SMACK labels for created files not set - linux

I’m trying to setup SMACK on my system but am having some strange problems.
I have SMACK turned on in my kernel and have added the line:
smackfs /smack smackfs smackfsdef=* 0 0
to my /etc/fstab file. SMACK seems to be enforcing labelled subject/object access as expected. But when I create new files the files do not have the labels of the creating process. Instead the labels are blank.
My kernel version is 3.4.36. My kernel config includes:
CONFIG_NETLABEL=y
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_SMACK=y
CONFIG_DEFAULT_SECURITY_SMACK=y
CONFIG_DEFAULT_SECURITY="smack"

Found the answer to my own question. The yaffs2 file system that my device runs on does not fully support extended attributes for newly created files.

Related

Unable to validate syslinux.cfg syntax

I am trying to boot an appliance to a USB drive and the provided configuration file for the syslinux.cfg file seems to have some error in it. Is there any way to validate a syslinux.cfg file and its syntax or anyone smart on here that might be able to check why this seems to not work? After booting, we received the following error:
SYSLINUX 4.04 EDD 2011-04-18 Copyright (C) 1994-2011 H. Peter Anvin et al
Unknown keyword in configuration file: 1
No DEFAULT or UI configuration directive found!
boot:
This is the configuration we have inside the syslinux.cfg file. I've tried multiple formatting options of my USB drive, including FAT32 and FAT16. I've tried renaming folders as prescribed by other articles (although I don't think there is a file referencing issue, because, because otherwise how would it know that there is an unknown keyword in the configuration file?).
SERIAL 1 38400 CONSOLE 1 default vmlinuz0 initrd=initrd0.img root=live:CDLABEL=LIVE rootfstype=vfat ro liveimg quiet rhgb rd.luks=0 rd.md=0 rd.dm=0 serial text console=ttyS1,38400n8
We are following instructions from a vendor on how to boot to a USB to recover this appliance, but I don't get the strong feeling that they understand what's going on, so I thought I'd see if anyone could weigh in on why it cannot find a DEFAULT or UI configuration directive, despite the "default vmlinuz0" line being right there.

Nothing provides error - adding new Yocto layer and new machine

I had a question about adding a new machine in Yocto.
I am trying to add both a new layer in Yocto, and a new machine. The machine is based on Atmels SAMA5D27-SOM1-EK-SD evaluation board. I want to enable another UART for this board.
I cloned the kernel source for this board (linux-at91) and added another DTS file based off of at91sama5d27-som1-ek-sd.dts file. I made the changes to enable UART0. I then added this new DTS file to the Makefile in linux-at91/arch/arm/boot/dts . I made a patch to save these changes.
I'm using meta-atmel layer and was following instructions outlined here to build the image for this board.
I have defined another layer that will act as the new Yocto layer that defines my custom machine. I have added some .bbappend files in recipes-kernel to add a patch (which adds a new dts file to the linux at91 kernel source) and to add our custom machine as a compatible machine. My understanding was that we could continue to use the definitions in the meta-atmel layer, but add .bbappend files in the meta-axon layer in the same path, and that would apply the changes that we want.
I have done the same for the recipes-bsp directory. In the meta-axon layer, all the .bbappend files in recipes-bsp only add our custom machine to the list of compatible machines.
However, when I go ahead and build, I get this error:
NOTE: Resolving any missing task queue dependencies
ERROR: Nothing PROVIDES 'at91bootstrap-sam-ba'
at91bootstrap-sam-ba was skipped: incompatible with machine axon-ft3-sp-machine (not in COMPATIBLE_MACHINE)
I'm confused because the recipe file that defines at91bootstrap-sam-ba in meta-atmel does not mention any compatible machines, so I would want to use it from the meta-atmel layer without changing it at all. (edited)
It actually does mention compatible machines.
In at91bootstrap-sam-ba recipe[1], you can find the following line:
require at91bootstrap_${PV}.bb
Let's check out in this recipe then[2]:
COMPATIBLE_MACHINE = '(sama5d3xek|sama5d3-xplained|sama5d3-xplained-sd|at91sam9x5ek|at91sam9rlek|at91sam9m10g45ek|sama5d4ek|sama5d4-xplained|sama5d4-xplained-sd|sama5d2-xplained|sama5d2-xplained-sd|sama5d2-xplained-emmc|sama5d2-ptc-ek|sama5d2-ptc-ek-sd|sama5d27-som1-ek|sama5d27-som1-ek-sd|sama5d2-icp-sd|sam9x60ek|sam9x60ek-sd|sama5d27-wlsom1-ek-sd)'
Using bitbake at91bootstrap-sam-ba -e would show you that, indeed, COMPATIBLE_MACHINE is set and would even tell you where it was set.
P.S.: In some cases, it might actually be a good idea for your custom machine to require the original machine on which it is based (e.g. sama5d27-som1-ek-sd) and make the name of the original machine part of MACHINE_OVERRIDES so that you don't have to add a bbappend for each recipe with a COMPATIBLE_MACHINE. Be careful with the order in MACHINE_OVERRIDES, it is evaluated from right to left with rightmost OVERRIDES being of the highest priority. (Use bitbake -e <recipe> to be sure it's correctly set).
[1] https://github.com/linux4sam/meta-atmel/blob/master/recipes-bsp/at91bootstrap/at91bootstrap-sam-ba_3.9.2.bb#L1
[2] https://github.com/linux4sam/meta-atmel/blob/master/recipes-bsp/at91bootstrap/at91bootstrap_3.9.2.bb#L5

OpenModelica: No output variables or solution file

So I am a newbie to OpenModelica. I have a bit of experience using LMS Amesim. I created my first simple model using OM and simulated it from within the OMeditor.
When I switch to the plot window, there are NO output variables to plot. That tells me that the simulation may not have run. However, no error messages popped up. When I checked the model, I found it to be fine (not overconstrained or underconstrained).
What gives? This is OM 1.14 on Linux Ubuntu 16.04.
My Modelica file is a simple 2nd order system with feedback control is available via pastebin here or may be downloaded here via google drive link
The messages that I have from the output window are:
/tmp/OpenModelica_drN/OMEdit/Feedback/Feedback -port=35318 -logFormat=xmltcp -override=startTime=0,stopTime=100,stepSize=0.2,tolerance=1e-6,solver=dassl,outputFormat=csv,variableFilter=.* -r=/tmp/OpenModelica_drN/OMEdit/Feedback/Feedback_res.csv -w -lv=LOG_STATS -inputPath=/tmp/OpenModelica_drN/OMEdit/Feedback -outputPath=/tmp/OpenModelica_drN/OMEdit/Feedback
The initialization finished successfully without homotopy method.
The simulation finished successfully.
This was a bug. Should be fixed now:
https://trac.openmodelica.org/OpenModelica/ticket/5251

driver not working when built as built in driver

I wrote a basic character driver for beagle-bone which prints two message in 1 second interval via a workqueue and a tasklet using printk.
At first i build it as module driver, generated .ko file, load it using insmod command and the print is coming when viewed via dmesg.
Then i built as inbuilt driver and load the uImage and after bootup i checked the dmesg prints. But there is no prints.
In the .config file
CONFIG_MY_DRIVER=y
So its taken as built in driver i think.
How can i confirm whether its actually built in the final image. No error was reported while building.
Is there any additional steps to be done for loading the build in driver.
Please pardon me if i went wrong on any basics. I am really new to linux.
This means that you added it probably somewhere to Kconfig file:
"CONFIG_MY_DRIVER=y"
but, Have you added it to Makefile? It works like that, then kernel during a building an Image, takes all of this directives "CONFIG_*" and use it to build particular source files from Makefile.
Example:
cat fs/ext2/Makefile
ext2-$(CONFIG_EXT2_FS_SECURITY) += xattr_security.o
cat fs/ext2/Kconfig
config EXT2_FS_SECURITY
bool "Ext2 Security Labels"
depends on EXT2_FS_XATTR
so in this example above if your source file is xattr_security.c then you should get xattr_security.o file in fs/ext2 dir, when this is build. You should also see it if your file is build, during a compilation process.

Version Control soft that will keep ALL files and their metadata from POSIX FS (ext3/ext4)

THE SCENARIO
I'm developing a Root FS for some embedded Linux device. It is sitting on the host, exported via NFS and my development board mounts is under "/".
The workflows that I need are:
- to share my FS to other developers(they have with their own dev. boards)
- to backup my Root FS onto some "server"
- to deploy my Root FS onto flash-disks or other media
- track changes in specific files in my Root FS, branching&merging,roll back etc.
Guys, this seems to me as a Version Control scenario, and I even use git.
THE PROBLEM
As you know Git(and svn/mercurial/bazaar too !) 1) does not store special files (device files under /dev etc.) 2) does not store file owners and permissions.
I want to store everything and AS IS.
THE QUESTION:
Do you know some VCS that will do the job ?
Or may be you know about another (but simple) solution for doing my scenarios ?
IS IT A COMMON PROBLEM...
I believe that it is, because till now I've heard about scripts/hooks/custom soft that everybody(!) works out for his purposes. All I need is an all-eating-VSS
Thank you !!
Having done something similar (developing firmware for an embedded Linux OS), I've found that it's better to put device file creation into a script called by your build system, rather than to store device files directly on the development machine. Then the script that creates the files goes into version control, instead of the files themselves, and (BONUS) you don't need to be root to modify them. Run the build through fakeroot instead.
I suppose this doesn't directly answer your question, but it may be worth thinking about revising your development model. It's NEVER a good idea to run your build as root, because what happens if you accidentally have a "/" in front of a common path? You may inadvertently replace /bin with a whole bunch of links to busybox built for a different architecture.
This is the tool for you:
http://fsvs.tigris.org/
it has svn backend.
I know this seems a little obvious, but as you haven't mentioned it: Have you considered mechanisms to put all your special files into a regular file, like, for example, into a tar archive? You could store that just fine with any version control system, and as filesystems have lots of binary data anyway diffs between two revisions of a full root filesystem aren't that useful anyway, so you might even not lose too many of the features your version control system provides.
initramfs is a good answer to the userid groupid, permissioon problem. In your kernel source directory, there is scripts/gen_initramfs_list.sh.
This script allows you to build an initramfs archive from several sources. You can for example, specify :
a directory : The files and directory found in this base directory will be at the root of your file system.
a file liste : it is a text file, very useful to create directory, files and special device files. See example below
If you develop as non root, and your rootfs is in rootfsdir, then probably the file in rootfsdir are owned by you. gen_initramfs_list can translate your uid, gid into 0, 0. Here is an exemple command line :
gen_initramfs_list -u $MYUID -o initramfs.gz rootfsdir/ device.txt
Where device.txt contains :
# This is a very simple, default initramfs
dir /dev 0755 0 0
nod /dev/console 0600 0 0 c 5 1
dir /root 0700 0 0
# file /kinit usr/kinit/kinit 0755 0 0
# slink /init kinit 0755 0 0
Then you can use standard version control for your rootfsdir content, and add the device.txt file under version control, and here you are : content and file attribute are versionned :).
I don't know if you can change the permission and uid/gid of a file in a directory source via a filelist source, but this would be a logical feature.
Of course you can start with minimal root fs, from which you mount your existing nfs_export.
It is a common problem, and gen_initramfs_list is the tool to solve it.
Why not just use rsync? Something like rsnapshot (http://www.rsnapshot.org) will do what you want. Alternatively Unison (http://www.cis.upenn.edu/~bcpierce/unison/) is explicitly designed for this - it describes itself as a cross-platform file synchronisation technology with version control, and might be what you need.

Resources