1103847198 N * Thorsten|afk Thorsten 1103847507 M * Bertl Thorsten: it seems you are cleaning up the tools on your way, is that correct? 1103847537 M * Thorsten I change what didn't help me 1103847569 M * Bertl are you still testing everything or already using it (in some way)? 1103847729 M * Thorsten My debian/testing and my debian/unstable seem to work fine, my gentoo client boots after I found out what that init-error message tried to tell me, but I have to make new runlevel with everything removed that causes trouble. After that I still have an Ubutnu installation... ;-) 1103847767 M * Bertl making notes of the various issues while you advance? 1103847813 M * Thorsten Mmm, even if they are obvious like filechecks? 1103847847 M * Bertl I'm just curious ... and I don't want to imply anything ... 1103847907 M * Thorsten And I switched to fixed ids like you told me (I got the impression that dynamic ids are somehow broken?) 1103847957 M * Bertl I'm thinking of a few changes to make linux-vserver more userfriendly (although I abstained from such paternalism) 1103847995 M * Thorsten which paternalism? 1103848004 M * Bertl the dynamic ids are not broken, but they are a bad choice for vservers ... 1103848026 M * Bertl one thing on my list is the capabilites stuff ... 1103848068 M * Bertl linux-capabilities are mandatory for a 'working' linux-vserver setup, and their absence leads to strange and hard to explain effects ... 1103848120 M * Bertl fortunately until recently they were enabled by default, so no issue there, but recent kernels and configs tend to modularize them (and sometimes not to load them) 1103848130 M * Thorsten It took me some time to find out how to use fixed ids because in the configuration.htm you don't use the word id by contex. Maybe mention ...context/ids would help :-) 1103848145 M * Thorsten ... id but context ... 1103848245 M * Bertl well, the dynamic contexts are something I thought about removing with the legacy config, but dynamic contexts _can_ be useful if used properly ... so maybe just the 'defaults' need some adjustments there ... 1103848328 M * Bertl we'll probably get some more confusing options in the future (with ngnet, extended capabilities and context callbacks) 1103848405 M * Bertl where is that configuration.htm you're referring to? 1103848424 M * Thorsten /usr/local/src/util-vserver-0.30.196/doc/configuration.html 1103848443 M * Bertl ah, okay, the flower page ... 1103848471 M * Thorsten # context 1103848471 M * Thorsten Contains the context which shall be used for the vserver. 1103848471 M * Thorsten (change that to Contains the context / (fixed) id used ... 1103848490 M * Thorsten so if you grep for 'id' you'll find it 1103848507 M * Bertl probably "... context id (xid) ..." would be the best choice here ... 1103848683 M * Thorsten Another problem that I still have is that some programs fail to start, I guess /dev issues 1103848706 M * Bertl hmm, unusual, any examples? 1103848720 M * Thorsten -rw-r--r-- 1 root root 0 Dec 24 01:36 /dev/null 1103848739 M * Thorsten (thats not a vserver problem) 1103848751 M * Bertl not really ;) 1103848809 M * Thorsten Normally I use devfs, this one was created by a distressed programm finding an empty /dev :-) 1103848826 M * Thorsten Did I understand it right that I should use devfs for a vserver? 1103848833 M * Thorsten shouldn't 1103848844 M * Bertl yeah, I'm using devfs too, although it is depreciated and treated like the evil itself ... 1103848859 M * Bertl (it's just so much easier ;) 1103848878 M * Thorsten And there is no problem to use it for a vserver client? 1103848882 M * Bertl but inside a vserver you have a very limited /dev which is created by the tools 1103848911 M * Bertl $ ls /dev/ 1103848911 M * Bertl full log= null ptmx pts/ random tty urandom zero 1103848930 M * Bertl this is everything apps ever need (usually) 1103848974 M * Thorsten So I should empty /dev, copy this ones into it and continue to use /devfs if I really reboot into the systemsboot it 1103849016 M * Bertl you can use devfs or udev on the host, but the guest should not contain any additional devices without good reason 1103849555 Q * Thorsten Ping timeout: 480 seconds 1103849589 J * Thorsten ~Thorsten@dsl-084-057-018-065.arcor-ip.net 1103849628 M * Thorsten Bertl, I'm back 1103849637 M * Bertl wb Thorsten! 1103849654 M * Thorsten My comouter crashed :-( 1103849698 M * Bertl hmm ... how so? 1103849734 M * Thorsten Mmm one of my vserver-clients started it's cronjobs, load increased dramatically and then the host died 1103849768 M * Thorsten Maybe the client found some /dev device to misuse ;-) 1103849817 M * Bertl could be ... 1103849856 M * Thorsten What I was about to say was that I have serveral linux installation that I can boot into (via lilo/grub) and that I'm about to let them run parallel via vserver. 1103849914 M * Thorsten And I've just decided to continue to use devfs if I really boot them but real /dev files if I use them as vserver-clients 1103849923 M * Bertl yes, it's one of the intended usages ... 1103849953 M * Bertl the devfs will mount over the dir anyways ... 1103849964 M * Thorsten And because /devfs will hide what really is in /dev, well right :-) 1103850176 M * Thorsten OK, this seems to work :-) 1103850831 M * Thorsten Ok, the next patch is on it's way 1103850870 M * Bertl keep em coming ;) 1103851672 J * pizdec ~o_o@c-24-21-186-135.client.comcast.net 1103851682 M * pizdec ok I finally have a real issue :P 1103851687 M * Bertl let's hear! 1103851708 M * pizdec I have a box with 2 interfaces, eth0 for inside and eth1 for a DMZ of sorts 1103851730 M * pizdec I start a vserver, binding to eth1 1103851744 M * pizdec on a physically separate network from eth0 1103851775 Q * ensc Ping timeout: 480 seconds 1103851793 M * pizdec when I ping from inside the vserver, instead of going out eth1, it goes out eth0 with a source address of the IP on eth1 1103851820 M * Bertl which is quite fine ... if you ping soemthing reachable through eth0 1103851843 M * pizdec well not really though 1103851857 M * pizdec when I ping a server that lives on the eth0 network 1103851868 M * pizdec it sees the source as from the eth1 network 1103851883 M * pizdec so it responds to that destination 1103851891 M * Bertl yes, and? 1103851924 M * pizdec and the router in between doesnt have any idea what to do with the data 1103851946 M * Bertl well, the box will arp for the eth1 addresses fine ... 1103851947 M * pizdec because all the router sees are icmp echo replies to resquests that never went through it 1103851960 M * pizdec I"ll show you what I see 1103851977 M * pizdec eth1 - 192.168.1.0/24 1103851982 M * pizdec eth0 - 10.0.0.0/24 1103851990 M * Bertl I can imagine what you see ... 1103852003 M * pizdec tcpdump -i eth0 icmp 1103852003 M * pizdec listening on eth0, link-type EN10MB (Ethernet), capture size 68 bytes 1103852003 M * pizdec 17:26:00.341866 IP 10.0.0.25 > 192.168.1.9: icmp 64: echo request seq 1 1103852003 M * pizdec 17:26:01.341097 IP 10.0.0.25 > 192.168.1.9: icmp 64: echo request seq 1103852015 M * pizdec oops I showed those backwards, sorry 1103852026 M * pizdec eth0 is 192.., eth1 is 10... 1103852049 M * pizdec but you see the requests go out eth0 with a source of 10.0.0.25 1103852053 M * Bertl yep, this is how linux-networking is working ... 1103852087 M * pizdec but here is all the firewall sees 1103852089 M * pizdec 17:26:07.236553 192.168.1.9 > 10.0.0.25: icmp: echo reply (DF) 1103852098 M * pizdec but with no request, the reply is invalid 1103852119 M * pizdec same applies to any connecting 1103852137 M * Bertl well, then you have to either change the firewall or route the request through the firewall 1103852153 M * pizdec if I ssh instead of ping, the firewall gets data from 192.168.1.9 destined for 10.0.0.25, but there is no ESTABLISHED/RELATED connection 1103852204 M * pizdec I can't send requests over a local network and receive replies routed across a firewall 1103852236 M * Bertl no you should not, but if you do so, your routing is misconfigured ... 1103852246 M * pizdec the requests should be going _out_ the 10.0 network 1103852253 M * pizdec naw my routing is fine 1103852272 M * Bertl well, your routing says otherwise, else the packets _would_ go out there ... ;) 1103852293 M * pizdec that is a reasonable assumption 1103852310 M * pizdec # netstat -rn 1103852311 M * pizdec Kernel IP routing table 1103852311 M * pizdec Destination Gateway Genmask Flags MSS Window irtt Iface 1103852311 M * pizdec 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 1103852311 M * pizdec 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 1103852311 M * pizdec 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 1103852313 M * pizdec 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 1103852353 M * pizdec I was assuming that if I chbind to an IP on the 10.0 network here, data would go out eth1 1103852383 M * Bertl the chbind doesn't change anything in regard of your existing routing 1103852405 M * Bertl the chbind just 'limits' the applications to the given ips 1103852450 M * Bertl basically I should have corrected you when you said, you bind the vserver to eth1 (which isnt possible) 1103852450 M * pizdec well if I ping 10.0.0.1 from the main host 1103852479 M * pizdec and if I chbind --ip 10.0.0.2 ping 10.0.0.1 (just for testing) 1103852491 M * pizdec the packets go out eth1 1103852507 M * pizdec oh wait a aminute 1103852508 M * Bertl if you use the source address 10.0.0.2 for the ping, yes 1103852572 M * pizdec oh dear 1103852576 M * pizdec I get it 1103852601 M * pizdec I was misunderstanding how vserver handles the networking 1103852627 M * Bertl don't worry, this will change with ngnet ;) 1103852663 M * pizdec damn, is ngnet stable yet? :P 1103852680 M * Bertl nope, not even development ... just highly experimental 1103852691 M * pizdec oh well I can fix it with tons of NAT 1103852695 M * Bertl but you can see it working if you like ... 1103852702 M * pizdec oh? 1103852723 M * Bertl just not suited for production or real vserver usage ... 1103852756 M * pizdec wow I added these NICs for nothin 1103852763 M * pizdec I had this working the same way using VLANs 1103852774 M * pizdec hehe live and learn 1103852789 M * Bertl well, you don't need separate NICs for those kind of setups ... 1103852801 M * Bertl unless you want to use the box as router ... 1103852802 M * pizdec it was easier in this case 1103852816 M * pizdec I needed an extra iface on my firewall 1103852843 M * pizdec and the only way to get it was to add a quad card, so I ended up with 3 extra 1103852862 M * Bertl tulip? 1103852866 M * pizdec sun 1103852885 M * pizdec sunhme aka qfe 1103852898 M * pizdec oddly enough, the cards work on x86 1103853754 M * pizdec if I wanted to apply both vserver and bme patches 1103853763 M * pizdec which shoudl go first 1103853810 M * Bertl hmm, hard to say, you want to use them together? 1103853860 M * pizdec I'm not completely sure what BME contains, to be honest 1103853877 M * pizdec except I know I can get bind mounts to honor read-only mount option 1103853885 M * pizdec that's all I'm really after 1103853893 M * Bertl bme allows you to have ro (noatime, nodirtime, ..#) --bind mounts 1103853905 M * pizdec yummy 1103853939 M * Bertl well, I can update them for recent kernels and make them linux-vserver 'compatible' 1103853977 M * pizdec I think I patched w/ BME after vserver on 2.6.9 and there were only a couple rejects 1103853998 M * pizdec I didn't build that source though, so I never fixed the rejects 1103854012 M * Bertl well, I'm not sure that bme on 2.6.9/2.6.10-rc3 will work as expected 1103854082 M * pizdec I'll skip it for now 1103854087 M * pizdec it's not imperative 1103854106 M * pizdec I just have to rebuild my kernel for multipath routing to work around my routing problem 1103854116 M * pizdec thought I might go ahead and add it 1103854155 M * pizdec have you tried using vserver with grsec? 1103854179 M * Bertl not I, but a few folks provide grsec patches/combos 1103854194 M * Bertl (links are on the wiki pages) 1103854199 M * pizdec wonder if it would be a nightmare 1103854565 M * pizdec http://www.nathan-syntronics.de/me/linux-vserver-grsecurity.html 1103854709 M * pizdec I'm going to add that under 'vserver varieties', it wasn't as easy to find as you would think 1103854728 M * pizdec is anyone going to yell at me if I add something to the front page? 1103854768 M * Bertl hmm ... 1103854775 M * Bertl why vserver varieties? 1103854783 M * pizdec well it's pretty specific 1103854795 M * pizdec it's a merged patch, not an addon 1103854845 M * Bertl http://linux-vserver.org/Tools+and+patches 1103854864 M * Bertl (section Kernel patches) 1103854910 Q * Thorsten Quit: Leaving 1103855004 M * Bertl or maybe add something to: 1103855005 M * Bertl http://linux-vserver.org/grsecurityHowto 1103855030 M * Bertl (if you want to add hints how to use/setup) 1103855325 M * pizdec anyone read German? 1103855383 M * Bertl do you want to add german documentation? 1103855459 M * pizdec no, I'm just wondering who to give credit for that page I posted 1103855475 M * pizdec I can't tell if the name on the page is the guy who did the patch of if he just does the site 1103855488 M * pizdec s/of/or/ 1103855499 M * Bertl IMHO he just created the site .. 1103855518 M * pizdec yeah, I'm not sure 1103855547 M * Bertl it's linking to both guys creating linux-vserver + grsec patches 1103855578 M * Bertl so I'd say Torben Nehmer 1103855593 M * Bertl (the one who very likely created that page) 1103855613 M * Bertl is not related with the other two ... 1103855641 M * Bertl (and yes, I can read german ;) 1103855732 M * Bertl it looks like he has combined the patches and provides the all-in-one aptch at the bottom of that page ... 1103855746 M * pizdec hm 1103856381 M * pizdec I'm going to find out if I can force vserver traffic out the right interface 1103856401 M * pizdec I <3 policy routing 1103856836 M * Bertl okay, I'm off to bed now ... 1103856845 M * Bertl Merry Xmas to everyone! 1103856853 N * Bertl Bertl_zZ 1103863527 J * nox- ~vps@213.39.193.241 1103863860 Q * nox Ping timeout: 480 seconds 1103863887 N * nox- nox 1103870305 Q * rs Quit: leaving 1103873605 Q * serving Ping timeout: 480 seconds 1103874750 Q * sannes Read error: Connection reset by peer 1103875590 Q * BWare Ping timeout: 480 seconds 1103876234 J * BWare ~bware@212.26.196.110 1103878643 J * Val ~val@gj403.loria.fr 1103878646 M * Val Hi 1103879038 M * Val grumpf 1103879075 M * Val does anyone here experience syslog problem in some vservers, not all ? 1103879163 M * eyck what kind of problem? 1103879176 M * Val syslog run 1103879187 M * Val but no line append to files 1103879216 M * Val all vservers got the same syslog version & conf. 1103879229 M * Val but some work, some don't 1103879259 M * Val like that : 1103879262 M * Val soco:~# ls -laF /var/lib/vservers/val*/var/log/syslog 1103879267 M * Val -rw-r----- 1 root adm 500 Dec 22 17:37 /var/lib/vservers/valas/var/log/syslog 1103879267 M * Val -rw-r----- 1 root adm 13223 Dec 24 10:01 /var/lib/vservers/valmx/var/log/syslog 1103879267 M * Val -rw-r----- 1 root adm 29005 Dec 24 10:01 /var/lib/vservers/valns/var/log/syslog 1103879267 M * Val -rw-r----- 1 root adm 57621 Dec 24 10:01 /var/lib/vservers/valpx/var/log/syslog 1103879274 M * Val -rw-r----- 1 root adm 437 Dec 22 23:04 /var/lib/vservers/valw3/var/log/syslogsoco:~# vps afx |grep syslog 1103879281 M * Val 2680 49157 valas ? Ss 0:00 \_ /sbin/syslogd 1103879281 M * Val 2912 49158 valmx ? Ss 0:00 \_ /sbin/syslogd 1103879281 M * Val 3115 49159 valns ? Ss 0:00 \_ /sbin/syslogd 1103879281 M * Val 3327 49160 valpx ? Ss 0:00 \_ /sbin/syslogd 1103879281 M * Val 3539 49161 valw3 ? Ss 0:00 \_ /sbin/syslogd 1103879345 M * Val 2 on 22 Dec... 1103879385 M * Val (main host was restarted this morning) 1103880017 M * _are_ all conf lines file entries start with - (asynchronous logging)? 1103880101 M * _are_ asynchronous logging might be late. sometimes very late. if that is not the case, no idea. 1103880105 M * Val no 1103880115 M * Val i'll test with - 1103880118 M * Val ... 1103880120 M * _are_ I'd set up a syslog server via network and remote log to that one to check it, then 1103880133 M * Val yup 1103880141 M * _are_ - should be worse, actually, not better, but worth a try as it is cheap editing only ;) 1103880173 M * _are_ anyway, out for 2h 1103880329 J * serving ~serving@213.186.188.80 1103880500 Q * mcp Ping timeout: 480 seconds 1103880562 Q * nox Quit: Getting off stoned server - dircproxy 1.0.5 1103880568 Q * DuckMaster jupiter.oftc.net unununium.oftc.net 1103880568 Q * monrad jupiter.oftc.net unununium.oftc.net 1103880568 Q * grecea jupiter.oftc.net unununium.oftc.net 1103880568 Q * sebd jupiter.oftc.net unununium.oftc.net 1103880568 Q * gaber jupiter.oftc.net unununium.oftc.net 1103880568 Q * Zoiah jupiter.oftc.net unununium.oftc.net 1103880623 Q * Loki|muh Read error: Connection reset by peer 1103880629 J * Loki|muh loki@satanix.de 1103880652 J * DuckMaster ~Duck@dyn-83-157-148-237.ppp.tiscali.fr 1103880652 J * monrad ~monrad@213083190130.sonofon.dk 1103880652 J * grecea ~grecea@h-195-22-237-74.mdl.net 1103880652 J * sebd ~sebd@lesdeveloppementsdurables.org 1103880652 J * Zoiah Zoiah@matryoshka.zoiah.net 1103880652 J * gaber gaber@linuxpl.net 1103880703 J * mcp ~hightower@www.c-tera.de 1103880982 J * ntrs_ ntrs@Dardeene-68.188.50.87.charter-stl.com 1103881080 Q * BWare Ping timeout: 480 seconds 1103881101 Q * Loki|muh Remote host closed the connection 1103881108 J * Loki|muh loki@satanix.de 1103881172 Q * tchan Ping timeout: 480 seconds 1103881350 J * BWare ~bware@212.26.196.110 1103881373 M * Val :) 1103881403 J * no_maam_ ~erik@datenzone.de 1103881420 Q * ntrs Ping timeout: 480 seconds 1103881431 J * nox ~vps@213.39.193.241 1103881490 M * Val added - change nothing :( 1103881518 M * Val still the same date, no file modification ... 1103881695 Q * no_maam Ping timeout: 480 seconds 1103881715 J * sannes ~ace@home.skarby.no 1103881786 Q * DuckMaster Quit: Client exiting 1103883648 M * eyck Val: i've seen it, 1103883672 M * eyck Val: when I set up master vserver to watch /var/lib/vservers/*/dev/log ... 1103883686 M * Val and ? 1103883714 M * Val did you solve the problem ? 1103883746 M * eyck yes, I stopped watching */dev/log from outside and set it up to log to common IP 1103883772 M * Val ? 1103883801 M * eyck Val: when you monitor dev/log with external syslog directly, then your syslog inside vserver has no chance of seeing lines... 1103883857 M * Val hum... 1103883884 M * Val but why some syslogd are working ? 1103883902 M * Val and why some other, always the same, aren't 1103883926 M * eyck in my case - I monitored only some, not all vservers 1103883935 M * Val even after vserver restart 1103883937 M * Val ... 1103883964 M * Val this is realy anoying 1103884050 M * Val and always the same ones... 1103884097 M * Val 'm gona clean these ones and reinstall them :( 1103884105 M * Val to see ... 1103884231 Q * Val Quit: back 1103884248 J * Val ~val@gj403.loria.fr 1103884259 M * eyck what is it with people and reinstalling everything? 1103884316 M * Val so what should i do ? 1103884343 M * Val nothing is installed, only base system : cron & syslog running 1103884373 M * eyck from master vserver: lsof /var/lib/vservers/MISBIHAVING-VSERVER/dev/log 1103884373 M * Val i never saw this before 1103884408 M * eyck MISBEHAVING 1103884432 M * Val lsof /var/lib/vservers/valas/var/log 1103884437 M * Val -> nothing 1103884443 M * eyck why nothing? 1103884447 M * eyck is syslog running? 1103884457 M * Val yes 1103884464 M * Val i don't understand 1103884469 M * Val soco:~# vps afx |grep syslog 1103884470 M * eyck what exactly is it watching if not /dev/log? 1103884470 M * Val ... 1103884474 M * Val 8346 49177 valas ? Ss 0:00 \_ /sbin/syslogd 1103884475 M * Val ... 1103884486 M * eyck ok, then check what it's doing.. 1103884529 M * Val soco:~# ls -laF /var/lib/vservers/valas/var/log/syslog 1103884529 M * Val -rw-r----- 1 root adm 500 Dec 22 17:37 /var/lib/vservers/valas/var/log/syslog 1103884578 M * eyck try lsof | grep syslog inside valas 1103884629 M * Val yep 1103884630 M * eyck or better: chcontext --ctx 1 lsof |grep sysl 1103884684 M * eyck next, you'll be looking at syslog configuration... 1103884698 M * Val ok well 1103884712 M * Val ...syslog running 1103884734 M * Val but don't open /var/log/... on valas 1103884746 M * Val inside an other one (working) 1103884751 M * Val syslog is running too 1103884761 M * Val AND open things in /var/log 1103884777 M * Val syslog.conf are the same on the two vservers 1103884780 J * Alecsandro ale@redelocal.sampa.zl.a.la 1103884788 M * Val AND the same package (debian sarge) 1103884825 M * eyck hmm, hmm, 1103884829 M * Val :) 1103884837 M * eyck can you stop your syslog on vales and run it under strace? 1103884838 M * Val unbelivable 1103884842 M * eyck or with debug enabled? 1103884847 M * Val yes 1103884888 M * eyck maybe permissions got mixed up... 1103884951 M * eyck proper syslogd -d says this: Opened UNIX socket `/dev/log'. 1103885049 M * Val Called logerr, msg: network logging disabled (syslog/udp service unknown). 1103885049 M * Val logmsg: syslog.err<43>, flags 4, from localhost, msg syslogd: network logging disabled (syslog/udp service unknown). 1103885049 M * Val Called logerr, msg: see syslogd(8) for details of whether and how to enable it. 1103885049 M * Val logmsg: syslog.err<43>, flags 4, from localhost, msg syslogd: see syslogd(8) for details of whether and how to enable it.: No such file or directory 1103885049 M * Val Debugging disabled, SIGUSR1 to turn on debugging. 1103885066 M * Val ouch... 1103885092 M * eyck how does you /etc/services look like? 1103885106 M * Val hehe 1103885128 M * Val no /etc/services... 1103885173 M * eyck i think netbase should install this 1103885205 M * Val yep 1103885250 M * Val installing... 1103885292 M * eyck problem with constant reinstall is this, that it would've fixed this... but you wouldn't become wiser ;) 1103885301 M * Val ok ok ok, this solve all problems 1103885319 M * Val eyck : many thanks 1103885322 M * eyck np. 1103885355 M * Val "i will never try to make my vserver as small as my brain" 1103885393 M * Val in netbase it is "base" =] 1103886094 J * Thorsten ~Thorsten@dsl-084-057-003-121.arcor-ip.net 1103886428 J * JonB ~NoSuchUse@0x503e0321.kjnxx7.adsl.tele.dk 1103890389 J * amir ~Bedehi.co@80.191.254.201 1103890408 Q * amir Quit: 1103892226 Q * sannes Read error: Connection reset by peer 1103892757 J * Schak schak@dsl-213-023-244-216.arcor-ip.net 1103892912 M * Schak hi. got a problem: http://nopaste.chillfactory.net/show.php?id=126 <-- is there a solution for this problem? i have kernel v2.6.9 and util-vserver-0.30.196 1103892975 Q * Alecsandro Quit: Finalizando Cliente 1103892978 M * Schak this error appears after using the debian-newvserver.sh 1103893107 M * JonB just a minute 1103893221 M * JonB did you compile with all vserver options ? 1103893224 M * JonB with pts? 1103893227 M * JonB shm ? 1103893389 M * Schak make menuconfig --> Linux VServer --> in this menu, there are the following 3 things enabled 1103893389 M * Schak [*] Enable Legacy Kernel API 1103893389 M * Schak [*] Enable Proc Security 1103893389 M * Schak [*] Enable Hard CPU Limits 1103893405 M * Schak pts and shm i cant find 1103893429 M * JonB they are not vserver options 1103893448 M * Schak util-vserver options? 1103893464 M * JonB no 1103893468 M * JonB regular kernel option 1103893469 Q * Thorsten Quit: Leaving 1103893469 M * JonB s 1103893477 M * Schak ahh ok... wait... i am searching 1103893510 M * JonB i think they are filesystem options 1103893534 Q * JonB Quit: Leaving 1103893555 J * JonB ~NoSuchUse@0x503e0321.kjnxx7.adsl.tele.dk 1103893560 M * JonB wrong button ;-p 1103893605 M * Schak ;) 1103893613 M * Schak [ ] /dev/pts Extended Attributes 1103893614 M * Schak this one? 1103893618 M * JonB yes 1103893622 M * Schak its not checked ;) 1103893669 M * Schak and shm... i cant find 1103893681 M * JonB well it is a regular kernel opton 1103893686 M * Schak # grep "SHM" config-2.6.9 1103893686 M * Schak CONFIG_SHMEM=y 1103893686 M * Schak # CONFIG_TINY_SHMEM is not set 1103893697 M * JonB looks fine 1103893729 M * Schak ok... then i will recompile with enabled pts... 1103893814 M * Schak do i need this: 1103893815 M * Schak [ ] /dev/pts Security Labels (NEW) 1103893816 M * Schak ? 1103893892 M * JonB dunno 1103893895 M * Schak "If you are not using a security module that requires using extended attributes for file security labels, say N." 1103893902 M * JonB it's been a while since i made a new vserver 1103894667 J * tchan ~tchan@c-24-13-81-164.client.comcast.net 1103895328 Q * infowolfe Quit: leaving 1103895346 J * infowolfe_ ~infowolfe@mail.xhcl.net 1103895473 M * Schak JonB: exactly the same errors 1103895551 M * JonB Schak: then you need to modify it such that it either mounts pts correctly or not at all 1103895703 M * Schak is there perhaps a relation? --> my native system is sarge... and i want my vserver to be woody 1103895825 M * JonB that might be possible 1103898288 N * infowolfe_ infowolfe 1103898773 M * Schak http://nopaste.chillfactory.net/show.php?id=127 <-- any ideas? ;) 1103899047 Q * BWare Quit: using sirc version 2.211+KSIRC/1.3.10 1103899192 J * sannes ~ace@home.skarby.no 1103899479 J * id_ ~test@dsl-213-023-041-085.arcor-ip.net 1103899813 J * Duckx ~duckx@195.75.27.158 1103901198 Q * _are_ Quit: Disconnecting 1103901499 M * Doener Schak: do what it says ;) 1103901933 M * Schak yes i have made a symlink... no problem... but... in the last 60 mins i got so many errors... i cant count them anymore 1103902071 M * Doener got them at hand? 1103902155 M * Schak only a few 1103902157 M * Schak the last 1103902200 M * Doener let's see what we can do with them... 1103902290 M * Schak # vserver base enter 1103902290 M * Schak mesg: (null): Operation not permitted 1103902290 M * Schak kara:/# 1103902317 M * Schak but then, i am IN the vserver jail 1103902368 M * Schak in the vserver: 1103902369 M * Schak # ps ux 1103902369 M * Schak Error: /proc must be mounted 1103902369 M * Schak To mount /proc at boot you need an /etc/fstab line like: 1103902369 M * Schak /proc /proc proc defaults 1103902370 M * Schak In the meantime, mount /proc /proc -t proc 1103902370 M * Schak kara:/# mount /proc /proc -t proc 1103902372 M * Schak mount: permission denied 1103902372 M * Schak kara:/# whoami 1103902374 M * Schak root 1103902404 M * JonB Schak: are you inside the vserver when you try to mount it ? 1103902407 M * Schak yes 1103902415 M * Doener the mesg error is nothing to worry about, only happens when you enter the vserver from the host 1103902421 M * Schak ah ok 1103902444 M * Doener the second: http://linux-vserver.org/Proc-Security 1103902447 M * JonB Schak: you can not mount it while you are inside 1103902482 M * Doener and JonB just answered the third one ;) (mounting proc is not necessary anyways, the tools do it for you) 1103902500 M * Schak but why i cant execute "ps" ? 1103902508 M * Doener 16:34:04 Doener the second: http://linux-vserver.org/Proc-Security 1103902509 M * JonB because proc not is mounted 1103902522 M * Doener JonB: proc is mounted, but the entries are hidden 1103902583 M * JonB Doener: well, you get that error or similar when it isnt mounted 1103902614 M * Doener i know, but in this case i'm pretty sure it's just proc-security 1103902625 M * JonB Doener: i guess you are right 1103902654 M * Schak on the host, i have executed /etc/init.d/vprocunhide start approx 2 hrs ago 1103902672 M * Schak whats about these setattr things? 1103902682 M * Schak on the v oder on the parent? 1103902700 M * Doener setattr is a tool to control the flags, vprocunhide utilizes that one 1103902724 M * Doener on the host machine, vservers are not allowed to change those flags 1103902744 M * JonB Doener: do you know if there has been ideas of giving a vserver it's own block devices that it can play with ? 1103902745 M * Schak ah ok... yes... then... its already done 1103902771 M * Doener Schak: try "chcontext ps" 1103902810 M * Schak # chcontext ps 1103902810 M * Schak New security context is 49153 1103902810 M * Schak PID TTY TIME CMD 1103902810 M * Schak 1774 pts/1 00:00:00 ps 1103902825 M * Doener JonB: devices like /dev in general? 1103902834 M * Doener Schak: and within a vserver the error still occurs? 1103902851 M * Schak yes 1103902852 M * JonB Doener: well, such that they dont need to be mounted in the root server 1103902925 M * Doener Schak: then JonB probably was right and proc is not mounted, please check with "cat /proc/mounts" 1103902960 M * JonB Doener: heh 1103902968 M * JonB Doener: or in the root vserver 1103902973 M * Schak # cat /proc/mounts 1103902973 M * Schak cat: /proc/mounts: No such file or directory 1103902982 M * Doener JonB: if it's ok for you to do the mounts from the host, namespaces allow you to have different mount trees, i.e. the mounts are not visible in the host namespace. 1103903012 M * Doener Schak: d'oh... that one was pretty pointless i guess ;) 1103903018 M * JonB Doener: well, that might work 1103903031 M * Schak ... whole /proc is empty 1103903041 M * JonB Doener: but i would also like to allow the vserver to partition it's devices, and mount them 1103903045 M * Doener JonB: safe mounts from within vservers have been discussed, but i don't know about its status 1103903062 M * JonB Doener: okay 1103903156 M * Doener If you got a device you got exclusively for that vserver, just copy the device file into the vserver's /dev directory. But ask Bertl for further details, especially security... 1103903206 M * Schak Doener: any ideas how i can "fill" my /proc ? 1103903213 M * JonB yeah i figured something like that 1103903226 M * Doener Schak: vnamespace -e mount -t proc none /proc 1103903241 M * Doener replace with your vserver's context id 1103903263 M * Doener maybe you need to provide the full path to the vserver's proc directory... 1103903272 M * Schak # vnamespace -e 49155 mount -t proc none /proc 1103903272 M * Schak vnamespace: vc_enter_namespace(): No such process 1103903301 M * JonB Doener: how much of the limits are in place ? 1103903373 M * Doener you got to ask someone else on that one, but IIRC all limits that are listed on the flower page do actually work 1103903393 M * Doener Schak: please make the output of vserver-stat available 1103903395 M * JonB the flower page ? 1103903415 M * Doener http://www.tu-chemnitz.de/~ensc/util-vserver/doc/conf/configuration.html 1103903418 M * Schak # vnamespace -e 49154 mount -t proc none /proc 1103903418 M * Schak mount: proc already mounted 1103903424 M * Schak ah ok... wrong ctx 1103903445 M * Doener (there are nicer stylesheets available ;) 1103903602 Q * id_ Quit: Verlassend 1103903649 M * Schak kara:/home# vnamespace -e 49154 umount /proc 1103903649 M * Schak kara:/home# vnamespace -e 49154 mount -t proc none /proc 1103903661 M * Schak doesnt work... /proc @ V is still empty 1103903686 M * Doener please try with the full path to the vserver's proc, f.e. /vservers/my_vserver/proc 1103903732 M * Schak great stuff... worked! 1103903734 M * Schak thx :) 1103903753 M * Doener ok, any problem with restarting that vserver? 1103903764 M * Schak yes ... maaaany ;( 1103903770 M * Schak this would be my next question 1103903782 M * Schak http://nopaste.chillfactory.net/show.php?id=128 1103903821 M * Doener ok, the proc related stuff should be fixed by now 1103903843 M * Schak yes... the paste is older 1103903866 M * Doener could you provide a new one? 1103903887 M * Schak ok... sec 1103903893 Q * Duckx Quit: Leaving 1103903922 M * Schak http://nopaste.chillfactory.net/show.php?id=129 1103904004 M * JonB Schak: what does the vserver etc/fstab contain ? 1103904083 M * Doener ok, you should remove the hardware-related stuff from the runlevels, in your case: hwclock, the mount stuff and in /etc/init.d/reboot remove the -i argument to reboot 1103904135 M * Doener the errors look strange though... 1103904202 M * Schak fstab contains only the proc line 1103904249 M * Schak sorry guys... thanks for all... i have 2 leave my real life home ... brb in few hours ... MERRY CHRISMAS ;) 1103904307 M * Doener you're welcome 1103904409 M * JonB Schak: you have a real life ? 1103907255 M * eyck wow 1103907790 M * JonB wow what? 1103908281 M * eyck wow, real life. 1103908299 M * JonB eyck: yeah, impressive 1103911420 N * Bertl_zZ Bertl 1103911435 M * Bertl merry xmas morning folks! 1103911463 M * JonB hey Bertl 1103911591 M * Bertl hey JonB! everything fine? 1103911612 M * JonB Bertl: yeah, just had xmas dinner 1103911768 M * Bertl me too ... (every year hunt for fishbones ;) 1103911784 M * JonB Bertl: aha? we have duck 1103911808 M * Bertl yes, I know, duck is the xmas meal in your area 1103911818 M * JonB yeah 1103911887 M * JonB and we get the presents tonight 1103911917 M * Bertl do you remember how we tested on the dual? i.e. what combination of killers and proc stuff? 1103911925 M * JonB no 1103911978 M * Bertl I have a similar setup (with network testing as we did it) running on a quad PIII for a day now ... with two killers and a bash proc loop at 20kHz interrupts ... 1103912007 M * JonB aha? 1103912013 M * JonB what does that tell you ? 1103912052 M * Bertl well, nothing ... but I can assume that the 'current' kernel + vserver is more stable than the versions we tested ... 1103912082 M * JonB nice 1103912115 M * Bertl is the dual reachable somehow (for you)? 1103912168 M * JonB it should be reachable through 194.239.210.28 1103912173 M * JonB and the serial link 1103912473 M * Bertl ah, yes, seems to work, thanks! 1103912534 M * JonB cool 1103912576 M * Bertl I'll check the history, maybe I can figure out what we tested ... 1103912870 M * JonB i seem to remember that i pinged it from my machine 1103912903 M * Bertl well, the network tests are identical to the ones we did .. the netcat stuff on 4 different ports udp/tcp 1103912916 M * Bertl (I archived the scripts you used for that) 1103912955 M * JonB okay 1103912962 M * JonB right i remember now 1103914461 J * tanjix tanjix@pD9FAC871.dip.t-dialin.net 1103914472 M * tanjix hi together and merry christmas!! 1103914494 M * JonB hi tanjix 1103914516 M * Bertl hey tanjix! 1103917300 M * Bertl okay, off for now, back later ... 1103917309 N * Bertl Bertl_oO 1103920168 Q * Hollow Quit: Leaving 1103920175 J * Hollow ~bene@home.xnull.de 1103924071 Q * tanjix Quit: 1103925897 Q * tchan Quit: leaving 1103926008 J * tchan ~tchan@c-24-13-81-164.client.comcast.net 1103929405 Q * JonB Ping timeout: 480 seconds