dhcp failover with selinux enabled
by Sam Varshavchik
Does anyone happen to know if the dhcp failover configuration that's
documented here: https://kb.isc.org/docs/aa-00502 is supported by Fedora's
selinux policy. Perusing it, failover seems to use a dedicated port(s), so
selinux needs to bless dhcp's binding to that port(s).
I couldn't figure out what is or isn't in Fedora's selinux polixy by
searching what's in the selinux-policy-targeted and selinux-policy-devel
rpms; and I was unable to find any useful selinux documentation, either in
the supplied rpm or web searches.
It would be nice to know this in advance before attempting to wreck my LAN
for an afternoon, trying to get this to work with selinux enabled.
I thought I could determine whether Fedora's selinux with respect to dhcp
and ports 647 and 7911 (the dhcpd.conf man pages makes it clear that ports
519 and 520 from the above docs are outdated) by figuring out where is the
selinux policy restricts privoxy to port 8118; but a grep of all the files
in selinux-policy-targeted or selinux-policy-devel finds nothing that
appears to specify that the privoxy_t domain is allowed to bind port 8118.
The selinux-doc RPM appears to be just robo-generated documentation that
just repeats the stuff that I found in the other RPMs.
4 years, 4 months
upgrade does not take
by ToddAndMargo
Hi All,
After initiating "dnf system-upgrade reboot", my system
reboots, prompts me for my LUKS password, then pops up
"Upgrading you system 0%". Seconds later it reboot and
I am back in Fedora 30.
I have completely removed qemu everything and virt everything.
Any words of wisdom?
Many thanks,
-T
This is what I have been following
FC 30 -->> FC 31:
https://docs.fedoraproject.org/en-US/quick-docs/dnf-system-upgrade/
# rpm --rebuilddb
# rpm -Va --nofiles --nodigest
if anything is too new, do a
# dnf downgrade offender(s)
# dnf --enablerepo=* update --refresh
# dnf install python3-dnf-plugin-system-upgrade
# dnf system-upgrade download --refresh --releasever=31 --allowerasing
--best
# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-31-primary
# dnf clean packages <-- optional
# dnf system-upgrade reboot
4 years, 4 months
F30->F31 systemd-networkd no IPv6 autoconfiguration
by Anthony Joseph Messina
After a successful "dnf systemd upgrade" F30->F31, I'm finding that a few of my machines which use systemd-networkd instead of NetworkManager are no longer autoconfiguring IPv6 addresses. I also noticed that even though NetworkManager is disabled, it is initiated in early boot, which I'm not sure is related.
It appears as though the system isn't assigning the link-local address and therefore can't communicate via IPv6. If anyone has any pointers on where to begin, I'd appreciate it. Thanks. -A
Both systems below use the following /etc/systemd/network/10-wired-dhcp.network:
[Match]
Name=en*
[Network]
DHCP=yes
IPv6PrivacyExtensions=yes
A system that IS working with systemd-networkd displays the following debug output:
eno1: New device has no master, continuing without
eno1: Flags change: +UP +LOWER_UP +RUNNING +MULTICAST +BROADCAST
eno1: Link 2 added
eno1: udev initialized link
eno1: State changed: pending -> initialized
eno1: Saved original MTU: 1500
eno1: Remembering foreign address: fe80::f64d:30ff:fe6e:2cf5/64 (valid forever)
eno1: Gained IPv6LL
eno1: Remembering route: dst: ff00::/8, src: n/a, gw: n/a, prefsrc: n/a, scope: global, table: local, proto: boot, type: unicast
eno1: Remembering route: dst: fe80::f64d:30ff:fe6e:2cf5/128, src: n/a, gw: n/a, prefsrc: n/a, scope: global, table: local, proto: kernel, type: local
eno1: Remembering route: dst: fe80::/64, src: n/a, gw: n/a, prefsrc: n/a, scope: global, table: main, proto: kernel, type: unicast
eno1: Remembering updated address: fe80::f64d:30ff:fe6e:2cf5/64 (valid forever)
eno1: Updating remembered route: dst: fe80::f64d:30ff:fe6e:2cf5/128, src: n/a, gw: n/a, prefsrc: n/a, scope: global, table: local, proto: kernel, type: local
eno1: Link state is up-to-date
eno1: found matching network '/etc/systemd/network/10-wired-dhcp.network'
Setting '/proc/sys/net/ipv6/conf/eno1/disable_ipv6' to '0'
eno1: IPv6 successfully enabled
Setting '/proc/sys/net/ipv6/conf/eno1/proxy_ndp' to '0'
Setting '/proc/sys/net/ipv6/conf/eno1/use_tempaddr' to '2'
Setting '/proc/sys/net/ipv6/conf/eno1/accept_ra' to '0'
eno1: Started LLDP.
eno1: Setting address genmode for link
eno1: Acquiring DHCPv4 lease
eno1: Discovering IPv6 routers
eno1: State changed: initialized -> configuring
eno1: Acquiring DHCPv6 lease on NDisc request
Another system that is not working displays the following debug output (note the missing Remembering foreign address and Gained IPv6LL lines):
eno1: New device has no master, continuing without
eno1: Flags change: +UP +LOWER_UP +RUNNING +MULTICAST +BROADCAST
eno1: Link 2 added
eno1: udev initialized link
eno1: State changed: pending -> initialized
eno1: Saved original MTU: 1500
eno1: Remembering route: dst: ff00::/8, src: n/a, gw: n/a, prefsrc: n/a, scope: global, table: local, proto: boot, type: unicast
eno1: Link state is up-to-date
eno1: found matching network '/etc/systemd/network/10-wired-dhcp.network'
eno1: IPv6 successfully enabled
eno1: Started LLDP.
eno1: Setting address genmode for link
eno1: Acquiring DHCPv4 lease
eno1: State changed: initialized -> configuring
--
Anthony - https://messinet.com
F9B6 560E 68EA 037D 8C3D D1C9 FF31 3BDB D9D8 99B6
4 years, 4 months
xdg-desktop-portal?
by Tom Horsley
After running fedora 31 for a day or so, I now have thousands
of lines of this in my messages log:
Nov 3 12:43:21 zooty xdg-desktop-por[33248]: Failed to get application states: GDBus.Error:org.freedesktop.portal.Error.Failed: Could not get window list: Cannot invoke method; proxy is for the well-known name org.gnome.Shell without an owner, and proxy was constructed with the G_DBUS_PROXY_FLAGS_DO_NOT_AUTO_START flag
How do I make xdg-desktop-portal go away and stop bothering me?
(I'm not running gnome shell, I'm running a custom fvwm session,
but systemd starts this junk anyway in my user deamon).
4 years, 4 months
Root Forced to Comply With Password Complexity Requirements
by Garry Williams
When did this start?
garry@ifr$ sudo passwd ppatel
Changing password for user ppatel.
New password:
BAD PASSWORD: The password is shorter than 8 characters
New password:
BAD PASSWORD: The password is shorter than 8 characters
New password:
BAD PASSWORD: The password fails the dictionary check - it is based on a dic
tionary word
passwd: Have exhausted maximum number of retries for service
garry@ifr$
The root user cannot set whatever password he wants on his machine?
Since when?
I wanted to assign a temporary password for a new user and then do
sudo passwd -e ppatel
to force it to be changed. For the new user, enforcing password
complexity is, I guess, OK. But for root? And why bail after three
tries to get a compliant password? That seems capricious (not to
mention irritating) to me.
How do I revert this unwelcome change?
System log shows up errors, too:
Oct 31 16:59:26 ifr sudo[130692]: pam_unix(sudo:session): session opened for
user root by garry(uid=0)
Oct 31 16:59:26 ifr passwd[130694]: pam_pwquality(passwd:chauthtok): pam_par
se: unknown or broken option; local_users_only
Oct 31 16:59:26 ifr passwd[130694]: pam_pwquality(passwd:chauthtok): pam_par
se: unknown or broken option; retry=3
Oct 31 16:59:26 ifr passwd[130694]: pam_pwquality(passwd:chauthtok): pam_par
se: unknown or broken option; local_users_only
Oct 31 16:59:26 ifr passwd[130694]: pam_pwquality(passwd:chauthtok): pam_par
se: unknown or broken option; retry=3
Oct 31 16:59:57 ifr passwd[130694]: gkr-pam: couldn't update the login keyri
ng password: no old password was entered
Oct 31 16:59:59 ifr sudo[130692]: pam_unix(sudo:session): session closed for
user root
--
Garry Williams
4 years, 4 months
trouble with Fedora 31, notebook, and nvidia
by D. Hugh Redelmeier
I bought a used notebook which came with an Nvidia GPU and I haven't
managed to get it to work with Fedora.
Computer: Dell XPS 15 9580. UltraHD screen. Nvidia GFX 1050 mobile GPU.
1) Fedora 30 installation medium hung.
2) tried Fedora 31 beta. Hung the same way.
3) it seems that nouveau is to blame. Solution: add kernel parameter
nouveau.kms=0.
4) installed Fedora 31 beta. (I've kept it updated, so it is now Fedora 31
non-beta)
Problems:
a) I don't get the advantage of the fast GPU (and the chance of using it
for GPU computing). This isn't an urgent concern.
b) the GPU is apparently powered up and generating heat. This runs down
my battery and causes the fan to run.
Solution?:
i) Install proprietary nvidia driver. I used the negativo17
repositories.
ii) Install BumbleBee to allow switching between the Intel IGPU and the
Nvidia GPU. (I don't think that I've actually used BumbleBee yet.)
Problem:
System hangs on boot when the kernel has nvidia modules (which I've
only done for some kernels, thank goodness).
If I disable Wayland (in /etc/gdm/custom.conf set WaylandEnable to
false), I can boot a kernel with nvidia modules. GDM (the loging
screen) works. It is known that the Nvidia proprietary drives don't
work with Wayland.
If the kernel has nvidia modules, once I log in through GDM, the
machine locks up hard. In particular, I've done this while an SSH
session is also logged in from another machine. That session is
frozen too.
I *think* that the /etc/gdm/custom.conf setting should also prevent
Wayland from being used during the session post-GDM but I don't really
have a way of checking.
==> Is wayland disabled for the session or do I need other magic?
The latest system log entries are lost since the machine freezes
without flushing various filesystem caches.
Any suggestions?
4 years, 4 months
Fedora 30 Copy/Paste Not Working
by das
Hello Dear Friends
Copying something from a browser window (Firefox) and pasting it on a
terminal (Xfce, Gnome, Mate) was not working . Then I discovered
copy/paste is not working anywhere, Gedit, Libreoffice and such.
Then I searched the Net and got this link:
http://irawoodring.net/fedora-xfce4-and-clipit-wayland/
After that I made an 'Exit' from the running instance of Clippit and
now copy/paste works. Later I will do the 'dnf remove clippit' and
'shutdown -r now'.
Thought it may help someone else like me.
--
দাশ das
http://ddts.randomink.org/
4 years, 4 months
qemu upgrade to fc31 problem
by ToddAndMargo
Hi All,
Fedora 30, attempting to upgrade to Fedora 31
# dnf system-upgrade download --refresh --releasever=31 --allowerasing
--best
Error:
Problem: cannot install the best update candidate for package
qemu-system-x86-core-2:4.1.0-4.fc30.x86_64
- problem with installed package
qemu-system-x86-core-2:4.1.0-4.fc30.x86_64
- package qemu-system-x86-core-2:4.1.0-5.fc31.x86_64 requires
libvirglrenderer.so.0()(64bit), but none of the providers can be installed
- package qemu-system-x86-core-2:4.1.0-2.fc31.x86_64 requires
libvirglrenderer.so.0()(64bit), but none of the providers can be installed
- cannot install the best update candidate for package
virglrenderer-0.8.0-1.20191002git4ac3a04c.fc30.x86_64
- cannot install both
virglrenderer-0.7.0-4.20190424gitd1758cc09.fc31.x86_64 and
virglrenderer-0.8.0-1.20191002git4ac3a04c.fc31.x86_64
- qemu-system-x86-core-2:4.1.0-4.fc30.x86_64 does not belong to a
distupgrade repository
(try to add '--skip-broken' to skip uninstallable packages)
"--skip-broken" gives the same error. So does adding
"--enablerepo=*"
Any words of wisdom?
Many thanks,
-T
4 years, 4 months
I say thanks for F31
by sixpack13
thanks for a new release of Fedora to all involved people that make this happen [1]
to me F31 had been working since first beta without any error's, etc..
very nice !!!
[1]
maybe it comes somewhat late, but...
4 years, 4 months
Fedora31 install problem -
by Bob Goodwin
.
I have been trying to install Fedora 31XFCE Spin. I've spent more time
at it than I care to admitbut can"t get the Anaconda installer to see a
clear one terabyte drive. I re-partitioned it with Gparted and gave it
an ext4 file system. The problem seems to be that I don't want LVM,
choosing Standard Partition instead. It seems to want to reformat and
install ext4 again? That's ok but it never happens ...
It just keeps showing 0B used and 0B of free space?
Does anyone know what I may be doing wrong? Is there a command line
method to do the install instead of the GUI?
Bob
--
Bob Goodwin - Zuni, Virginia, USA
4 years, 4 months