[gentoo-user] IPv6 and sysctl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, ... but I does have an ipv6 question too. Currently I have the following in /etc/sysctl.conf: net.ipv6.conf.default.use_tempaddr=2 net.ipv6.conf.lo.use_tempaddr=2 net.ipv6.conf.eth0.use_tempaddr=2 net.ipv6.conf.wlan0.use_tempaddr=2 all doesn't have any effect, see [0] and [1]. So, no, that is not related to the problem. For some reasons I have ipv6 and tg3 (my eth0) as module. Unfortunately, the setting does not to be set. My guess is, that sysctl runs before loading of the network modules. Restarting sysctl service and network does work and gives me privacy extension. But not the standard boot. Any idea how to fix that? There must be a trustable way to set privacy extension. Regards Klaus [0] https://bugzilla.kernel.org/show_bug.cgi?id=11655 [1] https://bugzilla.kernel.org/show_bug.cgi?id=9224 - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16Klaus Ethgen Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C -BEGIN PGP SIGNATURE- Comment: Charset: ISO-8859-1 iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAlrkG00ACgkQpnwKsYAZ 9qyBjwwAo5G5gbUx36ac03nora0QM9nvLCBU8wdOaArFboaoumsxW5hR5BgPTiBY hoBObfhKI7lu6uEjaCcSYZl6pzM1OLreSSJBJYsjg+coiprR6dQHTBGP2T7gpCbk gB9TXgMetNDiG30UMaO3TZJlAoO2OtPPgUtfIP8XB4dNnDor/jlfHGplaev5yPiY VR/af0XUm/8Dq7JKQROocqkPbggw7f4cXLlX6na/fPcY7/vQEUyJ/nctXxl5CJeP Hey2aFyhryVGee7pdDZPDOFICMDTfNSA8PN+WETDcR385JU3PgoJgg2UrCgiAcaJ VeVpCKoVqSkhvakJ4AiLhmnGBBC5CXQMN9vB7oknjnZipBO1p4/6d88HhK+OcNlq 9cbvIBEbhi9TGErz3X1iE4+9BJY0VNjhOQQN/iwbYzyHmTEcWTnTNjfmOXyGut9t Fg2MVrji8ZTK6SaZx6ussy/PWbXEudtfOENW6d9xtEmkBCtFgultehJXd/B7+KLT kxE0ZWkO =+zND -END PGP SIGNATURE-
Re: [gentoo-user] IPv4 & IPv6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am Sa den 28. Apr 2018 um 7:09 schrieb Hartmut Figge: > I do not know why my machine suddenly local uses IPv6 instead of IPv4. I > noticed it today when I was unable to retrieve mail. syslog now shows [...] > - /etc/hosts - > # IPv4 and IPv6 localhost aliases > 127.0.0.1 localhost > # ::1 localhost > --- > > Commenting out the last line helped and I could get my mails. But that > is really a dirty trick. *g*. You might add the following line in /etc/gai.conf: precedence :::0:0/96 100 instead of precedence :::0:0/96 10 Note that you need the full precedence-block if it is commented out. Just change that line. Regards Klaus - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16Klaus Ethgen Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C -BEGIN PGP SIGNATURE- Comment: Charset: ISO-8859-1 iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAlrkGZwACgkQpnwKsYAZ 9qyl0AwAgwC/epv2/DBq57K1s3iN3uTeI66rnqPBOdsT2o1Sp7AdMrdC+F7waUlE oHDru9LQ00mdQqWG375exXoVlMXseeejNVwLvMaMig8kD2EdQQFHpOGakaqx2JZ0 lsnPGS8pd1BRf/uOOslr0TLL9a33wTeJfdR92n3I93ChFbYXV/PhZa9elTlq0v6+ srcVP3M1ioZ5fh20EeZETm5amiUdm4cKsYH9+8bH6NJKFYJJodJE08CZyNC8uuSi 8E3lFceNTE4+plKfH8Y87rfqeMhBHLLINGfzgYsv314ldPIEUPu0RXAc+M1ZRGZc aj+XOlzo1XtKwlEKhZpG1hgKmHgJ49IO5ZBKzQmtRfIEzTP1xi0VhBIFvMYh6q5S 7soBxrc6girhq0NVfoIJ1MzYgIFqnTP24YamiJifQ1SdxaCHazIqBm0c8nIjAwCL Al99W6tzO807GGMEb+VShc+VUKOOHLGYfPAQ2tf5VzhXVRzCBGFq3CwfHL4bTj+H u1No3mDq =pqnf -END PGP SIGNATURE-
[gentoo-user] IPv4 & IPv6
Greetings, I do not know why my machine suddenly local uses IPv6 instead of IPv4. I noticed it today when I was unable to retrieve mail. syslog now shows xinetd[3763]: START: pop-3 from=::1 instead of the former xinetd[3761]: START: pop-3 pid=22632 from=127.0.0.1 and 'telnet localhost pop3' fails unless I force IPv4 with 'telnet -4 localhost pop3'. I was unable to find the place where I could change this behavior, so I used a dirty trick. - /etc/hosts - # IPv4 and IPv6 localhost aliases 127.0.0.1 localhost # ::1 localhost --- Commenting out the last line helped and I could get my mails. But that is really a dirty trick. *g*. I have never used IPv6, I don't intend to and I have forgotten most of what I may have known about the issue. Hopefully on of you knows the right way. Hartmut
Re: [gentoo-user] Strange compile errors
On Friday, 27 April 2018 18:43:27 BST Mick wrote: > I haven't used genkernel to be able to advise, but this page explains what > you need to do: > > https://wiki.gentoo.org/wiki/Intel_microcode > > However, you may find it makes no difference. Intel have announced they > will not be bringing out updated microcode to address the GPZ > vulnerabilities for any of their older CPUs. This has given me one more > reason to never buy Intel again. Oh? What are your other reasons? :? -- Regards, Peter.
[gentoo-user] Re: Gentoo VM with VNC
On 2018-04-27 18:39, Klaus Ethgen wrote: > Ah yes, X11 seems to be a new battle field for me in gentoo. While > ~/.xsession was the way to have a custom startup in other distributions, > it is ignored in gentoo, used via startx or wdm. I found something about > ~/.xprofile but that is also not used anywhere. At least with startx, > ~/.xinit is used. Any common way for that? I think you mean .xinitrc in the last sentence, and that is what I use. In general the gentoo way is that there is _no_ configuration done over and above what the upstream install process would do. That is very different from other distros and in particular from debian where a whole intricate infrastructure exists to handle .Xsession for any imaginable desktop and display manager. Look at the Xsession script somewhere under /etc/X11 on a debian box to see what I mean. So the answer to that question and your other question with vnc (and I'm sorry I don't have a direct answer, or I would give it to you, of course) is to study the documentation for the upstream projects, and set up your own intricate infrastructure if you need one. -- Please don't Cc: me privately on mailing lists and Usenet, if you also post the followup to the list or newsgroup. To reply privately _only_ on Usenet and on broken lists which rewrite From, fetch the TXT record for no-use.mooo.com.
[gentoo-user] Re: Kernel 4.9.95
On 27/04/18 21:51, Nikos Chantziaras wrote: 4.15 is not a supported kernel. Either you need to stay on the bleeding edge, meaning 4.16, or use a supported kernel, like 4.14. See: https://www.kernel.org Basically, you need to always use the "mainline" kernel, or a "longterm" kernel. Other kernels do not NOT get any updates whatsoever. They are considered dead. 4.15 is a dead kernel. Sorry, should have said "stable", not "mainline." Mainline is the development version.
[gentoo-user] Re: Kernel 4.9.95
On 27/04/18 20:20, Klaus Ethgen wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am Fr den 27. Apr 2018 um 6:42 schrieb Nikos Chantziaras: On 26/04/18 14:42, Mick wrote: Hmm ... why is my Intel system missing 'IBPB' & 'IBRS_FW' ? $ grep . /sys/devices/system/cpu/vulnerabilities/* /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline I did install and compile 4.15.18, the last version from branch 4.15. Unfortunatelly I just get the following: ~> uname -a Linux tha 4.15.18-gentoo #2 Fri Apr 27 13:33:03 CET 2018 i686 Intel(R) Pentium(R) M processor 1.86GHz GenuineIntel GNU/Linux ~> grep . /sys/devices/system/cpu/vulnerabilities/* /sys/devices/system/cpu/vulnerabilities/meltdown:Vulnerable /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization /sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal generic ASM retpoline 4.15 is not a supported kernel. Either you need to stay on the bleeding edge, meaning 4.16, or use a supported kernel, like 4.14. See: https://www.kernel.org Basically, you need to always use the "mainline" kernel, or a "longterm" kernel. Other kernels do not NOT get any updates whatsoever. They are considered dead. 4.15 is a dead kernel.
Re: [gentoo-user] Strange compile errors
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am Fr den 27. Apr 2018 um 18:43 schrieb Mick: > On Friday, 27 April 2018 18:21:51 BST Klaus Ethgen wrote: [microcode] > I haven't used genkernel to be able to advise, but this page explains what > you > need to do: > > https://wiki.gentoo.org/wiki/Intel_microcode Greate, there is the hint. It need sys-kernel/genkernel >= 3.5.0.7 but only 3.4.52.4-r2 is stable on gentoo. > However, you may find it makes no difference. Intel have announced they will > not be bringing out updated microcode to address the GPZ vulnerabilities for > any of their older CPUs. This has given me one more reason to never buy > Intel > again. Sad but true. Regards Klaus - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16Klaus Ethgen Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C -BEGIN PGP SIGNATURE- Comment: Charset: ISO-8859-1 iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAlrjZVMACgkQpnwKsYAZ 9qwZ1Qv8CYhhc9Ijseb2lPgXl/yN/2mdDZRwxxMFhSPdGhx5TtRbgbLqDbD1Uw9E uSwjXjrYl4QSqWxc46Z75FbjIcxZDnZDNBQ+w7nZrSWRtM+cI37XlbYrfVGViN8J p2zBXDr6Cv6DhhSyzj6avvilxjlFtNbCus3OcQrHlwZkHF9UZ0jnG+gWDXuH0ZVA VJAaRI2e2TxUxxEavnaCd4FEKfeLQzUmqGkt4IO8c7tYC09z8W3nKi4d9rX6R2nj whNbWdmXTYy62416jr2ibCUGV/32pUXAqAxFg8TQhwisPs7oK3AvZYzJUv6AjuJS 5MNsSvgKruppUgv+rwimOD+puTT27GD1t+oWG2AaHB1KVAZD/bllftGmf7ZBNKgC uQMmunBHty9KVoKwpEcKHbBI4mru7fM06gCCwIeLxTwk0SKzSs4v+vBfka+iAJWQ IdklVsD683eOh4tVpu/5YtSVc4bHBsSE74y9/6cspabVarOilUQQJwrirW2wJe0+ B7EmJurl =8Up/ -END PGP SIGNATURE-
Re: [gentoo-user] Strange compile errors
On Friday, 27 April 2018 18:21:51 BST Klaus Ethgen wrote: > Hi, > > Am Mi den 25. Apr 2018 um 18:56 schrieb Mick: > > I recall there was a perl update recently. For good measure run: > > > > perl-cleaner --reallyall > > > > and then try running your remaining updates. > > That did the trick; even for the kernel. However, I had to compile the > kernel with integrated firmware to skip this step in genkernel as > genkernel failed with firmware compiling. > > Regards >Klaus I haven't used genkernel to be able to advise, but this page explains what you need to do: https://wiki.gentoo.org/wiki/Intel_microcode However, you may find it makes no difference. Intel have announced they will not be bringing out updated microcode to address the GPZ vulnerabilities for any of their older CPUs. This has given me one more reason to never buy Intel again. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
[gentoo-user] Gentoo VM with VNC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, another problem I encounter when I use Gentoo. ;-) I have a VM (KVM) where I start X11 with qxl driver to use it via vnc. I had the same setup before with Debian. While with debian, VNC was fine, with gentoo the mouse get detected wrong. I mean, I have mouse but the pointer is never in sync with the mouse. It seems that it is virtual "scaled" on the way. That make it difficult to find the right point to click and impossible to click on buttons. On the other side I use tigervnc that worked best in the past. Currently I have no idea how to fix it. Ah yes, X11 seems to be a new battle field for me in gentoo. While ~/.xsession was the way to have a custom startup in other distributions, it is ignored in gentoo, used via startx or wdm. I found something about ~/.xprofile but that is also not used anywhere. At least with startx, ~/.xinit is used. Any common way for that? Regards Klaus - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16Klaus Ethgen Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C -BEGIN PGP SIGNATURE- Comment: Charset: ISO-8859-1 iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAlrjYEkACgkQpnwKsYAZ 9qxy6gwAk1LnD4HCTjOh8GaV3VtamU3Mvilwu6zdftyS8QxRA8obM/vuNx+OTVNl iYU5YTqT9rwaTby6ee7gZHe6Cd+DyzPvNctJ20s5ce6xVen9EQGKp5kGWZOT3M8V buaCzLKVBDyL+mcmJQz5gmw6uz3zEd2Xh/VvK0NEe7swwB+zb/hVMAlA7sgxHkSy QR+jHpaXn1LXKaohTkZd4A8344uEsw5QuVZ3v12bjA1TWtXep+aD7JB3oasUIpSJ pXMcI7QcIo1YM4CuAyID215juc5z5l07HcOT4EfmFQ3Y1mu5gt826m7EiFJNvR1h Xt+fDaKGnXIUNg2cIE8oh37AadB6zymb4ZjmFfaXLIWQiyTo3ggF3NmVsUrg9gvU arUQzet6mzSe04PDy9psh//m8Wz+W1TOeJxAzunt2YO8MIy/KY7FR6Rehl7q/6k8 BhvBYr0Le5w0VHbXPclIlyc/aJiPq2wtg504sl5unGC0piqKOyR6UPI7ixQqvG/p POvrl6On =cNEg -END PGP SIGNATURE-
Re: [gentoo-user] Strange compile errors
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am Mi den 25. Apr 2018 um 18:56 schrieb Mick: > I recall there was a perl update recently. For good measure run: > > perl-cleaner --reallyall > > and then try running your remaining updates. That did the trick; even for the kernel. However, I had to compile the kernel with integrated firmware to skip this step in genkernel as genkernel failed with firmware compiling. Regards Klaus - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16Klaus Ethgen Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C -BEGIN PGP SIGNATURE- Comment: Charset: ISO-8859-1 iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAlrjXC4ACgkQpnwKsYAZ 9qxVrAwAvXzojeaavvNalefVTmWV1Dc+iqxwFjeUgXrw52wd84E+jpib0yE9H297 whf9YViHn7UQCcZP+t7NsuEBMwreHqUeL6DXavB1LfaluxufTG2gEjeFFVnJ0IiX tUoeuFYXJEXa/XoXJCxa9nLkE/tAYdgwTqFtihcFMcUpgHyKeVibvnFMjWnICTO3 Kf5Y+9PdUtXWkBomJyk77/qENbflFBH2JtTlcVJilOhL/yCQhC8oCLLOzGY0Xeby oplZfBRZbyn8ceBQ6XP+JL/m5VOPqIypXDmuAm29kEpqS3H6Be9bkVaKQYDkKCuK j7Lfj+y1a9kYwN6aoPuAMgVQ0MZmlgfBMJxLY77kAbshoejGHhQ+NzvzrXtaDSHG L3PgYqA96ft4xkNiVchNEPIsHJQr7Gwi41nJGYyMsylIB3ugfbv1a0LjG6LqwMha l0iBWADgdNDrXYB19tKLM7TKcuFG84vbnEVayS7JlPPNudxOxH3hTWviR0FWLXjV FlZahzIh =vQDe -END PGP SIGNATURE-
Re: [gentoo-user] Re: Kernel 4.9.95
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am Fr den 27. Apr 2018 um 6:42 schrieb Nikos Chantziaras: > On 26/04/18 14:42, Mick wrote: > > Hmm ... why is my Intel system missing 'IBPB' & 'IBRS_FW' ? > > > > $ grep . /sys/devices/system/cpu/vulnerabilities/* > > /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI > > /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user > > pointer > > sanitization > > /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic > > retpoline I did install and compile 4.15.18, the last version from branch 4.15. Unfortunatelly I just get the following: ~> uname -a Linux tha 4.15.18-gentoo #2 Fri Apr 27 13:33:03 CET 2018 i686 Intel(R) Pentium(R) M processor 1.86GHz GenuineIntel GNU/Linux ~> grep . /sys/devices/system/cpu/vulnerabilities/* /sys/devices/system/cpu/vulnerabilities/meltdown:Vulnerable /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization /sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal generic ASM retpoline The problem here is, that this is a 32bit system and the CPU is not able to run 64bit. So there are some points I want to point to: - - Meltdown is fully vulnerable. While there is a fix for 64bit kernel, I would like to know when or if gentoo will port the mitigation for 32bit systems. - - For Spectre 2, there is some mitigation in kernel but the compiler is to old to support retpoline. When I look to gcc meta data, I see a couples of versions: ~> equery m gcc * sys-devel/gcc [gentoo] Maintainer: toolch...@gentoo.org (Gentoo Toolchain Project) Upstream:Remote-ID: cpe:/a:gnu:gcc ID: cpe Remote-ID: dgcc ID: sourceforge Homepage:https://gcc.gnu.org/ Location:/usr/portage/sys-devel/gcc Keywords:2.95.3-r10:2.95.3: ~alpha ~ppc ~sparc ~x86 Keywords:3.3.6-r1:3.3.6: ~amd64 ~x86 Keywords:3.4.6-r2:3.4.6: alpha amd64 arm ppc ppc64 sparc x86 ~ia64 ~mips ~s390 ~sh -* ~x86-fbsd Keywords:4.0.4:4.0.4: Keywords:4.1.2:4.1.2: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~m68k ~mips ~s390 ~sh -* ~x86-fbsd Keywords:4.2.4-r1:4.2.4: hppa ~alpha ~amd64 ~arm ~ia64 ~m68k ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd Keywords:4.3.6-r1:4.3.6: -hppa alpha amd64 arm ia64 ppc ppc64 sparc x86 ~m68k ~mips ~s390 ~sh ~x86-fbsd Keywords:4.4.7:4.4.7: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~m68k ~mips ~s390 ~sh ~x86-fbsd Keywords:4.5.4:4.5.4: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~amd64-fbsd ~m68k ~mips ~s390 ~sh ~x86-fbsd Keywords:4.6.4:4.6.4: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~amd64-fbsd ~m68k ~mips ~s390 ~sh ~x86-fbsd Keywords:4.7.4-r1:4.7.4: -amd64-fbsd -x86-fbsd alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~mips Keywords:4.8.5-r1:4.8.5: alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~mips ~x86-fbsd Keywords:4.9.4:4.9.4: alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~mips ~x86-fbsd Keywords:5.4.0-r4:5.4.0: alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~mips ~x86-fbsd Keywords:6.4.0:6.4.0: Keywords:6.4.0-r1:6.4.0: alpha amd64 arm arm64 hppa ia64 ppc ppc64 sparc x86 ~amd64-fbsd ~m68k ~mips ~s390 ~sh ~x86-fbsd Keywords:7.2.0:7.2.0: Keywords:7.2.0-r1:7.2.0: ~alpha ~amd64 ~amd64-fbsd ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd Keywords:7.3.0:7.3.0: Keywords:7.3.0-r1:7.3.0: ~alpha ~amd64 ~amd64-fbsd ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd Keywords:7.3.0-r2:7.3.0: License: GPL-3+ LGPL-3+ || ( GPL-3+ libgcc libstdc++ gcc-runtime-library-exception-3.1 ) FDL-1.3+ So which version is stable enough to use? 7.3.0, I use on a different (non-Gentoo) system. But why -r1 and -r2? > Do you have the latest sys-firmware/intel-microcode installed and configured > correctly? You need to enable the "early microcode" kernel option, and you > also need to add /boot/intel-uc.img to your list of initrds to load in > grub2. Alternatively, a BIOS update for your mainboard (if one exists; most > older mainboards won't get updates from the likes of Asus, MSI, Gigabyte, > etc, etc, etc, so for older boards, you need the microcode package.) So, coming to firmware. I do not think that intel is releasing firmware update for that CPU. So I fully rely on kernel (and compiler). Nevertheless, I need to know for other system what exactly is the way to use firmware on gentoo. There is no /boot/intel-uc.img on my system and genkernel complain about firmware compiling (what seems to prove that there is none for my CPU). However, if I read correct, genkernel should automatically i
Re: [gentoo-user] Can't fetch distfiles in chroot
On Thu, Apr 26, 2018 at 4:12 AM, Peter Humphrey wrote: > > So, again, I went off half-cocked (sorry about the noise). The problem is that > the NFS mount in the chroot picks different ports each time, so the client's > firewall drops all NFS packets. > > Now I just have to find out why that happens. Set up static ports for mountd and statd in "/etc/conf.d/nfs". Set up static ports for lockd in "/etc/modprobe.d/" or "/etc/sysctl.d/" (depending on how you compiled your kernel). Non-official but more or less conventional ports (IIRC, first used in an old Slackware howto): mountd: "--port 32767" statd: "--port 32765 --outgoing-port 32766" lockd-sysctl.d: fs.nfs.nlm_udpport=32768 fs.nfs.nlm_tcpport=32768 lockd--modprobe.d: options lockd nlm_udpport=32768 nlm_tcpport=32768 [ If you want to be "modern," the nfs-utils tarball (v2.1.1 and above) includes "nfs.conf" that you can copy into "/etc/" and edit ]
Re: [gentoo-user] Re: Kernel 4.9.95
On Friday, 27 April 2018 06:42:56 BST Nikos Chantziaras wrote: > On 26/04/18 14:42, Mick wrote: > > Hmm ... why is my Intel system missing 'IBPB' & 'IBRS_FW' ? > > > > $ grep . /sys/devices/system/cpu/vulnerabilities/* > > /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI > > /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user > > pointer sanitization > > /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full > > generic > > retpoline > > > > Are there some kernel options I should have selected manually? > > Do you have the latest sys-firmware/intel-microcode installed and > configured correctly? You need to enable the "early microcode" kernel > option, and you also need to add /boot/intel-uc.img to your list of > initrds to load in grub2. Alternatively, a BIOS update for your > mainboard (if one exists; most older mainboards won't get updates from > the likes of Asus, MSI, Gigabyte, etc, etc, etc, so for older boards, > you need the microcode package.) Ahh! If the 'IBPB' & 'IBRS_FW' components come from the microcode this probably explains why I don't have them. I am (still) running an early i7 Intel, which means it won't get any more microcode updates. The latest available is 'intel-ucode/06-1e-05' and as we know Intel has abandoned all older owners of their hardware. One good reason for me to abandon them in turn. :-) -- Regards, Mick signature.asc Description: This is a digitally signed message part.