**** BEGIN LOGGING AT Thu Feb 28 02:59:57 2019 Feb 28 06:24:06 @Daniel, Btw, it seems like I could disable this in lxc, but then we get a new CVE as well 😁 … https://github.com/lxc/lxc/commit/6400238d08cdf1ca20d49bafb85f4e224348bf9d Feb 28 17:50:42 Ok now I have a problem with healthd. It says that healthd.h is missing but Android.mk points to the right directory. Did anyone have a similar experience? Feb 28 17:55:06 @thatannoyingguy4, Can you show the error? Feb 28 18:06:33 I just fixed it it seems: the Android.mk include path showed system/core/healthd. I simply added include behind that line and in the cpp file of the project I changed #include to #include . Now I only need to fight with recovery resources and bsdiff Feb 28 18:10:25 FAILED: /home/USER/halium/out/target/product/lt01wifi/obj/PACKAGING/recovery_from_boot.p . It somehow doesnt find bsdiff in halium/out/host/linux-x86/bin Feb 28 18:31:21 Ok copied the system binary of bsdiff and mka systemimage completed successfully Feb 28 18:31:33 @thatannoyingguy4, install bsdif (with apt), and ln -s /usr/bin/bsdiff tou Feb 28 18:32:38 @thatannoyingguy4, [Edit] install bsdif (with apt), and ln -s /usr/bin/bsdiff to out/... Feb 28 19:07:47 @JBBgameich, Hey, thanks for looking into it. … I would really appreciate it, if you could patch (unpatch?). I mean an attack scenario from inside the container is quite unlikely for most halium users, as most people will only use an (offline) Android version inside the container, right? (I even lxc-stop the container after boo Feb 28 19:07:47 t...) Feb 28 19:07:53 In case someone is super paranoid, one could also create a script overwriting the runC binary with a backup before starting the container (in case it got compromised from inside the container earlier). Feb 28 19:07:58 Regarding create_memfd implementation, I found out that there are two flags that need to be supported: MFD_CLOEXEC and MFD_ALLOW_SEALING (so the copy of the binary in memory cannot be attacked). While MFD_CLOEXEC can easily be supported, MFD_ALLOW_SEALING needs digging quite deeply into the system :-/ Feb 28 19:09:13 Okay, so I'll try disabling this in lxc for now Feb 28 19:10:19 This is the commit that broke it in debian btw: https://salsa.debian.org/lxc-team/lxc/commit/61d039072babb9ac1fee6ea221e4a82ea7cbd42d Feb 28 19:21:50 @JBBgameich, Maybe, if one just disables the following line, the library will launch with memfd protection on >= 3.17 but will still work (without memfd) on < 3.17? … https://github.com/lxc/lxc/commit/6400238d08cdf1ca20d49bafb85f4e224348bf9d#diff-896f831813b037699dc8022795c9629dR179 Feb 28 19:23:59 Could work ... I disabled it for now. Can you test whether removing that line works? Feb 28 19:24:18 lxc is quite a small package, you can probably even compile it on the tablet for testing Feb 28 19:25:10 @JBBgameich, Sure, I'll check it out later this weekend! Feb 28 19:25:35 Quick guide: `apt source lxc && apt build-dep lxc` … make your changes, create a patch `dpkg-source --commit` … `dpkg-buildpackage` and install. If it works, send your created patch to me :) Feb 28 19:29:10 Thanks and this is how we'll do it. Feb 28 19:38:35 The workaround-grade build should be ready soon btw. Feb 28 19:39:38 https://gitlab.com/debian-pm/halium/lxc/-/jobs/169575589 Feb 28 20:30:22 @JBBgameich, Nice, I'll try it right now... Mar 01 00:19:21 Question: Is it necessary to have a Android Installation in /system android partition? Mar 01 00:19:42 no Mar 01 00:20:09 In my UT installation it won't even play videos Mar 01 00:20:37 So, does it mean it is some lxc android container related problems? Mar 01 00:22:48 but it boots the system after adding udev rules, changing some permissions and add mkdir of a rundir in usc_wrapper Mar 01 00:23:31 Just don't work like anything else: bluetooth, wifi, cellular, video playback, etc. Mar 01 00:53:52 "systemctl status lxc@android" command returns: Failed to get properties: No such interface '' Mar 01 00:56:45 and lxc-checkconfig returns: … Cgroup namespace: required … Cgroup memory controller: missing Mar 01 00:57:08 Ubuntu Touch doesn't use systemd as the main init daemon. You might want to join us at @ubports_porting Mar 01 00:57:28 this Cgroup namespace could cause the system to not mount some important directories or somethink like that? Mar 01 00:57:48 I'm already there Mar 01 00:59:09 So, do you think it's some ut related problem or lxc android container and not the kernel side? And so how could I test lxc android container status in ut? Mar 01 00:59:50 `sudo lxc-info -n android` Mar 01 01:00:35 thanks Mar 01 01:00:45 it returned: … Name: android … State: RUNNING … PID: 995 … IP: 10.15.19.82 Mar 01 01:00:57 Yeah. Sorry I won't be of much help tonight, I'm pretty much fried. Mar 01 01:01:26 Ok Mar 01 01:01:49 I can't find out what is causing such problems Mar 01 01:02:28 I based my porting on this: https://github.com/ZeroPointEnergy/halium-devices/blob/d4571cdbccf96feee38d74125f3e8a659af19624/manifests/samsung_herolte.xml Mar 01 01:16:18 test_hwcomposer resturns: … width: 1440 height: 2560 … library "libgui.so" wasn't loaded and RTLD_NOLOAD prevented it … OpenGL ES 2.0 (OpenGL ES 3.2 v1.r12p1-03dev0.228ab63cced004f840 … Segmentation fault Mar 01 01:18:56 Trying to run ut in herolte, it boots, log in in the system, but don't work wifi, video playback (maybe related to this hwcomposer library problem), celullar, bluetooth, don't mount when connect via usb, loses connection after a while connected in ssh with pc. **** ENDING LOGGING AT Fri Mar 01 02:59:57 2019