Docker, Arch Linux, and User Namespaces

Docker, Arch Linux, and User Namespaces

I recently tried to run Jess Frazelle's Chrome Docker image, she explains how to do that here. Whilst there is a little bit of understanding needed with what's going on (such as passing X11 through from the host to the container), it's pretty simple.

However, Chrome seemed to break for me every time. At first I couldn't work it out, but help in this Issue Thread showed that the lack of User Namespacing in my kernel was the problem.

The stock Arch Linux Kernel for some reason doesn't seem to have User Namespacing built in. Chrome needs this. The reason Chrome needs this is that the sandboxing security feature needs to utilise namespacing segregation to isolate web page processes. The idea being if they can't interact with anything outside the container, it minimises risk to the other processes on the system.

Unfortunately to enable User Namespacing, you have to enable the feature in a kernel config file and rebuild your Kernel. This isn't an easy process but the Arch Build System can help.

To test you've got User Namespacing enabled successfully, check zgrep CONFIG_USER_NS /proc/config.gz it should return CONFIG_USER_NS=y. Anything else means it is not enabled.

My config.gz for Kernel 4.2.5-1 is here

The image below shows I've got Chrome running in Docker fine now. You can also tell from Archey that I'm running the custom kernel.

Picture of Chrome Running

Using UFW on Fedora

Using UFW on Fedora

When switching to Fedora I was disappointed to find that there was no support for using Uncomplicated Firewall, something I enjoyed on Arch Linux. Although it is not in the Fedora repos, it can still be installed and used.

  • Download the UFW source code from Launchpad
  • Unpack and install the source code. Do this with the traditional 'Untar, Configure, Make'. If you are unfamiliar with compiling software from scratch, the README in the download explains, and a quick google will explain further.
  • Once installed, run systemctl stop iptables to stop the regular iptables firewall process. Do the same for any Fedora Firewall tools like FirewallD systemctl stop firewall.
  • Enable UFW! sudo ufw enable
  • Add your rules as usual! e.g ufw allow 22/tcp, ufw limit 22/tcp
Solution: KDE 5 Plasma - Massive Fonts after upgrade

Solution: KDE 5 Plasma - Massive Fonts after upgrade

After running a full system upgrade on Arch Linux, all of my desktop environments save MATE were using a massive font size. This made all the windows balloon up as if I were running with 640×800. Part of the upgrade must have damaged/corrupted/replaced a global font config file (if any such thing exists).

The solution to get back to the normal font DPI (96 for me). Is to load System Settings > Font (at the top) and then “Force Fonts DPI: ”. In my case, 96. Doing this and then re-logging solved the problem.

kde-fonts

VirtualBox - 'VERR_CFGM_NODE_EXISTS' Solution - After Export and Import - OVF 2.0

A new node couldn’t be inserted because one with the same name exists. (VERR_CFGM_NODE_EXISTS).

Found an understated bug online with exporting and importing Virtual Machines in VirtualBox, using the OVF 2.0 format.

Even though the error code has ‘NS’ in the title, which to me implies NameServer and therefore suggested a networking fault, the issue is actually in the USB Controller for the Virtual Machine.

Somehow the XML config file gets scrambled and VirtualBox cannot properly implement USB. This can be fixed by changing the USB implementation to another USB version, e.g USB2.0 to USB3.0. Then booting up the box works as VirtualBox has re-written the USB XML config file.

Answer to Chromium's "Unable to Load Font File!" Error in Video

I found that when using Chromium to play Video it would occasionally display the titled error message inside the video viewbox of pages like YouTube and Vimeo. The video won’t play at all. Turns out this is caused by the system not having enough memory left (had too much going on). Kill some applications to retrieve ~100MB of RAM and reload the page. Then everything works fine.

ZipWorld in Wales

The video below is the automated one provided by ZipWorld. Still fun to watch even if it is short and painfully low quality…

Squeaking palm-rest on T410/T420/T430? Easy fix.

I’ve had annoying palm-rest squeaking on all the Thinkpads I’ve owned, usually when I rest my hands on the rests to begin typing. The creaking would continue as I increased and decreased pressure on the palm-rest whilst typing.

I only recently took my T430 apart to figure out how to stop the creaking. For me, the noise was coming from the right-hand palm-rest, directly next to the fingerprint sensor and above where the smartcard reader blanking piece sits.

There are two solutions. The first works if the creaking comes from the top palm-rest rubbing where it meets the lower half of the laptop’s body.

The palm-rest hangs over the lower half, and rubbing can occur where they meet. The fix here was to follow Lenovo’s dissassembly guide (and all prior steps) to the point where I had removed the top palm-rest. Then I lined the edges of the lower half of the laptop with sellotape. Then replaced the top and used a scalpul to cut away any spare sellotape which hung out between the two halfs.

The second solution (which you might as well do during the first) is to line any plastic edges with plastic grease. This includes all the areas of raised plastic inside the laptop body which may touch the palm-rest. I greased the associated areas on the palm-rest too and smeared the entire area on the inside of the palm-rest with the grease.

I also noticed the SmartCard blanking piece had some slack and that it could move up and down to make a ‘tapping’ noise, despite being screwed in firmly. Padding the blanking piece with some sellotape also worked well here.

Re-assembled the laptop and everything is great.

OwnCloud - Upload failed. Could not find uploaded file.

The precise error Owncloud would give at the top of the screen when I tried to upload a file was: Upload failed. Could not find uploaded file.
I spent ages trying to fix this with nothing online to help (which is why I’m writing this now for other’s, in case others are as ignorant as I am).
Go into /etc/php/php.ini and ensure that *upload_tmp_dir* is set to a directory included in the *open_basedir* path further up the file. The *open_basedir* set of directories is a list of base directories all PHP code can interact with. If your upload directory is not in there, any uploaded files are sent in the ether and then lost – with Owncloud complaining that it ‘can’t find them’. Owncloud can’t see the directory if it’s not one of those included in *open_basedir*.

Gnome Startup Crash when coming from KDE

Had some problems with Gnome failing to start and crashing with the weird sad face image and ‘Oh no, something has gone wrong’ error. If you check the error journal with ‘journalctl | grep gnome’ you may see some errors relating to PolKit. This can be checked against specifically with ‘journalctl | grep polkit’. If PolKit is throwing errors, installing polkit-gnome again. This seemed to repair paths, dependencies or whatever and after this Gnome booted successfully.

Fix for no emoticons on Motorola Moto G 2014

The new Moto G has an issue where emoticons do not show in any application correctly – where they should be is a blank space. This ‘bug’ has been shipped with the phone, but it is a misconfiguration left in by the developer and is easy to fix.

Go into the stock messaging app (not hangouts) and enter the settings. Find the ‘Character Encoding’ setting and change it from ‘7 bit’ to ‘automatic’.

This configuration seems to be a system-wide settings, and all applications will now display emoticons successfully.