Ashmem and binderfs copr for anbox and waydroid

Hey everyone

I have created a rpm package for ashmem and binderfs kernel modules that also works on fedora silverblue. It uses akmods that will compile package for required kernel on the fly as ostree post hook. Package is available in my copr: Package anbox-kmod in offlinehacker/xtruder-rpms and source spec file is available here rpms/anbox-kmod at master · offlinehacker/rpms · GitHub

Installation

  • Download repo file for your fedora version on offlinehacker/xtruder-rpms Copr and put it in /etc/yum.repos.d/, you can also use dnf copr enable offlinehacker/xtruder-rpms
  • Install using sudo dnf install akmod-anbox or if you are on fedora silverblue using sudo rpm-ostree install akmod-anbox
  • Install waydroid using yanqiyu’s copr: yanqiyu/waydroid Copr
  • Disable secure boot

Workarounds for selinux on fedora 35+

If you have selinux enabled, waydroid has a bug that while it will mount /dev/binderfs it will not apply correct selinux labels to have access to /dev/binderfs/binder-control as far as I understand (this error: Binder error on Fedora XanMod · Issue #208 · waydroid/waydroid · GitHub). There is a workaround to mount binderfs using systemd before waydroid-container.service starts. You need to create a systemd mount file for binderfs and override a waydroid-container.service to symlink binderfs devices to /dev.

/etc/systemd/system/dev-binderfs.mount`

Description=/dev/binderfs mount
ConditionCapability=CAP_SYS_ADMIN

[Mount]
What=binder
Where=/dev/binderfs
Type=binder
Options=context=system_u:object_r:device_t:s0

/etc/systemd/system/waydroid-container.service.d/override.conf

[Unit]
RequiresMountsFor=/dev/binderfs
After=dev-binderfs.mount

[Service]
ExecStartPre=/bin/sh -c 'ln -fs /dev/binderfs/* /dev/'

Secure boot

Secure boot currently only works if you are using non rpm-ostree fedora distro, as rpm-ostree has no way to sign kernel drivers using keys generated by akmods in /etc/pki/akmods as it does build in sandbox (that’s how i understand it). On non rpm-ostree fedora you can we also need kmodtool and akmods from rawhide or use my backported packages from offlinehacker/akmods-secureboot Copr and offlinehacker/kmodtool-secureboot Copr

Issues

  • Multiwindow support is broken for most apps and sometimes crashes android (at least for me, but it might be due pop shell gnome extension)
  • Clipboard does not work

If someone knows how to fix these please let me know, thanks :slight_smile: Also if you have any issues regarding package please let me know.

7 Likes