Category Archives: troubleshooting

AppArmor on Ubuntu and MySQL in custom directories

AppArmor profile on Ubuntu is (rightly) restrictive and prevents the daemon binary mysqld from writing to unexpected locations.

So here’s another one in my series of ‘stupid notes to self’ — things that may help a reader, things that will help me, but things that are not proper or full guides to solving a problem.

Starting an already initialized datadir:

normal-user$ /usr/sbin/mysqld --defaults-file=/tmp/barproject-mysql-my.cnf
2018-01-09T21:24:28.090896Z 0 [ERROR] InnoDB: The innodb_system data file 'ibdata1' must be writable
2018-01-09T21:24:28.090907Z 0 [ERROR] InnoDB: The innodb_system data file 'ibdata1' must be writable

Initializing a new one:

normal-user$ /usr/sbin/mysqld --defaults-file=/tmp/barproject-mysql-my.cnf --datadir="$(pwd)/mysql" --log-level-verbosity=VERBOSE --initialize-insecure
mysqld: Can't create directory '/home/foo/projects/bar/_dev/mysql/' (Errcode: 13 -     Permission denied)
2016-10-10T16:23:29.515470Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2016-10-10T16:23:29.519420Z 0 [ERROR] Aborting

(Note that /tmp/barproject-mysql-my.cnf has been created from a template prior to running either of these. It specifies many values including datadir.)

First, I worked under the assumption the daemon was running under the wrong user or that the directory has wrong permissions. However, changing settings to any reasonable value did not get rid of errors with either initialization step or run step.

AppArmor has profiles that may block accesses atypical for the program executed. One such profile is for /usr/sbin/mysqld and is located in /etc/apparmor.d/usr.sbin.mysqld.

I tried symlinking it to /etc/apparmor.d/disable directory and restarting apparmor with systemctl restart apparmor. This didn’t change anything. I also tried whitelisting the directory by adding a local configuration change to /etc/apparmor.d/local/usr.sbin.mysqld:

/home/foo/projects/bar/_dev/mysql/** rwk,

systemctl restart apparmor — i.e. restarting through systemd — did not help.

However telling apparmor to tear itself down using the service command, as well as telling it to reload its profile cache, did:

service apparmor stop
service apparmor teardown
service apparmor recache
service apparmor start

There’s probably a smarter way, but this is good enough for me.

Getting sound and other panels in gnome-control-center outside GNOME

Missing some panels in gnome-control-center? No “Online Accounts”? No “Sound”?

Apparently, panels are defined through .desktop files in /usr/share/applications (!), and they mostly have the setting of OnlyShowIn=GNOME; or OnlyShowIn=GNOME;Unity;.

To trigger them appearing in, say, i3, xfce or similar, you need to pretend you’re actually running GNOME by exporting the XDG_CURRENT_DESKTOP variable with the value of GNOME.

#!/bin/sh
XDG_CURRENT_DESKTOP=GNOME gnome-control-center

Vidalia crashing on Ubuntu 14.04 due to incorrect AppArmor profile

This has been going unfixed for years now.

For me, the fix involved adding the following into /etc/apparmor.d/usr.bin.vidalia.

/usr/share/glib-2.0/schemas/ r,
/usr/share/glib-2.0/schemas/** r,

Then, I reloaded AppArmor /etc/init.d/apparmor reload and the contraption worked. If you get asked about your Tor control password, restart tor /etc/init.d/tor restart.

Stopping Gajim from autostarting OTR end-to-end encryption

Is Gajim auto-negotiating OTR? Does that annoy you by preventing server-side message archival and message carbons being delivered to other clients you use?

  • Go to Preferences (hit ctrl+p).
  • Go to Advanced tab
  • Under Advanced Configuration Editor click Open.
  • Use search to find ‘autonegotiate_esessions’ and ‘enable_esessions’ options
  • For each account, click on value ‘Activated’ to toggle it into ‘Deactivated’.

I definitely want the option to initiate crypto via GPG and OTR. I don’t want it started automatically and preventing other useful archival that I do on my self-hosted hardware.

Streaming to YouTube Live with VLC and FFMPEG

Let’s say you’re on OS X. (If you’re not, substitute the path to VLC executable with /usr/bin/vlc or just vlc; you could even use cvlc).

PATHTOFILE=/Users/ivucica/my_video.mp4
STREAMID=ivucica.aaaa-bbbb-cccc-dddd
VLC=/Applications/VLC.app/Contents/MacOS/VLC
if [ ! -e "${VLC}" ] ; then
    VLC=vlc
fi
"${VLC}" "${PATHTOFILE}" --sout '#transcode{vcodec=FLV1,acodec=mp3,samplerate=44100}:std{access=rtmp,mux=ffmpeg{mux=flv},dst=rtmp://a.rtmp.youtube.com/live2/'${STREAMID}

I’ve seen a variant where vcodec is h264, acodec is aac and also vb is set to 1000.

If you want to use FFMPEG instead:

./ffmpeg -re -i "${PATHTOFILE}" -vcodec libx264 -preset veryfast -maxrate 1984k -bufsize 3968k -vf "format=yuv420p" -g 60 -acodec libmp3lame -b:a 96k -ar 44100 -f flv -s 1920x1080 rtmp://a.rtmp.youtube.com/live2/${STREAMID}

Where do you get the STREAMID from? Create a YouTube Live event in the Creator Studio, then create a ‘custom ingestion’, then read the settings:

YouTube Live stream id

Let’s say you haven’t been running your stream for months. I’m only guessing about what is actually happening, but the logical explanation is that something is garbage-collecting the ingestion settings without telling the UI about it. Error as follows may happen:

VLC media player 2.2.1 Terry Pratchett (Weatherwax) (revision 2.2.1-0-ga425c42)
[0000000100302968] core libvlc: Running vlc with the default interface. Use 'cvlc' to use vlc without interface.
[000000010038a3f8] avcodec access out error: Failed to open rtmp://a.rtmp.youtube.com/live2/ivucica.aaaa-bbbb-cccc-dddd
[0000000100389aa8] stream_out_standard stream out error: no suitable sout access module for `rtmp/ffmpeg{mux=flv}://rtmp://a.rtmp.youtube.com/live2/ivucica.aaaa-bbbb-cccc-dddd'
[0000000100389838] core stream output error: stream chain failed for `transcode{vcodec=FLV1,acodec=mp3,samplerate=44100}:std{access=rtmp,mux=ffmpeg{mux=flv},dst=rtmp://a.rtmp.youtube.com/live2/ivucica.aaaa-bbbb-cccc-dddd}'
[000000010050f648] core input error: cannot start stream output instance, aborting

If that is the case, go and create a new custom ingestion. Or create a whole new stream. Then use the new ID where appropriate.

n.b. As of August 2015, if you’re just playing with streaming, Ustream seems to start streaming (and thus provide useful feedback) far faster than YT Live.

Gajim causing kernel lockup on startup

Specifically, Gajim’s use of python-crypto (or something similar) has been causing the kernel to lock up for me, months ago. 100% repro rate: I would launch Gajim, and kernel would lock up on the relevant core even before Gajim showed the first window.

Trying to pinpoint it using strace, it was actually an attempt to read /proc/brcm_monitor0. I have no idea why it would try to read it, but once it did, kernel would lock up on one CPU core (seen by examining dmesg), and slowly other CPU cores would follow.

Given that I don’t actually need the Broadcom wireless card on my desktop machine (at least ever since I wired up my room), I’ve just blacklisted the wl module:

$ cat /etc/modprobe.d/blacklist-IVUCICA.conf
blacklist wl