Add DroidSpaces support and fix related issues

sanba0519 · web-flow · commit c9776ed2bd90 · 2026-06-15T17:54:06.000+08:00
Merge pull request #5 from sanba0519/feature/ds
diff --git a/.github/workflows/buildOppoK7x.yml b/.github/workflows/buildOppoK7x.yml
@@ -9,6 +9,11 @@ on:
         description: "是否启用 BBR 加速（不了解请不要启用）"
         required: false
         default: false
+      DroidSpace:
+        type: boolean
+        description: "是否启用 DroidSpace（不了解请不要启用）"
+        required: false
+        default: false
 
     
 jobs:
@@ -83,6 +88,20 @@ jobs:
         export ARCH=arm64
         export SUBARCH=arm64
 
+        if [ "${{ github.event.inputs.DroidSpace }}" = "true" ]; then
+          echo "启用 DroidSpace..."
+          make -s -j$(nproc --all) O=out ARCH=arm64 mt6853-ss_defconfig
+
+        ./scripts/config --file out/.config \
+            --enable NAMESPACES \
+            --enable USER_NS \
+            --enable DEVTMPFS \
+            --enable DEVTMPFS_MOUNT
+        make O=out olddefconfig
+        else
+          echo "不启用 DroidSpace..."
+        fi
+
         # 添加BBR
         if [ "${{ github.event.inputs.BBR }}" = "true" ]; then
           echo "启用 BBR..."
@@ -94,19 +113,37 @@ jobs:
           echo "不启用 BBR..."
         fi
 
+        make O=out olddefconfig
         cd $GITHUB_WORKSPACE/kernel_workspace/android-kernel
         export PATH=$GITHUB_WORKSPACE/kernel_workspace/clang-aosp/bin:$GITHUB_WORKSPACE/kernel_workspace/gcc64/bin:$GITHUB_WORKSPACE/kernel_workspace/gcc32/bin:$PATH
         export KBUILD_BUILD_HOST=coolapk@sanba
         export KBUILD_BUILD_USER=GitHub@sanba0519
         make -s -j$(nproc --all) O=out ARCH=arm64 mt6853-ss_defconfig
-        make -j$(nproc --all) CC="ccache clang" O=out ARCH=arm64 CLANG_TRIPLE=aarch64-linux-gnu- CROSS_COMPILE=aarch64-linux-android- CROSS_COMPILE_ARM32=arm-linux-androideabi- LD=ld.lld
+        make -s -j"$(nproc)" O=out ARCH=arm64 mt6853-ss_defconfig
+
+        ./scripts/config --file out/.config \
+                --enable CONFIG_NAMESPACES \
+                --enable CONFIG_DEVTMPFS \
+                --disable CONFIG_USER_NS \
+                --enable CONFIG_DEVTMPFS_MOUNT
+
+        make O=out ARCH=arm64 olddefconfig
+
+        make -j"$(nproc)" \
+                O=out \
+                ARCH=arm64 \
+                CC="ccache clang" \
+                CLANG_TRIPLE=aarch64-linux-gnu- \
+                CROSS_COMPILE=aarch64-linux-android- \
+                CROSS_COMPILE_ARM32=arm-linux-androideabi- \
+                LD=ld.lld
                 
     - name: 制作Anykernel3卡刷包
       run: |
         cd $GITHUB_WORKSPACE/kernel_workspace
         git clone https://github.com/sanba0519/AnyKernel3
         sed -i 's/do.devicecheck=1/do.devicecheck=0/g' AnyKernel3/anykernel.sh
-        sed -i 's!block=/dev/block/platform/omap/omap_hsmmc.0/by-name/boot;!block=auto;!g' AnyKernel3/anykernel.sh
+        sed -i 's!block=/dev/block/by-name/boot;!block=auto;!g' AnyKernel3/anykernel.sh
         sed -i 's/is_slot_device=0;/is_slot_device=auto;/g' AnyKernel3/anykernel.sh
         cp android-kernel/out/arch/arm64/boot/Image.gz-dtb AnyKernel3/
         rm -rf AnyKernel3/.git* AnyKernel3/README.md
@@ -117,4 +154,4 @@ jobs:
       uses: actions/upload-artifact@v4
       with:
         name: MT6853-RKSU-AnyKernel3
-        path: kernel_workspace/AnyKernel3/*
+        path: kernel_workspace/AnyKernel3/*
diff --git a/arch/arm64/configs/mt6853-ss_defconfig b/arch/arm64/configs/mt6853-ss_defconfig
@@ -181,7 +181,7 @@ CONFIG_CHECKPOINT_RESTORE=y
 CONFIG_NAMESPACES=y
 CONFIG_UTS_NS=y
 CONFIG_IPC_NS=y
-CONFIG_USER_NS=y
+CONFIG_USER_NS=n
 CONFIG_PID_NS=y
 CONFIG_NET_NS=y
 CONFIG_SCHED_AUTOGROUP=y
@@ -7037,3 +7037,237 @@ CONFIG_SBITMAP=y
 
 CONFIG_KSU_MANUAL_HOOK=y
 CONFIG_KSU_MANUAL_HOOK=y
+
+
+#弥补内核部分设置缺失
+CONFIG_NAMESPACES=y
+CONFIG_USER_NS=n
+CONFIG_DEVTMPFS=y
+CONFIG_DEVTMPFS_MOUNT=y
+
+
+#防火墙支持
+# UFW & FAIL2BAN 核心
+CONFIG_NETFILTER_XT_MATCH_COMMENT=y
+CONFIG_NETFILTER_XT_MATCH_STATE=y
+CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
+CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
+CONFIG_NETFILTER_XT_MATCH_HL=y
+CONFIG_NETFILTER_XT_TARGET_REJECT=y
+CONFIG_IP_NF_TARGET_REJECT=y
+CONFIG_NETFILTER_XT_TARGET_LOG=y
+CONFIG_IP_NF_TARGET_ULOG=y
+CONFIG_NETFILTER_XT_MATCH_RECENT=y
+CONFIG_NETFILTER_XT_MATCH_LIMIT=y
+CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y
+CONFIG_NETFILTER_XT_MATCH_OWNER=y
+CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
+CONFIG_NETFILTER_XT_MATCH_MARK=y
+CONFIG_NETFILTER_XT_TARGET_MARK=y
+CONFIG_IP_SET=y
+CONFIG_IP_SET_HASH_IP=y
+CONFIG_IP_SET_HASH_NET=y
+CONFIG_NETFILTER_XT_SET=y
+CONFIG_NETFILTER_NETLINK_QUEUE=y
+CONFIG_NETFILTER_NETLINK_LOG=y
+CONFIG_NETFILTER_XT_TARGET_NFLOG=y
+
+#覆盖可能出错的前置配置
+# 完全支持Droidspaces的内核配置
+# Copyright (C) 2026 ravindu644 <droidcasts@protonmail.com>
+
+# IPC 机制
+CONFIG_SYSCTL=y
+CONFIG_SYSVIPC=y
+CONFIG_POSIX_MQUEUE=y
+
+# 核心命名空间支持
+CONFIG_NAMESPACES=y
+CONFIG_PID_NS=y
+CONFIG_UTS_NS=y
+CONFIG_IPC_NS=y
+
+# Seccomp 支持
+CONFIG_SECCOMP=y
+CONFIG_SECCOMP_FILTER=y
+
+# 控制组支持
+CONFIG_CGROUPS=y
+CONFIG_CGROUP_DEVICE=y
+CONFIG_CGROUP_PIDS=y
+CONFIG_MEMCG=y
+CONFIG_CGROUP_SCHED=y
+CONFIG_FAIR_GROUP_SCHED=y
+CONFIG_CGROUP_FREEZER=y
+CONFIG_CGROUP_NET_PRIO=y
+
+# 设备文件系统支持
+CONFIG_DEVTMPFS=y
+
+# Overlay 文件系统支持（易失模式必需）
+CONFIG_OVERLAY_FS=y
+
+# 启用 tmpfs 上的 xattr、posix acl 支持
+# 用于 NixOS 支持
+CONFIG_TMPFS_POSIX_ACL=y
+CONFIG_TMPFS_XATTR=y
+
+# 固件加载支持
+CONFIG_FW_LOADER=y
+CONFIG_FW_LOADER_USER_HELPER=y
+CONFIG_FW_LOADER_COMPRESS=y
+
+# Droidspaces 网络隔离支持 - NAT/None 模式
+CONFIG_NET_NS=y
+CONFIG_VETH=y
+CONFIG_BRIDGE=y
+CONFIG_NETFILTER=y
+CONFIG_BRIDGE_NETFILTER=y
+CONFIG_NETFILTER_ADVANCED=y
+CONFIG_NF_CONNTRACK=y
+CONFIG_IP_NF_IPTABLES=y
+CONFIG_IP_NF_FILTER=y
+CONFIG_NF_NAT=y
+CONFIG_NF_TABLES=y
+CONFIG_IP_NF_TARGET_MASQUERADE=y
+CONFIG_NETFILTER_XT_TARGET_MASQUERADE=y
+CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
+CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
+CONFIG_NF_CONNTRACK_NETLINK=y
+CONFIG_NF_NAT_REDIRECT=y
+CONFIG_IP_ADVANCED_ROUTER=y
+CONFIG_IP_MULTIPLE_TABLES=y
+
+# 旧版兼容
+CONFIG_NF_CONNTRACK_IPV4=y
+CONFIG_NF_NAT_IPV4=y
+CONFIG_IP_NF_NAT=y
+
+# 在旧内核上禁用此选项以使互联网正常工作
+CONFIG_ANDROID_PARANOID_NETWORK=n
+
+
+#再次确认覆盖配置，
+CONFIG_NAMESPACES=y
+CONFIG_MULTIUSER=y
+CONFIG_UTS_NS=y
+CONFIG_IPC_NS=y
+CONFIG_PID_NS=y
+CONFIG_NET_NS=y
+
+
+#弥补内核部分设置缺失
+CONFIG_NAMESPACES=y
+CONFIG_USER_NS=n
+CONFIG_DEVTMPFS=y
+CONFIG_DEVTMPFS_MOUNT=y
+
+
+#防火墙支持
+# UFW & FAIL2BAN 核心
+CONFIG_NETFILTER_XT_MATCH_COMMENT=y
+CONFIG_NETFILTER_XT_MATCH_STATE=y
+CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
+CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
+CONFIG_NETFILTER_XT_MATCH_HL=y
+CONFIG_NETFILTER_XT_TARGET_REJECT=y
+CONFIG_IP_NF_TARGET_REJECT=y
+CONFIG_NETFILTER_XT_TARGET_LOG=y
+CONFIG_IP_NF_TARGET_ULOG=y
+CONFIG_NETFILTER_XT_MATCH_RECENT=y
+CONFIG_NETFILTER_XT_MATCH_LIMIT=y
+CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y
+CONFIG_NETFILTER_XT_MATCH_OWNER=y
+CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
+CONFIG_NETFILTER_XT_MATCH_MARK=y
+CONFIG_NETFILTER_XT_TARGET_MARK=y
+CONFIG_IP_SET=y
+CONFIG_IP_SET_HASH_IP=y
+CONFIG_IP_SET_HASH_NET=y
+CONFIG_NETFILTER_XT_SET=y
+CONFIG_NETFILTER_NETLINK_QUEUE=y
+CONFIG_NETFILTER_NETLINK_LOG=y
+CONFIG_NETFILTER_XT_TARGET_NFLOG=y
+
+#覆盖可能出错的前置配置
+# 完全支持Droidspaces的内核配置
+# Copyright (C) 2026 ravindu644 <droidcasts@protonmail.com>
+
+# IPC 机制
+CONFIG_SYSCTL=y
+CONFIG_SYSVIPC=y
+CONFIG_POSIX_MQUEUE=y
+
+# 核心命名空间支持
+CONFIG_NAMESPACES=y
+CONFIG_PID_NS=y
+CONFIG_UTS_NS=y
+CONFIG_IPC_NS=y
+
+# Seccomp 支持
+CONFIG_SECCOMP=y
+CONFIG_SECCOMP_FILTER=y
+
+# 控制组支持
+CONFIG_CGROUPS=y
+CONFIG_CGROUP_DEVICE=y
+CONFIG_CGROUP_PIDS=y
+CONFIG_MEMCG=y
+CONFIG_CGROUP_SCHED=y
+CONFIG_FAIR_GROUP_SCHED=y
+CONFIG_CGROUP_FREEZER=y
+CONFIG_CGROUP_NET_PRIO=y
+
+# 设备文件系统支持
+CONFIG_DEVTMPFS=y
+
+# Overlay 文件系统支持（易失模式必需）
+CONFIG_OVERLAY_FS=y
+
+# 启用 tmpfs 上的 xattr、posix acl 支持
+# 用于 NixOS 支持
+CONFIG_TMPFS_POSIX_ACL=y
+CONFIG_TMPFS_XATTR=y
+
+# 固件加载支持
+CONFIG_FW_LOADER=y
+CONFIG_FW_LOADER_USER_HELPER=y
+CONFIG_FW_LOADER_COMPRESS=y
+
+# Droidspaces 网络隔离支持 - NAT/None 模式
+CONFIG_NET_NS=y
+CONFIG_VETH=y
+CONFIG_BRIDGE=y
+CONFIG_NETFILTER=y
+CONFIG_BRIDGE_NETFILTER=y
+CONFIG_NETFILTER_ADVANCED=y
+CONFIG_NF_CONNTRACK=y
+CONFIG_IP_NF_IPTABLES=y
+CONFIG_IP_NF_FILTER=y
+CONFIG_NF_NAT=y
+CONFIG_NF_TABLES=y
+CONFIG_IP_NF_TARGET_MASQUERADE=y
+CONFIG_NETFILTER_XT_TARGET_MASQUERADE=y
+CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
+CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
+CONFIG_NF_CONNTRACK_NETLINK=y
+CONFIG_NF_NAT_REDIRECT=y
+CONFIG_IP_ADVANCED_ROUTER=y
+CONFIG_IP_MULTIPLE_TABLES=y
+
+# 旧版兼容
+CONFIG_NF_CONNTRACK_IPV4=y
+CONFIG_NF_NAT_IPV4=y
+CONFIG_IP_NF_NAT=y
+
+# 在旧内核上禁用此选项以使互联网正常工作
+CONFIG_ANDROID_PARANOID_NETWORK=n
+
+
+#再次确认覆盖配置
+CONFIG_NAMESPACES=y
+CONFIG_MULTIUSER=y
+CONFIG_UTS_NS=y
+CONFIG_IPC_NS=y
+CONFIG_PID_NS=y
+CONFIG_NET_NS=y
