/srv/irclogs.ubuntu.com/2021/05/04/#ubuntu.txt

rxdeath	hey hey. i'm trying to get a connection to mssql 2008 r2 going using ubuntu 20.04 and php 7.4	00:53
rxdeath	sqlcmd doesn't work from commandline, however i am able to telnet to the sql server. it is running and in production on the old webserver i'm attempting to replace	00:53
rxdeath	i've followed most of the basic tutorials but am still getting [Microsoft][ODBC Driver 17 for SQL Server]Client unable to establish connection type errors	00:54
rxdeath	does anyone have experience getting connection to mssql going on ubuntu 20.04 server?	00:54
sarnold	rxdeath: are there any more details? check logs on both server and client, perhaps one of them logged something more useful	01:10
sarnold	rxdeath: if there's nothing in the logs that's helpful, it might be useful to fire up wireshark or tshark or tcpdump and watch the connection live	01:10
rxdeath	sarnold: i'm able to connect with nc and telnet	01:14
rxdeath	and the server is use from the old webserver, so at most it would be a driver thing, but know remote connections are up, etc	01:14
=== tnewman7 is now known as tnewman
Intelo	I cannot 'startx' on virtualbox when doing it by tty alt+ctrl+f2/3/4'. it says https://termbin.com/cmeq any clues?	02:43
sarnold	[ 75.279] (II) Server terminated successfully (0). Closing log file.	02:44
sarnold	wild guess, you don't have a ~/.startxrc file to tell the server what to do	02:44
Intelo	sarnold: checking	02:45
Intelo	sarnold: I don't have that file in the system where tty works too.	02:46
Intelo	sarnold: are you sure its .startxrc? don't think so	02:47
sarnold	Intelo: check the startx manpage	02:48
Intelo	sarnold: found /etc/X11/xinit/xinitrc in a working system	02:51
Intelo	now checking the not-working one	02:51
Intelo	sarnold: both working and non working have identical files (I didn't go in depth though) but one difference is that the working one has xubuntu installed while the non working has xubuntu installed afterwards (it was ubuntu-server initially)	02:57
Intelo	sarnold: what do you think how can i trace the issue here	02:58
sarnold	Intelo: I'm not sure; if it were me, I'd create a ~/.xinitrc file with xterm in it and see if that works	03:00
apb1963	Intelo, Did you notice this? [ 74.292] (EE) open /dev/fb0: Permission denied	03:56
Intelo	apb1963: sarnold hm..	03:59
Intelo	sarnold: how to make such file?	04:00
Intelo	apb1963: what should it be fixed with	04:00
apb1963	Intelo, No clue. I find problems, not fix them :p Try this link, they're talking about it. Personally I have no clue. https://unix.stackexchange.com/questions/149985/startx-cannot-open-dev-fb0-permission-denied	04:15
apb1963	Intelo, And that ends my participation... good luck, I'm off to dinner :)	04:16
apb1963	Intelo, Last thing and then I'm gone. "Asked 6 years, 8 months ago	04:18
apb1963	Active 6 years, 8 months ago " So I don't know if it's still relevant but permission denied is often relevant. Good luck!	04:18
Ringtailed-Fox	so, i think i royally messed up my install by accidentally installing a couple packages that are incompatible to the point that not even "sudo apt --fix-broken install" does nothing...	06:20
Ringtailed-Fox	i was trying to get dependencies to get avxsynth to compile, so i grabbed the deb files and tried to install them... and yeah, i think that broke everything. please advise on how to fix	06:21
Ringtailed-Fox	the command that i think broke everything was wget http://ftp.br.debian.org/debian/pool/main/d/double-conversion/libdouble-conversion1_3.1.0-3_amd64.deb http://archive.ubuntu.com/ubuntu/pool/main/libj/libjpeg-turbo/libjpeg-turbo8_2.0.3-0ubuntu1_amd64.deb http://archive.ubuntu.com/ubuntu/pool/main/libj/libjpeg8-empty/libjpeg8_8c-2ubuntu8_amd64.deb	06:22
mgedmin	a wget can't possibly break apt, so that command must've gotten truncated on irc	06:23
mgedmin	you didn a dpkg -i or something, didn't you	06:23
mgedmin	please pastebin the output of apt --fix-broken instlal	06:24
Ringtailed-Fox	doing so now	06:26
Ringtailed-Fox	https://pastebin.com/SHt5rTGn	06:28
mgedmin	ahm hm, interesting	06:29
mgedmin	sounds like a multiarch problem where you have both libjpeg-turbo8:amd64 and libjpeg-turbo8:i386 installed and you're trying to upgrade just one of them	06:30
Ringtailed-Fox	i didn't want the i386 version, though	06:30
mgedmin	and the error message doesn't mention it; can we check if :i386 is even installed?	06:30
Ringtailed-Fox	sure	06:31
mgedmin	can you pastebin the output of apt policy libjpeg-turbo8:{i386,amd64}	06:31
Ringtailed-Fox	alrighty	06:32
Ringtailed-Fox	https://pastebin.com/x0XmMGV2	06:33
mgedmin	huh, so the i386 is not installed at all?	06:33
mgedmin	and, wait, libjpeg-turbo8 is already at the latest version?	06:34
mgedmin	so apt succeeded despite that error?	06:35
mgedmin	what happens if you run apt install --fix-broken again?	06:35
Ringtailed-Fox	Reading package lists... Done	06:37
Ringtailed-Fox	Building dependency tree	06:37
Ringtailed-Fox	Reading state information... Done	06:37
Ringtailed-Fox	0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.	06:37
Ringtailed-Fox	i wonder why it was tryign to install i386 packages... this is an x86_64 machine running ubuntu in WSL2... can it even run i386 programs/libraries?	06:37
mgedmin	I don't think it was trying to install i386	06:39
mgedmin	but according to dpkg -S /usr/share/doc/libjpeg-turbo8/changelog.Debian.gz, the only two packages that share this file	06:39
mgedmin	are libjpeg-turbo8:i386, libjpeg-turbo8:amd64	06:40
Ringtailed-Fox	yeah, i figured as much	06:40
mgedmin	it looks like apt somehow managed to conflict libjpeg-turbo8:amd64 with itself? don't ask me how	06:40
mgedmin	maybe file a bug, if you've time	06:40
mgedmin	so "1 not upgraded", what is that about? apt policy claims libjpeg-turbo8:amd64 is alread at the latest version	06:40
mgedmin	is it still stuck in the unconfigured state because of the failure?	06:41
mgedmin	if you run sudo dpkg --configure -a, does that resolve the situation?	06:41
Ringtailed-Fox	i have no idea which package is "not upgraded"	06:41
Ringtailed-Fox	sudo dpkg --configure -a just returns nothing	06:42
Ringtailed-Fox	ran sudo apt-get upgrade	06:42
Ringtailed-Fox	said that libmysqlclient20:amd64 had an upgrade available	06:42
Ringtailed-Fox	okay... this is definitely entering bizarre territory for me. never had apt-get crap itself that hard... but i'm glad it seems to have fixed itself with your guidance, mgedmin :)	06:43
mgedmin	well it had help	06:44
Ringtailed-Fox	from me? not likely.. i come from fedoraland... still getting used to ubuntu's habits :P	06:44
mgedmin	don't install random packages with wget + dpkg unless you enjoy cleaning up messes ;)	06:44
Ringtailed-Fox	oh yeah. i agree	06:44
Ringtailed-Fox	my next question is.... would following these instructions be a good idea? https://stackoverflow.com/questions/42120938/exec-format-error-32-bit-executable-windows-subsystem-for-linux you know... just in case i find a good tool but it only comes in a 32-bit package, without a 64-bit version available...	06:45
mgedmin	which instructions specifically?	06:47
Ringtailed-Fox	sudo apt install qemu-user-static	06:48
Ringtailed-Fox	sudo update-binfmts --install i386 /usr/bin/qemu-i386-static --magic '\x7fELF\x01\x01\x01\x03\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x03\x00\x01\x00\x00\x00' --mask '\xff\xff\xff\xff\xff\xff\xff\xfc\xff\xff\xff\xff\xff\xff\xff\xff\xf8\xff\xff\xff\xff\xff\xff\xff'	06:48
mgedmin	eh, I don't see how it could hurt	06:48
Ringtailed-Fox	You'll need to reactivate binfmt support every time you start WSL:	06:48
Ringtailed-Fox	sudo service binfmt-support start	06:48
Ringtailed-Fox	if that's the case, i'd like it to be automatic, so i don't have to worry about forgetting something like that	06:48
mgedmin	I don't know how WSL works; doesn't it start services on startup? would systemctl enable binfmt-support suffice?	06:49
Ringtailed-Fox	running that as sudo works :D	06:50
CQ	hello, how can I have everything in englishon my system, and just the number formatting and times european?	07:30
CQ	in my regional settings I have american english as the default, and in formats I have region s en_US and the numbering etc. in de_DE, but still some applications (apt, and some programs) are coming up in German...	07:31
mort	https://p.mort.coffee/F5m.png Ubuntu needs an easier way to let people choose between duplicate ubuntu software entries	07:47
ariejan	Hi, I have a ryzen 3700X + Radeon 5600XT system, but booting the ubuntu desktop 21.04 installer panics during boot on amdgpu. I have 1 gpu, 2 monitors. I'm not sure if https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1926792 is related or not. Does anyone know more about this?	07:50
ubottu	Launchpad bug 1926792 in linux-oem-5.10 (Ubuntu Focal) "Fix kernel panic at boot on dual GFX systems" [Critical,Confirmed]	07:50
geirha	mort: Haven't checked, but I'm guessing one of those is a snap and the other is from apt	07:51
mort	yeah	07:52
mort	the entries should probably say something about that though	07:52
mort	(the snap listing is also wrong, it claims to be 0.18 in the description but has version 0.19)	07:52
mort	(oh, and the apt listing is wrong, it claims to be proprietary and never updated)	07:53
gebbione	do you know if there is a way to force sound from speakers even when the headphone jack is plugged in?	08:36
mgedmin	yes: open sound preferences, select output device	08:38
mgedmin	... I think, it's been a long time since I used wired headphones on my laptop	08:39
mgedmin	if you can't switch between headphones and speakers there, there's still a way with pactl from the command line	08:39
mgedmin	but pactl is a terribly inconvenient tool	08:39
gebbione	switching output device does not work for me indeed	08:49
txtsd	How long does it usually take for the first LTS point release to come out?	08:55
gebbione	mgedmin, pulse volume shows the line output (as opposed to headphones) as unplugged even if the cable is still plugged in	08:57
mgedmin	huh	08:58
lotuspsychje	!release \| txtsd	09:06
ubottu	txtsd: Ubuntu releases a new version every 6 months. Each version is supported for 9 months (non-LTS) or 5 years (LTS). More info at https://wiki.ubuntu.com/Releases and https://wiki.ubuntu.com/TimeBasedReleases	09:06
=== kedar_apte_ is now known as kedar_apte
txtsd	lotuspsychje: point release, not a full release	10:34
lotuspsychje	txtsd: did you click the first wiki to see the . releases list?	10:35
txtsd	Oh I see it now	10:35
txtsd	Thanks	10:35
mgedmin	generally when there's a new non-LTS release, there's also a point release for the previous LTS at about the same time	10:35
Maik	txtsd: the first point release of a LTS comes about 3 months after the first LTS release	10:36
Maik	it's in the release schedule	10:36
txtsd	Thanks	10:45
nikolam	So, is it recommended to update from 20.10 to 21.04 yet ? (Xfce/Xubuntu desktop)	12:16
nikolam	Have Btrfs apt-btrfs-snapshots on package install, so I can go back)	12:16
mgedmin	https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1925010 is still not fixed, and 20.10 -> 21.04 release upgrades remain disabled for now	12:18
ubottu	Launchpad bug 1925010 in shim (Ubuntu Hirsute) "shim-signed 15.4 does not boot on EFI 1.10 systems" [High,In progress]	12:18
nikolam	thanks mgedmin	12:19
BluesKaj	Hi folks	12:21
luna	hey	12:21
pagios	hello, i did setup the default ubuntu hotspot and it takes WPA by default how can i switch it to WPA2 ?	12:52
jeremy31	pagios: Should be able to edit the connection to change it	13:03
pagios	jeremy31, issue is windows machines refuse to connect	13:05
pagios	i have wpa3 does not work with windows too	13:05
jeremy31	pagios: Surprised that windows refuses because of WPA	13:09
TJ-	pagios: you're using hostapd? check its logs	13:16
pagios	TJ-, not sure what it is using	13:17
pagios	not hostapd as i dont see it in the p-s -ef	13:17
TJ-	pagios: hostpad is the parent (project) of wpa_supplicant	13:19
pagios	TJ-, yea i do havethat process /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant	13:19
TJ-	pagios: are you using NetworkManager to configure the local AP, or something else?	13:20
pagios	TJ-, i am using the graphical interface inside gnome, the one in the sidebar	13:20
TJ-	pagios: I don't use gnome so don't know what it uses	13:21
jeremy31	gnome-network-manager	13:24
pagios	so any idea?	13:28
JonJ	Hello! A couple of years ago the Ubuntu shop where you could buy stuff like hats/bags/whatever got shut down. Anyone know if Canonical is planning on bringing it back?	13:34
=== ace_me1 is now known as ace_me
timvisher	Is there any way to retrieve older deb files for a package that's been updated in the primary package archives? I'm specifically looking for older versions of openjdk-8-jdk.	13:36
lotuspsychje	!discuss \| JonJ	13:38
ubottu	JonJ: Want to talk about Ubuntu, but don't have a support question? /join #ubuntu-discuss for non-support Ubuntu discussion, or try #ubuntu-offtopic for general chat. Thanks!	13:38
JonJ	Ah, okay	13:39
oerheks	timvisher, go wild on http://ftp.ubuntu.com/ubuntu/pool/universe/o/openjdk-8/	13:42
oerheks	no support	13:42
timvisher	oerheks: Obviously. :)	13:44
=== dob1_ is now known as dob1
Peanut	Hi! I have an issue in 21.04 with Ethernet interface names changing every reboot, making networking quite unreliable. I've tried to configure systemd to use 'path' based names, but still end up with 'eno0/1 and eth0/1' duking it out. I've removed netplan to go back to 'interfaces', with no improvement. What are the various parts of the kernel, systemd or elsewhere that control this naming, and how could	14:48
Peanut	one figure out which is doing these things? I'd like to have 'stable' names like enp3s0f0.	14:49
sarnold	Peanut: my guess is udev rules, there (was? is?) a file like 70-persistent-net-names or something similar that usually had macs and names in them	14:51
Peanut	sarnold: Thanks, but that seems to have long ago been replaced by systemd, even my few remaining 18.04 systems don't have that file any more.	14:52
sarnold	but udev is part of systemd..	14:53
Walex2	Peanut: You have to create that file if you want it to work...	14:53
Walex2	Peanut: 'systemd' has its own variant of 'udevd' but it uses the same configuration files. 'man 8 systemd-udevd'	14:54
Peanut	Walex2: The scheme we've had since 18.04 was names like 'enp4s0f0', which requires no further configuration or handcrafting of configuration files. Is there a way to enable that again without having to generate the old 70-persistent-net-names again?	14:58
TJ-	Peanut: see "man systemd.net-naming-scheme"	15:02
Peanut	TJ-: Going through that one now. The file /lib/systemd/network/99-default.link is the only one that seems to be in effect. Copied it to /etc/systemd, and changed 'NamePolicy' to only include 'path'. That seems to have given me fixed names again, but that file hasn't changed between 20.04 and 21.04.	15:07
TJ-	Peanut: that has a link to https://systemd.io/PREDICTABLE_INTERFACE_NAMES/ where it describes the algoorthim for choosing, and where it shows that eno1 form is the preferred since systemd v197 if firmware/BIOS provides it	15:07
TJ-	Peanut: in the web-link read the section "What precisely has changed in v197?" and the list 1 - 5	15:08
TJ-	Peanut: my guess is the newer kernel now extracts the info required by (1) and therefore it is being used	15:08
Walex2	Peanut: if you want totally stable naming the only way is to associated the name with a unique id like Ethernet addreess rather than hardware path, which may change (even if quite rarely).	15:10
Peanut	TJ-: Unfortunately, it seems to have brought us right back to where we started: interface names changing upon reboot. I have two on-board ports, and they randomly get eth0/eth1/eno0/eno1	15:10
Walex2	Peanut: then you have conflicting naming schemes.	15:10
Peanut	Walex2: Clearly - or rather, this is a brand-new 21.04 install, so I would sayt that Ubuntu may have a conflicting naming scheme in 21.04.	15:11
TJ-	Peanut: have you examined the udevd logs, afte renabling debug logging	15:11
Walex2	Peanut: because eth0, eth1 vs. eno0, eno1, is a different problem from eno0, eno1 vs. eno3, eno4.	15:12
Walex2	the case of different numbers within the same naming scheme can happen if the hw paths are enumerated differently, but that cannot happen if the naming schemes changes randomly.	15:12
TJ-	Peanut: try adding "udev.log_priority=debug" to the kernel command line	15:13
Peanut	TJ-: done, rebooting	15:13
=== Scotty_Trees3 is now known as Scotty_Trees
Peanut	TJ-: Wowk, that generates a lot of scrolling on the console! (Logged in over IPMI at the moment, due to lack of stable networking)	15:16
TJ-	Peanut: ahh, yes, well "debug"	15:17
TJ-	Peanut: "journalctl -b 0 -u systemd-udevd.service" when you have good access	15:18
Peanut	TJ-: Ok, got there (didn't take quite 5 minutes, took a quick break)	15:23
=== ttyS2 is now known as jonvonb
Peanut	On this boot, it seems we got eno1 and eth1. For enp3s0f0 and enp3s0f1, two posts on an on-board dual-port 10G X540-AT2. How would one find the original kernel name?	15:34
vlm	Peanut, did you try dmesg\|grep 'X540-AT2' or else hardware name?	15:37
TJ-	original kernel names would be eth0 and eth1	15:39
Peanut	vlm: Good one. I get 'eno1: renamed from eth0' (but never eth0) in dmesg, the other one seems to stay as eth1.	15:39
TJ-	Peanut: my guess is eth0 -> en1 then attempts eth1 -> en1 which is taken	15:39
Peanut	The dmesg doesn't show the original kernel names, only when they happen to get renamed.	15:39
TJ-	Peanut: the udev log should show what happened during renaming, in detail	15:40
Peanut	TJ-: 32252 lines of detail, working through that at the moment.	15:42
=== vlm_ is now known as vlm
TJ-	Peanut: search for "net_id" the builtin that handles it	15:45
Peanut	Curiously, the 'eno1: renamed from eth0' does not seem to have a corresponding entry in the udev log at all, so that may happen before udev?	15:45
TJ-	Peanut: or the first instance of "eth0"	15:45
Peanut	There's no instance of the string 'eth0' in the udev log, but there is in dmesg.	15:45
Peanut	In dmesg, we get "ixgbe 0000:03:00.0 eno1: renamed from eth0", so I wonder if that's due to the ixgbe driver itself?	15:47
TJ-	Peanut: does the systemd-udevd log have entries such as "Using default interface naming scheme 'v245' "	15:47
Peanut	Yes, v247	15:48
TJ-	Peanut: what does this report: "sudo udevadm test-builtin net_id /sys/class/net/eth1"	15:50
Peanut	'No such device' but that's because I have for now configured systemd to use the 'path' naming convention. When I do it for enp3s0f0, and for enp3s0f1, they both report 'ID_NET_NAME_ONBOARD=eno1'	15:52
TJ-	aha	15:53
Peanut	So that seems to originate from the firmware.	15:53
TJ-	there is your problem then. because both interfaces are on the same slot	15:53
Peanut	That's expected for a dual port card, innit?	15:53
TJ-	well it ought not; it isn't like dual/quad port adapters aren't common	15:54
Peanut	These cards (and most dual/quad cards I've seen) are the same slot, but not the same function. That's why I get enp3s0f0 and enp3s0f1.	15:55
Peanut	TJ-: everyone - thanks very much for your help so far. I have to leave the office now (lockdown rules), back in an hour or so.	15:59
=== MIF is now known as DarthMIF
TJ-	Peanut: looking at the source-code for udev-builtin-net_id.c it gets the name from the system's ACPI DSDT, specifically the _DSM (device specific method)	16:02
timvisher	Is there some way to tell `apt-get install <pkg>=<version>` to install the package's dependencies at the correct version? I'm atteming to run `apt-get install openjdk-8-jdk=8u77-b03-3ubuntu3` and it's complaining that the wrong version of its dependencies are going to be installed but the correct versions are available if I run `apt-cache policy openjdk-8-jre`, for instance.	16:09
TJ-	timvisher: possibly adding --print-uris and --allow-downgrades and see what versions are revealed in the printed URIs	16:16
timvisher	TJ-: Thanks. I'll give that a try.	16:17
timvisher	TJ-: `sudo apt-get install --print-uris --allow-downgrades openjdk-8-jdk=8u162-b12-1	16:20
timvisher	…	16:20
timvisher	E: Unable to correct problems, you have held broken packages.` and I don't see any obvious URIs being printed. :\	16:20
timvisher	What appears to work is `apt-get install openjdk-8-jdk=8u162-b12-1 openjdk-8-jre=8u162-b12-1 openjdk-8-jdk-headless=8u162-b12-1 openjdk-8-jre-headless=8u162-b12-1` but obviously I'd like it to just select the proper version of the packages.	16:21
TJ-	timvisher: I think --print-uris failed because you'd previously had a failure to install	16:32
timvisher	TJ-: That makes sense.	16:33
TJ-	timvisher: as it stands apt doesn't have a way to do what you want with dependencies, but it is a valid use-case, so I reccommend opening a bug against apt.juliank has been doing a lot of improvements to apt so it may get on his radae	16:35
timvisher	TJ-: Neat! Thanks for helping me out. What I have isn't the worst work around. :)	16:36
nuala	uhm a friend gave me their laptop to fix… it's _not_ ubuntu, but seemingly freezes during decryption of luks disks. any clue where to go (their distro support don't seem strong with the luks-power… happy may4 btw)	16:42
TJ-	nuala: try asking in ##linux	16:43
nuala	ty!	17:02
j5v1	might be a bit of an odd question, but does anyone know of a theme for cinnamon and an icon pack to make my desktop look like older versions of ubuntu (such as ubuntu 8 or 10)?	18:05
Maik	j5v1: Ubuntu Mate would have been a better option than installing cinnamon on top of Ubuntu. Ubuntu MATE is easier to let it look like Ubuntu 8.04 or 10.04	18:08
shush	Hello, I'm looking to do `tail -f file.log \| jq .` in a tmux session but scrolling in tmux is painful. Any suggestion on how I can get a tail of the log file with some good scrolling abilities?	18:08
j5v1	Maik, good point, may have to look into using MATE	18:09
Maik	j5v1: here's mine from a while ago: https://ubuntu-mate.community/uploads/default/original/3X/e/5/e5fff2e827d074bc3eccf7f809683ddbf3474283.jpeg	18:09
jason1234	!ubuntu releases	18:34
jason1234	In year 2003, which Ubuntu release was available?	18:34
jpmh	I am NOT a docker user and do not have it on my servers. I have a client that wats us to allow docker. I created adocker container that was JUST Ubuntu, on a Ubuntu machine. When I use that container on another machine with the docker daemon it can bypass file permissions because the dameon runs as the root, from what O can see. Is this true?	18:34
=== grumble is now known as Guest31287
=== gurmble is now known as grumble
lordcirth	jason1234, none. The first release was 2004.	18:35
=== veegee_ is now known as veegee
lordcirth	jpmh, if the container is running in priviledged mode, it can break out. But unprivileged is the default.	18:36
jpmh	lordcirth: you say "the container" - If I pull the container from another test server when running as an unpriv user how does that allow the conatiner to run priv, as it seems to? So, clearly I'm missing soething crucial here	18:38
jpmh	lordcirth: I would add that I literally just installed docker using apt so on both test machines it is set however the defaukt it	18:38
lordcirth	jpmh, I'm not very familiar with docker, but perhaps the container was configured to run priv, and that was copied. https://docs.docker.com/engine/security/userns-remap/	18:39
lordcirth	You may need to create /etc/sub{g,u}id	18:40
jpmh	lordcirth: I'm sure that is the case. But that sure seems a problem. If I create sucha container on MY server then go to a server that I do not have privs on and bring in that container that should notallow meto break out	18:41
jpmh	lordcirth: realistically it is HORRENDUS that the defaul docker setup has this hole. Or, am I missing something?	18:43
lordcirth	jpmh, the default docker setup presumably does not assume an untrusted user being able to run arbitrary docker commands on the host.	18:44
lordcirth	How are you allowed to spawn containers if you are not trusted?	18:44
jpmh	lordcirth: yes - but that BREAKS the whole *nix philosophy	18:45
lordcirth	jpmh, You should ask on #docker	18:45
jpmh	lordcirth: I lost connectin - if you suggested anything ghen please re-send	18:50
TJ-	jpmh: there's a difference between the permissions of docker daemon and the container itself	18:50
jpmh	lordcirth: so, the probem would seemtobe that if I allow a user ANY access to docker I am giving hom complete accessto the machine. My cliet wants to be able to run a simple docker container	18:51
jpmh	TJ-: OK - so, the daemon is running the default way the install set it.It seems therefore that any container that is run has complee acces to the entre machine. What am I missing?	18:52
jpmh	TJ-: indeed the daemon is running as the root - that's how the defaut install goes	18:52
TJ-	jpmh: docker-daemon is the supervisor, not the container. It takes the image, creates the container, sets the cgroup/namespace limitations, for unprivileged containers it alters the UIDs/GIDs based on subuid/subgid and starts the init process inside the container	18:53
TJ-	jpmh: in the same way that logind, running as root, allows you to log-in and create a user session	18:54
lordcirth	jpmh, If you want the client to have a container, but not any priviledges outside of it, then you make the container and add his ssh keys or whatever. Do not give their user permissions to manage docker.	18:54
TJ-	your user session has your UID/GID not root	18:54
TJ-	jpmh: if you want a daemonless alternative see podman and crun and friends	18:55
jpmh	lordcirth: the problem is that the client is a Starbucks franchise and wans to run thecontainer that Starbucks provide. So, making the container is not achoice	18:55
TJ-	jpmh: so just make the container unprivileged	18:56
lordcirth	jpmh, what do you mean? you download and run the container.	18:56
jpmh	TJ-: what I am missing here is that if I give a user acces to docker and he then choses to bring in a container that is privilged then he seems to get the priv -	18:56
TJ-	jpmh: you can also run the docker-daemon 'rootless'	18:56
lordcirth	jpmh, yes, if you give a user the ability to give orders to a daemon running as root, they have root.	18:56
TJ-	jpmh: you don't give the user access to docker, only to the container	18:56
lordcirth	Last I checked, rootless docker was a pain	18:57
TJ-	makes sense, if it ain't root !	18:57
jpmh	lordcirth: are you suggesting that I do not grant im a limited shell whth docker, bt that I just boot him right nto the container? Actually, tat would work	18:57
TJ-	jmcgnh: https://docs.docker.com/engine/security/rootless/	18:58
jpmh	TJ-: our messages crossed - YEP - that makes sense	18:58
lordcirth	jpmh, there is no need for them to have any shell on the host.	18:58
lordcirth	They want a container, not a shell that can start containers	18:58
jpmh	lordcirth: YEP - that's the solution	18:58
TJ-	jmcgnh: think of it like operating a hotel. You operate the hotel, manage the kichen, serve the food... but you only allow your guests to sit at the table and eat what you serve them	18:58
jpmh	lordcirth: and TJ- wht I do not like about this is that: 1) I did bother to test and check, and you guys helpedme gain clarity. 2) many users will not think this through and the default is HORRIBLE. Unde *nix I shouldbe ableto give a user limited shellaccess and rely on the OS to LIMIT him	19:00
lordcirth	jpmh, by default, only root and users in the 'docker' group can manage the docker daemon.	19:00
lordcirth	So the default is correct.	19:01
jpmh	TJ-: the hotel anaology does not work for me - if the hotel gives me access to a phone I do not expect full access to the PHONE system	19:01
jpmh	lordcirth: and TJ - so does this sound a reasonable solution:	19:01
jpmh	set up a new account on the server for the user. Set that account to start directy into his docker container and so be llimited. And of course that user would needto be part of the group "docker"	19:02
lordcirth	jpmh, no. They do not need any user on the host, and certainly not one in the privileged "docker" group	19:03
jpmh	lordcirth: OK, than how do I allow them access to the comtainer?	19:03
lordcirth	jpmh, ssh, usually	19:03
jpmh	lordcirth: that is what I was suggesting. Set him up with ssh access to an account that IMMEDIATELY syatys then container instead of bash	19:04
lordcirth	jpmh, no, they ssh into the container.	19:04
jpmh	lordcirth: so you wnat the container already running? Right?	19:05
lordcirth	jpmh, yes, just have the container configured to start on host boot.	19:06
jpmh	lordcirth: I'm not thinking this well. Given that the container assumes that he has shell access and that it was started as an interactive terminal, how do I set that to be ssh accessible to him	19:07
jpmh	it is expecting tty not an ssh connection	19:07
lordcirth	Ah, I see.	19:07
lordcirth	A docker container that's only supposed to be run locally? That's... whyyyy.	19:08
jpmh	lordcirth: doyou seeanything wrong with my Kludge of an account that uses a startup of the container rather than bash?	19:08
jpmh	lordcirth: correct - itis HORRIBLE	19:09
lordcirth	jpmh, I guess it's ok, if you change their shell?	19:09
lordcirth	Or, actually, you could use sudo.	19:09
lordcirth	You could give them access to use sudo for the one command "docker run <container>"	19:10
jpmh	lordcirth: the only reason I am even CONSIDERING this is thta the client has 200 coffee shops that are using my POS system and he wants to add this feature - and 200+ is a significant proprtion of my 1200_ installations	19:10
jpmh	lordcirth: what is the advantage to the sudo compared to just a login-shell that is the docker container?	19:10
lordcirth	Alternatively, give up and give them a VM	19:11
lordcirth	A VM with a real OS with ssh.	19:11
leftyfb	jpmh: look into lxd maybe?	19:11
jpmh	the provider of the ontainer is assuming that the users will be using docker on their own machines, not a shared server I suspect	19:11
lordcirth	You can't launch a docker container in lxd without the LXD container being priv, I think	19:11
jpmh	lordcirth: I don't understand your last comment	19:11
leftyfb	jpmh: your docker questions should really be directed at #docker btw	19:12
jpmh	leftyfb: what are oyu suggesting with lxd	19:12
leftyfb	jpmh: lxd as opposed to docker. If it's an option	19:12
lordcirth	jpmh, The easy solution is to create an Ubuntu virtual machine (with libvirt) and give them ssh access to that. Then you don't have to worry about permissions.	19:12
lordcirth	Then they can be in the docker group and start their wierd local docker container in their own sandbox.	19:13
jpmh	leftyfb: but will lxdrun docker containers - remember I am NOT the creator of the container?	19:13
lordcirth	No, LXD is not a solution for a vendor-provided docker container	19:14
jpmh	lordcirth: what does that hive me that just setting their shell to the coeker container does not give me - TW, I am testing that idea as we speak and it seems clean - fast etc. And when he exits the container he is disconneced	19:14
lordcirth	jpmh, Less ways for a mistake to happen. I don't know the security properties of hijacking $SHELL and trusting that to be secure.	19:16
jpmh	lordcirth: my understanding ofthe OS is that an ssh login starts the specified shell and when that exits the user is disconnected. But that s a goodquestion - is there a way past that	19:18
lordcirth	jpmh, try ssh -t "bash --noprofile"	19:20
jpmh	lordcirth: I'm missing something there	19:22
lordcirth	jpmh, supposedly that bypasses a modified shell	19:22
lordcirth	try it as your restricted user	19:23
jpmh	lordcirth: I'm trying it - I can do the -t, but I do not see the -t taking a parameter YET	19:24
lordcirth	It's the command, not a parameter to -t, I believe	19:25
jpmh	lordcirth: I trie: ssh -p 2323 test@testmachine.com - all works as exected I get my container	19:26
jpmh	then I tried ssh -p 2323 -t .... - again- all as expected	19:26
jpmh	what I do notsee is how topass "what to do" to the ssh daemon on the serrver	19:26
jpmh	in fact, if there wa a way to do that, wouldn't that be a horriblehole tat a user with a restricted shell ocpuld just use a NON-restcited shell by specifying what to do	19:27
jpmh	lordcirth: what are you suggestingmy ssh command should be to do that bypass	19:28
lordcirth	And "ssh -p 2323 test@testmachine.com -t "bash --noprofile" does what?	19:29
jpmh	if you are just suggesting that I have the command - then no - this is NOT a bypass since the command is executed by the shell that has been created per the etc/passwd file - and it is my container, and it does not know what to do with the command	19:30
jpmh	lordcirth: it just brings uo the cotainer - sI would hope	19:30
lordcirth	Ok.	19:31
jpmh	I think/believe that the command is apssed to the login shell, which in my case is the container	19:31
jpmh	if you think about it any other methd would mean that people could get past the use of rbash as a loginshell	19:32
jpmh	leftyfb: lordcirth TJ - thanks for the help and patience - I'm going to confirm in the docker groupl ut I think we have a solution	19:58
nuala	shush: more a workaround but: open a new tmux-window and have `less logfile` or `tail logfile -n99999\|less` ready to use?	20:19
=== ghostcube_ is now known as ghostcube
dob1	I don't use gnome as desktop manager but just openbox. The problem is that every ubuntu related software (store and upgrade) doesn't work while am I using openbox. any help for this? the softwares load but when there are some administrative task to execute (like instlaling/upgrading software) it do nothing.	20:35
sarnold	dob1: you'll probably have to be more specific	20:36
sarnold	dob1: I run apt upgrade and apt install things all the time in i3 and never noticed any problems	20:36
dob1	sarnold, apt and apt dist-upgrade are not a problem. it's for example the store the problem. when I click install on a software nothing happen. imho it doesn't prompt for password authentication needed for instlalation	20:38
dob1	it miss that dialog, I don't know why	20:38
dob1	and some software are on snap packages so the only way to install them is from the store	20:39
leftyfb	dob1: sudo snap install <package name>	20:40
leftyfb	dob1: there is no package that can be installed through the "store" that you can't install using apt or snap	20:40
dob1	leftyfb, ok I can use this way	20:41
sarnold	dob1: oh, so perhaps you don't have a policykit thing installed? I wonder if there's a favourite in the openbox community	20:41
dob1	sarnold, I have policykit-1 and policykit-desktop-privileges	20:42
sarnold	dob1: 'apt-cache search policy kit agent' will show you some package names for one from kde, gnome, lxde, and ukuik	20:42
sarnold	dob1: any agents?	20:42
dob1	sarnold, no	20:42
dob1	which one to install?	20:43
dob1	I don't know what ukuik is	20:43
sarnold	dob1: well, it's mostly a typo, hehe, it's 'ukui' :) I also haven't got a clue what it is.	20:44
sarnold	dob1: I'm still not great with this keyboard, hehe	20:44
dob1	sarnold, no problem :)	20:44
sarnold	dob1: try running 'apt-get -s install lxpolkit ; apt-get -s install lxqt-policykit ; apt-get -s install mate-polkit ; apt-get install -s policykit-1-gnome ; apt-get -s install polkit-kde-agent-1' and compare the list of packages that will be installed; perhaps one will only require four or five packages, perhaps one will require a hundred	20:46
sarnold	dob1: without having a clear reason to pick one or another, I'd pick the one with the fewest deps :)	20:46
dob1	sarnold, I give it a try thanks	20:47
unloading	Hi, i'm running 3955WX on an GA-WRX80-SU8-IPMI motherboard, ubuntu-server kernel 5.11. I would like to have more control over my fans because of noise issues. In the bios of this motherboard you can enable "automatic mode", or 3 modes with no knowledge of the setpoints. I do not like that.... Running sensors-detect gives me "Found `Nuvoton NCT6683D eSIO' (but not activated)". I tried modprobe	21:06
unloading	nct6683 force=1, didnt work. Also i enabled the kernel driver aspeed-pwm-tacho , but i have no idea how to interface with it. Looking for some idea's / help.	21:06
tomreyn	unloading: you didn't mention the ubuntu release	21:12
shush	nuala: You're saying to use less?	21:12
shush	What does -n99999 do?	21:13
shush	I tried less, but I don't see the coloring and I think less will cut off text after a certain point	21:14
shush	Is there a way to get scrolling in tmux?	21:14
leftyfb	shush: https://superuser.com/a/209608 # first result on google for "tmux scroll"	21:15
unloading	tomreyn: 21.04	21:15
tomreyn	unloading: hmm, ok, i came across bug 1858369 but i guess you foudn this one already, since you say you already tried modprobe nct6683 force=1	21:19
ubottu	bug 1858369 in lm-sensors (Ubuntu) "nct6683 not working" [Undecided,Invalid] https://launchpad.net/bugs/1858369	21:19
unloading	tomreyn: yep :) dmesg returns: nct6683: EC base I/O port unconfigured	21:19
tomreyn	unloading: maybe you need to scan more areas with sensors-detect then	21:21
tomreyn	or just update the bios?	21:22
tomreyn	https://github.com/torvalds/linux/blob/e4adffb8daf476a01e7b4a55f586dc8c26e81392/drivers/hwmon/nct6683.c#L1370	21:22
unloading	tomreyn: i have the latest version.	21:23
tomreyn	about aspeed-pwm-tacho, you probably found https://www.kernel.org/doc/html/latest/hwmon/aspeed-pwm-tacho.html ?	21:23
unloading	tomreyn: yes	21:23
tomreyn	so you should see the pwmX FSO in /sys/module/aspeed_pwm_tacho/	21:24
tomreyn	and you should be able to echo integer values to it	21:25
unloading	tomreyn: Ye thats also not the case	21:25
tomreyn	so /sys/module/aspeed_pwm_tacho/ does not exist, or pwm* doesn't exist there, or...?	21:26
unloading	tomreyn: the dir exists. But pwm* doesn't	21:27
unloading	tomreyn: https://paste.ubuntu.com/p/jsFgZt9SyW/	21:28
tomreyn	unloading: there's a 5.12 pre change to this module: https://github.com/torvalds/linux/commit/da75b2245281ec28b74117f6da219405464928be	21:32
tomreyn	i'm not sure it's relevant, though	21:33
unloading	tomreyn: is there a way to use this, and not upgrading to kernel 5.12 ?	21:34
unloading	tomreyn: Because i can't upgrade to 5.12 because of openzfs support.	21:35
tomreyn	you could rebuild the module with the patch applied to it.	21:35
tomreyn	but i'm not even sure that you have pwm control done by the AST 2500 on your system. are you?	21:36
unloading	tomreyn: Atm its not controlled by ast2500. But i thought it could be controlled by the ast2500.	21:37
tomreyn	if that's switchable it's most certainly switchable in bios	21:38
unloading	tomreyn: Well in bios there is only the option to switch fancontrol to automatic. Nothing more is given, just automatic mode. Or manual, than you can set 3 setpoints for low,medium,high fan rpm.	21:40
tomreyn	and there are no fan control options in the bmc, i assume?	21:41
unloading	tomreyn: Yes	21:41
tomreyn	then i wouldn't expect the fans tto be controlled by the ast2500 on this system	21:42
tomreyn	maybe the folks in ##hardware would know better, though	21:42
unloading	tomreyn: k maybe i can ask there	21:42
unloading	tomreyn: thanks for helping me	21:43
tomreyn	i'd also check lm-sensors for updates after the version you have now	21:43
tomreyn	i.e. check git commits, maybe there's something about the nct6683 that was only added recently	21:44
tomreyn	or just get the latest sensors-detect first of all	21:45
unloading	tomreyn: k	21:45
jjbuggle	Depends: grub2-common (>= 2.02~beta2-36ubuntu3.31) but 2.04-1ubuntu26.11 is to be installed <------ how do I resolve that properly?	21:46
stemid	hey I'm expanding an LVM on an ubuntu 18.04 server and for some reason it was created on a logical partition, on an extended partition. never seen this setup before. https://bpa.st/XHVA here's how it looks. the start sector is slightly different on the extended partition but the logical one with the LVM signature is the same. so I guess that's fine right?	21:46
stemid	fdisk did find the LVM signature and kept it.	21:47
tomreyn	jjbuggle: which ubuntu release is this? you seem to be mixing packages from different releases	21:49
jjbuggle	tomreyn: I'm on xubuntu 20.04, an upgrade from 18.04. Clean install of 18.04, with 10+ year old /home. That's it	21:50
tomreyn	jjbuggle: how did you upgrade?	21:50
jjbuggle	tomreyn: hmmm, I don't remember. But I usually follow the release notes instructions. Probably used the graphical upgrade tool. I think I did do that	21:51
jjbuggle	I think the only funny thing I did, was flip a setting, whatever, that made it do the upgrade when the release came out, rather than waiting for the point release which is when LTS usually upgrades	21:52
tomreyn	jjbuggle: if running this seems safe to you, please do: sudo /bin/true && cat &>/tmp/aptlog < <(sudo grep -hEv '^([ ]#.)?$' /etc/apt/sources.list{,.d/*.list} 2>&1; sudo apt-get -y update 2>&1; apt-cache policy 2>&1; sudo apt-get -syV full-upgrade 2>&1;); nc termbin.com 9999 </tmp/aptlog && rm /tmp/aptlog	21:52
tomreyn	jjbuggle: so you did an unsupported upgrade, i see.	21:53
jjbuggle	I mean, unsupported, but, still following the official release notes, so....	21:54
tomreyn	if the above commands seem scary, try running those that seem safe one by one, and report both the full command you ran, and it's full output, incl. watrnings / errors, on a pastebin	21:55
jjbuggle	https://termbin.com/lxc8	21:56
jjbuggle	it did seem scary, but I looked through it.	21:56
tomreyn	stemid: your paste says "Before delete/create" and "After", but you're not telling what you changed exactly.	21:57
tomreyn	jjbuggle: what does this report? apt list --installed \| grep ',local\]$'	21:58
tomreyn	(on a pastebin)	21:58
jjbuggle	damn, I have to run actually. my current work around was to just uncheck the grub stuff	21:58
stemid	tomreyn: nevermind, it worked. and also there were fs errors so had to run fsck -yf which is probably why the fs was remounted as ro in the first place. solved now.	22:00
jjbuggle	tomreyn: fwiw: https://termbin.com/q3gf	22:00
jjbuggle	ok, I really have to go. Thanks for your help!	22:01
tomreyn	you're welcome	22:02
tomreyn	stemid: the partitioning tool you used there seems to have moved the start of the extended area to the front, which could be fine, since it does not overlap with the regular / primary partition area. it also seems to have extended the extended area to towards the end. it also increased the extended partion which contains your LVM PV, but did not move this partition within the extended area, so that you now have a bit of slack space at the	22:08
tomreyn	beginning of the xtended area.	22:08
tomreyn	(but so little it probably won't do harm)	22:08
tomreyn	stemid: whether or not the LVM PV was also grown can't be told based on the output you provided so far.	22:09
tomreyn	("sudo pvs" could tell)	22:09
stemid	well it did grow. it's solvd now.	22:24
stemid	I just wasn't used to the setup of having a logical partition in an extended one. and the start sector changing made me concerned.	22:24
stemid	and the paste was pretty clear, it goes from one size to another.	22:24
Deano59	in debian, you install zram-tools but in ubuntu you install zram-config - debian is under /etc/default/zram-tools but I can't find it under ubuntu?	22:42
Deano59	brb, gonna google.	22:43
sarnold	Deano59: they're both in universe, why prefer one over the other?	22:43
Deano59	brb	22:45
Deano59	thanks sarnold, forgot about universe. :)	22:47
ash_worksi	sarnold: another happy customer	22:48
sarnold	:)	22:48
ash_worksi	:D	22:50
ash_worksi	o/	22:50
=== ghostcube_ is now known as ghostcube
nuala	shush: "and I think less will cut off text after a certain point" i dont think i have experienced this. do you mean horizontally? have you tried cursor left and right keys?	23:09
nuala	tbh: i think tmux cuts of scrollback (or terminal emulator, can't tell) point is: given enough noise in between i cant scroll further back up. less is more and trusty tool to examine even bigger files... since... way before i head about it ^^;	23:11
=== tripelb is now known as lollypop
=== lollypop is now known as lollymom
=== lollymom is now known as tripleb
=== tripleb is now known as tripelb

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!