Re: After an update, VM's no longer have Internet access
On Tue, 2019-01-29 at 06:11 +0800, Ed Greshko wrote: > On 1/28/19 11:55 PM, Patrick O'Callaghan wrote: > > On Mon, 2019-01-28 at 21:54 +0800, Ed Greshko wrote: > > > > > I'll do more in my AM. > > Thanks again. > > > > Well, yesterday I was able to replicate the symptoms of the problem you're > having. I > can't say if I actually duplicated it. However, this morning I can't > determine the steps > I took. The good news is that I know why I saw the same symptoms. > > My setup is the Host running F29 and KDE only. Two Guests, one running F29 > KDE Only and > the other running F29 GNOME only. > > Last night while checking, and maybe changing, things on the Host FW that > pings weren't > working. > > Looking around I found that the F29 GOME guest had created a virbr0 interface > with > 192.168.122.1/24 as the address. I didn't think to check routing info on all > systems. :-( > > Anyway, I did find that a system with F29 installed has all the libvirt > packages installed > and libvirtd.service enabled. It would seem that the guests are supposed to > detect they > are guests and not create the bridge. FWIW, I started an F29 GNOME guest > under VirtualBox > and it does create the bridge. > > So, maybe, try disabling libvirt.service on any guests which may have it > enabled and > reboot *everything* to see if your problem persists. Interesting, though I wouldn't expect a difference between Gnome and KDE guests. Note that my guest is Fedora Server, with no DE installed. HOWEVER, (hold the front page!) Last night I rebooted everything and fired up *only* the Windows guest, and it is working perfectly. Recall that I've always had two guests running, so either a) the Fedora guest is screwing things up somehow, possibly in the way you suggest, or b) libvirt is confused by having two guests. If it's either of those things then something must have changed recently, because this is exactly the setup I've been using for months with no issues, and (I stress again) I have changed nothing in my configuration other than regular dnf updates. I'll do some more tests and report back. poc ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: After an update, VM's no longer have Internet access
On 1/29/19 6:39 PM, Patrick O'Callaghan wrote: > Interesting, though I wouldn't expect a difference between Gnome and > KDE guests. Note that my guest is Fedora Server, with no DE installed. The "difference" is if you install Fedora KDE spin from the Live Media it Doesn't Install any libvirt stuff. If you install Fedora Workstation from the Live Media it Does install ALL the libvirt stuff *and* it enables the libvirtd service. I thought that my previous message made that quite clear. > > HOWEVER, (hold the front page!) > > Last night I rebooted everything and fired up *only* the Windows guest, > and it is working perfectly. Recall that I've always had two guests > running, so either a) the Fedora guest is screwing things up somehow, > possibly in the way you suggest, or b) libvirt is confused by having > two guests. If it's either of those things then something must have > changed recently, because this is exactly the setup I've been using for > months with no issues, and (I stress again) I have changed nothing in > my configuration other than regular dnf updates. > > I'll do some more tests and report back. > Well, like I said, check to see if your Fedora Guests have the libvirtd service enabled. The guests don't need it. So, just disable it. -- Right: I dislike the default color scheme Wrong: What idiot picked the default color scheme ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: After an update, VM's no longer have Internet access
On Tue, 2019-01-29 at 10:39 +, Patrick O'Callaghan wrote: > So, maybe, try disabling libvirt.service on any guests which may have it > enabled and > > reboot *everything* to see if your problem persists. > > Interesting, though I wouldn't expect a difference between Gnome and > KDE guests. Note that my guest is Fedora Server, with no DE installed. > > HOWEVER, (hold the front page!) > > Last night I rebooted everything and fired up *only* the Windows guest, > and it is working perfectly. Recall that I've always had two guests > running, so either a) the Fedora guest is screwing things up somehow, > possibly in the way you suggest, or b) libvirt is confused by having > two guests. If it's either of those things then something must have > changed recently, because this is exactly the setup I've been using for > months with no issues, and (I stress again) I have changed nothing in > my configuration other than regular dnf updates. > > I'll do some more tests and report back. OK, first of all the Fedora guest doesn't have libvirt.service enabled, maybe because it was installed with no DE. Secondly, I did the following: 1) Verified that the Windows guest was still working. 2) Started the Fedora guest. 3) Both guests worked for a few minutes, then both failed. 4) Shut down the Fedora guest. Windows guest still failing. 5) Rebooted the Windows guest (from the virt-manager menu). Still failing. 6) Shut down the Windows guest and restarted it. It's now working. I think this is a strong indication that the problem is with libvirt itself. poc ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: After an update, VM's no longer have Internet access
On 1/29/19 7:02 PM, Patrick O'Callaghan wrote: > OK, first of all the Fedora guest doesn't have libvirt.service enabled, > maybe because it was installed with no DE. > > Secondly, I did the following: > > 1) Verified that the Windows guest was still working. > 2) Started the Fedora guest. > 3) Both guests worked for a few minutes, then both failed. > 4) Shut down the Fedora guest. Windows guest still failing. > 5) Rebooted the Windows guest (from the virt-manager menu). Still > failing. > 6) Shut down the Windows guest and restarted it. It's now working. > > I think this is a strong indication that the problem is with libvirt > itself. I didn't have a Win10 guest. So, I installed. And tested with a Fedora Guest. Both are still working just fine after [egreshko@f29g ~]$ uptime 20:16:43 up 33 min, 2 users, load average: 0.07, 0.02, 0.00 How about putting your libvirt interfaces in their own FW zone with just the basics? -- Right: I dislike the default color scheme Wrong: What idiot picked the default color scheme ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
systemd-journald[585]: Failed to create new system journal: Input/output error
After attempting today's updates, the system is almost unusable. The problems seem to be caused by journal. I see messages like the above. I tried rm /var/log/journal//* hoping it would clear up. But after several reboots I still see such messages. kde won't start at all. I'm using mate for now. The update process seems to have crashed and not completed. Ideas? ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: systemd-journald[585]: Failed to create new system journal: Input/output error
Some more info: df Filesystem 1K-blocks Used Available Use% Mounted on devtmpfs 3905924 0 3905924 0% /dev tmpfs3920940 0 3920940 0% /dev/shm tmpfs3920940 9740 3911200 1% /run tmpfs3920940 0 3920940 0% /sys/fs/cgroup /dev/sda3 241172480 107245996 133917428 45% / tmpfs392094056 3920884 1% /tmp /dev/sda3 241172480 107245996 133917428 45% /home /dev/loop0 91648 91648 0 100% /var/lib/snapd/snap/core/6034 /dev/loop2 91648 91648 0 100% /var/lib/snapd/snap/core/6130 /dev/loop1 90368 90368 0 100% /var/lib/snapd/snap/core/5897 /dev/sda1 463844185420249957 43% /boot tmpfs 784188 0784188 0% /run/user/0 tmpfs 78418848784140 1% /run/user/1000 Nothing important seems to be full. sudo dnf update [sudo] password for nbecker: [ sit silent for a VERY long time ] Bus error Neal Becker wrote: > After attempting today's updates, the system is almost unusable. The > problems seem to be caused by journal. I see messages like the above. > > I tried rm /var/log/journal//* hoping it would clear up. But after > several reboots I still see such messages. > > kde won't start at all. I'm using mate for now. > > The update process seems to have crashed and not completed. > > Ideas? > ___ > users mailing list -- users@lists.fedoraproject.org > To unsubscribe send an email to users-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: After an update, VM's no longer have Internet access
On Tue, 2019-01-29 at 20:18 +0800, Ed Greshko wrote: > I didn't have a Win10 guest. So, I installed. And tested with a Fedora > Guest. Both are > still working just fine after > > [egreshko@f29g ~]$ uptime > 20:16:43 up 33 min, 2 users, load average: 0.07, 0.02, 0.00 > > How about putting your libvirt interfaces in their own FW zone with just the > basics? OK, did that, i.e. just moved each guest to a different zone without changing anything else. And they are now both working (I had to restart the Windows one but not the Fedora one). If this holds up, it looks like the solution but I'm blowed if I can understand why, given that everything worked correctly without this until a few days ago. Either way, I owe you a beer or ten, Ed. Many thanks. poc ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: After an update, VM's no longer have Internet access
On Tue, 2019-01-29 at 14:59 +, Patrick O'Callaghan wrote: > On Tue, 2019-01-29 at 20:18 +0800, Ed Greshko wrote: > > I didn't have a Win10 guest. So, I installed. And tested with a Fedora > > Guest. Both are > > still working just fine after > > > > [egreshko@f29g ~]$ uptime > > 20:16:43 up 33 min, 2 users, load average: 0.07, 0.02, 0.00 > > > > How about putting your libvirt interfaces in their own FW zone with just > > the basics? > > OK, did that, i.e. just moved each guest to a different zone without > changing anything else. And they are now both working (I had to restart > the Windows one but not the Fedora one). > > If this holds up, it looks like the solution but I'm blowed if I can > understand why, given that everything worked correctly without this > until a few days ago. > > Either way, I owe you a beer or ten, Ed. Many thanks. And we're back ... I worked away using the Windows guest for several hours. Network access kept going, though the system felt slightly sluggish at times. When I looked at the Fedora guest (which I hadn't touched in all this time) it was off-line again. So I'm not convinced the firewall has anything to do with it after all. poc ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Shredding a removable drive (OT)
On Tue, 29 Jan 2019 at 03:32, Robert Nichols wrote: > > On 1/28/19 8:03 AM, Ian Malone wrote: > >I wouldn't recommend just doing /dev/zero if the CIA, > > or even a moderately funded newspaper might specifically be after your > > data, > > I would be interested to know if you can name any data recovery service that > has ever demonstrated the ability to recover data from a reasonably modern > hard disk that has been overwritten once with zeros. > I can't. This doesn't mean nobody can do it though, and of the possible cases it's the most simple to retrieve the data from, which there is a theoretical possibility of. It's also not a case with that many legitimate uses. Given the additional cost of using at least a single randomised over-write is effectively zero there's basically no reason not to take that option instead. SSD may also simply ignore a zero write and mark blocks as unused instead, though as jdow mentioned the wear-levelling areas can escape an over-write anyway, which is why the ATA secure erase command exists. -- imalone http://ibmalone.blogspot.co.uk ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: systemd-journald[585]: Failed to create new system journal: Input/output error
Finally got to the root problem. It seems I'm running on btrfs (single device), and the metadata became too full. This causes WIERD behavior - df would switch between sometimes showing 50% free space and 0% free. Operations would mysteriously fail with NOSPC even though there was loads of free space. I got working again by deleting a bunch of files. I think there is some other way I can get more metadata space for btrfs, but not sure about that. Neal Becker wrote: > Some more info: > df > Filesystem 1K-blocks Used Available Use% Mounted on > devtmpfs 3905924 0 3905924 0% /dev > tmpfs3920940 0 3920940 0% /dev/shm > tmpfs3920940 9740 3911200 1% /run > tmpfs3920940 0 3920940 0% /sys/fs/cgroup > /dev/sda3 241172480 107245996 133917428 45% / > tmpfs392094056 3920884 1% /tmp > /dev/sda3 241172480 107245996 133917428 45% /home > /dev/loop0 91648 91648 0 100% > /var/lib/snapd/snap/core/6034 > /dev/loop2 91648 91648 0 100% > /var/lib/snapd/snap/core/6130 > /dev/loop1 90368 90368 0 100% > /var/lib/snapd/snap/core/5897 > /dev/sda1 463844185420249957 43% /boot > tmpfs 784188 0784188 0% /run/user/0 > tmpfs 78418848784140 1% /run/user/1000 > > Nothing important seems to be full. > > sudo dnf update > [sudo] password for nbecker: > [ sit silent for a VERY long time ] > Bus error > > > Neal Becker wrote: > >> After attempting today's updates, the system is almost unusable. The >> problems seem to be caused by journal. I see messages like the above. >> >> I tried rm /var/log/journal//* hoping it would clear up. But after >> several reboots I still see such messages. >> >> kde won't start at all. I'm using mate for now. >> >> The update process seems to have crashed and not completed. >> >> Ideas? >> ___ >> users mailing list -- users@lists.fedoraproject.org >> To unsubscribe send an email to users-le...@lists.fedoraproject.org >> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> > https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org > > ___ > users mailing list -- users@lists.fedoraproject.org > To unsubscribe send an email to users-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: systemd-journald[585]: Failed to create new system journal: Input/output error
On 01/29/2019 11:36 AM, Neal Becker wrote: I got working again by deleting a bunch of files. I think there is some other way I can get more metadata space for btrfs, but not sure about that. Report it as a bug. If it's actually expected behavior, somebody will probably tell you how to deal with it in the future. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Shredding a removable drive (OT)
On 1/27/19 6:47 PM, Wolfgang Pfeiffer wrote: Yes, something like that is what I suspect: The actual data on disk would be left untouched when the *disk/partition* is encrypted. I had a look through documents explaining luks, and again and again the topic is "disk" encryption, not "data" encryption. So maybe all that happens is that - to use a picture - a high security prison (some sort of crypto layer) is built around the data on disk, while leaving the actual data untouched, and non-encrypted. It sounds like you're unfamiliar with the implementation, and possibly with filesystems and block devices in general. I'll try to explain, with some simplifications. You suggested this command: cryptsetup open --type plain -d /dev/urandom /dev/ to_be_wiped This creates a mapping in the kernel where blocks on the virtual device named "to_be_wiped" are filtered through an encryption algorithm before writing, or after reading, blocks on the physical device /dev/. Running this command (unless I'm misreading the docs for the "plain" section) doesn't actually write to or modify the content of the block device at all. Only when you write to /dev/mapper/to_be_wiped will encrypted data actually be written to /dev/. (You would normally create a new filesystem on /dev/mapper/to_be_wiped, which would replace a small number of blocks on the disk with new blocks containing encrypted data related to the filesystem. Again, most of the pre-existing data isn't overwritten by that process. The old data would not be readable through /dev/mapper/to_be_wiped, but could be directly through /dev/.) The next step of the process you suggested was: cat /dev/zero > /dev/mapper/to_be_wiped This will write zeros to the virtual block device, which will be filtered through the encryption algorithm and the results written to the blocks on the physical device. This will sequentially overwrite the contents of the physical disk. In other words: It seems the file system is encrypted, not the data: see the already mentioned FAQ: "Create the LUKS container" - at the end of the section: "Done. You can now use the encrypted file system to store data" The command you referenced above doesn't use LUKS, but that's a minor nit. Both the filesystem and your data are encrypted when using dm-crypt (whether you use LUKS or not). However, creating a dm-crypt device doesn't modify the pre-existing data. It only writes encrypted data to the disk when data is written to the virtual device. Does that make sense? ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Shredding a removable drive (OT)
On 1/28/19 2:12 AM, Patrick O'Callaghan wrote: Another point: several people have mentioned using /dev/urandom. It's important to note that this is a *pseudo-random* generator. It starts from a random seed, but from that generates a completely deterministic pattern. If you have the seed, you have everything. ... I think that you are confusing two separate concerns. This thread (as confused and meandering as it is) is concerned with clearing the content of a disk. That is completely unrelated to the concerns about generating secure encryption keys, which appears to be what you're alluding to when you raise concerns about predicting the output of the CSPRNG (cryptographically secure pseudorandom number generator). Even if you could predict the entire sequence of the CSPRNG (which, to be clear, you can't; Linux continues to feed entropy into the state of the CSPRNG used for /dev/urandom) that wouldn't make writing /dev/urandom to the disk any less secure. Either way, the random data will replace the old data, and the drive itself will never read out the data that has been overwritten. As far as reading data from the drive itself is concerned, writing /dev/zero to the disk is the fastest way to clear a disk, and totally effective. The question of secure erase is largely academic. If you are a military or intelligence organization and the content of a disk might threaten the lives of people in your organization, then you should do something better than writing zeros to your disk. You face one of several problems including: 1: If you have very old spinning magnetic drives, an attacker might be able to use a Spin Polarized Scanning Tunneling Microscope to read residual data after a disk was zeroed. 2: Either HDD or SDD disks might mark a block bad and remap it. Such a block could in theory still be read by a modified controller (or if an attacker could clear the remapping data). If you are concerned about a well-funded attacker reading your data, then the preferred solution is one or both of: 1: physically destroy the disk 2: always encrypt your disks from the start and never write unencrypted data In general, though, this thread has entirely too much speculation and is becoming quite detached from reality. For further reading on SSDs, this paper may be interesting: https://www.usenix.org/legacy/events/fast11/tech/full_papers/Wei.pdf This AMA with a data recovery engineer might be, too. https://www.reddit.com/r/IAmA/comments/2n02lt/iama_data_recovery_engineer_i_get_files_from/ ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: After an update, VM's no longer have Internet access
On 1/30/19 1:37 AM, Patrick O'Callaghan wrote: > And we're back ... > > I worked away using the Windows guest for several hours. Network access > kept going, though the system felt slightly sluggish at times. When I > looked at the Fedora guest (which I hadn't touched in all this time) it > was off-line again. > > So I'm not convinced the firewall has anything to do with it after all. If I were having this problem, I'd disable the FW, reboot everything, and see what happens. What ever it is, it seems to be affecting few people as (granted my BZ searches are weak) I could not find any BZ that addresses this. It also seems difficult to reproduce. I don't discount anything at this point. -- Right: I dislike the default color scheme Wrong: What idiot picked the default color scheme ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
