I'm trying to troubleshoot a firewall rule causing packets to drop.
I set up TRACE and got the following:
TRACE: 1 79de9f86 filter:input:rule:0x17:DROP
How do I find which specific rule is referenced and causing the dropped packets?
I am trying to install the dependencies to compile Strongswan, since the main packages appear to be broken.
When I attempt to install the libsoup package, I get the following error:
~/strongswan-5.9.14# apt install -f libsoup2.4-dev
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
libbrotli-dev : Depends: libbrotli1 (= 1.1.0-2build2) but 1.1.0-2+ubuntu22.04.1+deb.sury.org+1 is to be installed
This is on a server installation, recently upgraded to 24.04.1 LTS.
Update: package info
# apt policy libbrotli1
libbrotli1:
Installed: 1.1.0-2+ubuntu22.04.1+deb.sury.org+1
Candidate: 1.1.0-2+ubuntu22.04.1+deb.sury.org+1
Version table:
*** 1.1.0-2+ubuntu22.04.1+deb.sury.org+1 100
100 /var/lib/dpkg/status
1.1.0-2build2 500
500 http://archive.ubuntu.com/ubuntu noble/main amd64 Packages
# apt-get remove libbrotli1
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
shim-signed : Depends: grub-efi-amd64-signed (>= 1.191~) but it is not going to be installed or
grub-efi-arm64-signed (>= 1.191~) but it is not installable or
base-files (< 12.3) but 13ubuntu10.1 is to be installed
Depends: grub-efi-amd64-signed (>= 1.187.2~) but it is not going to be installed or
grub-efi-arm64-signed (>= 1.187.2~) but it is not installable
Depends: grub2-common (>= 2.04-1ubuntu24) but it is not going to be installed
E: Error, pkgProblemResolver::Resolve generated breaks, this may be caused by held packages.
I see the package installed is from the ppa, and there is a package in the repos. What is the best / safe way to remove and re-install the repo package without breaking everything?
I have a laptop running Ubuntu 23.10 running VirtualBox Graphical User Interface Version 7.0.10_Ubuntu r158379
When I boot the Virtual Box interface up, it immediately pops up the error:
Failed to enumerate host USB devices.
Could not load the Host USB Proxy service: VERR_DISK_FULL.
Result Code:
NS_ERROR_FAILURE (0X00004005)
Component:
HostWrap
Interface:
IHost {e54f6256-97a7-4947-8a78-10c013ddf4b8}
The laptop is setup with a ZFS file system with over 1 TB free:
$ zfs list
NAME USED AVAIL REFER MOUNTPOINT
UbuntuZFS 6.10T 1.02T 192K none
UbuntuZFS/home 1.93T 1.02T 1.84T /home
UbuntuZFS/replicant 4.10T 1.02T 4.10T /mnt/replicant
UbuntuZFS/root 78.7G 1.02T 58.6G /
I've tried removing and re-installing the VBox extension pack, but that did not change the error.
This error is popping up before any virtual machines are opened.
Syslog has the following info:
023-11-15T14:44:07.550689-05:00 fafnir kernel: [12360.888264] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.10/build/vboxdrv/common/log/log.c:551:41
2023-11-15T14:44:07.582740-05:00 fafnir kernel: [12360.921116] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.10/build/vboxnetflt/linux/VBoxNetFlt-linux.c:861:45
2023-11-15T14:44:07.582757-05:00 fafnir kernel: [12360.921373] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.10/build/vboxnetflt/linux/VBoxNetFlt-linux.c:930:19
2023-11-15T14:44:07.582766-05:00 fafnir kernel: [12360.921529] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.10/build/vboxnetflt/linux/VBoxNetFlt-linux.c:931:19
2023-11-15T14:44:07.587163-05:00 fafnir kernel: [12360.921679] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.10/build/vboxnetflt/linux/VBoxNetFlt-linux.c:937:19
2023-11-15T14:44:07.587179-05:00 fafnir kernel: [12360.921827] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.10/build/vboxnetflt/linux/VBoxNetFlt-linux.c:1213:9
2023-11-15T14:44:07.587187-05:00 fafnir kernel: [12360.921998] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.10/build/vboxnetflt/linux/VBoxNetFlt-linux.c:917:15
2023-11-15T14:44:07.587228-05:00 fafnir kernel: [12360.922224] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.10/build/vboxnetflt/linux/VBoxNetFlt-linux.c:918:15
2023-11-15T14:44:07.587240-05:00 fafnir kernel: [12360.922404] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.10/build/vboxnetflt/linux/VBoxNetFlt-linux.c:919:15
2023-11-15T14:44:29.942888-05:00 fafnir kernel: [12383.281184] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.10/build/vboxnetflt/linux/VBoxNetFlt-linux.c:943:19
2023-11-15T14:44:29.942918-05:00 fafnir kernel: [12383.281600] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.10/build/vboxnetflt/linux/VBoxNetFlt-linux.c:944:19
2023-11-15T14:44:29.946752-05:00 fafnir kernel: [12383.281976] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.10/build/vboxnetflt/linux/VBoxNetFlt-linux.c:945:19
2023-11-15T14:44:58.114804-05:00 fafnir kernel: [12411.453334] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.10/build/vboxnetflt/linux/VBoxNetFlt-linux.c:951:23
2023-11-15T14:44:58.114817-05:00 fafnir kernel: [12411.453681] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.10/build/vboxnetflt/linux/VBoxNetFlt-linux.c:952:23
2023-11-15T14:44:58.118746-05:00 fafnir kernel: [12411.453981] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.10/build/vboxnetflt/linux/VBoxNetFlt-linux.c:958:23
2023-11-15T14:44:58.118774-05:00 fafnir kernel: [12411.454281] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.10/build/vboxnetflt/linux/VBoxNetFlt-linux.c:1222:13
2023-11-15T14:52:00.059611-05:00 fafnir dbus-daemon[2333]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' requested by ':1.182' (uid=1000 pid=45623 comm="/usr/lib/virtualbox/VirtualBox" label="unconfined")
2023-11-16T08:25:23.667358-05:00 fafnir kernel: [76038.004783] input: BM20X-5.0 as /devices/virtual/misc/uhid/0005:000E:3412.0008/input/input34
2023-11-16T08:25:23.739025-05:00 fafnir /usr/libexec/gdm-x-session[4725]: (**) Option "config_info" "udev:/sys/devices/virtual/misc/uhid/0005:000E:3412.0008/input/input34/event4"
2023-11-16T12:32:34.048520-05:00 fafnir kernel: [90867.964254] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.10/build/vboxdrv/common/log/log.c:1558:29
2023-11-16T12:37:05.988567-05:00 fafnir kernel: [91139.906740] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.10/build/vboxdrv/SUPDrvGip.c:648:59
2023-11-16T12:37:05.988587-05:00 fafnir kernel: [91139.906898] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.10/build/vboxdrv/SUPDrvGip.c:647:59
2023-11-16T12:38:40.046438-05:00 fafnir dbus-daemon[2333]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' requested by ':1.263' (uid=1000 pid=45623 comm="/usr/lib/virtualbox/VirtualBox" label="unconfined")
2023-11-16T12:53:44.923189-05:00 fafnir systemd[4532]: app-gnome-virtualbox-86937.scope: Failed to add control inotify watch descriptor for control group /user.slice/user-1000.slice/[email protected]/app.slice/app-gnome-virtualbox-86937.scope: No space left on device
2023-11-16T12:53:44.923464-05:00 fafnir systemd[4532]: app-gnome-virtualbox-86937.scope: Failed to add memory inotify watch descriptor for control group /user.slice/user-1000.slice/[email protected]/app.slice/app-gnome-virtualbox-86937.scope: No space left on device
2023-11-16T12:53:44.944988-05:00 fafnir systemd[4532]: Started app-gnome-virtualbox-86937.scope - Application launched by gnome-shell.
2023-11-16T12:53:45.002296-05:00 fafnir virtualbox.desktop[86937]: Qt CRITICAL: inotify_add_watch(/home/alan/.config/ibus/bus/4ac0e7f5903b1e1023748f9563b86a21-unix-1) failed: (No space left on device)
Any ideas on how to resolve?
I am trying to get a Strongswan / IKEV2 VPN set up on Ubuntu 23.04.
I have the Network Manager plugin compiled and working.
When I attempt the connection, I get the below error in syslog, that it is unable to open the certificate bundle.
Based on the log it appears Apparmor is blocking the access.
How do I fix it so Apparmor will allow access to the file?
2023-10-12T22:07:00.546588-04:00 fafnir charon: 10[CFG] received stroke: add connection '3c204271-9b89-4f25-85b8-3e13d53e6bde'
2023-10-12T22:07:00.546660-04:00 fafnir charon: 10[CFG] added configuration '3c204271-9b89-4f25-85b8-3e13d53e6bde'
2023-10-12T22:07:01.492277-04:00 fafnir charon: 12[CFG] rereading secrets
2023-10-12T22:07:01.492891-04:00 fafnir charon: 12[CFG] loading secrets from '/etc/ipsec.secrets'
2023-10-12T22:07:01.492904-04:00 fafnir charon: 12[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
2023-10-12T22:07:01.492915-04:00 fafnir charon: 12[LIB] opening '/home/alan/pki2/client_fafnir.p12' failed: Permission denied
2023-10-12T22:07:01.492949-04:00 fafnir charon: 12[LIB] building CRED_CONTAINER - PKCS12 failed, tried 3 builders
2023-10-12T22:07:01.492960-04:00 fafnir charon: 12[CFG] loading credentials from '/home/alan/pki2/client_fafnir.p12' failed
2023-10-12T22:07:01.495808-04:00 fafnir charon: 13[CFG] received stroke: initiate '3c204271-9b89-4f25-85b8-3e13d53e6bde'
2023-10-12T22:07:01.496243-04:00 fafnir kernel: [217471.389372] audit: type=1400 audit(1697162821.489:404): apparmor="DENIED" operation="open" class="file" profile="/usr/lib/ipsec/charon" name="/home/alan/pki2/client_fafnir.p12" pid=913258 comm="charon" requested_mask="r" denied_mask="r" fsuid=0 ouid=1000