Re: apparmor="DENIED" operation="open" profile="/usr/lib/ipsec/charon" name="/run/NetworkManager/resolv.conf"

2020-03-21 Thread Reco 
Hi.

On Sat, Mar 21, 2020 at 01:44:21AM +0100, rudu wrote:
> I searched the web with as many keywords as I could think of, to no avail ... 
> for me.

You should've searched for aa-logprof.


> What I figure out is the problem is that somehow, apparmor denies to 
> network-manager the ability to provide a valid resolv.conf file.
> So ipsec can't add a DNS server to my VPN connection.

For that particular file it's:

echo "/run/NetworkManager/resolv.conf rwk" \
>> /etc/apparmor.d/local/usr.lib.ipsec.charon
aa-complain /usr/lib/ipsec/charon
aa-enforce /usr/lib/ipsec/charon

Reco

Re: apparmor="DENIED" operation="open" profile="/usr/lib/ipsec/charon" name="/run/NetworkManager/resolv.conf"

2020-03-21 Thread Reco 
On Sat, Mar 21, 2020 at 10:52:53AM +0300, Reco wrote:
> > What I figure out is the problem is that somehow, apparmor denies to 
> > network-manager the ability to provide a valid resolv.conf file.
> > So ipsec can't add a DNS server to my VPN connection.
> 
> For that particular file it's:

Forgot a coma:

echo "/run/NetworkManager/resolv.conf rwk," \
>> /etc/apparmor.d/local/usr.lib.ipsec.charon
aa-complain /usr/lib/ipsec/charon
aa-enforce /usr/lib/ipsec/charon
 
Reco

Re: Applet to find internet status

2020-03-21 Thread Joe 
On Fri, 20 Mar 2020 22:18:26 +
Bhasker C V  wrote:

> But we could use an external IP to communicate ... like 1.1.1.1 or
> curl to some known website to confirm that internet works (which will
> include the system proxy settings).

I did that some years ago, when I had a slightly dubious router which
occasionally needed rebooting. It's not quite as simple as that. I've
seen the router in a state where it would return data from some
websites and not others, and garbled data, when it would pass pings
(which I tried first, of course) but not HTML, and other odd conditions.

I ended up with curl reading six websites, actually returning text and
checking it for accuracy, if one failed then try the next and so on. If
all six were down, reboot. Sometimes quite well-known sites do go down
for a short time, and sometimes they change their text, though I tried
to pick pages that were unlikely to change. There was a read every five
minutes, and I rotated the order of sites so that when all was well,
they would only be read twice an hour, to try and avoid getting
blacklisted anywhere. 

I got to that stage after some weeks, and it seemed quite robust for
a couple of years.

-- 
Joe

DisplayLink install issue plus evdi-dkms install error

2020-03-21 Thread Marcelo Laia 
Dear Debian Guys!


I am try to install DisplayLink on my Debian notebook Dell Inspiron
I15-5547-A20.

However, I have issues.

This is the steps I does:

1. git clone https://github.com/AdnanHodzic/displaylink-debian.git

2. cd displaylink-debian/ && sudo ./displaylink-debian.sh

Here, I got the message:

root@marcelo:/home/marcelo/Downloads/displaylink-debian# ./displaylink-debian.sh
Can't open display 
root@marcelo:/home/marcelo/Downloads/displaylink-debian# 
root@marcelo:/home/marcelo/Downloads/displaylink-debian# 
./displaylink-debian.sh --debug
Can't open display 
root@marcelo:/home/marcelo/Downloads/displaylink-debian#

I close my session and relogin with Classic Gnome. No success!

I close my session and relogin with Gnome with Xorg. No success, too!

I try to install evdi-dkms and got error messages:

root@marcelo:/home/marcelo/Downloads/displaylink-debian# cat 
/var/lib/dkms/evdi/1.6.4+dfsg/build/make.log
DKMS make.log for evdi-1.6.4+dfsg for kernel 5.4.0-4-amd64 (x86_64)
sáb mar 21 04:25:41 -03 2020
make: Entering directory '/usr/src/linux-headers-5.4.0-4-amd64'
  AR  /var/lib/dkms/evdi/1.6.4+dfsg/build/built-in.a
  CC [M]  /var/lib/dkms/evdi/1.6.4+dfsg/build/evdi_drv.o
  CC [M]  /var/lib/dkms/evdi/1.6.4+dfsg/build/evdi_modeset.o
  CC [M]  /var/lib/dkms/evdi/1.6.4+dfsg/build/evdi_connector.o
  CC [M]  /var/lib/dkms/evdi/1.6.4+dfsg/build/evdi_encoder.o
In file included from /var/lib/dkms/evdi/1.6.4+dfsg/build/evdi_encoder.c:18:
/var/lib/dkms/evdi/1.6.4+dfsg/build/evdi_drv.h:23:10: fatal error: 
linux/reservation.h: Arquivo ou diretório inexistente
   23 | #include 
  |  ^
compilation terminated.
make[2]: *** [/usr/src/linux-headers-5.4.0-4-common/scripts/Makefile.build:271: 
/var/lib/dkms/evdi/1.6.4+dfsg/build/evdi_encoder.o] Error 1
make[2]: ** Esperando que outros processos terminem.
In file included from /var/lib/dkms/evdi/1.6.4+dfsg/build/evdi_connector.c:20:
/var/lib/dkms/evdi/1.6.4+dfsg/build/evdi_drv.h:23:10: fatal error: 
linux/reservation.h: Arquivo ou diretório inexistente
   23 | #include 
  |  ^
compilation terminated.
In file included from /var/lib/dkms/evdi/1.6.4+dfsg/build/evdi_modeset.c:22:
/var/lib/dkms/evdi/1.6.4+dfsg/build/evdi_drv.h:23:10: fatal error: 
linux/reservation.h: Arquivo ou diretório inexistente
   23 | #include 
  |  ^
compilation terminated.
make[2]: *** [/usr/src/linux-headers-5.4.0-4-common/scripts/Makefile.build:271: 
/var/lib/dkms/evdi/1.6.4+dfsg/build/evdi_connector.o] Error 1
make[2]: *** [/usr/src/linux-headers-5.4.0-4-common/scripts/Makefile.build:271: 
/var/lib/dkms/evdi/1.6.4+dfsg/build/evdi_modeset.o] Error 1
In file included from /var/lib/dkms/evdi/1.6.4+dfsg/build/evdi_drv.c:16:
/var/lib/dkms/evdi/1.6.4+dfsg/build/evdi_drv.h:23:10: fatal error: 
linux/reservation.h: Arquivo ou diretório inexistente
   23 | #include 
  |  ^
compilation terminated.
make[2]: *** [/usr/src/linux-headers-5.4.0-4-common/scripts/Makefile.build:271: 
/var/lib/dkms/evdi/1.6.4+dfsg/build/evdi_drv.o] Error 1
make[1]: *** [/usr/src/linux-headers-5.4.0-4-common/Makefile:1665: 
/var/lib/dkms/evdi/1.6.4+dfsg/build] Error 2
make: *** [/usr/src/linux-headers-5.4.0-4-common/Makefile:179: sub-make] Error 2
make: Leaving directory '/usr/src/linux-headers-5.4.0-4-amd64'
root@marcelo:/home/marcelo/Downloads/displaylink-debian# 

I have filled a bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954396

Please, have any clue, suggestion, advise?

Thank you a lot!

Marcelo

Re: apparmor="DENIED" operation="open" profile="/usr/lib/ipsec/charon" name="/run/NetworkManager/resolv.conf"

2020-03-21 Thread rudu 

Le 21/03/2020 à 08:56, Reco a écrit :

On Sat, Mar 21, 2020 at 10:52:53AM +0300, Reco wrote:

What I figure out is the problem is that somehow, apparmor denies to 
network-manager the ability to provide a valid resolv.conf file.
So ipsec can't add a DNS server to my VPN connection.

For that particular file it's:

Forgot a coma:

echo "/run/NetworkManager/resolv.conf rwk," \
>> /etc/apparmor.d/local/usr.lib.ipsec.charon
aa-complain /usr/lib/ipsec/charon
aa-enforce /usr/lib/ipsec/charon
  
Reco


Thank you very much Reco, you taught me something I had to know indeed.
Apparmor isn't installed on my laptop, but it is on my desktop and I 
wasn't aware of this.

It explains why I hadn't experienced any problem setting up the laptop.

I had to install apparmor-utils on my desktop though, it wasn't there so 
neither were

the aa-logprof, aa-complain and aa-enforce commands (among others).

So I read some docs online to understand the general idea, then :
birdynam:~# echo "/run/NetworkManager/resolv.conf rwk," >> 
/etc/apparmor.d/local/usr.lib.ipsec.charon

birdynam:~# cat /etc/apparmor.d/local/usr.lib.ipsec.charon
/run/NetworkManager/resolv.conf rwk,
birdynam:~# systemctl restart apparmor.service
birdynam:~# ipsec restart
Stopping strongSwan IPsec...
Starting strongSwan 5.8.2 IPsec [starter]...
birdynam:~# ipsec up protonvpn
[...]
scheduling reauthentication in 9993s
maximum IKE_SA lifetime 10533s
installing DNS server 10.6.9.1 to /etc/resolv.conf
installing new virtual IP 10.6.6.11
selected proposal: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
CHILD_SA protonvpn{1} established with SPIs c14ac58d_i c5737b8a_o and TS 
10.6.6.11/32 === 0.0.0.0/0
received AUTH_LIFETIME of 27883s, reauthentication already scheduled in 
9993s

peer supports MOBIKE
connection 'protonvpn' established successfully
birdynam:~#

Et voilà !!
Now I'm surfing through my protonvpn access.

Again thanks a lot Reco

Rudu

Re: DisplayLink install issue plus evdi-dkms install error

2020-03-21 Thread deloptes 
Marcelo Laia wrote:

> I try to install evdi-dkms and got error messages:

try installing the linux-headers package for the kernel version you are
using.

Re: Re: DisplayLink install issue plus evdi-dkms install error

2020-03-21 Thread Marcelo Laia 
Hi!

Thank you so much!

It already installed.

root@marcelo:~# apt search linux-headers-$(uname -r)
Sorting... Pronto
Full Text Search... Pronto
linux-headers-5.4.0-4-amd64/testing,unstable,now 5.4.19-1 amd64 
[installed,automatic]
  Header files for Linux 5.4.0-4-amd64

root@marcelo:~# 


-- 
Marcelo

Re: Re: DisplayLink install issue plus evdi-dkms install error

2020-03-21 Thread Daniel Harris 
The only thing i can think of is that the
Can't open display
message is usually because you are trying to access an X app as root.

Maybe trying running the script when logged into to gnome as an
unprivileged/normal user

if that fails try using the alternative method of install by using the wget
method

hth

Dan

On Sat, Mar 21, 2020 at 6:12 PM Marcelo Laia  wrote:

> Hi!
>
> Thank you so much!
>
> It already installed.
>
> root@marcelo:~# apt search linux-headers-$(uname -r)
> Sorting... Pronto
> Full Text Search... Pronto
> linux-headers-5.4.0-4-amd64/testing,unstable,now 5.4.19-1 amd64
> [installed,automatic]
>   Header files for Linux 5.4.0-4-amd64
>
> root@marcelo:~#
>
>
> --
> Marcelo
>
>

Re: DisplayLink install issue plus evdi-dkms install error

2020-03-21 Thread Marcelo Laia 
On 21/03/20 at 06:56, Daniel Harris wrote:
>The only thing i can think of is that the
>Can't open display
>message is usually because you are trying to access an X app as root.
>Maybe trying running the script when logged into to gnome as an
>unprivileged/normal user
>if that fails try using the alternative method of install by using the
>wget method
>hth
>Dan

Hi Dan!

You are right!

A little minutes ago I add my user to the sudo group and run the
install commands with sudo, like this:

$ cd displaylink-debian/

$ sudo ./displaylink-debian.sh

All worked properly, until now!

Thanks!

-- 
Marcelo

Encrypted swap fails in initramfs

2020-03-21 Thread Jochen Spieker 
Hi,

this week I installed Debiana bullseye using the current debian
installer and then upgraded to sid. Now I get a lot of warnings in the
beginning of the boot process which are ugly and delay the boot process.
When booting has finished, the encrypted swap is available as intended.
The problem is restricted to the initramfs phase, it seems.

Manual transcription of the error message:

| Failed to find logical volume "vg0-arpeggi/swap-enc_crypt"
| cryptsetup: WARNING: vg0--arpeggi-swap--enc_crypt: couldn't determine device 
type, assuming default (plain)
| cryptsetup: Waiting for encrypted source device 
/dev/mapper/vg0--arpeggi-swap--enc...

In d-i I chose manual partitioning and set up encrypted swap on an LVM
volume.  The setup looks like this and I think I did not change it after
the installation process:

# lvs -a | grep swap
  swap-enc vg0-arpeggi -wi-ao   <4.66g

# lsblk  | grep -B1 SWAP
  ├─vg0--arpeggi-swap--enc 254:10   4.7G  0 lvm   
  │ └─vg0--arpeggi-swap--enc_crypt 254:30   4.7G  0 crypt [SWAP]

# grep swap /etc/crypttab 
vg0--arpeggi-swap--enc_crypt /dev/mapper/vg0--arpeggi-swap--enc
/dev/urandom cipher=aes-xts-plain64,size=256,swap,discard

# grep swap /etc/fstab
/dev/mapper/vg0--arpeggi-swap--enc_crypt noneswapsw 
 0   0


It looks like cryptsetup is started before LVM. That probably makes
sense in other setups, but not mine. How do I change this?

As a sidenote: I contemplated replacing the /dev/mapper path in
/etc/crypttab with a UUID, but, to my surprise, the underlying LVM
volume does not have a UUID. Other LVM volumes (one unencrypted /, one
LUKS container for /home) do have UUIDs. Why is that?

Regards,
Jochen.
-- 
If politics is the blind leading the blind, entertainment is the fucked-
up leading the hypnotised.
[Agree]   [Disagree]
 


signature.asc
Description: PGP signature