network manager is killing me!
by Tom Horsley
Thought I had everything working. I had created a 2nd
bridge for use with virtual machines I want to keep
off my local lan (one of the VMs operating as a
firewall with two ethernets).
Then I rebooted after installing updates, and I couldn't
talk to anything in the outside world. Aaugh!
Finally discovered I had two default routes, one (the
one it picked for everything, of course) going through
the 2nd bridge to nowhere.
Eventually found magic incantation:
nmcli con modify bifrost ipv4.never-default true
(bifrost being my 2nd bridge).
I may eventually get used to network manager, or I
may die of old age.
3 years, 11 months
Run rpm %preun script in unconfined SELinux context
by Sam Varshavchik
My knowledge and understanding of selinux is not very deep, but I'm trying
to run the box in enforcing mode.
A %preun script in my rpm package is failing. It's running a binary that
sends a signal to a running process, and SELinux blocks the signal:
Raw Audit Messages
type=AVC msg=audit(1589082060.526:1156): avc: denied { signal } for
pid=672912 comm="courierlogger"
scontext=unconfined_u:unconfined_r:system_mail_t:s0-s0:c0.c1023
tcontext=system_u:system_r:unconfined_service_t:s0 tclass=process
permissive=0
When the signal fails, sigkill is tried again, which is also blocked:
Raw Audit Messages
type=AVC msg=audit(1589082160.527:1172): avc: denied { sigkill } for
pid=672912 comm="courierlogger"
scontext=unconfined_u:unconfined_r:system_mail_t:s0-s0:c0.c1023
tcontext=system_u:system_r:unconfined_service_t:s0 tclass=process
permissive=0
The binary that's sending the signals:
$ ls -alZ /usr/sbin/courierlogger
-rwxr-xr-x. 1 daemon daemon system_u:object_r:courier_exec_t:s0 25296 May 9
23:19 /usr/sbin/courierlogger
This is not my SELinux policy that labeled this binary. Apparently Fedora
has a selinux policy that decided to show up here, but something is not
working correctly.
That binary is attempting to sigkill this process:
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 673700 673699 0
00:14 ? 00:00:00 /usr/lib/courier/sbin/couriertcpd -address=0 -maxprocs=40 -
maxperip=4 -access=/etc/courier/imapaccess.dat -nodnslookup -noidentlookup
The process is running as unconfined_t. Again, my rpm packages do not have
any selinux configuration in them, this is all, apparently, something stock
that came with Fedora.
As best as I can figure out what's going on here: the %preun is in an rpm
subpackage. The main rpm package starts all the daemons from a system unit,
and they run as unconfined. The subpackage's %preun runs a script that
runs this binary that signals the existing process, but the %preun script
executes in some kind of a confined state.
There is no issue using "systemctl stop" to stop the entire group of
processes, only with using a script that attempts to signal one of process
to gracefully shut itself down. Looking for ideas how to get this working. I
think I need a way to run %preun scripts as unconfined, but I'm not sure. I
haven't had much luck trying to find useful selinux documentation.
3 years, 11 months
Arora browser failing under F32
by Beartooth
I keep a drawer on a panel full of launchers for browsers. Twice
I've tried for Arora from there, and once from the Main Menu. All three
times it started, showing one tab, trying to go to fedoraproject.org, and
closed again without getting anywhere.
I did a dnf reinstall; that completed normally, but didn't help.
The little box reporting trouble showed, but said nothing, and also
closed without offering either to dump any data or to send anything to
RedHat.
The same happened on another F32 machine, but not on one running
F31.
--
Beartooth Staffwright, Not Quite Clueless Power User
Remember I know little (precious little!) of where up is.
3 years, 11 months
Killing existing connections with firewall-cmd (F31)
by Sam Varshavchik
My intertubes connectivity goes through a dual-NIC host that does NATing for
my LAN.
tcpdump gives me the offending IP address every time something on my LAN
start spewing crap and saturates my upstream bandwidth; and I have a built-
in script for this:
firewall-cmd --add-rich-rule "rule family=ipv4 source address=$1 reject"
firewall-cmd --add-rich-rule "rule family=ipv4 destination address=$1 reject"
This usually does the trick, but it looks to me like this is only blocks new
connections.
Something on someone's phone, started spewing to an IP address today and
kept spewing after I added these rules.
Looking through the output of iptables -n -L, I see a rule that accepts an
ESTABLISHED connection:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 ctstate
RELATED,ESTABLISHED,DNAT
That's the first rule that hits INPUT. I found the rule with the blocked IP
address in "Chain IN_FedoraServer_deny". I'm not 100% up to speed on
iptables, but it does look to me like only new connections gets blocked.
Is there a way with firewall-cmd to /really/ block an IP address, new or
established connections, or is manually adding an iptables rule my only
option?
3 years, 11 months
VDQ Thumb drive software
by Beartooth
I'm pretty sure the Fedora machine I want to use to put something
onto a thumb drive doesn't have the thumb drive software installed to do
so. But I've searched dnfdragora up one side and down the other without
finding it. What is it called? Pretty please?
--
Beartooth Staffwright, Not Quite Clueless Power User
Remember I know little (precious little!) of where up is.
3 years, 11 months
libreoffice calc - sheet deletion blocked
by Max Pyziur
Greetings,
I have a 48 tabbed spreadsheet in xlsx format. It was originally created
and maintained in libreoffice, occasionally opened in MS Excel.
Today, I see that I can't delete specific sheets. This seems to be only
currently related to this sheet and no other.
I've searched through google, with no answers available that rectify this
problem. I've opened the spreadsheet in Excel, and I can't find the
appropriate option that controls this. Any advice would be appreciated
here.
A secondary problem, is that whenever I paste in data, say, from a
tab-delimited text file, each cell now has comments (username that
inserted the data along with the entry date).
Thank you,
Max
pyz(a)brama.com
3 years, 11 months
More 686 woe
by Beartooth
I've just tried to upgrade another (and much more important)
machine -- and hit the mate-panel 686 snag again:
Error: Transaction test error:
file /usr/share/mate-panel/applets/org.mate.panel.ClockApplet.mate-
panel-applet conflicts between attempted installs of mate-
panel-1.24.0-4.fc32.i686 and mate-panel-1.24.0-4.fc32.x86_64
file /usr/share/mate-panel/applets/org.mate.panel.FishApplet.mate-panel-
applet conflicts between attempted installs of mate-
panel-1.24.0-4.fc32.i686 and mate-panel-1.24.0-4.fc32.x86_64
file /usr/share/mate-panel/applets/
org.mate.panel.NotificationAreaApplet.mate-panel-applet conflicts between
attempted installs of mate-panel-1.24.0-4.fc32.i686 and mate-
panel-1.24.0-4.fc32.x86_64
file /usr/share/mate-panel/applets/org.mate.panel.Wncklet.mate-panel-
applet conflicts between attempted installs of mate-
panel-1.24.0-4.fc32.i686 and mate-panel-1.24.0-4.fc32.x86_64
This is AFTER running with ' --skip-broken --allowerasing'
--
Beartooth Staffwright, Not Quite Clueless Power User
Remember I know little (precious little!) of where up is.
3 years, 11 months
Browser list?
by Beartooth
I like trying out browsers, but I remember dependency hell too
strongly to risk it again.
I have installed Opera (which I've run and liked since before
Fedora) and Vivaldi which I liked the sound of; and both of them (once
you find the rpm versions) have repos that Fedora/dnf can use.
I also thought, only just now, to try searching 'browser' in
dnfdragora, and did find a couple, which I installed and will play with.
Anybody know any others?
--
Beartooth Staffwright, Not Quite Clueless Power User
Remember I know little (precious little!) of where up is.
3 years, 11 months
LibreOffice print dialog too tall for my screen
by Robert Moskowitz
F30 with Xfce
Screen size 1280 x 768
The dialog goes from just below the top panel to below the bottom of the
screen so the print button is lost.
I cannot resize this dialog. It is locked. I cannot get it to move up
the screen (releases ago I had a similar problem and there was some
magic key combination to make this possible?)
There are only 2 tabs on the top of the dialog for General and
LibreOffice Writer. Back in F30 there were 4 tabs and the dialog box
was much shorter.
I cannot find any way to configure this dialog nor move it around.
And I need to print something...
Help?
3 years, 11 months
reading bluray data disk
by Steve Berg
I've got some data saved to blu-ray BD-R disks that won't read. Loading
a video DVD works, the system mounts it and I can see the files. But
when I pop in one of these BD-R disks nothing, the system doesn't see
the media at all. I'm positive it's a BluRay drive, pretty sure it's
the same drive I used to burn these disks a couple years ago.
I did recently reinstall this system with F32 so I might be missing
software needed to read, but haven't figured out what that might be
yet. These disks are just data, no encryption of any sort. Anyone have
any idea what could cause this?
--
//- Fixer of that which is broke -//
//- Home = sberg(a)mississippi.com -//
//- Sinners can repent, but stupid is forever. -//
3 years, 11 months
