Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-03-09 Thread Greg KH
On Thu, Mar 09, 2017 at 12:57:14PM -0500, Stephen Smalley wrote: > On Thu, 2017-03-09 at 18:28 +0100, Greg KH wrote: > > On Mon, Feb 27, 2017 at 04:23:28PM -0500, Stephen Smalley wrote: > > > > > > On Mon, 2017-02-27 at 12:48 -0800, Nick Kralevich wrote: > > > > > > > > On Mon, Feb 27, 2017 at

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-03-09 Thread Greg KH
On Thu, Mar 09, 2017 at 12:57:14PM -0500, Stephen Smalley wrote: > On Thu, 2017-03-09 at 18:28 +0100, Greg KH wrote: > > On Mon, Feb 27, 2017 at 04:23:28PM -0500, Stephen Smalley wrote: > > > > > > On Mon, 2017-02-27 at 12:48 -0800, Nick Kralevich wrote: > > > > > > > > On Mon, Feb 27, 2017 at

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-03-09 Thread Stephen Smalley
On Thu, 2017-03-09 at 18:28 +0100, Greg KH wrote: > On Mon, Feb 27, 2017 at 04:23:28PM -0500, Stephen Smalley wrote: > > > > On Mon, 2017-02-27 at 12:48 -0800, Nick Kralevich wrote: > > > > > > On Mon, Feb 27, 2017 at 11:53 AM, Stephen Smalley > > gov> > > > wrote: > > > > >

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-03-09 Thread Stephen Smalley
On Thu, 2017-03-09 at 18:28 +0100, Greg KH wrote: > On Mon, Feb 27, 2017 at 04:23:28PM -0500, Stephen Smalley wrote: > > > > On Mon, 2017-02-27 at 12:48 -0800, Nick Kralevich wrote: > > > > > > On Mon, Feb 27, 2017 at 11:53 AM, Stephen Smalley > > gov> > > > wrote: > > > > > > > > > > > > >

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-03-09 Thread Greg KH
On Mon, Feb 27, 2017 at 04:23:28PM -0500, Stephen Smalley wrote: > On Mon, 2017-02-27 at 12:48 -0800, Nick Kralevich wrote: > > On Mon, Feb 27, 2017 at 11:53 AM, Stephen Smalley > > wrote: > > > > > > > > > > > I can reproduce it on angler (with a back-port of just that > >

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-03-09 Thread Greg KH
On Mon, Feb 27, 2017 at 04:23:28PM -0500, Stephen Smalley wrote: > On Mon, 2017-02-27 at 12:48 -0800, Nick Kralevich wrote: > > On Mon, Feb 27, 2017 at 11:53 AM, Stephen Smalley > > wrote: > > > > > > > > > > > I can reproduce it on angler (with a back-port of just that > > > > patch), > > > >

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-02-28 Thread Paul Moore
On Tue, Feb 28, 2017 at 10:29 AM, Stephen Smalley wrote: > On Mon, 2017-02-27 at 19:18 -0500, Paul Moore wrote: >> On Mon, Feb 27, 2017 at 4:23 PM, Stephen Smalley >> wrote: >> > >> > On Mon, 2017-02-27 at 12:48 -0800, Nick Kralevich wrote: >> > > >> > >

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-02-28 Thread Paul Moore
On Tue, Feb 28, 2017 at 10:29 AM, Stephen Smalley wrote: > On Mon, 2017-02-27 at 19:18 -0500, Paul Moore wrote: >> On Mon, Feb 27, 2017 at 4:23 PM, Stephen Smalley >> wrote: >> > >> > On Mon, 2017-02-27 at 12:48 -0800, Nick Kralevich wrote: >> > > >> > > On Mon, Feb 27, 2017 at 11:53 AM, Stephen

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-02-28 Thread Stephen Smalley
On Mon, 2017-02-27 at 19:18 -0500, Paul Moore wrote: > On Mon, Feb 27, 2017 at 4:23 PM, Stephen Smalley > wrote: > > > > On Mon, 2017-02-27 at 12:48 -0800, Nick Kralevich wrote: > > > > > > On Mon, Feb 27, 2017 at 11:53 AM, Stephen Smalley > > gov> > > >

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-02-28 Thread Stephen Smalley
On Mon, 2017-02-27 at 19:18 -0500, Paul Moore wrote: > On Mon, Feb 27, 2017 at 4:23 PM, Stephen Smalley > wrote: > > > > On Mon, 2017-02-27 at 12:48 -0800, Nick Kralevich wrote: > > > > > > On Mon, Feb 27, 2017 at 11:53 AM, Stephen Smalley > > gov> > > > wrote: > > > > > > > > > > > > > > >

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-02-27 Thread Paul Moore
On Mon, Feb 27, 2017 at 4:23 PM, Stephen Smalley wrote: > On Mon, 2017-02-27 at 12:48 -0800, Nick Kralevich wrote: >> On Mon, Feb 27, 2017 at 11:53 AM, Stephen Smalley >> wrote: >> > >> > > >> > > I can reproduce it on angler (with a back-port of just that

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-02-27 Thread Paul Moore
On Mon, Feb 27, 2017 at 4:23 PM, Stephen Smalley wrote: > On Mon, 2017-02-27 at 12:48 -0800, Nick Kralevich wrote: >> On Mon, Feb 27, 2017 at 11:53 AM, Stephen Smalley >> wrote: >> > >> > > >> > > I can reproduce it on angler (with a back-port of just that >> > > patch), >> > > although I am

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-02-27 Thread Stephen Smalley
On Mon, 2017-02-27 at 14:42 -0500, Stephen Smalley wrote: > On Thu, 2017-02-23 at 19:01 -0500, Paul Moore wrote: > > > > On Thu, Feb 23, 2017 at 1:43 PM, John Stultz > g> > > wrote: > > > > > > > > > Hey folks, > > >    I've not been able to figure out why yet, but I

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-02-27 Thread Stephen Smalley
On Mon, 2017-02-27 at 14:42 -0500, Stephen Smalley wrote: > On Thu, 2017-02-23 at 19:01 -0500, Paul Moore wrote: > > > > On Thu, Feb 23, 2017 at 1:43 PM, John Stultz > g> > > wrote: > > > > > > > > > Hey folks, > > >    I've not been able to figure out why yet, but I wanted to > > > raise > >

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-02-27 Thread Stephen Smalley
On Mon, 2017-02-27 at 12:48 -0800, Nick Kralevich wrote: > On Mon, Feb 27, 2017 at 11:53 AM, Stephen Smalley > wrote: > > > > > > > > I can reproduce it on angler (with a back-port of just that > > > patch), > > > although I am unclear on the cause.  The patch is only

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-02-27 Thread Stephen Smalley
On Mon, 2017-02-27 at 12:48 -0800, Nick Kralevich wrote: > On Mon, Feb 27, 2017 at 11:53 AM, Stephen Smalley > wrote: > > > > > > > > I can reproduce it on angler (with a back-port of just that > > > patch), > > > although I am unclear on the cause.  The patch is only supposed > > > to > > >

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-02-27 Thread Nick Kralevich
On Mon, Feb 27, 2017 at 11:53 AM, Stephen Smalley wrote: >> I can reproduce it on angler (with a back-port of just that patch), >> although I am unclear on the cause. The patch is only supposed to >> enable explicit setting of security labels by userspace on cgroup >> files,

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-02-27 Thread Nick Kralevich
On Mon, Feb 27, 2017 at 11:53 AM, Stephen Smalley wrote: >> I can reproduce it on angler (with a back-port of just that patch), >> although I am unclear on the cause. The patch is only supposed to >> enable explicit setting of security labels by userspace on cgroup >> files, so it isn't supposed

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-02-27 Thread Stephen Smalley
On Mon, 2017-02-27 at 16:23 -0500, Stephen Smalley wrote: > On Mon, 2017-02-27 at 12:48 -0800, Nick Kralevich wrote: > > > > On Mon, Feb 27, 2017 at 11:53 AM, Stephen Smalley > v> > > wrote: > > > > > > > > > > > > > > > > > > I can reproduce it on angler (with a

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-02-27 Thread Stephen Smalley
On Mon, 2017-02-27 at 16:23 -0500, Stephen Smalley wrote: > On Mon, 2017-02-27 at 12:48 -0800, Nick Kralevich wrote: > > > > On Mon, Feb 27, 2017 at 11:53 AM, Stephen Smalley > v> > > wrote: > > > > > > > > > > > > > > > > > > I can reproduce it on angler (with a back-port of just that > > >

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-02-27 Thread Stephen Smalley
On Thu, 2017-02-23 at 19:01 -0500, Paul Moore wrote: > On Thu, Feb 23, 2017 at 1:43 PM, John Stultz > wrote: > > > > Hey folks, > >    I've not been able to figure out why yet, but I wanted to raise > > the > > issue that last night I found I couldn't boot Android on my

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-02-27 Thread Stephen Smalley
On Thu, 2017-02-23 at 19:01 -0500, Paul Moore wrote: > On Thu, Feb 23, 2017 at 1:43 PM, John Stultz > wrote: > > > > Hey folks, > >    I've not been able to figure out why yet, but I wanted to raise > > the > > issue that last night I found I couldn't boot Android on my Hikey > > board with

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-02-24 Thread John Stultz
On Fri, Feb 24, 2017 at 7:39 PM, Nick Kralevich wrote: > Can you try adding the androidboot.selinux=permissive line to the kernel > command line, to boot in permissive mode? I suspect the policy just needs to > be adjusted. Yep. It does seem to boot fine in permissive mode, just

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-02-24 Thread John Stultz
On Fri, Feb 24, 2017 at 7:39 PM, Nick Kralevich wrote: > Can you try adding the androidboot.selinux=permissive line to the kernel > command line, to boot in permissive mode? I suspect the policy just needs to > be adjusted. Yep. It does seem to boot fine in permissive mode, just not in

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-02-24 Thread Nick Kralevich
Can you try adding the androidboot.selinux=permissive line to the kernel command line, to boot in permissive mode? I suspect the policy just needs to be adjusted. -- Nick On Fri, Feb 24, 2017 at 6:01 PM, John Stultz wrote: > On Thu, Feb 23, 2017 at 4:01 PM, Paul Moore

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-02-24 Thread Nick Kralevich
Can you try adding the androidboot.selinux=permissive line to the kernel command line, to boot in permissive mode? I suspect the policy just needs to be adjusted. -- Nick On Fri, Feb 24, 2017 at 6:01 PM, John Stultz wrote: > On Thu, Feb 23, 2017 at 4:01 PM, Paul Moore wrote: >> On Thu, Feb 23,

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-02-24 Thread John Stultz
On Thu, Feb 23, 2017 at 4:01 PM, Paul Moore wrote: > On Thu, Feb 23, 2017 at 1:43 PM, John Stultz wrote: >> Hey folks, >>I've not been able to figure out why yet, but I wanted to raise the >> issue that last night I found I couldn't boot Android

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-02-24 Thread John Stultz
On Thu, Feb 23, 2017 at 4:01 PM, Paul Moore wrote: > On Thu, Feb 23, 2017 at 1:43 PM, John Stultz wrote: >> Hey folks, >>I've not been able to figure out why yet, but I wanted to raise the >> issue that last night I found I couldn't boot Android on my Hikey >> board with Linus' HEAD kernel.

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-02-23 Thread Paul Moore
On Thu, Feb 23, 2017 at 1:43 PM, John Stultz wrote: > Hey folks, >I've not been able to figure out why yet, but I wanted to raise the > issue that last night I found I couldn't boot Android on my Hikey > board with Linus' HEAD kernel. It seems to cause logd to crash >

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-02-23 Thread Paul Moore
On Thu, Feb 23, 2017 at 1:43 PM, John Stultz wrote: > Hey folks, >I've not been able to figure out why yet, but I wanted to raise the > issue that last night I found I couldn't boot Android on my Hikey > board with Linus' HEAD kernel. It seems to cause logd to crash > repeatedly so I'm not

[Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-02-23 Thread John Stultz
Hey folks, I've not been able to figure out why yet, but I wanted to raise the issue that last night I found I couldn't boot Android on my Hikey board with Linus' HEAD kernel. It seems to cause logd to crash repeatedly so I'm not able to get debug info from logcat. I do see the following over

[Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

2017-02-23 Thread John Stultz
Hey folks, I've not been able to figure out why yet, but I wanted to raise the issue that last night I found I couldn't boot Android on my Hikey board with Linus' HEAD kernel. It seems to cause logd to crash repeatedly so I'm not able to get debug info from logcat. I do see the following over