1104192522 M * Doener mikeb: are you using dietlibc? 1104192532 M * mikeb Doener: Yes 1104192537 M * mikeb 0.27 1104192570 M * Doener there is a bug in the latest release on x86_64, please check if fedora fixed that in their package 1104192576 M * mikeb Though I used the fedora rpm and built it for x86_64. I didn't pull the patches they included. Meant to ask J katz why Redhat made ditelibc i386 only 1104192621 M * mikeb It included nonull and signal patches 1104192714 M * mikeb Should I built util-vserver against regular glibs or is that worse due to NSS? 1104192775 M * Doener i'm not the one to ask about the problems with glibc... if you like to, i'll dig out the patch for dietlibc to fix the segfault 1104192843 M * mikeb That would be great. I'm trying to find it now but dietlibc.org isn't coming up - trying to find the mnirror I was on this morning 1104193017 M * Doener http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=273748&archive=yes 1104193024 M * mikeb heh found an IRC chat log talking about the patch - mostly that nobody knows where it is LOL 1104193301 M * mikeb Ah - there's 7 patches post 0.27 in the deb ftp archive. Will give them a try. Thanks! 1104194285 M * mikeb Hrm - those were debian specific it seems. /me grabs a CVS checkout - see how that goes 1104195764 M * ndim The good news: My box is working with 2.6.10. 1104195790 M * ndim The bad news: The vs1.9.4.14 vserver patch causes *LOTS* of problems here. 1104196045 M * ndim (oops series concluded with a final panic) 1104196313 A * mikeb got dietlibc cvs (0.28) to build with one config patch frmo redhat and another from the debian patch for setpriority. Now to see if ti works 1104196682 N * Bertl_zZ Bertl 1104196707 M * Bertl morning folks .. (well, couldn't sleep) 1104196755 M * Bertl ndim: which kind of problems? 1104196857 M * mikeb Success!!!!!! 1104196867 M * mikeb Doener: Many thanks for the tip! 1104196877 M * Doener you're welcome! 1104196887 M * Bertl mikeb: the 2.6.9 with 1.9.3.14 was a typo, right? 1104196912 M * mikeb Yes :0 1104196914 M * mikeb 2.6.10 1104196920 M * Bertl oki! ;) 1104196923 M * mikeb But I had issues with dietlibc 0.27 1104196936 M * Bertl yeah, x86_64 woes ... 1104196951 M * mikeb Had to grab dietlibc from CVS and apply a config patch from the fedora RPM and another patch from the debian repo to get dietlibc to build 1104196970 M * mikeb but once I did - I just created and started a vserver in nothign flat 1104196971 M * Bertl you are using fc2 or fc3? 1104196982 A * mikeb does tha happy dance after 12 hours of frustration 1104196984 M * mikeb fc2 1104196984 M * Bertl on the host, that is ... 1104196995 M * mikeb fc3 was really flaky just tryign to install it on my dual opteron box 1104196996 M * Bertl so fc2's dietlibc is broken too? 1104197010 M * mikeb well see there is no dietlibc for x86_64 in fedora anymore 1104197015 M * mikeb they made it i386 only :0 1104197020 M * mikeb for obvious reasons 1104197021 M * Bertl ah, okay ... 1104197037 M * mikeb so I hacked their rpm package with the latest sources, coupel patches, and so far... 1104197069 M * mikeb and to make thignsd really ugly - I'm running on XFS :) Which I know is suspect because of the chroot barrier and the like - but I'm really just exploring at this point 1104197088 M * mikeb Have a good 8 pages of what I ran into trying to do this. Going to clean it up and post later this week 1104197123 M * Bertl documentations and howtos are always welcome ... 1104197125 M * mikeb But since apt is a no go with x86_64 the exciting part was I was able to build a minimal vserver using yum with install-root 1104197147 M * mikeb worked like a charm - did all the dependency checks and poof - installed in a hurry 1104197231 M * mikeb So for the most part I've now got an FC2 x86_64 host on XFS running FC2 vserver setup in a skeleton with pkgs installed via yum and a 'really' new dietlibc rpm :) 1104197260 M * mikeb for 2.6.10/1.9.3.14/0.1.3.195 util 1104197338 M * mikeb and with that - I need food 1104197343 M * Bertl sounds good, folks probably could use the rpm and the yum howto ... 1104197373 M * Bertl ... and of course benefit from your 'findings' ... 1104198922 M * Snow-Man la-de-da. 1104198966 A * Snow-Man will be trying vservers on a bunch of amd64 machines soon. 1104198992 M * no_maam_ I got it running here 1104198996 M * no_maam_ really really very fine 1104199005 M * no_maam_ no amd64 related problems as far as I can see 1104199007 M * Snow-Man I'll be doing it on Debian/amd64. 1104199011 M * Snow-Man pure64 1104199015 M * no_maam_ yes, here too 1104199019 M * Snow-Man Cool. :) 1104199021 M * no_maam_ but I got 32 bit vservers 1104199035 M * Snow-Man Oh? I plan to be doing pure64 vservers.. 1104199044 M * no_maam_ I got it mixed 1104199087 M * Bertl hey no_maam_! how is the radio? 1104199103 M * no_maam_ well, we had some problems on the last show 1104199112 A * Snow-Man waits for mail in his vserver box. :) 1104199128 M * no_maam_ our university had a hacker-contest on the friday after the wendsday where usually the radio is aired 1104199137 M * no_maam_ so everybody was only preparing this contest 1104199164 M * no_maam_ so this was one of the not so well prepared shows 1104199249 M * Snow-Man Alright, welp, bed time for me I think :) 1104199256 M * no_maam_ not for me 1104199275 M * no_maam_ currently on the ccc congress in berlin 1104199320 M * Bertl no_maam_: how was that different from 'our' radio session? 1104199331 M * no_maam_ Bertl: our one was really well prepared 1104199343 M * Bertl really? 1104199349 A * Bertl shrugs ... 1104199388 M * no_maam_ yes, this depends from show to show 1104199434 M * Bertl you remeber that we had no music, and a second line couldn't be used to call outside? 1104199451 M * no_maam_ yes, but this is a generell problem 1104199460 M * no_maam_ we are doing the whole show ourself 1104199476 M * no_maam_ usually if you see a computer-show on tv, there is one or some tech-guys and a moderator 1104199491 M * Bertl yeah, so you do not do music since then? 1104199505 M * no_maam_ we got somebody for music 1104199516 M * no_maam_ but we don't got a professional moderator or so 1104199538 M * Bertl yeah, well, it's your thing, and it was fun anyways ... 1104199542 M * no_maam_ because no one is working there 1104199569 M * no_maam_ yes, it is usually a lot of fun 1104199578 M * no_maam_ and we can always choose a topic we like 1104199600 M * no_maam_ usually, if you got such a show in the big media, you have to choose topics everybody can understand 1104199612 M * no_maam_ you can't do something like virtual linux systems 1104199639 M * no_maam_ only somethink like "how somebody can hack your ebay-account" or so 1104199791 M * Bertl right ... 1104209068 J * adf ~asdf@dsl81-214-31091.adsl.ttnet.net.tr 1104209105 M * Bertl welcome adf! 1104209191 Q * adf Quit: 1104210220 M * Bertl okay, night everyone! 1104210226 N * Bertl Bertl_zZ 1104213172 J * lilo_ ~lilo@lilo.usercloak.oftc.net 1104213172 Q * lilo Read error: Connection reset by peer 1104214320 Q * gaber Ping timeout: 480 seconds 1104214356 J * gaber gaber@linuxpl.net 1104215281 Q * infowolfe Remote host closed the connection 1104215316 J * _infowolfe ~infowolfe@mail.xhcl.net 1104215569 Q * _infowolfe Remote host closed the connection 1104215603 J * infowolfe ~infowolfe@mail.xhcl.net 1104217077 J * Junior_ES Oxd@201008042098.user.veloxzone.com.br 1104217380 Q * Junior_ES Quit: Cuz nothing lasts forever.. 1104222001 Q * _are_ Quit: Disconnecting 1104224947 J * ntrs ntrs@Dardeene-68.188.50.87.charter-stl.com 1104225100 Q * ntrs_ Ping timeout: 480 seconds 1104225513 M * ndim Bertl_zZ: I make screenshots: http://vserver.lauft.net/2.6.10-vs1.9.3.14/ 1104225553 J * rs rs@ice.aspic.com 1104225560 M * rs hi 1104225874 M * ndim Hi. 1104225881 M * ndim Bertl_zZ: This http://vserver.lauft.net/2.6.10-vs1.9.3.14/ is what went wrong. 1104226000 N * Bertl_zZ Bertl_oO 1104226010 M * Bertl_oO ndim: will investigate later, tx 1104226020 M * rs hey Bertl_oO! 1104226222 J * ntrs_ ntrs@Dardeene-68.188.50.87.charter-stl.com 1104226545 Q * ntrs Ping timeout: 480 seconds 1104227923 J * _are_ ~are@mail.foehl.de 1104228025 M * _are_ hi 1104229653 J * Val ~val@gj403.loria.fr 1104229675 M * Val Hi 1104229812 M * sannes morning :) 1104231132 M * sannes Is vroot supported with 2.6 vs? 1104231153 M * _are_ hmm, the server still runs. but won't make 24h uptime, root-fs needs to go to an md-device :-> 1104231197 M * sannes Or don't I need it anymore? 1104231533 M * sannes :) 1104232050 M * _are_ hmm, so far I have not encountered vroot, if you talk about some tool. 1104232061 M * _are_ hjave a vrsetup, though, i never called manually 1104232720 M * sannes well, I use vrsetup to setup a device that I can use the quota tools on to control the quota from the vserver.. 1104232772 M * sannes and the name of the kernel feature is vroot, except that I don't seem able to find it for 2.6 .. 1104232916 M * ndim I vaguely recally I may have read something somewhere about vroot having been removed. 1104233282 J * Alecsandro ale@3ffe:80ee:2584::4 1104233466 M * Alecsandro any people run ipv6 in vserver or patch existent ? 1104233600 M * Loki|muh not yet 1104233609 M * Loki|muh only experimental afaik 1104233615 M * Loki|muh but its coming 1104233662 M * Alecsandro I am running first time vserver 1104233724 M * Alecsandro I did not know he only the uml 1104233782 M * Loki|muh sorry, have to go, will be back soon 1104233833 M * Alecsandro ok 1104235607 Q * monrad Quit: Leaving 1104235957 P * Alecsandro 1104237198 M * ndim ensc: Any reason not to include http://vserver.lauft.net/util-vserver/patches/util-vserver-xsltproc.patch in alpha util-vserver? 1104237224 M * ndim It adds xsltproc support for doing XSLT. 1104237255 M * Loki|muh i think, email would be better 1104237279 M * Loki|muh he was quite busy the last time and is still, afaik 1104237884 M * ndim OK, mail sent. 1104238134 M * Loki|muh lauft.net? why not laeuft.net 1104238174 M * ndim Swabian. 1104238212 M * Loki|muh ah ;) 1104238274 M * Loki|muh what does this xslt? 1104238340 M * Loki|muh generates nice, good readable output? 1104238422 M * ndim It can. 1104238424 M * ndim :) 1104238470 M * ndim xslt is required to build a tarball from CVS, and xsltproc is a widely used xslt processor. 1104239257 M * ndim Loki|muh: The XSLT results are here: http://vserver.lauft.net/util-vserver/doc/ 1104239760 M * Loki|muh ah 1104240010 Q * _are_ Quit: Disconnecting 1104241359 J * Jani ~jani@pD9E80E7F.dip0.t-ipconnect.de 1104241366 M * Jani Good morning all together. 1104241473 M * Loki|muh moin 1104241571 Q * albeiro Remote host closed the connection 1104241905 J * albeiro ~albeiro@linux.gentoo.pl 1104241967 M * Loki|muh are acls working inside a vserver for you? anyone tried? 1104242343 J * berni ~berni@2001:1b18:202::2 1104244808 M * ndim Whoa. http://vserver.lauft.net/util-vserver/doc/compatibility.html (unleashing the power of working documentation builds :) 1104244876 M * Loki|muh nice :) 1104246942 M * Val djbdns power 1104248997 Q * Jani Quit: Verlassend 1104252088 N * Bertl_oO Bertl 1104252105 M * Bertl evening folks! 1104252734 M * Bertl ndim: you around? 1104252781 M * Bertl hey rs! (late but better than not at all ;) 1104253381 M * Snow-Man grrr. 1104253388 A * Snow-Man goes insane trying to follow the various scripts. 1104253391 M * Bertl hey Snow-Man! 1104253396 M * Snow-Man Bertl: Heya. 1104253406 M * ndim Bertl: Re 1104253444 M * Snow-Man Does anything set/change $PATH during a vserver foo start? 1104253445 M * Bertl ah, could you upload your kernel config please? 1104253473 M * Bertl Snow-Man: yes, IIRC the script changes that several times ... 1104253478 M * Snow-Man hrmmm, $_ENV -i -- ? 1104253492 M * Snow-Man Bertl: This stuff is nuts. 1104253706 M * ndim Bertl: http://vserver.lauft.net/2.6.10-vs1.9.3.14/config-2.6.10-vs1.9.4.14-ndim-deb 1104253714 M * ndim Argh. Visitors. 1104253738 M * Snow-Man That's really weird... 1104253759 M * Snow-Man env -i /bin/echo appears to cat '/bin/echo' to stdout. 1104253846 M * Snow-Man Oh, heh, nevermind, I've got an alias... :) 1104254104 M * Bertl ndim: hmm, you should enable some kind of serial console or use a smaller font ... 1104254174 M * Bertl but the second oops looks like some severe memory corruption ... 1104254206 M * Bertl did you use the crypto stuff when this happened? 1104254390 M * Bertl Snow-Man: take my reply to Hans Ulrich as a reply to your reply too ;) 1104254403 M * Snow-Man heh. 1104254417 M * Snow-Man I'm trying to make sense out of what ensc's saying. 1104254479 M * Bertl (read my email regarding this, it might clarify the security issues) 1104254494 M * Snow-Man Oh? Alright, I'll take a look in a minute... 1104254504 M * Snow-Man Though, honestly, I still don't see any actual security issues. :P 1104254609 M * Snow-Man erm, what does 'c'? 1104254643 M * Snow-Man Where you're 'half way' inside the vserver (which sounds like a bad place to be to begin with, imv...) 1104254688 M * Bertl just think about anything you do within a vserver ... for example 'vserver enter' 1104254691 M * Snow-Man I like being able to 'see' the vserver stuff, using, fe, vps on the host system, but I don't see that as being in anything other than on the host system. 1104254736 M * Bertl let's assume chcontext throws you into the context, what about the other tools? where are they 'inside' this vserver? 1104254737 M * Snow-Man I don't see that as half-way really, or at least, I didn't think of it as half-way, I thought of it as being 'in' the vserver at that point. 1104254772 M * Bertl or take the 'install a package into a vserver' part 1104254777 M * Snow-Man If I do 'vserver foo enter' and then execute some command, I expect to be using the local command. 1104254790 M * Snow-Man local meaning 'inside' the vserver 1104254799 M * Bertl yep, but it's a long way until you _are_ inside the vserver ... 1104254815 M * Snow-Man And I don't expect that executing a command like that to be able to harm the host system 1104254824 M * Bertl ever tried vserver --debug enter? 1104254874 M * Snow-Man Nope, but it sure spits out alot of crap. 1104254888 M * Bertl well, get rid of that crap, make our day ;) 1104254899 M * Snow-Man heh. 1104254913 M * Snow-Man That's not really the point though, either you're in the vserver or you're not.. 1104254927 M * Bertl nope 1104254943 M * Snow-Man If you do a 'vserver foo enter' you're going to be executing binaries inside the vserver, aren't you? 1104254946 M * Bertl you can for example be part of the vserver context, but not the networking for example 1104254961 M * Bertl or you can enter a vservers namespace but not the context 1104255006 M * Snow-Man Look. If I do 'vserver foo enter' and then execute some command, as root, can it affect the host system? 1104255006 M * Bertl once 'vserver foo enter' is complete, you are completely inside the vserver and nobody cares if '.' is in your path or not 1104255043 M * Snow-Man You mean after the chbind exec 1104255058 M * Snow-Man heh, and company, I guess. 1104255065 M * Bertl but unless the last command of that script is executed, you might do harm to the host by executing malign binaries 1104255095 M * Bertl so it's indeed mandatory to get the 'right' binaries from the host system, and only those ... 1104255100 M * Snow-Man You don't actually chroot till the end though. 1104255118 M * Snow-Man Until the end you're not 'in' the vserver, you're on the host. 1104255131 M * Bertl well, you are partially inside ... 1104255149 M * Bertl the percentage depends on the progress of the script and your judgement ... 1104255179 M * Snow-Man Not really. 1104255186 M * Snow-Man ++ cd /etc/vservers/fvr/vdir/ 1104255186 M * Snow-Man ++ /usr/sbin/vserver-info - FEATURE migrate 1104255186 M * Snow-Man ++ test -z '' 1104255186 M * Snow-Man ++ exec /usr/sbin/chbind --silent --ip 70.84.9.190/29 /usr/sbin/vnamespace --enter 49157 -- /usr/sbin/vcontext --silent --migrate --chroot --xid 49157 --uid root -- /bin/bash -login 1104255192 M * Snow-Man Those are the last couple of things. 1104255197 M * Snow-Man That 'cd' is on the host system. 1104255255 M * Bertl yep, also the /usr/sbin/chbind, /usr/sbin/vnamespace, /usr/sbin/vcontext have to be those from the host 1104255284 M * Bertl if you put chbind there for example ... and '.' is in the path 1104255287 M * Snow-Man If '.' is in your path then, yes, if you cd to the root dir of the vserver there could be binaries there which could be run when you're on the host. 1104255303 M * Bertl and the vserver adds a /chbind which does evil stuff, then you're screwed 1104255312 M * Snow-Man But then, hey, that's true for all of the binaries under the chroot dir if you put the directory to them in your PATH anyway. 1104255346 M * Snow-Man You could have '/usr/local/bin' with your own 'awk' there and it'd work fine though. 1104255370 M * Snow-Man Or you could have a vserver-info in the host system's /usr/local/sbin and that vserver-info call would work just fine too. 1104255383 M * Snow-Man Without the path to it. 1104255397 M * Snow-Man Of course, you could just *not* do that cd, couldn't you? 1104255401 M * Bertl yep, no problem with vserver-info, but it is an issue with the commands entering a vserver, right? 1104255404 M * Snow-Man That just seems like a bad idea to me anyway. 1104255414 M * Bertl the cd is essential 1104255453 M * Bertl the chroot would not work without it ... 1104255456 M * Snow-Man I havn't messed with vservers all that much, but I know chroot takes an option. 1104255482 M * Snow-Man chroot NEWROOT [COMMAND...] 1104255524 M * Bertl man, you should really look into that stuff, we are not talking about a 'simple' chroot, there is namespaces and --rbinds and such things ... 1104255559 M * Snow-Man But the chroot is what matters... 1104255568 M * Bertl there are scripts executed outside and inside the vserver context 1104255579 M * Snow-Man *That's* when you'll start running stuff inside the vserver root dir. 1104255580 M * Bertl (to do various things) 1104255595 M * Snow-Man Which is what we're talking about here. 1104255652 M * Bertl well, let me just simplify that to this: _prove_ that you can do it without absolute pathes in a secure manner and I guess enrico will buy it ... 1104255655 M * Snow-Man There's no concern about running the binaries that are in the chroot'd dir until you either a) cd into that directory and '.' is in your PATH (unlikely anyway), or b) chroot into it. 1104255674 M * Snow-Man Bertl: What worries me is that people are concerned about this. 1104255683 M * Bertl about what? 1104255701 M * Snow-Man Bertl: In general if people are worried about something there's a reason for it, and that makes me concerned. 1104255715 M * Snow-Man Bertl: About the wrong binaries being called and whatnot. 1104255747 M * Bertl yeah, well, it obviously doesn't convince you if we say, it is a concern if you use arbitrary binaries ... so what should we do? 1104255763 M * Snow-Man Seriously, if it's possible for it to happen just because you forget somewhere to use your variable instead of the actual command name I'm *really* worried. 1104255783 M * Snow-Man test -e "$cfgdir"/fstab -o \ 1104255783 M * Snow-Man -e "$cfgdir"/fstab.local || return 0 1104255784 M * Bertl btw, a good solution would be to avoid the script thing completely and write it in C (as one solid mega binary) 1104255801 M * Snow-Man You use test quite a bit w/o a path to it, wouldn't that cause a problem? 1104255831 M * Snow-Man You even do it after you've cd'd into the appropriate directory. 1104255866 M * sannes :) I know I've asked this before, but does the vroot stuff work with 2.6 vs? 1104255933 M * Bertl Snow-Man: SHELL BUILTIN COMMANDS 1104255949 M * Bertl sannes: not yet ... but it's on my todo list ... 1104255970 M * Snow-Man ehhh. 1104256051 M * Bertl Snow-Man: try strace bash -c '[ -f /tmp/x ]' 1104256071 M * Bertl look where it 'execs' [ or test 1104256074 A * sannes ponders .. upgrade to 2.6 kernel and be without quotas for a while or stick to 2.4 and dream of 2.6 vs .. heh 1104256088 M * Bertl sannes: you ahve separate partitions? 1104256103 M * Bertl (for each vserver) 1104256117 M * Snow-Man That's actually about what I was doing. 1104256140 M * sannes Bertl : yes 1104256147 M * Bertl Snow-Man: strace bash -c '[ -f /tmp/x ]' 2>&1| grep exec 1104256150 M * sannes :) 1104256162 M * Snow-Man Wait a minute. 1104256177 M * Snow-Man haldir:/home/sfrost> bash -c 'test -f /tmp/x ]' 1104256177 M * Snow-Man bash: line 0: test: /tmp/x: binary operator expected 1104256177 M * Snow-Man haldir:/home/sfrost> l test 1104256177 M * Snow-Man -rwxr-xr-x 1 sfrost sfrost 0 Dec 28 12:47 test 1104256182 M * Snow-Man hrmmm. 1104256193 M * Snow-Man eh. 1104256207 M * Snow-Man Drop the ] and that seems to fix it. 1104256236 M * Bertl sannes: okay, I have a deal for you: I port the vroot to 2.6 (in the next 48 hours) if you test it? 1104256241 M * Snow-Man hoo-ra for bash-specific crapola. :P 1104256260 M * sannes Bertl : deal! :) 1104256270 M * Bertl excellent! ;) 1104256300 M * Snow-Man I still *really* don't like the idea that if you think something is a bash-internal which isn't that I could get screwed by it. :P 1104256334 M * rs re 1104256343 M * rs hey bertl! 1104256347 M * Bertl Snow-Man: yeah, well, absolute security requires you to pull the plug ;) 1104256360 M * Snow-Man tac "$fstab" | { 1104256360 M * Bertl evening rs! how is/was your vaccation? 1104256365 M * Snow-Man tac isn't a shell internal. :P 1104256381 M * rs was pretty nice thx :) 1104256388 M * Snow-Man Not even in bash. 1104256429 M * Bertl well, might be something to fix .. not sure it is at a critical path though ... 1104256449 M * Snow-Man I'm not sure it is either, but it doesn't exactly leave me feeling very happy. :P 1104256467 M * Bertl yeah, I guess all of us would appreciate security audits ... 1104256517 M * Snow-Man I don't like that this seems to need a security audit. :P 1104256568 M * Snow-Man I also tend to think this is something that should be done in C instead of in shell scripts. 1104256693 M * Bertl yeah, as I said, a all-in-one C solution might be something to do in the future ... 1104256707 M * Bertl (IIRC enrico was already considering that some time ago) 1104256913 M * Snow-Man The other obvious thought weould be to just set the path at the start. 1104256977 M * Bertl yes, probably a sane precaution anyway ... but you never know when commands inside the vserver are executed (e.g. startup scripts) 1104257015 M * Snow-Man Actually, I wonder what of these things are being compiled in, since he said that was happening somewhere too.. 1104257033 M * Snow-Man What do you mean by that? 1104257049 M * Snow-Man You should know *exactly* when commands are executed inside the vserver. 1104257075 M * Snow-Man I think that's my biggest complaint, this idea that you "don't know" when you're in the vserver or not is very concerning. :P 1104257155 M * sannes well, what can you do about it.. you could start up a screen with a frame around it ... 1104257180 M * sannes and aslong as the frame is there you'd know.. 1104257214 M * sannes think can do that with a screen probably.. 1104257236 M * sannes heh 1104257254 M * sannes not that I've followed the discussion.. 1104257360 J * rusty ~rusty@rev.193.226.233.94.euroweb.hu 1104257368 N * rusty Rusty` 1104257377 M * Rusty` hi guys (and girls :) 1104257487 M * Bertl hey Rusty`! 1104257538 M * Rusty` Bertl: what's up? :) what is your oppinion about linux kernel 2.6.10 (final)? 1104257559 M * Bertl looks good so far ... 1104257604 M * Rusty` there is vserver patch for this final kernel release (not rc3)? 1104257627 M * Bertl yep, sure ... 1104257655 Q * sebd Ping timeout: 480 seconds 1104257659 M * Bertl http://vserver.13thfloor.at/Experimental/patch-2.6.10-vs1.9.3.14.diff 1104257679 M * Bertl okay folks, I have to leave now .. bblater (about 3 hours) 1104257696 M * Rusty` thanks 1104257712 N * Bertl Bertl_oO 1104258065 Q * albeiro Ping timeout: 480 seconds 1104258223 J * albeiro ~albeiro@linux.gentoo.pl 1104259100 Q * serving Ping timeout: 480 seconds 1104259386 M * ndim Re 1104259431 M * ndim Bertl_oO: No, the dm-crypt device wasn't "cryptsetup create"d at the time. 1104260182 M * no_maam_ ? 1104261640 Q * rs Quit: home 1104263082 J * t__ ~tnichols@CPE-139-168-209-206.sa.bigpond.net.au 1104263096 Q * Rusty` Remote host closed the connection 1104263476 Q * t_ Ping timeout: 480 seconds 1104263794 M * Snow-Man How do you 'rehide' things in /proc? :) 1104263962 M * Doener setattr --hide /proc/something 1104263999 M * Snow-Man hmmm. 1104264024 M * Snow-Man Maybe I can just change and rerun vunhideproc. 1104264121 M * Snow-Man I hate .defaults. 1104264155 M * Snow-Man Shouldn't you be able to hide things depending on the specific vserver? 1104264256 M * Doener not yet 1104264309 M * Snow-Man hmmm. 1104264322 M * Snow-Man Alright, what do I really *need* from /proc inside a vserver? :) 1104264537 M * Doener the easy way: just take the default settings for vprocunhide, look up the discussion about those for details... the hard way: hide everything, strace everything you may need and decide which of the proc entries your processes want you want to give to them 1104264556 M * Snow-Man The default settings for vprocunhide *suck*. 1104264631 M * Doener anything in particular? 1104264678 M * Snow-Man kcore? :P 1104264827 M * Snow-Man There, removed a bunch of stuff. 1104264857 M * Snow-Man And ps, uptime and w still work. :) 1104264979 J * rusty ~rusty@rev.193.226.233.94.euroweb.hu 1104264981 M * rusty re 1104264983 N * rusty Rusty` 1104265002 M * Snow-Man ssh still works too. :) 1104265003 M * Snow-Man Rusty`: heya. 1104265148 M * Doener http://www.mail-archive.com/vserver@list.linux-vserver.org/msg01760.html 1104265300 M * Snow-Man cpuinfo certainly isn't required, not sure it's even useful. 1104265304 M * Snow-Man Same with crypto 1104265316 M * Snow-Man And slabinfo. 1104265395 M * Snow-Man I agree that most stuff should be protected by capabilities. 1104265415 M * Snow-Man Things that are shouldn't be seen tho. 1104265824 J * serving ~serving@213.186.189.161 1104265915 M * Snow-Man What's the 'flower' page again? 1104266110 M * Snow-Man What's the command to build a debian vserver again? :) 1104266194 M * Snow-Man Using debootstrap? 1104267464 M * no_maam_ on a debian there is a newvserver skript 1104267761 J * mikeb_ ~baptiste@64-40-83-12.dsl.mebtel.net 1104268039 J * AnGeL4U` Angel@Cable-83-202.topallnet.ro 1104268043 M * AnGeL4U` hi 1104268046 M * AnGeL4U` anyone online? 1104268165 Q * mikeb Ping timeout: 480 seconds 1104268171 M * Snow-Man debian-newvserver kinda sucks. 1104268255 Q * mikeb_ Ping timeout: 480 seconds 1104268390 M * AnGeL4U` anyone can help me? 1104268423 J * bill ~bill@lns-vlq-49-mar-82-251-33-234.adsl.proxad.net 1104268499 M * bill hi, is there a link to explain how to run postgresql under vserver? 1104268511 M * Snow-Man What's to explain? 1104268566 M * AnGeL4U` how i will patch my kernel? 1104268571 M * bill lot of problem under my debian vserver 1104268583 M * Snow-Man bill: You want to elaborate a bit? 1104268614 M * bill i run under 2.6.9 with patch-2.6.8.1-vs1.9.2.diff.bz2 1104268676 M * Snow-Man bill: What's the *error*? 1104268702 M * bill exemple when i startpostgresi have Starting PostgreSQL database server: postmaster(FAILED) 1104268702 M * bill ERROR: PostgreSQL postmaster did not start because of an unknown reason. 1104268748 M * bill after editing /etc/postgresql/postgresql.conf and put tcpip_socket = false it start 1104268769 M * bill but i can't connect from other computer. 1104268786 M * Snow-Man Do you have a postgres running on the 'host' system? 1104268795 M * bill yes 1104268898 M * Snow-Man Do you have a seperate IP address for the vserver? 1104268919 M * bill yes 1104268934 M * Snow-Man You need to configure the postgres on the host system to only listen on the host IP address. 1104268951 M * bill like ssh? 1104268955 M * Snow-Man yes. 1104268970 J * mikeb_ ~baptiste@64-40-83-12.dsl.mebtel.net 1104268982 M * bill do you know the option and the config file to change? 1104268990 M * Snow-Man Checking. :) 1104269105 M * Snow-Man psotgresql.conf: virtual_host a.b.c.d 1104269115 M * Snow-Man err, postgresql.conf, rather. 1104269123 M * Snow-Man Same file as tcpip_socket 1104269146 M * Snow-Man In 8.0 it's listen_addresses 1104269194 M * bill ok thx i will try to manage on my own. 1104269346 M * Rusty` AnGeL4U`: ? 1104269356 M * AnGeL4U` yes 1104269365 M * AnGeL4U` i try to recompile and patch my kernel 1104269366 M * AnGeL4U` :) 1104269377 M * AnGeL4U` CC arch/i386/kernel/cpu/cpufreq/longhaul.o 1104269377 M * AnGeL4U` CC arch/i386/kernel/cpu/cpufreq/longrun.o 1104269377 M * AnGeL4U` CC arch/i386/kernel/cpu/cpufreq/speedstep-ich.o 1104269377 M * AnGeL4U` CC arch/i386/kernel/cpu/cpufreq/speedstep-centrino.o 1104269385 M * AnGeL4U` is Fedora COre 3 1104269393 M * AnGeL4U` kernel 2.6.9 1104269401 M * AnGeL4U` and now i update to 2.6.10 1104269407 M * AnGeL4U` is good for vservers ? 1104269490 Q * mikeb_ Ping timeout: 480 seconds 1104269622 M * Rusty` AnGeL4U`: what vserver patch do you use? 1104269634 M * AnGeL4U` so i wish use 1.29 version 1104269636 M * AnGeL4U` but ... 1104269650 M * AnGeL4U` i`m new in this 1104269668 M * AnGeL4U` and i wish someone to astist me steb by steb 1104269671 M * AnGeL4U` regards 1104269674 M * AnGeL4U` step* 1104269686 M * Rusty` vserver 1.29 doesn't works with linux kernel 2.6.10 :) 1104269709 M * AnGeL4U` but? 1104269716 M * AnGeL4U` so if i have kernel 2.6.9 1104269726 M * AnGeL4U` i can change this to 2.4.28 ? 1104269732 M * AnGeL4U` if yes i wish to know how 1104269771 M * Rusty` AnGeL4U`: http://www.13thfloor.at/vserver/d_rel26/v1.9.3/ 1104269786 M * AnGeL4U` and ? 1104269815 M * AnGeL4U` so if i have the kernel install standard 1104269822 M * AnGeL4U` need me sources in /usr/src ? 1104269829 M * Rusty` the vserver kernel patch 1.9.3 is your friend :) 1104269836 M * Rusty` yes, you need the /usr/src/linux symlink 1104269866 M * AnGeL4U` aha 1104269869 M * AnGeL4U` how i will make that 1104269873 M * AnGeL4U` :P 1104269875 M * AnGeL4U` and i can use grsecurity ? 1104269911 M * Rusty` ln -s linux-2.6.9 linux 1104269920 M * Rusty` (in /usr/src) 1104269942 M * AnGeL4U` ah 1104269944 M * AnGeL4U` sir 1104269953 M * Rusty` you can download the linux kernel 2.6.9 to /usr/src/ 1104269963 M * AnGeL4U` i have 2.6.10 1104269965 M * AnGeL4U` is good? 1104269991 M * AnGeL4U` linux-2.6.10.tar.gz 1104270010 M * Rusty` it should work... i think... 1104270018 M * AnGeL4U` aha 1104270024 J * mikeb_ ~baptiste@64-40-83-12.dsl.mebtel.net 1104270029 M * AnGeL4U` so ... 1104270039 M * AnGeL4U` i will copy sources in /usr/src 1104270042 M * AnGeL4U` right? 1104270060 M * Rusty` you will download the linux-2.6.10.tar.gz in /usr/src 1104270061 M * Rusty` then 1104270069 M * Rusty` tar xfz linux-2.6.10.tar.gz 1104270074 M * Rusty` then 1104270074 M * AnGeL4U` yes i know that 1104270078 M * Rusty` ln -s linux-2.6.10 linux 1104270081 M * AnGeL4U` how i will patch him ? 1104270129 M * Rusty` so 1104270141 M * Rusty` you can download the vserver .diff patch in the /usr/src/linux 1104270147 M * AnGeL4U` yes 1104270149 M * AnGeL4U` . 1104270163 M * AnGeL4U` patch -p1 > *.diff 1104270166 M * AnGeL4U` right ? 1104270170 M * mikeb_ < 1104270175 M * AnGeL4U` aha 1104270175 N * mikeb_ mikeb 1104270179 M * AnGeL4U` 1 second 1104270248 M * AnGeL4U` [root@localhost src]# pwd 1104270248 M * AnGeL4U` /usr/src 1104270248 M * AnGeL4U` [root@localhost src]# ls 1104270248 M * AnGeL4U` linux-2.6.10 patch-2.6.9-vs1.9.3.diff redhat 1104270249 M * AnGeL4U` [root@localhost src]# 1104270269 M * Rusty` AnGeL4U`: then: 1104270279 M * Rusty` cat patch-blabla.diff | patch -p1 1104270279 M * AnGeL4U` diff -NurpP --minimal linux-2.6.9/Makefile linux-2.6.9-vs1.9.3/Makefile 1104270279 M * AnGeL4U` |--- linux-2.6.9/Makefile 2004-10-23 05:05:56.000000000 +0200 1104270279 M * AnGeL4U` |+++ linux-2.6.9-vs1.9.3/Makefile 2004-10-31 20:01:20.000000000 +0100 1104270279 M * AnGeL4U` -------------------------- 1104270281 M * AnGeL4U` File to patch: 1104270302 M * AnGeL4U` . 1104270303 M * AnGeL4U` [root@localhost src]# cat patch-2.6.9-vs1.9.3.diff | patch -p1 1104270303 M * AnGeL4U` The next patch would create the file Documentation/vserver/debug.txt, 1104270303 M * AnGeL4U` which already exists! Assume -R? [n] 1104270305 M * mikeb cd into /usr/src/linux-2.6.10 if you're using -p1 1104270323 M * Rusty` yes 1104270348 M * AnGeL4U` patching file include/asm-arm26/tlb.h 1104270348 M * AnGeL4U` patching file include/asm-generic/tlb.h 1104270348 M * AnGeL4U` patching file include/asm-i386/elf.h 1104270348 M * AnGeL4U` patching file include/asm-i386/page.h 1104270349 M * AnGeL4U` patching file incl 1104270350 M * AnGeL4U` work 1104270351 M * AnGeL4U` :) 1104270353 M * Rusty` :) 1104270355 M * mikeb And why are you using the patch against 2.6.9 with the 2.6.10 kernel? 1104270355 M * AnGeL4U` :P 1104270367 M * AnGeL4U` patching file security/commoncap.c 1104270367 M * AnGeL4U` Hunk #1 succeeded at 142 (offset 22 lines). 1104270367 M * AnGeL4U` [root@localhost linux-2.6.10]# 1104270387 J * rs ~rs@imhotep.rhapsodyk.net 1104270387 M * AnGeL4U` now 1104270393 M * rs re 1104270407 M * Rusty` AnGeL4U`: there is a patch for kernel 2.6.10 too 1104270413 M * AnGeL4U` aha 1104270435 M * AnGeL4U` Rusty` 1104270443 M * AnGeL4U` teach me daddy 1104270443 M * Rusty` yes? 1104270445 M * AnGeL4U` :) 1104270448 M * Rusty` :) 1104270453 M * AnGeL4U` step by step 1104270460 M * AnGeL4U` now 1104270464 M * Rusty` come to prv 1104270470 M * AnGeL4U` thanks sir 1104270471 M * mikeb AnGeL4U`: What type of platform is this on? 1104270477 M * AnGeL4U` Fedora core 3 1104270483 M * mikeb Processor i386? AMD64? 1104270560 M * AnGeL4U` AMD64 1104270568 M * mikeb AnGeL4U`: Heh 1104270586 M * mikeb You'll have fun with dietlibc and building the util-vserver pkg 1104270594 M * mikeb there is no deitlibc RPM for x86_64 1104270628 M * mikeb its i386 only. I'll set you a linkin a bit to the src RPM I built yesterday from dietlibc CVS and a few other patches from Fedora and Debian to get AMD64 util-vserver tool shappy 1104270715 J * DuckKing ~Duck@dyn-83-157-135-151.ppp.tiscali.fr 1104271145 Q * DuckMaster Ping timeout: 480 seconds 1104271149 M * mikeb AnGeL4U`: You can grab the source RPM for dietlibc at http://msbnetworks.net/software/vserver/ This includes the latest dietlibc from CVS, a Fedora config patch from the Fedora RPM, and another compile related patch from Debian 1104271196 M * mikeb The util-vserver src RPm is just the stock package in src.rpm format (you can build the rpms by downloading the util-vserver tarball and building it with rpmbuild -ta util-server-0.30.196.tar.bz2 1104271219 M * mikeb Anyway - these are working great on my Dual Opteron system so far bymmv 1104271243 M * mikeb I'm working on a step by step how to from my 8 pages of notes I wrote yesterday 1104271275 M * AnGeL4U` waw 1104271467 M * AnGeL4U` thanks mikeb 1104271476 M * mikeb AnGeL4U`: np 1104271485 M * AnGeL4U` so 1104271490 M * AnGeL4U` here i see more linuxman`s 1104271496 M * AnGeL4U` i have one question 1104271581 M * AnGeL4U` how can secure the kernel 1104271582 M * AnGeL4U` example 1104271593 M * AnGeL4U` if i give to anyone ... one shell or vserver 1104271601 M * AnGeL4U` this can make ROOT access ? 1104271610 M * AnGeL4U` example local exploits and more 1104271712 M * Rusty` mikeb: do u know, where is the vserver kernel patch to final 2.6.10 kernel? 1104271722 M * Rusty` to = for 1104271765 M * Rusty` i have only for rc3.. 1104271782 M * mikeb http://vserver.13thfloor.at/Experimental/ 1104271800 M * mikeb 1.9.6.14 I believe 1104271903 M * Rusty` mikeb: thanks 1104272014 Q * pusling Quit: reboot 1104272243 J * pusling ~pusling@195.215.29.124 1104272397 M * mikeb I'm going to put this into HTML at some point along with a more structured howto, but if you're interested in my exploits yesterday getting vserver on FC2 and x86_64 running, check out the VServerCommNotes.pdf file at http://msbnetworks.net/software/vserver/ 1104272426 Q * pusling Quit: 1104272434 J * pusling ~pusling@195.215.29.124 1104273010 Q * rs Ping timeout: 480 seconds 1104274012 Q * pusling Quit: leaving 1104274114 N * Bertl_oO Bertl 1104274161 M * Bertl hey AnGeL4U` what was your question again? 1104274184 M * AnGeL4U` Rusty` help me sir 1104274189 M * AnGeL4U` thank you 1104274200 M * Bertl ah, okay, so you are happy now? 1104274282 J * pusling ~pusling@195.215.29.124 1104274312 M * Bertl bill: hmm, what was that about postgresql? is it solved? 1104274369 J * rs ~rs@imhotep.rhapsodyk.net 1104274382 M * Bertl wb rs! 1104274386 M * rs re 1104274390 M * rs thx Bertl :) 1104274407 M * ndim Argh. I need an extra test machine. Anybody want to sponsor me a quad opteron with 8GB or RAM? :) 1104275202 Q * SiD3WiNDR Ping timeout: 480 seconds 1104275360 M * Bertl ndim: for linux-vserver testing I guess, right? 1104275415 J * SiD3WiNDR luser@bastard-operator.from-hell.be 1104275864 Q * Rusty` Quit: using sirc version 2.211+KSIRC/1.3.10 1104277330 Q * sannes Read error: Connection reset by peer 1104277885 M * Loki|muh hey 1104277904 M * Loki|muh someone tried acls inside a vserver yet?