|
BlankSystemDaemon posted:I'm fairly sure that's the exact way that's vulnerable to the exploit that I'm talking about, unless ps -x in the jail includes sshd like this: ah gently caress, it doesn't.
|
#
?
Jan 22, 2022 02:05
|
|
|
|
| # ? Apr 18, 2024 23:52 |
|
|
So I've been trying to use this script to set up a service that will run minecraft inside my jail. I modified that script a bit and put it at /etc/rc.d/minecraft (my version). Then I added minecraft_enable="YES" to /etc/rc.conf. But then I'm getting this error when trying to start the service: code:code:E: FFUUUUCCK its because there were carriage returns in the file 
Yaoi Gagarin fucked around with this message at 09:23 on Jan 22, 2022 |
|
#
?
Jan 22, 2022 08:13
|
|
|
systemctl enable --now minecraft.service don't make this harder than it has to be
|
|
#
?
Jan 22, 2022 09:23
|
|
Associate Christ
|
other people posted:systemctl enable --now minecraft.service we dont have systemd on freebsd!
|
|
#
?
Jan 22, 2022 09:23
|
|
|
If you have an rc script called foo, it's as simple as service foo enable. I'm a bit confused by the use of screen instead of daemon(8) in the original script, but it's not like it matters all that much. Also, the rc_debug variable is very helpful. 
|
|
#
?
Jan 22, 2022 09:41
|
|
|
VostokProgram posted:we dont have systemd on freebsd! that was the joke 
|
|
#
?
Jan 22, 2022 09:55
|
|
|
VostokProgram posted:Thanks for the explanation. I really should read the handbook and manpages instead of just bumbling through poo poo. I'm using truenas's UI to make the jail for me but then doing all the stuff in the jail using the shell (which is I think equivalent to ssh'ing into the jail) Man pages should always be the first thing you look at, but they aren't going to actually help you understand best practice.
|
|
#
?
Jan 22, 2022 16:37
|
|
|
I have an Ubuntu EC2 instance with 8GB RAM that is constantly running low on memory (<2%) and I am having a hard time finding the process that is using it. running "ps aux | awk '{print $6/1024 " MB\t\t" $11}' | sort -n" produces code:
|
|
#
?
Jan 26, 2022 13:47
|
|
|
Well, ps(1) gets you process information from userspace so that's not the best utility for the job - but I'm 99% sure this advice isn't exclusive to freebsd which is where I use it. The first stop with any memory debugging always has to be vmstat(8). EDIT: Welp, I see that -m doesn't do what it does on freebsd and -z doesn't even exist - Is there anything that produces an output similar to this? EDIT2: Also remember that for any modern OS, memory that isn't being used is not just wasted electricity, it's also a wasted opportunity to cache some data (although ideally, you'd only cache it once in a unified buffer cache, rather than filesystem and block device like on Linux). BlankSystemDaemon fucked around with this message at 14:10 on Jan 26, 2022 |
|
#
?
Jan 26, 2022 13:57
|
|
|
BlankSystemDaemon posted:i'm 99% sure this advice isn't exclusive to freebsd which is where i use it, but the first stop with any memory debugging always has to be vmstat(8) THIS GUY vmstat will give you some more info on linux - but check this out as well https://www.brendangregg.com/Slides/Velocity2015_LinuxPerfTools.pdf
|
|
#
?
Jan 26, 2022 14:27
|
|
|
Bob Morales posted:THIS GUY Did you check the link I added later on, the one that shows the output of vmstat -m? And I know Brendan Greggs USE method - because he's been using it and talking about using it for everything from Solaris/Illumos over FreeBSD and to Linux since the time he was at Sun.
|
|
#
?
Jan 26, 2022 14:56
|
|
|
BlankSystemDaemon posted:How do you get more info out of vmstat on Linux? Not sure - I would want to see the output of free -m and maybe pidstat -r
|
|
#
?
Jan 26, 2022 15:26
|
|
|
Agrikk posted:I have an Ubuntu EC2 instance with 8GB RAM that is constantly running low on memory (<2%) and I am having a hard time finding the process that is using it. Nothing crazy reported by Slabtop right? Does dmesg report what is causing the memory pressure?
|
|
#
?
Jan 26, 2022 16:07
|
|
|
vmstat results:code:Which then means any physical memory alarms can be ignored unless other symptoms manifest themselves. Is that right?
|
|
#
?
Jan 26, 2022 19:11
|
|
|
Agrikk posted:vmstat results: What is setting the alarms? Some kind of monitoring software? You're not swapping so you're fine.
|
|
#
?
Jan 26, 2022 19:22
|
|
|
Bob Morales posted:What is setting the alarms? Some kind of monitoring software? Yeah. My monitoring software is reporting ~ 98% memory use and I was trying to figure out if I needed to resize this instance or if this was normal behavior. It looks like since I have 8gigs of physical RAM on the instance and 7gigs of it is used for cache I'm fine.
|
|
#
?
Jan 26, 2022 19:28
|
|
|
Yeah whatever you're using for monitoring is being an idiot. You want the OS to use all the memory because it optimizes performance. If it doesn't give that memory to processes that ask for it, that's a legit problem.
|
|
#
?
Jan 26, 2022 19:35
|
|
|
Agrikk posted:vmstat results: The problems start occurring when you also have an OOM killer in Linux that has a decade worth of people talking bout its problems and not fixing them - but if you're not seeing that, then you're presumably fine. xzzy posted:Yeah whatever you're using for monitoring is being an idiot. You want the OS to use all the memory because it optimizes performance.
|
|
#
?
Jan 26, 2022 19:49
|
|
|
Though now I wonder if you could make a VM+hardware system that consolidated content into as few chips/sticks as possible and turned off refresh on the empty ones. It'd take Apple levels of integration, but maybe you could eek out some fractions of a Watt now and then?
|
|
#
?
Jan 26, 2022 19:53
|
|
|
Agrikk posted:Yeah. My monitoring software is reporting ~ 98% memory use and I was trying to figure out if I needed to resize this instance or if this was normal behavior. It looks like since I have 8gigs of physical RAM on the instance and 7gigs of it is used for cache I'm fine. I don't know what monitoring thing you're using, but I'd recommend reading into the different types of memory usage that linux has. If you really want to alert on memory usage at all, then you should be doing (total memory in use - freeable memory) / total system memory https://acloudxpert.com/working-with-memory-metrics-from-node-exporter/ Whenever a process does a malloc, the kernel can release its OS-cached memory in order to give it to the process.
|
|
#
?
Jan 26, 2022 19:55
|
|
|
yeah, modern OSes fill ram up as quick as they can as they cache everything you do, so they don't have to constantly fetch data over from low bandwidth and high latency hard drives (yes, this includes SSDs, even cheap modern ram has 25.6GB/s throughput)  Computer viking posted:Though now I wonder if you could make a VM+hardware system that consolidated content into as few chips/sticks as possible and turned off refresh on the empty ones. It'd take Apple levels of integration, but maybe you could eek out some fractions of a Watt now and then? doubtful. you're probably saving more energy putting your pcie bus to sleep and using ram cache than you are flushing memory and loading poo poo from your ssd
|
|
#
?
Jan 26, 2022 19:57
|
|
|
There's a reason laptops throttle cpus badly and eschew fancy graphics chips.. if you want to save power, that's where it happens. Keeping a screen lit up is a pretty substantial power draw too. Getting rid of spinning hard drives was also a decent power savings move (plus you get massively improved performance).
|
|
#
?
Jan 26, 2022 20:03
|
|
|
Computer viking posted:Though now I wonder if you could make a VM+hardware system that consolidated content into as few chips/sticks as possible and turned off refresh on the empty ones. It'd take Apple levels of integration, but maybe you could eek out some fractions of a Watt now and then?
|
|
#
?
Jan 26, 2022 20:22
|
|
|
BlankSystemDaemon posted:The problems start occurring when you also have an OOM killer in Linux that has a decade worth of people talking bout its problems and not fixing them - but if you're not seeing that, then you're presumably fine. The OOM killer is fine. Over-committing memory by default is fine. If you want to manage your services to avoid over commits and OOM conditions, that's also fine, but most people don't want to do that.
|
|
#
?
Jan 26, 2022 20:39
|
|
|
Can you do memory usage - cache and use that in your metric?
|
|
#
?
Jan 26, 2022 21:20
|
|
|
I have a monitor that seems to be giving me some goofy grief on this new Kubuntu system I set up. When I come back from standby, it just won't get any signal. If you look at xrandr, it will initially not list it. I can set it as a display without it complaining, but the monitor still won't get a signal. I'm trying shenanigans physically with the ports and the like, but I wondered if anybody knew anything to also check in software (logs, utilities, whatever) to help me figure out why it's so grumpy when connected to this system.
|
|
#
?
Jan 27, 2022 01:16
|
|
|
Truga posted:yeah, modern OSes fill ram up as quick as they can as they cache everything you do, so they don't have to constantly fetch data over from low bandwidth and high latency hard drives (yes, this includes SSDs, even cheap modern ram has 25.6GB/s throughput) That would really depend on the workload, wouldn't it? If you're "just" streaming a video, you should theoretically be able to keep netflix/firefox and a reasonable buffer in RAM without touching the disk ... and not even that much RAM. On the other hand, I agree that the tradeoff between saving RAM refresh power vs wasting power on PCIe/storage would be difficult. Besides, I can't immediately find any good power consumption numbers for modern laptop RAM, but I suspect it's low enough that it may not be worth the effort.
|
|
#
?
Jan 27, 2022 14:45
|
|
|
I have a Debian Bullseye system that I want to run with a read-only root filesystem. Root is on an SSD and key read/write sections of the filesystem are mounted to either tmpfs or partitions on an HDD. Here is my fstab with UUIDs removed for length: code:1. Are there any options that I should have set but don't? For example, I've seen debate on whether /tmp should be noexec - some people say it's a good practice, other say things like installers often assume they can execute in tmp and that there are ways around noexec anyway so bad actors could still exploit it in any case. 2. Is there somewhere where write errors are logged when something tries to write to a file in a read-only filesystem? Some things inform me immediately, for example I can't change passwords because /etc/passwd is read-only, but I'm wondering about background stuff that is failing silently. 3. What should I do with /root? It's a home directory so I guess home directory things go there when root runs them, but so far it being read-only hasn't seemed to affect much. Is it important enough that it should get its own partition? Or, would it be permissible to symlink it to say, /home/root? 4. I'm potentially interested in using overlayfs to overlay /etc (read-only) with /var/local (read/write) so that /etc can be written to. During periodic maintenance I can remount root as read/write and move everything from /var/local to /etc. Are there any safety and security caveats to this? I'd also like to do this with only fstab, no startup scripts or anything. Is there any way I can guarantee that the overlayfs only tries to happen after /var is mounted (is this even a possible problem)? edit: Regarding 4, I played around with it and got the overlay working (it turns out that order is incredibly important but systemd can handle that right as a mount option): code:However, even if the files /var/etc aren't currently being used I can't unmount the overlay from /etc without rebooting into recovery mode - it says it's busy. So unless there's a way around it, that's a little inconvenient. BattleMaster fucked around with this message at 17:22 on Jan 27, 2022 |
|
#
?
Jan 27, 2022 14:54
|
|
|
BattleMaster posted:2. Is there somewhere where write errors are logged when something tries to write to a file in a read-only filesystem? Some things inform me immediately, for example I can't change passwords because /etc/passwd is read-only, but I'm wondering about background stuff that is failing silently. BattleMaster posted:3. What should I do with /root? BattleMaster posted:4. I'm potentially interested in using overlayfs to overlay /etc (read-only) with /var/local (read/write) so that /etc can be written to.
|
|
#
?
Jan 27, 2022 18:16
|
|
|
Thanks! Seems like leaving /root on the read-only volume is the way to go. If I'm ever logging into root, it will be because I'm in recovery mode to fix something at which point I'll be remounting root as read/write immediately anyway. So it probably will never matter that /root is normally read-only. I did get /etc working with an overlay but after playing around with it, it seems like nothing that I use really writes to /etc during normal use. It's not a big deal to remount the fs when I want to install stuff or change configs, and because I'm the only user anyway I guess it doesn't matter that I can't do anything with users/groups/credentials without remounting. So I guess I'll just leave /etc as read-only until something becomes an issue.
|
|
#
?
Jan 27, 2022 22:38
|
|
|
BattleMaster posted:I have a Debian Bullseye system that I want to run with a read-only root filesystem. Root is on an SSD and key read/write sections of the filesystem are mounted to either tmpfs or partitions on an HDD. Depending on what you're actually doing you might be interested in Fedora CoreOS, AFAIK its the only distro designed around an immutable FS
|
|
#
?
Jan 28, 2022 00:29
|
|
|
I'm just messing around and I guess I wanted to see how extreme you could get as far as reducing writes to an SSD. Not that it was exactly hammering my SSD to begin with - just an experiment that ended up being interesting. So it's no big deal if things don't work out. But I'd never heard of Fedora CoreOS before and it definitely looks interesting, so I think I'll give that a try in a VM. Thanks!
|
|
#
?
Jan 28, 2022 01:13
|
|
|
How do I set up an schroot into an OS I have on disk as a directory? I put the folder in /srv/schroot and added a record to it in my /etc/schroot.conf. I can specify it as an schroot target but all it does is put the alias for the target in front of my shell and keep me in my original file system. I was hoping to switch over to it, use the package manager inside of it, and execute builds from inside of it.
|
|
#
?
Jan 28, 2022 01:15
|
|
|
Rocko Bonaparte posted:How do I set up an schroot into an OS I have on disk as a directory? code:Also note that schroot is the old, or at least no longer maintained way of doing it this. It still works fine, but in the modern era you'd make a systemd service with the RootDirectory, MountAPIVFS, and BindPaths options (e.g., /home /run /tmp). The service can be whatever daemon or a dummy one inside the chroot and once started you can bring up a shell inside the chroot with "nsenter -m -t `pidof daemon`". If you just wanted a generic chroot with systemd I'd probably look into running init as the service, or just straight up use systemd-nspawn/machinectl but I haven't gotten there yet myself. ExcessBLarg! fucked around with this message at 02:18 on Jan 28, 2022 |
|
#
?
Jan 28, 2022 01:42
|
|
|
So I've been stuck on Lubuntu 18.04 for a while now, they converted everything to LXQt and don't support upgrades from 18.04. I'm not really married to Lubuntu and I like Xubuntu on one of my laptops just fine, so my thought is to sidestep the whole LXDE<->LXQt issue and jump ship for XFCE. In Googling around a bit, it sounds like I can simply sudo apt install xubuntu-desktop, reboot into XFCE and apt purge lubuntu-desktop. Any obvious pitfalls I'm missing in the above? I'm assuming system config like my fstab file will be untouched? I have /home/ backed up to my NAS so it's not the end of the world to nuke and install fresh, but I'd like to avoid that if possible.
|
|
#
?
Jan 28, 2022 02:57
|
|
|
ExcessBLarg! posted:You want something like this: I will verify my config tomorrow but I thought it was similar. I will have to look particularly at preserve-environment though. I did not know about that systemd method. I also can't act like I know systemd but it is on my bucket list so I guess it's time I joined this new century with it instead of schroot.
|
|
#
?
Jan 28, 2022 04:05
|
|
|
Any decent-but->$250 tablets that are capable of being “upgraded” to ZorinOS 16 (lite or core, core preferred!)? I have a really old iPad and enjoy the form factor, but have been really enjoying my 2011 laptop since I dug out a 2.5” SSD to replace its HDD. I know part of the reason I’m having a good time with the laptop is that I loaded Zorin 16 on it and it is amazing how well this thing looks and feels now. I have been using it for a few weeks now, and am willing to work with any tablet-friendly Linux, but I’m just not wanting to learn Android while getting used to both Win11 and my Zorin computers. I know I’ve seen Ubuntu on a tablet before, and Z is a derivative of U, but they don’t make decent iPads for my budget. TL;DR: Any good (I’m assuming Android) tablets that can load a “normal” Linux distro well without days of configuration and tweaks? >$250 for something reasonably more modern than an iPad3?
|
|
#
?
Jan 28, 2022 04:57
|
|
|
Looking at that distro, it looks like it only supports x86_64 computers. Not sure there are any inexpensive x86_64 tablets out there. In theory you can run some manner of Linux on Chromebook or Chromebook tablets, but that is beyond me. Also many of them these days are arm64 not x86_64.
|
|
#
?
Jan 28, 2022 05:13
|
|
|
I'm trying to set up some monitoring of my servers with access restricted to a Wireguard VPN, so I have a wg master runing on one server and a bunch of vms on several different hosts that expose the monitoring service on the wg interface. The problem is that every time I restart wg on the main wg server after I add a new peer, all the other peers stop responding to the peer running the monitoring system until I ping it.  After restarting wg-quick@wg0 on ::1, ::3 can't make HTTP connections to ::4-6 until I ping ::1 from ::3 and then ::3 from each host. Is there something I can do to make the peers reconnect automatically after the wg master resets? Making a cron job that pings ::3 every five minutes seems inelegant. code:All systems run Ubuntu Server 20.04
|
|
#
?
Jan 28, 2022 13:19
|
|
|
|
| # ? Apr 18, 2024 23:52 |
|
|
waffle iron posted:Looking at that distro, it looks like it only supports x86_64 computers. Not sure there are any inexpensive x86_64 tablets out there. Yeah, I had seen that as a restriction; I’d also seen that there are a few existing Linux-equivalents that run “on top” of an underlying Android install, some which have a great community behind them (most promising to me an Lubuntu and a Debian). I sorta have an experience with this, as I used to dual-boot Ubuntu 8.1-12.0 with Windows, and successfully got a very early Linux-MIPS installed onto a NEC MobilePro 780 over a decade ago just for shits, giggles, and not taking my antipsychotic meds for a few months. Just didn’t know if there was something the gurus in this thread were aware of, because loading Calibre to Zorin16 on a tablet to read Kindle/iBooks (my actual main use case for a tablet) and also being able to sync lots of Edge tabs on my WiFi sounds great. I just need a more capable tablet and being seamless with my laptop running a web server upstairs and being able to play a few Steam games on my tablet sitting downstairs/on the back deck would be too awesome when Spring comes. It’s dumb and not important, but I do know enough to follow this thread, even if I do have several printed “CLI Cheat Sheets” on a TV tray for ZorinOS and Linux repositories 😵💫. DerekSmartymans fucked around with this message at 13:44 on Jan 28, 2022 |
|
#
?
Jan 28, 2022 13:41
|
|