Update works fine, but I have now problems with Baikal, which works before the update flawless. When I want to log in via browser to the admin page, i get:
Access denied.
Environment:
Welcome to the Forum!
I’ve moved your post into its own topic, as it relates to AUR packages.
Could you please provide some system information; the output of
inxi -zv8
is usually enough to start with. Highlight the copied & pasted text from your Terminal and format it using the </> button at the top of the reply window.
A bit more detail about Baikal and what it does may be helpful to those able to help with the issue.
Note that AUR packages are regarded as “unsupported” both here and in Arch Linux.
You should also be using Unstable (or at least Testing) branch when using AUR packages as those branches are closer to Arch, which AUR packages are typically written for.
The latest update introduced a new? AppArmor profile for php-fpm which resulted in “Acces denied” for me as well.
You could turn it (temporarily) off and see if it works again.
this one is not in the AUR - not anymore at least
so: that might be part of the problem
That is just from looking at the provided and available info.
I actually have no idea about what baikal is or does … beyond the description
Baikal is a CalDAV / CardDAV Server, which I use to synchronize my Thunderbird calendar and address book with my cellphone.
`inxi -zv8
System:
Kernel: 6.12.11-1-MANJARO arch: x86_64 bits: 64 compiler: gcc v: 14.2.1
clocksource: tsc avail: acpi_pm parameters: BOOT_IMAGE=/vmlinuz-6.12-x86_64
root=UUID=20c46579-6f16-4ffb-b1b4-3dcb962fa1e4 rw rootflags=subvol=@
cryptkey=/dev/silber_stick:1044480:2048 quiet
cryptdevice=UUID=83644ee0-c75b-4164-abbd-40b2fbd785f6:luks-83644ee0-c75b-4164-abbd-40b2fbd785f6
root=/dev/mapper/luks-83644ee0-c75b-4164-abbd-40b2fbd785f6 splash
apparmor=1 security=apparmor udev.log_priority=3
Desktop: Xfce v: 4.20.0 tk: Gtk v: 3.24.43 wm: xfwm4 v: 4.20.0
with: xfce4-panel tools: light-locker vt: 7 dm: LightDM v: 1.32.0
Distro: Manjaro base: Arch Linux
Machine:
Type: Laptop System: ASUSTeK product: ZenBook UX325EA v: 1.0
serial: <superuser required>
Mobo: ASUSTeK model: UX325EA v: 1.0 serial: <superuser required>
part-nu: 1.0 UEFI: American Megatrends LLC. v: UX325EA.321 date: 02/27/2024
Battery:
ID-1: BAT0 charge: 31.0 Wh (76.9%) condition: 40.3/67.1 Wh (60.0%)
volts: 16.8 min: 15.9 model: ASUSTeK UX325 type: Li-ion serial: <filter>
status: charging cycles: 528
Memory:
System RAM: total: 16 GiB available: 15.32 GiB used: 2.76 GiB (18.0%)
Message: For most reliable report, use superuser + dmidecode.
Array-1: capacity: 16 GiB slots: 8 modules: 8 EC: None
max-module-size: 2 GiB note: est.
Device-1: Controller0-ChannelA type: LPDDR4 detail: synchronous
size: 2 GiB speed: 4267 MT/s volts: curr: 0.6 min: 0.6 max: 0.6
width (bits): data: 16 total: 16 manufacturer: Samsung
part-no: UBE3D4AA-MGCR serial: N/A
Device-2: Controller0-ChannelB type: LPDDR4 detail: synchronous
size: 2 GiB speed: 4267 MT/s volts: curr: 0.6 min: 0.6 max: 0.6
width (bits): data: 16 total: 16 manufacturer: Samsung
part-no: UBE3D4AA-MGCR serial: N/A
Device-3: Controller0-ChannelC type: LPDDR4 detail: synchronous
size: 2 GiB speed: 4267 MT/s volts: curr: 0.6 min: 0.6 max: 0.6
width (bits): data: 16 total: 16 manufacturer: Samsung
part-no: UBE3D4AA-MGCR serial: N/A
Device-4: Controller0-ChannelD type: LPDDR4 detail: synchronous
size: 2 GiB speed: 4267 MT/s volts: curr: 0.6 min: 0.6 max: 0.6
width (bits): data: 16 total: 16 manufacturer: Samsung
part-no: UBE3D4AA-MGCR serial: N/A
Device-5: Controller1-ChannelA type: LPDDR4 detail: synchronous
size: 2 GiB speed: 4267 MT/s volts: curr: 0.6 min: 0.6 max: 0.6
width (bits): data: 16 total: 16 manufacturer: Samsung
part-no: UBE3D4AA-MGCR serial: N/A
Device-6: Controller1-ChannelB type: LPDDR4 detail: synchronous
size: 2 GiB speed: 4267 MT/s volts: curr: 0.6 min: 0.6 max: 0.6
width (bits): data: 16 total: 16 manufacturer: Samsung
part-no: UBE3D4AA-MGCR serial: N/A
Device-7: Controller1-ChannelC type: LPDDR4 detail: synchronous
size: 2 GiB speed: 4267 MT/s volts: curr: 0.6 min: 0.6 max: 0.6
width (bits): data: 16 total: 16 manufacturer: Samsung
part-no: UBE3D4AA-MGCR serial: N/A
Device-8: Controller1-ChannelD type: LPDDR4 detail: synchronous
size: 2 GiB speed: 4267 MT/s volts: curr: 0.6 min: 0.6 max: 0.6
width (bits): data: 16 total: 16 manufacturer: Samsung
part-no: UBE3D4AA-MGCR serial: N/A
PCI Slots:
Permissions: Unable to run dmidecode. Root privileges required.
CPU:
Info: model: 11th Gen Intel Core i5-1135G7 bits: 64 type: MT MCP
arch: Tiger Lake gen: core 11 level: v4 note: check built: 2020
process: Intel 10nm family: 6 model-id: 0x8C (140) stepping: 1
microcode: 0xB8
Topology: cpus: 1x dies: 1 clusters: 4 cores: 4 threads: 8 tpc: 2
smt: enabled cache: L1: 320 KiB desc: d-4x48 KiB; i-4x32 KiB L2: 5 MiB
desc: 4x1.2 MiB L3: 8 MiB desc: 1x8 MiB
Speed (MHz): avg: 400 min/max: 400/4200 scaling: driver: intel_pstate
governor: powersave cores: 1: 400 2: 400 3: 400 4: 400 5: 400 6: 400 7: 400
8: 400 bogomips: 38720
Flags: 3dnowprefetch abm acpi adx aes aperfmperf apic arat
arch_capabilities arch_perfmon art avx avx2 avx512_bitalg avx512_vbmi2
avx512_vnni avx512_vp2intersect avx512_vpopcntdq avx512bw avx512cd
avx512dq avx512f avx512ifma avx512vbmi avx512vl bmi1 bmi2 bts cat_l2
cdp_l2 clflush clflushopt clwb cmov constant_tsc cpuid cpuid_fault cx16
cx8 de ds_cpl dtes64 dtherm dts epb ept ept_ad erms est f16c flexpriority
flush_l1d fma fpu fsgsbase fsrm fxsr gfni ht hwp hwp_act_window hwp_epp
hwp_notify hwp_pkg_req ibpb ibrs ibrs_enhanced ibt ida intel_pt invpcid
lahf_lm lm mca mce md_clear mmx monitor movbe movdir64b movdiri msr mtrr
nonstop_tsc nopl nx ospke pae pat pbe pcid pclmulqdq pdcm pdpe1gb pebs
pge pku pln pni popcnt pse pse36 pts rdpid rdrand rdseed rdt_a rdtscp
rep_good sdbg sep sha_ni smap smep split_lock_detect ss ssbd sse sse2
sse4_1 sse4_2 ssse3 stibp syscall tm tm2 tpr_shadow tsc tsc_adjust
tsc_deadline_timer tsc_known_freq umip user_shstk vaes vme vmx vnmi
vpclmulqdq vpid x2apic xgetbv1 xsave xsavec xsaveopt xsaves xtopology
xtpr
Vulnerabilities:
Type: gather_data_sampling mitigation: Microcode
Type: itlb_multihit status: Not affected
Type: l1tf status: Not affected
Type: mds status: Not affected
Type: meltdown status: Not affected
Type: mmio_stale_data status: Not affected
Type: reg_file_data_sampling status: Not affected
Type: retbleed status: Not affected
Type: spec_rstack_overflow status: Not affected
Type: spec_store_bypass mitigation: Speculative Store Bypass disabled via
prctl
Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer
sanitization
Type: spectre_v2 mitigation: Enhanced / Automatic IBRS; IBPB:
conditional; RSB filling; PBRSB-eIBRS: SW sequence; BHI: SW loop, KVM: SW
loop
Type: srbds status: Not affected
Type: tsx_async_abort status: Not affected
Graphics:
Device-1: Intel TigerLake-LP GT2 [Iris Xe Graphics] vendor: ASUSTeK
driver: i915 v: kernel alternate: xe arch: Xe process: Intel 10nm
built: 2020-21 ports: active: eDP-1 empty: DP-1, DP-2, DP-3, DP-4,
HDMI-A-1, HDMI-A-2, HDMI-A-3, HDMI-A-4, HDMI-A-5 bus-ID: 0000:00:02.0
chip-ID: 8086:9a49 class-ID: 0300
Device-2: IMC Networks USB2.0 HD UVC WebCam driver: uvcvideo type: USB
rev: 2.0 speed: 480 Mb/s lanes: 1 mode: 2.0 bus-ID: 3-6:2 chip-ID: 13d3:56eb
class-ID: fe01 serial: <filter>
Display: x11 server: X.org v: 1.21.1.15 compositor: xfwm4 v: 4.20.0
driver: X: loaded: modesetting alternate: fbdev,vesa dri: iris gpu: i915
display-ID: :0.0 note: <missing: xdpyinfo/xrandr>
Monitor-1: eDP-1 model: Samsung 0x4158 built: 2020 res: 1920x1080 dpi: 166
gamma: 1.2 chroma: red: x: 0.682 y: 0.322 green: x: 0.235 y: 0.725 blue:
x: 0.137 y: 0.047 white: x: 0.314 y: 0.329 size: 294x165mm (11.57x6.5")
diag: 337mm (13.3") ratio: 16:9 modes: 1920x1080
API: EGL v: 1.5 hw: drv: intel iris platforms: device: 0 drv: iris
device: 1 drv: swrast gbm: drv: iris surfaceless: drv: iris x11: drv: iris
inactive: wayland
API: OpenGL v: 4.6 compat-v: 4.5 vendor: intel mesa v: 24.3.4-arch1.1
glx-v: 1.4 direct-render: yes renderer: Mesa Intel Iris Xe Graphics (TGL
GT2) device-ID: 8086:9a49 memory: 7.48 GiB unified: yes
Info: Tools: api: eglinfo,glxinfo de: xfce4-display-settings x11: xprop
Audio:
Device-1: Intel Tiger Lake-LP Smart Sound Audio vendor: ASUSTeK
driver: sof-audio-pci-intel-tgl alternate: snd_hda_intel, snd_soc_avs,
snd_sof_pci_intel_tgl bus-ID: 0000:00:1f.3 chip-ID: 8086:a0c8
class-ID: 0401
API: ALSA v: k6.12.11-1-MANJARO status: kernel-api with: aoss
type: oss-emulator tools: alsactl,alsamixer,amixer
Server-1: JACK v: 1.9.22 status: off tools: N/A
Server-2: PipeWire v: 1.2.7 status: off tools: pw-cli
Server-3: PulseAudio v: 17.0-43-g3e2bb status: active
with: pulseaudio-alsa type: plugin tools: pacat,pactl,pavucontrol
Network:
Device-1: Intel Wi-Fi 6 AX201 driver: iwlwifi v: kernel bus-ID: 0000:00:14.3
chip-ID: 8086:a0f0 class-ID: 0280
IF: wlo1 state: up mac: <filter>
IP v4: <filter> type: dynamic noprefixroute scope: global
broadcast: <filter>
IP v6: <filter> type: dynamic noprefixroute scope: global
IP v6: <filter> type: noprefixroute scope: link
IF-ID-1: outline-tun0 state: down mac: N/A
IP v4: <filter> scope: global
Info: services: NetworkManager, nginx, wpa_supplicant
WAN IP: <filter>
Bluetooth:
Device-1: Intel AX201 Bluetooth driver: btusb v: 0.8 type: USB rev: 2.0
speed: 12 Mb/s lanes: 1 mode: 1.1 bus-ID: 3-10:3 chip-ID: 8087:0026
class-ID: e001
Report: rfkill ID: hci0 rfk-id: 1 state: up address: see --recommends
Logical:
Message: No logical block device data found.
Device-1: luks-83644ee0-c75b-4164-abbd-40b2fbd785f6 maj-min: 254:0
type: LUKS dm: dm-0 size: 475.66 GiB
Components:
p-1: nvme0n1p3 maj-min: 259:3 size: 475.67 GiB
RAID:
Hardware-1: Intel Volume Management Device NVMe RAID Controller driver: vmd
v: 0.6 port: N/A bus-ID: 0000:00:0e.0 chip-ID: 8086:9a0b rev: class-ID: 0104
Drives:
Local Storage: total: 534.69 GiB used: 250.22 GiB (46.8%)
SMART Message: Required tool smartctl not installed. Check --recommends
ID-1: /dev/nvme0n1 maj-min: 259:0 vendor: Intel model: SSDPEKNW512G8
size: 476.94 GiB block-size: physical: 512 B logical: 512 B speed: 31.6 Gb/s
lanes: 4 tech: SSD serial: <filter> fw-rev: 004C temp: 28.9 C scheme: GPT
ID-2: /dev/sda maj-min: 8:0 vendor: Kingston model: DataTraveler 3.0
size: 57.75 GiB block-size: physical: 512 B logical: 512 B type: USB
rev: 3.2 spd: 5 Gb/s lanes: 1 mode: 3.2 gen-1x1 tech: N/A serial: <filter>
fw-rev: PMAP scheme: GPT
Message: No optical or floppy data found.
Partition:
ID-1: / raw-size: 475.66 GiB size: 475.66 GiB (100.00%)
used: 249.48 GiB (52.4%) fs: btrfs dev: /dev/dm-0 maj-min: 254:0
mapped: luks-83644ee0-c75b-4164-abbd-40b2fbd785f6 label: N/A
uuid: 20c46579-6f16-4ffb-b1b4-3dcb962fa1e4
ID-2: /boot raw-size: 1000 MiB size: 1000 MiB (100.00%)
used: 754.7 MiB (75.5%) fs: btrfs dev: /dev/nvme0n1p2 maj-min: 259:2
label: N/A uuid: d25cddc6-0c16-4496-af7f-e76a43fc2123
ID-3: /boot/efi raw-size: 300 MiB size: 299.4 MiB (99.80%)
used: 584 KiB (0.2%) fs: vfat dev: /dev/nvme0n1p1 maj-min: 259:1 label: N/A
uuid: 93B4-5313
ID-4: /home raw-size: 475.66 GiB size: 475.66 GiB (100.00%)
used: 249.48 GiB (52.4%) fs: btrfs dev: /dev/dm-0 maj-min: 254:0
mapped: luks-83644ee0-c75b-4164-abbd-40b2fbd785f6 label: N/A
uuid: 20c46579-6f16-4ffb-b1b4-3dcb962fa1e4
ID-5: /swap raw-size: 475.66 GiB size: 475.66 GiB (100.00%)
used: 249.48 GiB (52.4%) fs: btrfs dev: /dev/dm-0 maj-min: 254:0
mapped: luks-83644ee0-c75b-4164-abbd-40b2fbd785f6 label: N/A
uuid: 20c46579-6f16-4ffb-b1b4-3dcb962fa1e4
ID-6: /var/cache raw-size: 475.66 GiB size: 475.66 GiB (100.00%)
used: 249.48 GiB (52.4%) fs: btrfs dev: /dev/dm-0 maj-min: 254:0
mapped: luks-83644ee0-c75b-4164-abbd-40b2fbd785f6 label: N/A
uuid: 20c46579-6f16-4ffb-b1b4-3dcb962fa1e4
ID-7: /var/log raw-size: 475.66 GiB size: 475.66 GiB (100.00%)
used: 249.48 GiB (52.4%) fs: btrfs dev: /dev/dm-0 maj-min: 254:0
mapped: luks-83644ee0-c75b-4164-abbd-40b2fbd785f6 label: N/A
uuid: 20c46579-6f16-4ffb-b1b4-3dcb962fa1e4
Swap:
Kernel: swappiness: 60 (default) cache-pressure: 100 (default) zswap: no
ID-1: swap-1 type: file size: 512 MiB used: 0 KiB (0.0%) priority: -2
file: /swap/swapfile
Unmounted:
ID-1: /dev/sda1 maj-min: 8:1 size: 56.72 GiB fs: exfat label: Ventoy
uuid: 7379-C5B0
ID-2: /dev/sda2 maj-min: 8:2 size: 32 MiB fs: vfat label: VTOYEFI
uuid: 3F32-27F5
ID-3: /dev/sda3 maj-min: 8:3 size: 1023 MiB fs: exfat label: LiveDaten
uuid: 8CFF-2262
USB:
Hub-1: 1-0:1 info: hi-speed hub with single TT ports: 1 rev: 2.0
speed: 480 Mb/s (57.2 MiB/s) lanes: 1 mode: 2.0 chip-ID: 1d6b:0002
class-ID: 0900
Hub-2: 2-0:1 info: super-speed hub ports: 4 rev: 3.1
speed: 10 Gb/s (1.16 GiB/s) lanes: 1 mode: 3.2 gen-2x1 chip-ID: 1d6b:0003
class-ID: 0900
Hub-3: 3-0:1 info: hi-speed hub with single TT ports: 12 rev: 2.0
speed: 480 Mb/s (57.2 MiB/s) lanes: 1 mode: 2.0 chip-ID: 1d6b:0002
class-ID: 0900
Device-1: 3-6:2 info: IMC Networks USB2.0 HD UVC WebCam type: video
driver: uvcvideo interfaces: 5 rev: 2.0 speed: 480 Mb/s (57.2 MiB/s)
lanes: 1 mode: 2.0 power: 500mA chip-ID: 13d3:56eb class-ID: fe01
serial: <filter>
Device-2: 3-10:3 info: Intel AX201 Bluetooth type: bluetooth driver: btusb
interfaces: 2 rev: 2.0 speed: 12 Mb/s (1.4 MiB/s) lanes: 1 mode: 1.1
power: 100mA chip-ID: 8087:0026 class-ID: e001
Hub-4: 4-0:1 info: super-speed hub ports: 4 rev: 3.1
speed: 10 Gb/s (1.16 GiB/s) lanes: 1 mode: 3.2 gen-2x1 chip-ID: 1d6b:0003
class-ID: 0900
Device-1: 4-1:2 info: Kingston DataTraveler 100 G3/G4/SE9 G2/50 Kyson
type: mass storage driver: usb-storage interfaces: 1 rev: 3.2
speed: 5 Gb/s (596.0 MiB/s) lanes: 1 mode: 3.2 gen-1x1 power: 504mA
chip-ID: 0951:1666 class-ID: 0806 serial: <filter>
Sensors:
System Temperatures: cpu: 39.0 C mobo: N/A
Fan Speeds (rpm): N/A
Repos:
Packages: 1895 pm: dpkg pkgs: 0 pm: pacman pkgs: 1845 libs: 400
tools: pamac,yay pm: flatpak pkgs: 30 pm: snap pkgs: 20
Active pacman repo servers in: /etc/pacman.d/mirrorlist
1: https://ftp.gwdg.de/pub/linux/manjaro/stable/$repo/$arch
2: http://ftp.rz.tu-bs.de/pub/mirror/manjaro.org/repos/stable/$repo/$arch
3: https://mirror.alpix.eu/manjaro/stable/$repo/$arch
4: https://manjaro.kurdy.org/stable/$repo/$arch
Processes:
CPU top: 5 of 325
1: cpu: 9.7% command: firefox pid: 2883 mem: 477.2 MiB (3.0%)
2: cpu: 6.0% command: firefox pid: 2998 mem: 52.4 MiB (0.3%)
3: cpu: 2.3% command: Xorg pid: 1949 mem: 86.6 MiB (0.5%)
4: cpu: 1.7% command: firefox pid: 8082 mem: 265.4 MiB (1.6%)
5: cpu: 1.1% command: firefox pid: 3161 mem: 61.8 MiB (0.3%)
Memory top: 5 of 325
1: mem: 477.2 MiB (3.0%) command: firefox pid: 2883 cpu: 9.7%
2: mem: 265.4 MiB (1.6%) command: firefox pid: 8082 cpu: 1.7%
3: mem: 225.4 MiB (1.4%) command: firefox pid: 3063 cpu: 0.2%
4: mem: 179.0 MiB (1.1%) command: firefox pid: 5822 cpu: 0.1%
5: mem: 166.7 MiB (1.0%) command: firefox pid: 6772 cpu: 0.1%
Info:
Processes: 325 Power: uptime: 48m states: freeze,mem,disk suspend: s2idle
avail: deep wakeups: 0 hibernate: platform avail: shutdown, reboot,
suspend, test_resume image: 6.11 GiB services: upowerd,xfce4-power-manager
Init: systemd v: 257 default: graphical tool: systemctl
Compilers: clang: 19.1.7 gcc: 14.2.1 Shell: Bash v: 5.2.37
running-in: xfce4-terminal inxi: 3.3.37
`
I have adapted/changed your formatting of the inxi output - use “preformatted text” → this symbol: </>
when posting terminal output
It will then look like what you saw - and be much more readable.
Thanks! Yes, deactivating Apparmor does the trick. Did it with
$ sudo systemctl stop apparmor
$ sudo systemctl disable apparmor
Restart computer
Do you know how to configure Apparmor for Baikal? For safety reasons I want to use Apparmor.
I wasn’t asked - and I don’t “know” how to configure it.
… I have disabled it for my system - but that is my choice …
This might help you:
Thanks, when I figured out I will post it.
php-legacy
is compiled with (according to the PKGBUILD):
--with-fpm-user=http
--with-fpm-group=http
perhaps that helps with configuring Apparmor …
There is literally nothing else I could potentially add.
Depending on your threat model, you shouldn’t disable AppArmor permanently. Instead just disable the AppArmor profile for php-fpm as long as your NGINX is not publicly available on the internet.
ln -s /etc/apparmor.d/php-fpm /etc/apparmor.d/disable/
Or try to adjust the profile to your environment so it doesn’t create “Access denied”.
Btw this not specific for Baikal, but for all PHP scripts.
You are a genius 
Your soft link worked. I wonder about this because I use the php-legacy-fpm package.
And Baikal it self should be also blocked. I don’t know much about AppArmor but I do know that things are generally blocked and have to be de-blocked actively to get it working. Never the less the solution is good enough, since I use Nginx only over my lokal WLAN no internet access.
Thanks a lot!
Thanks, for helping me to get a better Forum user.
My posts where aimed at furthering knowledge - yours and ours.
Not to be for you being “a good user” … “a good boy” …
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.