From: Paul Moore <paul@paul-moore.com>
To: Richard Haines <richard_c_haines@btinternet.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>,
selinux@vger.kernel.org, Greg KH <gregkh@linuxfoundation.org>
Subject: Re: [PATCH] selinux-testsuite: Update binder for kernel 5.4 support
Date: Tue, 8 Oct 2019 17:43:49 -0400 [thread overview]
Message-ID: <CAHC9VhQcvFna_Jj5kZaJVbUtY_EW97sreAODTiaH8pb8nEqZjA@mail.gmail.com> (raw)
In-Reply-To: <4f0c2ff54dd1ad94392ef7c2428c766e0e2a2574.camel@btinternet.com>
On Mon, Oct 7, 2019 at 12:35 PM Richard Haines
<richard_c_haines@btinternet.com> wrote:
> On Mon, 2019-10-07 at 16:17 +0100, Richard Haines wrote:
> > On Mon, 2019-10-07 at 10:28 -0400, Stephen Smalley wrote:
> > > On 10/6/19 4:51 AM, Richard Haines wrote:
> > > > Kernel 5.4 commit ca2864c6e8965c37df97f11e6f99e83e09806b1c
> > > > ("binder: Add
> > > > default binder devices through binderfs when configured"),
> > > > changed
> > > > the way
> > > > the binder device is initialised and no longer automatically
> > > > generates
> > > > /dev/binder when CONFIG_ANDROID_BINDERFS=y.
> > >
> > > This seems like a userspace ABI break, no? Same kernel config
> > > before
> > > and after this commit yields different behavior for
> > > /dev/binder. I
> > > suppose one might argue that one would only enable
> > > CONFIG_ANDROID_BINDERFS if one wanted to use it instead of
> > > /dev/binder
> > > but the original commit that introduced binderfs specifically said
> > > that
> > > backward compatibility was preserved.
> > I'll need to check this further, but from what I've seen so far, is
> > that the /dev/binder is not available until you mount binderfs etc.
> > that's why Paul had the failure on 5.4 as before then is was
> > available
> > when the binder driver first initialised.
>
> To confirm tests using kernel 5.4-rc1
>
> Test 1 config:
> CONFIG_ANDROID=y
> CONFIG_ANDROID_BINDER_IPC=y
> CONFIG_ANDROID_BINDERFS=y
> CONFIG_ANDROID_BINDER_DEVICES="binder"
>
> On boot no /dev/binder
>
> To get this you have to:
> mkdir /dev/binderfs 2>/dev/null
> mount -t binder binder /dev/binderfs -o
> context=system_u:object_r:device_t:s0 2>/dev/null
>
> You then have devs:
> binder and binder-control
>
> Test 2 config:
> CONFIG_ANDROID=y
> CONFIG_ANDROID_BINDER_IPC=y
> # CONFIG_ANDROID_BINDERFS is not set
> CONFIG_ANDROID_BINDER_DEVICES="binder"
>
> On boot you have /dev/binder
Disabling binderfs during build is probably not the smart thing to do
considering where the world is at with namespaces/containers, whatever
we do we should make sure the tests work with
CONFIG_ANDROID_BINDERFS=y.
--
paul moore
www.paul-moore.com
next prev parent reply other threads:[~2019-10-08 21:44 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-06 8:51 [PATCH] selinux-testsuite: Update binder for kernel 5.4 support Richard Haines
2019-10-07 14:28 ` Stephen Smalley
2019-10-07 15:17 ` Richard Haines
2019-10-07 16:35 ` Richard Haines
2019-10-08 21:43 ` Paul Moore [this message]
2019-10-09 13:56 ` Stephen Smalley
2019-10-09 14:03 ` Paul Moore
2019-10-09 15:49 ` Richard Haines
2019-10-08 21:41 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAHC9VhQcvFna_Jj5kZaJVbUtY_EW97sreAODTiaH8pb8nEqZjA@mail.gmail.com \
--to=paul@paul-moore.com \
--cc=gregkh@linuxfoundation.org \
--cc=richard_c_haines@btinternet.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.