Dustin
301589af22
For some reason, when OverlayFS is mounted at `/etc/ssh`, SELinux prevents access both `sshd` and `ssh-keygen` access to the files there. The AVC denials indicate that (some part of) the process is running in the `mount_t` domain, which is not allowed to read or write `sshd_key_t` files. To work around this issue, without granting `mount_t` overly-permissive access, we now configure the SSH daemon to read host keys from the persistent data volume directly, instead of "tricking" it with OverlayFS. The `ssh-keygen` tool does not read the `HostKey` options from `sshd_config`, though, so it has to be explicitly instructed to create keys in this alternate location. By using a systemd template unit with `ConditionPathExists`, we avoid regnerating the keys on every boot, since the `ssh-keygen` command is only run if the file does not already exist. |
||
|---|---|---|
| host-portage | ||
| overlay | ||
| patches | ||
| portage | ||
| u-boot@62e2ad1cea | ||
| .gitignore | ||
| .gitmodules | ||
| Makefile | ||
| README.md | ||
| build-all.sh | ||
| build-grub.sh | ||
| build-host-tools.sh | ||
| build-kernel.sh | ||
| build-rootfs.sh | ||
| build-squashfs.sh | ||
| build-uboot.sh | ||
| build-update.sh | ||
| build.packages | ||
| build.sh | ||
| busybox.symlinks | ||
| config | ||
| config-portage.sh | ||
| config.txt | ||
| genimage.cfg | ||
| genimage.sh | ||
| grub.cfg | ||
| host-tools.packages | ||
| install-update.sh | ||
| install.packages | ||
| installonly.packages | ||
| linux.config | ||
| ocivm.sh | ||
| patch-uboot.sh | ||
| podman-build.sh | ||
| post-build.sh | ||
| prepare.sh | ||
| setup-local-repo.sh | ||
| squashfs.exclude | ||
| start-container.sh | ||
| u-boot.config | ||
| vm-build.sh | ||
README.md
Errors
SWIOTLB Buffer
OF: reserved mem: failed to allocate memory for node … Can not allocate SWIOTLB buffer earlier and can't now provide you with the DMA bounce buffer
Ensure start_x=1 is in config.txt and start_file/fixup_file are not
specified.
U-Boot: Overwrite Reserved Memory
** Reading file would overwrite reserved memory **
Set CONFIG_LMB_MAX_REGIONS=16 in u-boot/.config