1104019319 M * Schak two friends are new to linux... and they want to "play" a bit... so i dont want to give them a shell to my dedicated root server... i had the choice between chroot jail and vserver... i decided for vserver ;) 1104019367 M * Schak i think they will install an ircd, psybnc... nothing more ;) 1104019386 M * Schak perhaps a LAMPP 1104019418 M * Bertl ah, excellent! 1104019508 M * Schak are you the owner of 13thfloor? 1104019519 M * Bertl yep, I am .. 1104019539 M * Schak oh... master hisself *bow* :) 1104019544 M * Schak great work 1104019553 M * Bertl thanks! 1104019579 M * Bertl but it's a community project, so not all my work ... 1104019597 M * Bertl for example the tools are done by enrico (which isn't here atm) 1104019606 M * Schak how many ppl belongs to the core? 1104019611 M * Schak -s 1104019671 M * Bertl I'd say two hard core developer and a few others doing important things like testing or bithing at the devels or handling ml stuff ... 1104019706 M * Schak wow 1104019762 M * Bertl (you can find a complete list on the wiki) 1104019821 M * Bertl and feel free to help (for example by adding important stuff to the wiki or making suggestions how to improve linux-vserver) 1104020019 M * Schak yes, ok... if a should find a bug... or something i miss... 1104020064 M * Bertl also feel free to add yourself to the list of happy vserver users ;) 1104020573 M * Schak hehe... where do i find it? 1104020603 M * Bertl http://linux-vserver.org/VServer+Users 1104020636 M * Bertl (it's on the frontpage, under Public Relations) 1104022198 M * Schak i am searching for 20 mins... and i cant find it 1104022220 M * Bertl http://linux-vserver.org/ 1104022252 M * Bertl scroll down, about in the middle of the page is: 1104022256 M * Bertl Public Relations 1104022258 M * Schak VServer Users Happy Linux-VServer Users 1104022261 M * Schak ahhh %) 1104022263 M * Bertl and there is the link ... ;) 1104022274 M * Schak oh jesus... i should go to bed 1104022347 M * Doener Bertl: remember the mail you bounced to me about the chroot escape stuff on Nov 22? 1104022376 M * Bertl yep .. 1104022394 M * Doener back then you considered that one harmful (and IIRC I agreed)... we did the same now with the patch you did for the problem reported by jack 1104022419 M * Bertl right, that was why I was asking you ;) 1104022461 M * Doener so we agree that it actually wasn't harmful, right? because the necessary checks are done earlier in the ioctl handler... 1104022470 M * Bertl I hope so ... 1104022527 M * Doener ok. i trust cscope on that one ;) 1104022554 M * Bertl flags = flags & EXT2_FL_USER_MODIFIABLE 1104022561 M * Bertl this and similar should protect us 1104022567 M * Doener yes 1104022676 M * Schak i have a last small question before i go to bed: 1104022677 M * Schak # vserver base start 1104022677 M * Schak /sbin/vserver: line 543: ip: command not found 1104022677 M * Schak /sbin/vserver: line 545: ip: command not found 1104022677 M * Schak /sbin/vserver: line 543: ip: command not found 1104022677 M * Schak /sbin/vserver: line 545: ip: command not found 1104022695 M * Bertl hmm, iproute2 ? 1104022707 M * Schak no 1104022728 M * Bertl # rpm -qf `which ip` 1104022728 M * Bertl iproute2-2.2.4-13mdk 1104022778 M * Schak kara:/# rpm -qf `which ip` 1104022778 M * Schak rpmq: no arguments given for query 1104022778 M * Schak kara:/# which ip 1104022778 M * Schak kara:/# 1104022803 M * Doener apt-get install iproute 1104023131 M * Schak outchy... my host system is unreachable... i think the "halt -f" in the vserver halted the host system 1104023132 M * Schak http://nopaste.chillfactory.net/show.php?id=138 1104023138 M * Schak here the last lines... 1104023254 M * Bertl it's more likely that your vserver changed the networking stuff 1104023331 M * Bertl we had this when folks compiled debian kernels (which have the capability system as module and do not load them) 1104023361 M * Bertl basically a vserver can not reboot or halt the host ... 1104023377 M * Schak shouldnt work... because there is a dhcp client running... which gets the ip every reboot 1104023379 M * Schak hm ok 1104023424 M * Bertl the halt/reboot is redirected to the vshelper which acts in behalf of the vserver ... 1104023449 M * Schak i am waiting till my server got rebootet... then it should work... args... perhaps not, if the vserver stuff loads automatically at boot 1104023468 M * Doener only if you told it to do so 1104023493 M * Schak the "yes" is default in the debian-newvserver.sh :( 1104023505 M * Schak which creates the conf 1104023530 M * Doener but debian-newvserver.sh is for legacy tools, the configuration created by that one doesn't affect your vserver... 1104023543 M * Doener (this is why you had to create it by hand ;) 1104023551 M * Doener it = new style vserver config 1104023557 M * Schak ;) 1104023710 M * Schak and where is it in the new vserver config?... the start-on-reboot setting 1104023753 M * Doener flower page -> search for 'mark' 1104023909 M * Schak yes... found... hmm... dont know, if this file exist or not... ;) 1104023987 M * Schak strike... server is ready... and i am logged in via ssh 1104024029 M * Bertl could you upload your kernel .config now please? ;) 1104024177 M * Schak oh yes... sorry. i thought, it wasnt interesting anymore... wait a min... i give you a link 1104024394 M * Bertl Doener: what do you think, should we force in the capability stuff? 1104024440 M * Doener well, we actually heavily depend on it, so i see no problems with that 1104024518 M * Schak http://213.23.239.158/schak-debian-2.6.9 1104024558 M * Doener hm, caps are built-in 1104024561 M * Bertl yep 1104024580 M * Doener hm, what is CONFIG_SECURITY_NETWORK ? 1104024584 M * Bertl Schak: why the decision to use INOXID_INTERN? (just curious) 1104024684 M * Bertl and after the 'base start' you lost connectivity? 1104024686 M * Schak whats that? without the "make menuconfig"-help i am helpless 1104024708 M * Schak yes... 2 mins ago the same... 1104024713 M * Bertl that's one of the xid tagging options ... UID/GID24 is the default 1104024772 M * Bertl okay, let me subsume that: 1104024780 M * Bertl you had the server working fine ... 1104024788 M * Bertl then you installed iproute2 (which was missing) 1104024803 M * Bertl then a new restart takes your system 'offline' 1104024815 M * Bertl is that correct so far? 1104024840 M * Schak i installed iproute... (apt-get install iproute) ... is iproute2 the same? 1104024872 M * Bertl yep 1104024875 M * Schak ok 1104024881 M * Schak and i didnt reboot 1104024885 M * Schak i startet the v 1104024896 M * Schak and 20 secs after restart 1104024898 M * Bertl yeah, I have your lines here ... 1104024902 M * Schak my host isnt reachable 1104024942 M * Bertl so I'd conclude that the vserver (maybe the config) is doing something with the ip (of your host) which confuses or disables routing ... 1104024958 M * Schak yes... i think so 1104024977 M * Bertl so as I further assume that you do not have any serial console to that host ... 1104025006 M * Bertl I'd suggest replacing the ip (from iproute2) with a script, and check the arguments 1104025024 M * Schak yes i have... a rescue system... and i can reboot via webinterface... no problem... in 10 mins my host is ready for the next test ;) 1104025183 P * Thorsten Leaving 1104025714 M * Doener Schak: do you use your 'main' ip address for the vserver? 1104025729 M * Doener if so, you have to tell the tools that the address is not to be touched 1104025894 M * Schak no... i have 4 different ips 1104025924 M * Bertl hmm ... would you care to show them to me in private? 1104025931 M * Bertl s/care/mind/ 1104025931 M * Schak i have the command from the vserver base start.... concerning /bin/ip 1104026972 J * Thorsten ~Thorsten@dsl-084-057-024-066.arcor-ip.net 1104026995 M * Bertl wb Thorsten! 1104027009 M * Thorsten :-) 1104027164 M * Bertl Doener: hmm, have you spent a thought on allowing strace/ptrace from the host or xid=1 across chcontext()? 1104027182 M * Doener not yet... 1104027187 M * Bertl (do you think that is something worth some efford?) 1104027238 M * Doener may help with tools development, otherwise i can't come up with some real world use 1104029295 M * Bertl okay, interested in looking into the capability stuff in general? 1104029349 M * Doener which one? the masking stuff or making capabilities a requirement? 1104029368 M * Bertl if you ask me that way ... both of course ;) 1104029427 M * Doener hehe 1104029432 M * Bertl rs already verified that the basic idea seems to work ... but we still have to finish it (regarding the mask stuff) 1104029602 M * Bertl I'll update my todo list, feel free to add/change stuff there ... 1104029632 M * Bertl hmm, better I rename it to Todo List kernel ... 1104029634 M * Doener i'll look into that tomorrow, i'm on my way into bed now... but as i said i'll take at least a mid-deep look into everything ;) 1104029728 M * Doener you'll probably have to tell me about the masking stuff again, since 'our' 'discussion' faded away quickly last time, cause i got distracted :/ 1104029749 M * Doener anyway, i'm tired right now, so let's get this going tomorrow 1104029753 M * Doener good night! 1104029782 M * Doener s/tomorrow/whenever you have time for that/ ;) 1104029799 N * Doener Doener_zZz 1104030485 M * Bertl okay, night! 1104030504 M * Thorsten night 1104034165 Q * Schak Read error: Connection reset by peer 1104034232 J * Schak schak@dsl-213-023-243-081.arcor-ip.net 1104034750 Q * Thorsten Ping timeout: 480 seconds 1104036677 Q * nox Ping timeout: 480 seconds 1104036678 J * nox ~vps@c150223.adsl.hansenet.de 1104036711 M * Bertl wb nox! 1104038858 M * Bertl okay folks, I'm off to bed now ... 1104038867 M * Bertl have a nice whatever everyone! 1104038882 N * Bertl Bertl_zZ 1104044402 Q * t Ping timeout: 480 seconds 1104044663 J * t ~tnichols@CPE-139-168-208-77.sa.bigpond.net.au 1104046144 Q * serving Read error: Connection reset by peer 1104047074 Q * click Ping timeout: 480 seconds 1104050556 J * click click@dsl-84-161.aal.tiscali.no 1104052812 J * JonB ~NoSuchUse@0x503e0321.kjnxx7.adsl.tele.dk 1104053106 J * serving ~serving@213.186.170.131 1104053632 Q * JonB Ping timeout: 480 seconds 1104056551 M * infowolfe argh, i hate dspam sometimes ;-) 1104056604 J * JonB ~NoSuchUse@0x503e0321.kjnxx7.adsl.tele.dk 1104056797 Q * _are_ Quit: Disconnecting 1104060023 J * t_ ~tnichols@CPE-139-168-209-129.sa.bigpond.net.au 1104060174 Q * flock Ping timeout: 480 seconds 1104060422 Q * t Ping timeout: 480 seconds 1104060428 J * q ~cumol@squid.dmz.fi 1104060433 M * q moin 1104060438 M * q anyone alive? 1104060481 M * infowolfe q, i am 1104060485 M * q fine 1104060491 M * q a question about vserver and ipv6 1104060495 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il 1104060504 M * infowolfe i'm not qualified to answer probably, but i'll give it a shot if i can 1104060528 M * q i've working ipv6 on the "root", but how to bind ipv6-ips to the vserver? 1104060574 M * JonB i dont think there is any IPv6 support 1104060609 M * infowolfe JonB, i'm thinking the same 1104060614 M * infowolfe Jonb, do you know much about dspam? 1104060620 M * JonB nothing 1104060636 M * q :( 1104060638 M * q suxx 1104060658 M * JonB q: i dont think anyone has had a real use for it yet 1104060665 M * JonB q: but... dont worry 1104060674 M * JonB q: you can most likely work arround it 1104060674 M * q JonB: i have a real use :) 1104060678 M * q JonB: how? 1104060701 M * JonB q: create aliases for your eth0 1104060714 M * JonB q: give them different IPv6 adresses 1104060734 M * JonB make other aliases for the vservers, and give those IPv4 address 1104060759 M * JonB then you use iptables to make a static NAT between the 2 adresses 1104060771 M * q uh. sounds complicated... there's no better way? 1104060787 M * JonB q: ask bertl, he's the main coder 1104060796 M * JonB q: or the mailing list, or the wiki 1104060804 M * q k 1104060806 M * q thnx. ill be back 1104060808 Q * q Quit: 2l8 1104060812 M * JonB q: and no, it's not that complicated 1104060844 Q * t_ Ping timeout: 480 seconds 1104063284 J * Thorsten ~Thorsten@dsl-084-057-024-198.arcor-ip.net 1104063734 J * t_ ~tnichols@CPE-139-168-209-155.sa.bigpond.net.au 1104064573 Q * Thorsten Remote host closed the connection 1104067737 J * Thorsten ~Thorsten@dsl-084-057-024-198.arcor-ip.net 1104068134 Q * sannes Read error: Connection reset by peer 1104068503 Q * DuckMaster Remote host closed the connection 1104069186 J * duckx ~Duck@dyn-83-157-202-15.ppp.tiscali.fr 1104069376 J * monrad ~monrad@213083190130.sonofon.dk 1104069479 Q * flock Ping timeout: 480 seconds 1104069580 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il 1104070554 J * dominance dominance@nyx.verfaction.de 1104070556 M * dominance hi 1104070574 M * dominance what's the use of /usr/include/vserver.h in the compiled package? 1104070577 M * dominance is it needed? 1104070581 M * dominance (of util-vserver) 1104070594 A * dominance is just trying to compile a util-vserver alpha debian package.. 1104070729 Q * JonB Ping timeout: 480 seconds 1104070773 Q * duckx Remote host closed the connection 1104071214 J * duckx ~Duck@dyn-83-157-202-15.ppp.tiscali.fr 1104073201 Q * Thorsten Remote host closed the connection 1104075106 J * sannes ~ace@home.skarby.no 1104075349 Q * sannes Read error: Connection reset by peer 1104075476 Q * duckx Remote host closed the connection 1104075736 J * duckx ~Duck@dyn-83-157-202-15.ppp.tiscali.fr 1104075914 M * ndim dominance: Want my debian package? 1104076063 M * dominance ndim: have one already.. 1104076079 M * dominance with consistent paths and against dietlibc as configure requested.. 1104076099 M * dominance also cleaned up the debian/rules and added missing build-deps for the make docs.. 1104076127 M * dominance basically i have now the spec instructions as far as i have been able to piece together which targets do what.. 1104076547 J * JonB ~NoSuchUse@0x503e0321.kjnxx7.adsl.tele.dk 1104078065 M * ndim AFAICS, util-vserver still needs a lot of work to get from hack quality to production quality. 1104078094 M * JonB ndim: what is needed ? 1104078175 M * ndim Make it clear what is still needed, what is supposed to be in what path, what is needed on host systems, what on guest systems, what is legacy. 1104078179 M * ndim Stuff like that. 1104078193 M * ndim Oh, and a consistent configuration definition. 1104078197 M * dominance and a bit cleaned up configure/Makefile.. 1104078207 M * JonB make it so 1104078207 M * dominance the hack to get the paths changed is ugly.. 1104078233 M * dominance you need to define both lower and uppercase vars.. like so: "pkgstatedir=/var/run pkglibdir=/var/lib/util-vserver pkgstaterevdir=/var/run/vserver/.rev vshelperstatedir=/var/run/vshelper PKGSTATEDIR=/var/run PKGLIBDIR=/var/lib/util-vserver PKGSTATEREVDIR=/var/run/vserver/.rev VSHELPERSTATEDIR=/var/run/vshelper" 1104078255 M * ndim From what I've seen so far, e.g. the network config stuff needs serious changes to be extensible for IPv6 and other stuff. 1104078278 M * dominance ndim: even with NGN? 1104078291 M * JonB ndim: well i dont think anyone has asked for it yet 1104078303 M * ndim dominance: NGN? 1104078413 M * dominance next-gen networking 1104078419 M * dominance the thing you need for IPv6 in vserver 1104079030 N * Doener_zZz Doener 1104079037 M * Doener morning! 1104079067 M * dominance hi doener.. 1104079910 J * infowolf1 ~infowolfe@mail.xhcl.net 1104080101 P * infowolf1 1104080224 M * dominance doener: you use debian, don't you? 1104080499 M * Doener yes 1104080536 M * Doener currently there's gentoo on the box in front of me, but i've got access to some debina boxes 1104080542 M * Doener s/debina/debian/ 1104080571 M * dominance hmmm 1104080595 M * dominance you're interested in helping ndim and me creating a good new debian deb by trying it? 1104080604 Q * t_ Ping timeout: 480 seconds 1104080627 J * t_ ~tnichols@CPE-139-168-209-155.sa.bigpond.net.au 1104080817 M * Doener did you contact the debian maintainer(s)? we're approaching a new try of cooperation between the debian folks and the vserver folks as you may have read on the ml 1104080830 M * dominance i read it.. 1104080842 M * dominance and my idea is rather to propose a patch known to work for the community 1104080852 M * dominance than to have the DD slowly find out the hard way 1104080860 J * snapple ~blegha@217.238.33.65.cfl.rr.com 1104080868 M * dominance thus preparing a new deb and handing in a patch would make more sense IMHO 1104080892 M * dominance maybe you have followed some of the bugs in the Debian BTS.. then you should know how much engaged he's in getting the package straight.. 1104080901 M * snapple if I use the grsec patches on the vserver host, will the vservers themselves be grsec'ed, since I really don't want that to happen 1104080907 M * dominance so the more you can come up with an "ANSWER" rather than a question, the besser.. 1104080976 M * Doener didn't check the bug reports lately as i only use upstream stuff 1104081016 M * dominance well, there's a whole bunch of warnings and flaws in the alpha tools apparently.. 1104081082 M * Doener but i guess if we can come up with a way that allows a) the debian folks to be happy (policy and stuff...) and b) the upstream folks to be happy (keep the packages as upstream as possible) cooperation should work out better than it currently does... 1104081143 M * dominance well, that's what the idea was so far =) 1104081146 M * snapple is it possible to install different distributions for vservers other than that of the host? 1104081156 M * Doener snapple: yes, it is 1104081157 M * dominance snapple: yes 1104081196 M * snapple I have seen examples using debbootstrap and it's redhat counterpart 1104081197 M * dominance Doener: so the point is we should at least sort the things out upstream that are in the way for a good packaging to happen 1104081205 M * snapple but what about if I want to install slackware 1104081213 M * snapple should I just run the install program from the cd? 1104081235 M * dominance Doener: and thus preparing a somewhat updated util-vserver source with a ready to deploy debian package will be the quickest way to convince Ola.. 1104081281 M * Doener snapple: if that can create an installation in a chroot environment, yes... otherwise you'd have to figure out how to do that... easiest way may be to install it on another box and copy over the whole thing... 1104081325 M * snapple ok 1104081376 M * snapple if the host is grsec'd, will the vservers be grsec'd? 1104081385 M * snapple the host kernel 1104081552 M * Doener snapple: i guess so, vserver is not grsec aware and vice-versa 1104081638 N * Bertl_zZ Bertl 1104081650 M * Bertl morning folks! 1104081657 M * dominance hi Bertl ;) 1104081718 M * Bertl wow looks like there has been some discussion today ... without me ;) 1104081724 M * dominance hehe 1104081732 M * Doener dominance: just from my personal experience, i'd prefer to have Ola involved as early as possible, not mandatory as an active developer (although that would be nice), but at least discussions about the 'how and why' should be made between him and 'the others'. Both sides would be more aware of the needs of the others... 1104081736 M * dominance well, the "Debian issue" should be resolved.. once for all 1104081745 M * Bertl anybody willing to give a short conclusion? 1104081779 M * dominance Doener: you have mentioned "The Debian Policy" already.. if that one is respected, Ola will be happy.. 1104081815 M * dominance Doener: the last thing Ola does want is more work than seriously neccessary.. and the more we can prepare the 0.30.197 to be "upstream convenient" that's not only helping Debian, but everyone out there.. 1104081842 M * dominance Bertl: no conclusion.. util-vserver is not yet cleaned up and we need someone to make it "packageable".. 1104081867 M * dominance Bertl: like have the paths centrally configurable and to have the entire config files a bit more readible.. 1104081873 M * JonB Bertl: ndim wants IPv6 1104081884 M * JonB Bertl: or maybe it was someone else 1104081890 M * JonB Bertl: but someone asked about it 1104081892 M * dominance Bertl: currently you need to set aswell lowercase and uppercase environment constants to get is respected while make install 1104081898 M * dominance JonB: it was ndim.. 1104081906 M * Bertl yea, I guess Ola is willing to work on the debian packages and we will try to find sane solutions in the new year ... 1104081923 M * dominance Bertl: problem isn't within the deb.. problem is at least partly upstream 1104081946 M * Bertl I'm pretty sure, enrico is willing to adjust some things for debian too ... 1104081951 M * dominance Bertl: but i have tried to come up with a cleaned util-vserver alpha deb... for a discussion basis.. 1104081959 M * Bertl (he already did for many other distros) 1104081965 M * dominance Bertl: this is nothin "Debian-specific".. 1104081995 M * Bertl okay, I have to get some dinner first ... back in 30min (then for real) 1104082000 M * JonB dominance: okay, thanks 1104082001 M * dominance Bertl: yet the debian-specific would be to compile the "doc" target already as a preparation of the release tarball.. 1104082021 N * Bertl Bertl_oO 1104082031 M * dominance Bertl: the graphvis is in non-free and would thus break with the Debian "main" location.. 1104082133 M * ndim graphviz :) 1104082144 M * dominance ok, viz.. 1104082146 M * dominance ;) 1104082317 J * sannes ~ace@home.skarby.no 1104082559 Q * sannes Read error: Connection reset by peer 1104083098 N * Bertl_oO Bertl 1104083118 M * Bertl okay, back now for real ... 1104083144 M * Bertl ndim: you want ipv6 asap? 1104083249 M * Bertl dominance: do you have patches for 'improvements' or 'debianization' which doesn't hurt other distros (for the tools)? 1104083295 M * Bertl JonB: thanks for relaying the message ... 1104083315 M * JonB Bertl: you're velcome 1104083332 M * JonB Bertl: does it support IPv6 ? 1104083349 M * Bertl ngnet? not yet, but it's pretty easy to add, just needs somebody to test 1104083355 M * JonB Bertl: i told him about a work arround using iptavles 1104083379 M * Bertl the legacy networking code probably never will support ipv6 1104083548 M * JonB Bertl: okay, then ndim could test it for you 1104083781 M * Bertl yes, probably ... we'll see, he'll speak for himself ... 1104083900 M * JonB Bertl: ofc 1104084133 M * Doener Bertl: how far is 1.9.4 away? 1104084168 P * snapple Leaving 1104084283 M * ndim Bertl: No, I don't need IPv6 ASAP. I'd just hate to have /etc/vservers/foobar/{netthis,netthat} for IPv4 settings and /etc/vservers/foobar/IPv6 for IPv6. I'd much prefer /etc/vservers/foobar/net/{common,ipv4,ipv6,anothernetfamily}. 1104084309 Q * flock Ping timeout: 480 seconds 1104084320 M * ndim I don't remember the exact pathes (it was so badly documented the last time I looked at it that I didn't get it to actually run at all). 1104084381 M * ndim I just mentioned IPv6 as an example where the config format could use a clean redesign before the alpha code moves to beta status. 1104084412 M * Doener AFAIK there's no ipv6 support in the configuration... 1104084417 M * ndim Exactly. 1104084438 M * ndim And the IPv4 support in the config just assumes that IPv4 will be everything everyone would ever need. 1104084449 M * ndim But I gotta run... 1104084493 M * Bertl the configuration isn't able to handle ngnet yet 1104084500 M * Bertl and it isn't even required to do so ... 1104084501 M * Doener the net configuration ... too fast 1104084535 M * Bertl but yes, we will need config support for ipv6 1104084632 M * dominance Bertl: re.. well i have started to try packaging for now.. 1104084644 M * dominance Bertl: and the "improvements" aren't yet patchified.. 1104084656 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il 1104084659 M * dominance Bertl: for i'd love to have someone "in the know" betatest the packs first.. 1104084666 M * Bertl well, I'd suggest sending them to the ml (with cc to enrico) asap 1104084676 M * Bertl (in patch form) 1104084695 M * dominance Bertl: and once we have proven that the effect is assured, there'll be patches.. 1104084709 M * dominance Bertl: well.. let's start with the compile errors.. 1104084711 M * Bertl and if possible, separate debian specific patches from general improvements 1104084714 M * dominance ehrm.. warnings.. 1104084720 M * dominance while building the util-vserver i get those: 1104084729 M * dominance http://backend.verfaction.de/~kk/util-vserver/buildlog_stderr.log 1104084755 M * dominance and have to define "pkgstatedir=/var/run pkglibdir=/var/lib/util-vserver pkgstaterevdir=/var/run/vserver/.rev vshelperstatedir=/var/run/vshelper PKGSTATEDIR=/var/run PKGLIBDIR=/var/lib/util-vserver PKGSTATEREVDIR=/var/run/vserver/.rev VSHELPERSTATEDIR=/var/run/vshelper" as environments 1104084787 M * dominance or maybe i didn't find the correct switches for configure 1104084790 M * Bertl the #warnings are developer output ... 1104084811 M * Bertl and they are _not_ gcc extensions, they are preprocessor extensions 1104084814 M * dominance the really annoying about these are that that i have to define them twice as lower- and as uppercase 1104084828 M * dominance "src/chbind.c:200: warning: warning: gethostbyname() leaks memory. Use gethostbyname_r instead!" too? *g* 1104084849 M * Bertl no, but why is gethostbyname leaking memory? 1104084890 M * dominance i didn't put that warning there.. i just copied stderr =) 1104084922 M * Bertl yes, I know, ... thing is this is probably done with a 3.4 or 4.0 gcc 1104084925 M * dominance and from a user/packager point of view i don't care *WHY* they happen.. i just read their text.. =) 1104084932 M * dominance 3.3 1104084947 M * dominance gcc (GCC) 3.3.5 (Debian 1:3.3.5-5) 1104084949 M * Bertl interesting that complains about this too? sec 1104084950 M * dominance to be precise.. 1104084976 M * dominance there is a gcc-3.4 on that host, but it's not the default gcc 1104084986 M * dominance thus if this one is chosen, then that's just another flaw of util-vserver 1104085038 M * Bertl I would opt against a 3.4 gcc for now ... it's too buggy ... 1104085042 M * dominance *ggg* 1104085049 M * dominance for amd64 it's recommended though 1104085067 M * Bertl well, it doesn't even compile the kernel ... *G* 1104085069 M * dominance so the gcc-3.4 should be allowed to be used at least.. 1104085084 M * dominance mmh? for amd64 it does afair 1104085097 M * Bertl another question, how many warnings do you get when you compile the 'debian' kernel? 1104085119 M * JonB Bertl: with or without --pedantic and --ansi ? 1104085121 M * dominance well, let's put this gcc-3.4 aside.. for now it's not important.. it shouldn't be used in the first place.. 1104085148 M * Bertl with the same option dominance used here but with a debian default .config 1104085172 M * dominance the vserver-info does output: 1104085173 M * dominance util-vserver: 0.30.196; Dec 26 2004, 15:36:22 1104085173 M * dominance Features: 1104085174 M * dominance CC: i386-linux-gcc, i386-linux-gcc (GCC) 3.3.5 (Debian 1:3.3.5-5) 1104085174 M * dominance CXX: i386-linux-g++, i386-linux-g++ (GCC) 3.3.5 (Debian 1:3.3.5-5) 1104085174 M * dominance CPPFLAGS: '' 1104085174 M * dominance CFLAGS: '-Wall -g -O2 -std=c99 -Wall -pedantic -W' 1104085176 M * dominance CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W -fmessage-length=0' 1104085178 M * dominance build/host: i386-pc-linux-gnu/i386-pc-linux-gnu 1104085180 M * dominance Use dietlibc: yes 1104085188 M * dominance Build C++ programs: yes 1104085190 M * dominance Build C99 programs: yes 1104085192 M * dominance Available APIs: compat,v11,v13,fscompat,net,oldproc,olduts 1104085193 M * Bertl and don't get me wrong, most of those 'warnings' can and will probably be fixed ... 1104085196 M * dominance ext2fs Source: e2fsprogs 1104085198 M * dominance syscall(2) invocation: fast 1104085201 M * dominance vserver(2) syscall#: 273/glibc 1104085204 M * dominance oh, i'm sure they will =) 1104085215 M * dominance they don't make my primary problem anyway =) 1104085226 M * Bertl thought so ... 1104085256 M * dominance ndim had some thoughts too about splitting up the host and guest tools which make sense to me and some patches about manpages in the wrong category and stuff 1104085279 M * dominance so if someone using a Debian host and knowing vserver by heart could help debugging the debs, that'd help allot. 1104085307 M * dominance so ndim and me can do debs and when they are working like they should, then we could propose them upstream to Ola.. 1104085308 M * Bertl what are the 'guest' tools? 1104085344 M * dominance uhm, haven't checked that indepth.. lemme check ndim's rules.. 1104085401 M * dominance he has those in the guest tools package: 1104085402 M * dominance man/chbind.8 1104085402 M * dominance man/chcontext.8 1104085402 M * dominance man/reducecap.8 1104085402 M * dominance man/vps.8 1104085404 M * dominance man/vpstree.8 1104085405 M * dominance man/vserver-stat.8 1104085407 M * dominance man/vserver.8 1104085409 M * dominance man/vtop.8 1104085444 M * Bertl aha, and what are the host tools then? 1104085454 M * Doener hm, without chcontext you can as well leave the kernel unpatched :) 1104085459 M * dominance hmmm 1104085467 M * dominance interestingly the same.. 1104085481 M * Bertl aha ;) 1104085481 M * dominance i guess i should build his package and check.. hold on a sec.. 1104085712 M * dominance hmm 1104085747 M * dominance i guess ndim should explain that by himself.. 1104085757 M * dominance but to me this looks like a "work in progress" 1104085815 Q * t_ Ping timeout: 480 seconds 1104085833 J * t_ ~tnichols@CPE-139-168-209-155.sa.bigpond.net.au 1104085842 M * dominance somewhat i can't really see the difference in the built tools.. just in the depends.. 1104085873 M * Bertl okay, we'll wait for him ... 1104085889 M * Doener Bertl: any ETA for 1.9.4? trying to decide whether i should ask for a split patch for the current version or for 1.9.4 ;) 1104085906 M * Bertl well, you'll get a split very soon ... 1104085912 M * dominance interestingly though i can't change /etc/vservers/util-vserver-vars and have vserver-info tell me the new location of the vserver-root 1104085923 M * Doener sounds like 1.9.4 is near 1104085990 M * dominance hmm 1104086004 M * Doener dominance: did you change the path to util-vserver-vars? here it is below ..../lib/util-vserver 1104086025 M * dominance DEFAULT_VSERVERDIR='/var/lib/vservers' is in /var/lib/util-vserver/util-vserver-vars, yet /etc/vservers/util-vserver-vars has VROOTDIR='/srv/vservers' 1104086049 M * dominance i wonder if this should be symlinked to /var/lib/util-vserver/util-vserver-vars 1104086058 M * Doener there's no /etc/vservers/util-vserver-vars at all on my box 1104086092 M * Bertl imho 90% of the issues are realted to bad configure time options 1104086097 M * dominance well, i don't install this especially.. so the make install or make install-distribution needs to be doing this 1104086118 M * dominance Bertl: that's why i'm asking that someone with vserver experience would shed some light onto this 1104086148 M * dominance Bertl: the configure is run with --with-vrootdir=/var/lib/vservers .. so it's correct to assume that for the start.. 1104086158 M * dominance but once i change this, it should someone head to the new location 1104086161 M * Bertl util-vserver-0.30.196]# ./configure --help 1104086198 M * Bertl setting the various prefixes and such is probably sufficient ... 1104086216 M * Bertl it even displays your system defaults 1104086235 M * dominance Bertl: hmmm, haven't seen options for what i wanted to change.. 1104086255 M * Bertl --with-initrddir use as directory for SysV init-files (default: 1104086255 M * Bertl $sysconfdir/rc.d) 1104086255 M * Bertl --with-kerneldir=DIR assume kernelsources in DIR (default: 1104086255 M * Bertl /lib/modules//build) 1104086255 M * Bertl --with-vrootdir=DIR place vservers under DIR (default: /vservers) 1104086269 M * dominance sure.. nothin wrong with that.. 1104086279 M * Bertl plus the config, bin etc dirs 1104086282 M * dominance but how to set: pkgstatedir=/var/run pkglibdir=/var/lib/util-vserver pkgstaterevdir=/var/run/vserver/.rev vshelperstatedir=/var/run/vshelper 1104086300 M * dominance pkgstatedir would else become /usr/var/run 1104086309 M * dominance pkglibdir would be /usr/lib/util-vserver 1104086312 M * Bertl --localstatedir=DIR modifiable single-machine data [PREFIX/var] 1104086327 M * Bertl --libdir=DIR object code libraries [EPREFIX/lib] 1104086329 M * dominance hmm, lemme check this.. 1104086345 M * Bertl don't tell me that is the first time you use configure? ;) 1104086350 M * dominance nope =) 1104086370 M * dominance but a quick search thru Makefile.am and configure didn't yield my searchstrings.. 1104086732 M * dominance btw. how tight is the need to have iproute and vlan in the depends? 1104086756 M * Bertl iproute is essential, vlan probably not if you don't have vlans 1104086783 M * dominance well, i still see a /usr/lib/util-vserver/FEATURES.txt with the localstate set 1104086819 M * dominance this the pkglibdir isn't set yet.. 1104086838 M * dominance the rest is ok so far 1104086922 M * Bertl what did you set libdir too? 1104086931 M * Bertl --libdir= 1104086946 M * dominance well, i want the *LIB* part in /usr/lib.. but the file archive library in /var/lib/.. 1104086956 M * dominance thus setting the libdir will not yield what i want.. 1104086974 M * dominance or did i get something wrong?! 1104086997 M * Bertl well, you probably need a new option for that ... 1104087009 Q * flock Ping timeout: 480 seconds 1104087022 M * dominance ./usr/lib/libvserver.so.0.0.0 is ok in /usr/lib.. but the pkglibdir isn't supposed to be /usr/lib IMHO 1104087033 M * dominance thus pkglibdir is already sufficient for me.. 1104087069 M * Bertl if that works ... not sure the separation is there ... 1104087100 M * dominance that'd be the next question =)) 1104087120 M * dominance but at least i've tightened the build-deps on dietlibc already.. 1104087136 M * dominance or ain't it valid anymore that dietlibc is *strongly* recommended? 1104087150 M * Bertl it is, because of the resolver issues 1104087167 M * dominance ok 1104087168 M * Bertl (you have to ask enrico for details) 1104087177 Q * JonB Quit: Leaving 1104087186 M * dominance (i don't want details.. i want answers.. solutions.. not more problems) 1104087192 M * Bertl is the dietlibc for debian already fixed? 1104087197 M * dominance fixed? 1104087200 M * Bertl (I mean for amd64) 1104087201 M * dominance was it broken? 1104087207 M * dominance amd64 is no official port 1104087213 M * dominance thus it can be broken and i don't care 1104087215 M * Bertl yes it was and maybe still is broken on 64bit archs 1104087230 M * dominance if on all 64bit archs, then that'd be a problem 1104087281 M * Bertl dominance: try to look a little beyond your 'usual' field of application ;) 1104087299 M * dominance :-P once i have things working which i need 1104087314 M * Bertl in the next year, linux-vserver will be used on amd64 more often than on x86 ... 1104087316 M * dominance but *first* i want a known-working.. then go for a generic-known-working.. 1104087327 M * dominance and as my server is amd64 i will want amd64 working too, don't worry.. =) 1104087391 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il 1104087441 M * Bertl wb flock! 1104087673 M * dominance Bertl: dietlibc build problems on 64bit have been marked as resolved btw. 1104087693 M * Bertl excellent! 1104088023 M * Bertl Doener: http://vserver.13thfloor.at/Experimental/split-vs1.9.3.14/ 1104088145 M * Bertl and http://linux-vserver.org/ToDo+List+Kernel ;) 1104088188 M * dominance .14? what's new? 1104088213 M * Doener thanks! 1104088213 M * Bertl a few cleanups, nothing essential ... 1104088242 J * _are_ ~are@dsl-082-082-062-022.arcor-ip.net 1104088250 M * dominance ok 1104088256 M * Bertl welcome _are_! 1104088299 M * Doener ah, i always wanted to ask what "reduce usage of current->*" means... replace those lines by using the existing macros? 1104088336 M * Bertl hmm, no not really, it's jsut the first step 1104088349 M * Bertl the thing is, current->* is expensive in the kernel 1104088359 Q * flock Ping timeout: 480 seconds 1104088368 M * Bertl so you want to reduce the number of invocations ... 1104088378 M * Doener i see 1104088404 M * Bertl for example doing xid_t xid = current->xid; and then using that is cheaper as calling current->xid twice 1104088417 M * Bertl (and not using it at all is the cheapest of course ,) 1104088533 M * Doener hmm... i still have to test my tagxid-remount patch... 1104088582 M * _are_ hi 1104088583 M * Bertl a few things have changed around the xid handling .. 1104088638 Q * Hollow Remote host closed the connection 1104089530 J * sannes ~ace@home.skarby.no 1104089565 M * Bertl welcome sannes! 1104089875 Q * t_ Ping timeout: 480 seconds 1104090262 J * t_ ~tnichols@CPE-139-168-209-155.sa.bigpond.net.au 1104090287 M * Bertl wb t_! 1104092367 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il 1104092422 M * Bertl wb flock! 1104092439 M * flock 'lo 1104093331 M * Bertl it's hard to believe but I finished a allmodconfig build for 2.6.10 ... (with vserver) 1104093342 M * Bertl du says: 581248 /src/modules/2.6.10-vs1.9.3.14 1104093393 M * Bertl (well okay it's with debug info included) 1104093550 Q * mcp Ping timeout: 480 seconds 1104093979 M * Schak hi, can anyone help me? -> i build 2.6.9 with uid/gid32 and build a vserver, which was working perfectly... few hours ago i switched to uid/gid24, rebuild the kernel, rebooted... and now exim has lots of errors and doenst start at all... strace tells me, that he cant access to /etc/passwd ... but this file has 644! 1104094018 M * Bertl hmm, did you mount any partition with tagxid? 1104094095 M * Schak no... there is nothing i mounted... the vserver is unter /vservers... and this is a path in /dev/hda3 (root) 1104094108 M * Schak ext3 1104094144 M * Bertl okay, the fstab for that mount doesn't contain tagxid or xid in the line for /vservers ? 1104094223 M * Bertl anyway, let's check those files with lsxid ... 1104094228 M * Schak yes, i havent touched the /etc/fstab at the host yet 1104094347 M * Schak cd /vservers/base/etc ... lsxid ... i get EVERYWHERE !!ERR!! 1104094363 M * Schak vserver base is running at the moment 1104094403 M * Bertl okay, that looks fine so far ... 1104094413 M * Bertl did you compile the linux-vserver debug stuff in? 1104094418 M * Schak no 1104094442 M * Schak shall i?... no problem, if it would help 1104094443 M * Bertl hmm .. okay, that would help here ... 1104094461 M * Schak ok... give me 30 mins 1104094472 M * Bertl btw, you should update to 2.6.10-vs1.9.3.14 if possible 1104094496 M * Bertl (it has some fixes in kernel and vserver) 1104094504 M * Schak oh ok... and really stable? 1104094527 M * Bertl looks good so far ... but the release candidates where pretty stable (kernel is two days old) 1104094626 M * Schak and... do you know, if the 2.6.10 will accept my 2.6.9 config completely? 1104094648 M * Schak i will try... ;) 1104094768 M * Schak [ ] Limit the IDLE task 1104094770 M * Schak do i need this? 1104094795 M * Schak or: is it recommended to enable this? 1104094831 M * Bertl no, the default is fine ... 1104094858 M * Schak ok 1104094861 M * Bertl you just need that if you want precise hard scheduling even if the machine is mostly idle 1104094880 M * Bertl (which has a small overhead and is usually not required) 1104095673 M * Schak do u have the complete url, where i can get the vs1.9.3.14? or is it on the www.13thfloor.de ? 1104095696 M * Schak at... sry 1104095719 M * Bertl yep, sec 1104095744 M * Bertl http://vserver.13thfloor.at/Experimental/patch-2.6.10-vs1.9.3.14.diff 1104095845 M * Schak thx 1104097300 M * Schak this error came approx 50 times... how would you estimate the problem? 1104097300 M * Schak drivers/net/via-rhine.c:1636: warning: passing arg 1 of `readw' makes pointer from integer without a cast 1104097300 M * Schak drivers/net/via-rhine.c:1637: warning: passing arg 1 of `readw' makes pointer from integer without a cast 1104097300 M * Schak drivers/net/via-rhine.c:1647: warning: passing arg 2 of `writeb' makes pointer from integer without a cast 1104097300 M * Schak drivers/net/via-rhine.c:1662: warning: passing arg 2 of `writeb' makes pointer from integer without a cast 1104097924 M * Loki|muh hey guys 1104097962 M * Loki|muh do you think that CAP_FOWNER is not bad to give to a vserver? 1104097968 M * Loki|muh this is needed for acls 1104098008 M * Bertl Schak: that is fine .. the error is new, the problem is very old ... 1104098024 M * Bertl hey Loki|muh! 1104098084 M * Bertl Loki|muh: hmm, isn't that part of the default capabilities? 1104098147 M * Loki|muh I dont know... a customer came to me and asks for the capability 1104098175 M * Bertl sec, checking ... 1104098203 M * Bertl CapPrm:00000000d44c04ff 1104098203 M * Bertl CapEff:00000000d44c04ff 1104098216 M * Bertl so yes, that capability is given for vserver root by default 1104098256 M * Loki|muh ah thx 1104098259 M * Bertl the entire CAP_FS_MASK by the way 1104098272 M * Loki|muh in which file can I find this? 1104098278 M * Bertl include/linux/capability.h 1104098344 M * Bertl Schak: the various driver writers have to 'adapt' their drivers to use proper pointers ... 1104098380 M * Schak and this has not been done yet ... ok ;) 1104098382 M * Schak Linux kara 2.6.10-vs1.9.3.14 #1 Sun Dec 26 22:38:53 CET 2004 i686 GNU/Linux 1104098383 M * Schak works! 1104098401 M * Bertl what does kara refer to, if I may ask? 1104098402 M * Loki|muh Bertl: there is no CapPrm and CapEff in /usr/include/linux/capability.h 1104098427 M * Bertl that one is the output of chcontext --ctx 100 --secure grep Cap /proc/self/status 1104098427 M * Schak sorry? ... kara is my host 1104098442 M * Bertl yeah, does that name refer to anything? 1104098469 M * Schak yes... java programming... eth zürich... kara, der marienkäfer ;) 1104098486 M * Bertl ah, okay, i.c. thanks ;) 1104098491 M * Schak you know this? 1104098530 M * Loki|muh Bertl: ah thx! :) 1104098537 M * Bertl Schak: yes, I know it .. 1104098558 M * Bertl EASA 2002 IIRC 1104098616 M * Schak context: "endliche automaten"... great stuff ;) 1104098625 M * Schak .o0( i think ) 1104098641 M * dominance Bertl: when will ensc most probably show up next? 1104098642 M * Bertl yeah, I made my diploma thesis in the area of graph grammars ... ;) 1104098670 M * Bertl dominance: best you send him an email (better mail it on the ml, and cc him) 1104098694 M * dominance mmh, ok.. 1104098701 M * Bertl (he is currently busy with his thesis) 1104099180 M * Schak welllll... my base vserver is running... debug mode is compiled into the kernel... what do i have to do now? 1104099211 M * Bertl try to start the vserver with exim (or exim) 1104099219 M * Bertl watch the messages in the syslog 1104099245 M * Schak syslog @ the V or @ the host? 1104099245 M * Bertl on what filesystem is taht exim? 1104099258 M * Bertl the syslog and kernel log on the host 1104099354 M * Schak concerning the vserver in kern.log only: 1104099356 M * Schak Dec 26 23:12:19 kara kernel: process `named' is using obsolete setsockopt SO_BSDCOMPAT 1104099360 M * Schak in syslog nothing 1104099393 M * Bertl but exim fails? 1104099394 M * Schak exim was tried to get started via init.d scripts when i typed vserver base start 1104099396 M * Schak yes 1104099412 M * Bertl okay, then it is 99% exim only related ... 1104099425 M * Bertl let's strace that bugger ... 1104099428 M * Schak interested in the strace? 1104099429 M * Schak ok 1104099606 M * Schak but i cannot explain, why exim was working perfecty... since i rebooted the host, where i changed the kernel to uid/gid24, this problem exist 1104099637 M * Bertl well, if you want to do a 'quick' verify on that, just change the tagging and try again ... 1104099652 M * Bertl (I'm pretty confident it is not related) 1104099684 M * Bertl nevertheless, it could be a vserver related issue, so let's investigate it a little further ... 1104099712 M * Schak http://nopaste.chillfactory.net/show.php?id=139 1104099743 M * Schak ok... if you cannot recognise any problems in the strace pasting, then i will change back to uid/gid32 1104099752 M * Bertl it's trying to connect to /dev/log ... 1104099755 M * ndim re 1104099795 M * Bertl Schak: check what /dev/log inside the vserver is, and if it is connected to the syslogd and if the permissions allow for a connect .. maybe you are using the wrong pipe? 1104099804 M * Bertl wb ndim! 1104099815 M * Schak /dev/log doesnt exist 1104099821 M * Bertl dominance: ndim is back ... 1104099849 M * Bertl Schak: maybe you didn't start the syslog service? 1104099853 M * Bertl (on the vserver) 1104099854 M * dominance apparently 1104099915 M * Schak aaaah... i got it... yesterday i removed the sysklogd... and the syslogd is included in the sysklogd package 1104099920 A * Bertl just thought you had some questions ... 1104099952 M * ndim I'm going to start reading backlog now. 1104099952 M * Schak you were right... i told it... yes yes... 1104099986 M * Bertl you can probably work around that (if you don't want syslogd inside the vserver) by replacing /dev/log with a /dev/null 1104100141 M * Schak /dev/log exist now... syslogd is started... but exim doesnt start... same error msg 1104100177 M * Schak base:/dev# /etc/init.d/exim start 1104100177 M * Schak Starting MTA: 2004-12-26 22:28:35 Exim configuration error 1104100177 M * Schak group mail, referred to in line 213, was not found 1104100177 M * Schak 2004-12-26 22:28:35 Exim configuration error 1104100177 M * Schak group mail, referred to in line 213, was not found 1104100178 M * Schak exim: could not open panic log - aborting: original error above 1104100239 M * Bertl well, does group mail exist in /etc/group ? 1104100260 M * Doener does /var/log/exim exist as a directory? 1104100279 M * Doener 258: open("/var/log/exim/paniclog", O_WRONLY|O_APPEND|O_CREAT, 0640) = -1 EACCES (Permission denied) 1104100304 M * Doener hm, and /etc/group isn't accessable as well... 1104100325 M * Schak base:/var/log/exim# ls -l 1104100325 M * Schak total 4 1104100325 M * Schak -rw-r----- 1 mail adm 897 Dec 26 05:53 mainlog 1104100325 M * Schak -rw-r----- 1 mail mail 0 Dec 26 05:25 paniclog 1104100341 M * Bertl is exim started as user mail? 1104100343 M * Schak base:/var/log/exim# ls -l /etc/group /etc/passwd 1104100343 M * Schak -rw-r--r-- 1 root root 441 Dec 26 04:32 /etc/group 1104100343 M * Schak -rw-r--r-- 1 root root 917 Dec 26 13:44 /etc/passwd 1104100364 M * Bertl ah, maybe exim is chrooting into some other place? 1104100387 M * Schak yes... exim is started with root rights 1104100398 M * Schak and i guess it ends as user mail 1104100431 M * Bertl could you update the strace (and do it with -fF) please? 1104100472 M * Doener setregid32(0xffffffff, 0x8) = 0 1104100472 M * Doener setresuid32(0xffffffff, 0x8, 0xffffffff) = 0 1104100525 M * Doener user looks fine... 1104100534 M * Bertl I'm more interested in what /var/spool/exim is/should contain ... 1104100571 M * ndim My motivation to separate into -host and -guest was that there is stuff in there which only makes sense on a host system (stuff like starting a vserver), and stuff which only makes sense on a guest system (stuff like starting a daemon with a special binding). And you won't need one on the other. 1104100606 M * Bertl ndim: okay, but util-vserver doesn't contain _any_ guest tools, right? 1104100607 M * Doener ndim: you can't control bindings from within the vservers... 1104100614 M * Schak http://nopaste.chillfactory.net/show.php?id=140 1104100659 M * ndim Bertl: The version I downloaded some time ago did, as far as I could discern. If it doesn't, either I am quite insane or it is quite badly documented. 1104100662 M * ndim :) 1104100686 M * ndim Doener: I don't remember all the details. I did that stuff a few months ago. 1104100687 M * Bertl Schak: okay what does ls -la /dev/log inside the vserver give? 1104100717 M * Bertl ndim: hmm, okay, what 'tools' are considered guest stuff by you? 1104100737 M * ndim Lemme check my package... 1104100739 M * Schak base:/var/spool/exim# ls -la /dev/log 1104100739 M * Schak srw-rw-rw- 1 root root 0 Dec 26 23:28 /dev/log 1104100764 M * Bertl and ls -lda /dev 1104100765 M * Schak http://nopaste.chillfactory.net/show.php?id=141 1104100780 M * Schak base:/var/spool/exim# ls -lda /dev 1104100780 M * Schak drwxr-xr-x 3 root root 24576 Dec 26 23:28 /dev 1104100813 M * Schak ... missing w for all? 1104100830 M * Bertl no no that's fine ... 1104100833 M * Schak ok 1104100847 M * Bertl do you get any messages on the host (syslog or dmesg)? 1104100928 M * Schak dmesg at the V is not permitted... dmesg at the host gets nothing, what could help in this case 1104100959 M * Bertl okay, for your info, we are looking for vsW messages 1104100985 M * Bertl btw, did I miss your answer regarding the filesystem your vserver is located on? 1104101117 M * Schak it is a simple path in the main root system, which is ext3... no "vserver in a box" 1104101171 M * Bertl okay, so we have to find out why connect via /dev/log doesn't work ... any ideas? 1104101222 M * Bertl Schak: try with logger 1104101270 M * Schak how does logger work? 1104101280 M * Schak which command do i have to type? 1104101287 M * Schak logger /etc/init.d/exim ? 1104101301 M * Schak logger /usr/sbin/exim ... ? 1104101353 M * Bertl logger -p local0.notice "Hello folks!" 1104101428 M * Bertl or logger -p kern.crit "Hello folks!" if your syslog ignores the other ;) 1104101432 M * ndim Bertl: I found e.g. /usr/lib/util-vserver/fakerunlevel and /etc/init.d/v_* to belong to -guest. 1104101456 M * Bertl ndim: no, they are exclusively host specific (at least the v_*) 1104101460 M * ndim Bertl: If this is wrong, I'd like to ask you whether you are really using *nothing* vserver related in guest systems? 1104101475 M * Schak Dec 26 23:47:34 base logger: /etc/init.d/exim 1104101475 M * Schak Dec 26 23:50:06 base logger: Hello folks 1104101477 M * Schak hrhr ;) 1104101493 M * Bertl ndim: AFAIK we do not change anything inside the guest ... 1104101521 M * Bertl Schak: okay, now try with logger -p local0.notice -u /dev/log "Hello folks!" 1104101556 M * Bertl or maybe logger -p local0.notice -f /dev/log "Hello folks!" ? 1104101576 M * Schak base:/var/log# logger -p local0.notice -u /dev/log "Hello folks" 1104101576 M * Schak connect: Protocol wrong type for socket. 1104101613 M * Schak base:/var/log# logger -p local0.notice -f /dev/log "Hello folks" 1104101613 M * Schak logger: /dev/log: No such device or address. 1104101642 M * Bertl I've got another one: logger -p local0.notice -d -u /dev/log "Hello folks!" 1104101720 M * Schak Dec 26 23:54:15 base : Hello folks 1104101724 M * Schak in syslogd 1104101733 M * Schak ehh... /var/log/syslog 1104101755 M * Bertl okay ... looks good, let's try that from another user ... do an su to the mail user ... 1104101784 M * Schak doesnt work... because he has shell /bin/false... i edit this... wait 1104101839 M * Schak hmm strange 1104101847 M * Schak base:/var/log# su mail 1104101847 M * Schak No shell 1104101856 M * Schak but: mail:x:8:8:mail:/var/mail:/bin/sh 1104101862 M * Schak in /etc/passwd 1104101898 M * Bertl does /var/mail exist? 1104101935 M * Schak base:/var/mail# ls -Ral 1104101935 M * Schak .: 1104101935 M * Schak total 12 1104101935 M * Schak drwxrwsr-x 2 root mail 4096 Dec 26 05:48 . 1104101935 M * Schak drwxr-xr-x 15 root root 4096 Dec 26 04:14 .. 1104101936 M * Schak -rw-rw---- 1 root mail 1500 Dec 26 05:48 root 1104101953 M * Bertl and btw, what does grep mail /etc/group return? 1104101958 M * ndim Bertl: If no one has ever used any vserver specific userspace tools in a guest system, then the -guest package is obsolete, of course. 1104101979 M * Schak base:/var/mail# grep mail /etc/group 1104101979 M * Schak mail:x:8: 1104101983 J * DuckMaster ~Duck@dyn-83-157-168-176.ppp.tiscali.fr 1104101988 M * Bertl welcome DuckMaster! 1104101988 M * ndim I just got the impression there were such tools when I tried to find out how util-vserver alpha work. 1104102006 M * Doener ndim: actually most if not all tools aren't allowed to be used from within the vserver 1104102055 M * ndim Doener: Very good. Most or all? :) 1104102065 M * Schak wow... i created with adduser a new user... and this user cant login, too 1104102123 M * Bertl some special security? 1104102140 M * Doener things like v_inetd are meant be used in the host to help services that can't bind to a specific ip themselves (or for lazy admins, your choice) 1104102155 M * Bertl Schak: apropos security, you have not accidentially compiled the capabilities as module and not loaded it? 1104102185 M * Doener ndim: none are meant to be used from within the vserver, and i don't think any have any effect when used from within 1104102195 M * Schak module support is completely off, everything i need is directly compiled into the kernel 1104102210 M * Doener ndim: f.e. the vserver syscall is protected by CAP_CONTEXT, which no vserver should have 1104102244 M * Schak [00:02:39] some special security? <-- its the default woodie install from debootstrap... nothing specific handmade stuff 1104102284 M * Bertl Schak: you are logged on via ssh or 'enter' ? 1104102296 M * Schak i tried both 1104102313 M * Schak via root works both... via user neighter nor 1104102314 M * ndim Doener: OK. So the use case for v_inetd is to have a vserver kernel and run inetd on a specific IP in the host system's context? 1104102356 M * Bertl Schak: okay, logon via ssh (as root) restart the syslog service from there, and tail -f the output /var/log/messages (or whatever) 1104102374 M * Bertl then try to logon via ssh as user x/y 1104102383 M * Doener ndim: exactly, if it would listen on 0.0.0.0 it would prevent the vservers from using the same ports on 'their' ip addresses. But I'd prefer to change inetd's configuration instead ;) 1104102401 M * ndim Oh, I see. 1104102415 Q * duckx Ping timeout: 480 seconds 1104102417 M * Bertl you basically can use those wrappers for all services except sshd 1104102420 M * Doener btw using v_sshd is a very bad idea ;) 1104102443 M * Bertl (sshd is special in that way that you usually want to administer your vservers over ssh too) 1104102444 M * Schak Dec 26 23:54:15 base : Hello folks 1104102444 M * Schak Dec 27 00:06:32 base exiting on signal 15 1104102444 M * Schak Dec 27 00:06:33 base syslogd 1.4.1#10: restart. 1104102494 M * ndim Well, sshd can be configured to listen to a specific IP anyway. 1104102519 M * Bertl Schak: the sshd logon isn't even reported? 1104102538 M * Doener yeah, but lazy folks may tend to use v_ssh no matter what ;) 1104102556 M * Bertl imho v_sshd should be removed ... 1104102590 M * Schak i cant login with a normal user... same error... connection closed by foreign host 1104102607 M * Schak [00:09:15] Schak: the sshd logon isn't even reported? <-- yes, its in /var/log/auth.log 1104102635 M * Bertl ah, okay, and the sshd doesn't report anything? 1104102677 M * Schak a paste the last line from auth.log into the query window 1104102919 M * Bertl let's try to run the sshd with -d (on a different port) 1104102948 M * Bertl (e.g. sshd -d -p 9999) 1104103035 M * Doener inode->i_gid = INOXID_GID(XID_TAG(inode), uid, gid); 1104103037 M * Schak ok 1104103042 M * Doener +#define XIDINO_GID(tag, gid, xid) (gid) 1104103077 M * Doener that becomes: inode->i_gid = uid , right? 1104103151 M * Schak login_get_lastlog: Cannot find account for uid 1000 1104103176 M * Bertl Doener: the way you present it here, yes 1104103186 M * Schak base:/# grep 1000 /etc/passwd 1104103186 M * Schak pzystorm:x:1000:1000:,,,:/home/pzystorm:/bin/bash 1104103217 M * Doener hm, did i mess up something? 1104103251 M * Bertl sec, I'm verifying (which tagging scheme did you assume?) 1104103261 M * Schak 24bit 1104103261 M * Doener oops... INOXID vs. XIDINO... 1104103312 M * Bertl Schak: how good is your network connection, and how large is the vserver? 1104103343 M * Bertl (or is it possible to get access to that vserver somehow?) 1104103348 M * Schak 100mbit... "large"?... hd size?... amount of vserver? 1104103351 M * Schak yes of course 1104103358 M * Schak query 1104103763 M * Bertl okay, problem solved ... please Doener, explain ... ;) 1104103787 M * Bertl (the honor is yours, as you spotted it first :P) 1104103800 M * Doener all permissions for the vserver's root directory were revoked, thus nobody except root had any right to access any files 1104103835 M * Bertl maybe also a good idea for a FAQ if not already there? 1104103874 M * Doener those permissions were meant to be set for the /vservers directory (plus chattr +t) with the 2.4 patches to protect from chroot escapes, but this is no longer necessary as we now have a special flag to achieve the same 1104103912 M * Bertl (the barrier flag, and it isn't even neccessary for namespace based servers anymore) 1104104090 M * Bertl Schak: exim now working as expected? 1104104361 M * Schak yes... problem no2 was, that i had running qmail on the host listening at 0.0.0.0 on port 25... so exim on the vserver cant listen... after stopping qmail, i restarted exim... and now everything works 1104104371 M * Bertl Doener: what do you think of the split, are the logical units sound for you? 1104104391 M * Bertl Schak: excellent ... 1104104584 M * Doener i don't know yet if it is wise to put the includes into a seperate patch... 1104104612 M * Bertl well, I did that to basically get rid of them ... 1104104637 M * Bertl and it already reduced the number of included files) 1104104684 M * Doener ok, if you can track them easier that way, it's fine with me. I'm bad at keeping track of them anyways ;) 1104104742 M * Bertl every now and then I remove one (i.e comment them out) and see if it compiles ;) 1104104748 M * Doener hehe 1104104793 M * Bertl but splitting out the cmdef stuff was a great improvement regarding kernel rebuilds ... 1104105027 M * Doener hm? 1104105092 M * Bertl well, in the beginning I had the init/exit/proc stuff in the definition files, which resulted in a complete kernel recompile everytime I changed something 1104105101 A * ndim is feeling weak and goes fetch more Kaesspaetzle 1104105407 M * Bertl hmm, a snack .. good idea ...