+- PINE64 (https://forum.pine64.org)
+-- Forum: PinePhone (https://forum.pine64.org/forumdisplay.php?fid=120)
+--- Forum: PinePhone Software (https://forum.pine64.org/forumdisplay.php?fid=121)
+---- Forum: Arch Linux on PinePhone (https://forum.pine64.org/forumdisplay.php?fid=159)
+---- Thread: Issue: nf modules not found in kernel? (/showthread.php?tid=13293)
Issue: nf modules not found in kernel? - theD0ctor - 03-03-2021
I've been trying to get UFW started on Arch arm, but been having issues ufw initiating:
Result from sudo ufw enable
Code:
ERROR: problem running ufw-init
modprobe: FATAL: Module nf_conntrack_ftp not found in directory /lib/modules/5.10.19-1-danctnix
modprobe: FATAL: Module nf_nat_ftp not found in directory /lib/modules/5.10.19-1-danctnix
modprobe: FATAL: Module nf_conntrack_netbios_ns not found in directory /lib/modules/5.10.19-1-danctnix
iptables-restore v1.8.7 (legacy): Couldn't load match 'limit':No such file or directoryResult from uname -r
Code:
5.10.19-1-danctnixResult from pacman -Q linux
Code:
linux-pine64 5.10.19-1I ls'd into the module directory and did no see anything related to nf modules.
Things I've tried:
Rebooted many times, power cycled, sudo reboot, etc
Re-installed ufw, iptables, etc
Iptables disabled from systemd
I'm starting to guess that this is not enabled in the kernel? ie. modules aren't configured in the kernel to be enabled?
Any thoughts?
RE: Issue: nf modules not found in kernel? - Danct12 - 03-03-2021
You're right, this is not enabled in the kernel.
I'll enable this and push a new kernel release soon.
RE: Issue: nf modules not found in kernel? - theD0ctor - 03-03-2021
(03-03-2021, 07:53 AM)Danct12 Wrote: You're right, this is not enabled in the kernel.
I'll enable this and push a new kernel release soon.
Thanks!
I started to look into how to add options to the kernel via the arch wiki as well, incase I find something else not enabled. Was going to take the stab at it myself but in the arch wiki method 2 using the kernel command line is referenced the most which I assume I need to get access to the bootloader in the pinephone (I don't think there is a method is there? I tried the volume up + power, didn't do anything). Anyways then I saw this method of modifying modprobe files instead
https://wiki.archlinux.org/index.php/Kernel_module#Using_files_in_/etc/modprobe.d/
I was also trying to install apparmor + firejail integration. This time I got an error saying it needs a kernel compatibility patch 2.6 , odd. But googling around suggested that it was a masked error and it just needed another option in the kernel enabled for apparmor such as below:
Code:
apparmor=1 security=apparmorWould I be on the right-ish track? Sorry for the beginner questions
.EDIT: Having dug through the wiki and google, not sure now how to actually set the kernel parameters myself. As for option 2 the method of getting to a bootloader doesn't seem to exist for the phone, nor is "u-boot" part of the options they provide since this is unofficial arch anyways. And option 3 to use sysctl, listing the kernel parameters with sysctl -a, doesn't show any parameter relating to lsm or apparmor. Guess this may need to be pushed in another kernel release? Unless there is a way to get to the bootloader and use the kernel command line for the phone?
RE: Issue: nf modules not found in kernel? - Danct12 - 03-03-2021
You can modify /boot/boot.txt and run ./mkscr to regenerate the script then reboot.
RE: Issue: nf modules not found in kernel? - theD0ctor - 03-03-2021
(03-03-2021, 06:44 PM)Danct12 Wrote: You can modify /boot/boot.txt and run ./mkscr to regenerate the script then reboot.
I was justtt about to post that I figured out how to edit it using uboot-tools lol. I used the mkimage tool though (was there a difference in one working?):
Code:
mkimage -A arm -T script -O linux -d boot.txt boot.scrI added the parameters
Code:
apparmor=1 security=apparmorso the boot.txt setenv line became like this
Code:
setenv bootargs loglevel=4 console=${console} console=tty0 root=/dev/mmcblk${linux_mmcdev}p${rootpart} rw rootwait apparmor=1 security=apparmor quiet bootsplash.bootfile=bootsplash-themes/danctnix/bootsplashThen using the mkimage, regenerated it. Then rebooted. But still fails to to load
Code:
● apparmor.service - Load AppArmor profiles
Loaded: loaded (/usr/lib/systemd/system/apparmor.service; enabled; vendor preset: disabled)
Active: inactive (dead)
Condition: start condition failed at Wed 2021-03-03 18:18:51 PST; 1min 21s ago
└─ ConditionSecurity=apparmor was not metCat'ing the proc cmdline, confirms it did get the entry:
Code:
$ cat /proc/cmdline
loglevel=4 console=ttyS0,115200 console=tty0 root=/dev/mmcblk2p2 rw rootwait apparmor=1 security=apparmor quiet bootsplash.bootfile=bootsplash-themes/danctnix/bootsplashRE: Issue: nf modules not found in kernel? - Danct12 - 03-15-2021
I have added support for these NF modules, please update your device. And sorry for the delay!