AppArmorForPhabletKernels
⇤ ← Revision 1 as of 2013-08-16 23:08:22
7099
Comment:
|
7330
|
Deletions are marked like this. | Additions are marked like this. |
Line 1: | Line 1: |
= Updating/syncing the phablet kernels to the apparmor3 development snapshot = | = DRAFT - Updating/syncing the phablet kernels to the apparmor3 = This page is under construction |
Line 5: | Line 8: |
However they do have their differences as some of the phablet kernels have picked up patches that change the LSM api presented. Eg. the maguro kernel has a backport of the __d_path api changes from commit 02125a826459a6ad142f8d91c5b6357562f96615 so it doesn't need that portion of the backport patches. | However they do have their differences as some of the phablet kernels have picked up patches that change the LSM api presented. Eg. the maguro kernel has a backport of the <tt>__d_path</tt> api changes from commit 02125a826459a6ad142f8d91c5b6357562f96615 so it doesn't need that portion of the backport patches. |
Line 17: | Line 20: |
== Get the apparmor kernel patches == The apparmor3 patches on saucy can be found at git clone git://kernel.ubuntu.com/jj/ubuntu-saucy.git Note: the branches here are rebased as needed. |
DRAFT - Updating/syncing the phablet kernels to the apparmor3
This page is under construction
About apparmor3 in the phablet kerenls
Apparmor3 in the phablet kernels is based on the upstream backport kernels of apparmor3.
However they do have their differences as some of the phablet kernels have picked up patches that change the LSM api presented. Eg. the maguro kernel has a backport of the <tt>d_path</tt> api changes from commit 02125a826459a6ad142f8d91c5b6357562f96615 so it doesn't need that portion of the backport patches. All of these kernels started out using the appropriate version of the kernel backport patches and then where modified as needed. To keep the patch count in the ubuntu kernel small and minimize churn, we use a squash of the dev tree, so there will be one main patch and maybe a few fix patches on top of it. The steps in gross 1. Update main Ubuntu kernel if not already done 2. Update back port kernels 3. Update phablet kernels 4. Build 5. Test
The apparmor3 patches on saucy can be found at Note: the branches here are rebased as needed.
updating the main kernels squash the patches into a single update now copy off the apparmor directory to do the update for phablet kernels. This is easier as a base for the sync than applying a patch because each kernel has a different base and you have to resolve conflicts etc. now update the configs and ammend the previous commit (this keeps us at 1 patch to change in the future) git add <config files> git commit --amend
The backport kernels are a set of kernels designed to port apparmor3 back to different versions of the kernel. Eg. v3.4-backport-of-apparmor3 is apparmor3 backported to the 3.4 kernel. While v3.4-backport-of-v3.10-apparmor is a backport of the v3.10 kernel version of apparmor back to the 3.4 kernel. The only patches to update are the apparmor3 version, we do this here so we have a clean reference base to work from for the phablet kernels, as some of them require some tweaking due to backported patches etc. The backport kernel patches try to not change the apparmor3 code, and to not change the kernel api of the kernel being ported to. So instead of direct patch a lot of macro magic is used in the new backport files. The goal is to keep the changes required to a minimum to make backports easier, and keep abis the same for binary blobs. Also the set of patches is broken out 1 per patch that is reverted or fixed with info about the change. Including the kernel its needed for, the commit that introduced the change etc. The first thing to do is look and see if there are new patches upstream that need to be reverted/adjust for. Eg. When moving apparmor3 dev to 3.11, a new patch 3.10 backport revert no delay vfree() was needed. Note the change so it can be worked on. rebase to update the sync patch copy in the apparmor3 kernel (that we copied out above) git add <any new or update files> git commit -a --amend Now do any partial reverts you need to do, or create macros in the backport files Don't generally do a git revert unless the patch is entirely in the apparmor dir. Do this once and cherry-pick the changes to other backport branches.
currently there are 4 supported phablet kernels To update the phablet kernels I keept 3 branches as I find that easiest. A base, base-presquash-apparmor3, base-apparmor3. Eg. updating the phablet kernels git checkout <base> git reset --hard origin/<base> git log security/apparmor Identify the apparmor3 commits from last time, so we can revert them. git revert <commit(s)> cp -r apparmor/* security/apparmor git add <new files> git commit -s -a git cherry-pick <any new backport patches not in <base>-presquash git checkout <base>-presquash-apparmor3 git log find old base patch sha1 git rebase --onto <base> <old base patch sha1> fix any conflicts if needed now save it for next time git push -f zinc <base>-presquash-apparmor3 git checkout <base>-apparmor3 git reset --hard <base>-presquash-apparmor3 fdr updateconfigs git add <updated config file> git commit -sa git rebase -i HEAD~XXX use fixup (f) to fold backport patches into base apparmor3 patch now save it for the pull-request git push -f zinc <base>-presquash-apparmo3 repeat for others
foo
build a kernel and get the zImage or a .deb push the kernel to the phablet or connect to the tablet if android is the root system and ubuntu is in a chroot if a deb install the kernel find where to flash the kernel (see below: find the boot partition) flash the kernel (/dev/... is /dev/block/... on android) reboot
if you don't already have a bootimage.cfg, extract the bootimage edit bootimage.cfg by adding options to cmdline update the flashed boot image (same partition as kernel) find the boot partition list the block partitions • nexus 7 lrwxrwxrwx 1 root root 20 Apr 3 09:21 LNX -> /dev/block/mmcblk0p2 LNX is the boot partition (where vmlinux resides) SOS is another boot partition (the recovery one but we won't use it) • nexus 4 lrwxrwxrwx 1 root root 20 Apr 3 10:05 boot -> /dev/block/mmcblk0p6 get boot partition info to check if its really set up as a boot partition Get the apparmor kernel patches
Update Ubuntu kernel with latest patches
dump the patches past the base kernel version
get the current ubuntu kernel check that all the fix patches have made it into the dev version being applied if not you will need to reapply them revert all apparmor patches that ubuntu is carrying beyond the base kernel version. Update the backport kernels
Update the phablet kernels
Build the kernels
Test the kernels
Support Notes
Installing a phablet device with Ubuntu touch
Updating the kernel on the device
Updating the kernel cmdline on the device
SecurityTeam/AppArmorForPhabletKernels (last edited 2015-07-08 02:44:42 by jdstrand)