1102638918 Q * ndim Read error: Connection reset by peer 1102640566 J * sannes ~ace@home.skarby.no 1102641006 M * Bertl okay folks! was a long day for me ... so I'm off to bed now ... 1102641006 Q * sannes Read error: Connection reset by peer 1102641027 M * Bertl good night everyone! 1102641038 N * Bertl Bertl_zZ 1102648018 J * sannes ~ace@home.skarby.no 1102654182 J * _no_x ~vps@c150143.adsl.hansenet.de 1102654284 Q * no_x Ping timeout: 480 seconds 1102654292 N * _no_x no_x 1102663434 J * JonB ~NoSuchUse@kg144.kollegiegaarden.dk 1102665002 Q * JonB Ping timeout: 480 seconds 1102666336 J * Mega\work ~Megabart2@host111-101.pool80182.interbusiness.it 1102666347 M * Mega\work goodmorning 1102667722 J * Bertl_zZ_ ~herbert@janus.mc.tuwien.ac.at 1102667842 Q * Bertl_zZ Ping timeout: 480 seconds 1102670508 Q * sannes Read error: Connection reset by peer 1102670878 J * mboman ~michael@cm168.sigma231.maxonline.com.sg 1102671107 J * rs rs@ice.aspic.com 1102671113 M * rs hi 1102671133 J * cc ~codecrusa@195.246.161.1 1102671138 M * cc hi 1102671158 A * cc got some trouble with the fakeinit flag 1102671170 M * cc i am runnig 4 vservers on my server 1102671221 M * cc i?ve enabled fakeinit for one of them, it works great, but when i want to enable the feature for the second server i can?t start it? 1102672731 M * TheSeer what character do you use for the ' ? *g* 1102674412 P * cc 1102675301 Q * anonymous-coward Ping timeout: 480 seconds 1102675580 M * Mega\work what is fakeinit? 1102675630 J * Johan ~johan@fia204-8-100.dsl.mxposure.nl 1102675632 M * Johan Hi all 1102675651 M * Johan Can I have a 2nd IP address in my vserver? (a 2nd alias) 1102676988 N * Bertl_zZ_ Bertl 1102677000 M * Bertl morning folks! 1102677031 M * Bertl Johan: sure you can ... 1102677065 M * Johan morning Bertl 1102677094 M * Johan Bertl: well that sounds great! Can you give me a hint how I can do that or where I might find docs that can help me ? 1102677116 M * Bertl Mega\work: http://linux-vserver.org/Linux-VServer-Paper-05 1102677139 M * Bertl Johan: 2.4/1.29 or 2.6/1.9 ? 1102677146 M * Johan Bertl: 2.4 1102677175 M * Bertl most likely you are using util-vserver-0.30 or similar then, with the legacy config, right? 1102677190 M * Johan 100% correct 1102677299 M * Bertl good, your config contains some lines with IPROOT* ... 1102677304 M * Mega\work morning Bertl! 1102677329 M * Johan Bertl: yeah, IPROOT=x.x.x.x 1102677357 M * Bertl yeah, and probably also IPROOTDEV= ... 1102677364 M * Johan yup 1102677377 M * Bertl so do you want the second ip on the same device? 1102677381 M * Johan Yeah 1102677404 M * Bertl then just make that IPROOT="x.x.x.x y.y.y.y" 1102677416 M * Johan damn, that's all? Lets try ;) 1102677420 M * Bertl (after you stopped the vserver) 1102677478 J * sannes ~ace@home.skarby.no 1102677524 M * Johan Bertl: thanx! 1102677593 M * Bertl you're welcome! 1102680807 Q * Johan Quit: Leaving 1102682714 Q * ensc Ping timeout: 480 seconds 1102683694 Q * lilo Ping timeout: 480 seconds 1102684418 J * lilo ~lilo@lilo.usercloak.oftc.net 1102684433 M * Bertl wb lilo! 1102685230 M * Bertl okay, nap attack, back later ... 1102685248 N * Bertl Bertl_zZ 1102688722 M * Loki|muh very interesting talks tonight in here as I see :) 1102688843 M * Loki|muh would be interesting if the guy testing openvpn succeeded... 1102688881 M * Doener Loki|muh: you mean meebey? 1102688973 M * Loki|muh his nick was tanjix 1102689019 M * Doener ah, meebey was using openswan... 1102689077 M * meebey openswan with super-döner-patch 1102689081 M * meebey succeeds 1102689093 M * meebey Doener: I am it now on 2.4.28 with vs1.29 1102689125 M * Doener yeah, read it 1102689232 M * meebey Doener: I packaged it with the patch 1102689251 M * meebey Doener: (debian package) 1102691145 M * Loki|muh what is meant with migration of vserver? 1102691514 J * kLv88865 ~tZuVlXeB@dsl81-215-62172.adsl.ttnet.net.tr 1102693084 Q * kLv88865 Quit: < Klavye [ 5.FinaL ] > [ http://www.klavye.web.tr ] - irc.klavyescript.org - Lee 1102694293 Q * BWare Quit: using sirc version 2.211+KSIRC/1.3.10 1102694374 N * cereal|away cereal 1102694539 J * rusty` ~rusty@rev.193.226.233.94.euroweb.hu 1102694578 M * rusty` hi guys :) 1102695200 Q * lilo Quit: 1102695207 J * lilo ~lilo@lilo.usercloak.oftc.net 1102695881 Q * grecea Quit: Leaving 1102696576 J * [Hollow] ~bene@home.xnull.de 1102697058 Q * [Hollow] Ping timeout: 480 seconds 1102697485 J * DuckKing ~Duck@dyn-83-152-185-104.ppp.tiscali.fr 1102697905 Q * DuckMaster Ping timeout: 480 seconds 1102698577 N * cereal cereal|away 1102699106 N * Bertl_zZ Bertl 1102699128 M * Bertl ahh, much better ... 1102700986 M * Bertl hey rusty`! didn't see you! 1102701073 Q * rs Quit: leaving 1102701783 J * virtuoso ~s0t0na@spb.sot.com 1102701806 M * Bertl welcome virtuoso! 1102701820 M * virtuoso Hi Bertl! 1102702684 Q * Mega\work Quit: Leaving 1102704805 J * ndim U2FsdGVkX1@helena.bawue.de 1102704815 M * Bertl welcome ndim! 1102705239 M * rusty` hi Bertl! long time see you :) 1102705257 M * rusty` i'm here for little help 1102705268 M * rusty` "can i shot?" :) 1102705271 M * Bertl let's hear! 1102705686 M * Doener all this violence... *g* 1102705691 M * Doener evening! 1102705700 M * Bertl evening Doener! how are you? 1102705724 M * Doener quite alright... shivering as always, but i can cope with that one... 1102705775 M * Bertl hmm, shivering? I have a pudding here, which is almost frozen ... 1102705784 M * rusty` the situation is: i mount under a vserver with sshfs (read-only) a directory (ex. the apache www root), and the apache is running on the vserver. is this a seucre solution? 1102705807 M * Bertl which kernel, what patches? 1102705847 M * rusty` linux kernel 2.6.9, and ex. vserver patch 1.9.3 1102705867 M * Bertl hmm, sshfs probably uses the nfs interface, right? 1102705958 M * rusty` i think so, it does 1102705993 M * Bertl ould you do the 'mount' outside (i.e. on the host?) 1102706066 M * rusty` i mount from the "mother-server".. 1102706091 M * Bertl so you already mount it on the host, well, then it should be 'secure' 1102706393 M * rusty` i asking about on the part of the vserver 1102706427 M * Bertl okay, maybe I misunderstood the setup, or the question ... 1102706574 M * rusty` my quastion is really was: is that a good (secure ?) solution, to do any mount on a vserver from the mother server (read-only or not), for public access? or this is a security risk? 1102706645 M * Bertl well, let's split that in two questions: 1102706663 M * Bertl a) is it secure to provide a 'shared' mount ro or not inside several vservers 1102706689 M * Bertl b) is it secure to do nfs (or similar) mounts on the host into a vserver 1102706699 M * Bertl is that possible? 1102706708 M * rusty` yep :) 1102706716 M * rusty` sorry for my english :) 1102706720 M * Bertl np 1102706760 M * Bertl okay, the answer for a) is, as long as the vservers can not pass filehandles through that 'shared' mount (or whatever) it is secure 1102706796 M * Bertl additional, if somebeody has 'root' access to that shared directory, you should make sure that it is 'mounted' with nodev 1102706861 M * Bertl for b) I'd say it should be fine in general, given that the vserver can not manipulate the mount 1102706949 M * rusty` so for b), the read-only (and nodev) mount is secure enough? 1102706969 M * Bertl I'd say so ... 1102707014 M * rusty` thank you very much, you helpd a lot.. :) 1102707049 M * Bertl doesn't mean that it _is_ safe .. we thought the chroot was safe for a long time ... ;) 1102707096 M * rusty` ;) 1102707102 M * rusty` yeah, right.. 1102707523 M * Bertl Doener: I guess the ngnet fib* code is flawed ... 1102707530 M * rusty` see you late, i have a new project in this weekend, so i probably will come back, and shot some more quastions... i owe you one... 1102707543 M * rusty` :) 1102707544 M * Bertl okay, cya 1102707547 M * Doener in what way? 1102707565 M * Bertl I tested with the vc_zap_vnet 1102707586 M * Bertl and while the destroy gave the refcount hang with 1 1102707595 M * Bertl this gives a refcount hang with -1 1102707614 M * Bertl (still the ifdown fixes it ...) 1102707624 M * Bertl tracking it down a little further ... 1102707661 M * Bertl fib_flush() 83e7e800[4] -0- 1102707661 M * Bertl fn_hash_flush(83c51de0,83c51e00) 1102707661 M * Bertl fib_flush() 83e7e800[4] -1- 1102707661 M * Bertl fn_hash_flush(83c51d20,83c51d40) 1102707661 M * Bertl fib_info_put(83c51ae0[1]) 1102707663 M * Bertl fib_flush() 83e7e800[3] -2- 1102707678 M * Bertl which shows that in the 'working' case ... 1102707700 M * Bertl the refcount is decremented by the fib_flush() 1102707701 M * rusty` see ya guys 1102707703 Q * rusty` Quit: Leaving 1102708019 M * Doener hm... 1102708083 Q * jack Quit: [x]chat 1102708309 M * Bertl I guess we should start over with the ngnet virtualization and follow some simple but consistant rulez ... 1102708322 M * Bertl s/rulez/rules/ 1102708340 M * Doener hm, how did you test the vc_zap_vnet thing? 1102708359 M * Bertl /tmp/vnet -x 100 -n 11 -Z 1102708440 M * Doener ok 1102714121 M * Doener Bertl: hm, you said that the following 'works' with ngnet7.2, right? vnet3_setup.sh -> chcontext --ctx 100 ifconfig lo down -> chcontext --ctx 100 ifconfig en0 down -> [kill sleep process in ctx 100] 1102714143 M * Bertl yep 1102714149 M * Doener 22 100 UNKNOWN root Z [sleep] 1102714149 M * Doener 23 200 UNKNOWN root 432 S sleep 1000 1102714149 M * Doener 43 1 ALL_PROCS root Z [ps] 1102714149 M * Doener 46 1 ALL_PROCS root Z [ps] 1102714149 M * Doener 48 1 ALL_PROCS root Z [ps] 1102714154 M * Doener that's what i get then... 1102714173 M * Doener the 3 ps processes are left overs from running vps 1102714173 M * Bertl ah, try doing that from bash, the busybox is broken in this regard 1102714194 M * Bertl I tried to fix that some time ago, but didn't bother then ... 1102714207 M * Doener hm, this is interesting... 1102714249 M * Bertl it's when busybox 'acts' as init, it doesn't reap the children ... 1102714289 M * Doener http://doener.homeip.net/doener/vserver/oops 1102714328 M * Doener accidently ran vnet3_setup.sh while in the above state... 1102714350 M * Bertl hmm, yeah, you could put it through ksymoops ;) 1102714363 M * Doener trying to reproduce atm 1102714508 M * Doener hm, just run "/tmp/vnet -x 100 -n 10 -d lo" twice... 1102714561 M * Bertl with or without context? 1102714577 M * Doener /tmp/vnet -x 100 -n 10 -d lo 1102714577 M * Doener Unable to handle kernel NULL pointer dereference at virtual address 0000014c 1102714584 M * Doener damn slashes... 1102714589 M * Bertl ah, okay ;) 1102714611 M * Doener ifconfig -> chcontext sleep -> vnet -> vnet 1102714658 M * Bertl okay, not a real issue, easy to fix ... 1102714667 M * Doener ok 1102714691 M * Bertl if (register_netdev(vndev)) { 1102714691 M * Bertl free_netdev(vndev); 1102714706 M * Bertl we allocate the same device for that ... 1102714728 M * Bertl let's ignore it for now ... 1102714978 M * Bertl Doener: I uploaded a speical 'not for use' patch 1102715020 M * Bertl http://vserver.13thfloor.at/Experimental/NGNET/delta-11-ng7.2.diff 1102715051 M * Bertl basically it's the result of moving the non-ngnet related stuff into 1.9.3.11 1102715075 M * Bertl then copying unmodified files like udp.c to udp_ngnet.c 1102715093 M * Bertl then separating out the patches into two parts 1102715109 M * Bertl first part is additions, second part is modifications .... 1102715127 M * Doener btw, why those *_ngnet.c files? avoiding #ifdeffing? 1102715136 M * Bertl yep, it was a pita! 1102715145 M * Doener now i'm hungry 1102715177 M * Bertl okay, get soemthing to eat, I'll cleanup that patch further . 1102715200 M * Bertl then, if you like to help, we'll try to find a good virtualization method/rule ... 1102715210 A * Doener starts a petition against acronyms that remind him of food 1102715251 M * Bertl yes, 'Doener', sure 'Doener' .. ;) 1102715285 M * Doener *g* 1102717095 Q * TheSeer Remote host closed the connection 1102717252 J * TheSeer ~theseer@border.office.salesemotion.net 1102717797 Q * TheSeer Remote host closed the connection 1102718083 Q * Doener Quit: changing servers 1102718711 M * Bertl okay, somehow I'm really tired ... so I'll go to bed now .. maybe back in a few hours ... 1102718757 N * Bertl Bertl_zZ 1102719047 J * Doener ~doener@pD9E12077.dip.t-dialin.net 1102719062 M * Doener damn... 1102719087 M * Doener well, guess i'm off to bed then, too... 1102719092 P * Doener 1102719460 J * TheSeer ~theseer@border.office.salesemotion.net 1102720302 J * Doener doener@193.24.208.131