Re: Run rpm %preun script in unconfined SELinux context
On 5/9/20 9:45 PM, Sam Varshavchik wrote:
Raw Audit Messages
type=AVC msg=audit(1589082060.526:1156): avc: denied { signal } for
pid=672912 comm="courierlogger"
scontext=unconfined_u:unconfined_r:system_mail_t:s0-s0:c0.c1023
tcontext=system_u:system_r:unconfined_service_t:s0 tclass=process
permissive=0
I've filed bug reports on this in the past, but only successfully got
the bug fixed in RHEL:
https://bugzilla.redhat.com/show_bug.cgi?id=1161812
The problem isn't that rpm scripts run in a confined domain, but that
"courierlogger" is labelled, and transitions to that domain whenever it
is run. The solution is to label courier binaries as "bin_t" so they
aren't confined (until someone provides a policy for Courier).
Maybe file another bug and refer to the one above.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Run rpm %preun script in unconfined SELinux context
On 5/9/20 9:45 PM, Sam Varshavchik wrote: There is no issue using "systemctl stop" to stop the entire group of processes, only with using a script that attempts to signal one of process to gracefully shut itself down. Looking for ideas how to get this working. I think I need a way to run %preun scripts as unconfined, but I'm not sure. I haven't had much luck trying to find useful selinux documentation. So why don't you just use "systemctl stop"? That seems to be a lot simpler and more correct. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
logrotate - Re: What process rolls the log files Saturday night?
OK. I found by reading the head of the new messages log. I see its termination message... On 5/10/20 1:29 AM, Robert Moskowitz wrote: actually the change occurred at 1am. On 5/10/20 1:19 AM, Robert Moskowitz wrote: I see that my various log files have been rolled over at midnight. But looking at the old and new cron, I can't see anything other than the hourly anacron running and not seemingly doing anything... So what did this? Not complaining it happened, just trying to track things down. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: What process rolls the log files Saturday night?
actually the change occurred at 1am. On 5/10/20 1:19 AM, Robert Moskowitz wrote: I see that my various log files have been rolled over at midnight. But looking at the old and new cron, I can't see anything other than the hourly anacron running and not seemingly doing anything... So what did this? Not complaining it happened, just trying to track things down. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
What process rolls the log files Saturday night?
I see that my various log files have been rolled over at midnight. But looking at the old and new cron, I can't see anything other than the hourly anacron running and not seemingly doing anything... So what did this? Not complaining it happened, just trying to track things down. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Run rpm %preun script in unconfined SELinux context
On 2020-05-10 12:45, Sam Varshavchik wrote: > My knowledge and understanding of selinux is not very deep, but I'm trying to > run the box in enforcing mode. > > A %preun script in my rpm package is failing. It's running a binary that > sends a signal to a running process, and SELinux blocks the signal: > > Are you creating your own rpm package? If that is the case, then the best place to ask about these kinds of issues is on the selinux list. I've gotten very good help there from folks that don't inhabit the users list. seli...@lists.fedoraproject.org -- The key to getting good answers is to ask good questions. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: FreeIPA Users cannot log in via GDM after upgrade to Fedora 32
Hello, Sorry for not replying earlier, I got caught up in work for the week. I confirmed the HBAC rules contained gdm and gdm-password. I don't think it's FreeIPA though as logins work under F31 just fine, but I patched up all the servers and still no dice. Thanks, Thomas On Tue, May 5, 2020 at 6:11 PM Ranbir wrote: > On Mon, 2020-05-04 at 18:10 -0700, Thomas Letherby wrote: > > > > Any suggestions of where to look next? I tried looking up the errors > > that I could see, but I didn't see anything that fit quite what I was > > seeing. > > > In FreeIPA, make sure your HBAC rule for your desktops include the > login services, "gdm" and "gdm-password". > > What you're describing sounds like what I was experiencing in Fedora a > few releases ago. I fixed it when I realized that "gdm" was one of the > HBAC services pre-defined in IPA and I didn't have it included in my > list of allowed services. > > -- > Ranbir > > ___ > users mailing list -- users@lists.fedoraproject.org > To unsubscribe send an email to users-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org > ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Run rpm %preun script in unconfined SELinux context
My knowledge and understanding of selinux is not very deep, but I'm trying
to run the box in enforcing mode.
A %preun script in my rpm package is failing. It's running a binary that
sends a signal to a running process, and SELinux blocks the signal:
Raw Audit Messages
type=AVC msg=audit(1589082060.526:1156): avc: denied { signal } for
pid=672912 comm="courierlogger"
scontext=unconfined_u:unconfined_r:system_mail_t:s0-s0:c0.c1023
tcontext=system_u:system_r:unconfined_service_t:s0 tclass=process
permissive=0
When the signal fails, sigkill is tried again, which is also blocked:
Raw Audit Messages
type=AVC msg=audit(1589082160.527:1172): avc: denied { sigkill } for
pid=672912 comm="courierlogger"
scontext=unconfined_u:unconfined_r:system_mail_t:s0-s0:c0.c1023
tcontext=system_u:system_r:unconfined_service_t:s0 tclass=process
permissive=0
The binary that's sending the signals:
$ ls -alZ /usr/sbin/courierlogger
-rwxr-xr-x. 1 daemon daemon system_u:object_r:courier_exec_t:s0 25296 May 9
23:19 /usr/sbin/courierlogger
This is not my SELinux policy that labeled this binary. Apparently Fedora
has a selinux policy that decided to show up here, but something is not
working correctly.
That binary is attempting to sigkill this process:
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 673700 673699 0
00:14 ? 00:00:00 /usr/lib/courier/sbin/couriertcpd -address=0 -maxprocs=40 -
maxperip=4 -access=/etc/courier/imapaccess.dat -nodnslookup -noidentlookup
The process is running as unconfined_t. Again, my rpm packages do not have
any selinux configuration in them, this is all, apparently, something stock
that came with Fedora.
As best as I can figure out what's going on here: the %preun is in an rpm
subpackage. The main rpm package starts all the daemons from a system unit,
and they run as unconfined. The subpackage's %preun runs a script that
runs this binary that signals the existing process, but the %preun script
executes in some kind of a confined state.
There is no issue using "systemctl stop" to stop the entire group of
processes, only with using a script that attempts to signal one of process
to gracefully shut itself down. Looking for ideas how to get this working. I
think I need a way to run %preun scripts as unconfined, but I'm not sure. I
haven't had much luck trying to find useful selinux documentation.
pgptPO7SyuebA.pgp
Description: PGP signature
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Fedora 32 MTA
On 2020-05-10 10:57, Robert Moskowitz wrote: > > > On 5/9/20 6:11 PM, John M. Harris Jr wrote: >> On Saturday, May 9, 2020 2:02:11 PM MST Geoffrey Leach wrote: >>> I noticed that sendmail and mailx are not installed with the basic >>> workstation. Is there another MTA installed? >> I hope this is fixed in future Fedora.. This is just silly, though definitely >> in line with many of the other changes that have been made to Fedora >> recently. >> > Having a MTA running by default eats up all sorts of valuable cpu and I/O > cycles on a workstation. > > Especially of concern on an arm install... > Not to mention that the majority of people really don't need to run an MTA. And the ones that do, know which one they prefer and how to install and configure. -- The key to getting good answers is to ask good questions. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Fedora 32 MTA
On 5/9/20 6:11 PM, John M. Harris Jr wrote: On Saturday, May 9, 2020 2:02:11 PM MST Geoffrey Leach wrote: I noticed that sendmail and mailx are not installed with the basic workstation. Is there another MTA installed? I hope this is fixed in future Fedora.. This is just silly, though definitely in line with many of the other changes that have been made to Fedora recently. Having a MTA running by default eats up all sorts of valuable cpu and I/O cycles on a workstation. Especially of concern on an arm install... :) ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Power Mgmt problem
On 5/9/20 4:04 PM, Christopher Marlow wrote: Nope that didnt fix it... My monitor still blinks on and off when coming back to the computer after being away for a couple hours. I just came back to the computer and the screen blinked 3 times. I had to turn off my monitor and turn it back on and hold a key down on the keyboard to get it to wake up on the 3rd try. Try booting a live image and see if that has the same problem. Someone suggested to me else where that I should do a reformat and only use the xfce spin version to where my install is pure XFCE and not XFCE and Gnome. That is irrelevant. You can only run one desktop environment at a time. They aren't going to conflict. But have you tried using the Gnome desktop to see if it works? ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: How do you Dual boot with Intel RST - Optane ?
On 5/9/20 3:38 PM, sean darcy wrote: And it works. I can now dual boot, and Windows is a LOT faster. Oh, the irony... ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Power Mgmt problem
On Sat, 2020-05-09 at 14:21 -0500, Christopher Marlow wrote: > > > I might of solved my own problem I am not sure yet... I some how had > XSCREENSAVER Power Mgmt set and Power Management set at the same > time.. > I disabled one so we shall see if everything works out or not. > > ___ Nope that didnt fix it... My monitor still blinks on and off when coming back to the computer after being away for a couple hours. I just came back to the computer and the screen blinked 3 times. I had to turn off my monitor and turn it back on and hold a key down on the keyboard to get it to wake up on the 3rd try. Someone suggested to me else where that I should do a reformat and only use the xfce spin version to where my install is pure XFCE and not XFCE and Gnome. Thanks, Chris ch...@cwm030.com Fedora 32 Workstation With XFCE as my preferred desktop ( installed on top of gnome 3) ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Power Mgmt problem
On Sat, 2020-05-09 at 12:59 -0700, Samuel Sieb wrote: > I assumed he was replying to the post from the mailing list, but it > might have been a reply to his local sent copy. > ___ I am replying from my email. I sent my questions in via email. Thanks, Chris ch...@cwm030.com Fedora 32 Workstation With XFCE as my preferred desktop ( installed on top of gnome 3) ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: How do you Dual boot with Intel RST - Optane ?
On 5/7/20 10:49 AM, sean darcy wrote: My new laptop has Windows 10 installed with the Intel rapid Storage Technology (optane) system chip. Windows is on an nvme drive. FC31 is on a SATA ssd. BIOS allows me to choose AHCI or RST. I must use AHCI to boot the FC31 drive, and RST to boot the Windows drive. Neither will boot with the other. Sigh. 1. Is there a way to get the FC31 drive to boot with RST ? 2. Any way to have the Windows drive boot with AHCI ? sean ___ Solved. It turns out the Intel RST driver don't work well with nvme. So somebody has found a a way to switch from the RST driver to using AHCI. https://support.thinkcritical.com/kb/articles/switch-windows-10-from-raid-ide-to-ahci And it works. I can now dual boot, and Windows is a LOT faster. sean ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Fedora 32 MTA
On Sat, 9 May 2020 23:18:42 +0200 Alexander Dalloz wrote: > Am 09.05.2020 um 23:02 schrieb Geoffrey Leach: > > I noticed that sendmail and mailx are not installed with the basic > > workstation. Is there another MTA installed? > > https://fedoraproject.org/wiki/Changes/NoDefaultSendmail > > Alexander Thanks for the info. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Fedora 32 MTA
On Saturday, May 9, 2020 2:02:11 PM MST Geoffrey Leach wrote: > I noticed that sendmail and mailx are not installed with the basic > workstation. Is there another MTA installed? I hope this is fixed in future Fedora.. This is just silly, though definitely in line with many of the other changes that have been made to Fedora recently. -- John M. Harris, Jr. Splentity ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Need help with a weird kernel update panic.
On 2020-05-09 21:01, John Mellor wrote: > Now I need to wait for the next kernel upgrade, and see if that change fixes > my crash/panic issue. Of course you could boot to the previous kernel, remove the latest one, reboot again to the previous kernel and allow the upgrade to test. -- The key to getting good answers is to ask good questions. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Fedora 32 MTA
Am 09.05.2020 um 23:02 schrieb Geoffrey Leach: I noticed that sendmail and mailx are not installed with the basic workstation. Is there another MTA installed? https://fedoraproject.org/wiki/Changes/NoDefaultSendmail Alexander ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Fedora 32 MTA
I noticed that sendmail and mailx are not installed with the basic workstation. Is there another MTA installed? ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: How do you Dual boot with Intel RST - Optane ?
On Sat, 2020-05-09 at 09:30 -0400, sean darcy wrote: > On 5/9/20 1:38 AM, Robert G (Doc) Savage via users wrote: > > On Thu, 2020-05-07 at 10:49 -0400, sean darcy wrote: > > > My new laptop has Windows 10 installed with the Intel > > > rapid Storage Technology (optane) system chip. Windows is on an > > > nvme > > > drive. > > > > > > FC31 is on a SATA ssd. > > > > > > BIOS allows me to choose AHCI or RST. I must use AHCI to boot the > > > FC31 > > > drive, and RST to boot the Windows drive. Neither will boot with > > > the > > > other. Sigh. > > > > > > 1. Is there a way to get the FC31 drive to boot with RST ? > > > > > > 2. Any way to have the Windows drive boot with AHCI ? > > > > > > sean > > > > I have Intel RST "fake RAID" on my Lenovo ThinkPad P72. As > > delivered, > > Windows 10 Pro was installed on two 2TB NVMe SSDs in a RAID1 > > mirror > > configuration. While I could have also installed a standard > > notebook > > SATA SSD, I postponed that idea (see below) and broke the RAID1 > > mirror > > instead. The BIOS Storage setting gave me two options: RST or AHCI. > > The > > BIOS is wrong. It should say RST or NVMe. SATA or AHCI are not > > options. > > And boy are the two raw NVMe drives F-A-S-T > > > > I went through all the hand wringing and fear of screwing up > > something I > > didn't completely understand at the time. I backed up everything I > > could > > think of from Windows 10, and a went to the trouble of getting a > > Lenovo > > ThinkPad Windows restoration thumb drive. > > > > Happily, once I broke the RAID1 mirror, I was able to boot to a > > Fedora > > live ISO on a thumb drive. It could see both /dev/nvme0 and > > /dev/nvme1 > > SSDs. The #0 device still contained one half of the mirrored > > Windows 10 > > installation. fdisk shows the following detail: > > > > # fdisk -l /dev/nvme0n1 > > > > Disk /dev/nvme0n1: 1.88 TiB, 2048408248320 bytes, 4000797360 > > sectors > > > > Disk model: SAMSUNG MZVLB2T0HMLB-000L7 > > > > Units: sectors of 1 * 512 = 512 bytes > > > > Sector size (logical/physical): 512 bytes / 512 bytes > > > > I/O size (minimum/optimal): 512 bytes / 512 bytes > > > > Disklabel type: gpt > > > > Disk identifier: 868B8A59-AF35-48EB-AD4F-0B2966DD92F5 > > > > > > Device StartEndSectors Size Type > > > > /dev/nvme0n1p1 2048 534527 532480 260M EFI System > > > > /dev/nvme0n1p2 534528 567295 32768 16M Microsoft > > reserved > > > > /dev/nvme0n1p3 567296 3998748671 3998181376 1.9T Microsoft basic data > > > > /dev/nvme0n1p4 3998748672 40007966712048000 1000M Windows > > recovery > > environment > > > > > > This frees /dev/nvme1n1 for a normal installation from a live CD > > image. > > It will set up GRUB2 for a Windows + Fedora dual boot. When > > installed, > > your second NVMe drive should be partitioned something like this: > > > > > > # fdisk -l /dev/nvme1n1 > > > > Disk /dev/nvme1n1: 1.88 TiB, 2048408248320 bytes, 4000797360 > > sectors > > > > Disk model: SAMSUNG MZVLB2T0HMLB-000L7 > > > > Units: sectors of 1 * 512 = 512 bytesSector size > > (logical/physical): 512 > > bytes / 512 bytes > > > > I/O size (minimum/optimal): 512 bytes / 512 bytes > > > > Disklabel type: gpt > > > > Disk identifier: D02F3FF2-CE20-43A2-A2E2-92053E91D817 > > > > > > Device StartEndSectors Size Type > > /dev/nvme1n1p12048 411647 409600 200M EFI System > > /dev/nvme1n1p2 411648250879920971521G Linux filesystem > > /dev/nvme1n1p3 2508800 4000796671 3998287872 1.9T Linux LVM > > > > As I indicated above, I later installed a 4TB SATA internal drive > > in an > > expansion space inside the P72. I had to buy a wiring adapter to > > connect > > the SATA drive to the P72's internal chassis wiring. That wiring > > doesn't > > come instsalled from the factory. I got the kit from EggHead. > > > > Hope this helps. > > > > --Doc Savage > > Fairview Heights, IL > > > > > > Very interesting. Are you now able to boot into Windows on nvme0 from > grub ? > > sean Of course. It's not my default, so when the GRUB2 menu appears I have to arrow down to the 4th entry to boot into Windows. What's really nice about this setup is that when default booted into Fedora 32 I can mount the /dev/nvme0n1p3 Windows partition r/w. --Doc Savage Fairview Heights, IL ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Power Mgmt problem
On Sat, 2020-05-09 at 13:27 -0600, Joe Zeff wrote: > On 05/09/2020 12:36 PM, Samuel Sieb wrote: > > It did come through, but probably no one has an answer. (It's been less > > than a day since you sent it.) If you get a copy back from the mailing > > list, then it went through. > > That's not always true. I never get copies of my own posts because I > have that turned off. I know what I sent, and have no reason to want a > copy. YMMV, but that's how I work. You can always check the archive. If it went through, the archive will have it unless there's something seriously wrong with list management software. poc ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Arora browser failing under F32
On Sat, 2020-05-09 at 18:43 +, Beartooth wrote: > I keep a drawer on a panel full of launchers for browsers. Twice > I've tried for Arora from there, and once from the Main Menu. All three > times it started, showing one tab, trying to go to fedoraproject.org, and > closed again without getting anywhere. Did you check the journal for errors? > I did a dnf reinstall; that completed normally, but didn't help. Unsurprising. A dnf reinstall is almost never the answer unless you suspect the package itself is damaged in some way (you can check using 'rpm -V') > The little box reporting trouble showed, but said nothing, and also > closed without offering either to dump any data or to send anything to > RedHat. That appears to be a Google project, marked as being "under development". No doubt a Bugzilla report would be useful. poc ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Power Mgmt problem
On 5/9/20 12:27 PM, Joe Zeff wrote: On 05/09/2020 12:36 PM, Samuel Sieb wrote: It did come through, but probably no one has an answer. (It's been less than a day since you sent it.) If you get a copy back from the mailing list, then it went through. That's not always true. I never get copies of my own posts because I have that turned off. I know what I sent, and have no reason to want a copy. YMMV, but that's how I work. Actually, what I wrote is always true, but not necessarily the inverse which is what you wrote. I assumed he was replying to the post from the mailing list, but it might have been a reply to his local sent copy. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Killing existing connections with firewall-cmd (F31)
Thorsten Schubert writes: To fix this, a direct rule inside the *raw* table for matching the ipset should suffice. I did some testing this time and came up with the following: firewall-cmd --permanent --new-ipset=test --type=hash:ip --option=family=inet firewall-cmd --permanent --direct --add-rule ipv4 raw PREROUTING 0 -m set --match-set test src -j DROP firewall-cmd --reload Rather than a --reload, I reran it without the --permanent flag, due to fail2ban also dropping its own firewall rules, on the fly. Also, a hash::net ipset will be better, giving an option to drop an entire subnet. pgppVPDBL7wKD.pgp Description: PGP signature ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: VDQ Thumb drive software
On Fri, 8 May 2020 16:41:49 -0400 Fred Smith wrote: > On Fri, May 08, 2020 at 04:23:43PM -0400, Jonathan Billings wrote: > > On Fri, May 08, 2020 at 08:16:48PM -, Beartooth wrote: > > > On Thu, 07 May 2020 16:46:49 -0400, Jonathan Billings wrote: > > > > > > > On May 7, 2020, at 16:42, Beartooth > > > > wrote: > > > >>I'm pretty sure the Fedora machine I want to use to put > > > >> something onto a thumb drive doesn't have the thumb drive > > > >> software installed to do so. But I've searched dnfdragora up > > > >> one side and down the other without finding it. What is it > > > >> called? Pretty please? > > > > > > > > It’d be part of the kernel if it’s a USB Mass Storage device. > > > > You shouldn’t need to install anything. > > > > > > > > Does `gnome-disks` see the device? > > > > > > I keep forgetting to mention that I run Mate. I get > > > > > > $ rpm -q gnome-disks > > > package gnome-disks is not installed > > > > Then 'dnf install gnome-disk-utility' to get it installed. > > > > Mate also has a disks utility, named--odly enugh--"disks" > > On Ubuntu it is under the Control Center, possibly the same on > Fedora > My Fedora 32, Mate desktop machine (updated from f30-f31-f32), has the gnome-disk-utility installed in the menu under Applications > Accessories > Disks. I don't remember if it was included or if I installed it myself. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Power Mgmt problem
On 05/09/2020 12:36 PM, Samuel Sieb wrote: It did come through, but probably no one has an answer. (It's been less than a day since you sent it.) If you get a copy back from the mailing list, then it went through. That's not always true. I never get copies of my own posts because I have that turned off. I know what I sent, and have no reason to want a copy. YMMV, but that's how I work. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Why do I have 4 kernels when the install limit is 3 ?
On 5/9/20 12:00 PM, Sreyan Chakravarty wrote: installonly_limit=3 So then why do I have 4 kernels ? That's a good question. Watch what happens the next time you have a kernel update. $ rpm -q kernel kernel-5.3.7-301.fc31.x86_64 kernel-5.5.15-200.fc31.x86_64 kernel-5.6.8-200.fc31.x86_64 kernel-5.6.10-300.fc32.x86_64 Shouldn't the 5.3 kernel version be removed ? Yes. Or is it treating the 2 5.6 versions as one ? No. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Power Mgmt problem
On Sat, 2020-05-09 at 12:52 -0500, Christopher Marlow wrote: > On Fri, 2020-05-08 at 16:39 -0500, Christopher Marlow wrote: > > I am having a problem with Fedora 32.. When my screen blanks > > off. > > When I come back to the computer the screen will flash on for a sec > > and > > then go black again. But the power light is still green... > > > > And the only way I can get a picture back is to turn the monitor > > off > > and hold a key down on the keyboard and turn the monitor back on at > > the > > same time > > > > its getting worse and worse > > > > > > I had the same problem in 31 right there at the end > > right before I upgraded to 32) -- > > > > > > I might of solved my own problem I am not sure yet... I some how had XSCREENSAVER Power Mgmt set and Power Management set at the same time.. I disabled one so we shall see if everything works out or not. > > > Thanks, > Chris > ch...@cwm030.com > > Fedora 32 Workstation > With XFCE as my preferred desktop ( installed on top of gnome 3) > ___ > users mailing list -- users@lists.fedoraproject.org > To unsubscribe send an email to users-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org -- Thanks, Chris ch...@cwm030.com Fedora 31 Workstation With XFCE as my preferred desktop ( installed on top of gnome 3) ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Power Mgmt problem
On Sat, May 09, 2020 at 12:52:53PM -0500, Christopher Marlow wrote: > On Fri, 2020-05-08 at 16:39 -0500, Christopher Marlow wrote: > > I am having a problem with Fedora 32.. When my screen blanks off. > > When I come back to the computer the screen will flash on for a sec > > and > > then go black again. But the power light is still green... > > > > And the only way I can get a picture back is to turn the monitor off > > and hold a key down on the keyboard and turn the monitor back on at > > the > > same time > > > > its getting worse and worse > > > > > > I had the same problem in 31 right there at the end > > right before I upgraded to 32) -- > > > > > > I am just wondering if this post came through or not? I just wanted to > check back in. I saw it, but don't have an answer for you. sorry! -- --- .Fred Smith / ( /__ ,__. __ __ / __ : / // / /__) / / /__) .+' Home: fre...@fcshome.stoneham.ma.us // (__ (___ (__(_ (___ / :__ 781-438-5471 Jude 1:24,25 - ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Why do I have 4 kernels when the install limit is 3 ?
Hi, Running cat /etc/dnf/dnf.conf | grep install gives: installonly_limit=3 So then why do I have 4 kernels ? $ rpm -q kernel kernel-5.3.7-301.fc31.x86_64 kernel-5.5.15-200.fc31.x86_64 kernel-5.6.8-200.fc31.x86_64 kernel-5.6.10-300.fc32.x86_64 Shouldn't the 5.3 kernel version be removed ? Or is it treating the 2 5.6 versions as one ? -- Regards, Sreyan ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Arora browser failing under F32
I keep a drawer on a panel full of launchers for browsers. Twice I've tried for Arora from there, and once from the Main Menu. All three times it started, showing one tab, trying to go to fedoraproject.org, and closed again without getting anywhere. I did a dnf reinstall; that completed normally, but didn't help. The little box reporting trouble showed, but said nothing, and also closed without offering either to dump any data or to send anything to RedHat. The same happened on another F32 machine, but not on one running F31. -- Beartooth Staffwright, Not Quite Clueless Power User Remember I know little (precious little!) of where up is. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Power Mgmt problem
On 5/8/20 2:39 PM, Christopher Marlow wrote: I am having a problem with Fedora 32.. When my screen blanks off. When I come back to the computer the screen will flash on for a sec and then go black again. But the power light is still green... And the only way I can get a picture back is to turn the monitor off and hold a key down on the keyboard and turn the monitor back on at the same time its getting worse and worse I had the same problem in 31 right there at the end right before I upgraded to 32) -- I would suggest trying a live boot to see if you get the same problem there. It might be a hardware issue of some sort. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Power Mgmt problem
On 5/9/20 10:52 AM, Christopher Marlow wrote: On Fri, 2020-05-08 at 16:39 -0500, Christopher Marlow wrote: I am having a problem with Fedora 32.. When my screen blanks off. When I come back to the computer the screen will flash on for a sec and then go black again. But the power light is still green... And the only way I can get a picture back is to turn the monitor off and hold a key down on the keyboard and turn the monitor back on at the same time its getting worse and worse I had the same problem in 31 right there at the end right before I upgraded to 32) -- I am just wondering if this post came through or not? I just wanted to check back in. It did come through, but probably no one has an answer. (It's been less than a day since you sent it.) If you get a copy back from the mailing list, then it went through. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: libreoffice calc - sheet deletion blocked
On 5/9/20 10:43 AM, Max Pyziur wrote: I have a 48 tabbed spreadsheet in xlsx format. It was originally created and maintained in libreoffice, occasionally opened in MS Excel. Today, I see that I can't delete specific sheets. This seems to be only currently related to this sheet and no other. I've searched through google, with no answers available that rectify this problem. I've opened the spreadsheet in Excel, and I can't find the appropriate option that controls this. Any advice would be appreciated here. A secondary problem, is that whenever I paste in data, say, from a tab-delimited text file, each cell now has comments (username that inserted the data along with the entry date). Is that maybe the change tracking that's enabled? ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: network manager is killing me!
On Sat, 9 May 2020 11:11:57 -0700 Samuel Sieb wrote: > Or you'll start using nm-connection-editor. I tried it. It never tells you what it doesn't like. The sum total of all feedback it gives is to refuse to enable the "Apply" button. If the ifcfg files really are destined to stick around forever, I'm far more likely to just edit them the same way I used to before NetworkManager :-). ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: network manager is killing me!
On 5/9/20 8:12 AM, Mauricio Tavares wrote: I found out so far networkmanager is honoring my etc/sysconfig/network-scripts/ files in both centos8 and fedora 31: which makes setting that up in ansible rather easy. With that said, I would not be surprised if that is dropped before the end of the year... There is no plan for those config files to ever go away. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: network manager is killing me!
On 5/9/20 7:01 AM, Tom Horsley wrote: I may eventually get used to network manager, or I may die of old age. Or you'll start using nm-connection-editor. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Killing existing connections with firewall-cmd (F31)
On Sat, May 9, 2020 at 5:59 PM Sam Varshavchik wrote: > I haven't done much testing, but this does not seem to be quite right. After > creating and adding the ipset, iptables -n -L still shows me: > > Chain INPUT (policy ACCEPT) > target prot opt source destination > ACCEPT all – 0.0.0.0/00.0.0.0/0ctstate > RELATED,ESTABLISHED,DNAT > > and > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > ACCEPT all – 0.0.0.0/00.0.0.0/0ctstate > RELATED,ESTABLISHED,DNAT It should be "iptables -n -t raw -L". By default the *filter* table is displayed which is where the connection states are taken into account, which we wanted to avoid. > So, if the packet is already for an established connection, looks like it > will be accepted or forwarded right off the bat. I mistakenly assumed that firewalld handles the dropping in the *raw* or *mangle* table, but while the ipset seem to be matched for in those tables by firewalld, every packet for the zone *drop* seems to be dropped in the *filter* chain where the connection state matching takes place (for RELATED,ESTABLISHED,DNAT). We want to drop packets /before/ that. To fix this, a direct rule inside the *raw* table for matching the ipset should suffice. I did some testing this time and came up with the following: firewall-cmd --permanent --new-ipset=test --type=hash:ip --option=family=inet firewall-cmd --permanent --direct --add-rule ipv4 raw PREROUTING 0 -m set --match-set test src -j DROP firewall-cmd --reload Then either directly via: ipset add test 1.2.3.4 or via firewall-cmd which survives a reboot: firewall-cmd --permanent --ipset=test --add-entry=1.2.3.4 firewall-cmd --reload Both variants immediately dropped my active ssh session when tested with my own IP. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Power Mgmt problem
On Fri, 2020-05-08 at 16:39 -0500, Christopher Marlow wrote: > I am having a problem with Fedora 32.. When my screen blanks off. > When I come back to the computer the screen will flash on for a sec > and > then go black again. But the power light is still green... > > And the only way I can get a picture back is to turn the monitor off > and hold a key down on the keyboard and turn the monitor back on at > the > same time > > its getting worse and worse > > > I had the same problem in 31 right there at the end > right before I upgraded to 32) -- > > I am just wondering if this post came through or not? I just wanted to check back in. Thanks, Chris ch...@cwm030.com Fedora 32 Workstation With XFCE as my preferred desktop ( installed on top of gnome 3) ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
libreoffice calc - sheet deletion blocked
Greetings, I have a 48 tabbed spreadsheet in xlsx format. It was originally created and maintained in libreoffice, occasionally opened in MS Excel. Today, I see that I can't delete specific sheets. This seems to be only currently related to this sheet and no other. I've searched through google, with no answers available that rectify this problem. I've opened the spreadsheet in Excel, and I can't find the appropriate option that controls this. Any advice would be appreciated here. A secondary problem, is that whenever I paste in data, say, from a tab-delimited text file, each cell now has comments (username that inserted the data along with the entry date). Thank you, Max p...@brama.com ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Killing existing connections with firewall-cmd (F31)
Thorsten Schubert writes: On Thu, May 7, 2020 at 12:12 AM Sam Varshavchik wrote: > Is there a way with firewall-cmd to /really/ block an IP address, new or > established connections, or is manually adding an iptables rule my only > option? You can bypass connection tracking for dropping existing connections by adding a rule in the *raw* or *mangle* table when using the iptables backend. The fastest way I know of, is to add a direct rule: A more efficient way would be to use ipsets: firewall-cmd --permanent --zone=drop --add-source=ipset:blacklist firewall-cmd --permanent --ipset=blacklist --add-entry=1.2.3.4 firewall-cmd --permanent --ipset=blacklist --add-entry=4.3.2.1 This should terminate any existing connection and prevent new ones. I haven't done much testing, but this does not seem to be quite right. After creating and adding the ipset, iptables -n -L still shows me: Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all – 0.0.0.0/00.0.0.0/0ctstate RELATED,ESTABLISHED,DNAT and Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all – 0.0.0.0/00.0.0.0/0ctstate RELATED,ESTABLISHED,DNAT So, if the packet is already for an established connection, looks like it will be accepted or forwarded right off the bat. Now, after those, existing rules, rules follow that pull in other chains, such as INPUT_ZONES, and FORWARD_IN_ZONES, where I see a rule referencing the blacklist ipset. So, this will reject new connections, for sure, but looks like packets for existing, established connections will still be forwarded. Or maybe I am misinterpreting what an ACCEPT for "RELATED,ESTABLISHED,DNAT" does. pgpCoyxFZ_9dF.pgp Description: PGP signature ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: network manager is killing me!
On Sat, 9 May 2020 11:12:39 -0400 Mauricio Tavares wrote: > I > would not be surprised if that is dropped before the end of the > year... Yea, I figured installing fedora 32 would be a good time to completely switch to doing things "the right way" so I tried to set everything up with nmcli. Maybe I've got it all correct now (and I have definitely recorded the nmcli commands I used). ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: network manager is killing me!
On Sat, May 9, 2020 at 10:02 AM Tom Horsley wrote: > > Thought I had everything working. I had created a 2nd > bridge for use with virtual machines I want to keep > off my local lan (one of the VMs operating as a > firewall with two ethernets). > > Then I rebooted after installing updates, and I couldn't > talk to anything in the outside world. Aaugh! > > Finally discovered I had two default routes, one (the > one it picked for everything, of course) going through > the 2nd bridge to nowhere. > > Eventually found magic incantation: > > nmcli con modify bifrost ipv4.never-default true > > (bifrost being my 2nd bridge). > > I may eventually get used to network manager, or I > may die of old age. I found out so far networkmanager is honoring my etc/sysconfig/network-scripts/ files in both centos8 and fedora 31: [root@vmhost2 ~]# ls /etc/sysconfig/network-scripts/ ifcfg-dmzbrifcfg-eno1.2 ifcfg-enp4s0f0 ifcfg-enp5s0f1 ifcfg-mgmtbr ifcfg-eno1 ifcfg-eno1.3 ifcfg-enp4s0f1 ifcfg-kubebr ifcfg-eno1.11 ifcfg-eno1.4 ifcfg-enp5s0f0 ifcfg-lanbr [root@vmhost2 ~]# [root@vmhost2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eno1.11 NAME=eno1.11 DEVICE=eno1.11 ONBOOT=yes VLAN=yes BRIDGE=kubebr [root@vmhost2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-kubebr NAME=kubebr DEVICE=kubebr BOOTPROTO=none TYPE=Bridge ONBOOT=yes [root@vmhost2 ~]# [root@vmhost2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-lanbr NAME=lanbr DEVICE=lanbr BOOTPROTO=static TYPE=Bridge ONBOOT=yes DEFROUTE=yes DHCP_HOSTNAME=vhost2.example.com IPADDR=192.168.1.10 PREFIX=24 GATEWAY=1192.168.1.1 DNS1=192.168.1.3 MTU=9014 [root@vmhost2 ~]# which makes setting that up in ansible rather easy. With that said, I would not be surprised if that is dropped before the end of the year... > ___ > users mailing list -- users@lists.fedoraproject.org > To unsubscribe send an email to users-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Need help with a weird kernel update panic.
Roger Heflin writes: I never said that it does not get unmounted, but unmounting does not mean the journal got replayed. Note the first thing ext4/xfs does on a mount/fsck is replays the journal, the read-only mount would replay the journal, but indications are that that fails often enough that the replay does not get done. Also if you have /boot as a separate filesystem no ro,remount is done so the journal is never replayed on /boot. Overall the simplest is just to use something without a journal. That's really strange. Because, like I said, in 20+ years of installing kernels on multiple machines, all sorts of hardware, and immediately rebooting, this never happened to me. pgpQm4M7xsjbp.pgp Description: PGP signature ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
network manager is killing me!
Thought I had everything working. I had created a 2nd bridge for use with virtual machines I want to keep off my local lan (one of the VMs operating as a firewall with two ethernets). Then I rebooted after installing updates, and I couldn't talk to anything in the outside world. Aaugh! Finally discovered I had two default routes, one (the one it picked for everything, of course) going through the 2nd bridge to nowhere. Eventually found magic incantation: nmcli con modify bifrost ipv4.never-default true (bifrost being my 2nd bridge). I may eventually get used to network manager, or I may die of old age. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Need help with a weird kernel update panic.
I never said that it does not get unmounted, but unmounting does not mean the journal got replayed. Note the first thing ext4/xfs does on a mount/fsck is replays the journal, the read-only mount would replay the journal, but indications are that that fails often enough that the replay does not get done. Also if you have /boot as a separate filesystem no ro,remount is done so the journal is never replayed on /boot. Overall the simplest is just to use something without a journal. https://www.gnu.org/software/grub/manual/grub/grub.html see no 28: grub has no code to write to the filesystem (and no journal replay). https://bugzilla.redhat.com/show_bug.cgi?id=1569970 Note On Fri, May 8, 2020 at 11:01 PM Sam Varshavchik wrote: > > Roger Heflin writes: > > > What you are saying does not exactly match what I have previously > > seen, but there is a known feature with using a journaling filesystem > > (ext4-journal, or xfs) for /boot, if only the journal is updated and > > if it is not yet replayed into the non-journal then grub will not be > > able to find the new files/updated files (grub filesystem code is > > simple and does not process the journal so if critical updates are > > still in the journal then those updates(changed file, new files) > > cannot be seen). To get this one generally has to do the update and > > almost immediately reboot (within a few minutes though in some cases, > > note syncing the does not replay the journal). > > I have used ext4 for /boot for 20+ years on Fedora, and can't say that I > ever had this happen. And I always reboot after installing updates. > > > Long term the solution is to move boot to a non-journaled fs (ext > > without a journal) or after each update umount/mount /boot(before > > reboot).. > > I would be very much surprised if a regular reboot does not unmount /boot, > prior to rebooting. I would think that all mounted filesystems except / will > get explicitly unmounted just before a halt or a reboot. > > > ___ > users mailing list -- users@lists.fedoraproject.org > To unsubscribe send an email to users-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: How do you Dual boot with Intel RST - Optane ?
On 5/9/20 1:38 AM, Robert G (Doc) Savage via users wrote: On Thu, 2020-05-07 at 10:49 -0400, sean darcy wrote: My new laptop has Windows 10 installed with the Intel rapid Storage Technology (optane) system chip. Windows is on an nvme drive. FC31 is on a SATA ssd. BIOS allows me to choose AHCI or RST. I must use AHCI to boot the FC31 drive, and RST to boot the Windows drive. Neither will boot with the other. Sigh. 1. Is there a way to get the FC31 drive to boot with RST ? 2. Any way to have the Windows drive boot with AHCI ? sean I have Intel RST "fake RAID" on my Lenovo ThinkPad P72. As delivered, Windows 10 Pro was installed on two 2TB NVMe SSDs in a RAID1 mirror configuration. While I could have also installed a standard notebook SATA SSD, I postponed that idea (see below) and broke the RAID1 mirror instead. The BIOS Storage setting gave me two options: RST or AHCI. The BIOS is wrong. It should say RST or NVMe. SATA or AHCI are not options. And boy are the two raw NVMe drives F-A-S-T I went through all the hand wringing and fear of screwing up something I didn't completely understand at the time. I backed up everything I could think of from Windows 10, and a went to the trouble of getting a Lenovo ThinkPad Windows restoration thumb drive. Happily, once I broke the RAID1 mirror, I was able to boot to a Fedora live ISO on a thumb drive. It could see both /dev/nvme0 and /dev/nvme1 SSDs. The #0 device still contained one half of the mirrored Windows 10 installation. fdisk shows the following detail: # fdisk -l /dev/nvme0n1 Disk /dev/nvme0n1: 1.88 TiB, 2048408248320 bytes, 4000797360 sectors Disk model: SAMSUNG MZVLB2T0HMLB-000L7 Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: gpt Disk identifier: 868B8A59-AF35-48EB-AD4F-0B2966DD92F5 Device StartEndSectors Size Type /dev/nvme0n1p1 2048 534527 532480 260M EFI System /dev/nvme0n1p2 534528 567295 32768 16M Microsoft reserved /dev/nvme0n1p3 567296 3998748671 3998181376 1.9T Microsoft basic data /dev/nvme0n1p4 3998748672 40007966712048000 1000M Windows recovery environment This frees /dev/nvme1n1 for a normal installation from a live CD image. It will set up GRUB2 for a Windows + Fedora dual boot. When installed, your second NVMe drive should be partitioned something like this: # fdisk -l /dev/nvme1n1 Disk /dev/nvme1n1: 1.88 TiB, 2048408248320 bytes, 4000797360 sectors Disk model: SAMSUNG MZVLB2T0HMLB-000L7 Units: sectors of 1 * 512 = 512 bytesSector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: gpt Disk identifier: D02F3FF2-CE20-43A2-A2E2-92053E91D817 Device StartEndSectors Size Type /dev/nvme1n1p12048 411647 409600 200M EFI System /dev/nvme1n1p2 411648250879920971521G Linux filesystem /dev/nvme1n1p3 2508800 4000796671 3998287872 1.9T Linux LVM As I indicated above, I later installed a 4TB SATA internal drive in an expansion space inside the P72. I had to buy a wiring adapter to connect the SATA drive to the P72's internal chassis wiring. That wiring doesn't come instsalled from the factory. I got the kit from EggHead. Hope this helps. --Doc Savage Fairview Heights, IL Very interesting. Are you now able to boot into Windows on nvme0 from grub ? sean ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Need help with a weird kernel update panic.
Ok, I think I've finally managed to remove the journal on /boot. I did it by rebooting into an old F30 boot media in troubleshooting mode using 'tune2fs -O ^has_journal'. I was unable to do this on the disk even in single user mode, as it always marked the /boot partition as unclean, and always had /proc/fd/* files open. This machine was upgraded all the way back from F23 to F32, so this odd behaviour may be an artifact of this history. Now I need to wait for the next kernel upgrade, and see if that change fixes my crash/panic issue. Waiting and watching. Thanks for the pointer! On 2020-05-08 12:11 p.m., Roger Heflin wrote: A sync will flush the writes to the journal were the data is safe. It will not force a replay of the journal. Nothing except removing the journal from the ext4 filesystem will fix it. This is not a fedora bug, this is a long standing kernel/grub/filesystem interaction bug (all who use a journaled filesystem have this bug). See tune2fs and something like -O ^has_journal will turn off the journal. It has to be done unmounted and verify that your fstab entry will remounted it. Check /proc/mounts having data=XXX (probably ordered) says you have a journal, after the umount+above tune2fs+remount the data=ordered will be gone. On Fri, May 8, 2020 at 10:53 AM John Mellor wrote: Interesting! This machine does reboot in about 5secs and the other machines take longer, so it makes sense. My /boot is mounted just like /home and / as follows: /dev/sda1 on /boot type ext4 (rw,relatime,seclabel) I assume that a symple sync would flush the journal. Its pretty easy to do a sync;sync if updating using the CLI, but not possible when using the GUI. Is this a Fedora bug where the journal is not correctly flushed on the reboot? Should I modify that mount entry or do achattr change to workaround the bug? On 2020-05-08 11:11 a.m., Roger Heflin wrote: What you are saying does not exactly match what I have previously seen, but there is a known feature with using a journaling filesystem (ext4-journal, or xfs) for /boot, if only the journal is updated and if it is not yet replayed into the non-journal then grub will not be able to find the new files/updated files (grub filesystem code is simple and does not process the journal so if critical updates are still in the journal then those updates(changed file, new files) cannot be seen). To get this one generally has to do the update and almost immediately reboot (within a few minutes though in some cases, note syncing the does not replay the journal). The fix is to boot up with a kernel that it can still find and/or livecd and mount /boot so that the journal gets replayed, or fsck boot so that the journal gets replayed. Long term the solution is to move boot to a non-journaled fs (ext without a journal) or after each update umount/mount /boot(before reboot).. If /boot is not separated then you cannot umount/mount it to get the journal to replay. There is a second method to force a journal replay, but reports say that one often "hangs" when /boot is not separate so is not a reliable solution.There were some detailed posts on this several years ago with reliable commenters confirming the behavior. I have also personally seen the issue a number of times and mount /boot and/or fscking corrects it (replays journal). On Fri, May 8, 2020 at 8:52 AM John Mellor wrote: I have one completely stock workstation F32 machine where kernel updates almost always cause a multiple-reboot panic problem. This problem also occurred on F31, but not on releases before that. I'm stumped and need some help in figuring it out. The symptoms vary in the number of reboots and the type of tertiary error, but are otherwise pretty similar. It does not matter whether I use the Gnome update app or the CLI dnf method. After a number of reboots, the upgrade succeeds and Fedora behaves nortmally again. I think that this only happens whenever the kernel is upgraded. What I observe is that the machine is rebooted and on reboot, grub (I think) gets a halt for a 32-bit relocation error. This sequence may happen twice. Its an i7 with plenty of memory and an SSD boot disk, so the 32-bit thing is confusing. To get around this error, I powercycle the box and get into the next stage of the problem. One the 2nd or 3rd reboot, I usually see a halt with an access outside of the kernel space, although with the update this morning, I had a kernel panic instead. Cold-booting again, and the update is installed, and the last reboot and I'm up on the new updates. After that, the machine behaves normally until the next kernel updates. I assume that there is some incorrectly-asynchronous operation in grub related to the update entry, but I can find no grub logs to dig into this problem. I have several other machines that do not see this problem. I dug around in the fedora bugs, but not knowing what to look for, I'm basically blind. Its a pretty serious bug,
Re: Working! - Re: user crontab
On 5/8/20 9:41 PM, Cameron Simpson wrote: On 08May2020 20:32, Samuel Sieb wrote: On 5/8/20 4:32 PM, Cameron Simpson wrote: On 08May2020 11:15, Robert Moskowitz wrote: I added inserting a Date: line and switched to using sed: local]# cat mycron #!/bin/sh currentDate="$(date +'%a %b %d %T %Y')" You don't need the double quotes. The shell parser recognises the assignment statement _before_ breaking things on whitespace. That's not entirely true. It will compress whitespace in the output if you don't use quotes. $(date +'%a %b %d %T %Y') $(date +'%a %b %d %T %Y') will end up exactly the same without the double quotes around it. It is entirely true. The collapsing happens when you _use_ the values: Sorry, you are correct. I got tripped up by how I used the variable after setting it. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
