Develop Reference

Error in Bluetooth Status - Raspberry Pi - "Failed to set privacy: Rejected (0x0b)"

I'm in the very early stages of doing some Bluetooth Mesh work on my Raspberry Pi 4.
From the instructions I have found that a rebuild of the Kernel is required to enable the Crypto APIs that Mesh requires.
I am starting with
pi#pi-4:~ $ uname -a
Linux pi-4 5.10.63-v7l+ #1459 SMP Wed Oct 6 16:41:57 BST 2021 armv7l GNU/Linux
pi#pi-4:~ $ bluetoothd -v
5.55
And rebuilt the kernel using
git clone --depth=1 https://github.com/raspberrypi/linux
cd linux
KERNEL=kernel7l
make bcm2711_defconfig
vi .config # to customize the local name of the kernel build
make menuconfig
Of note, I have seen varying documents on which kernel options to set so I went with the superset of options. Set via a combination of vi and the UI. The resulting edits were
CONFIG_EXPERT=y
CONFIG_TIMERFD=y
CONFIG_EVENTFD=y
CONFIG_NET=y
CONFIG_BT=y
CONFIG_BT_RFCOMM=y
CONFIG_BT_RFCOMM_TTY=y
CONFIG_BT_BNEP=y
CONFIG_BT_BNEP_MC_FILTER=y
CONFIG_BT_BNEP_PROTO_FILTER=y
CONFIG_BT_HIDP=y
CONFIG_RFKILL=y
CONFIG_CRYPTO_USER=y
CONFIG_CRYPTO_USER_API_HASH=y
CONFIG_CRYPTO_USER_API_SKCIPHER=y
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_SHA1=y
CONFIG_KEY_DH_OPERATIONS=y
CONFIG_CRYPTO_USER_API_AEAD=y
CONFIG_CRYPTO_USER_API_HASH=y
CONFIG_CRYPTO_AES=y
CONFIG_CRYPTO_CCM=y
CONFIG_CRYPTO_AEAD=y
CONFIG_CRYPTO_CMAC=y
I also edited the statup command line option to turn off the SAP plug-in to get rid of that startup error.
KERNEL=kernel7l
make -j4 zImage modules dtbs
sudo make modules_install
sudo cp arch/arm/boot/dts/*.dtb /boot/
sudo cp arch/arm/boot/dts/overlays/*.dtb* /boot/overlays/
sudo cp arch/arm/boot/dts/overlays/README /boot/overlays/
sudo cp arch/arm/boot/zImage /boot/$KERNEL.img
pi#pi-4-x:~/ell-0.9/linux $ sudo reboot now
Connection to pi-4-x closed by remote host.
Connection to pi-4-x closed.
.
. reconnect
.
pi#pi-4:~ $ uname -a
Linux pi-4 5.10.90-v7l-With-BlueZ-Crypto+ #2 SMP Fri Jan 14 16:00:58 EST 2022 armv7l GNU/Linux
Now I am looking at this error when I check the status. This error is the SAME when using the BlueZ shipped with the distribution (5.55) and when rebuilding from source (5.63).
Any ideas?
Failed to set privacy: Rejected (0x0b)
pi#pi-4:~/linux $ sudo service bluetooth status
● bluetooth.service - Bluetooth service
Loaded: loaded (/lib/systemd/system/bluetooth.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2022-01-18 11:32:44 EST; 11min ago
Docs: man:bluetoothd(8)
Main PID: 1726 (bluetoothd)
Status: "Running"
Tasks: 1 (limit: 3715)
CPU: 59ms
CGroup: /system.slice/bluetooth.service
└─1726 /usr/libexec/bluetooth/bluetoothd --noplugin=sap
Jan 18 11:32:44 pi-4 systemd[1]: Starting Bluetooth service...
Jan 18 11:32:44 pi-4 bluetoothd[1726]: Bluetooth daemon 5.55
Jan 18 11:32:44 pi-4 systemd[1]: Started Bluetooth service.
Jan 18 11:32:44 pi-4 bluetoothd[1726]: Starting SDP server
Jan 18 11:32:44 pi-4 bluetoothd[1726]: Excluding (cli) sap
Jan 18 11:32:44 pi-4 bluetoothd[1726]: Bluetooth management interface 1.18 initialized
Jan 18 11:32:44 pi-4 bluetoothd[1726]: Failed to set privacy: Rejected (0x0b)
Jan 18 11:32:44 pi-4 bluetoothd[1726]: Endpoint registered: sender=:1.21 path=/MediaEndpoint/A2DPSink/sbc
Jan 18 11:32:44 pi-4 bluetoothd[1726]: Endpoint registered: sender=:1.21 path=/MediaEndpoint/A2DPSource/sbc

Tor not starting cleanly on boot

I'm running Debian 10 with bitcoind configured as a systemd service that accesses the tor service via localhost. Every reboot the bitcoind error log is filled with the following, and tor services seem to be stuck in a non-working state.
2020-11-18T03:38:30Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-11-18T03:38:30Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-11-18T03:38:31Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-11-18T03:38:31Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
Upon startup systemctl status tor returns the following, indicating tor started successfully
tor.service - Anonymizing overlay network for TCP (multi-instance-master)
Loaded: loaded (/lib/systemd/system/tor.service; enabled; vendor preset: enabled)
Active: active (exited) since Tue 2020-11-17 19:54:04 PST; 4min 19s ago
Process: 413 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 413 (code=exited, status=0/SUCCESS)
Nov 17 19:54:04 cryptoDaemon systemd[1]: Starting Anonymizing overlay network for TCP (multi-instance-master)...
Nov 17 19:54:04 cryptoDaemon systemd[1]: Started Anonymizing overlay network for TCP (multi-instance-master).
However tail -f /var/log/tor/notices.log indicates tor hasn't started. There are no entries after the reboot.
If I restart tor.service with sudo systemctl restart tor the error immediately disappears and bitcoind starts to function over tor correctly. This indicates to me that the tor service itself is not starting properly after reboot.
After restarting the service /var/log/notices.log gets new entries:
Nov 17 20:02:22.000 [notice] Tor 0.3.5.10 opening log file.
Nov 17 20:02:22.875 [notice] We compiled with OpenSSL 1010104f: OpenSSL 1.1.1d 10 Sep 2019 and we are running with OpenSSL 1010107f: OpenSSL 1.1.1g 21 Apr 2020. These two versions should be binary compatible.
Nov 17 20:02:22.877 [notice] Tor 0.3.5.10 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1g, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd 1.3.8.
Nov 17 20:02:22.877 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Nov 17 20:02:22.877 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Nov 17 20:02:22.877 [notice] Read configuration file "/etc/tor/torrc".
Nov 17 20:02:22.881 [notice] You configured a non-loopback address '10.1.10.20:9050' for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Nov 17 20:02:22.881 [notice] Opening Socks listener on 127.0.0.1:9050
Nov 17 20:02:22.881 [notice] Opened Socks listener on 127.0.0.1:9050
Nov 17 20:02:22.881 [notice] Opening Control listener on 127.0.0.1:9051
Nov 17 20:02:22.881 [notice] Opened Control listener on 127.0.0.1:9051
Nov 17 20:02:22.881 [warn] Unable to make /var/lib/tor group-readable: Permission denied
Nov 17 20:02:22.881 [warn] Unable to make /var/lib/tor group-readable: Permission denied
Nov 17 20:02:22.000 [notice] Not disabling debugger attaching for unprivileged users.
Nov 17 20:02:22.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Nov 17 20:02:23.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Nov 17 20:02:23.000 [notice] Bootstrapped 0%: Starting
Nov 17 20:02:23.000 [notice] Starting with guard context "default"
Nov 17 20:02:23.000 [notice] Signaled readiness to systemd
Nov 17 20:02:24.000 [notice] Bootstrapped 10%: Finishing handshake with directory server
Nov 17 20:02:24.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Nov 17 20:02:24.000 [notice] Opening Control listener on /run/tor/control
Nov 17 20:02:24.000 [notice] Opened Control listener on /run/tor/control
Nov 17 20:02:24.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Nov 17 20:02:25.000 [notice] Bootstrapped 100%: Done
Further investigation reveals that tor is not starting at boot. /var/log/tor/debug.log is empty after reboot. I can even run systemctl start tor and it starts. systemctl start tor won't mess with a service that is already started, so for some reason systemd isn't starting tor, despite it being enabled. Just for fun I disabled with systemctl disable tor and re-enabled, but to no avail.
Any ideas why tor doesn't start?

I also use this server as a Tor SOCKS proxy on the LAN using SOCKSPORT IP.OF.SERVER:9050 in torrc. disabling this and the associated SOCKSPolicy accept IP.OF.SERVER/24 fixed the issue. If anybody has any insight as to why tor behaves this way and doesn't log why, it'd be appreciated.

I fixed it by overriding the systemd configuration for the tor service since i Need the tor Proxy to listen to an actual network interface.
/etc/systemd/system/tor#default.service.d/override.conf
[Unit]
After=network.target nss-lookup.target network-online.target
Wants=network-online.target
Easy way to create the file is systemctl edit tor#default.service

Apache LockFile issue

I am trying to migrate from Apache 2.2 on Debian 7 to Apache 2.4 on CentOS 7.
when httpd starts, it fails to start as below.
root# journalctl -xe
Jun 23 14:26:04 ww-test httpd[17716]: AH00526: Syntax error on line 47 of /etc/httpd/conf/httpd.conf:
Jun 23 14:26:04 ww-test httpd[17716]: Invalid command 'LockFile', perhaps misspelled or defined by a module not included in the server configuration
Jun 23 14:26:04 ww-test systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Jun 23 14:26:04 ww-test kill[17718]: kill: cannot find process ""
Jun 23 14:26:04 ww-test systemd[1]: httpd.service: control process exited, code=exited status=1
Jun 23 14:26:04 ww-test systemd[1]: Failed to start The Apache HTTP Server.
vi httpd.conf
45 # The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
46 #
47 LockFile ${APACHE_LOCK_DIR}/accept.lock
48
I installed the related package as below although I am not sure if it is the right one.
============================================================================================================================================================================================
Package Arch Version Repository Size
============================================================================================================================================================================================
Installing:
lockfile-progs x86_64 0.1.15-7.el7 /lockfile-progs-0.1.15-7.el7.x86_64 50 k
Installing for dependencies:
liblockfile x86_64 1.08-17.el7 base 21 k
Transaction Summary
Thanks for reading it.

Replace this line:
LockFile ${APACHE_LOCK_DIR}/accept.lock
To:
Mutex file:/var/httpd/locks default
Directives AcceptMutex, LockFile, RewriteLock, SSLMutex, SSLStaplingMutex, and WatchdogMutexPath have been replaced with a single Mutex directive. You will need to evaluate any use of these removed directives in your 2.2 configuration to determine if they can just be deleted or will need to be replaced using Mutex

What to run instead of httpd -S on Debian 8 with Apache 2.4.10?

Apache Virtual Host documentation:
If you are trying to debug your virtual host configuration, you may find the Apache -S command line switch useful. That is, type the following command:
/usr/local/apache2/bin/httpd -S
This command will dump out a description of how Apache parsed the configuration file. Careful examination of the IP addresses and server names may help uncover configuration mistakes. (See the docs for the httpd program for other command line options)
# /usr/local/apache2/bin/httpd -S
bash: /usr/local/apache2/bin/httpd: No such file or directory
# find / -type f -iname apache2
/etc/monit/monitrc.d/apache2
/etc/init.d/apache2
/etc/default/apache2
/etc/logrotate.d/apache2
/etc/bash_completion.d/apache2
/etc/cron.daily/apache2
/usr/share/php5/sapi/apache2
/usr/share/lintian/overrides/apache2
/usr/sbin/apache2
# /usr/sbin/apache2 -S
[Tue Jul 19 15:18:49.663497 2016] [core:warn] [pid 3766] AH00111: Config variable ${APACHE_LOCK_DIR} is not defined
[Tue Jul 19 15:18:49.663887 2016] [core:warn] [pid 3766] AH00111: Config variable ${APACHE_PID_FILE} is not defined
[Tue Jul 19 15:18:49.664071 2016] [core:warn] [pid 3766] AH00111: Config variable ${APACHE_RUN_USER} is not defined
[Tue Jul 19 15:18:49.664244 2016] [core:warn] [pid 3766] AH00111: Config variable ${APACHE_RUN_GROUP} is not defined
[Tue Jul 19 15:18:49.664428 2016] [core:warn] [pid 3766] AH00111: Config variable ${APACHE_LOG_DIR} is not defined
[Tue Jul 19 15:18:49.684790 2016] [core:warn] [pid 3766] AH00111: Config variable ${APACHE_RUN_DIR} is not defined
[Tue Jul 19 15:18:49.685433 2016] [core:warn] [pid 3766] AH00111: Config variable ${APACHE_LOG_DIR} is not defined
AH00526: Syntax error on line 74 of /etc/apache2/apache2.conf:
Invalid Mutex directory in argument file:${APACHE_LOCK_DIR}
So, what should I be typing instead of /usr/local/apache2/bin/httpd -S on Debian 8 with Apache 2.4.10 ?
My system:
# lsb_release -da
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 8.1 (jessie)
Release: 8.1
Codename: jessie
Turnkey LAMP Debian 8 Core 14.1 LAMP Stack - Web Stack (MySQL)
$ apache2 -v
Server version: Apache/2.4.10 (Debian)
Server built: Aug 1 2015 20:53:57

(13)Permission denied: access to /cgi-bin/test.cgi denied

I am trying out CGI-scripts for the first time but without success. I have read many tutorials and followed may threads in different forums but I can not make it work.
I am using a appache web server on a Fedora 10 machine.
I always have problem with
[Wed Oct 21 20:47:36 2009] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Wed Oct 21 20:47:36 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Oct 21 20:47:36 2009] [notice] Digest: generating secret for digest authentication ...
[Wed Oct 21 20:47:36 2009] [notice] Digest: done
[Wed Oct 21 20:47:36 2009] [notice] Apache/2.2.11 (Unix) DAV/2 PHP/5.2.9 mod_ssl/2.2.11 OpenSSL/0.9.8g configured -- resuming normal operations
I need help.
This is what my environment looks like.
uname -a
Linux localhost.localdomain 2.6.27.5-117.fc10.i686 #1 SMP Tue Nov 18 12:19:59 EST 2008 i686 i686 i386 GNU/Linux
ls -l /var/www/cgi-bin/
total 36
-rwxrwxrwx 1 root root 106 2009-10-21 18:29 index.html
-rwxr-xr-x 1 root root 11089 2009-02-24 20:11 squidGuard.cgi
-rwxr-xr-x 1 root root 5720 2009-02-24 20:11 squidGuard-simple.cgi
-rwxr-xr-x 1 root root 5945 2009-02-24 20:11 squidGuard-simple-de.cgi
-rwxrwxrwx 1 root root 110 2009-10-21 17:38 test.cgi
apachectl -v
Server version: Apache/2.2.11 (Unix)
Server built: Mar 6 2009 09:12:25
perl -version
This is perl, v5.10.0 built for i386-linux-thread-multi
Copyright 1987-2007, Larry Wall
My script
cat test.cgi
#!/usr/bin/perl
print "Content-Type: text/html\n\n";
print "Hello, world!\n";
The error message I gen when I try to access the web page server "http://192.168.50.29/cgi-bin/test.cgi" looks like this:
[Wed Oct 21 21:00:27 2009] [error] [client 192.168.50.69] (13)Permission denied: access to /cgi-bin/test.cgi denied
I have added the line:
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
to /etc/httpd/conf/httpd.conf
I just can not make it work.
Can anyone help me?

Check your os permissions for test.cgi and be sure the user or group you are using to run your apache it has read access.
EDIT - The problem is with permissions, but not with read permissions, as you are using SELinux, you need to worry about your file context. Check this thread at fedora forums, it explains quite a few options to solve your problem.

1.FIRST CHECK THE HTTPD.CONF FILE.Set the script directory as follows in the httpd.conf.
Here you'd need to make sure you find the right httpd.conf file.For example, in my Debian, the default httpd.conf is /etc/apache2/sites-avaialbe/default.
<Directory "dir_name">
Options All
AllowOverride All
Order allow,deny
Allow from all
<Directory>
OR you could just use the default /cgi-bin folder.
2.Set the execute permission for the test script.
chmod +x script_name

check your fstab if the mounted filesystem have permission to execute
UUID=xxx-xxx-xxx-xx-xx /mnt/mountpoint ext4 rw,user,exec 0 0
the exec part is important

SELinux prevented Apache from accessing the cgi script in my case.
A quick-n-dirty fix that worked for me was turning off SELinux:
vim /etc/sysconfig/selinux
set "SELINUX=disabled"
reboot