1100550381 T * * http://linux-vserver.org/ | latest stable 1.29, devel 1.3.9, 1.9.3
1100550381 T * Bertl -
1100550416 M * Bertl please be kind to Pinky ... he is very young ...
1100550457 M * Bertl you can find the 'raw' logs at http://irc.13thfloor.at/LOG/
1100550462 A * mugwump picks up Pinky and bounces him on his knee
1100550567 M * Bertl mugwump: you will probably be around a few hours, right?
1100550593 M * mugwump bertl: yep
1100550626 F * ChanServ +o mugwump
1100550648 A * mugwump surges with warmth
1100550671 M * Bertl please take care of Pinky when he does something naughty ...
1100550692 M * eyck hm, who's pinky?
1100550694 M * mugwump er, sure :)
1100550701 M * eyck where's brain?
1100550741 M * Bertl The Brain isn't finished yet ...
1100550856 M * Bertl okay, I guess I'm off for today, have to get up early tomorrow ...
1100550867 M * mugwump ok, seeya bertl 
1100550874 M * Bertl have fun, cya all tomorrow ...
1100550902 N * Bertl Bertl_zZ
1100550958 M * cetex http://cetex.ath.cx/~uplink/vserver2 :)
1100550963 M * cetex chcontext-compat --version
1100551013 M * mugwump were you having build issues cetex ?
1100551024 M * cetex no. chcontext issues.
1100551025 M * cetex :)
1100551053 M * cetex http://cetex.ath.cx/~uplink/vserver is the errors i got a while ago (havent done anything since then)
1100551257 M * mugwump does `/usr/lib/util-vserver/chcontext-compat --secure /bin/bash' work?
1100551384 M * cetex it does.
1100551422 M * mugwump but if you copy and paste that whole last line, does that work?
1100551425 M * mugwump ie
1100551426 M * mugwump /usr/sbin/chbind --ip 10.0.0.2 --bcast 10.0.0.255 /usr/lib/util-vserver/chcontext-compat --flag nproc --secure --ctx 5 /usr/lib/util-vserver/capchroot --suid root . /bin/bash -login
1100551504 M * cetex though.
1100551504 M * cetex hm
1100551512 M * cetex something seems to have happened, could work now..
1100551559 M * cetex although i have no idea what :<
1100551585 M * mugwump Maybe there was a "locked" (ie, not enter-able) context running?
1100551609 M * cetex hm, all contexts became locked..
1100551614 M * cetex no matter what i did..
1100551674 M * cetex and it was like that in one gentoo and two debian installs..
1100551689 M * cetex root@cetex ~ # vserver tengoku enter
1100551689 M * cetex WARNING: can not find configuration, assuming legacy method
1100551689 M * cetex ipv4root is now 10.0.0.2
1100551689 M * cetex chcontext: vc_new_s_context(): Operation not permitted
1100551690 M * cetex :>
1100551696 M * cetex doesnt go away ;)
1100551704 M * cetex *wont
1100551715 M * mugwump if you enter context 1, you can kill off all the processes in that context
1100551726 M * cetex hm, ok.
1100551806 M * mugwump you can kill the context with something like: vps ax | awk '/tengoku/ {print $1}' | xargs kill
1100551956 M * cetex hm..
1100552023 M * cetex how should i enter the context?
1100552068 M * mugwump /usr/lib/util-vserver/chcontext-compat --ctx 1 /bin/bash
1100552076 M * mugwump then, you can see *all* processes and send them signals
1100552078 M * cetex didnt work
1100552108 M * cetex though, if i dont enter the context it works :>
1100552144 M * mugwump strange, does `grep s_context /proc/self/status' do anything?
1100552158 M * cetex s_context: 0
1100552185 M * mugwump :-/
1100552223 M * mugwump alright, so you've managed to kill off that vserver then?
1100552230 M * cetex yes.
1100552264 M * mugwump you're on 0.30.196?
1100552300 M * cetex vps ax though seems to enter another context itself so it might be that it fixes everything
1100552316 M * mugwump yes, vps will enter context 1
1100552320 M * cetex ok.
1100552333 M * cetex and i can kill the process id's that shows upp from context 0
1100552367 M * mugwump you shouldn't be able to see context processes when you are still in context 0, unless you use a tool that switches like vps or vtop
1100552384 M * cetex ok.
1100552398 M * cetex but i can kill from context 0 anyhow, it seems..
1100552407 M * cetex as long i have the pid..
1100552456 M * mugwump You should get ESRCH (No such process)
1100552464 M * cetex hehe, i dont ;)
1100552486 M * mugwump what's your uname -r ?
1100552494 M * cetex 2.6.9-vs1.9.3
1100552543 M * mugwump so, you can't see the processes with a normal `ps ax' from context 0...
1100552551 M * mugwump but you can kill them if you have the pid
1100552575 M * cetex yes
1100552698 M * mugwump can you run this verbatim and post the output somewhere? :
1100552707 M * mugwump uname -a
1100552709 M * mugwump grep context /proc/self/status
1100552712 M * mugwump ps=`vps ax | awk '/[t]engoku/ { print $1 }' | head -1`
1100552715 M * mugwump echo $ps
1100552717 M * mugwump kill $ps
1100552721 M * mugwump ls -ld /proc/$pd
1100552733 M * mugwump doh that last line should be:
1100552739 M * mugwump ls -ld /proc/$ps
1100552752 M * mugwump grep s_context /proc/$ps/status
1100552780 M * mugwump Assuming that tengoku is still the problematic context
1100552812 M * Doener mugwump: private is non-enterable, locked is "can't switch context from this context", but that isn't possible anyways so 'locked' has no real meaning atm ;)
1100552838 M * mugwump yes, I meant private, thanks doener 
1100552885 M * Doener but that's not the issue here AFAICT... funny thing is that it works when vserver debugging is enabled
1100552908 M * cetex though, we only tried with debugging once..
1100552984 M * Doener IIRC you switched kernels at least three times. Yours -> yours+debug -> bertl's -> yours+debug
1100553004 M * cetex mh.
1100553006 M * cetex hm..
1100553066 M * Doener mugwump: regarding context 0, you can send signals from all processes when you're in context 0, although you can't see them. Some kind of usability trade-off, since you can't do administrative work from context 1
1100553095 M * cetex ok. so you're supposed to be able to kill them ;)
1100553111 M * cetex and suddenly
1100553118 M * cetex root@cetex /etc/vservers # vserver tengoku enter
1100553118 M * cetex ipv4root is now 10.0.0.2
1100553118 M * cetex New security context is 49157
1100553118 M * cetex tengoku:/# 
1100553120 M * cetex :<
1100553124 M * cetex i hate this..
1100553290 J * Loki|muh loki@satanix.de
1100553292 M * mugwump doener: I didn't realise that.  I actually checked before I asked, too:
1100553293 M * mugwump clunker:/home/samv# vps ax
1100553297 M * mugwump [...]
1100553298 M * Loki|muh hi
1100553307 M * mugwump 22319 49168 squid         ?        Ss     0:00 /sbin/syslogd
1100553313 M * mugwump [...]
1100553318 M * mugwump clunker:/home/samv# kill 22319
1100553318 M * mugwump bash: kill: (22319) - No such process
1100553363 M * cetex could it be that there was some junk configs somewhere that added the "non-enterable-context" option? (whatever that was?)
1100553376 M * mugwump oh, silly me, I was still in context 1 when I tried that
1100553376 M * Doener maybe that was changed once again...
1100553431 M * cetex well then
1100553436 M * cetex yey to me!
1100553438 M * cetex :>
1100553446 M * cetex i can finaly kill my old server. :>
1100553460 M * mugwump cetex: would be in /etc/vservers/foo/flags or /etc/vservers/.defaults/flags
1100553480 M * cetex ok.
1100553530 M * cetex hm.. not quite sure, but i cleaned up the system completely a moment ago..
1100553535 M * cetex removed all vserver stuff..
1100553541 M * cetex and then reinstalled
1100553599 M * cetex could be that there was some junk that debians utilities left somewhere and that that was the evilness. :>
1100553612 M * cetex evil debian dudes.. :>
1100553623 M * mugwump anything's possible, but I doubt it.  So long as you cleared out /etc/vservers.
1100553644 M * cetex i uninstalled everything that i had installed
1100553655 M * cetex and then i did find / | grep vserver :>
1100553663 M * cetex and then rm -rf `find / | grep vserver` :)
1100553794 M * cetex though, i had my kernel source dir and my vserver source dir tar'ed..
1100553837 M * mugwump well, re-doing them from dists might be waving a dead chicken over it, but for lack of any other options ...
1100553864 M * cetex well.. it seems to have worked..
1100553865 M * cetex :>
1100554021 M * mugwump http://dictionary.reference.com/search?q=wave+a+dead+chicken
1100554124 M * cetex ah ;)
1100554127 M * cetex thanks :)
1100554229 M * Loki|muh is it possible to create a openvpn inside a vserver? what actions are required for this? only extended permissions on /dev/net/tun for this vserver? 
1100554316 M * mugwump loki|muh, you might need CAP_NET_ADMIN and/or CAP_NET_RAW
1100554370 M * Loki|muh but it should be possible? 
1100554410 M * mugwump sure, it will just be a matter of which superuser privileges you need to give it
1100554435 M * mugwump and/or selectively opening up /proc
1100554496 M * mugwump the context won't be as secure as one with those caps removed, but it will be more than running the vpn software on the bare OS
1100554585 M * Loki|muh thx, thats great :)
1100554602 M * Loki|muh will test it next weekend
1100555690 P * jsambrook 
1100556188 M * cetex how did i set which context a server should be executed in?
1100556280 M * mugwump It's on the flower page, fourth item.
1100556332 M * cetex ok. :)
1100556404 J * jsambrook jsambrook@aelfric.plus.com
1100556447 M * cetex though, i've not got it in my bookmarks. where can i find it?
1100556477 Q * ensc Ping timeout: 480 seconds
1100556517 J * ensc ircensc@ultra.csn.tu-chemnitz.de
1100556688 M * mugwump http://www-user.tu-chemnitz.de/~ensc/util-vserver/doc/conf/configuration.html
1100556697 M * mugwump it's linked from the wiki
1100556720 M * cetex oh, ok..
1100556803 M * cetex omfg... :>
1100557122 M * cetex hm
1100557569 M * mugwump you might want to select an alternate stylesheet
1100557573 M * mugwump I recommend gras1
1100557602 M * cetex ;)
1100557608 M * cetex it's ok ;)
1100557612 M * cetex i think
1100557613 M * cetex :>
1100557622 M * cetex though.. now i need to add a default route inside the vserver..
1100557639 M * mugwump hmm, routing isn't virtualised.
1100557708 M * cetex ok. so i cant have a local subinterface (like 10.0.0.2) on the real interface (10.0.0.1) and use 10.0.0.1 as default gateway to get out on the net that is on another real interface on the same machine?
1100557781 M * cetex hm.
1100557856 M * cetex i've got two real interfaces, one to the external net and one to my local lan, i've setup my vserver interface on my lan interface.. how should i do to get contact with the outside world? :)
1100557883 M * mugwump nat
1100557897 M * mugwump I like to use fwbuilder personally
1100557917 M * mugwump but if you don't want to go to the lengths of a fine grained firewall, you can NAT with a single iptables command
1100557924 M * cetex i do
1100557950 M * cetex but hm
1100557961 M * cetex should i bind my vserver to the external interface instead?
1100557972 M * mugwump I normally bind them to a nonexistant interface :)
1100557977 M * mugwump ie dummy0
1100557980 M * cetex hm, ok..
1100557999 M * mugwump it just depends.  if you've got lots of external IPs then it might avoid the step of NAT, etc
1100558021 M * cetex i know
1100558026 M * cetex but how do i make it nat the connection?
1100558048 M * cetex how do my vserver know that it should go through my real server to use the network?
1100558441 M * cetex i mean
1100558446 M * cetex since the connection origins locally
1100558472 M * cetex or, hm
1100558487 M * cetex have you got another subnet for your vserver?
1100558638 Q * jsambrook Ping timeout: 480 seconds
1100558856 M * mugwump yes, it's not a good idea to re-use subnets on different interfaces.
1100558892 M * cetex ok. :)
1100558900 M * mugwump if you use SNAT, then when it leaves the server the return address is translated to the correct interface address
1100558904 M * cetex could be why my vserver cant contact anything :)
1100558929 M * mugwump iptables -t nat -A POSTROUTING -o eth0 -s 192.168.255.0/24 -j SNAT --to-source 210.54.92.184   # what I use
1100558929 M * cetex i'm using masquerade though. shouldnt do that much of a difference?
1100558946 M * mugwump masquerade is what Linux called what everyone else called NAT
1100558974 M * cetex hm, so snat and masq isnt the same?
1100559003 M * mugwump masq was what it used to be called.  it's the same thing
1100559024 M * cetex ok.
1100559542 M * cetex ok. i needed snat then
1100559543 M * cetex :)
1100559599 M * cetex since masquerade dont seem to translate the source ip if it is from the local host..
1100559775 M * mugwump oh, that might be a kernel config option
1100559790 M * mugwump CONFIG_IP_NF_NAT_LOCAL
1100559840 M * cetex i did
1100559847 M * cetex but it doesnt do that anyways.. :)
1100559892 M * cetex so either it's just horribly broken, or it wont work that way. :>
1100559998 M * cetex and broken dont seem to be an option ;)
1100560034 M * mugwump cetex, do you use debian?
1100560040 M * cetex yes :)
1100560060 M * cetex although, i compiled the kernel myself..
1100560087 M * mugwump well, apt-get -t testing install fwbuilder and then get ...
1100560126 M * mugwump http://utsl.gen.nz/clunker.fwb
1100560159 M * mugwump you'll need at least version 2.0.3 of fwbuilder to see that file
1100560162 M * cetex ok.
1100560920 M * cetex hm, that just horrible :>
1100560939 M * cetex you almost made me install X and stuff on my vserver ;)
1100561546 M * mugwump sorry, I meant on your workstation.  fwbuilder outputs shell scripts.
1100561552 Q * Shuri Read error: Connection reset by peer
1100561581 M * cetex ;)
1100561626 M * Doener CONFIG_IP_NF_NAT_LOCAL only does destination nat IIRC
1100561635 M * cetex ok. :)
1100561671 J * fredy fredy@ns1.assonetworx.com
1100561911 Q * fredy Quit: 
1100561980 M * Doener masq is for dynamically assigned addresses (think dial-up), this should be used, when your box acts as a router for other boxes, since the 'correct' source address for local connections is chosen in kernel routing
1100562006 M * cetex mh.. it is a router too
1100562026 M * cetex but its ok, it's a static ip so it wont matter..
1100562034 M * Doener if you look at 'ip r' output, you see that (some) routes have a source address specified, and that is used for local connections
1100562095 M * Doener and masq makes all packets going out that way using that source address, instead of only local connections
1100562108 M * Doener and of course it also translates addresses back ;)
1100562114 M * cetex mh, i know :)
1100562123 M * cetex i've been running masq for quite some time now :)
1100562139 M * cetex though i didnt know if there was any difference between masq and snart :)
1100562141 M * cetex *snat
1100562158 M * Doener snat does static address rewriting
1100562169 M * Doener for local connections as well
1100562264 M * Doener snat for local connections does AFAIK pretty much the same stuff that you can do with rule based routing
1100562280 M * cetex ok. :)
1100562325 M * Doener except for the re-translation i guess, but i never really care too much about it, since i don't need it
1100562347 M * cetex :)
1100562393 M * cetex nice nice.. really soon i will have my old p2 450 shutdown ;)