Skip to content

X11 freezes and system total hang up on an Lenovo X250 i7-5600U since kernel 4.6.2 (arch linux)

Hey folks, since kernel 4.6.2 I got a lot of X11 freezes as well as unusable gui tools (delayed inputs, scrolling and broken display rendering). Also all the virtual box clients are behaving the same. Only the chromium gui and xterm were usable (well, xterm only on my host, not on the virtual box clients).
I tried my best and here are the changes I made that stopped the system from a total freeze since four days:

run as root

cat /etc/X11/xorg.conf.d/20-intel-graphics.conf < DELIM Section "Device" Identifier "Intel Graphics" Driver "intel" Option "AccelMethod" "uxa" Option "NoAccel" "True" EndSection DELIM

I am crossing fingers it is working on your machine also.

Translate to de es fr it pt ja

howto - php composer - File(/etc/pki/tls/certs) is not within the allowed path(s) - on arch linux

Since a few days (or weeks?), I discovered the following issue on one of my Arch Linux system.
Whenever I try to use PHP's composer, I got the following issue:

is_dir(): open_basedir restriction in effect. File(/etc/pki/tls/certs) is not within the allowed path(s): (/srv/http/ [...]

Well, it didn't hurt that much since I am using (like every cool webkiddy is doing) docker or vagrant for my development. But this time, I needed to solve it since it is a customer edge case - so I solved it.
The how to I will show you is not the perfect way. I had two things in mind, try to minimize the place I have to adapt the php.ini. And try to keep the system as normal as possible. Until now, I can not estimate the security holes I opened with this setting. I will let you know if this how to turns out to be a "don't try this at home" thing.

So, what have I done?
First of all, I asked curl to tell me where it is looking for certificates by executing:

curl-config --ca

output: /etc/ssl/certs/ca-certificates.crt

After that I had a look what this path is:

ls -halt /etc/ssl/certs/ca-certificates.crt

output: [...] /etc/ssl/certs/ca-certificates.crt -> ../../ca-certificates/extracted/tls-ca-bundle.pem

So, with that knowledge it turned out that the following steps are reflecting my requirements mention above.

sudo mkdir -p /etc/pki/tls/certs
sudo ln -s /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-certificates.crt
sudo vi /etc/php/php.ini

add following lines to "open_basedir" configuration section


And that is it, composer should now be back in business.

Translate to de es fr it pt ja

web - ZFS FTW! :-) - ZFS -- baked directly into Ubuntu 16.04

Dustin Kirkland announced that Ubuntu 16.04 will be shipped with ZFS.
It is still sucky, sucky foobuntu bit I see it as big step for the wonderful ZFS. I am using it since multiple years now and I am enjoying it. ZFS, especially Open ZFS has a bright future.

Translate to de es fr it pt ja

Peco - Simplistic interactive filtering tool

peco can be a great tool to filter stuff like logs, process stats, find files, because unlike grep, you can type as you think and look through the current results.


So the only downside is, you need get and install go for it (to build it on your own) or download a binary build. Peco is available in the aur

Demos speak more than a thousand words! Here's me looking for a process on my mac. As you can see, you can page through your results, and you can keep changing the query:

looking for a process

Translate to de es fr it pt ja

blockify-ui stops working with error: Xlib: extension "GLX" missing on display ":0".

So you updated your blockify and you wanted start it.
Instead of the blockify ui, you are getting the following error on the command line:

Xlib: extension "GLX" missing on display ":0".
What to do?
Try to install mesa-libgl and everything should be fine again.

Translate to de es fr it pt ja

hardinfo on a linux live cd - A system information, profiling and benchmark tool.

The task for today was to figure out what kind of hardware was in a bunch of cases without open them all.
I know there are a lot tools for windows available out there, but finding something running on an linux system was not that easy - at least for me.
After a while, I had verified that hardinfo was the tool I am searching for. But this simple leads me to another question and problem. "What kind of available live linux cds has this application available directly?".
It turned out that this is not an easy question to answer. But after a lot of download, try and validate runs, I found one, tahrpup a puppylinux flavored release.
I really hope you will find this post and this will save you ... well, half of a day of evaluation.

Translate to de es fr it pt ja

systemd[1]: Failed to start Create Volatile Files and Directories. - on Arch Linux having zfsonlinux as root

I just got the following entry on my boot up today:

systemd[1]: Failed to start Create Volatile Files and Directories.

After a while of searching using my favorit searchengine, I (as usual ;-)) found the most fitting solution in the
The solution is given in the manpage of the tmpfiles.d.
tmpfiles.d(5) wrote:

If the administrator wants to disable a configuration file supplied by the vendor, the recommended way is to place a symlink to /dev/null in /etc/tmpfiles.d/ bearing the same filename.

So all you have to do is:

sudo su

cd /usr/lib/tmpfiles.d

cp journal-nocow.conf journal-nocow.conf.bak

rm journal-nocow.conf.bak

ln -s /dev/null journal-nocow.conf

And thats it. Fingers crossed you system will boot without errors.

Translate to de es fr it pt ja

zfs as root with luks on arch linux and the small trouble after upgrading the kernel

Everytime the kernel gets updated, my system only reaches the busybox afterwards.
Currently, I have no idea why this happens exactly. But at least, I know how to handle it.
The zfs module is loaded, so all you need to do is to execute

zpool import -f 
, followed by an
zpool export 
It looks like there is a problem with exporting the pool while rebooting, or maybe an error while importing. It is marked as "not exported correctly", that is why booting fails. After the two commands from above, you can enter
and everything should be fine again.

Translate to de es fr it pt ja

web - zfsonlinux 0.6.4. released - zfs-announce mailing list

The Linux team is happy to announce a new release of OpenZFS on Linux. The 0.6 4 release adds support for 6 new feature flags, multiple new properties, asynchronous IO, support for Linux kernels up to 4.0 and more.
* Compatible with kernels up to Linux 4.0.
* New feature flags (additional details below):
- spacemap_histogram
- extensible_dataset
- bookmarks
- enabled_txg
- hole_birth
- embedded_data
* New asynchronous I/O (AIO) support.
* New fallocate() FALLOC_FL_PUNCH_HOLE support.
* New fragmentation metric in 'zpool list'.
* New LZ4 compression of meta data.
* New "redundant_metadata" property controls desired redundancy level.
* New "overlay" property controls behavior for non-empty mount points.
* New 'zpool list -v' shows individual disk capacity.
* New 'zpool get -H' (scripted mode) support.
* New 'zpool create -t' creates a pool with a temporary name.
* New script from FreeNAS.
* New bash completion support.
* New DTRACE_PROBES integrated with Linux tracepoints.
* New compressed block histograms with zdb.
* New verbatim pool imports with zdb.

What a release, thank you very much for the work and the damn long list of new features, improvements and bug fixes!

Translate to de es fr it pt ja

openntpd fatal: bad privsep dir /var/lib/ntp permissions: (on arch linux)

I was wondering why my system clock was "so damn wrong". A quick check with systemctl status openntpd.service showed me "Active: inactive (dead) since ...". An other "journalctl -xfn" on the command line and "fatal: bad privsep dir /var/lib/ntp permissions: 40755" was marked red.
Searching on the web was, well, some kind of helpful. An old (asian?) entry was the highest in the ranking. After that, I searched on the official repository on and found this patch (full patch view).
After that, it was an easy one to get openntpd back on track.
chown -R root /var/lib/ntp and to be on the save side chmod -R 700 /var/lib/ntp followed by systemctl restart openntpd.service and my clock was back on track :-).

Translate to de es fr it pt ja

LVM on LUKS with GPT on an HP 2530p

So, this is a short story telling about the journey of an arch linux installation on an HP 2530p.
The mission was clear, <" title="arch linux gpt">GPT, LVM and LUKS. The problem was the BIOS in the HP 2530p.
To keep it short, don't trust the documents, simple install a hybrid gpt/mbr), or follow my howto.
The so called documented UEFI boot is only working with windows but not with other UEFI systems. If you simple install a GPT without a hybrid MBR, you won't get a working system disk.

Translate to de es fr it pt ja

"hwdb.bin does not exist" on arch linux boot up

So I'm having this problem on three machines. I've also done the advice "udevadm hwdb --update" but the error still exists on the next boot.
Good thing about it, all is still working. My machines have a "hwdb.bin" file in "/etc/udev/hwdb.bin". I found a bug report on the arch linux bug report list as well as one on the systemd bug report list but no solution.
I will update this entry when I've found a solution or if the error disappears on one of the upcomming updates.

Translate to de es fr it pt ja

web - Eigenen Proxy in Linux aufsetzen

Pro Linux hat ein kleines How To veröffentlicht, wie man sich einen Proxy mit linux aufsetzt.

Für arch linux arm muss man einiges beachten.

  • Installiere "apache" um "htpasswd" zu erhalten
  • pacman -S squid apache
  • ersetze "squid2" mit "squid" in allen Pfaden oder Nennungen
  • Kommentare lesen, die sind gut und wichtig!
  • Verbindung mit Hilfe von ssh sichern: >>ssh [email protected] -D -C<<
Translate to de es fr it pt ja

CUPS - Waiting for printer to become available. - usb

I had some trouble using my usb printer.
Starting cups with "systemctl start cups" was working as expected. The page "http://localhost:631/" was presenting usefull informations (also listing the printer) but when I added a job "Waiting for printer to become available." was displayed for minutes over minutes.

A search on the web directed me to a thread with the solution inside. Following are the needed steps:

list connected usb devices to fetch vendor id and product it


create rules for udev

vim /etc/udev/rules.d/10-usbprinter.rules

add following entry, replace vendor id and product id if needed

ATTR{idVendor}=="04e8", ATTR{idProduct}=="3321", MODE:="0660", GROUP:="lp"

reload udev

udevadm control --reload-rules

replugin the printer

Translate to de es fr it pt ja

/usr/bin/java: line 2: /usr/lib/jvm/default/bin/java: Too many levels of symbolic links - arch linux

So you just want to start a java application and it does not work.
First idea "lets start it from within a shell to see something", so you do.

/usr/bin/java: line 2: /usr/lib/jvm/default/bin/java: Too many levels of symbolic links
/usr/bin/java: line 2: exec: /usr/lib/jvm/default/bin/java: cannot execute: Too many levels of symbolic links

If something like above is your output, change into root mode and fix this issue.

sudo su
cd /usr/lib/jvm
ls -halt

something like "default -> default" should be listed

rm -fr default

if you have installed java-7-openjdk, what should be listed by the ls above

ln -s java-7-openjdk default

And thats it, enjoy your working java applications again.

Translate to de es fr it pt ja

Categories: os
Defined tags for this entry: , , ,
Vote for articles fresher than 7 days!
[0] 1329 hits

Take a look how linux kernel hackers have arranged their home offices

I found a great article on phoronix called "The Tour Of Linus Torvalds' Home Office". Inside are a few videos. Just take a few minutes and watch them. Their are two cool things to learn.
A treadmill desk for regular browsing in the web.
My office is looking still normal (not that much pc's, cables etc. :-D).

Translate to de es fr it pt ja

web - kGraft Being Discussed For Inclusion Into Linux-Next

The SUSE method for live kernel patching, kGraft, is being proposed for possible inclusion into the linux-next branch in hopes it will be merged into an upcoming Linux kernel release cycle.

The kGraft patches for live kernel patching continue to be revised and reviewed but at the same time there's still Kpatch that's been developed by Red Hat with some different design principles for updating the running kernel in real-time. To date there's been no general consensus on the superior solution nor any agreement to try to merge Kpatch and kGraft.

On Wednesday, Jiri Slaby of SUSE proposed in a new mailing list thread to kernel developers that kGraft be added to the -next tree for the kernel.

While the proposal was made, there was some immediate resistance since there's still no collaboration between kGraft and Kpatch. Additionally, some developers don't like that kthread management is being further complicated by the current kGraft patches. We'll keep monitoring the Kpatch vs. kGraft patches and will provide updates when there's a consensus on the matter.


Would be awesome to see this in action!

Translate to de es fr it pt ja

Arch Linux PHPStorm (JetBrains) OpenJDK Update and No Font

I had updated my arch linux as usual and got an update for openJDK.

java -version
java version "1.7.060"
OpenJDK Runtime Environment (IcedTea 2.5.0) (Arch Linux build 7.u60
OpenJDK 64-Bit Server VM (build 24.60-b09, mixed mode)

After that, I started my phpstorm (I am working with the window manager i3wm and the screen looks strange. Everything was there, except for the fonts - I could not read anything (and I am not that cool to code without seeing the code :D-).
After log of tryouts, I found a simple and suitable solution.
sudo echo "-Dawt.useSystemAAFontSettings=gasp" > /usr/share/phpstorm/bin/phpstorm64.vmoptions

This has resolved the issue on my machine. There are some hints available, but I needed only one line, hope it suits your needs too.

Translate to de es fr it pt ja

extended support for InteiilJ IDEA (means also phpstorm) for notion window manager

Just found the following block in the /etc/notion/cfgkludges.lua file (arch linux).

-- InteiilJ IDEA - I wonder whether we should do this for all sun-awt-X11-XWindowPeer windows
defwinprop {
    class = "jetbrains-idea-ce",
    instance = "sun-awt-X11-XWindowPeer",
    transientmode = "current",
defwinprop {
    class = "jetbrains-idea-ce",
    instance = "sun-awt-X11-XDialogPeer",
    transientmode = "current",
defwinprop {
    class = "jetbrains-idea",
    instance = "sun-awt-X11-XWindowPeer",
    transientmode = "current",
defwinprop {
    class = "jetbrains-idea",
    instance = "sun-awt-X11-XDialogPeer",
    transient_mode = "current",

Looks like they found a reason why working with phpstorm in notion was not that easy.

Translate to de es fr it pt ja

Web - Docker 09 ist unabhänging von lxc

Das ist eine der beiden großen Neuerungen, die Docker 0.9 mitbringt, dessen Entwicklung sich mit Vorausschau auf eine baldige stabile Version 1.0 weiterhin auf die mit Version 0.8 ausgegebene Devise »Qualität vor neuer Funktionalität« konzentriert. Daneben wurden wieder viele Fehler bereinigt.
Die zweite Neuerung in Docker 0.9 ist das neue Execution Driver API, welches die Anpassung der Ausführungsumgebung erlauben soll, die den jeweiligen Container umgibt. Damit will Docker die Vorteile der diversen Isolationswerkzeuge wie etwa OpenVZ, systemd-nspawn, libvirt-lxc, libvirt-sandbox, qemu/kvm, BSD Jails, Solaris Zones sowie der altbekannten chroot nutzen. Weitere Treiber sollen von dritter Seite bereits in Entwicklung sein.


Danke für diese erfreuliche Meldung. Docker macht wirklich Spaß :-).

Translate to de es fr it pt ja

(fedora) linux and zfs on linux with error message "Failed to load ZFS module stack."

You are getting error messages like the following by trying to use your zfs?

Failed to load ZFS module stack.
Load the module manually by running 'insmod /zfs.ko' as root.
Failed to load ZFS module stack.
Load the module manually by running 'insmod /zfs.ko' as root.
First, check if all modules (zfs is using dkms) are loaded and having the same/fitting version numbers.
dkms status
If the output is not suiteable (one module is missing, wrong version number for example) try to do the following steps by using the proper version number.
dkms remove -m zfs -v 0.6.2 --all
dkms remove -m spl -v 0.6.2 --all
dkms add -m spl -v 0.6.2
dkms add -m zfs -v 0.6.2
dkms install -m spl -v 0.6.2
dkms install -m zfs -v 0.6.2

Translate to de es fr it pt ja

fedora 19 - add multimedia capability

Thanks to usa law, fedora is not allowed to ship their distributions with full media support.

But is is not that hard to fix this issue (nevertheless, it is annoying.

Thanks to the german freiesmagazin, i quickly found the magic hint to use or search for something called rpmfusion. All you have to do is, to install rpm fusion to you local machine and call "yum install rpmfusion-*", "yum install vlc" and "yum install gstreamer".

I did some additional search and thanks to a german blog post, i was browsed to a project called korora project.

Korora is a Fedora Remix that aims to make Linux easier for new users, while still being useful for experts. We provide a complete, easy to use computing system that “just works” out of the box.

Translate to de es fr it pt ja

meetup - attraktor - selinux

Just arrived at home from back to hack selinux. I tried my best to keep up the speed of slides. Nevertheless, there are some gaps in between.

Big thanks to the presenter. I turned my fear into anticipation for using it!


  • 1976 LaPadula paper released
  • DTMach as construction idea released
  • Based on FLASK, first patches to linux kernel
  • 2002 implemented as linux security module (LSM)
  • Since 2003 part of the mainline kernel
  • Fedora core was first distribution (shipped with policy)
  • Since 2007 shipped with RHEL5 EAL4+

Bell LaPadula

  • MAC
  • TE
  • RBAC
  • No read up, no write down


  • Extends DAC (directory access control)
  • mode at runtime changeable (enforcing vs permissive)
  • flexible policy
  • AVC (access vector cache)
  • root is not god anymore
  • process running in own security domain

Discretionary Access Control

  • classical security concept
  • object based access control
  • unflexible
  • rights per user
  • user can ship rights
  • uid can be changed by using suid


  • access control by using policy

TE - Type Enforcement

  • all resources have a typ/domain
  • whitelisting ruleset

Security Context

  • securityarea
  • object (user:role:domain:level)
  • subject


  • heart of selinux
  • common policis are targeted, strict and MLS
  • defines rules for access from subject of object
  • defines domain transition of a subject (when can a subject change its domain)



  • default policy
  • contains a understandable complexity
  • well choosen processes running in own domain
  • you can tweak the policy by using booleans
  • this policy should be enough for daily work
  • if you use the filesystem hirachy standard you are quite save
  • Unknown software is stored in context "unconfined"

Multi Level Security (mls)

  • everything is running under selinux policies
  • tweakable by booleans
  • only for high risk security aspects


  • enables tweaking the policy without reload
  • no knowledge about policy needed
  • booleans can set permanent
  • semanage boolean -l lists a lot of informations


  • -Z is selinux switch (ls -Z, netstat -Z)
  • cp, mkdir and so on are linked against selinux to support setting needed bytes
  • getenforec/setenforce - switching selinux mode
  • restorecon/fixfiles/chcon - changing context of subjects
  • sestatus - status
  • avcstat - status about avc
  • libselinux - the selinux
  • libsepol - all binaries linked against

Policy Management

  • setsebool/getsebool - show and set of selinux booleans
  • semanage - policy management
  • semodule -

Policy Development

  • audit2allow - builds selinux rules based on audit log
  • checkmodule - transforms rulse into binary
  • semodule_package -
  • audit2why - analyse selinux

Linux Audit Framework (LAF)

  • should be used for logging


  • you are loosing the context if your backup software does
  • tar and rsync supports :-)

Translate to de es fr it pt ja