# System Linux system tools, administration and tips # ArchLinux Upgrade Issues ## Error: key "ABCDE1282828181" could not be looked up remotely Upgrade archlinux-keyring: `pacman -S archlinux-keyring` ## Unable to get past login window after upgrading This is caused by Nvidia driver being upgraded nvidia-dkms: `pacman -S nvidia-libgl` ## Failed to start load kernel modules after upgrade: Possible causes: - `broadcom-wl` module - Solved by re-"makepkg" `broadcom-wl` from **AUR** - Find error message in `systemctl status systemd-modules-load.service` # CentOS Installation Issues ## HP Microserver Gen 7 ### Kernel Panic on Boot (Both Live USB and New Installation) Add the following lines to the kernel boot parameters: `nolapic clocksource=hpet` ## Blank Screen on Startup Append `nomodeset` to [kernel param](https://wiki.archlinux.org/index.php/kernel_parameters#GRUB "kernel param") # Changing Default S2RAM to USWSUSP Suspend Module If you have any issues to suspend your laptop e.g. `suspend` command doesn't work on your laptop, try changing the default sleep module to `uswsusp`: 1. Edit `/etc/pm/config.d/module` and add the following line: `SLEEP_MODULE=uswsusp` 2. Edit `/etc/pm/config.d/defaults` and add the following line: `S2RAM_OPTS="-f"` 3. Reboot and try to let her sleep. ### References - [OpenSuse Documentation on Suspending](http://en.opensuse.org/SDB:Suspend_to_RAM) - [AskUbuntu Thread](http://askubuntu.com/questions/54591/use-s2ram-when-closing-lid-with-kde) # Fixing Incorrect Lid State by Hacking DSDT When I install a Linux distro to my VAIO notebook, I found that there is an annoying bug with the lid switch. It does not get updated whenever I suspend on lid close, it means `cat /proc/acpi/button/lid/LID/state` will output `state: close`. When I close the lid again, it won't suspend, instead, it will change the state to open. So in order for it to suspend again on lid close after the first suspend, I have to close it, reopen the lid and close it again. I have tried installing Linux Mint, Fedora, Fuduntu and Xubuntu, but it is not fixed in any of the distros. So, I don't think it is distro problems. While researching this issues (which I spent two full days), I found that Linux got an amazing feature that enable users to dynamically loading DSDT at boot time, there is no need to update the BIOS. So here's the instuctions: 1. Install `iasl` using `yum`, `apt-get` or whatever package management you are using. 2. Extract DSDT: ``` $ sudo cat/sys/firmware/acpi/tables/DSDT > dsdt.aml ``` 3. Disassemble `dsdt.aml` using the following command, this should create a new file `dsdt.dsl`: ``` $ iasl -d dsdt.aml ``` 4. Compile it using: ``` $ iasl -tc dsdt.dsl ``` 5. Fix any compiler errors, warnings and remarks. On my machine, the output is: ``` dsdt.dsl 1352: And (CTRL, 0x1E) Warning 1106 - ^ Result is not used, operator has no effect dsdt.dsl 1584: 0x00000000, // Length Error 4122 - ^ Invalid combination of Length and Min/Max fixed flags dsdt.dsl 2443: Name (_T_0, 0x00) Remark 5111 - Use of compiler reserved name ^ (_T_0) dsdt.dsl 2521: Name (_T_0, 0x00) Remark 5111 - Use of compiler reserved name ^ (_T_0) ``` a. The first one is on line 1352 can be fixed simply by changing `And (CTRL, 0x1E)` to `And (CTRL, 0x1E, CTRL)`. b. The second one is on line 1584, the length should be `Range Maximum` - `Range Minimum` + 1, on my machine, so fire up a hex calculator and start subtracting. On my machine, it's `0xE0000000` (`0xDFFFFFFF` - `0x00000000` + `0x00000001`). c. The third and fourth line is on line 2443 and 2521, because it uses a reserved name, simply replacing all instances of `_T_0` to `T_0` will stop the complaints. In vim, it is as simple as issuing `:%s/_T_0/T_0/g` in command mode. 6. Once everything is fixed (no errors, warning or remarks), add the following line to `_WAK` method, simply search for `_WAK` in `dsdt.dsl`: ``` If (LNotEqual (0x00, LIDS)) { Store (0x00, LIDS) Notify (\_SB.LID, 0x80) } ``` **NOTE 1:** You might need to change `\_SB.LID` to match your path to `LID` method or on some machine `LID0`. Method name is preceded by an `_` (underscore), so you can search for `_LID` in `dsdt.dsl`. After you found it, you have to determine the scope, scroll up until you found `Scope` keyword that your `LID` or `LID0` method belongs to, inside the bracket is the scope name. It may be in more than one scope, so, it might be `\_PCI0.SB.LID`. If you specify an incorrect path to `LID` method, you will receive the following error: ``` dsdt.dsl 300: Notify (LID, 0x80) Error 4068 - ^ Object is not accessible from this scope (LID_) ``` **NOTE 2:** What this function does is just to update the lid state once it is resumed from sleep. According to the ACPICA documentation, `_WAK` method is called by `AcpiLeaveSleepState()` function of ACPI. If the lid is open, the `LIDS` variable is `0x00`, or `0x01` otherwise. So these few lines translate to "if lid state is not open (closed), change lid state to open and call `LID`method". 7. Compile it using `iasl -tc dsdt.dsl`. 8. If no errors, warnings or remarks, add the following lines to `/etc/grub.d/01_acpi`: ``` # Uncomment to load custom ACPI table GRUB_CUSTOM_ACPI="/boot/dsdt.aml" # DON'T MODIFY ANYTHING BELOW THIS LINE! prefix=/usr exec_prefix=${prefix} libdir=${exec_prefix}/lib . /usr/share/grub/grub-mkconfig_lib #. ${libdir}/grub/grub-mkconfig_lib # Load custom ACPI table if [ x${GRUB_CUSTOM_ACPI} != x ] && [ -f ${GRUB_CUSTOM_ACPI} ] \ && is_path_readable_by_grub ${GRUB_CUSTOM_ACPI}; then echo "Found custom ACPI table: ${GRUB_CUSTOM_ACPI}" >&2 prepare_grub_to_access_device `${grub_probe} --target=device ${GRUB_CUSTOM_ACPI}` | sed -e "s/^/ /" cat << EOF acpi (\$root)`make_system_path_relative_to_its_root ${GRUB_CUSTOM_ACPI}` EOF fi ``` 9. Add executable bit to it: ``` $ sudo chmod +x /etc/grub.d/01_acpi ``` 10. Copy the new `dsdt.aml` to `/boot`: ``` $ sudo cp dsdt.aml /boot ``` 11. Regenerate `grub.cfg`: ``` $ sudo grub2-mkconfig -o /boot/grub2/grub.cfg ``` 12. Reboot ### References - [Archwiki on DSDT](https://wiki.archlinux.org/index.php/DSDT) - [Redhat's Bug Report](https://bugzilla.redhat.com/show_bug.cgi?id=676031) - [Ubuntu's Bug Report 1](https://bugs.launchpad.net/ubuntu/+source/linux/+bug/34389) - [Ubuntu's Bug Report 2](https://bugs.launchpad.net/ubuntu/+source/linux/+bug/44825) - [Somebody's blog on fixing DSDT errors, remarks and warnings](http://sadevil.org/blog/2012/01/01/fixing-the-acpi-dsdt-of-an-acer-ferrari-one-200/) - [ACPICA Documentation](https://www.acpica.org/documentation) # JournalD Administration ## Optimizing JournalD Disk Space Usage Edit `/etc/systemd/journald.conf` and change the following line: ``` SystemMaxUse=200M ``` To check disk space used by journald: `journalctl --disk-usage` # Linux on Macbook Administration ## Blessing the Linux Kernel 1. [Boot into Mac Recovery](https://support.apple.com/en-us/HT201314 "Boot into Mac Recovery") 2. Start terminal and enter: 3. ``` bless --folder /Volumes/ARCH_EFI/EFI/arch/grub/ --file /Volumes/ARCH_EFI/EFI/arch/grub/grubx64.efi ``` ## Changing Apple keyboards (Macbook or USB) fnmode in Linux ### Changing it temporarily, as root: ``` echo 2 > /sys/module/hid_apple/parameters/fnmode ``` ### Changing it Permanently: Edit `/etc/modprobe.d/hid_apple.conf` and add the following line: ``` options hid_apple fnmode=2 ``` # SELinux - Services Blocked by SELinux ## SELinux Blocked Apache Access to Files ``` setsebool -P httpd_unified 1

sudo /sbin/restorecon -R /var/www/html ``` ## VSFTPD OOPS Error Issue the following command: `setsebool -P ftp_home_dir 1` ## SSH bind port error permission denied Issue the following command: `semanage port –a –t ssh_port_t –p tcp 1234` ## Permission denied HTTP Error 403 Issue the following command: `chcon -R --reference=/var/www /path/to/webroot` ## SELinux Denied HTTPD Access to MYSQLD on 127.0.0.1 1. `grep mysqld /var/log/audit/audit.log | audit2allow -M mysqld` 2. `semodule -i mysqld.pp` ## SELinux Denied FTP Access to SMB Share 1. Try to login with [ncftp](http://www.ncftp.com/ "ncftp") first and you will see the error "`OOPS: cannot change directory: /path/to/samba_share`" 2. Execute command: `su -c "grep ftpd_t /var/log/audit/audit.log | allow2audit -M ftpd_smb && semodule -i ftpd_smb"` 3. Try to login again with [ncftp](http://www.ncftp.com/ "ncftp") and ls command will return empty list a although it isn't 4. Execute command: `su -c "grep ftpd_t /var/log/audit/audit.log | allow2audit -M ftpd_smb && semodule -i ftpd_smb"` 5. Execute command => `sudo setsebool -P allow_ftpd_full_access on` 6. Execute command => `sudo setsebool -P ftp_home_dir on` ## Owncloud Custom Data Directory Denied Assume owncloud data directory: `/var/data` ``` Install policycoreutils-python

/etc/init.d/restorecond start

chkconfig restorecond on

semanage fcontext -a -t httpd_sys_content_t '/var/data(/.*)?'

restorecon -Rv /var/data ``` # Standard CentOS Workstation Setup ### Install GUI (MATE Desktop) 1. `sudo yum install epel-release` 2. `sudo yum groupinstall 'X Window System'` 3. `sudo yum groupinstall 'MATE Desktop'` 4. `sudo systemctl isolate graphical.target` 5. `sudo systemctl set-default graphical.target` ### Install Printer 1. `sudo yum install cups` 2. `sudo yum groupinstall "Development Tools"` 3. `sudo systemctl enable cups` 4. `sudo systemctl start cups` 5. `sudo yum install foomatic` Install drivers for the printer available at [Open Printing](http://www.openprinting.org/printers) ### Optional - GUI WiFi Support 1. `sudo yum install NetworkManager-wifi`