Archive for January, 2022

How to disable appArmor automatically installed and loaded after Linux Debian 10 to 11 Upgrade. Disable Apparmour on Deb based Linux

Friday, January 28th, 2022

check-apparmor-status-linux-howto-disable-Apparmor_on-debian-ubuntu-mint-and-other-deb-based-linux-distributions

I've upgraded recently all my machines from Debian Buster Linux 10 to Debian 11 Bullseye (if you wonder what Bullseye is) this is one of the heroes of Disneys Toy Stories which are used for a naming of General Debian Distributions.
After the upgrade most of the things worked expected, expect from some stuff like MariaDB (MySQL) and other weirdly behaving services. After some time of investigation being unable to find out what was causing the random issues observed on the machines. I finally got the strange daemon improper functioning and crashing was caused by AppArmor.

AppArmor ("Application Armor") is a Linux kernel security module that allows the system administrator to restrict programs' capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths. AppArmor supplements the traditional Unix discretionary access control (DAC) model by providing mandatory access control (MAC). It has been partially included in the mainline Linux kernel since version 2.6.36 and its development has been supported by Canonical since 2009.

The general idea of apparmor is wonderful as it could really strengthen system security, however it should be setup on install time and not setup on update time. For one more time I got convinced myself that upgrading from version to version to keep up to date with security is a hard task and often the results are too much unexpected and a better way to upgrade from General version to version any modern Linux / Unix distribution (and their forked mobile equivalents Android etc.) is to just make a copy of the most important configuration, setup the services on a freshly new installed machine be it virtual or a physical Server and rebuild the whole system from scratch, test and then run the system in production, substituting the old server general version with the new machine. 

The rest is leading to so much odd issues like this time with AppArmors causing distractions on the servers hosted applications.

But enough rent if you're unlucky and unwise enough to try to Upgrade Debian / Ubuntu 20, 21 / Mint 18, 19 etc. or whatever Deb distro from older general release to a newer One. Perhaps the best first thing to do onwards is stop and remove AppArmor (those who are hardcore enthusiasts could try to enable the failing services due to apparmor), by disabling the respective apparmor hardening profile but i did not have time to waste on stupid stuff and experiment so I preferred to completely stop it. 

To identify the upgrade oddities has to deal with apparmors service enabled security protections you should be able to find respective records inside /var/log/messages as well as in /var/log/audit/audit.log

 

# dmesg

[   64.210463] audit: type=1400 audit(1548120161.662:21): apparmor="DENIED" operation="sendmsg" info="Failed name lookup – disconnected path" error=-13 profile="/usr/sbin/mysqld" name="run/systemd/notify" pid=2527 comm="mysqld" requested_mask="w" denied_mask="w" fsuid=113 ouid=0
[  144.364055] audit: type=1400 audit(1548120241.595:22): apparmor="DENIED" operation="sendmsg" info="Failed name lookup – disconnected path" error=-13 profile="/usr/sbin/mysqld" name="run/systemd/notify" pid=2527 comm="mysqld" requested_mask="w" denied_mask="w" fsuid=113 ouid=0
[  144.465883] audit: type=1400 audit(1548120241.699:23): apparmor="DENIED" operation="sendmsg" info="Failed name lookup – disconnected path" error=-13 profile="/usr/sbin/mysqld" name="run/systemd/notify" pid=2527 comm="mysqld" requested_mask="w" denied_mask="w" fsuid=113 ouid=0
[  144.566363] audit: type=1400 audit(1548120241.799:24): apparmor="DENIED" operation="sendmsg" info="Failed name lookup – disconnected path" error=-13 profile="/usr/sbin/mysqld" name="run/systemd/notify" pid=2527 comm="mysqld" requested_mask="w" denied_mask="w" fsuid=113 ouid=0
[  144.666722] audit: type=1400 audit(1548120241.899:25): apparmor="DENIED" operation="sendmsg" info="Failed name lookup – disconnected path" error=-13 profile="/usr/sbin/mysqld" name="run/systemd/notify" pid=2527 comm="mysqld" requested_mask="w" denied_mask="w" fsuid=113 ouid=0
[  144.767069] audit: type=1400 audit(1548120241.999:26): apparmor="DENIED" operation="sendmsg" info="Failed name lookup – disconnected path" error=-13 profile="/usr/sbin/mysqld" name="run/systemd/notify" pid=2527 comm="mysqld" requested_mask="w" denied_mask="w" fsuid=113 ouid=0
[  144.867432] audit: type=1400 audit(1548120242.099:27): apparmor="DENIED" operation="sendmsg" info="Failed name lookup – disconnected path" error=-13 profile="/usr/sbin/mysqld" name="run/systemd/notify" pid=2527 comm="mysqld" requested_mask="w" denied_mask="w" fsuid=113 ouid=0


1. How to check if AppArmor is running on the system

If you have a system with enabled apparmor you should get some output like:

root@haproxy2:~# apparmor_status 
apparmor module is loaded.
5 profiles are loaded.
5 profiles are in enforce mode.
   /usr/sbin/ntpd
   lsb_release
   nvidia_modprobe
   nvidia_modprobe//kmod
   tcpdump
0 profiles are in complain mode.
1 processes have profiles defined.
1 processes are in enforce mode.
   /usr/sbin/ntpd (387) 
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.


Also if you check the service you will find out that Debian's Major Release upgrade from 10 Buster to 11 BullsEye with.

apt update -y && apt upgrade -y && apt dist-update -y

automatically installed apparmor and started the service, e.g.:

# systemctl status apparmor
● apparmor.service – Load AppArmor profiles
     Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor pres>
     Active: active (exited) since Sat 2022-01-22 23:04:58 EET; 5 days ago
       Docs: man:apparmor(7)
             https://gitlab.com/apparmor/apparmor/wikis/home/
    Process: 205 ExecStart=/lib/apparmor/apparmor.systemd reload (code=exited, >
   Main PID: 205 (code=exited, status=0/SUCCESS)
        CPU: 43ms

яну 22 23:04:58 haproxy2 apparmor.systemd[205]: Restarting AppArmor
яну 22 23:04:58 haproxy2 apparmor.systemd[205]: Reloading AppArmor profiles
яну 22 23:04:58 haproxy2 systemd[1]: Starting Load AppArmor profiles…
яну 22 23:04:58 haproxy2 systemd[1]: Finished Load AppArmor profiles.

 

# dpkg -l |grep -i apparmor
ii  apparmor                          2.13.6-10                      amd64        user-space parser utility for AppArmor
ii  libapparmor1:amd64                2.13.6-10                      amd64        changehat AppArmor library
ii  libapparmor-perl:amd64               2.13.6-10


In case AppArmor is disabled, you will get something like:

root@pcfrxenweb:~# aa-status 
apparmor module is loaded.
0 profiles are loaded.
0 profiles are in enforce mode.
0 profiles are in complain mode.
0 processes have profiles defined.
0 processes are in enforce mode.
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.


2. How to disable AppArmor for particular running services processes

In my case after the upgrade of a system running a MySQL Server suddenly out of nothing after reboot the Database couldn't load up properly and if I try to restart it with the usual

root@pcfrxen: /# systemctl restart mariadb

I started getting errors like:

DBI connect failed : Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)

To get an idea of what kind of profile definitions, could be enabled disabled on apparmor enabled system do:
 

root@pcfrxen:/var/log# ls -1 /etc/apparmor.d/
abstractions/
force-complain/
local/
lxc/
lxc-containers
samba/
system_tor
tunables/
usr.bin.freshclam
usr.bin.lxc-start
usr.bin.man
usr.bin.tcpdump
usr.lib.telepathy
usr.sbin.clamd
usr.sbin.cups-browsed
usr.sbin.cupsd
usr.sbin.ejabberdctl
usr.sbin.mariadbd
usr.sbin.mysqld
usr.sbin.named
usr.sbin.ntpd
usr.sbin.privoxy
usr.sbin.squid

Lets say you want to disable any protection AppArmor profile for MySQL you can do it with:

root@pcfrxen:/ #  ln -s /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/
root@pcfrxen:/ # apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld 


To make the system know you have disabled a profile you should restart apparmor service:
 

root@pcfrxen:/ # systemctl restart apparmor.service


3. Disable completely AppArmor to save your time weird system behavior and hang bangs

In my opinion the best thing to do anyways, especially if you don't run Containerized applications, that runs only one single application / service at at time is to completely disable apparmor, otherwise you would have to manually check each of the running applications before the upgrade and make sure that apparmor did not bring havoc to some of it.
Hence my way was to simple get rid of apparmor by disable and remove the related package completely out of the system to do so:

root@pcfrxen:/ # systemctl stop apparmor
root@pcfrxen:/ # systemctl disable apparmor
root@pcfrxen:/ # apt-get remove -y apparmor

Once  disabled to make the system completely load out anything loaded related to apparmor loaded into system memory, you should do machine reboot.

root@pcfrxen:/ # shutdown -r now

Hopefully if you run into same issue after removal of apparmor most of the things should be working fine after the upgrade. Anyways I had to go through each and every app everywhere and make sure it is working as expected. The major release upgrade has also automatically enabled me some of the already disable services, thus if you have upgraded like me I would advice you do a close check on every enabled / running service everywhere:

root@pcfrxen:/# systemctl list-unit-files|grep -i enabled

Beware of AppArmor  !!! 🙂

Tags: , , , , , , , , ,
Posted in Linux, Security, System Administration | No Comments »

Linux script to periodically log enabled systemctl services, configured network IPs and routings, server established connections and iptables firewall rules

Tuesday, January 25th, 2022

bash-script-command-line-script-logo

For those who are running some kind of server be it virtual or physical, where multiple people or many systemins have access, sometimes it could be quite a mess as someone due to miscommunication or whatever could change something on the configured Network Ethernet interfaces, or configured routing tables, or simply issue an update which might change the set of automatically set to run systemctl services due to update. Such changes on a Linux server Operating system often can remain unnoticed and could cause quite a harm. Even when the change is noticed the logical question occurs what was the previous network route on the server or what kind of network was configured on Ethernet interface ethX etc. 
Problems like the described where, pretty common in many public Private Clouds or VMWare / XEN based Hypervisors that host multiple  Virtual machines, for that reason I've developed a small script which is pretty dumb on the first glimpse but mostly useful as it keeps historical records of such important information.
 

#!/bin/sh
# script to show configured services on system, configured IPs, netstat state and network routes
# Script to be used during CentOS and Redhat Enterprise Linux RPM package updates with yum

output_file=network_ip_routes_services_status;
ddate=$(date '+%Y-%m-%d_%H-%M-%S');
iptables=$(which iptables);
if [ ! -d /root/logs/ ]; then
mkdir /root/logs/;
fi

echo "STARTED: $(date '+%Y-%m-%d_%H-%M-%S'):" | tee -a /root/logs/$output_file-$(hostname)-$ddate.log
echo -e "# systemctl list-unit-files\n" | tee -a /root/logs/$output_file-$(hostname)-$ddate.log
systemctl list-unit-files –type=service | grep enabled | tee -a /root/logs/$output_file-$(hostname)-$ddate.log
echo -e '# systemctl | grep ".service" | grep "running"\n' | tee -a /root/logs/$output_file-$(hostname)-$ddate.log
systemctl | grep ".service" | grep "running" | tee -a /root/logs/$output_file-$(hostname)-$ddate.log
echo -e "# netstat -tulpn\n" | tee -a /root/logs/$output_file-$(hostname)-$ddate.log
netstat -tulpn | tee -a /root/logs/$output_file-$(hostname)-$ddate.log
echo -e "# netstat -r\n" | tee -a /root/logs/$output_file-$(hostname)-$ddate.log
netstat -r | tee -a /root/logs/$output_file-$(hostname)-$ddate.log
echo -e "# ip a s\n" | tee -a /root/logs/$output_file-$(hostname)-$ddate.log
ip a s | tee -a /root/logs/$output_file-$(hostname)-$ddate.log
echo -e "# /sbin/route -n\n" | tee -a /root/logs/$output_file-$(hostname)-$ddate.log
/sbin/route -n | tee -a /root/logs/$output_file-$(hostname)-$ddate.log
echo -e "# $iptables -L -n\n" | tee -a /root/logs/$output_file-$(hostname)-$ddate.log
echo -e "# $iptables -t nat -L" | tee -a /root/logs/$output_file-$(hostname)-$ddate.log
$iptables -L -n | tee -a /root/logs/$output_file-$(hostname)-$ddate.log
$iptables -t nat -L | tee -a /root/logs/$output_file-$(hostname)-$ddate.log
echo "ENDED $(date '+%Y-%m-%d_%H-%M-%S'):" | tee -a /root/logs/$output_file-$(hostname)-$ddate.log

 

Script produces its logs inside  /root/logs/network_ip_routes_services_status*hostname*currentdate*.log, put the script inside /root/ or wherever you like.

To keep an eye how network routing or ip configuration or firewall changed or there was a peak with the established connections towards daemons running on host (lets say requiring a machine upgrade), I've set the script to run as usually via cron job at the end of the predefined cron job tasks, like so:

# crontab -u root -e
# periodic dump and log network routing tables, netstat and systemctl list-unit-files
*/1 01 01,25 * * /root/show_running_services_netstat_ips_route1.sh 2>&1 >/dev/null

You can download a copy of show_running_services_netstat_ips_route1.sh script here.
The script is written without much of efficiency on mind, as you can see the with the multiple tee -a and for critical hosts it might be a good idea to rewrite it to use '>>' OPERAND instead, anyhows as most machines today are pretty powerful it doesn't really matter much.

Of course today such a script is quite archaic, as most big corporations are using much more complex monitoring software such as Zabbix, Prometheus or if some kind of Elastic Search is used Kibana etc. but for a basic needs and even for a double checking and comparing with other more advanced monitoring tools  (in case if monitoring tools  database gets damaged or temporary down until backupped), still I think such an oldschool simple monitoring script can be of use.

A good addition to that if you use a central logging server is to set another cron to periodically synchronize produced /root/logs/* to somewhere, here is how to do it with simple rsync (considering your host is configured to login with a user without password with ssh key authentication).

# HOSTNAME=$(hostname); rsync -axHv –ignore-existing -e 'ssh -p 22' /bashscripts/  -q -i –out-format="%t %f %b" –log-file=/var/log/rsync_sync_jobs.log –info=progress2 root@BACKUP_SERVER_HOST:/$(HOSTNAME)-logs/

Once something strange occurs with the machine, like the machine needs to be rebuild

I would be glad to hear if some of my readers uses some useful script which I can adopt myself. Cheers  🙂

Tags: , , , , , , , , ,
Posted in Linux, Linux Backup tools | No Comments »

Saint Prophor Pchinski Saint Jochichim of Osogovo and Saint Gabriel of Lesnovo the three little known Bulgarian spritual followers of Saint John of Rila

Saturday, January 15th, 2022

Biography of St. Prohor Pshinski

Saint_Prohor_Pchinski-face-icon

St. Prohor Pshinski. Mural from the 15th century in the church "St. Archangel Michael" in Saparevo near Kyustendil. Source: bartol, bartol.blog.bg

 St. Prohor Pshinski. Mural from the 15th century in the church "St. Archangel Michael" in Saparevo near Kyustendil. Source: bartol, bartol.blog.bg The Rev.

Prohor Pshinski was a Bulgarian by birth from pious parents in the Ovce Pole region of northern Macedonia. It was given by God to childless parents for their prayers and sucked in along with his mother's milk and her high piety. When he grew up, his parents insisted on marrying him. But he once heard in the temple the words of the Savior: "He that loveth father or mother more than me is not worthy of me," (Matt. 10:37). the town of Vranje in Yugoslavia. He lived in a cave where water springs for 32 years. Once a frightened deer ran to him, chased by a hunter who soon appeared.

Saint_Prohor_Pchinski_Fresco-Byzantine-Empire-icon
Prophor Pchinski (Pshinksi) Byzantine Empire Icon

At his first meeting, the monk called the hunter by name and predicted that he would soon become a Byzantine emperor. At that time Bulgaria was under Byzantine slavery (1018 – 1186). And indeed, after some time this man reigned under the name of Roman Diogenes (1067-1071). Astonished by the fulfillment of this prophecy, he discovered the incorruptible relics of the late Prohor Pshinski and built a large temple in the name of the saint on the site of his asceticism. His holy relics were laid there and a monastic fraternity gathered.

This monastery still exists. The Venerable Prohor Pshinski died on September 14, but due to the great feast of the Exaltation of the Holy Cross, the celebration of his memory was postponed to January 15. His monastery celebrates his memory on September 19.

© Lives of the Saints. Synodal Publishing House, Sofia, 1991, edited by Parthenius, Bishop of Lefkada (Levkijski) and Archimandrite Dr. Athanasius (Bonchev).

Saint_Prohor_Pshinski-XV-century-wall-painting-icon-Kyustendil-Bulgaria

Saint Prohor Pchinski (Pshinski) Wall Painting icon XV century Kyustendil Bulgaria

The prologue biography of St. Prohor Pshinski is an original ancient Bulgarian writting, known in a single transcript in the New Prologue from the beginning of the 14th century (GIM, Uvar. 70). Under the date of October 19, the Venerable Hermit Saint is mentioned next to St. Ivan Rilski. Both texts are published by Kl. Ivanova (1977). D. Chesmedjiev (2009) points out that the cult of St. Prohor Pshinski is poorly fixed in the written tradition. All the details about the saint are known from his prologue. St. Prohor lived in the 11th century, working in the Kozyak mountain (near the village of Staro Nagorichino). After his death, his relics were transferred to the church he founded, called Pshinya, where he was healed.

Saint Prophor Pchinski in Modern Theology

His cult probably originated during the Byzantine rule. His memory is celebrated on September 13 and October 19. In the New Prologue, in addition to biographies of St. Ivan Rilski and St. Prohor Pshinski, there are also biographies of St. Achilles of Larissa, St. Simeon of Serbia and others. 30 years ago Kl. Ivanova (Ivanova 1977: 59) has suggested that the manuscript was compiled in the Pshin Monastery itself, but the spelling and language features of the collection are Serbian. According to the latest research by the same researcher, Nora's prologue originates from Jerusalem and was created in the Serbian monastery "St. Archangel Michael ”(Ivanova 2008: 68–70).

 

Biography of Saint Joachim of Osogovo

Images of St. Ivan Rilski and St. Joachim of Sarandapor from the Poganovo Monastery, end of the 15th century. It is not known where he came from, from his life it is known that he came from the west, according to Ivan Snegarov, perhaps from Zeta, in the Osogovo Mountains, where he sought monastic asylum.

An unknown boyar from the village of Gradets, not far from Kriva Palanka, today in northern Macedonia, shows him the place he was looking for monastic solitude – a cave by the Sarandapor River, today's Kriva River. Here St. Joachim spends his life as a hermit, in fasting and prayer, and the local Bulgarians revere him as a holy man. 

Osogovo Monastery.

Kutugenski-Manastir-Sveti-Joachim-Ioakim-Osogovski
Osogovo Monastery Saint Joachim Icon

Joachim Osogowski died on August 16, 1105.On this date the Bulgarian Orthodox Church commemorates him.

Years later, the widowed priest Theodore of the Sheep Field settled in the place of Joachim's hermitage, adopting the monastic name Theophanes. After his saint appears, he discovers his miraculous relics, which are laid in the church built in his memory. In the 12th century, the cult of St. Joachim became so popular in northwestern Macedonia that a monastery of the same name was built around the temple. 

Joachim-of-Osogovo-known-also-as-Sarandopolski-Poganovo_Ivan_Rilski

Images of St. Ivan Rilski and St. Joachim of Sarandapor from the Poganovo Monastery, end of the XV-th century ( the three most famous spiritual pupils of Saint John of Rila )

In the monastery, similar to the life of St. Ivan Rilski, a life of St. Joachim was created, known from later transcripts, as well as a service of the saint. Around the middle of the 14th century the cult of St. Joachim spread to the eastern Bulgarian lands, and at the end of the 14th century it was transferred to Russia.

Biography of Saint Gavriil (Gabriel) Lesnovski

Saint-Gabriel-of-Lesnovo-320px-Archangels_Chapel_in_Rila_Monastery_Gabriel_of_Lesnovo_-_year-1845

Saint Gabriel of Lesnovo fresco from Archangels Chapel Rila Monastery, Bulgaria

Saint_Gabriel-of-Lesnovo-icon-St-Alexander-Nevski
St. Gavriil Lesnowski.
Detail of a mosaic on one of the doors of the Patriarchal Cathedral "St. Alexander Nevsky" in Sofia St. Gavriil Lesnowski. Detail of a mosaic on one of the doors of the Patriarchal Cathedral "St. Alexander Nevsky" in Sofia

Reverend Gavriil Lesnovski is one of the three great followers of the Rila desert dweller St. Ivan Rilski. He lived in the XI – XII century. He was born in the village of Osiche, Palaneshko (Macedonia). He came from rich Bulgarian parents and received a good education. When he was old, his parents betrothed him to a good-looking bride. Soon, however, his fiancée died. Then he entered a monastery and became a monk. With the inheritance he received from his parents, Gabriel built a monastery with a church named after St. Archangel Michael in the Lesnovo Mountains, northern Macedonia, near the present town of Kratovo.

The Venerable Father gathered monks, appointed an abbot, and he himself secluded himself in the mountains of desert life and silence, doing so for 30 years. He then returned to his monastery and died on January 15. Thirty years after the death of the Venerable Gabriel, a Russian monk named Joseph in the town of Sredets (Sofia) – at the suggestion of the saint – went to the place where the Venerable struggled, found his grave, found his incorruptible relics, laid them in a coffin and provided for prayer worship to believers.

For many years the holy relics of the Reverend Gabriel rested in the Lesnovo Monastery and performed many miracles. Probably in the thirteenth century one of the Bulgarian kings of the Assen dynasty brought them to his capital Tarnovo and laid them in the church "Holy Apostles" in Trapezitsa. According to the Reverend's prologue of 1330, "they have lain there until now and give healing." After the Ottoman invasion of Bulgaria, traces of the holy relics of the Venerable Gavriil Lesnovski are lost. The monastery he founded was later named after him and became an important literary center. © Lives of the Saints. Synodal Publishing House, Sofia, 1991, edited by Parthenius, Bishop of Lefkada (Levkijski) and Archimandrite Dr. Athanasius (Bonchev).

Saint-Gabriel_Lesnovski-Saint-_Joachom_Osogovski_and-saint_Prohor-Pchinski-Saint_Alexander_Cathedral_SofiaSaint Gabriel of Lesnovo, Saint Joachim of Osogovo and Saint Prohor Pchinski mosaic saint Alexander Nevski Cathedral Church, Sofia, Bulgaria

The Saints Prohor Pchinski, Joachim of Osogovo together with Saint Gabriel of Lesnovo according to Bulgarian Orthodox Church tradition are considered to be 3 of the many pupil monks of Saint John of Rila who spread the light of Holy Eastern Orthodox Christian faith in whole Bulgarian lands and from there towards Russia and far west Serbia, Croatia, Hungary who historically has been orthodox and later converted to Roman Catholicism.

Tags: , , , , , , , , , , , , , , , , , , , ,
Posted in Christianity, Educational, Everyday Life | No Comments »

CentOS 8 / Redhat 8 insert additional guests additions to VM to enable Fullscreen, Copy / Paste and Shared Folder from host OS

Monday, January 10th, 2022

virtualbox-guest-additions-install-on-centos-8.3-linux-oracle-logo

My experience with enabling virtualbox additions guest tools on many of the separate Linux distributions throughout time is pretty bad as it always is a pain in the ass to enable fully functional full screen and copy paste for Virtualbox…
 
For those who installed it for a first time vbox guest addition tools for Virtualbox are additional software components added so the Emulated Operating system
could allow better screen resolution and better mouse integration support.

So far I've installed virtualbox additions tools to CentOS 7 and Debian Linux various releases and faced complications there as well.
Few days ago my colleague Georgi Stoyanov have installed CentOS 8.3 with current version of VirtualBox 6.1 (vesrsion from beginning of 2022) and he has also shared had issues with enabling the CentOS 8.3 Linux to work with guestadditions but eventually found a resolution.

Thus he has shared with me the solution and I share it with you, so hopefully someone else could enable Guesttools on his CentOS 8.3 with less digging online.
The error received is:

# ./VBoxLinuxAdditions.run

Trying to install Guest Additions in RHEL 8.3.

VirtualBox Guest Additions: Starting.
VirtualBox Guest Additions: Building the VirtualBox Guest Additions kernel
modules. This may take a while.
VirtualBox Guest Additions: To build modules for other installed kernels, run
VirtualBox Guest Additions: /sbin/rcvboxadd quicksetup
VirtualBox Guest Additions: or
VirtualBox Guest Additions: /sbin/rcvboxadd quicksetup all
VirtualBox Guest Additions: Building the modules for kernel
4.18.0-193.el8.x86_64.

VirtualBox Guest Additions: Look at /var/log/vboxadd-setup.log to find out what
went wrong
ValueError: File context for /opt/VBoxGuestAdditions-6.0.20/other/mount.vboxsf already defined
VirtualBox Guest Additions: Running kernel modules will not be replaced until
the system is restarted
Press Return to close this window…

No idea what to do next. Been trying for sometime.


To enable guestaddtions in CentOS 8.3, e.g. get arount the error you have to:


1. Install all necessery dependncies RPMs required by GuestAddition tools

 

# dnf install tar bzip2 kernel-devel-$(uname -r) kernel-headers perl gcc make elfutils-libelf-devel

# dnf -y install gcc automake make kernel-headers dkms bzip2 libxcrypt-compat kernel-devel perl

2.  Run below semanage and restorecon commands

 

# semanage fcontext -d /opt/VBoxGuestAdditions-/other/mount.vboxsf
# restorecon /opt/VBoxGuestAdditions-/other/mount.vboxsf

 

3.  Insert Virtualbox guest additions ISO and Run it

 

centos-insert-guest-additions-linux-virtualbox-screenshot
 

Devices -> Insert Guest Additions CD Image

 

Click Run button to exec Vbox_GAs_6.0.18 script or run it manually

Run-Guest-Additions-screenshot-virtualbox-centos-8

or mount it manually with mount command and execute the VBoxLinuxAdditions.run to do so:

 

$ cd /run/media/`whoami`/VB*
$ su
# ./VBoxLinuxAdditions.run
Installing additional modules …
VirtualBox Guest Additions: Building the VirtualBox Guest Additions kernel modules.  This may take a while.
VirtualBox Guest Additions: Running kernel modules will not be replaced until the system is restarted
VirtualBox Guest Additions: Starting.

 

4. Reboot the VM
 

# reboot

5. Check and Confirm Virtualbox guest additions are properly installed and running
 

# lsmod | grep vbox

 

6. Enable Copy / Paste from to Virttual Machine e.g. Shared Clipboard / Shared Folder etc.

 

Share-Clipboard-in-Virtualbox-screenshot-centos-8

 

The three options most useful besides the support for FullScreen OS emulation by Virtualbox to enable right after
guesttools is on are:


1. Devices -> Shared Clipboard -> Bidirectional
2. Devices -> Drag and Drop -> Bidirectional
3. Devices -> Shared Folders -> Shared Folder Settings
 

Tags: , , , , , , , , , , , , , , ,
Posted in Linux, Various, Virtual Machines | No Comments »

Happy Nativity Christ is Born ! Happy New Year 2022 and thanks for reading me

Wednesday, January 5th, 2022

Happy-Nativity-Christmas-christ-is-born-card

Christ is Born ! – Image Source: Holy Cross Monastery

Happy Nativity Christ was born 2022 years ago ! I wish a happy Nativity (Christmas).
ILet with the birth of Christ, his light and eternal dominion is born in us and lights us, as the star lighted the Magis who followed the Christmas star.

I wish my dear readers Peace, Love, Hope, Faith Good spiritual and bodily health and God's mercy by the prayers of the Holy Mother of God.

Saint_Alexander-Nevsky-Sofia-Bulgaria-Main-Cathedral-Church-fireworks
Saint Alexander Nevsky Largest Cathedral, Sofia Bulgaria. Tallest (53 m) and largest (by area and volume) cathedral in the Balkans and one of the 3 largest Eastern Orthodox Churches in Europe.

I wish you also a Happy New 2022 year ! Let the new year bring you new power to fight evil and do more good. Let the new year be peaceful, full of Grace and kindness to each of my dear readers ! Let the new year bring you more wisdom and understanding on everyone's life destination and bring you understanding on what is the proper things to do that would bring more joy and for our family, colleagues at work and people who surround is over the coming 12 months time.

Let each those who were sorrowful become joyful, those who hurted, get healed and those who worked hard find fruits out of their hard labor. Let those who hunger find food and those who are in pain find relief ! 
Use your obtained knowledge wisely and not only work on the mind  but work on the soul so they both become better !

Cheers and Happy New  Successful Year 2022 !!!

Tags: , , , , , , , , , , , , ,
Posted in Christianity, Everyday Life, Rant | No Comments »