apparmor.d icon indicating copy to clipboard operation
apparmor.d copied to clipboard
verified publisher icon roddhjav

apparmor.d breaks waydroid

Open Stoppedpuma opened this issue 1 year ago • 12 comments

Partially moved from #377

No logs besides this: [gbinder] ERROR: Can't open /dev/binder: No such file or directory Failed to add presence handler: None

A teardown doesn't fix this issue but uninstalling apparmor.d or just not loading apparmor on startup does.

Stoppedpuma avatar Jul 09 '24 15:07 Stoppedpuma

How is it not working? Can you confirm you have the binder module available: modinfo binder_linux. If yes, you should be able to load it has usual. If not, you should remove /var/lib/dkms/binder and install it again (while you ensure that pacman-hook-dkms is on complain mode).

roddhjav avatar Jul 10 '24 09:07 roddhjav

filename: /lib/modules/6.8.9-273-tkg-eevdf-llvm/updates/dkms/binder_linux.ko.zst modinfo: ERROR: could not get modinfo from 'binder_linux': No such file or directory

This seems to be an issue only with binder as ZFS works perfectly fine, removing /var/lib/dkms/binder and reinstalling with pacman-hook-dkms in complain mode doesn't fix this.

Stoppedpuma avatar Jul 10 '24 15:07 Stoppedpuma

what do you get with sudo dkms status?

roddhjav avatar Jul 10 '24 17:07 roddhjav

After reinstalling again in teardown it now shows under dkms status, the problem still occurs though. No idea why it didn't prior to the most recent install.

binder/1, 6.7.6-273-tkg-eevdf, x86_64: installed binder/1, 6.8.9-273-tkg-eevdf-llvm, x86_64: installed zfs/2.2.4, 6.7.6-273-tkg-eevdf, x86_64: installed zfs/2.2.4, 6.8.9-273-tkg-eevdf-llvm, x86_64: installed

Stoppedpuma avatar Jul 10 '24 17:07 Stoppedpuma

If the module is here, you should be able to use it. Try to manually load and mount it:

modinfo binder_linux
sudo modprobe binder-linux device=binder,hwbinder,vndbinder
sudo mount -t binder binder /dev/binderfs

And check for any logs.

roddhjav avatar Jul 10 '24 18:07 roddhjav

Still nothing. searching for any differences in journalctl is nearly impossible as well since even being ran for one second fills hundreds of lines with the /dev/binder not found issue. The closest I can get to a log besides that is errors of /acct and /system being read-only but I'm not sure it's helpful as it isn't new.

Stoppedpuma avatar Jul 10 '24 19:07 Stoppedpuma

Did the command in my previous comments returned any error? If not, the directory /dev/binder should exist, and therefore, waydroid should work.

roddhjav avatar Jul 10 '24 19:07 roddhjav

Did the command in my previous comments returned any error?

The command doesn't return any errors

the directory /dev/binder should exist, and therefore, waydroid should work.

/dev/binder doesn't exist is the problem, this is where apparmor,d is the culprit as starting without apparmor loaded or just uninstalling apparmor.d solves this problem.

Stoppedpuma avatar Jul 10 '24 20:07 Stoppedpuma

Try to manually created it (sudo mkdir /dev/binder), and run modprobe again.

roddhjav avatar Jul 10 '24 20:07 roddhjav

Binder is supposed to be a file apparently

[gbinder] ERROR: Can't open /dev/binder: Is a directory

Linking /dev/binderfs/anbox-binder to /dev/binder doesn't work either.

Stoppedpuma avatar Jul 10 '24 21:07 Stoppedpuma

It seems to be an issue with how apparmor.d handles binder_linux-dkms, compiling linux-tkg with waydroid modules doesn't have the binder issues and seems to work fine for the first launch, things still break sometimes after trying to launch again. Journalctl shows some binder errors again such as these:

binder: 58105:58105 transaction call to 0:0 failed 678469/29189/-22, size 0-0 line 3151 binder: 58105:58105 cannot find target node

Anotherthing which does seem to not work is stopping the waydroid container:

DENIED lxc-stop getattr @{lib}/ comm=lxc-stop requested_mask=r denied_mask=r

ALLOWED lxc-stop getattr @{run}/ comm=lxc-stop requested_mask=r denied_mask=r ALLOWED lxc-stop getattr /var/lib/waydroid/lxc/waydroid/config comm=lxc-stop requested_mask=r denied_mask=r ALLOWED lxc-stop open @{run}/lxc/lock/var/lib/waydroid/lxc/.waydroid comm=lxc-stop requested_mask=wrc denied_mask=wrc ALLOWED lxc-stop file_lock @{run}/lxc/lock/var/lib/waydroid/lxc/.waydroid comm=lxc-stop requested_mask=wk denied_mask=wk ALLOWED lxc-stop open /var/lib/waydroid/lxc/waydroid/config comm=lxc-stop requested_mask=r denied_mask=r ALLOWED lxc-stop getattr /var/lib/waydroid/lxc/waydroid/config_nodes comm=lxc-stop requested_mask=r denied_mask=r ALLOWED lxc-stop open /var/lib/waydroid/lxc/waydroid/config_nodes comm=lxc-stop requested_mask=r denied_mask=r ALLOWED lxc-stop getattr /var/lib/waydroid/lxc/waydroid/config_session comm=lxc-stop requested_mask=r denied_mask=r ALLOWED lxc-stop open /var/lib/waydroid/lxc/waydroid/config_session comm=lxc-stop requested_mask=r denied_mask=r ALLOWED lxc-stop create comm=lxc-stop family=unix sock_type=stream protocol=0 requested_mask=create denied_mask=create ALLOWED lxc-stop connect comm=lxc-stop family=unix sock_type=stream protocol=0 requested_mask=connect denied_mask=connect ALLOWED lxc-stop setsockopt comm=lxc-stop family=unix sock_type=stream protocol=0 requested_mask=setopt denied_mask=setopt ALLOWED lxc-stop sendmsg comm=lxc-stop family=unix sock_type=stream protocol=0 requested_mask=send denied_mask=send ALLOWED lxc-stop recvmsg comm=lxc-stop family=unix sock_type=stream protocol=0 requested_mask=receive denied_mask=receive

Stoppedpuma avatar Jan 01 '25 01:01 Stoppedpuma

I think there is more than this. I remember seeing this, and this should be fixed I forgot to link the commit that fix this). However, the dkms module need to be wiped and installed again.

Also, lxc-stop is not one of my profile.

roddhjav avatar Jan 09 '25 22:01 roddhjav