| zepka1 | Hello people | 04:50 |
|---|---|---|
| === caitanya is now known as Muhammad | ||
| === Muhammad is now known as Muhammadiz | ||
| === Muhammadiz is now known as JEESUS | ||
| === JEESUS is now known as jeesus | ||
| lordievader | Good morning. | 09:55 |
| === Isla_de_Muerte is now known as NwS | ||
| halvors1 | Hi. AppArmor is apparantly destroying my VPN conncetion with StrongSwan, any way to fix this? http://pastebin.com/21V17bVP | 12:46 |
| sdeziel | halvors1: try adding: "owner @{PROC}/@{pid}/fd/ r," to /etc/apparmor.d/local/usr.lib.ipsec.charon | 12:48 |
| sdeziel | halvors1: then reload the profile with: apparmor_parser -r -T -W /etc/apparmor.d/usr.lib.ipsec.charon | 12:49 |
| halvors1 | sdeziel: Isn't this something that would be corrected in the strongswan package? | 12:49 |
| sdeziel | halvors1: yes but testing the manual fix first would be useful | 12:50 |
| halvors1 | sdeziel: The VPN tunnels works for several hours at first. | 12:53 |
| halvors1 | Then it goes down and doesn't come up again unless i restart it manually. | 12:53 |
| halvors1 | So there is no way to be sure that this fix works before it has gone several hours from now. | 12:54 |
| sdeziel | halvors1: which version of strongswan do you have installed? | 12:54 |
| halvors1 | Linux strongSwan U5.3.5/K4.2.0-34-generic | 12:57 |
| halvors1 | So 5.3.5 :) | 12:57 |
| sdeziel | that's one odd mix of kernel/userland versions | 12:58 |
| sdeziel | 5.3.5 only shipped with Xenial yet you have Wily's kernel | 12:59 |
| halvors1 | sdeziel: I know. Trying to use 5.3.5 from xenial repo on wily since i had so much trouble with wily's build. | 13:00 |
| halvors1 | Same issue duo. | 13:00 |
| halvors1 | sdeziel: Do you want me to use the wily version instead? | 13:01 |
| sdeziel | halvors1: I'd suggest to open a bug in LP describing your environment (including a list of all the packages related to Strongswan). | 13:04 |
| sdeziel | halvors1: I never ran into this denial but we have different testing environments. I only ever used Stronswan on Trusty and Xenial | 13:05 |
| sdeziel | halvors1: if that's feasible, you could try to reproduce the issue with a clean/pure Xenial machine? | 13:05 |
| halvors1 | sdeziel: Ok, haha another solution is just to disable apparmor. | 13:08 |
| halvors1 | Really it's almost only trouble. | 13:08 |
| sdeziel | halvors1: you can try that too but I'd recommend to only disable the charon profile | 13:09 |
| sdeziel | halvors1: FYI, Apparmor might only be a red herring like it was in https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1549436 | 13:10 |
| halvors1 | sdeziel: How do i do that? | 13:10 |
| ubottu | Launchpad bug 1549436 in strongswan (Ubuntu) "AppArmor kills StronSwan daemon 'charon'" [Undecided,Confirmed] | 13:10 |
| sdeziel | halvors1: | 13:11 |
| sdeziel | https://help.ubuntu.com/community/AppArmor#Disable_one_profile | 13:11 |
| halvors1 | sdeziel: Thanks, i'll monitor the connection with your proposed fix first. | 13:14 |
| halvors1 | sdeziel: Should "owner" be replaced with the user or just stay as it is? | 13:15 |
| sdeziel | halvors1: "owner" requires the executable to be run by the same user as the file/dir owner for the rule to match. | 13:16 |
| CrummyGummy | Hi, do any of you know of a security ppa for Natty? I realise it's unsupported but I need to upgrade openssl quite urgently. | 13:26 |
| henkjan | CrummyGummy: there is no security ppa for Natty | 13:27 |
| CrummyGummy | then any src for an up to date openssl deb? | 13:27 |
| henkjan | CrummyGummy: you can try to point your /etc/apt/sources.list.dist to old-releases.ubuntu.com | 13:28 |
| Pici | Since it EOL'd in October 2012, you're not going to get any updates dated past then. | 13:28 |
| CrummyGummy | I know :( | 13:29 |
| henkjan | installing an openssl .deb from a new release will give you headaches i'm afraid | 13:29 |
| CrummyGummy | Any idea how risk it would be to install by hand? | 13:29 |
| CrummyGummy | I have it compiled and ready to install. Just a bit nervous... | 13:29 |
| henkjan | why would you even try to update openssl as the rest of your system has gaping holes al around? | 13:30 |
| CrummyGummy | Just to make connectivity work to a client. | 13:30 |
| CrummyGummy | we're moving away from this server slowly. It's one of those legacy boxes that we're to scared tu update. | 13:31 |
| CrummyGummy | there's always one... | 13:32 |
| patdk-wk | the thing about openssl is | 13:36 |
| patdk-wk | it will just work, or you will have to recompile everything that uses it :( | 13:36 |
| patdk-wk | and that is when you stay within the same version :( | 13:37 |
| runelind_q | if I'm doing a repository, do I want to delete the Packages file every time before re-running dpkg-scanpackages? | 14:50 |
| runelind_q | I guess it is re-creating it since I'm doing > Packages.gz | 14:57 |
| === MikaT_ is now known as MikaT | ||
| cyphermox | hey, if someone cares a lot about ntp; this seems like it might be a relatively easy bug to fix: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1558125 | 15:54 |
| ubottu | Launchpad bug 1558125 in ntp (Ubuntu) "ntpd doesn't synchronize to local clock (ntpd 4.2.8p4/xenial)" [High,Triaged] | 15:54 |
| cyphermox | ^ I'm pointing it out here because ntp is subscribed by the server team, I may otherwise get up to it $later | 15:55 |
| nacc | kickinz1: --^ ? | 15:57 |
| cyphermox | if you need help reproducing I can perhaps get the reporter or his manager or someone to get more info quickly. | 15:58 |
| tuor | Hi, I'm working on a preseed file. I trying to add an apt repo while installing. This is my preseed file: https://paste.ubuntu.com/15402527/ | 16:27 |
| tuor | My goal: add the puppetlabs repos directly during the installation. | 16:27 |
| tuor | What I tried now: Add Ubuntus "ch" archiv as repo. | 16:28 |
| tuor | Problem: When installing, I get an error in the "select and install software" stage. | 16:29 |
| tuor | Line 162 of my preseed file is the intresting part. What am I doing wrong? Or how can I find out what I'm doing wrong? | 16:30 |
| tuor | If I remove the 2 lines 162 and 163 it works. | 16:31 |
| kickinz1 | nacc, cyphermox looking | 16:47 |
| nacc | kickinz1: thanks! | 16:52 |
| === alexisb is now known as alexisb-afk | ||
| tuor | It's working now. I just don't know what is different^^ | 17:23 |
| === alexisb-afk is now known as alexisb | ||
| jjrabbit443 | hello | 18:58 |
| jjrabbit443 | is creating a swap file on ubuntu the equivalent of having a pagefile on windows? | 18:59 |
| lordievader | Pretty much. | 19:02 |
| jjrabbit443 | if you are low on RAM isn't a swap file on an SSD drive pretty much as good as using RAM anyway? | 19:03 |
| jjrabbit443 | as far as I/O speed | 19:03 |
| sarnold | not even close; ram on high-end cpus can run at ~60 gigabytes per second; an ssd connected via sata can only run at 500 megabytes per second | 19:04 |
| sarnold | don't get me wrong, ssds are way better than hard drives | 19:04 |
| sarnold | s/hard drives/spinning metal/ | 19:04 |
| sarnold | but there's no substitute for real ram when you need it | 19:05 |
| jjrabbit443 | wow ok nevermind | 19:06 |
| jjrabbit443 | sounds like even old ass RAM sticks would blow SSD I/O out of the water | 19:06 |
| sarnold | yeah :) old-ass ram may only go 20 gigabytes per second or something -- check intel's ARK for details for your processor -- but it's still better than swap by a lot :) | 19:08 |
| === guampa is now known as Guest46127 | ||
| === guampa_ is now known as guampa | ||
| === Isla_de_Muerte is now known as NwS | ||
| l1meon | Hello, I have a question. How can I run a script for web using ipv6 instead of ipv4? Say I have ipv4: 55.55.55.55, and 4 ipv6: 2e2e:xxx:xxx | 23:01 |
| sarnold | l1meon: do you mean, something like a php script that you run in apache's mod_php or fastcgi or similar? | 23:03 |
| sarnold | l1meon: does i already work with ipv4? is there something preventing your apache from binding to the ipv6 addresses you want? | 23:04 |
| antonispgs | hey guys nice to be here | 23:27 |
| antonispgs | so the script for rtorrent i used on a remote seedbox created a nice website where i can see my downloads | 23:28 |
| antonispgs | https://IP/download/user/ | 23:28 |
| antonispgs | i am now transferring stuff that are going in folders inside https://IP/download/user/rtorrent/downloads at which point i get a 403 forbidden error | 23:28 |
| antonispgs | is there a way to get access further into the subfolders? | 23:29 |
| sarnold | antonispgs: it depends upon the program; it might just require removing some code that prevents that.. or it might require larger changes | 23:33 |
| sarnold | maybe there's a configuration option for the script? | 23:33 |
| antonispgs | it was made via nginx | 23:34 |
| === Bray90820_ is now known as bray90820 | ||
| lunaphyte | i suppose if i don't want to be a hypocrite, i'd better move it over here :) | 23:55 |
| tarpman | ;) | 23:55 |
| lunaphyte | i see references to both frontend and priority, but only the defaults seems to be indicated in files in /var/cache/debconf/ | 23:55 |
| lunaphyte | but when i set them with dpkg-reconfigure, they do seem to be remembered, so they've got to be specified somewhere | 23:55 |
| lunaphyte | plus, it seems like i don't ever remember being prompted for this sort of thing when doing an install, which is i guess sort of a side note | 23:56 |
| tarpman | hm. I'm not aware of any other locations where things are saved. all the non-defaults I can remember configuring are in /var/cache/debconf/config.dat | 23:58 |
| lunaphyte | oops, you are right | 23:59 |
| lunaphyte | there it is | 23:59 |
| lunaphyte | that's got a little bit of an openldap slapd-config feel to it :) | 23:59 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!