux/tree/README

... and added the DISTRO_FEATURES_remove = " sysvinit" and other systemd commands to my local.conf above since the "boot loop" link above talked about issues with sysvinit etc.

This left me with a boot that looks like this for my core-image-selinux build ... which locks up:

[    0.000000] Dentry cache hash table entries: 262144 (order: 9, 2097152 bytes, linear)
[    0.000000] Inode-cache hash table entries: 131072 (order: 8, 1048576 bytes, linear)
[    0.000000] mem auto-init: stack:off, heap alloc:off, heap free:off
[    0.000000] Memory: 1336216K/2064384K available (16508K kernel code, 1234K rwdata, 6480K rodata, 2880K init, 1038K bss, 72808K reserved, 655360K cma-reserved)
[    0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=4, Nodes=1
[    0.000000] rcu: Preemptible hierarchical RCU implementation.
[    0.000000] rcu:     RCU restricting CPUs from NR_CPUS=256 to nr_cpu_ids=4.
[    0.000000]  Tasks RCU enabled.
[    0.000000] rcu: RCU calculated value of scheduler-enlistment delay is 25 jiffies.
[    0.000000] rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=4
[    0.000000] NR_IRQS: 64, nr_irqs: 64, preallocated irqs: 0
[    0.000000] GICv3: GIC: Using split EOI/Deactivate mode
[    0.000000] GICv3: 128 SPIs implemented
[    0.000000] GICv3: 0 Extended SPIs implemented
[    0.000000] GICv3: Distributor has no Range Selector support
[    0.000000] GICv3: 16 PPIs implemented
[    0.000000] GICv3: no VLPI support, no direct LPI support
[    0.000000] GICv3: CPU0: found redistributor 0 region 0:0x0000000038880000
[    0.000000] ITS: No ITS available, not enabling LPIs
[    0.000000] random: get_random_bytes called from start_kernel+0x2b8/0x43c with crng_init=0
[    0.000000] arch_timer: cp15 timer(s) running at 8.00MHz (phys).
[    0.000000] clocksource: arch_sys_counter: mask: 0xffffffffffffff max_cycles: 0x1d854df40, max_idle_ns: 440795202120 ns
[    0.000003] sched_clock: 56 bits at 8MHz, resolution 125ns, wraps every 2199023255500ns
[    0.008459] Console: colour dummy device 80x25
[    0.012580] Calibrating delay loop (skipped), value calculated using timer frequency.. 16.00 BogoMIPS (lpj=32000)
[    0.022844] pid_max: default: 32768 minimum: 301
[    0.027543] LSM: Security Framework initializing
[    0.032140] SELinux:  Initializing.
[    0.035681] Mount-cache hash table entries: 4096 (order: 3, 32768 bytes, linear)
[    0.043062] Mountpoint-cache hash table entries: 4096 (order: 3, 32768 bytes, linear)
[    0.052070] ASID allocator initialised with 32768 entries
[    0.056440] rcu: Hierarchical SRCU implementation.
[    0.062118] EFI services will not be available.
[    0.065893] smp: Bringing up secondary CPUs ...
[    0.070649] Detected VIPT I-cache on CPU1
[    0.070672] GICv3: CPU1: found redistributor 1 region 0:0x00000000388a0000
[    0.070703] CPU1: Booted secondary processor 0x0000000001 [0x410fd034]
[    0.071102] Detected VIPT I-cache on CPU2
[    0.071119] GICv3: CPU2: found redistributor 2 region 0:0x00000000388c0000
[    0.071137] CPU2: Booted secondary processor 0x0000000002 [0x410fd034]
[    0.071503] Detected VIPT I-cache on CPU3
[    0.071518] GICv3: CPU3: found redistributor 3 region 0:0x00000000388e0000
[    0.071533] CPU3: Booted secondary processor 0x0000000003 [0x410fd034]
[    0.071584] smp: Brought up 1 node, 4 CPUs
[    0.126889] SMP: Total of 4 processors activated.
[    0.131608] CPU features: detected: 32-bit EL0 Support
[    0.136780] CPU features: detected: CRC32 instructions
[    0.148803] CPU: All CPU(s) started at EL2
[    0.150075] alternatives: patching kernel code
[    0.155994] devtmpfs: initialized
[    0.163617] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041785100000 ns
[    0.170570] futex hash table entries: 1024 (order: 4, 65536 bytes, linear)
[    0.194282] pinctrl core: initialized pinctrl subsystem
[    0.197368] DMI not present or invalid.
[    0.200798] NET: Registered protocol family 16
[    0.212024] DMA: preallocated 256 KiB pool for atomic allocations
[    0.215321] audit: initializing netlink subsys (disabled)
[    0.220974] audit: type=2000 audit(0.160:1): state=initialized audit_enabled=0 res=1
[    0.228526] cpuidle: using governor menu
[    0.232929] hw-breakpoint: found 6 breakpoint and 4 watchpoint registers.
[    0.240041] Serial: AMBA PL011 UART driver
[    0.243431] imx mu driver is registered.
[    0.247320] imx rpmsg driver is registered.
[    0.256460] imx8mm-pinctrl 30330000.pinctrl: initialized IMX pinctrl driver
[    0.277607] HugeTLB registered 1.00 GiB page size, pre-allocated 0 pages
[    0.281501] HugeTLB registered 32.0 MiB page size, pre-allocated 0 pages
[    0.288221] HugeTLB registered 2.00 MiB page size, pre-allocated 0 pages
[    0.294958] HugeTLB registered 64.0 KiB page size, pre-allocated 0 pages
[    0.302578] cryptd: max_cpu_qlen set to 1000
[    0.308925] ACPI: Interpreter disabled.
[    0.310647] iommu: Default domain type: Translated  
[    0.314984] vgaarb: loaded
[    0.317796] SCSI subsystem initialized
[    0.321638] usbcore: registered new interface driver usbfs
[    0.326821] usbcore: registered new interface driver hub
[    0.332166] usbcore: registered new device driver usb
[    0.338386] mc: Linux media interface: v0.10
[    0.341521] videodev: Linux video capture interface: v2.00
[    0.347069] pps_core: LinuxPPS API ver. 1 registered
[    0.351999] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti@...>
[    0.361194] PTP clock support registered
[    0.365250] EDAC MC: Ver: 3.0.0
[    0.369031] No BMan portals available!
[    0.372241] QMan: Allocated lookup table at (____ptrval____), entry count 65537
[    0.379650] No QMan portals available!
[    0.383528] No USDPAA memory, no 'fsl,usdpaa-mem' in device-tree
[    0.389580] FPGA manager framework
[    0.392665] Advanced Linux Sound Architecture Driver Initialized.
[    0.399103] Bluetooth: Core ver 2.22
[    0.402325] NET: Registered protocol family 31
[    0.406776] Bluetooth: HCI device and connection manager initialized
[    0.413165] Bluetooth: HCI socket layer initialized
[    0.418063] Bluetooth: L2CAP socket layer initialized
[    0.423145] Bluetooth: SCO socket layer initialized
[    0.428729] clocksource: Switched to clocksource arch_sys_counter
[    0.434318] VFS: Disk quotas dquot_6.6.0
[    0.438147] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
[    0.445173] pnp: PnP ACPI: disabled
[    0.454071] thermal_sys: Registered thermal governor 'step_wise'
[    0.454075] thermal_sys: Registered thermal governor 'power_allocator'
[    0.457567] NET: Registered protocol family 2
[    0.468500] tcp_listen_portaddr_hash hash table entries: 1024 (order: 2, 16384 bytes, linear)
[    0.476800] TCP established hash table entries: 16384 (order: 5, 131072 bytes, linear)
[    0.484830] TCP bind hash table entries: 16384 (order: 6, 262144 bytes, linear)
[    0.492297] TCP: Hash tables configured (established 16384 bind 16384)
[    0.498720] UDP hash table entries: 1024 (order: 3, 32768 bytes, linear)
[    0.505415] UDP-Lite hash table entries: 1024 (order: 3, 32768 bytes, linear)
[    0.512695] NET: Registered protocol family 1
[    0.517249] RPC: Registered named UNIX socket transport module.
[    0.522882] RPC: Registered udp transport module.
[    0.527598] RPC: Registered tcp transport module.
[    0.532323] RPC: Registered tcp NFSv4.1 backchannel transport module.
[    0.539172] PCI: CLS 0 bytes, default 64
[    0.543460] hw perfevents: enabled with armv8_pmuv3 PMU driver, 7 counters available
[    0.550860] kvm [1]: IPA Size Limit: 40 bits
[    0.555419] kvm [1]: GICv3: no GICV resource entry
[    0.559628] kvm [1]: disabling GICv2 emulation
[    0.564099] kvm [1]: GIC system register CPU interface enabled
[    0.570004] kvm [1]: vgic interrupt IRQ1
[    0.573975] kvm [1]: Hyp mode initialized successfully
[    0.581824] Initialise system trusted keyrings
[    0.583614] workingset: timestamp_bits=44 max_order=19 bucket_order=0
[    0.595759] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[    0.599368] NFS: Registering the id_resolver key type
[    0.603857] Key type id_resolver registered
[    0.608041] Key type id_legacy registered
[    0.612067] nfs4filelayout_init: NFSv4 File Layout Driver Registering...
[    0.618796] nfs4flexfilelayout_init: NFSv4 Flexfile Layout Driver Registering...
[    0.626246] jffs2: version 2.2. (NAND) �© 2001-2006 Red Hat, Inc.
[    0.632759] 9p: Installing v9fs 9p2000 file system support
[    0.650797] Key type asymmetric registered
[    0.652038] Asymmetric key parser 'x509' registered
[    0.656972] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 244)
[    0.664383] io scheduler mq-deadline registered
[    0.668932] io scheduler kyber registered
[    0.677135] EINJ: ACPI disabled.
[    0.685891] imx-sdma 302c0000.dma-controller: Direct firmware load for imx/sdma/sdma-imx7d.bin failed with error -2
[    0.693543] imx-sdma 302c0000.dma-controller: Falling back to sysfs fallback for: imx/sdma/sdma-imx7d.bin
[    0.710746] mxs-dma 33000000.dma-controller: initialized
[    0.714250] Bus freq driver module loaded
[    0.722266] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
[    0.727674] 30890000.serial: ttymxc1 at MMIO 0x30890000 (irq = 34, base_baud = 1500000) is a IMX
[    0.734595] printk: console [ttymxc1] enabled
[    0.734595] printk: console [ttymxc1] enabled
[    0.743235] printk: bootconsole [ec_imx6q0] disabled
[    0.743235] printk: bootconsole [ec_imx6q0] disabled
[    0.755182] imx-drm soc@0:bus@32c00000:display-subsystem: no available port
[    0.773488] loop: module loaded
[    0.778553] imx ahci driver is registered.
[    0.785346] spi_imx 30830000.spi: probed
[    0.790183] spi-nor spi3.0: n25q256ax1 (32768 Kbytes)
[    0.795277] 7 fixed-partitions partitions found on MTD device 30bb0000.spi
[    0.802157] Creating 7 MTD partitions on "30bb0000.spi":
[    0.807477] 0x000000000000-0x000000200000 : "U-Boot"
[    0.817371] 0x000000200000-0x000000202000 : "U-Boot Env"
[    0.822696] mtd: partition "U-Boot Env" doesn't end on an erase/write block -- force read-only
[    0.833323] 0x000000202000-0x000000204000 : "U-Boot Env 2"
[    0.838819] mtd: partition "U-Boot Env 2" doesn't start on an erase/write block boundary -- force read-only
[    0.853314] 0x000000204000-0x000000205000 : "boot.scr"
[    0.858463] mtd: partition "boot.scr" doesn't start on an erase/write block boundary -- force read-only
[    0.869306] 0x000000205000-0x000000210000 : "Device Tree Blob"
[    0.875150] mtd: partition "Device Tree Blob" doesn't start on an erase/write block boundary -- force read-only
[    0.889320] 0x000000210000-0x000000e10000 : "Compressed Kernel"
[    0.897335] 0x000000e10000-0x000002000000 : "SquashFS"
[    0.906575] libphy: Fixed MDIO Bus: probed
[    0.911375] tun: Universal TUN/TAP device driver, 1.6
[    0.917133] thunder_xcv, ver 1.0
[    0.920386] thunder_bgx, ver 1.0
[    0.923649] nicpf, ver 1.0
[    0.927576] pps pps0: new PPS source ptp0
[    0.944110] libphy: fec_enet_mii_bus: probed
[    0.948923] fec 30be0000.ethernet eth0: registered PHC device 0
[    0.955395] Freescale FM module, FMD API version 21.1.0
[    0.960856] Freescale FM Ports module
[    0.964517] fsl_mac: fsl_mac: FSL FMan MAC API based driver
[    0.970260] fsl_dpa: FSL DPAA Ethernet driver
[    0.974714] fsl_advanced: FSL DPAA Advanced drivers:
[    0.979684] fsl_proxy: FSL DPAA Proxy initialization driver
[    0.985344] fsl_oh: FSL FMan Offline Parsing port driver
[    0.991426] hclge is initializing
[    0.994751] hns3: Hisilicon Ethernet Network Driver for Hip08 Family - version
[    1.001977] hns3: Copyright (c) 2017 Huawei Corporation.
[    1.007347] e1000: Intel(R) PRO/1000 Network Driver - version 7.3.21-k8-NAPI
[    1.014400] e1000: Copyright (c) 1999-2006 Intel Corporation.
[    1.020176] e1000e: Intel(R) PRO/1000 Network Driver - 3.2.6-k
[    1.026012] e1000e: Copyright(c) 1999 - 2015 Intel Corporation.
[    1.031967] igb: Intel(R) Gigabit Ethernet Network Driver - version 5.6.0-k
[    1.038938] igb: Copyright (c) 2007-2014 Intel Corporation.
[    1.044545] igbvf: Intel(R) Gigabit Virtual Function Network Driver - version 2.4.0-k
[    1.052378] igbvf: Copyright (c) 2009 - 2012 Intel Corporation.
[    1.058433] sky2: driver version 1.30
[    1.062933] VFIO - User Level meta-driver version: 0.3
[    1.069701] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[    1.076239] ehci-pci: EHCI PCI platform driver
[    1.080767] ehci-platform: EHCI generic platform driver
[    1.086146] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[    1.092348] ohci-pci: OHCI PCI platform driver
[    1.096826] ohci-platform: OHCI generic platform driver
[    1.102542] usbcore: registered new interface driver usb-storage
[    1.108613] usbcore: registered new interface driver usbserial_generic
[    1.115159] usbserial: USB Serial support registered for generic
[    1.121191] usbcore: registered new interface driver ftdi_sio
[    1.126952] usbserial: USB Serial support registered for FTDI USB Serial Device
[    1.134291] usbcore: registered new interface driver usb_serial_simple
[    1.140836] usbserial: USB Serial support registered for carelink
[    1.146944] usbserial: USB Serial support registered for zio
[    1.152619] usbserial: USB Serial support registered for funsoft
[    1.158641] usbserial: USB Serial support registered for flashloader
[    1.165010] usbserial: USB Serial support registered for google
[    1.170946] usbserial: USB Serial support registered for libtransistor
[    1.177489] usbserial: USB Serial support registered for vivopay
[    1.183513] usbserial: USB Serial support registered for moto_modem
[    1.189801] usbserial: USB Serial support registered for motorola_tetra
[    1.196438] usbserial: USB Serial support registered for novatel_gps
[    1.202809] usbserial: USB Serial support registered for hp4x
[    1.208572] usbserial: USB Serial support registered for suunto
[    1.214508] usbserial: USB Serial support registered for siemens_mpi
[    1.223211] input: 30370000.snvs:snvs-powerkey as /devices/platform/soc@0/soc@0:bus@30000000/30370000.snvs/30370000.snvs:snvs-powerkey/input/input0
[    1.238238] snvs_rtc 30370000.snvs:snvs-rtc-lp: registered as rtc0
[    1.244505] i2c /dev entries driver
[    1.252447] imx2-wdt 30280000.watchdog: timeout 60 sec (nowayout=0)
[    1.258987] Bluetooth: HCI UART driver ver 2.3
[    1.263444] Bluetooth: HCI UART protocol H4 registered
[    1.268589] Bluetooth: HCI UART protocol BCSP registered
[    1.273925] Bluetooth: HCI UART protocol LL registered
[    1.279069] Bluetooth: HCI UART protocol ATH3K registered
[    1.284486] Bluetooth: HCI UART protocol Three-wire (H5) registered
[    1.290836] Bluetooth: HCI UART protocol Broadcom registered
[    1.296520] Bluetooth: HCI UART protocol QCA registered
[    1.303494] sdhci: Secure Digital Host Controller Interface driver
[    1.309687] sdhci: Copyright(c) Pierre Ossman
[    1.314212] Synopsys Designware Multimedia Card Interface Driver
[    1.320736] sdhci-pltfm: SDHCI platform and OF driver helper
[    1.327135] mmc1: CQHCI version 5.10
[    1.331200] mmc2: CQHCI version 5.10
[    1.366866] mmc2: SDHCI controller on 30b60000.mmc [30b60000.mmc] using ADMA
[    1.376165] ledtrig-cpu: registered to indicate activity on CPUs
[    1.383297] caam 30900000.crypto: device ID = 0x0a16040100000000 (Era 9)
[    1.390069] caam 30900000.crypto: job rings = 3, qi = 0
[    1.404678] caam algorithms registered in /proc/crypto
[    1.410556] caam 30900000.crypto: caam pkc algorithms registered in /proc/crypto
[    1.420079] caam_jr 30901000.jr: registering rng-caam
[    1.429895] caam-snvs 30370000.caam-snvs: can't get snvs clock
[    1.435783] caam-snvs 30370000.caam-snvs: violation handlers armed - non-secure state
[    1.444200] usbcore: registered new interface driver usbhid
[    1.449780] usbhid: USB HID core driver
[    1.455330] No fsl,qman node
[    1.458228] Freescale USDPAA process driver
[    1.462416] fsl-usdpaa: no region found
[    1.466254] Freescale USDPAA process IRQ driver
[    1.474284] optee: probing for conduit method from DT.
[    1.479448] optee: revision 3.2 (6a22e6e8)
[    1.480265] optee: dynamic shared memory is enabled
[    1.489481] optee: initialized driver
[    1.495289] mmc2: Command Queue Engine enabled
[    1.496837] wm8524-codec audio-codec: Failed to get mute line: -517
[    1.499792] mmc2: new HS400 Enhanced strobe MMC card at address 0001
[    1.506505] OF: /sound-bt-sco/simple-audio-card,cpu: could not get #sound-dai-cells for /soc@0/bus@30000000/sai@30020000
[    1.513508] mmcblk2: mmc2:0001 DG4016 7.49 GiB  
[    1.523248] asoc-simple-card sound-bt-sco: parse error -22
[    1.523265] asoc-simple-card: probe of sound-bt-sco failed with error -22
[    1.527908] mmcblk2boot0: mmc2:0001 DG4016 partition 1 4.00 MiB
[    1.546163] mmcblk2boot1: mmc2:0001 DG4016 partition 2 4.00 MiB
[    1.547285] pktgen: Packet Generator for packet performance testing. Version: 2.75
[    1.552232] mmcblk2gp0: mmc2:0001 DG4016 partition 4 3.52 GiB
[    1.565904] mmcblk2rpmb: mmc2:0001 DG4016 partition 3 4.00 MiB, chardev (237:0)
[    1.566798] NET: Registered protocol family 26
[    1.578184] NET: Registered protocol family 10
[    1.582998]  mmcblk2: p1 p2
[    1.583960] Segment Routing with IPv6
[    1.589559] NET: Registered protocol family 17
[    1.594201]  mmcblk2gp0: p1 p2
[    1.594430] Bluetooth: RFCOMM TTY layer initialized
[    1.602179] Bluetooth: RFCOMM socket layer initialized
[    1.607335] Bluetooth: RFCOMM ver 1.11
[    1.611099] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
[    1.616414] Bluetooth: BNEP filters: protocol multicast
[    1.621653] Bluetooth: BNEP socket layer initialized
[    1.626623] Bluetooth: HIDP (Human Interface Emulation) ver 1.2
[    1.632549] Bluetooth: HIDP socket layer initialized
[    1.637554] 8021q: 802.1Q VLAN Support v1.8
[    1.641764] lib80211: common routines for IEEE802.11 drivers
[    1.647544] 9pnet: Installing 9P2000 support
[    1.651845] tsn generic netlink module v1 init...
[    1.656632] Key type dns_resolver registered
[    1.661668] registered taskstats version 1
[    1.665794] Loading compiled-in X.509 certificates
[    1.692510] usb_phy_generic usbphynop1: usbphynop1 supply vcc not found, using dummy regulator
[    1.701297] usb_phy_generic usbphynop2: usbphynop2 supply vcc not found, using dummy regulator
[    1.733590] random: fast init done
[    1.738992] LDO6: supplied by regulator-dummy
[    1.743499] i2c i2c-0: IMX I2C adapter registered
[    1.749209] i2c i2c-1: IMX I2C adapter registered
[    1.754765] i2c i2c-2: IMX I2C adapter registered
[    1.760259] i2c i2c-3: IMX I2C adapter registered
[    1.765281] imx-cpufreq-dt imx-cpufreq-dt: cpu speed grade 2 mkt segment 2 supported-hw 0x4 0x4
[    1.777862] mmc1: CQHCI version 5.10
[    1.781506] sdhci-esdhc-imx 30b50000.mmc: Got CD GPIO
[    1.817451] mmc1: SDHCI controller on 30b50000.mmc [30b50000.mmc] using ADMA
[    1.826135] imx8mm-pinctrl 30330000.pinctrl: pin MX8MM_IOMUXC_I2C4_SDA already requested by 30a50000.i2c; cannot claim for audio-codec
[    1.838253] imx8mm-pinctrl 30330000.pinctrl: pin-140 (audio-codec) status -22
[    1.845397] imx8mm-pinctrl 30330000.pinctrl: could not request pin 140 (MX8MM_IOMUXC_I2C4_SDA) from group gpiowlfgrp  on device 30330000.pinctrl
[    1.858357] wm8524-codec audio-codec: Error applying setting, reverse things back
[    1.865856] wm8524-codec: probe of audio-codec failed with error -22
[    1.876549] input: bd718xx-pwrkey as /devices/platform/soc@0/soc@0:bus@30800000/30a20000.i2c/i2c-0/0-004b/gpio-keys.1.auto/input/input1
[    1.890300] snvs_rtc 30370000.snvs:snvs-rtc-lp: setting system clock to 1970-01-01T00:00:00 UTC (0)
[    1.899718] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[    1.911354] cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[    1.917963] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[    1.923612] ALSA device list:
[    1.926586] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[    1.929550]   No soundcards found.
[    1.947317] EXT4-fs (mmcblk2p2): mounted filesystem with ordered data mode. Opts: (null)
[    1.955496] VFS: Mounted root (ext4 filesystem) readonly on device 179:2.
[    1.963119] devtmpfs: mounted
[    1.966900] Freeing unused kernel memory: 2880K
[    1.989378] Run /sbin/init as init process
[    2.059403] audit: type=1404 audit(1.969:2): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=selinux res=1
[    2.199361] SELinux:  Permission watch in class filesystem not defined in policy.
[    2.206919] SELinux:  Permission watch in class file not defined in policy.
[    2.213885] SELinux:  Permission watch_mount in class file not defined in policy.
[    2.221377] SELinux:  Permission watch_sb in class file not defined in policy.
[    2.228601] SELinux:  Permission watch_with_perm in class file not defined in policy.
[    2.236441] SELinux:  Permission watch_reads in class file not defined in policy.
[    2.243935] SELinux:  Permission watch in class dir not defined in policy.
[    2.250819] SELinux:  Permission watch_mount in class dir not defined in policy.
[    2.258216] SELinux:  Permission watch_sb in class dir not defined in policy.
[    2.265361] SELinux:  Permission watch_with_perm in class dir not defined in policy.
[    2.273105] SELinux:  Permission watch_reads in class dir not defined in policy.
[    2.280520] SELinux:  Permission watch in class lnk_file not defined in policy.
[    2.287830] SELinux:  Permission watch_mount in class lnk_file not defined in policy.
[    2.295669] SELinux:  Permission watch_sb in class lnk_file not defined in policy.
[    2.303239] SELinux:  Permission watch_with_perm in class lnk_file not defined in policy.
[    2.311429] SELinux:  Permission watch_reads in class lnk_file not defined in policy.
[    2.319266] SELinux:  Permission watch in class chr_file not defined in policy.
[    2.326585] SELinux:  Permission watch_mount in class chr_file not defined in policy.
[    2.334416] SELinux:  Permission watch_sb in class chr_file not defined in policy.
[    2.341994] SELinux:  Permission watch_with_perm in class chr_file not defined in policy.
[    2.350172] SELinux:  Permission watch_reads in class chr_file not defined in policy.
[    2.358021] SELinux:  Permission watch in class blk_file not defined in policy.
[    2.365332] SELinux:  Permission watch_mount in class blk_file not defined in policy.
[    2.373171] SELinux:  Permission watch_sb in class blk_file not defined in policy.
[    2.380742] SELinux:  Permission watch_with_perm in class blk_file not defined in policy.
[    2.388927] SELinux:  Permission watch_reads in class blk_file not defined in policy.
[    2.396765] SELinux:  Permission watch in class sock_file not defined in policy.
[    2.404171] SELinux:  Permission watch_mount in class sock_file not defined in policy.
[    2.412088] SELinux:  Permission watch_sb in class sock_file not defined in policy.
[    2.419757] SELinux:  Permission watch_with_perm in class sock_file not defined in policy.
[    2.428022] SELinux:  Permission watch_reads in class sock_file not defined in policy.
[    2.435953] SELinux:  Permission watch in class fifo_file not defined in policy.
[    2.443350] SELinux:  Permission watch_mount in class fifo_file not defined in policy.
[    2.451275] SELinux:  Permission watch_sb in class fifo_file not defined in policy.
[    2.458933] SELinux:  Permission watch_with_perm in class fifo_file not defined in policy.
[    2.467206] SELinux:  Permission watch_reads in class fifo_file not defined in policy.
[    2.475450] SELinux: the above unknown classes and permissions will be allowed
[    2.482716] SELinux:  policy capability network_peer_controls=1
[    2.488638] SELinux:  policy capability open_perms=1
[    2.493612] SELinux:  policy capability extended_socket_class=1
[    2.499534] SELinux:  policy capability always_check_network=0
[    2.505375] SELinux:  policy capability cgroup_seclabel=1
[    2.510776] SELinux:  policy capability nnp_nosuid_transition=1
[    2.551944] audit: type=1403 audit(2.461:3): auid=4294967295 ses=4294967295 lsm=selinux res=1
[    2.560140] systemd[1]: Successfully loaded SELinux policy in 501.858ms.
[    2.585453] systemd[1]: System time before build time, advancing clock.
[    2.596311] systemd[1]: Unable to fix SELinux security context of /dev: Operation not permitted
[    2.596451] audit: type=1401 audit(1600598638.004:4): op=security_validate_transition seresult=denied oldcontext=system_u:object_r:device_t:s15:c0.c1023 newcontext=system_u:object_r:device_t:s0 taskcontext=system_u:system_r:kernel_t:s15:c0.c1023 tclassr
[    2.606247] systemd[1]: Failed to mount tmpfs at /dev/shm: No such file or directory
[    2.627743] audit: type=1400 audit(1600598638.016:5): avc:  denied  { create } for  pid=1 comm="systemd" name="shm" scontext=system_u:system_r:kernel_t:s15:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir permissive=0
[    2.637910] systemd[1]: Unable to fix SELinux security context of /run: Operation not permitted
[    2.655581] audit: type=1400 audit(1600598638.044:6): avc:  denied  { create } for  pid=1 comm="systemd" name="pts" scontext=system_u:system_r:kernel_t:s15:c0.c1023 tcontext=system_u:object_r:devpts_t:s0-s15:c0.c1023 tclass=dir permissive=0
[    2.665724] systemd[1]: Unable to fix SELinux security context of /sys/fs/cgroup: Operation not permitted
[    2.685536] audit: type=1401 audit(1600598638.048:7): op=security_validate_transition seresult=denied oldcontext=system_u:object_r:tmpfs_t:s15:c0.c1023 newcontext=system_u:object_r:var_run_t:s0-s15:c0.c1023 taskcontext=system_u:system_r:kernel_t:s15:c0r
[    2.719230] audit: type=1401 audit(1600598638.076:8): op=security_validate_transition seresult=denied oldcontext=system_u:object_r:tmpfs_t:s15:c0.c1023 newcontext=system_u:object_r:cgroup_t:s0 taskcontext=system_u:system_r:kernel_t:s15:c0.c1023 tclass=r
[    2.741846] audit: type=1400 audit(1600598638.108:9): avc:  denied  { create } for  pid=1 comm="systemd" name="bpf" scontext=system_u:system_r:kernel_t:s15:c0.c1023 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir permissive=0
[!!!!!!] Failed to mount API filesystems.
[    2.780814] systemd[1]: Freezing execution.





meta-selinux issues. Depending on what I put in my local.conf, I get boot loops or can't log in.

Brian Hutchinson <b.hutchman@...>
 

Hi,

Pretty new to selinux.  I've worked through a lot of issues to get this far but am stumped at the moment so any pointers, clues are appreciated.

I'm trying to add selinux to my custom image.  After running into problems, I decided it was best to start with building core-image-selinux for my NXP imx8mm-evk board as a reference for getting my custom image to work.

I'm using fscl-community-bsp meta-freescale Dunfell release which is building a 5.4.114 kernel.

My first issues were getting kernel config options right (.config attached).  I kept booting my rootfs and sestatus would result in selinux not being enabled.

After getting kernel config somewhat worked out, then I started getting either boot loops or locked out.

I'll stay focused on my core-image-selinux image as hopefully if I can get it working it will help me get my custom image working too.

Here is my last iteration of my local.conf that results in me not being able to log in.  With core-image-selinux image, it freezes before it gets to login prompt.  On my custom image, I get log in prompt but when I try to log in a root I get audit messages and dropped back to login prompt.

local.conf for core-image-selinux:

MACHINE ??= 'imx8mmevk'
DISTRO ?= 'poky'
PACKAGE_CLASSES ?= 'package_rpm'
EXTRA_IMAGE_FEATURES ?= "debug-tweaks"
DISTRO_FEATURES_remove = " sysvinit"
DISTRO_FEATURES_append += " acl xattr pam selinux systemd"
VIRTUAL-RUNTIME_init_manager = "systemd"
DISTRO_FEATURES_BACKFILL_CONSIDERED = ""
PREFERRED_PROVIDER_virtual/refpolicy ?= "refpolicy-mls"
USER_CLASSES ?= "buildstats image-mklibs image-prelink"
IMAGE_FSTYPES += " tar.bz2 ext4 wic.bz2 wic.bmap"
PATCHRESOLVE = "noop"
BB_DISKMON_DIRS ??= "\
   STOPTASKS,${TMPDIR},1G,100K \
   STOPTASKS,${DL_DIR},1G,100K \
   STOPTASKS,${SSTATE_DIR},1G,100K \
   STOPTASKS,/tmp,100M,100K \
   ABORT,${TMPDIR},100M,1K \
   ABORT,${DL_DIR},100M,1K \
   ABORT,${SSTATE_DIR},100M,1K \
   ABORT,/tmp,10M,1K"
PACKAGECONFIG_append_pn-qemu-system-native = " sdl"
CONF_VERSION = "1"

DL_DIR ?= "${BSPDIR}/downloads/"
ACCEPT_FSL_EULA = "1"

At first I did not have DISTRO_FEATURES_remove = " sysvinit" or any systemd settings.  This is when I started getting boot loops as described here:

The board would boot and I'd get tons of these "/sbin/restorecon: Could not set context for " bla, bla, bla "Read-only file system" messages ... but then I'd get a login prompt and I'd be able to log in as root and run sestatus:

Poky (Yocto Project Reference Distro) 3.1.7 imx8mmevk ttymxc1

imx8mmevk login: root
root@imx8mmevk:~# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             mcs
Current mode:                   permissive
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     requested (insecure)
Max kernel policy version:      31

This is when I paid more attention to the meta-selinux README https://git.yoctoproject.org/cgit/cgit.cgi/meta-selinux/tree/README

... and added the DISTRO_FEATURES_remove = " sysvinit" and other systemd commands to my local.conf above since the "boot loop" link above talked about issues with sysvinit etc.

This left me with a boot that looks like this for my core-image-selinux build ... which locks up:

[    0.000000] Dentry cache hash table entries: 262144 (order: 9, 2097152 bytes, linear)
[    0.000000] Inode-cache hash table entries: 131072 (order: 8, 1048576 bytes, linear)
[    0.000000] mem auto-init: stack:off, heap alloc:off, heap free:off
[    0.000000] Memory: 1336216K/2064384K available (16508K kernel code, 1234K rwdata, 6480K rodata, 2880K init, 1038K bss, 72808K reserved, 655360K cma-reserved)
[    0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=4, Nodes=1
[    0.000000] rcu: Preemptible hierarchical RCU implementation.
[    0.000000] rcu:     RCU restricting CPUs from NR_CPUS=256 to nr_cpu_ids=4.
[    0.000000]  Tasks RCU enabled.
[    0.000000] rcu: RCU calculated value of scheduler-enlistment delay is 25 jiffies.
[    0.000000] rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=4
[    0.000000] NR_IRQS: 64, nr_irqs: 64, preallocated irqs: 0
[    0.000000] GICv3: GIC: Using split EOI/Deactivate mode
[    0.000000] GICv3: 128 SPIs implemented
[    0.000000] GICv3: 0 Extended SPIs implemented
[    0.000000] GICv3: Distributor has no Range Selector support
[    0.000000] GICv3: 16 PPIs implemented
[    0.000000] GICv3: no VLPI support, no direct LPI support
[    0.000000] GICv3: CPU0: found redistributor 0 region 0:0x0000000038880000
[    0.000000] ITS: No ITS available, not enabling LPIs
[    0.000000] random: get_random_bytes called from start_kernel+0x2b8/0x43c with crng_init=0
[    0.000000] arch_timer: cp15 timer(s) running at 8.00MHz (phys).
[    0.000000] clocksource: arch_sys_counter: mask: 0xffffffffffffff max_cycles: 0x1d854df40, max_idle_ns: 440795202120 ns
[    0.000003] sched_clock: 56 bits at 8MHz, resolution 125ns, wraps every 2199023255500ns
[    0.008459] Console: colour dummy device 80x25
[    0.012580] Calibrating delay loop (skipped), value calculated using timer frequency.. 16.00 BogoMIPS (lpj=32000)
[    0.022844] pid_max: default: 32768 minimum: 301
[    0.027543] LSM: Security Framework initializing
[    0.032140] SELinux:  Initializing.
[    0.035681] Mount-cache hash table entries: 4096 (order: 3, 32768 bytes, linear)
[    0.043062] Mountpoint-cache hash table entries: 4096 (order: 3, 32768 bytes, linear)
[    0.052070] ASID allocator initialised with 32768 entries
[    0.056440] rcu: Hierarchical SRCU implementation.
[    0.062118] EFI services will not be available.
[    0.065893] smp: Bringing up secondary CPUs ...
[    0.070649] Detected VIPT I-cache on CPU1
[    0.070672] GICv3: CPU1: found redistributor 1 region 0:0x00000000388a0000
[    0.070703] CPU1: Booted secondary processor 0x0000000001 [0x410fd034]
[    0.071102] Detected VIPT I-cache on CPU2
[    0.071119] GICv3: CPU2: found redistributor 2 region 0:0x00000000388c0000
[    0.071137] CPU2: Booted secondary processor 0x0000000002 [0x410fd034]
[    0.071503] Detected VIPT I-cache on CPU3
[    0.071518] GICv3: CPU3: found redistributor 3 region 0:0x00000000388e0000
[    0.071533] CPU3: Booted secondary processor 0x0000000003 [0x410fd034]
[    0.071584] smp: Brought up 1 node, 4 CPUs
[    0.126889] SMP: Total of 4 processors activated.
[    0.131608] CPU features: detected: 32-bit EL0 Support
[    0.136780] CPU features: detected: CRC32 instructions
[    0.148803] CPU: All CPU(s) started at EL2
[    0.150075] alternatives: patching kernel code
[    0.155994] devtmpfs: initialized
[    0.163617] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041785100000 ns
[    0.170570] futex hash table entries: 1024 (order: 4, 65536 bytes, linear)
[    0.194282] pinctrl core: initialized pinctrl subsystem
[    0.197368] DMI not present or invalid.
[    0.200798] NET: Registered protocol family 16
[    0.212024] DMA: preallocated 256 KiB pool for atomic allocations
[    0.215321] audit: initializing netlink subsys (disabled)
[    0.220974] audit: type=2000 audit(0.160:1): state=initialized audit_enabled=0 res=1
[    0.228526] cpuidle: using governor menu
[    0.232929] hw-breakpoint: found 6 breakpoint and 4 watchpoint registers.
[    0.240041] Serial: AMBA PL011 UART driver
[    0.243431] imx mu driver is registered.
[    0.247320] imx rpmsg driver is registered.
[    0.256460] imx8mm-pinctrl 30330000.pinctrl: initialized IMX pinctrl driver
[    0.277607] HugeTLB registered 1.00 GiB page size, pre-allocated 0 pages
[    0.281501] HugeTLB registered 32.0 MiB page size, pre-allocated 0 pages
[    0.288221] HugeTLB registered 2.00 MiB page size, pre-allocated 0 pages
[    0.294958] HugeTLB registered 64.0 KiB page size, pre-allocated 0 pages
[    0.302578] cryptd: max_cpu_qlen set to 1000
[    0.308925] ACPI: Interpreter disabled.
[    0.310647] iommu: Default domain type: Translated  
[    0.314984] vgaarb: loaded
[    0.317796] SCSI subsystem initialized
[    0.321638] usbcore: registered new interface driver usbfs
[    0.326821] usbcore: registered new interface driver hub
[    0.332166] usbcore: registered new device driver usb
[    0.338386] mc: Linux media interface: v0.10
[    0.341521] videodev: Linux video capture interface: v2.00
[    0.347069] pps_core: LinuxPPS API ver. 1 registered
[    0.351999] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti@...>
[    0.361194] PTP clock support registered
[    0.365250] EDAC MC: Ver: 3.0.0
[    0.369031] No BMan portals available!
[    0.372241] QMan: Allocated lookup table at (____ptrval____), entry count 65537
[    0.379650] No QMan portals available!
[    0.383528] No USDPAA memory, no 'fsl,usdpaa-mem' in device-tree
[    0.389580] FPGA manager framework
[    0.392665] Advanced Linux Sound Architecture Driver Initialized.
[    0.399103] Bluetooth: Core ver 2.22
[    0.402325] NET: Registered protocol family 31
[    0.406776] Bluetooth: HCI device and connection manager initialized
[    0.413165] Bluetooth: HCI socket layer initialized
[    0.418063] Bluetooth: L2CAP socket layer initialized
[    0.423145] Bluetooth: SCO socket layer initialized
[    0.428729] clocksource: Switched to clocksource arch_sys_counter
[    0.434318] VFS: Disk quotas dquot_6.6.0
[    0.438147] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
[    0.445173] pnp: PnP ACPI: disabled
[    0.454071] thermal_sys: Registered thermal governor 'step_wise'
[    0.454075] thermal_sys: Registered thermal governor 'power_allocator'
[    0.457567] NET: Registered protocol family 2
[    0.468500] tcp_listen_portaddr_hash hash table entries: 1024 (order: 2, 16384 bytes, linear)
[    0.476800] TCP established hash table entries: 16384 (order: 5, 131072 bytes, linear)
[    0.484830] TCP bind hash table entries: 16384 (order: 6, 262144 bytes, linear)
[    0.492297] TCP: Hash tables configured (established 16384 bind 16384)
[    0.498720] UDP hash table entries: 1024 (order: 3, 32768 bytes, linear)
[    0.505415] UDP-Lite hash table entries: 1024 (order: 3, 32768 bytes, linear)
[    0.512695] NET: Registered protocol family 1
[    0.517249] RPC: Registered named UNIX socket transport module.
[    0.522882] RPC: Registered udp transport module.
[    0.527598] RPC: Registered tcp transport module.
[    0.532323] RPC: Registered tcp NFSv4.1 backchannel transport module.
[    0.539172] PCI: CLS 0 bytes, default 64
[    0.543460] hw perfevents: enabled with armv8_pmuv3 PMU driver, 7 counters available
[    0.550860] kvm [1]: IPA Size Limit: 40 bits
[    0.555419] kvm [1]: GICv3: no GICV resource entry
[    0.559628] kvm [1]: disabling GICv2 emulation
[    0.564099] kvm [1]: GIC system register CPU interface enabled
[    0.570004] kvm [1]: vgic interrupt IRQ1
[    0.573975] kvm [1]: Hyp mode initialized successfully
[    0.581824] Initialise system trusted keyrings
[    0.583614] workingset: timestamp_bits=44 max_order=19 bucket_order=0
[    0.595759] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[    0.599368] NFS: Registering the id_resolver key type
[    0.603857] Key type id_resolver registered
[    0.608041] Key type id_legacy registered
[    0.612067] nfs4filelayout_init: NFSv4 File Layout Driver Registering...
[    0.618796] nfs4flexfilelayout_init: NFSv4 Flexfile Layout Driver Registering...
[    0.626246] jffs2: version 2.2. (NAND) �© 2001-2006 Red Hat, Inc.
[    0.632759] 9p: Installing v9fs 9p2000 file system support
[    0.650797] Key type asymmetric registered
[    0.652038] Asymmetric key parser 'x509' registered
[    0.656972] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 244)
[    0.664383] io scheduler mq-deadline registered
[    0.668932] io scheduler kyber registered
[    0.677135] EINJ: ACPI disabled.
[    0.685891] imx-sdma 302c0000.dma-controller: Direct firmware load for imx/sdma/sdma-imx7d.bin failed with error -2
[    0.693543] imx-sdma 302c0000.dma-controller: Falling back to sysfs fallback for: imx/sdma/sdma-imx7d.bin
[    0.710746] mxs-dma 33000000.dma-controller: initialized
[    0.714250] Bus freq driver module loaded
[    0.722266] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
[    0.727674] 30890000.serial: ttymxc1 at MMIO 0x30890000 (irq = 34, base_baud = 1500000) is a IMX
[    0.734595] printk: console [ttymxc1] enabled
[    0.734595] printk: console [ttymxc1] enabled
[    0.743235] printk: bootconsole [ec_imx6q0] disabled
[    0.743235] printk: bootconsole [ec_imx6q0] disabled
[    0.755182] imx-drm soc@0:bus@32c00000:display-subsystem: no available port
[    0.773488] loop: module loaded
[    0.778553] imx ahci driver is registered.
[    0.785346] spi_imx 30830000.spi: probed
[    0.790183] spi-nor spi3.0: n25q256ax1 (32768 Kbytes)
[    0.795277] 7 fixed-partitions partitions found on MTD device 30bb0000.spi
[    0.802157] Creating 7 MTD partitions on "30bb0000.spi":
[    0.807477] 0x000000000000-0x000000200000 : "U-Boot"
[    0.817371] 0x000000200000-0x000000202000 : "U-Boot Env"
[    0.822696] mtd: partition "U-Boot Env" doesn't end on an erase/write block -- force read-only
[    0.833323] 0x000000202000-0x000000204000 : "U-Boot Env 2"
[    0.838819] mtd: partition "U-Boot Env 2" doesn't start on an erase/write block boundary -- force read-only
[    0.853314] 0x000000204000-0x000000205000 : "boot.scr"
[    0.858463] mtd: partition "boot.scr" doesn't start on an erase/write block boundary -- force read-only
[    0.869306] 0x000000205000-0x000000210000 : "Device Tree Blob"
[    0.875150] mtd: partition "Device Tree Blob" doesn't start on an erase/write block boundary -- force read-only
[    0.889320] 0x000000210000-0x000000e10000 : "Compressed Kernel"
[    0.897335] 0x000000e10000-0x000002000000 : "SquashFS"
[    0.906575] libphy: Fixed MDIO Bus: probed
[    0.911375] tun: Universal TUN/TAP device driver, 1.6
[    0.917133] thunder_xcv, ver 1.0
[    0.920386] thunder_bgx, ver 1.0
[    0.923649] nicpf, ver 1.0
[    0.927576] pps pps0: new PPS source ptp0
[    0.944110] libphy: fec_enet_mii_bus: probed
[    0.948923] fec 30be0000.ethernet eth0: registered PHC device 0
[    0.955395] Freescale FM module, FMD API version 21.1.0
[    0.960856] Freescale FM Ports module
[    0.964517] fsl_mac: fsl_mac: FSL FMan MAC API based driver
[    0.970260] fsl_dpa: FSL DPAA Ethernet driver
[    0.974714] fsl_advanced: FSL DPAA Advanced drivers:
[    0.979684] fsl_proxy: FSL DPAA Proxy initialization driver
[    0.985344] fsl_oh: FSL FMan Offline Parsing port driver
[    0.991426] hclge is initializing
[    0.994751] hns3: Hisilicon Ethernet Network Driver for Hip08 Family - version
[    1.001977] hns3: Copyright (c) 2017 Huawei Corporation.
[    1.007347] e1000: Intel(R) PRO/1000 Network Driver - version 7.3.21-k8-NAPI
[    1.014400] e1000: Copyright (c) 1999-2006 Intel Corporation.
[    1.020176] e1000e: Intel(R) PRO/1000 Network Driver - 3.2.6-k
[    1.026012] e1000e: Copyright(c) 1999 - 2015 Intel Corporation.
[    1.031967] igb: Intel(R) Gigabit Ethernet Network Driver - version 5.6.0-k
[    1.038938] igb: Copyright (c) 2007-2014 Intel Corporation.
[    1.044545] igbvf: Intel(R) Gigabit Virtual Function Network Driver - version 2.4.0-k
[    1.052378] igbvf: Copyright (c) 2009 - 2012 Intel Corporation.
[    1.058433] sky2: driver version 1.30
[    1.062933] VFIO - User Level meta-driver version: 0.3
[    1.069701] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[    1.076239] ehci-pci: EHCI PCI platform driver
[    1.080767] ehci-platform: EHCI generic platform driver
[    1.086146] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[    1.092348] ohci-pci: OHCI PCI platform driver
[    1.096826] ohci-platform: OHCI generic platform driver
[    1.102542] usbcore: registered new interface driver usb-storage
[    1.108613] usbcore: registered new interface driver usbserial_generic
[    1.115159] usbserial: USB Serial support registered for generic
[    1.121191] usbcore: registered new interface driver ftdi_sio
[    1.126952] usbserial: USB Serial support registered for FTDI USB Serial Device
[    1.134291] usbcore: registered new interface driver usb_serial_simple
[    1.140836] usbserial: USB Serial support registered for carelink
[    1.146944] usbserial: USB Serial support registered for zio
[    1.152619] usbserial: USB Serial support registered for funsoft
[    1.158641] usbserial: USB Serial support registered for flashloader
[    1.165010] usbserial: USB Serial support registered for google
[    1.170946] usbserial: USB Serial support registered for libtransistor
[    1.177489] usbserial: USB Serial support registered for vivopay
[    1.183513] usbserial: USB Serial support registered for moto_modem
[    1.189801] usbserial: USB Serial support registered for motorola_tetra
[    1.196438] usbserial: USB Serial support registered for novatel_gps
[    1.202809] usbserial: USB Serial support registered for hp4x
[    1.208572] usbserial: USB Serial support registered for suunto
[    1.214508] usbserial: USB Serial support registered for siemens_mpi
[    1.223211] input: 30370000.snvs:snvs-powerkey as /devices/platform/soc@0/soc@0:bus@30000000/30370000.snvs/30370000.snvs:snvs-powerkey/input/input0
[    1.238238] snvs_rtc 30370000.snvs:snvs-rtc-lp: registered as rtc0
[    1.244505] i2c /dev entries driver
[    1.252447] imx2-wdt 30280000.watchdog: timeout 60 sec (nowayout=0)
[    1.258987] Bluetooth: HCI UART driver ver 2.3
[    1.263444] Bluetooth: HCI UART protocol H4 registered
[    1.268589] Bluetooth: HCI UART protocol BCSP registered
[    1.273925] Bluetooth: HCI UART protocol LL registered
[    1.279069] Bluetooth: HCI UART protocol ATH3K registered
[    1.284486] Bluetooth: HCI UART protocol Three-wire (H5) registered
[    1.290836] Bluetooth: HCI UART protocol Broadcom registered
[    1.296520] Bluetooth: HCI UART protocol QCA registered
[    1.303494] sdhci: Secure Digital Host Controller Interface driver
[    1.309687] sdhci: Copyright(c) Pierre Ossman
[    1.314212] Synopsys Designware Multimedia Card Interface Driver
[    1.320736] sdhci-pltfm: SDHCI platform and OF driver helper
[    1.327135] mmc1: CQHCI version 5.10
[    1.331200] mmc2: CQHCI version 5.10
[    1.366866] mmc2: SDHCI controller on 30b60000.mmc [30b60000.mmc] using ADMA
[    1.376165] ledtrig-cpu: registered to indicate activity on CPUs
[    1.383297] caam 30900000.crypto: device ID = 0x0a16040100000000 (Era 9)
[    1.390069] caam 30900000.crypto: job rings = 3, qi = 0
[    1.404678] caam algorithms registered in /proc/crypto
[    1.410556] caam 30900000.crypto: caam pkc algorithms registered in /proc/crypto
[    1.420079] caam_jr 30901000.jr: registering rng-caam
[    1.429895] caam-snvs 30370000.caam-snvs: can't get snvs clock
[    1.435783] caam-snvs 30370000.caam-snvs: violation handlers armed - non-secure state
[    1.444200] usbcore: registered new interface driver usbhid
[    1.449780] usbhid: USB HID core driver
[    1.455330] No fsl,qman node
[    1.458228] Freescale USDPAA process driver
[    1.462416] fsl-usdpaa: no region found
[    1.466254] Freescale USDPAA process IRQ driver
[    1.474284] optee: probing for conduit method from DT.
[    1.479448] optee: revision 3.2 (6a22e6e8)
[    1.480265] optee: dynamic shared memory is enabled
[    1.489481] optee: initialized driver
[    1.495289] mmc2: Command Queue Engine enabled
[    1.496837] wm8524-codec audio-codec: Failed to get mute line: -517
[    1.499792] mmc2: new HS400 Enhanced strobe MMC card at address 0001
[    1.506505] OF: /sound-bt-sco/simple-audio-card,cpu: could not get #sound-dai-cells for /soc@0/bus@30000000/sai@30020000
[    1.513508] mmcblk2: mmc2:0001 DG4016 7.49 GiB  
[    1.523248] asoc-simple-card sound-bt-sco: parse error -22
[    1.523265] asoc-simple-card: probe of sound-bt-sco failed with error -22
[    1.527908] mmcblk2boot0: mmc2:0001 DG4016 partition 1 4.00 MiB
[    1.546163] mmcblk2boot1: mmc2:0001 DG4016 partition 2 4.00 MiB
[    1.547285] pktgen: Packet Generator for packet performance testing. Version: 2.75
[    1.552232] mmcblk2gp0: mmc2:0001 DG4016 partition 4 3.52 GiB
[    1.565904] mmcblk2rpmb: mmc2:0001 DG4016 partition 3 4.00 MiB, chardev (237:0)
[    1.566798] NET: Registered protocol family 26
[    1.578184] NET: Registered protocol family 10
[    1.582998]  mmcblk2: p1 p2
[    1.583960] Segment Routing with IPv6
[    1.589559] NET: Registered protocol family 17
[    1.594201]  mmcblk2gp0: p1 p2
[    1.594430] Bluetooth: RFCOMM TTY layer initialized
[    1.602179] Bluetooth: RFCOMM socket layer initialized
[    1.607335] Bluetooth: RFCOMM ver 1.11
[    1.611099] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
[    1.616414] Bluetooth: BNEP filters: protocol multicast
[    1.621653] Bluetooth: BNEP socket layer initialized
[    1.626623] Bluetooth: HIDP (Human Interface Emulation) ver 1.2
[    1.632549] Bluetooth: HIDP socket layer initialized
[    1.637554] 8021q: 802.1Q VLAN Support v1.8
[    1.641764] lib80211: common routines for IEEE802.11 drivers
[    1.647544] 9pnet: Installing 9P2000 support
[    1.651845] tsn generic netlink module v1 init...
[    1.656632] Key type dns_resolver registered
[    1.661668] registered taskstats version 1
[    1.665794] Loading compiled-in X.509 certificates
[    1.692510] usb_phy_generic usbphynop1: usbphynop1 supply vcc not found, using dummy regulator
[    1.701297] usb_phy_generic usbphynop2: usbphynop2 supply vcc not found, using dummy regulator
[    1.733590] random: fast init done
[    1.738992] LDO6: supplied by regulator-dummy
[    1.743499] i2c i2c-0: IMX I2C adapter registered
[    1.749209] i2c i2c-1: IMX I2C adapter registered
[    1.754765] i2c i2c-2: IMX I2C adapter registered
[    1.760259] i2c i2c-3: IMX I2C adapter registered
[    1.765281] imx-cpufreq-dt imx-cpufreq-dt: cpu speed grade 2 mkt segment 2 supported-hw 0x4 0x4
[    1.777862] mmc1: CQHCI version 5.10
[    1.781506] sdhci-esdhc-imx 30b50000.mmc: Got CD GPIO
[    1.817451] mmc1: SDHCI controller on 30b50000.mmc [30b50000.mmc] using ADMA
[    1.826135] imx8mm-pinctrl 30330000.pinctrl: pin MX8MM_IOMUXC_I2C4_SDA already requested by 30a50000.i2c; cannot claim for audio-codec
[    1.838253] imx8mm-pinctrl 30330000.pinctrl: pin-140 (audio-codec) status -22
[    1.845397] imx8mm-pinctrl 30330000.pinctrl: could not request pin 140 (MX8MM_IOMUXC_I2C4_SDA) from group gpiowlfgrp  on device 30330000.pinctrl
[    1.858357] wm8524-codec audio-codec: Error applying setting, reverse things back
[    1.865856] wm8524-codec: probe of audio-codec failed with error -22
[    1.876549] input: bd718xx-pwrkey as /devices/platform/soc@0/soc@0:bus@30800000/30a20000.i2c/i2c-0/0-004b/gpio-keys.1.auto/input/input1
[    1.890300] snvs_rtc 30370000.snvs:snvs-rtc-lp: setting system clock to 1970-01-01T00:00:00 UTC (0)
[    1.899718] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[    1.911354] cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[    1.917963] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[    1.923612] ALSA device list:
[    1.926586] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[    1.929550]   No soundcards found.
[    1.947317] EXT4-fs (mmcblk2p2): mounted filesystem with ordered data mode. Opts: (null)
[    1.955496] VFS: Mounted root (ext4 filesystem) readonly on device 179:2.
[    1.963119] devtmpfs: mounted
[    1.966900] Freeing unused kernel memory: 2880K
[    1.989378] Run /sbin/init as init process
[    2.059403] audit: type=1404 audit(1.969:2): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=selinux res=1
[    2.199361] SELinux:  Permission watch in class filesystem not defined in policy.
[    2.206919] SELinux:  Permission watch in class file not defined in policy.
[    2.213885] SELinux:  Permission watch_mount in class file not defined in policy.
[    2.221377] SELinux:  Permission watch_sb in class file not defined in policy.
[    2.228601] SELinux:  Permission watch_with_perm in class file not defined in policy.
[    2.236441] SELinux:  Permission watch_reads in class file not defined in policy.
[    2.243935] SELinux:  Permission watch in class dir not defined in policy.
[    2.250819] SELinux:  Permission watch_mount in class dir not defined in policy.
[    2.258216] SELinux:  Permission watch_sb in class dir not defined in policy.
[    2.265361] SELinux:  Permission watch_with_perm in class dir not defined in policy.
[    2.273105] SELinux:  Permission watch_reads in class dir not defined in policy.
[    2.280520] SELinux:  Permission watch in class lnk_file not defined in policy.
[    2.287830] SELinux:  Permission watch_mount in class lnk_file not defined in policy.
[    2.295669] SELinux:  Permission watch_sb in class lnk_file not defined in policy.
[    2.303239] SELinux:  Permission watch_with_perm in class lnk_file not defined in policy.
[    2.311429] SELinux:  Permission watch_reads in class lnk_file not defined in policy.
[    2.319266] SELinux:  Permission watch in class chr_file not defined in policy.
[    2.326585] SELinux:  Permission watch_mount in class chr_file not defined in policy.
[    2.334416] SELinux:  Permission watch_sb in class chr_file not defined in policy.
[    2.341994] SELinux:  Permission watch_with_perm in class chr_file not defined in policy.
[    2.350172] SELinux:  Permission watch_reads in class chr_file not defined in policy.
[    2.358021] SELinux:  Permission watch in class blk_file not defined in policy.
[    2.365332] SELinux:  Permission watch_mount in class blk_file not defined in policy.
[    2.373171] SELinux:  Permission watch_sb in class blk_file not defined in policy.
[    2.380742] SELinux:  Permission watch_with_perm in class blk_file not defined in policy.
[    2.388927] SELinux:  Permission watch_reads in class blk_file not defined in policy.
[    2.396765] SELinux:  Permission watch in class sock_file not defined in policy.
[    2.404171] SELinux:  Permission watch_mount in class sock_file not defined in policy.
[    2.412088] SELinux:  Permission watch_sb in class sock_file not defined in policy.
[    2.419757] SELinux:  Permission watch_with_perm in class sock_file not defined in policy.
[    2.428022] SELinux:  Permission watch_reads in class sock_file not defined in policy.
[    2.435953] SELinux:  Permission watch in class fifo_file not defined in policy.
[    2.443350] SELinux:  Permission watch_mount in class fifo_file not defined in policy.
[    2.451275] SELinux:  Permission watch_sb in class fifo_file not defined in policy.
[    2.458933] SELinux:  Permission watch_with_perm in class fifo_file not defined in policy.
[    2.467206] SELinux:  Permission watch_reads in class fifo_file not defined in policy.
[    2.475450] SELinux: the above unknown classes and permissions will be allowed
[    2.482716] SELinux:  policy capability network_peer_controls=1
[    2.488638] SELinux:  policy capability open_perms=1
[    2.493612] SELinux:  policy capability extended_socket_class=1
[    2.499534] SELinux:  policy capability always_check_network=0
[    2.505375] SELinux:  policy capability cgroup_seclabel=1
[    2.510776] SELinux:  policy capability nnp_nosuid_transition=1
[    2.551944] audit: type=1403 audit(2.461:3): auid=4294967295 ses=4294967295 lsm=selinux res=1
[    2.560140] systemd[1]: Successfully loaded SELinux policy in 501.858ms.
[    2.585453] systemd[1]: System time before build time, advancing clock.
[    2.596311] systemd[1]: Unable to fix SELinux security context of /dev: Operation not permitted
[    2.596451] audit: type=1401 audit(1600598638.004:4): op=security_validate_transition seresult=denied oldcontext=system_u:object_r:device_t:s15:c0.c1023 newcontext=system_u:object_r:device_t:s0 taskcontext=system_u:system_r:kernel_t:s15:c0.c1023 tclassr
[    2.606247] systemd[1]: Failed to mount tmpfs at /dev/shm: No such file or directory
[    2.627743] audit: type=1400 audit(1600598638.016:5): avc:  denied  { create } for  pid=1 comm="systemd" name="shm" scontext=system_u:system_r:kernel_t:s15:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir permissive=0
[    2.637910] systemd[1]: Unable to fix SELinux security context of /run: Operation not permitted
[    2.655581] audit: type=1400 audit(1600598638.044:6): avc:  denied  { create } for  pid=1 comm="systemd" name="pts" scontext=system_u:system_r:kernel_t:s15:c0.c1023 tcontext=system_u:object_r:devpts_t:s0-s15:c0.c1023 tclass=dir permissive=0
[    2.665724] systemd[1]: Unable to fix SELinux security context of /sys/fs/cgroup: Operation not permitted
[    2.685536] audit: type=1401 audit(1600598638.048:7): op=security_validate_transition seresult=denied oldcontext=system_u:object_r:tmpfs_t:s15:c0.c1023 newcontext=system_u:object_r:var_run_t:s0-s15:c0.c1023 taskcontext=system_u:system_r:kernel_t:s15:c0r
[    2.719230] audit: type=1401 audit(1600598638.076:8): op=security_validate_transition seresult=denied oldcontext=system_u:object_r:tmpfs_t:s15:c0.c1023 newcontext=system_u:object_r:cgroup_t:s0 taskcontext=system_u:system_r:kernel_t:s15:c0.c1023 tclass=r
[    2.741846] audit: type=1400 audit(1600598638.108:9): avc:  denied  { create } for  pid=1 comm="systemd" name="bpf" scontext=system_u:system_r:kernel_t:s15:c0.c1023 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir permissive=0
[!!!!!!] Failed to mount API filesystems.
[    2.780814] systemd[1]: Freezing execution.


Layer list's certificate expired

Andreas Müller
 

Hi,

On opening OE-layers browsers complain that certificate has expired
yesterday 13.th of May. Just wanted to let you know.

Cheers,

Andreas


Yocto Technical Team Minutes, Engineering Sync, for May 11, 2021

Trevor Woerner
 

Yocto Technical Team Minutes, Engineering Sync, for May 11, 2021
archive: https://docs.google.com/document/d/1ly8nyhO14kDNnFcW2QskANXW3ZT7QwKC5wWVDg9dDH4/edit

== announcements ==
The upcoming Yocto Project Summit is taking place May 25-26 2021
details: https://www.yoctoproject.org/yocto-project-virtual-summit-2021/
registration: https://www.cvent.com/d/yjq4dr/4W?ct=868bfddd-ca91-46bb-aaa5-62d2b61b2501

== disclaimer ==
Best efforts are made to ensure the below is accurate and valid. However,
errors sometimes happen. If any errors or omissions are found, please feel
free to reply to this email with any corrections.

== attendees ==
Trevor Woerner, Stephen Jolley, Armin Kuster, Scott Murray, Joshua Watt,
Randy MacLeod, Bruce Ashfield, Tony Tascioglu (WR intern), Trevor Gamblin,
Steve Sakoman, Alexander Belloni, Michael Halstead, Paul Barker, Ross
Burton, Tim Orling, Saul Wold, Jere Viikari, Alejandro H

== notes ==
- 3.2.4 in QA, out in a couple days (this will be the final 3.2 release,
aka gatesgarth)
- significant patches going into master, lots of version updates (thanks
AlexK)
- multiconfig changes in bitbake cause challenges
- some CVEs showed up that could use help
- smp for various qemu machines added/enabled
- should we consider a different default qemu emulation (for arm?)
- serial IRQ handling issues with qemu-ppc
- gnome switched from gtk to ??

== general ==
AlexB: I’ve been looking into some of the intermittent AB issues, i believe
a couple of them can be closed now. there appear to be a lot of duplicates
(same issue, different manifestations)
Randy: good to hear, how many issues?
AlexB: we can look at them in the bug triage meeting. i’m guessing it’s
getting better. there are very few that happen regularly, and many others
happen only once. maybe 4 or 5 race conditions that are infrequent. the
improtant ones are qemu not working properly and the io load issue(s).
i’d like to get some graphs to visualize. there are issues related to
running out of memory, so maybe the solution is to not run so many things
at once
Randy: we used to use top to analyse what’s going on, but it’s tedious.
instead we can look at the tail of the cooker log that gives more
information, but is missing the total view of what’s going on at a given
time slice. we need a list of bitbake tasks and where to find their cooker
logs. once we have that the next step is to figure out who is doing all
the I/O. we’ve been looking at a tool called iotop, but i don’t think
that’s what we want.
RP: iotop is probably what we want, but requires root priv


RP: x86 cpu machine arguments in qemu
RP: i think all these RCU stalls we’re seeing is due to the cpu emulation
we’re using (which is very old) when we enabled SMP it caused everything
to fall over the edge and fail everywhere. maybe the qemu process is
locked up, rather than the system being overloaded
Randy: interesting theory
RP: i have a patch in master-next to upgrade to ivy-bridge qemu emulation. i
guess we’ll see what happens
AlexB: i don’t think it’ll solve all issues. we’ve seen RCU stalls on
other qemu machines, not just x86 (mips, arm64, arm)
RP: i thought it was just x86
AlexB: i have the list, i can confirm that we’ve seen rcu stalls on qemuarm
at least
RP: maybe there’s a pattern where the logs stop, then we get the rcu stall
kicking in. it could be we have 2 issues which are interfering with each
other. i’m not ready to give up on the theory yet
AlexB: it’s probably still useful to do regardless
RP: yes, i think we need to do it anyway. it won’t solve the ptest failures
on qemuarm, for example, but might help with others
Ross: the qemu person i talked with said that on a heavily loaded
system you'd expect some level of rcu stalls
RP: but should rcu stalls take out qemu?
Bruce: it should recover
AlexB: i’m not sure that’s a kernel thing that would kill it
JPEW: is it possible that because there’s too many rcu stalls that we end up
running out of memory
Bruce: we could turn rcu off and see if it recovers
RP: we should check if it recovers, or if it’s hanging. there might be 2
patterns here. this morning there was a lockup but there was no stack
trace
JPEW: is there a way to force the kernel to process all rcu’s?
??: i think that’s what it’s doing
AlexB: it’s the rcu stall detection. the cpu has been stalled for too long.
it’s not an issue with rcu itself, it’s just that rcu is what’s
noticed that the cpu has stopped responding
Randy: so ideally it would be nice to detect this ourselves and shed load
before the stalls happen
JPEW: tweak stall detection time?
??: takes about 80 seconds
AlexB: 20 seconds i think
JPEW: 21 seconds, according to docs. looks like it can be set on kernel
cmdline
Randy: heavily loaded system for cpu and io, tweaking the params isn’t going
to fix the issue
RP: it might help guide the debugging, might get more info turning on smp


Randy: been talking with TrevorG about job server. might get started next week


Randy: Saul are you getting back to qemu machine protocol
Saul: looking at it
Randy: how do you test it
Saul: don’t have a strong hold on it yet
RP: there is a hanging qemu on the AB, and it should have had the qmp patches
applied. so in theory there’s one there that we might be able to
interrogate
Saul: could you point me at it again?
RP: qemu-x86-64 on the AB, it should still be running


TW: topic ideas for OEDVM
PaulB: is there a way to just join the developer’s meeting without attending
the whole conference?


Armin: lgtm.com bitbake/yp is listed there. i sent in some patches to improve
the metrics
Armin: see https://lgtm.com/projects/g/openembedded/bitbake?mode=list
Armin: 31 errors, 80 warnings, 234 recommendations (currently)
ScottM: maybe we could do a checkpatch type thing for python linting
Armin: there is an integration with github, but requires corporate github
AlexB: should we open newcomer bugs?
Armin: we could, it tells you exactly where the problem is and what to do
ScottM: we don’t have tests, so fixes could end up breaking more things
AlexB: maybe we need test cases for bitbake/toaster/etc


Randy: our build quality is amazing! currently 0.2% build failures (mostly
running out of memory)


Re: Yocto with xtensa

Khem Raj
 

On 5/12/21 11:45 PM, Jack Daniels wrote:
Hello Khem,
Thank you for the information.
Is it about adding support for the xtensa build system (toolchain)? Is it work for heterogeneous SoC (CPU/ARM + DSP/xtensa) as well?
I can think of few ways

build your Xtensa firmware outside yocto and let yocto package it via recipes for prebuilts and build ARM system with yocto should work well

second option is to integrate Xtensa support into OE and then use multiconfig feature to build firmware for heterogenous systems.
this will be preferred and forward looking for future but it will be
more work

Thank you.
BR/J
On Thu, May 13, 2021 at 1:07 AM Khem Raj <raj.khem@gmail.com <mailto:raj.khem@gmail.com>> wrote:
Hello Jack,
I think we do not have support for Xtensa architecture working out of
box upstream. Although it should be possible to add it with little
effort, but no one has spun patches to do so
thus far.
Thanks
-Khem
On Wed, May 12, 2021 at 1:29 PM Jack Daniels <onyx22574@gmail.com
<mailto:onyx22574@gmail.com>> wrote:
>
> Dears,
>
> I am looking for a way to include sample code for DSP (xtensa)
with Yocto/Linux. what would be the procedure to include such a code
and eventually interprocessor communication between xtensa core and
CPU under Yocto/Linux?
>
> Thank you.
> BR/J
>
>
>


Re: [meta-zephyr][PATCH 1/1] zephyr-qemuboot.bbclass: Fix runqemu dependency on qemu native sysroot

Andrei Gherzan
 

Hi Ross,

On Thu, 13 May 2021, at 13:37, Andrei Gherzan wrote:
Hi,

On Thu, 13 May 2021, at 13:14, Ross Burton wrote:
> Debugged, the patch is broken.

> Using a little tool I have:

> Task qemu-system-native-5.2.0-r0:do_addto_recipe_sysroot failed
> Active tasks are:
>  virglrenderer-native-0.9.1-r0:do_rm_work
>  binutils-cross-arm-2.36.1-r0:do_patch
>  qemu-system-native-5.2.0-r0:do_addto_recipe_sysroot
>  qemu-system-native-5.2.0-r0:do_rm_work
>  libepoxy-native-1.5.5-r0:do_rm_work
>  gcc-source-11.1.0-11.1.0-r0:do_unpack

> Note how qemu is simultaneously adding itself to the sysroot, whilst
> rm_work is running and deleting the sysroot.

> This patch isn't compatible with rm_work and should be reverted.


I'll look into it.



-- 
Andrei Gherzan 
gpg: rsa4096/D4D94F67AD0E9640


[meta-zephyr][PATCH 2/2] zephyr-qemuboot.bbclass: Remove dependency on qemu-system-native

Andrei Gherzan
 

From: Andrei Gherzan <andrei.gherzan@huawei.com>

runqemu only really needs the sysroot for qemu-helper-native. Pulling
other qemu dependency would get into a racing issue with rm_work. That
can also be fixed by tweaking the do_addto_recipe_sysroot order in
oe-core for qemu-system-native but that is just not needed for this
specific dependency requirement.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
---
classes/zephyr-qemuboot.bbclass | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/classes/zephyr-qemuboot.bbclass b/classes/zephyr-qemuboot.bbclass
index f508b45..c268e9e 100644
--- a/classes/zephyr-qemuboot.bbclass
+++ b/classes/zephyr-qemuboot.bbclass
@@ -36,19 +36,18 @@ python do_bootconf_write() {

addtask do_bootconf_write before do_build after do_deploy

-# The runqemu script requires the native sysroot populated for the qemu
-# recipes. Usually, this is pulled in by a do_image dependency (see
-# baremetal-helloworld_git, for example), but in this case, there is no such
-# task, so we hook in the dependency to do_bootconf_write. This also ensures
-# that builds from sstate will also have this requirement satisfied.
+# The runqemu script requires the native sysroot populated for the
+# qemu-helper-native recipes. Usually, this is pulled in by a do_image
+# dependency (see baremetal-helloworld_git, for example), but in this case,
+# there is no such task, so we hook in the dependency to do_bootconf_write.
+# This also ensures that builds from sstate will also have this requirement
+# satisfied.
python () {
- # do_addto_recipe_sysroot doesnt exist for all recipes, but we need it to have
- # /usr/bin on recipe-sysroot (qemu) populated
def extraimage_getdepends(task):
deps = ""
for dep in (d.getVar('EXTRA_IMAGEDEPENDS') or "").split():
# Make sure we only add it for qemu
- if 'qemu' in dep:
+ if 'qemu-helper-native' in dep:
deps += " %s:%s" % (dep, task)
return deps
d.appendVarFlag('do_bootconf_write', 'depends', extraimage_getdepends('do_addto_recipe_sysroot'))
--
2.31.1


[meta-zephyr][PATCH 1/2] zephyr-qemuboot.bbclass: Don't overwrite the entire elf dictionary key

Andrei Gherzan
 

From: Andrei Gherzan <andrei.gherzan@huawei.com>

The nios2_machdata_setfunc was overwriting the elf key in matchdata for
arc done in arc_machdata_setfunc which in turn was overwriting the one
from oe-core. This is making qemu-x86 builds (as an example)
unbuildable:

Exception: KeyError: 'i586'

This patch makes sure that the changes complement the machdata
dictionary as opposed to overwriting the entire "elf" key.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
---
classes/siteinfo-zephyr.bbclass | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/classes/siteinfo-zephyr.bbclass b/classes/siteinfo-zephyr.bbclass
index d84fd3a..b84a9b2 100644
--- a/classes/siteinfo-zephyr.bbclass
+++ b/classes/siteinfo-zephyr.bbclass
@@ -1,4 +1,3 @@
-
def arc_siteinfo_setfunc(archinfo, osinfo, targetinfo, d):
archinfo['arc'] = "endian-little bit-32 "
osinfo['linux'] = "common-linux common-glibc"
@@ -8,7 +7,7 @@ def arc_siteinfo_setfunc(archinfo, osinfo, targetinfo, d):
SITEINFO_EXTRA_DATAFUNCS += "arc_siteinfo_setfunc"

def arc_machdata_setfunc(machdata, d):
- machdata["elf"] = { "arc" : (195, 0, 0, True, 32), }
+ machdata["elf"]["arc"] = (195, 0, 0, True, 32)
return machdata

PACKAGEQA_EXTRA_MACHDEFFUNCS += "arc_machdata_setfunc"
@@ -22,7 +21,7 @@ def iamcu_siteinfo_setfunc(archinfo, osinfo, targetinfo, d):
SITEINFO_EXTRA_DATAFUNCS += "iamcu_siteinfo_setfunc"

def nios2_machdata_setfunc(machdata, d):
- machdata["elf"] = {"nios2": (113, 0, 0, True, 32), }
+ machdata["elf"]["nios2"] = (113, 0, 0, True, 32)
return machdata

-PACKAGEQA_EXTRA_MACHDEFFUNCS += "nios2_machdata_setfunc"
\ No newline at end of file
+PACKAGEQA_EXTRA_MACHDEFFUNCS += "nios2_machdata_setfunc"
--
2.31.1


Re: [meta-zephyr][PATCH 1/1] zephyr-qemuboot.bbclass: Fix runqemu dependency on qemu native sysroot

Andrei Gherzan
 

Hi,

On Thu, 13 May 2021, at 13:14, Ross Burton wrote:
Debugged, the patch is broken.

Using a little tool I have:

Task qemu-system-native-5.2.0-r0:do_addto_recipe_sysroot failed
Active tasks are:
virglrenderer-native-0.9.1-r0:do_rm_work
binutils-cross-arm-2.36.1-r0:do_patch
qemu-system-native-5.2.0-r0:do_addto_recipe_sysroot
qemu-system-native-5.2.0-r0:do_rm_work
libepoxy-native-1.5.5-r0:do_rm_work
gcc-source-11.1.0-11.1.0-r0:do_unpack

Note how qemu is simultaneously adding itself to the sysroot, whilst
rm_work is running and deleting the sysroot.

This patch isn't compatible with rm_work and should be reverted.
I'll look into it.

--
Andrei Gherzan
gpg: rsa4096/D4D94F67AD0E9640


Re: [meta-zephyr][PATCH 1/1] zephyr-qemuboot.bbclass: Fix runqemu dependency on qemu native sysroot

Ross Burton
 

Debugged, the patch is broken.

Using a little tool I have:

Task qemu-system-native-5.2.0-r0:do_addto_recipe_sysroot failed
Active tasks are:
virglrenderer-native-0.9.1-r0:do_rm_work
binutils-cross-arm-2.36.1-r0:do_patch
qemu-system-native-5.2.0-r0:do_addto_recipe_sysroot
qemu-system-native-5.2.0-r0:do_rm_work
libepoxy-native-1.5.5-r0:do_rm_work
gcc-source-11.1.0-11.1.0-r0:do_unpack

Note how qemu is simultaneously adding itself to the sysroot, whilst
rm_work is running and deleting the sysroot.

This patch isn't compatible with rm_work and should be reverted.

Ross

On Thu, 13 May 2021 at 13:06, Ross Burton <ross@burtonini.com> wrote:

This is breaking our CI:

ERROR: qemu-system-native-5.2.0-r0 do_addto_recipe_sysroot: Error
executing a python function in exec_python_func() autogenerated:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_python_func() autogenerated', lineno: 2, function: <module>
0001:
*** 0002:extend_recipe_sysroot(d)
0003:
File: '/builds/yocto-poc/meta-arm/work/poky/meta/classes/staging.bbclass',
lineno: 502, function: extend_recipe_sysroot
0498: continue
0499:
0500: msg_adding.append(c)
0501:
*** 0502: os.symlink(c + "." + taskhash, depdir + "/" + c)
0503:
0504: manifest, d2 = oe.sstatesig.find_sstate_manifest(c,
setscenedeps[dep][2], "populate_sysroot", d, multilibs)
0505: if d2 is not d:
0506: # If we don't do this, the recipe sysroot will
be placed in the wrong WORKDIR for multilibs
Exception: FileNotFoundError: [Errno 2] No such file or directory:
'zlib-native.0f0b3e4d16f9ad46dd8609d8c899a834104f5b572a4a5438ccccd1db88d67e97'
-> '/builds/yocto-poc/meta-arm/work/build/tmp/work/aarch64-linux/qemu-system-native/5.2.0-r0/recipe-sysroot-native/installeddeps/zlib-native'
ERROR: Logfile of failure stored in:
/builds/yocto-poc/meta-arm/work/build/tmp/work/aarch64-linux/qemu-system-native/5.2.0-r0/temp/log.do_addto_recipe_sysroot.7593
ERROR: Task (/builds/yocto-poc/meta-arm/work/poky/meta/recipes-devtools/qemu/qemu-system-native_5.2.0.bb:do_addto_recipe_sysroot)
failed with exit code '1'
ERROR: qemu-system-native-5.2.0-r0 do_rm_work: Execution of
'/builds/yocto-poc/meta-arm/work/build/tmp/work/aarch64-linux/qemu-system-native/5.2.0-r0/temp/run.do_rm_work.7583'
failed with exit code 1:
rm: cannot remove 'recipe-sysroot-native': Directory not empty

Can this be reverted whilst this is debugged?

Ross

On Fri, 7 May 2021 at 11:09, Andrei Gherzan <andrei@gherzan.com> wrote:

From: Andrei Gherzan <andrei.gherzan@huawei.com>

The runqemu script depends on having the native sysroot populated for
the qemu recipes. Add the required dependency to the mix.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
---
classes/zephyr-qemuboot.bbclass | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)

diff --git a/classes/zephyr-qemuboot.bbclass b/classes/zephyr-qemuboot.bbclass
index 5ac1c86..f508b45 100644
--- a/classes/zephyr-qemuboot.bbclass
+++ b/classes/zephyr-qemuboot.bbclass
@@ -35,3 +35,22 @@ python do_bootconf_write() {
}

addtask do_bootconf_write before do_build after do_deploy
+
+# The runqemu script requires the native sysroot populated for the qemu
+# recipes. Usually, this is pulled in by a do_image dependency (see
+# baremetal-helloworld_git, for example), but in this case, there is no such
+# task, so we hook in the dependency to do_bootconf_write. This also ensures
+# that builds from sstate will also have this requirement satisfied.
+python () {
+ # do_addto_recipe_sysroot doesnt exist for all recipes, but we need it to have
+ # /usr/bin on recipe-sysroot (qemu) populated
+ def extraimage_getdepends(task):
+ deps = ""
+ for dep in (d.getVar('EXTRA_IMAGEDEPENDS') or "").split():
+ # Make sure we only add it for qemu
+ if 'qemu' in dep:
+ deps += " %s:%s" % (dep, task)
+ return deps
+ d.appendVarFlag('do_bootconf_write', 'depends', extraimage_getdepends('do_addto_recipe_sysroot'))
+ d.appendVarFlag('do_bootconf_write', 'depends', extraimage_getdepends('do_populate_sysroot'))
+}
--
2.31.1




Re: [meta-zephyr][PATCH 1/1] zephyr-qemuboot.bbclass: Fix runqemu dependency on qemu native sysroot

Ross Burton
 

This is breaking our CI:

ERROR: qemu-system-native-5.2.0-r0 do_addto_recipe_sysroot: Error
executing a python function in exec_python_func() autogenerated:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_python_func() autogenerated', lineno: 2, function: <module>
0001:
*** 0002:extend_recipe_sysroot(d)
0003:
File: '/builds/yocto-poc/meta-arm/work/poky/meta/classes/staging.bbclass',
lineno: 502, function: extend_recipe_sysroot
0498: continue
0499:
0500: msg_adding.append(c)
0501:
*** 0502: os.symlink(c + "." + taskhash, depdir + "/" + c)
0503:
0504: manifest, d2 = oe.sstatesig.find_sstate_manifest(c,
setscenedeps[dep][2], "populate_sysroot", d, multilibs)
0505: if d2 is not d:
0506: # If we don't do this, the recipe sysroot will
be placed in the wrong WORKDIR for multilibs
Exception: FileNotFoundError: [Errno 2] No such file or directory:
'zlib-native.0f0b3e4d16f9ad46dd8609d8c899a834104f5b572a4a5438ccccd1db88d67e97'
-> '/builds/yocto-poc/meta-arm/work/build/tmp/work/aarch64-linux/qemu-system-native/5.2.0-r0/recipe-sysroot-native/installeddeps/zlib-native'
ERROR: Logfile of failure stored in:
/builds/yocto-poc/meta-arm/work/build/tmp/work/aarch64-linux/qemu-system-native/5.2.0-r0/temp/log.do_addto_recipe_sysroot.7593
ERROR: Task (/builds/yocto-poc/meta-arm/work/poky/meta/recipes-devtools/qemu/qemu-system-native_5.2.0.bb:do_addto_recipe_sysroot)
failed with exit code '1'
ERROR: qemu-system-native-5.2.0-r0 do_rm_work: Execution of
'/builds/yocto-poc/meta-arm/work/build/tmp/work/aarch64-linux/qemu-system-native/5.2.0-r0/temp/run.do_rm_work.7583'
failed with exit code 1:
rm: cannot remove 'recipe-sysroot-native': Directory not empty

Can this be reverted whilst this is debugged?

Ross

On Fri, 7 May 2021 at 11:09, Andrei Gherzan <andrei@gherzan.com> wrote:

From: Andrei Gherzan <andrei.gherzan@huawei.com>

The runqemu script depends on having the native sysroot populated for
the qemu recipes. Add the required dependency to the mix.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
---
classes/zephyr-qemuboot.bbclass | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)

diff --git a/classes/zephyr-qemuboot.bbclass b/classes/zephyr-qemuboot.bbclass
index 5ac1c86..f508b45 100644
--- a/classes/zephyr-qemuboot.bbclass
+++ b/classes/zephyr-qemuboot.bbclass
@@ -35,3 +35,22 @@ python do_bootconf_write() {
}

addtask do_bootconf_write before do_build after do_deploy
+
+# The runqemu script requires the native sysroot populated for the qemu
+# recipes. Usually, this is pulled in by a do_image dependency (see
+# baremetal-helloworld_git, for example), but in this case, there is no such
+# task, so we hook in the dependency to do_bootconf_write. This also ensures
+# that builds from sstate will also have this requirement satisfied.
+python () {
+ # do_addto_recipe_sysroot doesnt exist for all recipes, but we need it to have
+ # /usr/bin on recipe-sysroot (qemu) populated
+ def extraimage_getdepends(task):
+ deps = ""
+ for dep in (d.getVar('EXTRA_IMAGEDEPENDS') or "").split():
+ # Make sure we only add it for qemu
+ if 'qemu' in dep:
+ deps += " %s:%s" % (dep, task)
+ return deps
+ d.appendVarFlag('do_bootconf_write', 'depends', extraimage_getdepends('do_addto_recipe_sysroot'))
+ d.appendVarFlag('do_bootconf_write', 'depends', extraimage_getdepends('do_populate_sysroot'))
+}
--
2.31.1




Re: Yocto with xtensa

Jack Daniels <onyx22574@...>
 

Hello Khem,

Thank you for the information. 
Is it about adding support for the xtensa build system (toolchain)? Is it work for heterogeneous SoC (CPU/ARM + DSP/xtensa) as well?

Thank you.
BR/J

On Thu, May 13, 2021 at 1:07 AM Khem Raj <raj.khem@...> wrote:
Hello Jack,

I think we do not have support for Xtensa architecture working out of
box upstream. Although it should be possible to add it with little
effort, but no one has spun patches to do so
thus far.

Thanks
-Khem

On Wed, May 12, 2021 at 1:29 PM Jack Daniels <onyx22574@...> wrote:
>
> Dears,
>
> I am looking for a way to include sample code for DSP (xtensa) with Yocto/Linux. what would be the procedure to include such a code and eventually interprocessor communication between xtensa core and CPU under Yocto/Linux?
>
> Thank you.
> BR/J
>
>
>
>


Re: Yocto Zeus : facing error regarding hostapd #zeus

Zoran
 

Hello Rohit,

It is a good find. I also googled for the error, and found this as an
explanation:
https://www.yoctoproject.org/pipermail/yocto/2019-February/044153.html

I included Alex (Kanavin), who created the above mail.

Maybe Alex can give more light on the problem?

In the meantime, you should explore (by similarities) this pointer in
very details:
https://github.com/Xilinx/meta-virtualization/issues/4#issuecomment-590532621

Zoran
_______

On Thu, May 13, 2021 at 8:25 AM rohit jadhav <rohitbjadhav1@gmail.com> wrote:

Hi Zoran,
log.do_rootfs.31340is linked to log.do_rootfs I have checked with ls command, So both files are identical.

While surfing I found similar thread but its for different package its as follows :
https://github.com/Xilinx/meta-virtualization/issues/4

Can you please help out with this for our Package Hostapd ?

Thanks and Regards
Rohit

On Thu, May 13, 2021 at 10:18 AM Zoran Stojsavljevic <zoran.stojsavljevic@gmail.com> wrote:

From the log log.do_rootfs.31340 file, there are the following:

[1] ERROR: Postinstall scriptlets of ['hostapd'] have failed.

HOSTAP stands for: HOST Access Point Daemon. I could not conclude too much from:
https://en.wikipedia.org/wiki/Hostapd

It is kind of a hot spot, as my best understanding is.

[2] Details of the failure are in
/home/tel/imx_yocto_bsp_Zeus/Yocto_setup/build_imx6ull/tmp/work/imx6ull14x14evk-poky-linux-gnueabi/core-image-minimal/1.0-r0/temp/log.do_rootfs.

So, my best guess, looking into log.do_rootfs will tell us much more.

Please, attach this one for our review as well.

Thank you,
Zoran
_______

On Wed, May 12, 2021 at 5:29 PM rohit jadhav <rohitbjadhav1@gmail.com> wrote:

Hi Zoran ,
I have attached the log file for your reference.
Thank You
Regards
Rohit

On Wed, May 12, 2021 at 7:50 PM Zoran Stojsavljevic <zoran.stojsavljevic@gmail.com> wrote:

Log file in:
/home/tel/imx_yocto_bsp_Zeus/Yocto_setup/build_imx6ull/tmp/work/
imx6ull14x14evk-poky-linux-gnueabi/core-image-minimal/1.0-r0/temp/
log.do_rootfs.31340

Could you, please, attach a log file?

Thank you,
Zoran
_______


On Wed, May 12, 2021 at 2:01 PM rohit jadhav <rohitbjadhav1@gmail.com> wrote:

Facing following issue :
ERROR: core-image-minimal-1.0-r0 do_rootfs: Postinstall scriptlets of ['hostapd'] have failed. If the intention is to defer them to first boot,
then please place them into pkg_postinst_ontarget_${PN} ().
Deferring to first boot via 'exit 1' is no longer supported.
Details of the failure are in /home/tel/imx_yocto_bsp_Zeus/Yocto_setup/build_imx6ull/tmp/work/imx6ull14x14evk-poky-linux-gnueabi/core-image-minimal/1.0-r0/temp/log.do_rootfs.
ERROR: Logfile of failure stored in: /home/tel/imx_yocto_bsp_Zeus/Yocto_setup/build_imx6ull/tmp/work/imx6ull14x14evk-poky-linux-gnueabi/core-image-minimal/1.0-r0/temp/log.do_rootfs.31340
ERROR: Task (/home/tel/imx_yocto_bsp_Zeus/Yocto_setup/sources/poky/meta/recipes-core/images/core-image-minimal.bb:do_rootfs) failed with exit code '1'

Please guide me if anyone have any idea to resolve.

Thanks in advance.


Re: Yocto Zeus : facing error regarding hostapd #zeus

rohit jadhav
 

Hi Zoran,
   log.do_rootfs.31340is linked to log.do_rootfs I have checked with ls command, So both files are identical.

While surfing I found similar thread but its for different package  its as follows :

Can you please help out with this for our Package Hostapd ?

Thanks and Regards
Rohit


On Thu, May 13, 2021 at 10:18 AM Zoran Stojsavljevic <zoran.stojsavljevic@...> wrote:
From the log log.do_rootfs.31340 file, there are the following:

[1] ERROR: Postinstall scriptlets of ['hostapd'] have failed.

HOSTAP stands for: HOST Access Point Daemon. I could not conclude too much from:
https://en.wikipedia.org/wiki/Hostapd

It is kind of a hot spot, as my best understanding is.

[2] Details of the failure are in
/home/tel/imx_yocto_bsp_Zeus/Yocto_setup/build_imx6ull/tmp/work/imx6ull14x14evk-poky-linux-gnueabi/core-image-minimal/1.0-r0/temp/log.do_rootfs.

So, my best guess, looking into log.do_rootfs will tell us much more.

Please, attach this one for our review as well.

Thank you,
Zoran
_______

On Wed, May 12, 2021 at 5:29 PM rohit jadhav <rohitbjadhav1@...> wrote:
>
> Hi Zoran ,
> I have attached the log file for your reference.
> Thank You
> Regards
> Rohit
>
> On Wed, May 12, 2021 at 7:50 PM Zoran Stojsavljevic <zoran.stojsavljevic@...> wrote:
>>
>> > Log file in:
>> > /home/tel/imx_yocto_bsp_Zeus/Yocto_setup/build_imx6ull/tmp/work/
>> > imx6ull14x14evk-poky-linux-gnueabi/core-image-minimal/1.0-r0/temp/
>> log.do_rootfs.31340
>>
>> Could you, please, attach a log file?
>>
>> Thank you,
>> Zoran
>> _______
>>
>>
>> On Wed, May 12, 2021 at 2:01 PM rohit jadhav <rohitbjadhav1@...> wrote:
>>>
>>> Facing following issue :
>>> ERROR: core-image-minimal-1.0-r0 do_rootfs: Postinstall scriptlets of ['hostapd'] have failed. If the intention is to defer them to first boot,
>>> then please place them into pkg_postinst_ontarget_${PN} ().
>>> Deferring to first boot via 'exit 1' is no longer supported.
>>> Details of the failure are in /home/tel/imx_yocto_bsp_Zeus/Yocto_setup/build_imx6ull/tmp/work/imx6ull14x14evk-poky-linux-gnueabi/core-image-minimal/1.0-r0/temp/log.do_rootfs.
>>> ERROR: Logfile of failure stored in: /home/tel/imx_yocto_bsp_Zeus/Yocto_setup/build_imx6ull/tmp/work/imx6ull14x14evk-poky-linux-gnueabi/core-image-minimal/1.0-r0/temp/log.do_rootfs.31340
>>> ERROR: Task (/home/tel/imx_yocto_bsp_Zeus/Yocto_setup/sources/poky/meta/recipes-core/images/core-image-minimal.bb:do_rootfs) failed with exit code '1'
>>>
>>> Please guide me if anyone have any idea to resolve.
>>>
>>> Thanks in advance.
>>>
>>>


Re: [meta-raspberrypi][PATCH] 99-com.rules: fix error invalid substitution type

Changqing Li
 

On 5/13/21 11:48 AM, Khem Raj wrote:
[Please note: This e-mail is from an EXTERNAL e-mail address]

On 5/12/21 8:42 PM, Changqing Li wrote:
From: Changqing Li <changqing.li@windriver.com>

fix below error:
/etc/udev/rules.d/99-com.rules:10 Invalid value "/bin/sh -c
'ALIASES=/proc/device-tree/aliases; if cmp -s $ALIASES/uart0
$ALIASES/serial0; then echo 0;elif cmp -s $ALIASES/uart0
$ALIASES/serial1; then echo 1; else exit 1; fi'" for PROGRAM (char 58:
invalid substitution type)
Can you create a pull request on github for this please.
ok

Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
  recipes-core/udev/udev-rules-rpi/99-com.rules | 8 ++++----
  1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/recipes-core/udev/udev-rules-rpi/99-com.rules b/recipes-core/udev/udev-rules-rpi/99-com.rules
index 6bf019b..ddd1e17 100644
--- a/recipes-core/udev/udev-rules-rpi/99-com.rules
+++ b/recipes-core/udev/udev-rules-rpi/99-com.rules
@@ -1,8 +1,8 @@
  KERNEL=="ttyAMA[01]", PROGRAM="/bin/sh -c '\
      ALIASES=/proc/device-tree/aliases; \
-     if cmp -s $ALIASES/uart0 $ALIASES/serial0; then \
+     if cmp -s $$ALIASES/uart0 $$ALIASES/serial0; then \
              echo 0;\
-     elif cmp -s $ALIASES/uart0 $ALIASES/serial1; then \
+     elif cmp -s $$ALIASES/uart0 $$ALIASES/serial1; then \
              echo 1; \
      else \
              exit 1; \
@@ -11,9 +11,9 @@ KERNEL=="ttyAMA[01]", PROGRAM="/bin/sh -c '\

  KERNEL=="ttyS0", PROGRAM="/bin/sh -c '\
      ALIASES=/proc/device-tree/aliases; \
-     if cmp -s $ALIASES/uart1 $ALIASES/serial0; then \
+     if cmp -s $$ALIASES/uart1 $$ALIASES/serial0; then \
              echo 0; \
-     elif cmp -s $ALIASES/uart1 $ALIASES/serial1; then \
+     elif cmp -s $$ALIASES/uart1 $$ALIASES/serial1; then \
              echo 1; \
      else \
              exit 1; \



1 - 20 of 53484