Issue: nf modules not found in kernel?
#1
I've been trying to get UFW started on Arch arm, but been having issues ufw initiating:

Result from sudo ufw enable
Code:
ERROR: problem running ufw-init
modprobe: FATAL: Module nf_conntrack_ftp not found in directory /lib/modules/5.10.19-1-danctnix
modprobe: FATAL: Module nf_nat_ftp not found in directory /lib/modules/5.10.19-1-danctnix
modprobe: FATAL: Module nf_conntrack_netbios_ns not found in directory /lib/modules/5.10.19-1-danctnix
iptables-restore v1.8.7 (legacy): Couldn't load match 'limit':No such file or directory

Result from uname -r
Code:
5.10.19-1-danctnix

Result from pacman -Q linux
Code:
linux-pine64 5.10.19-1

I ls'd into the module directory and did no see anything related to nf modules.

Things I've tried:
Rebooted many times, power cycled, sudo reboot, etc
Re-installed ufw, iptables, etc
Iptables disabled from systemd

I'm starting to guess that this is not enabled in the kernel? ie. modules aren't configured in the kernel to be enabled?

Any thoughts?
  Reply
#2
You're right, this is not enabled in the kernel.

I'll enable this and push a new kernel release soon.
Find me in the forest, when I'm at my lowest. I don't really think you should continue..

HOLD YOUR BREATH.
  Reply
#3
(03-03-2021, 07:53 AM)Danct12 Wrote: You're right, this is not enabled in the kernel.

I'll enable this and push a new kernel release soon.

Thanks!

I started to look into how to add options to the kernel via the arch wiki as well, incase I find something else not enabled. Was going to take the stab at it myself but in the arch wiki method 2 using the kernel command line is referenced the most which I assume I need to get access to the bootloader in the pinephone (I don't think there is a method is there? I tried the volume up + power, didn't do anything). Anyways then I saw this method of modifying modprobe files instead

https://wiki.archlinux.org/index.php/Ker...odprobe.d/

I was also trying to install apparmor + firejail integration. This time I got an error saying it needs a kernel compatibility patch 2.6 , odd. But googling around suggested that it was a masked error and it just needed another option in the kernel enabled for apparmor such as below:

Code:
apparmor=1 security=apparmor

Would I be on the right-ish track? Sorry for the beginner questions Smile.


EDIT: Having dug through the wiki and google, not sure now how to actually set the kernel parameters myself. As for option 2 the method of getting to a bootloader doesn't seem to exist for the phone, nor is "u-boot" part of the options they provide since this is unofficial arch anyways. And option 3 to use sysctl, listing the kernel parameters with sysctl -a, doesn't show any parameter relating to lsm or apparmor. Guess this may need to be pushed in another kernel release? Unless there is a way to get to the bootloader and use the kernel command line for the phone?
  Reply
#4
You can modify /boot/boot.txt and run ./mkscr to regenerate the script then reboot.
Find me in the forest, when I'm at my lowest. I don't really think you should continue..

HOLD YOUR BREATH.
  Reply
#5
(03-03-2021, 06:44 PM)Danct12 Wrote: You can modify /boot/boot.txt and run ./mkscr to regenerate the script then reboot.

I was justtt about to post that I figured out how to edit it using uboot-tools lol. I used the mkimage tool though (was there a difference in one working?):

Code:
mkimage -A arm -T script -O linux -d boot.txt boot.scr

I added the parameters

Code:
apparmor=1 security=apparmor

so the boot.txt setenv line became like this
Code:
setenv bootargs loglevel=4 console=${console} console=tty0 root=/dev/mmcblk${linux_mmcdev}p${rootpart} rw rootwait apparmor=1 security=apparmor quiet bootsplash.bootfile=bootsplash-themes/danctnix/bootsplash

Then using the mkimage, regenerated it. Then rebooted. But still fails to to load

Code:
● apparmor.service - Load AppArmor profiles
     Loaded: loaded (/usr/lib/systemd/system/apparmor.service; enabled; vendor preset: disabled)
     Active: inactive (dead)
  Condition: start condition failed at Wed 2021-03-03 18:18:51 PST; 1min 21s ago
             └─ ConditionSecurity=apparmor was not met

Cat'ing the proc cmdline, confirms it did get the entry:
Code:
$ cat /proc/cmdline
loglevel=4 console=ttyS0,115200 console=tty0 root=/dev/mmcblk2p2 rw rootwait apparmor=1 security=apparmor quiet bootsplash.bootfile=bootsplash-themes/danctnix/bootsplash
  Reply
#6
I have added support for these NF modules, please update your device. And sorry for the delay!
Find me in the forest, when I'm at my lowest. I don't really think you should continue..

HOLD YOUR BREATH.
  Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  "wifi adapter not found" in Settings after updating quantumphone 0 42 Yesterday, 05:08 PM
Last Post: quantumphone

Forum Jump:


Users browsing this thread: 1 Guest(s)