Is the LUKS image to be the boot drive of the VM (eventually?)
Could you import the image into another, running VM, and unlock it with the other OS? Like on mount, it should prompt?
Then do the os probe / efibootmgr to add the image as one of the bootable options for the VM.
then boot into the image, and update the efibootmgr / os-prober / update grub? perhaps?
The disk contains an install of Fedora 32, it’s a default install but with LUKS enabled. As far as I know this configuration creates a small unencrypted boot partition and a LUKS partition for everything else so I don’t think it’s an issue of trying to boot from an encrypted partition. But it does looks as if it’s not even finding GRUB which is strange, as if the boot loader doesn’t get copied during the conversion to QCOW2.
The disk was originally running in VirtualBox until I updated to Kernel 5.17.12 which broke VirtualBox so I figured it was a good opportunity to try KVM and Gnome-Boxes again. I thought it would be reasonably straight forward to convert the VDI to QCOW2 and run it but it seems it doesn’t like LUKS partitions.
As a test I created a new Fedora 36 VM in Gnome-boxes and enabled LUKS during installation and found that it also doesn’t boot after the installation is complete, whereas, a fresh install without LUKS works fine, so I am leaning toward an issue with LUKS support.
It’s not a major issue so for the moment I have just moved my VMs to another machine with Kernel 5.17.5 and I’ve gone back to running them in VirtualBox.
Thank you for your suggestions though, I may try that if I the work around stops working or Oracle take too long to resolve the issue with VirtualBox.
Cheers,
Shecks
the reason I mentioned about using another VM to import, was in case the virtual box was storing the EFI NVRAM somewhere special.
With EFI / UEFI, the system does not probe drives for boot partitions like it did back in the BIOS days.
Back then, you just needed a bootable partition, and the system would find it.
Now, with UEFI, each OS needs to be registered with teh motherboard (virtual or physical) which is handles by the efibootmgr, and iirc, when you use the app update-grub, it does an os-probe to look for installed OS’s, then runs efibootmgr to register with the mainboard (virtual or physical.)
I could be wrong about this.
Just an observation.
I use Virt-Manager, and it store the efi vnram for it’s machines in a different place to it’s vm set up xml files, so threw me for a loop.
I don’t know how the UEFI system picks up thumb sticks.
And I could be wrong, like, it should boot to an efi shell, and you should have been able to load the FS0: to get the boot partition, then load the grub64.efi file or whatever
but yet again, I failed to read properly
Yes it looks like VirtualBox stores the EFI NVRAM in a .nvram file separate to the VDI but the VM I tried to convert was non-EFI so the only files I had were the .vdi the .vbox (just XML VM configuration settings) and I made sure it was a non-EFI VM I tried to boot the image in.
Good information on how update-grub works with efibootmgs though. That might explain something unrelated that I was curious about when I updated my workstation recently, I decided to do a fresh install of Fedora 36 on to a new NVMe drive and this time I did a UEFI install.
I wanted to add my old non-EFI install to the GRUB menu so I could switch between the two while getting the new install up an running but couldn’t figure out why os-probe couldn’t find it, perhaps when it’s running from a UEFI OS it only looks for other UEFI installs. It found my Windows 10 install but no amount of fiddling about could get it to detect the non-EFI Fedora.
Cheers,
Shecks
I got myself stumped on a networking problem.
The short version: I can’t get IPv6 working with my Proxmox setup.
I have a host with two VMs attached to it. For the sake of testing, the VMs are :1::1, :2::1, and the host is :3::1. The host does not need to actually have an address, its just for testing.
I have the host interface used for IPv6 configured like so:
23: vmbr4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:25:64:fd:ed:13 brd ff:ff:ff:ff:ff:ff
inet6 2001:470:ebfe:3::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::225:64ff:fefd:ed13/64 scope link
valid_lft forever preferred_lft forever
The guest is configured like so (substitute address for the other VM):
3: eth1@if84: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 82:e8:0d:3c:f0:fb brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 2001:470:ebfe:1::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::80e8:dff:fe3c:f0fb/64 scope link
valid_lft forever preferred_lft forever
I set the gateway of the guest to be the address of the host, but I don’t know that this is necessary either. Would be better to put the address of the router there, but 
Neither of the VMs can ping each other or the host. IPv4 works just fine.
See the thread I posted over there. It has a pretty bare-bones setup.
Anyone seen this before? Any obvious things I missed?
This is much longer than this thread can support so here
Problem: unable to mount empty ext4 volume as non-root
Every time I try to mount a completely empty ext4 filesystem onto my root filesystem, Linux insists on only allowing root to access that filesystem.
/etc/fstab entry…
UUID=[someUUID] /run/mount/imrazor ext4 rw,user 1 1
ls -l on /run/mount/imrazor/ shows the mountpoint as owned by imrazor:imrazor
But after issuing a ‘sudo mount -a’ command, attempting to just touch a file on the otherwise empty filesystem generates a ‘permission denied’ message. <mutters obscenity, takes a breath, counts to 10…>
Good so far… Though you should have noauto in there.
Nooooo!
You don’t sudo the mount command when you have user in fstab. You run the mount command as the normal user.
If you want it auto mounted by root, and writable by imrazor just run sudo chown -R imrazor:imrazor /run/mount/imrazor/ AFTER mounting it.
Firstly I made an error transcribing the fstab entry. It should look as follows…
UUID=[someUUID] /run/media/imrazor/RD0-ext4 ext4 rw,user 1 1
And I eventually realized that ‘sudo mount -a’ was the wrong way to go about it. But even when I mounted as a lowly luser, the disk was still read-only.
Finally I tried ‘chown imrazor:imrazor /run/media/imrazor’. Note 1) the lack of the recursive option and 2) it is the collective mountpoint for removable media, rather than the specific mount point of that filesystem. But some way, somehow, that resulted in a writable volume. I’m half-worried that this is a temporary state of affairs, and after a reboot will just revert to it’s old cantankerous self.
I guess I’ll find out tomorrow morning when I get home from work…
Create the folder RD0-ext4 in the path above. You are basically mounting over your media directory which will cause issues for other devices until that ext4 device is unmounted.
I finally figured out how to connect my new xbox controller to a windows vm in proxmox via the newer wireless adapter connected to the vm through a passed through USB port.
Absolutely needed:
Might be needed, but not sure right now:
So far seems to work flawlessly. I haven’t tried a wired connection yet. At some point when I blow everything up and redo everything to clean away my cli sins that have built up over the year, I’ll make a proper guide, since this seems to cause trouble for others trying to do the same.
This works on Fedora but not in CentOS 7 
[vagrant@centos7 ~]$ nmcli --get-values ipv4.dhcp-send-hostname connection show 0a-5d-08-6d-00-c3
yes
[vagrant@centos7 ~]$ sudo nmcli connection modify 0a-5d-08-6d-00-c3 ipv4.dhcp-send-hostname false
[vagrant@centos7 ~]$ nmcli --get-values ipv4.dhcp-send-hostname connection show 0a-5d-08-6d-00-c3
yes
[vagrant@centos7 ~]$ sudo nmcli connection modify 0a-5d-08-6d-00-c3 ipv4.dhcp-send-hostname no
[vagrant@centos7 ~]$ nmcli --get-values ipv4.dhcp-send-hostname connection show 0a-5d-08-6d-00-c3
yes
[SOLVED]
Does anyone know how to auto import a network config in Ubuntu Core 22? I’m wanting to seed WiFi credentials into an image so that no console interaction is required. I’ve figured out how to build a custom image and import a system-user assertion but can’t find documentation on how to specify a netplan.yaml file or run a shell script with nmcli commands on first boot.
Edit: For anyone else looking to do something similar, you’ll need to build a custom Gadget Snap and include it in your model assertion when creating your image. I actually found 3 ways of adding the WiFi configuration on first boot, although I only tested two of the methods.
defaults:
system:
service:
console-conf:
disable: true
system:
network:
netplan:
network:
wifis:
wlan0:
access-points:
WiFiNetworkName01:
auth:
key-management: "psk"
password: "WiFiPassword"
WiFiNetworkName02:
auth:
key-management: "psk"
password: "WiFiPassword"
dhcp4: true
gadget.yaml
- name: ubuntu-data
role: system-data
filesystem: ext4
type: 83,0FC63DAF-8483-4772-8E79-3D69D8477DE4
# XXX: make auto-grow to partition
size: 1500M
content:
- source: netplan.yaml
target: /system-data/etc/netplan/netplan.yaml
Building an Ubuntu Core appliance image | Ogra's blog
dashkiosk-image-config/netplan-import at master · ogra1/dashkiosk-image-config · GitHub
To get a script that runs at first boot, make a systemd service that calls a script and then terminates the systemd service in the script, like this:
FILE /etc/systemd/system/firstboot.service
[Unit]
Description=One time boot script
[Service]
Type=simple
ExecStart=/bin/sh /root/firstboot.sh
[Install]
WantedBy=multi-user.target
FILE /root/firstboot.sh
#!/bin/bash
# Insert commands to run here
echo "This only runs once"
# Disable the systemd service
systemctl disable firstboot.service
# Optional, remove all trace of the service
rm -rf /etc/systemd/system/firstboot.service
rm -f /root/firstboot.sh
And don’t forget to enable it with systemctl enable firstboot.service. Good luck!
Thank you for the detailed response but unfortunately this doesn’t work on Ubuntu Core as its root filesystem isn’t partitioned or unpacked until first boot. But I think I may have found the solution although I must admit I feel like it shouldn’t be this complicated. It requires building/packaging a custom Gadget snap and then including it in the model assertion when building the image. I’m not sure why I can’t just drop a config file on removable media and auto-import from there… it would be so much simpler. I’ll update my original post with some notes if I’m successful.
If you’re doing this for VMs then cloudinit might be a good solution, it lets you specify a custom config file when booting the image. However it needs hypervisor support, and is a more cloud way of doing customisation.
I can’t manage to get docker working correctly within nspawn containers. Host is arch and so is the guest within nspawn. I followed the directions in the arch wiki but that didn’t solve my issue.
Some basic containers work (e.g. hello-world). But a Dockerfile with just following content
FROM maven:3.8.4-amazoncorretto-17 AS MAVEN_BUILD
fails with
[aeny@somehost testimage]$ sudo docker build .
[sudo] password for aeny:
Sending build context to Docker daemon 2.048kB
Step 1/1 : FROM maven:3.8.4-amazoncorretto-17
3.8.4-amazoncorretto-17: Pulling from library/maven
bda57ff2d0d8: Extracting 62.24MB/62.24MB
a11bc4574f67: Download complete
63a4086f3bbd: Download complete
e1765d68ceaa: Download complete
08f943c990d0: Download complete
58ed1a3e0caf: Download complete
failed to register layer: ApplyLayer exit status 1 stdout: stderr: operation not permitted
Any ideas? 
I recently switched my Linode over to using an RPM-based distribution (AlmaLinux) to get more experience with them. However, I have run into a slight problem that I do not know how to solve. I cannot login to my regular user. At first I thought it was an ssh problem, but I still cannot login from Linode’s LISH console either. OFC, root login is disabled over ssh, but I am able to access the root account from LISH. So it has got to be a PAM problem. Can you guys help me solve it?
im using kali 5.18
updated form kali 5.16 …
ctrl+v no-longer pastes also zsh nolonger seems to be the default terminal.
i saw zsh had been compromised with an exploit so i get why thats gone.
but ctrl+v? throwing up ^v instead.
its a fresh install as i said of 15.6 with upgrade + update to 15.8.
ive not installed anything nor changed any permissions.
so any ideas whats up or suggestions on how to fix or where to look to fix.???
zsh is a shell, it runs in a “terminal”, and pasting is normally handled by the terminal. In most xterm-like terminals, by default to paste using the keyboard one uses shift-Insert. ctrl-v is (or at least was historically) handled by the tty driver, and it means “lnext”, “take the next key literally”, so ctrl-v enter gives ^M. To get ctrl-v to do a paste needs some key binding or the like.
To exploit the recent zsh vulnerability, “an attacker” has to “control a command output inside the prompt”. I’d have thought the OS could be hosed anyway if the attacker had got that far, but maybe that just shows I’m not a security expert.