SELinux, Apparmor et les LSM de Linux

Discussions autour de la sécurité des systèmes et des outils et moyens de test de sécurité
Post Reply
jmaurin
Posts: 13
Joined: Wed Apr 15, 2020 1:32 pm

SELinux, Apparmor et les LSM de Linux

Post by jmaurin »

Petit message concernant les méthodes d'activation/désactivation de Apparmor et SELinux pour JML.

En 4.19 il existe les paramètres de démarrage suivants :

apparmor={ "0" | "1" }
selinux={ "0" | "1" }
et
security={ "selinux" | "apparmor" | "none" }

Depuis le noyau 5.1 une nouvelle option de config CONFIG_LSM et un nouveau paramètre "lsm" sont apparus et le paramètre "security" a été déprécié.
Néanmoins même en 5.10 le paramètre "security" est encore utilisable.

Je conseillerais donc pour l'instant l'usage de security=none, qui a l'avantage de pouvoir fonctionner dans tous les noyau buster jusqu'à maintenant, pas besoin d'utiliser ni "selinux=0" ni "apparmor=0"

De mémoire le problème que tu avais concernant selinux est le suivant :
En utilisant apparmor=0 sur des noyaux récents tu te heurtes à l'option de config CONFIG_LSM qui est mis par Debian à "lockdown,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo,bpf" ce qui a pour effet de donner la main à SELinux si Apparmor n'est plus actif à cause de ton option.

A priori ce n'était pas le comportement avant le noyau 5.0 et précédents, avant l'existence de l'option "lsm", chez Debian.
jeanmarc
Posts: 109
Joined: Sun Mar 22, 2020 5:28 pm
Location: Essonne

Re: SELinux, Apparmor et les LSM de Linux

Post by jeanmarc »

Bonjour,

Merci pour les infos. Concernant l'architecture arm64, la différence de comportement entre la N2 et le pinebook est la suivante,

Code: Select all

ansible@pinebook-290:~$ uname -a
Linux pinebook-290 5.10.0-3-arm64 #1 SMP Debian 5.10.13-1 (2021-02-06) aarch64 GNU/Linux
ansible@pinebook-290:~$  cat /proc/cmdline 
console=ttyS0,115200 root=UUID=1b37edce-3404-46da-ace4-220bf3779946 net.ifnames=0 apparmor=0 cgroup_enable=memory loglevel=7
ansible@pinebook-290:~$ 
...Et ...

Code: Select all

[ansible@n2-280:~$ uname -a
Linux n2-280 5.9.0-0.bpo.5-arm64 #1 SMP Debian 5.9.15-1~bpo10+1 (2020-12-31) aarch64 GNU/Linux
ansible@n2-280:~$ cat /proc/cmdline 
root=UUID=9ebc0d97-c8fe-44e6-931f-dccc1a142cb1 net.ifnames=0 security=none cgroup_enable=memory loglevel=7 clk_ignore_unused
ansible@n2-280:~$ 
Et en effet,, sur le pinebook, les containers ne peuvent pas démarrer, alors que sur la N2, tout est ok

Code: Select all

ansible@pinebook-290:~$ sudo lxc-ls -f 
NAME                  STATE   AUTOSTART GROUPS                IPV4 IPV6 UNPRIVILEGED 
vm-bullseye-arm64-290 STOPPED 1         grp_lxc_start_on_boot -    -    false        
vm-buster-arm64-290   STOPPED 1         grp_lxc_start_on_boot -    -    false        
vm-ntp-290            STOPPED 1         grp_lxc_start_on_boot -    -    false        
ansible@pinebook-290:~$ 
..et..

Code: Select all

ansible@n2-280:~$ sudo lxc-ls -f 
NAME                  STATE   AUTOSTART GROUPS                IPV4                                                           IPV6 UNPRIVILEGED 
vm-bullseye-arm64-280 RUNNING 1         grp_lxc_start_on_boot 192.168.22.165, 192.168.24.165, 192.168.25.165                 -    false        
vm-buster-arm64-280   RUNNING 1         grp_lxc_start_on_boot 192.168.22.162, 192.168.24.162, 192.168.25.162                 -    false        
vm-ntp-280            RUNNING 1         grp_lxc_start_on_boot 192.168.22.164, 192.168.23.164, 192.168.24.164, 192.168.25.164 -    false        

Serait-il possible d'avoir une mise à jour de u-boot du pinebook ?
:D
Cordialement
jmaurin
Posts: 13
Joined: Wed Apr 15, 2020 1:32 pm

Re: SELinux, Apparmor et les LSM de Linux

Post by jmaurin »

Pas besoin de mise à jour de u-boot.

Tu as la réponse dans ton post :
- paramètre de boot sur la N2 : security=none
- paramètre de boot sur le PP : apparmor=0

Je te propose de remplacer "apparmor=0" par "security=none" sur le Pinebook Pro.

Pour ce faire il faut modifier le fichier /etc/default/flash-kernel.
Pour valider le changement il suffit pour finir d'exécuter la commande flash-kernel (avec sudo).
jeanmarc
Posts: 109
Joined: Sun Mar 22, 2020 5:28 pm
Location: Essonne

Re: SELinux, Apparmor et les LSM de Linux

Post by jeanmarc »

Bonjour,
Merci pour l'info, en fait c'est un pinebook, ce n'est pas le modèle pro. Cela dit, la remarque est tout à fait pertinente.
J'ai donc procédé aux modifications suivantes sur cet équipement

Code: Select all

ansible@pinebook-290:~$  cat /etc/default/flash-kernel 
LINUX_KERNEL_CMDLINE="root=UUID=1b37edce-3404-46da-ace4-220bf3779946 net.ifnames=0 security=none cgroup_enable=memory loglevel=7"
LINUX_KERNEL_CMDLINE_DEFAULTS=""
ansible@pinebook-290:~$ 
Puis à la prise en compte de ces paramètres ....

Code: Select all

ansible@pinebook-290:~$ sudo flash-kernel 
Using DTB: allwinner/sun50i-a64-pinebook.dtb
Installing /usr/lib/linux-image-5.10.0-3-arm64/allwinner/sun50i-a64-pinebook.dtb into /boot/dtbs/5.10.0-3-arm64/allwinner/sun50i-a64-pinebook.dtb
Taking backup of sun50i-a64-pinebook.dtb.
Installing new sun50i-a64-pinebook.dtb.
flash-kernel: installing version 5.10.0-3-arm64
Generating boot script u-boot image... done.
Taking backup of boot.scr.
Installing new boot.scr.
ansible@pinebook-290:~$ 
et au reboot ..., les logs sont les suivants ....

Code: Select all


[    0.000000] Booting Linux on physical CPU 0x0000000000 [0x410fd034]
[    0.000000] Linux version 5.10.0-3-arm64 (debian-kernel@lists.debian.org) (gcc-10 (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.1) #1 SMP Debian 5.10.13-1 (2021-02-06)
[    0.000000] Machine model: Pinebook
[    0.000000] efi: UEFI not found.
[    0.000000] cma: Reserved 64 MiB at 0x00000000ba000000
[    0.000000] NUMA: No NUMA configuration found
[    0.000000] NUMA: Faking a node at [mem 0x0000000040000000-0x00000000bdffffff]
[    0.000000] NUMA: NODE_DATA [mem 0xb9be7b00-0xb9be9fff]
[    0.000000] Zone ranges:
[    0.000000]   DMA      [mem 0x0000000040000000-0x000000007fffffff]
[    0.000000]   DMA32    [mem 0x0000000080000000-0x00000000bdffffff]
[    0.000000]   Normal   empty
[    0.000000] Movable zone start for each node
[    0.000000] Early memory node ranges
[    0.000000]   node   0: [mem 0x0000000040000000-0x00000000bdffffff]
[    0.000000] Initmem setup node 0 [mem 0x0000000040000000-0x00000000bdffffff]
[    0.000000] On node 0 totalpages: 516096
[    0.000000]   DMA zone: 4096 pages used for memmap
[    0.000000]   DMA zone: 0 pages reserved
[    0.000000]   DMA zone: 262144 pages, LIFO batch:63
[    0.000000]   DMA32 zone: 3968 pages used for memmap
[    0.000000]   DMA32 zone: 253952 pages, LIFO batch:63
[    0.000000] psci: probing for conduit method from DT.
[    0.000000] psci: PSCIv1.1 detected in firmware.
[    0.000000] psci: Using standard PSCI v0.2 function IDs
[    0.000000] psci: MIGRATE_INFO_TYPE not supported.
[    0.000000] psci: SMC Calling Convention v1.2
[    0.000000] percpu: Embedded 33 pages/cpu s95192 r8192 d31784 u135168
[    0.000000] pcpu-alloc: s95192 r8192 d31784 u135168 alloc=33*4096
[    0.000000] pcpu-alloc: [0] 0 [0] 1 [0] 2 [0] 3 
[    0.000000] Detected VIPT I-cache on CPU0
[    0.000000] CPU features: detected: ARM erratum 845719
[    0.000000] CPU features: detected: ARM erratum 843419
[    0.000000] Built 1 zonelists, mobility grouping on.  Total pages: 508032
[    0.000000] Policy zone: DMA32
[    0.000000] Kernel command line: console=ttyS0,115200 root=UUID=1b37edce-3404-46da-ace4-220bf3779946 net.ifnames=0 security=none cgroup_enable=memory loglevel=7
[    0.000000] Dentry cache hash table entries: 262144 (order: 9, 2097152 bytes, linear)
[    0.000000] Inode-cache hash table entries: 131072 (order: 8, 1048576 bytes, linear)
[    0.000000] mem auto-init: stack:off, heap alloc:on, heap free:off
[    0.000000] software IO TLB: mapped [mem 0x000000007bfff000-0x000000007ffff000] (64MB)
[    0.000000] Memory: 1837472K/2064384K available (11648K kernel code, 2420K rwdata, 6848K rodata, 5312K init, 588K bss, 161376K reserved, 65536K cma-reserved)
[    0.000000] random: get_random_u64 called from __kmem_cache_create+0x3c/0x5c0 with crng_init=0
[    0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=4, Nodes=1
[    0.000000] ftrace: allocating 37921 entries in 149 pages
[    0.000000] ftrace: allocated 149 pages with 4 groups
[    0.000000] rcu: Hierarchical RCU implementation.
[    0.000000] rcu: 	RCU restricting CPUs from NR_CPUS=256 to nr_cpu_ids=4.
[    0.000000] 	Rude variant of Tasks RCU enabled.
[    0.000000] 	Tracing variant of Tasks RCU enabled.
[    0.000000] rcu: RCU calculated value of scheduler-enlistment delay is 25 jiffies.
[    0.000000] rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=4
[    0.000000] NR_IRQS: 64, nr_irqs: 64, preallocated irqs: 0
[    0.000000] GIC: Using split EOI/Deactivate mode
[    0.000000] arch_timer: Enabling global workaround for Allwinner erratum UNKNOWN1
[    0.000000] arch_timer: CPU0: Trapping CNTVCT access
[    0.000000] arch_timer: cp15 timer(s) running at 24.00MHz (phys).
[    0.000000] clocksource: arch_sys_counter: mask: 0xffffffffffffff max_cycles: 0x588fe9dc0, max_idle_ns: 440795202592 ns
[    0.000005] sched_clock: 56 bits at 24MHz, resolution 41ns, wraps every 4398046511097ns
[    0.000772] Console: colour dummy device 80x25
[    0.000931] Calibrating delay loop (skipped), value calculated using timer frequency.. 48.00 BogoMIPS (lpj=96000)
[    0.000950] pid_max: default: 32768 minimum: 301
[    0.001127] LSM: Security Framework initializing
[    0.001164] Yama: disabled by default; enable with sysctl kernel.yama.*
[    0.001302] Mount-cache hash table entries: 4096 (order: 3, 32768 bytes, linear)
[    0.001330] Mountpoint-cache hash table entries: 4096 (order: 3, 32768 bytes, linear)
[    0.004055] rcu: Hierarchical SRCU implementation.
[    0.006701] EFI services will not be available.
[    0.007255] smp: Bringing up secondary CPUs ...
[    0.008722] Detected VIPT I-cache on CPU1
[    0.008794] arch_timer: CPU1: Trapping CNTVCT access
[    0.008820] CPU1: Booted secondary processor 0x0000000001 [0x410fd034]
[    0.009858] Detected VIPT I-cache on CPU2
[    0.009896] arch_timer: CPU2: Trapping CNTVCT access
[    0.009911] CPU2: Booted secondary processor 0x0000000002 [0x410fd034]
[    0.010887] Detected VIPT I-cache on CPU3
[    0.010919] arch_timer: CPU3: Trapping CNTVCT access
[    0.010932] CPU3: Booted secondary processor 0x0000000003 [0x410fd034]
[    0.011035] smp: Brought up 1 node, 4 CPUs
[    0.011075] SMP: Total of 4 processors activated.
[    0.011084] CPU features: detected: 32-bit EL0 Support
[    0.011094] CPU features: detected: CRC32 instructions
[    0.011103] CPU features: detected: 32-bit EL1 Support
[    0.024067] CPU: All CPU(s) started at EL2
[    0.024143] alternatives: patching kernel code
[    0.026735] devtmpfs: initialized
[    0.035944] Registered cp15_barrier emulation handler
[    0.035975] Registered setend emulation handler
[    0.035991] KASLR disabled due to lack of seed
[    0.036404] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041785100000 ns
[    0.036460] futex hash table entries: 1024 (order: 4, 65536 bytes, linear)
[    0.039414] pinctrl core: initialized pinctrl subsystem
[    0.040481] DMI not present or invalid.
[    0.041277] NET: Registered protocol family 16
[    0.043681] DMA: preallocated 256 KiB GFP_KERNEL pool for atomic allocations
[    0.043885] DMA: preallocated 256 KiB GFP_KERNEL|GFP_DMA pool for atomic allocations
[    0.044070] DMA: preallocated 256 KiB GFP_KERNEL|GFP_DMA32 pool for atomic allocations
[    0.044203] audit: initializing netlink subsys (disabled)
[    0.044426] audit: type=2000 audit(0.044:1): state=initialized audit_enabled=0 res=1
[    0.046020] thermal_sys: Registered thermal governor 'fair_share'
[    0.046028] thermal_sys: Registered thermal governor 'bang_bang'
[    0.046037] thermal_sys: Registered thermal governor 'step_wise'
[    0.046044] thermal_sys: Registered thermal governor 'user_space'
[    0.046052] thermal_sys: Registered thermal governor 'power_allocator'
[    0.046567] cpuidle: using governor ladder
[    0.046599] cpuidle: using governor menu
[    0.046794] hw-breakpoint: found 6 breakpoint and 4 watchpoint registers.
[    0.046940] ASID allocator initialised with 65536 entries
[    0.047401] Serial: AMBA PL011 UART driver
[    0.076525] HugeTLB registered 1.00 GiB page size, pre-allocated 0 pages
[    0.076549] HugeTLB registered 32.0 MiB page size, pre-allocated 0 pages
[    0.076559] HugeTLB registered 2.00 MiB page size, pre-allocated 0 pages
[    0.076567] HugeTLB registered 64.0 KiB page size, pre-allocated 0 pages
[    0.899833] ACPI: Interpreter disabled.
[    0.900132] iommu: Default domain type: Translated 
[    0.900477] vgaarb: loaded
[    0.900973] EDAC MC: Ver: 3.0.0
[    0.902799] NetLabel: Initializing
[    0.902811] NetLabel:  domain hash size = 128
[    0.902818] NetLabel:  protocols = UNLABELED CIPSOv4 CALIPSO
[    0.902912] NetLabel:  unlabeled traffic allowed by default
[    0.903398] clocksource: Switched to clocksource arch_sys_counter
[    0.992438] VFS: Disk quotas dquot_6.6.0
[    0.992544] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
[    0.994699] pnp: PnP ACPI: disabled
[    1.004507] NET: Registered protocol family 2
[    1.005475] tcp_listen_portaddr_hash hash table entries: 1024 (order: 2, 16384 bytes, linear)
[    1.005592] TCP established hash table entries: 16384 (order: 5, 131072 bytes, linear)
[    1.005943] TCP bind hash table entries: 16384 (order: 6, 262144 bytes, linear)
[    1.006304] TCP: Hash tables configured (established 16384 bind 16384)
[    1.006520] UDP hash table entries: 1024 (order: 3, 32768 bytes, linear)
[    1.006601] UDP-Lite hash table entries: 1024 (order: 3, 32768 bytes, linear)
[    1.006876] NET: Registered protocol family 1
[    1.006911] NET: Registered protocol family 44
[    1.006932] PCI: CLS 0 bytes, default 64
[    1.007273] Trying to unpack rootfs image as initramfs...
[    2.865381] Freeing initrd memory: 27836K
[    2.866610] hw perfevents: enabled with armv8_cortex_a53 PMU driver, 7 counters available
[    2.867143] kvm [1]: IPA Size Limit: 40 bits
[    2.869055] kvm [1]: vgic interrupt IRQ9
[    2.869250] kvm [1]: Hyp mode initialized successfully
[    2.871361] Initialise system trusted keyrings
[    2.871476] Key type blacklist registered
[    2.871765] workingset: timestamp_bits=42 max_order=19 bucket_order=0
[    2.879413] zbud: loaded
[    2.880424] integrity: Platform Keyring initialized
[    2.880444] Key type asymmetric registered
[    2.880453] Asymmetric key parser 'x509' registered
[    2.880508] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 249)
[    2.880839] io scheduler mq-deadline registered
[    2.882410] sun50i-de2-bus 1000000.bus: Error couldn't map SRAM to device
[    2.888787] sun50i-a64-r-pinctrl 1f02c00.pinctrl: initialized sunXi PIO driver
[    2.890296] shpchp: Standard Hot Plug PCI Controller Driver version: 0.4
[    2.902764] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
[    2.905375] Serial: AMBA driver
[    2.905755] msm_serial: driver initialized
[    2.908618] mousedev: PS/2 mouse device common for all mice
[    2.910093] sun6i-rtc 1f00000.rtc: registered as rtc0
[    2.910142] sun6i-rtc 1f00000.rtc: setting system clock to 2021-03-23T15:13:19 UTC (1616512399)
[    2.910153] sun6i-rtc 1f00000.rtc: RTC enabled
[    2.911570] sun50i-a64-r-pinctrl 1f02c00.pinctrl: supply vcc-pl not found, using dummy regulator
[    2.912233] ledtrig-cpu: registered to indicate activity on CPUs
[    2.912519] SMCCC: SOC_ID: ARCH_SOC_ID not implemented, skipping ....
[    2.914704] NET: Registered protocol family 10
[    2.963131] Segment Routing with IPv6
[    2.963285] mip6: Mobile IPv6
[    2.963301] NET: Registered protocol family 17
[    2.963508] mpls_gso: MPLS GSO support
[    2.964095] registered taskstats version 1
[    2.964125] Loading compiled-in X.509 certificates
[    3.151120] Loaded X.509 cert 'Debian Secure Boot CA: 6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1'
[    3.151213] Loaded X.509 cert 'Debian Secure Boot Signer 2020: 00b55eb3b9'
[    3.151441] zswap: loaded using pool lzo/zbud
[    3.152021] Key type ._fscrypt registered
[    3.152030] Key type .fscrypt registered
[    3.152038] Key type fscrypt-provisioning registered
[    3.174402] sunxi-rsb 1f03400.rsb: RSB running at 3000000 Hz
[    3.179829] sun50i-a64-pinctrl 1c20800.pinctrl: initialized sunXi PIO driver
[    3.180704] sun50i-a64-pinctrl 1c20800.pinctrl: supply vcc-pb not found, using dummy regulator
[    3.181425] printk: console [ttyS0] disabled
[    3.201646] 1c28000.serial: ttyS0 at MMIO 0x1c28000 (irq = 38, base_baud = 1500000) is a U6_16550A
[    4.180943] printk: console [ttyS0] enabled
[    4.197961] Freeing unused kernel memory: 5312K
[    4.252693] Checked W+X mappings: passed, no W+X pages found
[    4.258426] Run /init as init process
[    4.262100]   with arguments:
[    4.262106]     /init
[    4.262110]   with environment:
[    4.262115]     HOME=/
[    4.262119]     TERM=linux
[    4.262124]     cgroup_enable=memory
[    4.685932] sun50i-a64-pinctrl 1c20800.pinctrl: supply vcc-pf not found, using dummy regulator
[    4.698028] sun50i-a64-pinctrl 1c20800.pinctrl: Couldn't get bank PG regulator
[    4.705359] sun50i-a64-pinctrl 1c20800.pinctrl: request() failed for pin 192
[    4.708123] sun50i-a64-pinctrl 1c20800.pinctrl: Couldn't get bank PC regulator
[    4.712442] sun50i-a64-pinctrl 1c20800.pinctrl: pin-192 (1c10000.mmc) status -517
[    4.712453] sun50i-a64-pinctrl 1c20800.pinctrl: could not request pin 192 (PG0) from group PG0  on device 1c20800.pinctrl
[    4.712461] sunxi-mmc 1c10000.mmc: Error applying setting, reverse things back
[    4.745173] input: gpio_keys as /devices/platform/gpio_keys/input/input0
[    4.745441] sun50i-a64-pinctrl 1c20800.pinctrl: request() failed for pin 69
[    4.759130] sun50i-a64-pinctrl 1c20800.pinctrl: pin-69 (1c11000.mmc) status -517
[    4.762356] sun50i-a64-pinctrl 1c20800.pinctrl: supply vcc-pf not found, using dummy regulator
[    4.766604] sun50i-a64-pinctrl 1c20800.pinctrl: could not request pin 69 (PC5) from group PC5  on device 1c20800.pinctrl
[    4.776216] sun4i-usb-phy 1c19400.phy: Couldn't get regulator usb0_vbus... Deferring probe
[    4.786087] sunxi-mmc 1c11000.mmc: Error applying setting, reverse things back
[    4.787250] sun50i-a64-pinctrl 1c20800.pinctrl: Couldn't get bank PG regulator
[    4.808985] sun50i-a64-pinctrl 1c20800.pinctrl: request() failed for pin 192
[    4.816076] sun50i-a64-pinctrl 1c20800.pinctrl: pin-192 (1c10000.mmc) status -517
[    4.817155] sun50i-a64-pinctrl 1c20800.pinctrl: supply vcc-pf not found, using dummy regulator
[    4.823623] sun50i-a64-pinctrl 1c20800.pinctrl: could not request pin 192 (PG0) from group PG0  on device 1c20800.pinctrl
[    4.834822] sun4i-usb-phy 1c19400.phy: Couldn't get regulator usb0_vbus... Deferring probe
[    4.840330] sun50i-a64-pinctrl 1c20800.pinctrl: supply vcc-ph not found, using dummy regulator
[    4.843218] sunxi-mmc 1c10000.mmc: Error applying setting, reverse things back
[    4.851966] axp20x-rsb sunxi-rsb-3a3: AXP20x variant AXP803 found
[    4.865664] sun50i-a64-pinctrl 1c20800.pinctrl: Couldn't get bank PG regulator
[    4.880813] sun50i-a64-pinctrl 1c20800.pinctrl: request() failed for pin 192
[    4.885280] usbcore: registered new interface driver usbfs
[    4.887933] sun50i-a64-pinctrl 1c20800.pinctrl: pin-192 (1c10000.mmc) status -517
[    4.893585] usbcore: registered new interface driver hub
[    4.900990] sun50i-a64-pinctrl 1c20800.pinctrl: could not request pin 192 (PG0) from group PG0  on device 1c20800.pinctrl
[    4.906455] usbcore: registered new device driver usb
[    4.917317] sunxi-mmc 1c10000.mmc: Error applying setting, reverse things back
[    4.931752] sun50i-a64-pinctrl 1c20800.pinctrl: Couldn't get bank PC regulator
[    4.932001] sun50i-a64-pinctrl 1c20800.pinctrl: supply vcc-pf not found, using dummy regulator
[    4.939092] sun50i-a64-pinctrl 1c20800.pinctrl: request() failed for pin 69
[    4.942605] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[    4.948123] ehci-platform: EHCI generic platform driver
[    4.949399] sun4i-usb-phy 1c19400.phy: Couldn't get regulator usb0_vbus... Deferring probe
[    4.954728] sun50i-a64-pinctrl 1c20800.pinctrl: pin-69 (1c11000.mmc) status -517
[    4.954740] sun50i-a64-pinctrl 1c20800.pinctrl: could not request pin 69 (PC5) from group PC5  on device 1c20800.pinctrl
[    4.954755] sunxi-mmc 1c11000.mmc: Error applying setting, reverse things back
[    4.967287] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[    4.983189] axp20x-rsb sunxi-rsb-3a3: AXP20X driver loaded
[    5.001237] ohci-platform: OHCI generic platform driver
[    5.009899] sun4i-usb-phy 1c19400.phy: Couldn't get regulator usb0_vbus... Deferring probe
[    5.026672] axp20x-gpio axp20x-gpio: DMA mask not set
[    5.027737] sun50i-a64-pinctrl 1c20800.pinctrl: supply vcc-pf not found, using dummy regulator
[    5.041016] axp20x-gpio axp20x-gpio: AXP209 pinctrl and GPIO driver loaded
[    5.041148] vcc-3v3: supplied by regulator-dummy
[    5.041854] vcc-3v3: supplied by regulator-dummy
[    5.042239] sun50i-a64-pinctrl 1c20800.pinctrl: Couldn't get bank PG regulator
[    5.042246] sun50i-a64-pinctrl 1c20800.pinctrl: request() failed for pin 192
[    5.042254] sun50i-a64-pinctrl 1c20800.pinctrl: pin-192 (1c10000.mmc) status -517
[    5.042263] sun50i-a64-pinctrl 1c20800.pinctrl: could not request pin 192 (PG0) from group PG0  on device 1c20800.pinctrl
[    5.042268] sunxi-mmc 1c10000.mmc: Error applying setting, reverse things back
[    5.044831] sunxi-mmc 1c0f000.mmc: Got CD GPIO
[    5.045972] sun50i-a64-pinctrl 1c20800.pinctrl: Couldn't get bank PC regulator
[    5.045983] sun50i-a64-pinctrl 1c20800.pinctrl: request() failed for pin 69
[    5.045989] sun50i-a64-pinctrl 1c20800.pinctrl: pin-69 (1c11000.mmc) status -517
[    5.045997] sun50i-a64-pinctrl 1c20800.pinctrl: could not request pin 69 (PC5) from group PC5  on device 1c20800.pinctrl
[    5.046004] sunxi-mmc 1c11000.mmc: Error applying setting, reverse things back
[    5.056467] sun50i-a64-pinctrl 1c20800.pinctrl: Couldn't get bank PG regulator
[    5.057386] debugfs: Directory 'regulator.2-SUPPLY' with parent 'reg-dummy-regulator-dummy' already present!
[    5.064546] sun50i-a64-pinctrl 1c20800.pinctrl: request() failed for pin 192
[    5.067469] sunxi-mmc 1c0f000.mmc: initialized, max. request size: 16384 KB, uses new timings mode
[    5.072078] vdd-cpux: supplied by regulator-dummy
[    5.079078] sun50i-a64-pinctrl 1c20800.pinctrl: pin-192 (1c10000.mmc) status -517
[    5.079089] sun50i-a64-pinctrl 1c20800.pinctrl: could not request pin 192 (PG0) from group PG0  on device 1c20800.pinctrl
[    5.079099] sunxi-mmc 1c10000.mmc: Error applying setting, reverse things back
[    5.090482] dcdc4: supplied by regulator-dummy
[    5.098485] phy phy-1c19400.phy.0: Changing dr_mode to 1
[    5.102234] vcc-dram: supplied by regulator-dummy
[    5.116055] ehci-platform 1c1a000.usb: EHCI Host Controller
[    5.123914] vdd-sys: supplied by regulator-dummy
[    5.134353] ehci-platform 1c1a000.usb: new USB bus registered, assigned bus number 1
[    5.141947] vcc-lcd: supplied by regulator-dummy
[    5.148955] ehci-platform 1c1a000.usb: irq 28, io mem 0x01c1a000
[    5.158984] vcc-pe: supplied by regulator-dummy
[    5.179416] ehci-platform 1c1a000.usb: USB 2.0 started, EHCI 1.00
[    5.187162] vcc-pl: supplied by regulator-dummy
[    5.198053] usb usb1: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 5.10
[    5.205430] vcc-pll-avcc: supplied by regulator-dummy
[    5.209450] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[    5.209456] usb usb1: Product: EHCI Host Controller
[    5.209462] usb usb1: Manufacturer: Linux 5.10.0-3-arm64 ehci_hcd
[    5.209470] usb usb1: SerialNumber: 1c1a000.usb
[    5.215136] vcc-hdmi: supplied by regulator-dummy
[    5.220271] hub 1-0:1.0: USB hub found
[    5.225663] vcc-edp: supplied by regulator-dummy
[    5.229798] hub 1-0:1.0: 1 port detected
[    5.237551] mmc0: new high speed SDXC card at address e624
[    5.237910] dldo3: supplied by regulator-dummy
[    5.238271] vcc-wifi: supplied by regulator-dummy
[    5.238652] cpvdd: supplied by regulator-dummy
[    5.238980] eldo2: supplied by regulator-dummy
[    5.239296] eldo3: supplied by regulator-dummy
[    5.239763] vcc-1v2-hsic: supplied by regulator-dummy
[    5.240107] vdd-cpus: supplied by regulator-dummy
[    5.240401] vcc-rtc: supplied by regulator-dummy
[    5.240767] ldo-io0: supplied by regulator-dummy
[    5.241086] ldo-io1: supplied by regulator-dummy
[    5.244450] ehci-platform 1c1b000.usb: EHCI Host Controller
[    5.254350] mmcblk0: mmc0:e624 SC128 119 GiB 
[    5.258938] ehci-platform 1c1b000.usb: new USB bus registered, assigned bus number 2
[    5.397401] ehci-platform 1c1b000.usb: irq 30, io mem 0x01c1b000
[    5.407360]  mmcblk0: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 >
[    5.422785] ehci-platform 1c1b000.usb: USB 2.0 started, EHCI 1.00
[    5.429312] usb usb2: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 5.10
[    5.437681] usb usb2: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[    5.444945] usb usb2: Product: EHCI Host Controller
[    5.449835] usb usb2: Manufacturer: Linux 5.10.0-3-arm64 ehci_hcd
[    5.455931] usb usb2: SerialNumber: 1c1b000.usb
[    5.461376] hub 2-0:1.0: USB hub found
[    5.465269] hub 2-0:1.0: 1 port detected
[    5.475029] simple-framebuffer be000000.framebuffer: framebuffer at 0xbe000000, 0x400800 bytes, mapped to 0x(____ptrval____)
[    5.486323] simple-framebuffer be000000.framebuffer: format=x8r8g8b8, mode=1366x768x32, linelength=5464
[    5.499496] sunxi-mmc 1c11000.mmc: initialized, max. request size: 2048 KB, uses new timings mode
[    5.514757] Console: switching to colour frame buffer device 170x48
[    5.548012] simple-framebuffer be000000.framebuffer: fb0: simplefb registered!
[    5.557008] ohci-platform 1c1a400.usb: Generic Platform OHCI controller
[    5.563726] ohci-platform 1c1a400.usb: new USB bus registered, assigned bus number 3
[    5.571756] ohci-platform 1c1a400.usb: irq 29, io mem 0x01c1a400
[    5.595459] random: fast init done
[    5.639747] usb usb3: New USB device found, idVendor=1d6b, idProduct=0001, bcdDevice= 5.10
[    5.648063] usb usb3: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[    5.655338] usb usb3: Product: Generic Platform OHCI controller
[    5.661304] usb usb3: Manufacturer: Linux 5.10.0-3-arm64 ohci_hcd
[    5.667439] usb usb3: SerialNumber: 1c1a400.usb
[    5.672867] hub 3-0:1.0: USB hub found
[    5.676759] hub 3-0:1.0: 1 port detected
[    5.683018] ohci-platform 1c1b400.usb: Generic Platform OHCI controller
[    5.689761] ohci-platform 1c1b400.usb: new USB bus registered, assigned bus number 4
[    5.697715] ohci-platform 1c1b400.usb: irq 31, io mem 0x01c1b400
[    5.767869] usb usb4: New USB device found, idVendor=1d6b, idProduct=0001, bcdDevice= 5.10
[    5.776214] usb usb4: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[    5.783481] usb usb4: Product: Generic Platform OHCI controller
[    5.789441] usb usb4: Manufacturer: Linux 5.10.0-3-arm64 ohci_hcd
[    5.795554] usb usb4: SerialNumber: 1c1b400.usb
[    5.801335] hub 4-0:1.0: USB hub found
[    5.807827] hub 4-0:1.0: 1 port detected
[    5.817163] sunxi-mmc 1c10000.mmc: allocated mmc-pwrseq
[    5.847489] sunxi-mmc 1c10000.mmc: initialized, max. request size: 16384 KB, uses new timings mode
[    5.863441] usb 2-1: new high-speed USB device number 2 using ehci-platform
[    5.873542] mmc2: new high speed SDIO card at address 0001
[    6.033212] usb 2-1: New USB device found, idVendor=05e3, idProduct=0608, bcdDevice=88.32
[    6.041431] usb 2-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[    6.048577] usb 2-1: Product: USB2.0 Hub
[    6.054993] hub 2-1:1.0: USB hub found
[    6.059212] hub 2-1:1.0: 4 ports detected
[    6.119088] EXT4-fs (mmcblk0p1): mounted filesystem with ordered data mode. Opts: (null)
[    6.359456] usb 2-1.1: new low-speed USB device number 3 using ehci-platform
[    6.491219] usb 2-1.1: New USB device found, idVendor=258a, idProduct=000c, bcdDevice= 1.00
[    6.499620] usb 2-1.1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[    6.506951] usb 2-1.1: Product: USB KEYBOARD
[    6.511238] usb 2-1.1: Manufacturer: HAILUCK CO.,LTD
[    6.595494] usb 2-1.2: new high-speed USB device number 4 using ehci-platform
[    6.709102] usb 2-1.2: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=30.00
[    6.717544] usb 2-1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=6
[    6.724948] usb 2-1.2: Product: USB 10/100/1000 LAN
[    6.729865] usb 2-1.2: Manufacturer: Realtek
[    6.734153] usb 2-1.2: SerialNumber: 000001
[    7.735330] systemd-udevd[355]: Unknown filesystem type 62656572 mounted on /sys/fs/cgroup.
[    7.735426] systemd-udevd[355]: Failed to determine root cgroup, ignoring cgroup memory limit: No medium found
[    7.735446] systemd-udevd[355]: Set children_max to 14
[    7.735614] systemd-udevd[355]: Failed to symlink /proc/kcore to /dev/core: File exists
[    7.735648] systemd-udevd[355]: Failed to symlink /proc/self/fd to /dev/fd: File exists
[    7.735679] systemd-udevd[355]: Failed to symlink /proc/self/fd/0 to /dev/stdin: File exists
[    7.735711] systemd-udevd[355]: Failed to symlink /proc/self/fd/1 to /dev/stdout: File exists
[    7.735742] systemd-udevd[355]: Failed to symlink /proc/self/fd/2 to /dev/stderr: File exists
[    7.747102] systemd-udevd[355]: === trie on-disk ===
[    7.747128] systemd-udevd[355]: tool version:          241
[    8.916470] mc: Linux media interface: v0.10
[    8.948079] sunxi-wdt 1c20ca0.watchdog: Watchdog enabled (timeout=16 sec, nowayout=0)
[    9.025975] videodev: Linux video capture interface: v2.00
[    9.042253] sun8i-ce 1c15000.crypto: Set mod clock to 300000000 (300 Mhz) from 24000000 (24 Mhz)
[    9.066816] sun8i-ce 1c15000.crypto: will run requests pump with realtime priority
[    9.074807] sun8i-ce 1c15000.crypto: will run requests pump with realtime priority
[    9.082737] sun8i-ce 1c15000.crypto: will run requests pump with realtime priority
[    9.090868] sun8i-ce 1c15000.crypto: will run requests pump with realtime priority
[    9.098702] sun8i-ce 1c15000.crypto: Register cbc(aes)
[    9.105787] hid: raw HID events driver (C) Jiri Kosina
[    9.155378] usbcore: registered new interface driver r8152
[    9.201929] lima 1c40000.gpu: gp - mali400 version major 1 minor 1
[    9.214407] lima 1c40000.gpu: pp0 - mali400 version major 1 minor 1
[    9.220958] lima 1c40000.gpu: pp1 - mali400 version major 1 minor 1
[    9.227506] lima 1c40000.gpu: l2 cache 64K, 4-way, 64byte cache line, 64bit external bus
[    9.230668] usbcore: registered new interface driver usbhid
[    9.236286] lima 1c40000.gpu: bus rate = 200000000
[    9.241279] usbhid: USB HID core driver
[    9.250184] lima 1c40000.gpu: mod rate = 297000000
[    9.255238] usb 2-1.2: reset high-speed USB device number 4 using ehci-platform
[    9.263327] [drm] Initialized lima 1.1.0 20191231 for 1c40000.gpu on minor 0
[    9.284716] asoc-simple-card sound: ASoC: no DMI vendor name!
[    9.314186] input: axp20x-pek as /devices/platform/soc/1f03400.rsb/sunxi-rsb-3a3/axp221-pek/input/input1
[    9.332000] cryptd: max_cpu_qlen set to 1000
[    9.333701] usbcore: registered new interface driver cdc_ether
[    9.369741] axp20x-battery-power-supply axp20x-battery-power-supply: DMA mask not set
[    9.369745] axp20x-ac-power-supply axp20x-ac-power-supply: DMA mask not set
[    9.373576] sunxi_cedrus: module is from the staging directory, the quality is unknown, you have been warned.
[    9.400215] cedrus 1c0e000.video-codec: Device registered as /dev/video0
[    9.412826] [drm] Found ANX6345 (ver. 170) eDP Transmitter
[    9.419459] axp20x-adc axp813-adc: DMA mask not set
[    9.444841] sun4i-drm display-engine: bound 1100000.mixer (ops sun8i_mixer_platform_driver_exit [sun8i_mixer])
[    9.457102] sun4i-drm display-engine: bound 1200000.mixer (ops sun8i_mixer_platform_driver_exit [sun8i_mixer])
[    9.469745] sun4i-drm display-engine: bound 1c0c000.lcd-controller (ops sun4i_tcon_platform_driver_exit [sun4i_tcon])
[    9.481043] sun4i-drm display-engine: bound 1c0d000.lcd-controller (ops sun4i_tcon_platform_driver_exit [sun4i_tcon])
[    9.492383] checking generic (be000000 400800) vs hw (0 ffffffffffffffff)
[    9.492396] fb0: switching to sun4i-drm-fb from simple
[    9.498188] Console: switching to colour dummy device 80x25
[    9.504859] [drm] Initialized sun4i-drm 1.0.0 20150629 for display-engine on minor 1
[    9.590950] r8152 2-1.2:1.0: firmware: direct-loading firmware rtl_nic/rtl8153a-4.fw
[    9.640827] r8152 2-1.2:1.0: load rtl8153a-4 v2 02/07/20 successfully
[    9.684131] r8152 2-1.2:1.0 eth0: v1.11.11
[    9.757568] Console: switching to colour frame buffer device 170x48
[    9.805607] sun4i-drm display-engine: [drm] fb0: sun4i-drmdrmfb frame buffer device
[    9.894901] sun8i-ce 1c15000.crypto: Fallback for cbc-aes-sun8i-ce is cbc-aes-ce
[    9.905720] sun8i-ce 1c15000.crypto: Register ecb(aes)
[    9.911385] sun8i-ce 1c15000.crypto: Fallback for ecb-aes-sun8i-ce is ecb-aes-ce
[    9.932194] sun8i-ce 1c15000.crypto: Register cbc(des3_ede)
[   10.005774] sun8i-ce 1c15000.crypto: Fallback for cbc-des3-sun8i-ce is cbc(des3_ede-generic)
[   10.022794] input: HAILUCK CO.,LTD USB KEYBOARD as /devices/platform/soc/1c1b000.usb/usb2/2-1/2-1.1/2-1.1:1.0/0003:258A:000C.0001/input/input2
[   10.039908] sun8i-ce 1c15000.crypto: Register ecb(des3_ede)
[   10.100437] hid-generic 0003:258A:000C.0001: input,hidraw0: USB HID v1.10 Keyboard [HAILUCK CO.,LTD USB KEYBOARD] on usb-1c1b000.usb-1.1/input0
[   10.102608] r8152 2-1.2:1.0 et-prod: renamed from eth0
[   10.103744] sun8i-ce 1c15000.crypto: Fallback for ecb-des3-sun8i-ce is ecb(des3_ede-generic)
[   10.105152] sun8i-ce 1c15000.crypto: CryptoEngine Die ID 0
[   10.117338] input: HAILUCK CO.,LTD USB KEYBOARD Mouse as /devices/platform/soc/1c1b000.usb/usb2/2-1/2-1.1/2-1.1:1.1/0003:258A:000C.0002/input/input3
[   10.146632] input: HAILUCK CO.,LTD USB KEYBOARD System Control as /devices/platform/soc/1c1b000.usb/usb2/2-1/2-1.1/2-1.1:1.1/0003:258A:000C.0002/input/input4
[   10.220097] input: HAILUCK CO.,LTD USB KEYBOARD Consumer Control as /devices/platform/soc/1c1b000.usb/usb2/2-1/2-1.1/2-1.1:1.1/0003:258A:000C.0002/input/input5
[   10.234880] input: HAILUCK CO.,LTD USB KEYBOARD Wireless Radio Control as /devices/platform/soc/1c1b000.usb/usb2/2-1/2-1.1/2-1.1:1.1/0003:258A:000C.0002/input/input6
[   10.254305] hid-generic 0003:258A:000C.0002: input,hiddev0,hidraw1: USB HID v1.10 Mouse [HAILUCK CO.,LTD USB KEYBOARD] on usb-1c1b000.usb-1.1/input1
[   13.880163] EXT4-fs (mmcblk0p1): re-mounted. Opts: errors=remount-ro
[   14.885208] systemd-udevd[355]: rfkill: Device (SEQNUM=2572, ACTION=add) is queued
[   14.885481] systemd-udevd[355]: Validate module index
[   14.885582] systemd-udevd[355]: Check if link configuration needs reloading.
[   14.885776] systemd-udevd[355]: rfkill: sd-device-monitor: Passed 127 byte to netlink monitor
[   14.885946] systemd-udevd[382]: rfkill: Processing device (SEQNUM=2572, ACTION=add)
[   14.885996] systemd-udevd[355]: rfkill: Device (SEQNUM=2573, ACTION=add) is queued
[   14.886077] systemd-udevd[355]: rfkill: sd-device-monitor: Passed 180 byte to netlink monitor
[   14.886206] systemd-udevd[388]: rfkill: Processing device (SEQNUM=2573, ACTION=add)
[   14.886210] systemd-udevd[355]: rfkill: Device (SEQNUM=2574, ACTION=add) is queued
[   14.886279] systemd-udevd[355]: rfkill: sd-device-monitor: Passed 129 byte to netlink monitor
[   15.005034] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[   15.017003] cfg80211: Loaded X.509 cert 'benh@debian.org: 577e021cb980e0e820821ba7b54b4961b8b4fadf'
[   15.029850] cfg80211: Loaded X.509 cert 'romain.perier@gmail.com: 3abbc6ec146e09d1b6016ab9d6cf71dd233f0328'
[   15.042856] cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[   15.058694] platform regulatory.0: firmware: direct-loading firmware regulatory.db
[   15.069494] platform regulatory.0: firmware: direct-loading firmware regulatory.db.p7s
[   15.163315] r8723bs: module is from the staging directory, the quality is unknown, you have been warned.
[   15.192442] RTL8723BS: module init start
[   15.196427] RTL8723BS: rtl8723bs v4.3.5.5_12290.20140916_BTCOEX20140507-4E40
[   15.203494] RTL8723BS: rtl8723bs BT-Coex version = BTCOEX20140507-4E40
[   15.210136] RTL8723BS: module init ret =0
[   15.378872] 8021q: 802.1Q VLAN Support v1.8
[   15.471861] FS-Cache: Loaded
[   15.638610] RPC: Registered named UNIX socket transport module.
[   15.644569] RPC: Registered udp transport module.
[   15.649292] RPC: Registered tcp transport module.
[   15.653996] RPC: Registered tcp NFSv4.1 backchannel transport module.
[   15.841502] FS-Cache: Netfs 'nfs' registered for caching
[   15.857630] Key type dns_resolver registered
[   16.717391] NFS: Registering the id_resolver key type
[   16.722517] Key type id_resolver registered
[   16.726729] Key type id_legacy registered
[   16.900759] Installing knfsd (copyright (C) 1996 okir@monad.swb.de).
[   16.969101] tun: Universal TUN/TAP device driver, 1.6
[   17.477254] random: lvm: uninitialized urandom read (4 bytes read)
[   17.825181] device-mapper: uevent: version 1.0.3
[   17.831404] device-mapper: ioctl: 4.43.0-ioctl (2020-10-01) initialised: dm-devel@redhat.com
[   17.850332] random: lvm: uninitialized urandom read (2 bytes read)
[   18.031572] random: lvm: uninitialized urandom read (2 bytes read)
[   18.798911] random: lvm: uninitialized urandom read (2 bytes read)
[   19.538775] random: lvm: uninitialized urandom read (2 bytes read)
[   19.917884] systemd-udevd[383]: dm-21: LINK 'disk/by-uuid/8fd94a21-99a4-4e6e-8fb7-f8e89a76254c' /usr/lib/udev/rules.d/60-persistent-storage-dm.rules:25
[   19.918135] systemd-udevd[383]: dm-21: RUN '/sbin/dmsetup udevcomplete $env{DM_COOKIE}' /usr/lib/udev/rules.d/95-dm-notify.rules:12
[   19.918199] systemd-udevd[383]: dm-21: Handling device node '/dev/dm-21', devnum=b254:21, mode=0600, uid=0, gid=0
[   19.918363] systemd-udevd[383]: dm-21: Preserve already existing symlink '/dev/block/254:21' to '../dm-21'
[   19.918546] systemd-udevd[383]: dm-21: Creating symlink '/dev/disk/by-uuid/8fd94a21-99a4-4e6e-8fb7-f8e89a76254c' to '../../dm-21'
[   19.918910] systemd-udevd[383]: dm-21: Creating symlink '/dev/vg_vm_ntp_290/lv_var' to '../dm-21'
[   19.919143] systemd-udevd[383]: dm-21: Creating symlink '/dev/disk/by-id/dm-uuid-LVM-mtI4OEfueVMR48FNBf44tzgepPkkiY1CY2C9YxLzbnKq3PkU9rlftp0nP3RJ4H9K' to '../../dm-21'
[   19.919374] systemd-udevd[383]: dm-21: Creating symlink '/dev/disk/by-id/dm-name-vg_vm_ntp_290-lv_var' to '../../dm-21'
[   19.919696] systemd-udevd[383]: dm-21: Creating symlink '/dev/mapper/vg_vm_ntp_290-lv_var' to '../dm-21'
[   19.920240] systemd-udevd[383]: dm-21: sd-device: Created db file '/run/udev/data/b254:21' for '/devices/virtual/block/dm-21'
[   20.914805] EXT4-fs (dm-0): mounted filesystem with ordered data mode. Opts: (null)
[   22.402982] random: dd: uninitialized urandom read (512 bytes read)
[   23.780978] r8152 2-1.2:1.0 et-prod: carrier on
[   24.230766] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.
[   24.262999] br-serv: port 1(et-prod.6) entered blocking state
[   24.268893] br-serv: port 1(et-prod.6) entered disabled state
[   24.284688] device et-prod.6 entered promiscuous mode
[   24.289881] device et-prod entered promiscuous mode
[   24.299085] r8152 2-1.2:1.0 et-prod: Promiscuous mode enabled
[   24.308959] r8152 2-1.2:1.0 et-prod: Promiscuous mode enabled
[   24.324514] br-serv: port 1(et-prod.6) entered blocking state
[   24.330340] br-serv: port 1(et-prod.6) entered forwarding state
[   24.576691] br-serv: port 2(ve-serv) entered blocking state
[   24.582419] br-serv: port 2(ve-serv) entered disabled state
[   24.588436] device ve-serv entered promiscuous mode
[   24.606830] br-serv: port 2(ve-serv) entered blocking state
[   24.612469] br-serv: port 2(ve-serv) entered forwarding state
[   24.913967] r8152 2-1.2:1.0 et-prod: Promiscuous mode enabled
[   24.924087] systemd-udevd[355]: et-prod.7: Device (SEQNUM=2703, ACTION=add) is queued
[   24.924239] systemd-udevd[355]: et-prod.7: sd-device-monitor: Passed 185 byte to netlink monitor
[   24.924405] systemd-udevd[382]: et-prod.7: Processing device (SEQNUM=2703, ACTION=add)
[   24.924427] systemd-udevd[355]: rx-0: Device (SEQNUM=2704, ACTION=add) is queued
[   24.924562] systemd-udevd[355]: tx-0: Device (SEQNUM=2705, ACTION=add) is queued
[   24.924757] systemd-udevd[382]: et-prod.7: IMPORT '/sbin/ifrename -u -i et-prod.7' /usr/lib/udev/rules.d/19-ifrename.rules:13
[   24.924851] systemd-udevd[382]: Starting '/sbin/ifrename -u -i et-prod.7'
[   24.926598] systemd-udevd[382]: Successfully forked off '(spawn)' as PID 1853.
[   24.935292] systemd-udevd[382]: Process '/sbin/ifrename -u -i et-prod.7' failed with exit code 255.
[   24.935926] systemd-udevd[382]: et-prod.7: RUN 'bridge-network-interface' /usr/lib/udev/rules.d/60-bridge-network-interface.rules:1
[   24.947149] r8152 2-1.2:1.0 et-prod: Promiscuous mode enabled
[   24.956856] r8152 2-1.2:1.0 et-prod: Promiscuous mode enabled
[   25.031364] r8152 2-1.2:1.0 et-prod: Promiscuous mode enabled
[   25.187867] br-ntp: port 1(et-prod.7) entered blocking state
[   25.193686] br-ntp: port 1(et-prod.7) entered disabled state
[   25.203247] r8152 2-1.2:1.0 et-prod: Promiscuous mode enabled
[   25.204084] device et-prod.7 entered promiscuous mode
[   25.216057] r8152 2-1.2:1.0 et-prod: Promiscuous mode enabled
[   25.223330] r8152 2-1.2:1.0 et-prod: Promiscuous mode enabled
[   25.247545] br-ntp: port 1(et-prod.7) entered blocking state
[   25.253242] br-ntp: port 1(et-prod.7) entered forwarding state
[   25.483295] br-ntp: port 2(ve-ntp) entered blocking state
[   25.488940] br-ntp: port 2(ve-ntp) entered disabled state
[   25.504572] device ve-ntp entered promiscuous mode
[   25.522101] br-ntp: port 2(ve-ntp) entered blocking state
[   25.527539] br-ntp: port 2(ve-ntp) entered forwarding state
[   25.818522] r8152 2-1.2:1.0 et-prod: Promiscuous mode enabled
[   25.859533] r8152 2-1.2:1.0 et-prod: Promiscuous mode enabled
[   25.867588] r8152 2-1.2:1.0 et-prod: Promiscuous mode enabled
[   25.944248] r8152 2-1.2:1.0 et-prod: Promiscuous mode enabled
[   26.097644] br-admi: port 1(et-prod.9) entered blocking state
[   26.103477] br-admi: port 1(et-prod.9) entered disabled state
[   26.109781] r8152 2-1.2:1.0 et-prod: Promiscuous mode enabled
[   26.111815] device et-prod.9 entered promiscuous mode
[   26.124859] r8152 2-1.2:1.0 et-prod: Promiscuous mode enabled
[   26.134710] r8152 2-1.2:1.0 et-prod: Promiscuous mode enabled
[   26.150167] br-admi: port 1(et-prod.9) entered blocking state
[   26.156002] br-admi: port 1(et-prod.9) entered forwarding state
[   26.386311] br-admi: port 2(ve-admi) entered blocking state
[   26.392278] br-admi: port 2(ve-admi) entered disabled state
[   26.404211] device ve-admi entered promiscuous mode
[   26.431880] br-admi: port 2(ve-admi) entered blocking state
[   26.437485] br-admi: port 2(ve-admi) entered forwarding state
[   26.725876] r8152 2-1.2:1.0 et-prod: Promiscuous mode enabled
[   26.763043] r8152 2-1.2:1.0 et-prod: Promiscuous mode enabled
[   26.772976] r8152 2-1.2:1.0 et-prod: Promiscuous mode enabled
[   26.843435] r8152 2-1.2:1.0 et-prod: Promiscuous mode enabled
[   26.990843] br-user: port 1(et-prod.8) entered blocking state
[   26.996647] br-user: port 1(et-prod.8) entered disabled state
[   27.003207] r8152 2-1.2:1.0 et-prod: Promiscuous mode enabled
[   27.007568] device et-prod.8 entered promiscuous mode
[   27.014701] r8152 2-1.2:1.0 et-prod: Promiscuous mode enabled
[   27.023446] r8152 2-1.2:1.0 et-prod: Promiscuous mode enabled
[   27.053042] br-user: port 1(et-prod.8) entered blocking state
[   27.058870] br-user: port 1(et-prod.8) entered forwarding state
[   27.290564] br-user: port 2(ve-user) entered blocking state
[   27.297235] br-user: port 2(ve-user) entered disabled state
[   27.303337] device ve-user entered promiscuous mode
[   27.321472] br-user: port 2(ve-user) entered blocking state
[   27.327093] br-user: port 2(ve-user) entered forwarding state
[   30.599440] random: crng init done
[   31.304696] systemd-udevd[355]: Cleanup idle workers
[   31.305430] systemd-udevd[383]: Unload module index
[   31.305435] systemd-udevd[382]: Unload module index
[   31.305522] systemd-udevd[388]: Unload module index
[   31.309509] systemd-udevd[383]: Unloaded link configuration context.
[   31.309558] systemd-udevd[379]: Unload module index
[   31.309592] systemd-udevd[382]: Unloaded link configuration context.
[   31.309776] systemd-udevd[379]: Unloaded link configuration context.
[   31.309899] systemd-udevd[404]: Unload module index
[   31.310088] systemd-udevd[404]: Unloaded link configuration context.
[   33.050038] br-admi: port 3(e-ntp-adm) entered blocking state
[   33.055874] br-admi: port 3(e-ntp-adm) entered disabled state
[   33.066881] device e-ntp-adm entered promiscuous mode
[   33.086043] br-user: port 3(e-ntp-usr) entered blocking state
[   33.091893] br-user: port 3(e-ntp-usr) entered disabled state
[   33.104073] device e-ntp-usr entered promiscuous mode
[   33.110115] br-user: port 3(e-ntp-usr) entered blocking state
[   33.115952] br-user: port 3(e-ntp-usr) entered forwarding state
[   33.138075] br-ntp: port 3(e-ntp-ntp) entered blocking state
[   33.143854] br-ntp: port 3(e-ntp-ntp) entered disabled state
[   33.150121] device e-ntp-ntp entered promiscuous mode
[   33.157506] br-ntp: port 3(e-ntp-ntp) entered blocking state
[   33.163291] br-ntp: port 3(e-ntp-ntp) entered forwarding state
[   33.176474] br-serv: port 3(e-ntp-srv) entered blocking state
[   33.182353] br-serv: port 3(e-ntp-srv) entered disabled state
[   33.188785] device e-ntp-srv entered promiscuous mode
[   33.200131] br-serv: port 3(e-ntp-srv) entered blocking state
[   33.205998] br-serv: port 3(e-ntp-srv) entered forwarding state
[   33.327896] br-admi: port 4(e-bust-adm) entered blocking state
[   33.333836] br-admi: port 4(e-bust-adm) entered disabled state
[   33.340159] device e-bust-adm entered promiscuous mode
[   33.353783] br-admi: port 4(e-bust-adm) entered blocking state
[   33.359674] br-admi: port 4(e-bust-adm) entered forwarding state
[   33.376625] br-user: port 4(e-bust-usr) entered blocking state
[   33.382608] br-user: port 4(e-bust-usr) entered disabled state
[   33.388963] device e-bust-usr entered promiscuous mode
[   33.395195] br-user: port 4(e-bust-usr) entered blocking state
[   33.401162] br-user: port 4(e-bust-usr) entered forwarding state
[   33.418360] br-serv: port 4(e-bust-srv) entered blocking state
[   33.424300] br-serv: port 4(e-bust-srv) entered disabled state
[   33.433564] device e-bust-srv entered promiscuous mode
[   33.441929] br-serv: port 4(e-bust-srv) entered blocking state
[   33.447823] br-serv: port 4(e-bust-srv) entered forwarding state
[   33.566683] br-admi: port 5(e-bull-adm) entered blocking state
[   33.572780] br-admi: port 5(e-bull-adm) entered disabled state
[   33.579325] device e-bull-adm entered promiscuous mode
[   33.587902] br-admi: port 5(e-bull-adm) entered blocking state
[   33.593872] br-admi: port 5(e-bull-adm) entered forwarding state
[   33.614147] br-user: port 5(e-bull-usr) entered blocking state
[   33.620059] br-user: port 5(e-bull-usr) entered disabled state
[   33.627341] device e-bull-usr entered promiscuous mode
[   33.635047] br-user: port 5(e-bull-usr) entered blocking state
[   33.640980] br-user: port 5(e-bull-usr) entered forwarding state
[   33.655644] br-serv: port 5(e-bull-srv) entered blocking state
[   33.661569] br-serv: port 5(e-bull-srv) entered disabled state
[   33.668019] device e-bull-srv entered promiscuous mode
[   33.674527] br-serv: port 5(e-bull-srv) entered blocking state
[   33.680465] br-serv: port 5(e-bull-srv) entered forwarding state
[   34.047837] br-user: port 3(e-ntp-usr) entered disabled state
[   34.054237] br-ntp: port 3(e-ntp-ntp) entered disabled state
[   34.064186] br-serv: port 3(e-ntp-srv) entered disabled state
[   34.074867] br-admi: port 4(e-bust-adm) entered disabled state
[   34.085182] br-user: port 4(e-bust-usr) entered disabled state
[   34.094729] br-serv: port 4(e-bust-srv) entered disabled state
[   34.101103] br-admi: port 5(e-bull-adm) entered disabled state
[   34.110779] br-user: port 5(e-bull-usr) entered disabled state
[   34.120936] br-serv: port 5(e-bull-srv) entered disabled state
[   35.807566] vcc-hdmi: disabling
[   37.674899] systemd-udevd[355]: Cleanup idle workers
[   37.675224] systemd-udevd[2756]: Unload module index
[   37.675453] systemd-udevd[2749]: Unload module index
[   37.676855] systemd-udevd[2756]: Unloaded link configuration context.
[   37.676989] systemd-udevd[2755]: Unloaded link configuration context.
[   37.678493] systemd-udevd[2749]: Unloaded link configuration context.
[   37.678535] systemd-udevd[2914]: Unload module index
[   37.678689] systemd-udevd[2914]: Unloaded link configuration context.
[   37.680333] systemd-udevd[2762]: Unload module index
[   37.680513] systemd-udevd[355]: Worker [2749] exited
En revanche les containers ne sont pas operationnels, puisque ...

Code: Select all

ansible@pinebook-290:~$ sudo lxc-ls -f 
NAME                  STATE   AUTOSTART GROUPS                IPV4 IPV6 UNPRIVILEGED 
vm-bullseye-arm64-290 STOPPED 1         grp_lxc_start_on_boot -    -    false        
vm-buster-arm64-290   STOPPED 1         grp_lxc_start_on_boot -    -    false        
vm-ntp-290            STOPPED 1         grp_lxc_start_on_boot -    -    false        
ansible@pinebook-290:~$ 
Par contre, les parametres du noyau sont bien pris en compte, puisque...

Code: Select all

ansible@pinebook-290:~$ sudo cat /proc/cmdline 
console=ttyS0,115200 root=UUID=1b37edce-3404-46da-ace4-220bf3779946 net.ifnames=0 security=none cgroup_enable=memory loglevel=7
ansible@pinebook-290:~$ 
Pour mémoire, puisque sur le pinebook, c'est le même noyau (à la version mineur prêt !) que sur celui de la N2 (qui fonctionne !), j'ai également vérifié que les paramềtres du noyau sont conformes des attentes de LXC, puisque ....

Code: Select all

ansible@pinebook-290:~$ sudo lxc-checkconfig
Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-5.10.0-3-arm64
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
newuidmap is not installed
newgidmap is not installed
Network namespace: enabled

--- Control groups ---
Cgroups: enabled

Cgroup v1 mount points: 
/sys/fs/cgroup/cpuset
/sys/fs/cgroup/cpu
/sys/fs/cgroup/cpuacct
/sys/fs/cgroup/blkio
/sys/fs/cgroup/memory
/sys/fs/cgroup/devices
/sys/fs/cgroup/freezer
/sys/fs/cgroup/net_cls
/sys/fs/cgroup/perf_event
/sys/fs/cgroup/net_prio
/sys/fs/cgroup/hugetlb
/sys/fs/cgroup/pids
/sys/fs/cgroup/rdma

Cgroup v2 mount points: 

Cgroup v1 systemd controller: missing
Cgroup v1 clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled, loaded
Macvlan: enabled, not loaded
Vlan: enabled, loaded
Bridges: enabled, loaded
Advanced netfilter: enabled, loaded
CONFIG_NF_NAT_IPV4: missing
CONFIG_NF_NAT_IPV6: missing
CONFIG_IP_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, not loaded
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, not loaded
FUSE (for use with lxcfs): enabled, not loaded

--- Checkpoint/Restore ---
checkpoint restore: enabled
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities: 

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig

ansible@pinebook-290:~$ 
Pour être précis, sur la n2, la configuration du noyau est la suivante ...

Code: Select all

ansible@n2-280:~$ uname -a
Linux n2-280 5.9.0-0.bpo.5-arm64 #1 SMP Debian 5.9.15-1~bpo10+1 (2020-12-31) aarch64 GNU/Linux
ansible@n2-280:~$ dpkg -l |grep linux-imag
ii  linux-image-5.9.0-0.bpo.2-arm64  5.9.6-1~bpo10+1              arm64        Linux 5.9 for 64-bit ARMv8 machines (signed)
ii  linux-image-5.9.0-0.bpo.5-arm64  5.9.15-1~bpo10+1             arm64        Linux 5.9 for 64-bit ARMv8 machines (signed)
ii  linux-image-arm64                5.9.15-1~bpo10+1             arm64        Linux for 64-bit ARMv8 machines (meta-package)
ansible@n2-280:~$ 
... et sur la N2, j'ai ...

Code: Select all

ansible@n2-280:~$ sudo lxc-ls -f 
NAME                  STATE   AUTOSTART GROUPS                IPV4                                                           IPV6 UNPRIVILEGED 
vm-bullseye-arm64-280 RUNNING 1         grp_lxc_start_on_boot 192.168.22.165, 192.168.24.165, 192.168.25.165                 -    false        
vm-buster-arm64-280   RUNNING 1         grp_lxc_start_on_boot 192.168.22.162, 192.168.24.162, 192.168.25.162                 -    false        
vm-ntp-280            RUNNING 1         grp_lxc_start_on_boot 192.168.22.164, 192.168.23.164, 192.168.24.164, 192.168.25.164 -    false        
ansible@n2-280:~$ 
L'erreur de démarrage sur le pinebook pour la commande suivante .....

Code: Select all

ansible@pinebook-290:~$ sudo lxc-start -n vm-ntp-290 -f /etc/lxc/auto/vm-ntp-290 --foreground

Sur le serveur de log du réseau, j'ai ....

Code: Select all

2021-03-23T16:36:08+01:00 s_dev_log@pinebook-290 sudo:  ansible : TTY=pts/1 ; PWD=/home/ansible ; USER=root ; COMMAND=/usr/bin/lxc-start -n vm-ntp-290 -f /etc/lxc/auto/vm-ntp-290 --foreground
2021-03-23T16:36:08+01:00 s_dev_log@pinebook-290 sudo: pam_unix(sudo:session): session opened for user root by ansible(uid=0)
2021-03-23T16:36:08+01:00 s_dev_log@pinebook-290 sudo: pam_unix(sudo:session): session closed for user root
2021-03-23T16:36:09+01:00 s_file_lxc_vm-ntp-290@pinebook-290 lxc-start vm-ntp-290 20210323153543.208 INFO     lsm - lsm/lsm.c:lsm_init:50 - LSM security driver nop
2021-03-23T16:36:09+01:00 s_file_lxc_vm-ntp-290@pinebook-290 lxc-start vm-ntp-290 20210323153543.209 DEBUG    terminal - terminal.c:lxc_terminal_peer_default:714 - Using terminal "/dev/tty" as proxy
2021-03-23T16:36:09+01:00 s_file_lxc_vm-ntp-290@pinebook-290 lxc-start vm-ntp-290 20210323153543.209 DEBUG    terminal - terminal.c:lxc_terminal_signal_init:192 - Created signal fd 9
2021-03-23T16:36:09+01:00 s_file_lxc_vm-ntp-290@pinebook-290 lxc-start vm-ntp-290 20210323153543.210 DEBUG    terminal - terminal.c:lxc_terminal_winsz:90 - Set window size to 168 columns and 30 rows
2021-03-23T16:36:09+01:00 s_file_lxc_vm-ntp-290@pinebook-290 lxc-start vm-ntp-290 20210323153543.211 INFO     start - start.c:lxc_init:904 - Container "vm-ntp-290" is initialized
2021-03-23T16:36:09+01:00 s_file_lxc_vm-ntp-290@pinebook-290 lxc-start vm-ntp-290 20210323153543.213 ERROR    network - network.c:instantiate_veth:106 - Operation not permitted - Failed to create veth pair "e-ntp-adm" and "veth7OCQT5"
2021-03-23T16:36:09+01:00 s_file_lxc_vm-ntp-290@pinebook-290 lxc-start vm-ntp-290 20210323153543.213 ERROR    network - network.c:lxc_create_network_priv:2457 - Failed to create network device
2021-03-23T16:36:09+01:00 s_file_lxc_vm-ntp-290@pinebook-290 lxc-start vm-ntp-290 20210323153543.213 ERROR    start - start.c:lxc_spawn:1638 - Failed to create the network
2021-03-23T16:36:09+01:00 s_file_lxc_vm-ntp-290@pinebook-290 lxc-start vm-ntp-290 20210323153543.213 ERROR    start - start.c:__lxc_start:1951 - Failed to spawn container "vm-ntp-290"

Il reste encore qlql soucis...
je vais tenter ....

Code: Select all

ansible@pinebook-290:~$ sudo apt install linux-image-5.10.0-0.bpo.4-arm64-dbg
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  linux-image-5.10.0-0.bpo.4-arm64-dbg
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 847 MB of archives.
After this operation, 6035 MB of additional disk space will be used.
Get:1 http://deb.debian.org/debian buster-backports/main arm64 linux-image-5.10.0-0.bpo.4-arm64-dbg arm64 5.10.19-1~bpo10+1 [847 MB]
....affaire a suivre ...car visiblement, un PB ....

Code: Select all

ansible@pinebook-290:~$ sudo apt install linux-image-5.10.0-0.bpo.4-arm64-dbg
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  linux-image-5.10.0-0.bpo.4-arm64-dbg
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 847 MB of archives.
After this operation, 6035 MB of additional disk space will be used.
Get:1 http://deb.debian.org/debian buster-backports/main arm64 linux-image-5.10.0-0.bpo.4-arm64-dbg arm64 5.10.19-1~bpo10+1 [847 MB]
Err:1 http://deb.debian.org/debian buster-backports/main arm64 linux-image-5.10.0-0.bpo.4-arm64-dbg arm64 5.10.19-1~bpo10+1                                            
  Hash Sum mismatch
  Hashes of expected file:
   - SHA256:3fbd3a0125aa363adfa3bef16f790f88d7c39cdaef39b02230d99e9da57986f9
   - Filesize:847390744 [weak]
  Hashes of received file:
   - SHA256:618af82b8b29721b9c26d324a631786f6bba9bfa01228d2ad679401a99812383
   - Filesize:847390744 [weak]
  Last modification reported: Tue, 16 Mar 2021 19:16:37 +0000
Fetched 847 MB in 3min 41s (3836 kB/s)                                                                                                                                 
E: Failed to fetch http://deb.debian.org/debian/pool/main/l/linux/linux-image-5.10.0-0.bpo.4-arm64-dbg_5.10.19-1~bpo10+1_arm64.deb  Hash Sum mismatch
   Hashes of expected file:
    - SHA256:3fbd3a0125aa363adfa3bef16f790f88d7c39cdaef39b02230d99e9da57986f9
    - Filesize:847390744 [weak]
   Hashes of received file:
    - SHA256:618af82b8b29721b9c26d324a631786f6bba9bfa01228d2ad679401a99812383
    - Filesize:847390744 [weak]
   Last modification reported: Tue, 16 Mar 2021 19:16:37 +0000
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
ansible@pinebook-290:~$ df
Filesystem                           1K-blocks    Used Available Use% Mounted on
udev                                    918736       0    918736   0% /dev
tmpfs                                   193616     584    193032   1% /run
/dev/mmcblk0p1                        10254612 5636828   4077176  59% /
tmpfs                                     5120       0      5120   0% /run/lock
tmpfs                                   387220       8    387212   1% /dev/shm
/dev/mapper/vg_home_pinebook-lv_home  56701088  800132  53000988   2% /home
cgroup                                  968076       0    968076   0% /sys/fs/cgroup
ansible@pinebook-290:~$ 

..Stratégie de replie (!)

Code: Select all

ansible@pinebook-290:~$ sudo apt install linux-image-5.10.0-0.bpo.4-arm64-unsigned      
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Suggested packages:
  linux-doc-5.10 debian-kernel-handbook
The following NEW packages will be installed:
  linux-image-5.10.0-0.bpo.4-arm64-unsigned
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 44.1 MB of archives.
After this operation, 255 MB of additional disk space will be used.
Get:1 http://deb.debian.org/debian buster-backports/main arm64 linux-image-5.10.0-0.bpo.4-arm64-unsigned arm64 5.10.19-1~bpo10+1 [44.1 MB]
Fetched 44.1 MB in 13s (3482 kB/s)                                                                                                                                        
Selecting previously unselected package linux-image-5.10.0-0.bpo.4-arm64-unsigned.
(Reading database ... 110256 files and directories currently installed.)
Preparing to unpack .../linux-image-5.10.0-0.bpo.4-arm64-unsigned_5.10.19-1~bpo10+1_arm64.deb ...
Unpacking linux-image-5.10.0-0.bpo.4-arm64-unsigned (5.10.19-1~bpo10+1) ...
Setting up linux-image-5.10.0-0.bpo.4-arm64-unsigned (5.10.19-1~bpo10+1) ...
I: /vmlinuz is now a symlink to boot/vmlinuz-5.10.0-0.bpo.4-arm64
I: /initrd.img is now a symlink to boot/initrd.img-5.10.0-0.bpo.4-arm64
/etc/kernel/postinst.d/initramfs-tools:
update-initramfs: Generating /boot/initrd.img-5.10.0-0.bpo.4-arm64
Using DTB: allwinner/sun50i-a64-pinebook.dtb
Installing /usr/lib/linux-image-5.10.0-0.bpo.4-arm64/allwinner/sun50i-a64-pinebook.dtb into /boot/dtbs/5.10.0-0.bpo.4-arm64/allwinner/sun50i-a64-pinebook.dtb
Installing new sun50i-a64-pinebook.dtb.
Ignoring old or unknown version 5.10.0-0.bpo.4-arm64 (latest is 5.10.0-3-arm64)
Use --force if you want version 5.10.0-0.bpo.4-arm64.
Installing /usr/lib/linux-image-5.10.0-3-arm64/allwinner/sun50i-a64-pinebook.dtb into /boot/dtbs/5.10.0-3-arm64/allwinner/sun50i-a64-pinebook.dtb
Taking backup of sun50i-a64-pinebook.dtb.
Installing new sun50i-a64-pinebook.dtb.
flash-kernel: deferring update (trigger activated)
/etc/kernel/postinst.d/zz-flash-kernel:
Using DTB: allwinner/sun50i-a64-pinebook.dtb
Installing /usr/lib/linux-image-5.10.0-0.bpo.4-arm64/allwinner/sun50i-a64-pinebook.dtb into /boot/dtbs/5.10.0-0.bpo.4-arm64/allwinner/sun50i-a64-pinebook.dtb
Taking backup of sun50i-a64-pinebook.dtb.
Installing new sun50i-a64-pinebook.dtb.
Ignoring old or unknown version 5.10.0-0.bpo.4-arm64 (latest is 5.10.0-3-arm64)
Processing triggers for flash-kernel (3.99) ...
Using DTB: allwinner/sun50i-a64-pinebook.dtb
Installing /usr/lib/linux-image-5.10.0-3-arm64/allwinner/sun50i-a64-pinebook.dtb into /boot/dtbs/5.10.0-3-arm64/allwinner/sun50i-a64-pinebook.dtb
Taking backup of sun50i-a64-pinebook.dtb.
Installing new sun50i-a64-pinebook.dtb.
flash-kernel: installing version 5.10.0-3-arm64
Generating boot script u-boot image... done.
Taking backup of boot.scr.
Installing new boot.scr.
ansible@pinebook-290:~$ 

...et reboot ...
Par contre, pas de changement sur le démarrage des containers LXC , puisque...

Code: Select all

ansible@pinebook-290:~$ sudo lxc-ls -f 
NAME                  STATE   AUTOSTART GROUPS                IPV4 IPV6 UNPRIVILEGED 
vm-bullseye-arm64-290 STOPPED 1         grp_lxc_start_on_boot -    -    false        
vm-buster-arm64-290   STOPPED 1         grp_lxc_start_on_boot -    -    false        
vm-ntp-290            STOPPED 1         grp_lxc_start_on_boot -    -    false        
ansible@pinebook-290:~$ uname -a
Linux pinebook-290 5.10.0-3-arm64 #1 SMP Debian 5.10.13-1 (2021-02-06) aarch64 GNU/Linux
ansible@pinebook-290:~$ cat /proc/cmdline 
console=ttyS0,115200 root=UUID=1b37edce-3404-46da-ace4-220bf3779946 net.ifnames=0 security=none cgroup_enable=memory loglevel=7
ansible@pinebook-290:~$ 
:evil:
Cordialement
Post Reply