1105661283 Q * logger Ping timeout: 480 seconds 1105661288 J * logger ~rs@vds.pas-mal.com 1105662743 Q * prae Remote host closed the connection 1105665325 J * pusling ~pusling@195.215.29.124 1105666066 Q * boklm Remote host closed the connection 1105666558 J * boklm boklm@woper.mars-attacks.org 1105667651 Q * chrish01 Quit: happy hour 1105670686 J * dxlvi\ ~x@catv-50633dc3.catv.broadband.hu 1105670733 Q * dxlvi\ Quit: _ 1105678242 Q * nox Ping timeout: 480 seconds 1105678253 J * nox ~nox@c135009.adsl.hansenet.de 1105678650 Q * ensc Ping timeout: 480 seconds 1105681920 Q * Tbery Quit: Ukončuji 1105682298 N * Bertl_8| Bertl 1105682325 M * Bertl greetings everyone! 1105686653 J * ian ~chatzilla@icb-wap-00.nks.net 1105686717 M * ian I'm looking for some good documentation beyond the whitepaper on actual implementation of vserver images. Any pointers? 1105686741 M * Bertl hmm, what do you mean by 'vserver images'? 1105686807 M * ian well, example vroot tarballs, any supporting management scripts for provisioning/deprovisioning images, and/or any guides as to how someone else has done it. 1105686840 M * Bertl the changes to a normal installation are minimal ... 1105686853 M * Bertl basically just disabling hardware related runlevel scripts 1105686856 M * ian the whitepaper paints a pretty picture. I have a vserver patched host kernel and the vserver-utils package installed, looking for a place to start. 1105686885 M * Bertl if you got the alpha util-vserver, then you just have to 'build' a new vserver 1105686913 M * Bertl (examples are here: http://linux-vserver.org/alpha+util-vserver) 1105686914 M * ian running the stable 1.30 util-vserver with a 2.4.28 patched with vserver 1.29 1105686932 M * ian ok. that helps. 1105686953 M * Bertl in this case, the easiest way is to make a minimal install and disable the hardware related scripts 1105686975 M * Bertl (there is also a linuxconf tool to do that for you, but it's kind of outdated) 1105687200 M * ian the config dir tree makes me happy. 1105687385 M * ian that gives me quite a bit to go on, thanks. 1105687723 Q * flock Ping timeout: 480 seconds 1105687795 M * Bertl ian: you're welcome! 1105687799 Q * ian Remote host closed the connection 1105688213 J * ensc ~ircensc@ultra.csn.tu-chemnitz.de 1105688250 M * Bertl welcome ensc! 1105688927 Q * serving uranium.oftc.net oxygen.oftc.net 1105688927 Q * monrad uranium.oftc.net oxygen.oftc.net 1105688927 Q * TheSeer uranium.oftc.net oxygen.oftc.net 1105688927 Q * anonc uranium.oftc.net oxygen.oftc.net 1105688927 Q * lilo uranium.oftc.net oxygen.oftc.net 1105688927 Q * virtuoso uranium.oftc.net oxygen.oftc.net 1105688927 Q * sladen uranium.oftc.net oxygen.oftc.net 1105688927 Q * no_maam uranium.oftc.net oxygen.oftc.net 1105688927 Q * Seraph uranium.oftc.net oxygen.oftc.net 1105688927 Q * v00dY uranium.oftc.net oxygen.oftc.net 1105688927 Q * meebey uranium.oftc.net oxygen.oftc.net 1105688927 Q * weasel uranium.oftc.net oxygen.oftc.net 1105688927 Q * _are_ uranium.oftc.net oxygen.oftc.net 1105688927 Q * Wicked187 uranium.oftc.net oxygen.oftc.net 1105688927 Q * we2by uranium.oftc.net oxygen.oftc.net 1105688927 Q * locksy uranium.oftc.net oxygen.oftc.net 1105688927 Q * mugwump uranium.oftc.net oxygen.oftc.net 1105688927 Q * click uranium.oftc.net oxygen.oftc.net 1105688927 Q * Plug uranium.oftc.net oxygen.oftc.net 1105688927 Q * dominance uranium.oftc.net oxygen.oftc.net 1105688927 Q * albeiro uranium.oftc.net oxygen.oftc.net 1105688927 Q * Hollow uranium.oftc.net oxygen.oftc.net 1105688927 Q * hesus uranium.oftc.net oxygen.oftc.net 1105689125 J * _are_ ~are@dsl-084-056-158-001.arcor-ip.net 1105689125 J * Wicked187 ~ddortch@68-248-179-131.ded.ameritech.net 1105689125 J * we2by ~we2by@dc5146d009.adsl.wanadoo.nl 1105689125 J * locksy ~locksy@mrtg.sisgroup.com.au 1105689125 J * mugwump ~samv@210-54-92-184.ipnets.xtra.co.nz 1105689125 J * click click@80.65.50.35 1105689125 J * Plug ~plug@217.112.88.40 1105689125 J * dominance dominance@nyx.verfaction.de 1105689125 J * albeiro ~albeiro@linux.gentoo.pl 1105689125 J * Hollow ~Hollow@home.xnull.de 1105689125 J * hesus darksoul@pingu.ii.uj.edu.pl 1105689223 J * serving ~serving@213.186.182.244 1105689223 J * monrad ~monrad@213083190130.sonofon.dk 1105689223 J * TheSeer ~theseer@212.12.45.62 1105689223 J * anonc ~nwalsh@shaggy.internode.com.au 1105689223 J * lilo ~lilo@lilo.usercloak.oftc.net 1105689223 J * virtuoso ~s0t0na@tranq.dorms.spbu.ru 1105689223 J * sladen paul@80.1.73.116 1105689223 J * no_maam ~erik@194.95.226.17 1105689223 J * Seraph kk@212.9.177.15 1105689223 J * v00dY v00dy@62.241.52.143 1105689223 J * meebey meebey@meebey.net 1105689481 T * services.oftc.net http://linux-vserver.org/ | latest stable 1.29, devel 1.3.9, 1.9.3, ng8.7 1105689989 Q * monrad Quit: Leaving 1105690088 J * chrish01 ~chrish01@69.90.131.10 1105691767 Q * Hollow Quit: Leaving 1105691811 J * Hollow ~bene@home.xnull.de 1105692143 Q * _are_ Quit: ircII+tkirc2 1105692337 N * chrish01 chris|sleep 1105692370 J * pulsar ~pulsar@82.209.246.234 1105692596 M * pulsar HI ! I can't find in configuration.html what exactly I need to configure to limit VPS ram to 300Mb and CPU limit to 30% ... 1105692790 M * Bertl hmm ... 1105692816 M * Bertl VM or RSS, and what are 30%? 1105692834 M * pulsar RSS 1105692880 M * pulsar 30% max average usage on 5min timeframe for example 1105692893 M * Bertl okay, one cpu or more cpus? 1105692918 M * pulsar 4 CPU's 1105692970 M * Bertl # /etc/vservers/vserver-name/rlimits 1105692971 M * Bertl A directory with resource limits. Possible resources are cpu, fsize, data, stack, core, rss, nproc, nofile, memlock, as and locks. This configuration will be honored for kernel 2.6 only. 1105692983 M * Bertl (for the rss part) 1105692993 M * Loki|muh VSZ is the amount of RAM + SWAP which is used by the vserver, isn't it? 1105693012 M * Loki|muh but i cant get what RSS could be... 1105693024 M * Bertl not exactly, it's the address space which is used by a process 1105693031 M * Bertl and rss is the resident set size 1105693050 M * Bertl (i.e. the actual pages in memory 1105693052 M * pulsar Bertl, I can't find syntax for /etc/vservers/vserver-name/rlimits.. 1105693149 M * Bertl doc/configuration.xml 1105693171 M * Loki|muh so for what can the VSZ column be used in vserver-stat? is there any information you get from this? 1105693185 M * Bertl pulsar: and you need to configure the scheduler for the 30% 1105693227 M * Bertl Loki|muh: not really, but if you look at the values in /proc/virtual//limit you see the used (and maximum requested) sizes for vm and rss 1105693278 M * Loki|muh ah :) 1105693429 M * Bertl pulsar: you know how the scheduler works? 1105693496 J * BWare ~bware@212.26.196.41 1105693544 M * Bertl welcome BWare! 1105693726 M * pulsar Bertl> I think yes. Now I'm trying to find what exactly I need to put in to rlimits 1105693798 M * Bertl something like: rss.hard with a number XXXX in it? 1105693845 M * pulsar only number ? 1105693847 M * Bertl (i.e. # /etc/vservers/vserver-name/rlimits/rss.hard ) 1105693885 M * Bertl I guess so (and a newline probably) 1105693975 M * Loki|muh and how is the number computed? 1105693995 M * Bertl look at the values in /proc/virtual//limit 1105694009 M * Bertl add a sane overhead, that's it ... 1105694016 M * Loki|muh ah :) 1105694035 M * pulsar In older releses was something like ULIMIT="-HS -u .." ... or so 1105694035 M * Bertl (you usually don't want to limit the vserver to something which doesn't allow it to start ;) 1105694060 M * Bertl pulsar: yes and no, the ulimits are orthogonal ... 1105694072 M * Bertl you can use them in addition to the rlimits 1105694307 M * pulsar hm, googling deeply... 1105694317 M * pulsar Thank You! 1105694335 M * Bertl you're welcome! 1105694761 J * prae ~prae@sherpadown.net 1105694770 M * prae 'morning team :) 1105694810 M * Bertl morning prae! 1105695171 M * Doener morning 1105695191 M * Doener Bertl: sorry for not reporting back yesterday. seems i'm getting ill 1105695202 M * Bertl nothing to be sorry about ... 1105695220 M * Bertl and good morning to you! 1105695231 M * Loki|muh so, then back to bed ;) 1105695245 M * Loki|muh but not without a big cup of tea ;) 1105695256 M * Bertl hot tea with honey! 1105695289 A * Doener prefers hot milk with honey 1105695299 M * Bertl okay, you can use that too ;) 1105695453 M * pulsar Nice! rss limeted :-) , now looking for VSZ ... 1105695533 M * Loki|muh i guess a vserver must be restartet that the settings take effect? 1105695540 M * Bertl nope 1105695574 M * Bertl vlimit --help 1105695580 M * Loki|muh ah :) 1105696461 M * Loki|muh why does vlimit -a does not show cpu? 1105696515 M * Bertl because there is no cpu limit in the limits ... 1105696535 M * Bertl (at least it isn't implemented, because it doesn't make much sense) 1105696945 M * Loki|muh hmmm, can you say a few words about per context cpu limiting? 1105696978 M * Bertl sure, what do you want to know? 1105697039 M * Loki|muh how to limit a context that it can not use more that 90% of the cpu on a single cpu machine 1105697063 M * Bertl you have to configure the hard scheduler for that ... 1105697097 M * Bertl http://linux-vserver.org/Linux-VServer-Paper-06 1105697105 M * Bertl 06.3. Token Bucket Extensions 1105697117 M * Bertl explains the implementation 1105697149 M * Bertl http://list.linux-vserver.org/archive/vserver/msg08478.html 1105697224 M * Loki|muh thx :) 1105697255 M * Bertl my pleasure! if you need anything specific, or have questions to that, feel free to ask ... 1105697320 M * Loki|muh i will ;) 1105697330 M * Loki|muh but first i should recompile the kernels ;) 1105697927 J * Loki|muh_ loki@satanix.de 1105697927 Q * Loki|muh Read error: Connection reset by peer 1105698639 J * rs rs@ice.aspic.com 1105698644 M * rs hi dudes 1105698648 M * Bertl morning rs! 1105698664 M * Bertl I've some work for you ... if you like ;) 1105698950 M * prae hi rs 1105699089 M * rs Bertl: sure 1105699145 M * Loki|muh_ is there no patch-2.6.9-vs1.9.3.17.diff? 1105699150 N * Loki|muh_ Loki|muh 1105699170 M * Bertl Loki|muh: there will be ... (well something similar) 1105699277 M * Loki|muh as my experience with 2.6.9 is very good I don't know if I want to switch to 2.6.10... 1105699477 M * Bertl http://vserver.13thfloor.at/Experimental/RC-1.9.4/patch-2.6.9-vs1.9.4-rc1.diff 1105699636 M * Loki|muh rc-1.9.4? nice :) 1105699850 M * Bertl let me know if it works for you ;) 1105699974 M * rs Bertl: where is my work ? :) 1105700008 M * Bertl on it's way ... it's the pendant to the 2.6.9-vs1.9.4-rc1 1105700026 M * Bertl (just for 2.6.10 and later for 2.6.11-rc*) 1105700065 M * Bertl we have to verify that it is working as expected 1105700107 M * rs ok 1105700262 M * Bertl if you want to do some extra work, then let me know ... 1105700286 M * Bertl (we still need some performance/overhead values for 1.9.3/1.9.4 1105700298 M * Bertl and the different debug options) 1105700354 M * rs Bertl: I have many rejects with your patch 1105700376 M * rs is it from a vanilla 2.6.10 ? 1105700410 M * Bertl which one? 1105700429 M * rs oh it's for 2.6.9 ? 1105700455 M * Bertl as I said, version for 2.6.10 will appear shortly (now compiling here) 1105700461 M * rs oh ok 1105700468 M * rs I will test this one 1105700790 M * Bertl http://vserver.13thfloor.at/Experimental/RC-1.9.4/patch-2.6.10-vs1.9.4-rc1.diff 1105700913 M * Doener Bertl: btw, is there a patch for 2.6.11-rc1 yet? 1105700934 M * Bertl nope, not yet ... but I'm on it 1105700938 M * Doener k 1105700963 M * pulsar 2.6.11-rc1 contains same security holes as 2.6.10 1105700973 M * pulsar no difference 1105700984 M * Bertl Doener: btw, here is my current fix for the rcu stuff .. sec uploading 1105701024 M * Bertl http://vserver.13thfloor.at/Experimental/delta_norcu.diff 1105701046 M * Bertl (would appreciate a comment on that) 1105701428 M * Seraph moin 1105701437 M * Seraph Bertl: alright, your inet is better today? 1105701486 M * Bertl much better ... 1105701492 M * Seraph heh ;) 1105701506 M * Bertl let's continue where we left of yesterday ... 1105701510 M * Seraph yep 1105701525 M * Bertl you did add the suggested debug message I presume? 1105701557 M * Seraph yep 1105701566 M * Seraph and the output of the logs should be on my webspace IIRC 1105701584 M * Seraph if that's not the latest changes, then please let's go thru them again 1105701662 J * weasel ~weasel@seppia.noreply.org 1105701698 M * Bertl hey weasel! 1105701700 M * Seraph Bertl: u still got the URL? 1105701727 M * Bertl nope please paste it again ... 1105701744 M * Seraph http://vserver.lauft.normalerweise.net/wegen/vprocunhide/ 1105701756 M * Bertl tx 1105701765 M * Seraph np 1105701783 M * Bertl hmm, that is updated? 1105701808 M * Seraph lemme do a fresh one.. 1105701814 M * Bertl I would expect a 4th debug message (i.e. the one we added ) 1105701836 M * Loki|muh anyone knows why I can only choose x86-64 cpus when I do make menuconfig on a amd64 machine? 1105701840 M * Seraph as i said, i ain't sure.. for we broke off in mid-air.. 1105701886 M * Bertl Loki|muh: because you need to do cross compiling for other cpus ... 1105701916 M * Seraph Loki|muh: you can also supply an ARCH=.. but you need a cross-compile-enabled environment.. 1105701942 M * Loki|muh this means the 32-bit libs? 1105701992 M * Seraph it means the entire toolchain.. 1105702030 M * Loki|muh ah ok, will compile the other kernel on another machine 1105702047 M * Bertl http://vserver.13thfloor.at/Stuff/Cross/ 1105702052 M * Seraph Bertl: try now 1105702075 M * Bertl okay, the last addition is missing ... 1105702091 M * Seraph Bertl: ok, then tell me again what to put where ;) 1105702106 M * Bertl 23:25 < Bertl> Seraph: let's add a printk to vc_get_iattr 1105702106 M * Bertl (kernel/vserver/inode.c line 78) 1105702106 M * Bertl 23:26 < Seraph> ok, tell me 1105702106 M * Bertl 23:26 < Bertl> something like printk("vc_get_iattr(%d)\n", id); 1105702126 M * Seraph Loki|muh: if that's a Debian you can also as on freenode #debian-amd64 for what their recommendation is.. 1105702132 M * Bertl maybe you added it, but didn't compile/install the kernel ... 1105702149 M * Seraph Bertl: line 78 looks like: 1105702151 M * Seraph printk("vc_get_iattr(%d)\n", id); 1105702158 M * Seraph and that was just recompiled and rebooted 1105702176 M * Seraph recompiled, installed and rebooted that is 1105702185 M * Loki|muh Seraph: i guess its not worth the stress, but thanks 1105702205 M * Bertl Seraph: so why don't we see any of those messages then? 1105702207 M * Seraph Loki|muh: it's not much stres.. it should work with make-kpkg --arch=i386 .. 1105702216 M * Seraph Loki|muh: it's just a matter of what needs to be installed for that.. 1105702232 M * Seraph Bertl: you ask me? i have no idea.. the entire block is: 1105702236 M * Seraph int vc_get_iattr(uint32_t id, void __user *data) 1105702236 M * Seraph { 1105702236 M * Seraph struct nameidata nd; 1105702236 M * Seraph struct vcmd_ctx_iattr_v1 vc_data = { .xid = -1 }; 1105702236 M * Seraph int ret; 1105702238 M * Seraph printk("vc_get_iattr(%d)\n", id); 1105702241 M * Seraph if (!vx_check(0, VX_ADMIN)) 1105702244 M * Seraph return -ENOSYS; 1105702246 M * Seraph if (copy_from_user (&vc_data, data, sizeof(vc_data))) 1105702248 M * Seraph return -EFAULT; 1105702251 M * Seraph .. if that helps.. 1105702254 M * Seraph maybe i put it in the wrong position? 1105702269 M * Bertl no looks fine ... 1105702278 M * Loki|muh Seraph: hmmm, ok, i will try ;) 1105702279 M * Seraph <= totally kernel-hacking-newbie.. 1105702291 M * Bertl ah, yes, you put it in the wrong place ... 1105702302 M * Bertl or to be precise, I probably did ;) 1105702329 M * Bertl make a copy of that printk and move it down to vc_set_iattr() 1105702336 M * Seraph Loki|muh: just don't try the other way around.. compiling amd64 on i386 will tell you that amd64 is no valid arch.. and compiling x86_64 as arch will tell that this is not supported by debian.. *g* 1105702338 J * mhepp ~mhepp@r72s22p13.home.nbox.cz 1105702347 M * Bertl (also rename it to vc_set_iattr within the printk) 1105702365 M * Seraph Bertl: line 100? 1105702383 M * Seraph static int __vc_set_iattr(struct dentry *de, uint32_t *xid, uint32_t *flags, uint32_t *mask) 1105702385 M * Bertl similar place than with the get 1105702387 M * Seraph { 1105702389 M * Seraph struct inode *in = de->d_inode; 1105702392 M * Seraph int error = 0, is_proc = 0, has_xid = 0; 1105702392 M * Bertl nope 1105702394 M * Seraph printk("vc_set_iattr(%d)\n", id); 1105702397 M * Seraph if (!in || !in->i_sb) 1105702399 M * Seraph like so? 1105702403 M * Seraph *g* good i was asking.. 1105702417 M * Bertl int vc_set_iattr not __vc_set_iattr ;) 1105702438 M * Seraph line 177 then 1105702449 M * Seraph int vc_set_iattr(uint32_t id, void __user *data) 1105702449 M * Seraph { 1105702449 M * Seraph struct nameidata nd; 1105702449 M * Seraph struct vcmd_ctx_iattr_v1 vc_data; 1105702449 M * Seraph int ret; 1105702452 M * Seraph printk("vc_set_iattr(%d)\n", id); 1105702454 M * Seraph if (!capable(CAP_SYS_ADMIN) || !capable(CAP_LINUX_IMMUTABLE)) 1105702457 M * Seraph return -EPERM; 1105702459 M * Seraph alright? 1105702462 M * Bertl yep fine! 1105702472 M * Seraph let's bring it on ;) 1105702549 M * sannes :) 1105702658 M * Seraph Bertl: done. 1105702694 M * sannes diff 1.9.4 1.9.3 ? 1105702763 M * Bertl you want one? you have one? ;) 1105702823 Q * prae Quit: Lost terminal 1105702844 M * sannes .. diff 1.9.3.17 and 1.9.4-rc1 ? 1105702882 M * Bertl basically the http://vserver.13thfloor.at/Experimental/delta_norcu.diff 1105702961 M * sannes no rcu, so you removed it? 1105702972 M * Seraph Bertl: looks better the new logfile, eh? ;) 1105702995 M * Bertl yes 1105703037 M * sannes must have misunderstood, I tought you were implementing it? 1105703058 M * Bertl Seraph: unfortunately there is no case where it would return EINVAL ... so where are the einval coming from? 1105703082 M * Seraph Bertl: just assume that i have virtually no idea of vserver.. 1105703093 M * Bertl sannes: we are adding and removing the rcu stuff for some while now 1105703114 M * Seraph Bertl: i can do some debugging if asked for logs or gdb/strace.. but i have no idea where that error is at or i would at least have tried to get a picture of it myself.. 1105703120 M * Bertl sannes: (see version log in kernel/vserver/context.c) 1105703167 M * Bertl Seraph: yeah, we need to find an entry where some version of the setattr --admin/hide/watch fails ... 1105703195 M * Bertl best to call the vprocunhide script with bash -x and see what entries actually fail ... 1105703258 M * sannes Bertl : lol 1105703297 M * sannes Bertl : I guess v0.11 says something like: revert to non RCU again? 1105703358 M * Seraph Bertl: check the log now 1105703444 M * Bertl okay, let's try /usr/sbin/setattr -x '--!hide' /proc/sys/debug/exception-trace 1105703455 M * Bertl does this give EINVAL? 1105703531 M * Seraph Bertl: nope 1105703599 M * Seraph strace -fF -o vprocunhide.proc-net /usr/sbin/setattr -x '--!hide' -R /proc/net/ 1105703601 M * Seraph gives it 1105703639 M * Seraph i've uploaded their logs.. 1105703651 M * Bertl well, I don't want the -R in there ... 1105703669 M * Bertl so let's find a single entry where it happens without -R 1105703697 M * Bertl (I actually doubt that it will happen, as I tend to believe it's a pure userspace issue) 1105703815 M * Seraph from the logs it looks like the problem only exists with -R 1105703827 M * Seraph none of the single setattr calls fails.. 1105703838 M * Seraph and i can also run setattr on /proc/net/snmp6 1105703842 Q * ola Remote host closed the connection 1105703855 M * Seraph (without the -R and it works just nicely..) 1105703866 M * Bertl Seraph: okay, what compiler/glibc/etc are your using for the tools? 1105703878 M * Seraph gcc 3.3.5 1105703881 M * Seraph dietlibc 1105703888 M * Seraph what else? 1105703890 M * Bertl dietlibc with fix? 1105703899 M * Seraph dietlibc from Debian unstable.. 1105703905 M * Seraph which compiles ok on amd64 too 1105703910 M * Seraph so i assume it's fixed.. 1105703919 M * Bertl well, the broken one compiled fine too ;) 1105703925 M * Seraph hmm 1105703931 M * Bertl just the tools started to segfault in various places 1105703957 M * Seraph 0.27-7 1105703963 M * Seraph if that's helping anything 1105704020 M * Seraph http://packages.debian.org/changelogs/pool/main/d/dietlibc/dietlibc_0.27-7/changelog 1105704024 M * Seraph tells what's changed.. 1105704034 M * Seraph i read some cvs updates in there.. 1105704045 M * Seraph it's just a matter of what's "the fix" that's needed.. 1105704068 M * Seraph but for a quick test i'll recompile using glibc 1105704114 M * Bertl http://www.linuxtv.org/cgi-bin/cvsweb.cgi/dietlibc/syscalls.s/environ.S.diff?r1=1.9&r2=1.10 1105704230 M * Seraph Bertl: nope, that fix ain't in there.. 1105704256 Q * mhepp Remote host closed the connection 1105704314 M * Seraph there's not even a bug for this in the Debian BTS.. *sigh* 1105704369 M * Seraph uhm 1105704388 M * Seraph hold it 1105704390 M * Seraph it's in.. 1105704398 A * Seraph should look more closely.. 1105704404 M * Seraph ok, so the dietlibc is up2date.. 1105704419 M * Bertl what did the test with glibc show? 1105704429 M * Seraph nothin yet.. still was looking at dietlibc.. 1105704447 M * Bertl k, and what tools do you use? i.e. where are they from 1105704454 M * Seraph Debian unstable ;) 1105704466 M * Seraph i.e. my own util-vserver alpha deb =) 1105704598 M * Bertl hmm ... 1105704631 M * Seraph 29652 SYS_273(0x26020001, 0, 0xffff6770, 0xffff67d5, 0x555550d2) = -1 EINVAL (Invalid argument) 1105704634 M * Seraph 29652 write(2, "/proc/net/snmp6", 15) = 15 1105704637 M * Seraph 29652 write(2, ": ", 2) = 2 1105704639 M * Seraph 29652 write(2, "Invalid argument", 16) = 16 1105704640 M * Seraph not very much better, eh? ;) 1105704642 M * Seraph 29652 write(2, "\n", 1) = 1 1105704645 M * Seraph .. 1105704674 M * Bertl well, the thing is we can add another printk at the end ... just to verify that the call succeeds ... 1105704683 M * Seraph ok, tell me 1105704889 M * Bertl around line 186 1105704895 M * Bertl in kernel/vserver/inode.c 1105704910 M * Bertl right after the: 1105704911 M * Bertl if (copy_to_user (data, &vc_data, sizeof(vc_data))) 1105704911 M * Bertl ret = -EFAULT; 1105704921 M * Bertl before return ret; 1105704927 M * Bertl let's add: 1105704971 M * Bertl printk("vc_set_iattr(%d) done. ret=%d\n", id, ret); 1105705032 M * Seraph alrighty ;) 1105705252 M * Seraph Bertl: files updated.. 1105705252 Q * sannes Read error: Connection reset by peer 1105705259 M * Seraph Bertl: and running back on the dietlibc-version 1105705336 M * Bertl hmm, strange, we actually have EINVALs here ... 1105705349 M * Hollow who is responsible for the mailinglist? 1105705351 M * Doener Seraph: that bug _is_ in the debian BTS... i reported that bug... was fixed in 0.27-2 IIRC 1105705369 M * Seraph Doener: yes and it *IS* fixed as i pointed out.. 1105705384 M * Seraph Doener: i was just not checking the dpatches too.. 1105705397 M * Seraph Doener: but trying to compile it with the fix failed as should =) 1105705402 M * Doener hm, guess i should look more closely at my irc then ;) 1105705413 M * Doener sorry 1105705416 M * Seraph np 1105705420 M * Bertl Seraph: could you make a diff between the uncahnged kernel/vserver/inode.c and your current version for me? 1105705431 M * Seraph sure 1105705497 M * Seraph hmm 1105705506 M * Seraph i need to put the vserver patch on there, right? 1105705516 M * Seraph or you plain want the entire file? 1105705526 M * Seraph vanilla 2.6.10 doesn't ship with kernel/vserver/ 1105705527 M * Seraph *g* 1105705530 M * Bertl guess the file is easier for you ;) 1105705546 M * Seraph as thou wish.. 1105705574 M * Seraph is up 1105705676 M * Bertl hmm, the mask is complete garbage, didn't notice that before ... 1105705703 M * Seraph *ggg* 1105705709 M * Seraph so what's the fix? 1105705710 M * Bertl that is probably why it fails ... 1105705723 M * Bertl you have to look in the userspace source code for that ... 1105705748 M * Bertl 000001003a5da9d8 [0,4,ffff5cd7] is_proc=1 1105705762 M * Bertl here for example, the ffff5cd7 is the mask 1105705785 M * Bertl which looks rather random to me over the various invocations 1105705805 M * Seraph nothin alike in the source 1105705809 M * Bertl everytime the IATTR_XID is accidentially set ... 1105705824 M * Bertl it will fail for good reason ... 1105705841 M * Seraph ndim: ping? 1105705852 M * Bertl vcmd_ctx_iattr_v1 <-- struct used here ... 1105705868 M * Bertl (it contains the .mask) 1105705868 Q * we2by Read error: Connection reset by peer 1105705877 Q * grecea Remote host closed the connection 1105705920 M * Seraph (sid)kk@nyx:~/src/util-vserver/build-area/util-vserver-0.30.196$ grep vcmd_ctx_iattr_v1 . -rn 1105705923 M * Seraph ./kernel/inode.h:22:struct vcmd_ctx_iattr_v1 { 1105705926 M * Seraph ./lib/syscall_getiattr-v13.hc:29: struct vcmd_ctx_iattr_v1 attr; 1105705926 M * Seraph that's what i find.. 1105705929 M * Seraph ./lib/syscall_setiattr-v13.hc:28: struct vcmd_ctx_iattr_v1 attr; 1105705931 M * Seraph (sid)kk@nyx:~/src/util-vserver/build-area/util-vserver-0.30.196$ 1105705941 M * Seraph but all those are just definitions.. none of them actually defines a value in there 1105705982 M * Bertl it's probably used in the setattr.* files 1105706025 M * Bertl check the cvs version, maybe that is already fixed ... 1105706139 M * ndim Seraph: pong (but I have to leave soon) 1105706196 M * Seraph ndim: how do make your rollup dpatch be caught up to cvs? 1105706216 M * Bertl Seraph: is that 32 bit userspace? 1105706219 M * Seraph ndim: or maybe can you just do a quick updated version? 1105706221 M * Seraph Bertl: Yes. 1105706228 M * Bertl and 64bit kernel? 1105706233 M * Seraph Bertl: Yes. 1105706243 M * Bertl hmm, guess we have an issue there ... 1105706251 M * Seraph Bertl: *g* so i thought.. 1105706259 M * Seraph Bertl: but at least the same endianess.. 1105706306 M * Bertl you have to teach the userspace that pointers are 64bit not 32bit when doing the syscall ... 1105706315 J * grecea ~grecea@h-195-22-237-74.mdl.net 1105706326 M * Bertl what IMHO happens here is that: 1105706329 M * Bertl struct vcmd_ctx_iattr_v1 { 1105706329 M * Bertl const char __user *name; 1105706329 M * Bertl uint32_t xid; 1105706329 M * Bertl uint32_t flags; 1105706329 M * Bertl uint32_t mask; 1105706331 M * Bertl }; 1105706349 M * Bertl the const char __user *name; is 4 bytes in your userspace 1105706368 M * Bertl (where it is 8 bytes in the kernel) 1105706387 M * Bertl don't know how to 'define' that properly for userspace ... 1105706441 M * Seraph don't look at me.. i won't know either.. 1105706459 M * Seraph ensc: hehe, any idea over there? 1105706694 J * sannes ~ace@home.skarby.no 1105706697 M * Seraph Bertl: can we mask it 32bit in the kernel for the time being? 1105706710 M * Seraph Bertl: just to verify that it needs to be fixed that way? 1105706715 M * ndim Seraph: Have a look at http://vserver.lauft.net/wegen/util-vserver/ - you will find patches between source trees and between tarballs there. 1105706737 M * ndim Seraph: ship-docs is what you want. 1105706747 M * Seraph ndim: du hast du viel zeit.. so viel HTML style.. tststs.. 1105706771 M * Bertl Seraph: not the issue .. you need to change the kernel/inode.h in the tools to something like: 1105706777 M * Bertl struct vcmd_ctx_iattr_v1 { 1105706792 M * Bertl uint64_t name; 1105706795 M * Bertl ... 1105706799 M * ndim Seraph: Das Setup kann ich recyceln. Sonst haette ich das auch nicht gemacht. Ich sage nur "yate" :) 1105706814 M * Seraph ndim: *ggggggggggggggggggggggggggggggggg* 1105706820 M * Bertl and typecast the pointer to uint64_t 1105706830 M * Seraph ndim: ok, i want release_to_latest_cvs PLUS the release_to_ship_docs? 1105706844 M * Bertl ndim: german is over there ----> 1105706885 M * ndim Seraph: Why not release_to_ship_docs? 1105706904 M * ndim Oh. And the tar patch, please, not the source patch. 1105706912 M * Seraph Bertl: the one that right now reads: 1105706914 M * ndim http://vserver.lauft.net/wegen/util-vserver/#patch-matrix 1105706916 M * Seraph struct vcmd_ctx_iattr_v1 { 1105706916 M * Seraph const char __user *name; 1105706916 M * Seraph uint32_t xid; 1105706930 M * Seraph Bertl: and for sure not *name? 1105706945 M * Bertl well, you need a 64bit pointer for name there ... 1105706964 M * Bertl if the userspace just does 32bit pointers, you have to circumvent that somehow 1105706996 M * Seraph hmm, sure.. i was just asking if the syntax is indeed as you wrote above.. 1105707018 M * Seraph Bertl: so you think only that line 23 fixed and off you go? 1105707045 M * Bertl probably will give you a bunch of warning and protests ... 1105707065 M * Bertl (compiler wise) so you might need to cast the assignments 1105707142 M * Seraph it at least compiled ok.. 1105707180 M * Seraph *g* 1105707196 M * Seraph i get some Kernel Oops reported by syslog.. 1105707205 M * Seraph apparently a non-fatal one.. 1105707315 M * Bertl what does it say? 1105707320 M * Seraph mmh, looks like the fix is a bit incomplete so far 1105707325 M * Seraph when trying to strace i only get: 1105707331 M * Seraph root@nyx:~# strace -o vprocunhide.strace -fF /etc/init.d/vprocunhide start >vprocunhide.log 2>&1 1105707335 M * Seraph Message from syslogd@deb at Fri Jan 14 13:54:57 2005 ... 1105707336 M * Seraph and it stops there.. 1105707338 M * Seraph deb kernel: Oops: 0000 [21] 1105707341 M * Seraph Message from syslogd@deb at Fri Jan 14 13:54:57 2005 ... 1105707343 M * Seraph deb kernel: CR2: fffffffffffffff2 1105707420 M * Bertl that's not much ;) 1105707434 M * Seraph i think we're by far better off telling the kernel that the mask is 32-bit-only.. 1105707444 M * Seraph Bertl: instead wildly poking the userland 1105707451 M * Seraph at least until we're sure that's it.. 1105707468 M * Bertl you can try, I'm curious how you would do that ... 1105707496 M * Seraph hehe, i've no idea.. 1105707498 M * Bertl (because the other entries are misaligned) 1105707498 M * Seraph i hoped you had.. 1105707537 M * Seraph hmm, for that call just shortening the upper half by plain cutting that part off? 1105707559 M * Seraph i mean just for where setattr is at.. 1105707600 M * Bertl the pointer is not the issue here, the other entries in that struct are different on userspace ... 1105707639 M * Seraph hmmm 1105707660 M * Seraph alright.. let's do very dirty voodoo here.. 1105707666 M * Seraph and plain install the amd64 deb 1105707726 M * Seraph *g* 1105707726 Q * sannes Read error: Connection reset by peer 1105707731 M * Seraph apparently that one works.. 1105707762 M * Seraph root@nyx:~# vserver sid1 start 1105707762 M * Seraph The following problem(s) were encountered while verifying vshelper 1105707762 M * Seraph functionality: 1105707762 M * Seraph * File '/proc/sys/kernel/vshelper' does not exists but is required for vshelper setup 1105707763 M * Bertl as the arch is little endian, you could try to add 1105707765 M * Seraph hmm 1105707774 M * Bertl struct vcmd_ctx_iattr_v1 { 1105707786 M * Bertl uint32_t _dummy; 1105707796 M * Bertl const char __user *name; 1105707837 M * Bertl hmm ... no the other way around I guess 1105707897 M * Seraph ok 1105707902 M * Seraph let's give that a try 1105707965 M * Bertl but many other structures will have similar issues, I guess it requires a 32bit call interface ... 1105708004 M * Seraph Bertl: nope, that fix is plain oopsing too 1105708058 M * Seraph Bertl: i guess i'll leave the amd64 binary in place for the time being.. 1105708076 M * Bertl yep, it's a much better solution right now ... 1105708090 M * Seraph once you have fixed that 32/64 bit issue, just yell for me and i'll see what i can do =) 1105708091 M * Bertl actually the 32bit version should not use the 64bit syscall 1105708110 M * Bertl (but it does, and there is no 32bit syscall atm) 1105708233 M * Bertl guess a compat layer for that shouldn't be too hard to do ... we'll address that next week ... 1105708249 M * Seraph excellent. 1105708442 M * Bertl okay, I'm back later ... off for now 1105708455 M * Seraph thnx for the help so far =) 1105708471 M * Bertl you're welcome! 1105708476 N * Bertl Bertl_oO 1105709503 M * ndim patch: pch.c:621: intuit_diff_type: Assertion `i0 != NONE' failed. 1105709513 M * ndim I have such a bad karma when it comes to tools. 1105709772 J * prae ~prae@sherpadown.net 1105711670 M * pulsar http://www.yaplakal.com/uploads/previews/post-2-1097659403.jpg <-oftopic 1105714735 J * root ~root@rev.193.226.233.94.euroweb.hu 1105714739 N * root Rusty` 1105714761 M * Rusty` hello guys 1105714763 M * Rusty` :) 1105714795 M * Rusty` i have a very big problem with vserver 1105714886 J * sannes ~ace@home.skarby.no 1105715080 M * Rusty` i use sshfs (sshfs is like ftpfs, only it's obviously with the ssh protocol) to mount a directory (read-only) from the "mother" server to a directory found in the vserver's directory structure... the problem is that, the mounted directory is not there in the vserver only if i restart it... 1105715133 M * Rusty` anybody use solution like this for mounting directory's to a vserver? what i'm doint wrong? 1105715149 M * pulsar mount -o bind ? 1105715199 M * Rusty` pulsar: yes, it's a good solution, but with "mount --bind" i can't do read-only.... 1105716854 M * Doener Rusty`: with bme you can. 1105716854 M * Doener anyway, you're probably using namespaces. that means that you have to do the mount in the vserver's namespace, otherwise it won't appear. to enter that namespace use: vnamespace -e your-command-here 1105717231 M * Rusty` can you tell me, what xid means? 1105717331 M * pulsar Rusty`> try vserver-stat 1105717469 M * Doener the vserver's context id 1105717499 M * Rusty` thanks, so i need to fix in the vserver's config file the context id? 1105717509 M * Rusty` it is changing on reboot? 1105717717 M * daniel_hozac using the name of the vserver should work as well. 1105717730 M * daniel_hozac but static xids are recommended, from what i've gathered. 1105717937 J * Brucey cinacio@snape.aspic.com 1105717949 M * Brucey hello :) 1105718062 M * Doener Rusty`: i'd go for a) static xids and b) bind-mount extensions (bme). The latter allows to have ro bind-mounts. 1105718200 M * Rusty` Doener: can i read anywhere about a bind-mount? 1105718211 M * Rusty` or how can i download it? :) 1105718357 M * Doener http://vserver.13thfloor.at/Experimental/BME/ 1105718393 M * Doener don't know if there's a version for more recent kernel versions (maybe the 2.6.8.1 patch applies just fine?) 1105718505 M * Rusty` Doener: thanks 1105719127 M * Rusty` In file included from include/linux/proc_fs.h:6, 1105719127 M * Rusty` from init/main.c:17: 1105719127 M * Rusty` include/linux/fs.h: In function `touch_atime': 1105719128 M * Rusty` include/linux/fs.h:1040: error: `MNT_NOATIME' undeclared (first use in this function) 1105719128 M * Rusty` include/linux/fs.h:1040: error: (Each undeclared identifier is reported only once 1105719129 M * Rusty` include/linux/fs.h:1040: error: for each function it appears in.) 1105719129 M * Rusty` include/linux/fs.h:1042: error: `MNT_NODIRATIME' undeclared (first use in this function) 1105719130 M * Rusty` include/linux/fs.h:1044: error: `MNT_RDONLY' undeclared (first use in this function) 1105719130 M * Rusty` make[1]: *** [init/main.o] Error 1 1105719147 M * Rusty` with linux kernel 2.6.10-rc3 is doesn't works :( 1105719225 Q * pulsar Remote host closed the connection 1105719777 Q * grecea Read error: Connection reset by peer 1105719791 J * grecea ~grecea@h-195-22-237-74.mdl.net 1105720458 Q * ndim Ping timeout: 480 seconds 1105720764 J * ndim U2FsdGVkX1@helena.bawue.de 1105720950 Q * BWare Quit: using sirc version 2.211+KSIRC/1.3.10 1105721152 J * timothy ~timothy@212.123.1.4 1105721165 M * timothy hi 1105721181 M * timothy anyone alive? 1105721206 M * Loki|muh sure :) 1105721622 M * timothy how can I have a loopback interface inside a vserver? 1105721763 M * Loki|muh sorry, I dont know, maybe you wanna wait for Bertl or Doener, I guess they know more ;) 1105721981 M * timothy ok thanks 1105722707 J * mjung ~madbob@contact.mpi-sb.mpg.de 1105722745 M * mjung hi. 1105722866 M * mjung are you annoyed at newbie 'please help me' questions, or is there somebody with some time to help me? 1105722987 M * Loki|muh hehe, state your question and we will see, if we could answer :) 1105723292 M * Rusty` Doener: do you know about a BME patch, that is compatible with linux kernel 2.6.10? 1105723389 M * mjung Ok, when I try to start the machine, i get WARNING: can not find configuration, assuming legacy method 1105723452 M * mjung and: vserver dopey enter 1105723452 M * mjung WARNING: can not find configuration, assuming legacy method 1105723452 M * mjung SIOCSIFBRDADDR: Cannot assign requested address 1105723452 M * mjung SIOCSIFFLAGS: Cannot assign requested address 1105723452 M * mjung ipv4root is now 212.112.233.254 1105723454 M * mjung chcontext: vc_new_s_context(): Operation not permitted 1105723531 M * Loki|muh the warning is because you have no /etc/vserver/dopey/ directory-structure which is the new configuration layout 1105723593 M * mjung ok. i i think i have to build it on my own, newvserver from vserver-debiantools won't help here. is this right? 1105723620 M * Loki|muh i have no experience with the debian-packages 1105723626 M * Loki|muh i build all on my own 1105723790 M * mjung can you give me a link to documentation where to find infos about the new config-structure? 1105723795 M * Loki|muh sure, mom 1105723810 M * Loki|muh http://www.linux-vserver.org/index.php?page=alpha+util-vserver 1105723828 M * Loki|muh http://www-user.tu-chemnitz.de/~ensc/util-vserver/doc/conf/configuration.html <-- try another layout, gras1 is nice ;) 1105723836 M * Loki|muh the default layout sucks ;) 1105724168 M * timothy exit 1105724176 M * timothy wrong window 1105724184 M * Loki|muh hehe :) 1105724446 M * mjung Loki|muh: is this always one file with one line? 1105724457 M * Loki|muh mostly 1105724493 M * mjung is there somewhere a template or an example or even better could you provide me one please? 1105724560 M * Loki|muh there is a build target namen skeleton 1105724568 M * Loki|muh search for it in the first link 1105724585 M * mjung oh, I just was looking around in the second page. 1105725237 N * chris|sleep chrish01 1105725530 M * mjung Loki|muh: thank you, now i got the machine back running. just a last question so far: is this 1.9.3 vserver and utils 0.30.196 usable for webhosting environment? 1105725579 M * Loki|muh i have 7 machines running in production enviroment with this configuration :) 1105725594 M * mjung ok, i think this is a yes. 1105725607 M * mjung thank you very much for giving me the hints/links. 1105725616 M * Loki|muh you're welcome :) 1105725714 M * Loki|muh mjung: afaik 1.9.3 has some problems with smp and a few other things, I dont know much about that, but be careful and test the machines ;) 1105726591 Q * pflanze Ping timeout: 480 seconds 1105727021 Q * Brucey Quit: "Give me life, give me pain, give me myself again" 1105727472 Q * prae Quit: leaving 1105728335 Q * serving Read error: Connection reset by peer 1105728733 Q * chrish01 Quit: Leaving 1105728747 J * Borg_Number_One ~Borg@p508876B6.dip0.t-ipconnect.de 1105728792 M * Borg_Number_One Hi Paul Sladen... I want to talk about BIOS-Modification... You surely know the BNOBTC (BIOS Tool collection) (http://bnobtc.pix-art.com) 1105729042 M * Borg_Number_One relating to this http://www.paul.sladen.org/thinkpad-r31/wifi-card-pci-ids.html I could successfully download the BIOIS-Update: ftp://ftp.software.ibm.com/pc/pccbbs/mobiles/spsd1u63.exe , after running the "image-to-disk-IBM-self-extractor" I cannot open the file: "$0193000.FL1". Neither with PHNXDECO nor with Phoenix BIOS-Editor...it seems to be protected anyhow. 1105729157 Q * Borg_Number_One Quit: 1105729238 Q * rs Quit: leaving 1105730468 J * prae ~prae@sherpadown.net 1105730536 J * Tbery ~tb@rt-pha-1.karneval.cz 1105730540 M * Tbery Hi 1105730682 J * chrish01 ~chrish01@69.90.131.10 1105730775 Q * Tbery Remote host closed the connection 1105730797 Q * timothy Read error: Operation timed out 1105730873 J * Tbery ~tb@rt-pha-1.karneval.cz 1105730928 M * Tbery can zou hepl me some body??? 1105730937 M * Tbery with secupe proc?? 1105730941 M * Tbery secure?? 1105731252 Q * Rusty` Quit: using sirc version 2.211+KSIRC/1.3.10 1105731545 J * pflanze ~chris@imes-leo-142-dhcp.ethz.ch 1105731742 M * Doener Tbery: your ? key seems broken ;) 1105731750 M * Doener anyway, what's your problem with proc security? 1105732385 M * Tbery how to use.. 1105732409 M * Doener kernel version? 1105732412 M * Tbery 2.6.8 1105732438 M * Doener have you read the information in the wiki? 1105732455 M * Tbery yes 1105732468 M * Tbery what packages do zou use__ 1105732477 M * Tbery own compile or from debian.. 1105732504 M * Doener i usually go with the upstream sources 1105732526 M * Doener debian's current util-vserver package does not come with the necessary tools 1105732551 M * Tbery I try use sources.. 1105732552 M * Doener you may want to talk to Seraph or ndim about their alpha util-vserver debian package 1105732583 M * Doener IIRC there's another guy creating such packages, but i don't remember who it is 1105732592 M * ndim Ola? 1105732604 M * ndim He's the official maintainer, and he works with us. 1105732609 M * Doener does ola have alpha uv packages yet? 1105732673 M * ndim No. He has started to work with us on ours, though :) 1105732676 M * Tbery what version is good?? I use 2.6.8 1105732693 M * ndim If you need a Debian package in a hurry, though, try http://vserver.lauft.net/wegen/util-vserver/debian/merge/ 1105732712 M * Doener i prefer 2.6.10, but Bertl likes 2.6.9 better, seems to be machine dependent atm :( 1105732778 M * Tbery will they run with 2.6.8?? a patch?? 1105732795 M * Tbery on 2.6.9 I had problems.. 1105732805 M * Tbery with so aplicatin on servers.. 1105732824 M * Tbery no one mz servers hav trobles..with vservers... 1105732835 M * Doener Tbery: the tools should work with any 1.9.x series vserver patch 1105732862 M * Tbery ok.. 1105732879 M * Tbery can I use patch 1.9.3 on 2.6.8?? 1105732936 M * Doener no, not without some work... some kernel internals changed between 2.6.8 and 2.6.9 1105733138 J * frzzz ~frzzz@jaim.at 1105733204 P * frzzz 1105733960 N * chrish01 chris|lunch 1105734636 M * Tbery need some texts for studing.. 1105734639 M * Tbery vservers,.. 1105735101 P * pflanze 1105735297 J * serving ~serving@213.186.182.244 1105736671 N * chris|lunch chrish01 1105736930 M * Tbery how use setattr --~hide /proc/loadavg 1105736939 M * Tbery in main server on in vservers.. 1105737166 J * yarihm ~yarihm@80-218-0-181.dclient.hispeed.ch 1105739986 J * marmotte ~marmotte@ca-metz-1-173.w80-8.abo.wanadoo.fr 1105740030 M * marmotte hi all ! 1105740102 J * _are_ ~are@dsl-084-056-159-101.arcor-ip.net 1105740110 M * _are_ hi 1105740155 M * marmotte is there anyone who can give me a link on a howto which explain _clearly_ how to configure my host pc as a gateway and howto create a virtual lan with vservers which can be connected through that gateway 1105740198 M * _are_ doubt this link exosts 1105740212 M * marmotte it is what i thought 1105740224 M * marmotte are you configured such a network ? 1105740233 M * _are_ however, I knew a few people in here use vservers for firewalls/DMZ setups 1105740247 M * marmotte this is what i need 1105740260 M * _are_ i myself so far only do normal server farms on vservers, e.g. samba, mail, web, dhcp, backup 1105740313 M * marmotte so are you able to help me ? 1105740327 M * _are_ but for your setup I assume it should not require extra work from normal setups 1105740338 M * marmotte i have already configure almost all 1105740339 M * ndim eh. vserver vs vserver confusion? 1105740386 M * _are_ ndim: to my understanding marmotte wants to do a vserver setup that acts as firewall, router and dmz same time 1105740425 M * _are_ so i think we all talk about same vserver here 1105740482 M * marmotte _are_, not really 1105740495 M * _are_ :-/ 1105740500 M * marmotte i would like a vserver for apache web server 1105740507 M * marmotte an other for ssh 1105740520 M * marmotte all protected by my host 1105740533 M * _are_ marmotte: you want 1 pc TO RUN MULTIPLE SERVERS OR MULTIPLE pcS LOOKIN LIKE 1 SERVER? 1105740535 M * marmotte which will act as a gateway for them 1105740539 M * _are_ sorry for caps 1105740576 M * marmotte 1 pc with multiple vservers 1105740604 M * _are_ ok, so we at least talk about same vserver then 1105740632 M * marmotte i have already installed and patch kernel, and installed 1 vserver 1105740646 M * marmotte it can ping my host, and my host can ping it 1105740661 M * _are_ for your very setup, I'd probably set up the IP-adresses for the single servers via lo:n 1105740697 M * _are_ however, if you want to run some firewalling code on ths, you have to do it on the main server 1105740715 M * marmotte yes, Netfilter will run on my host 1105740740 M * _are_ within a vserver you can't do iptables speeratly 1105740769 M * marmotte yes i know, because iptables is in the memory 1105740786 M * ndim Only with NGNET you can do iptables in vserver guests, right? 1105740805 M * marmotte i don't know NGET 1105740827 M * _are_ i never used ngnet, so no idea. but from the talk in here, ngnet is the solution to all network problems. ;) 1105740858 M * ndim yupp, thats what i think, too :) 1105740913 M * marmotte i have configured my http_server vserver like that: 1105740927 M * marmotte S_HOSTNAME="http_server" 1105740931 M * marmotte IPROOT="eth1.1:10.0.0.1" 1105740956 M * marmotte because i want to make vlan, so i was told to write eth1.1:xxx 1105740968 M * marmotte and no IPROOTDEV 1105740981 M * marmotte S_FLAGS="lock nproc" 1105740988 M * marmotte ULIMIT="-H -n 1024" 1105740993 M * marmotte S_CAPS="CAP_NET_RAW" 1105740995 M * _are_ hmm, you use ld configuration format, i only use new one, so can't tell you about syntax 1105740997 M * marmotte that's all 1105741017 M * _are_ whatfor CAP_NET_RAW? 1105741047 M * marmotte old configuration format ? it exists a new one ? CAP_NET_RAW was set by default 1105741075 M * _are_ well, 1.29 tools vs 1.30.x 1105741083 M * _are_ called alpha tools 1105741108 M * marmotte oh, they are not packaged with my Debian 1105741118 M * _are_ yes, i know 1105741174 M * marmotte in the iptables configuration, what are the line(s) i need to permit access from my vserser to internet ? 1105741267 M * meebey [pid 32414] sched_setscheduler(0, SCHED_RR, { 10 }) = -1 EPERM (Operation not permitted) 1105741277 M * meebey does vserver restricted this? 1105741291 M * meebey 1.28 that is 1105741376 M * Doener meebey: needs CAP_SYS_NICE 1105741393 M * meebey Doener: thanks 1105741398 M * marmotte meebey, is this question for me ? 1105741399 M * meebey Doener: current asterisk needs that! 1105741410 M * meebey Doener: I will add it to the wiki 1105741424 M * meebey I just upgraded and asterisk didnt start anymore 1105741437 M * Doener hehe, i won't ask you what you need it for ;) i know your not aiming at security in the first place 1105741470 M * meebey Doener: :-P nice should be not too insecure anyway 1105741500 M * meebey Doener: a bad root could make the machine slow, bad that could do any process bomb anyhpw 1105741510 M * meebey s/bad/but/ 1105741556 M * Doener hm, well... IIRC real time processes have to yield the cpu, otherwise they just keep it... for(;;); would be quite bad then... 1105741596 M * Doener no, i won't try out to confirm ;) 1105741644 Q * Wicked187 Quit: BitchX: a modern client for a old world 1105741669 M * marmotte _are_, so, have you got an idea about howto make vserver pass the firewall ? 1105741788 M * _are_ marmotte: well, just business as usual, do interfaces like it was different machines 1105741828 M * _are_ 1 vserver has an ip on your network card where the network routes to, an internal network ip on e.g. lo:0. 1105741841 M * _are_ all vservers have ips on lo:n in same network 1105741883 M * _are_ then set up firewalling rules on the main server and point your networks routes for this private network to the ip you gave the first gateway vserver 1105741896 M * _are_ or am i to simple minded here? 1105741943 M * marmotte i have several network alias device 1105741961 M * marmotte in my vserver i say 1105742007 M * marmotte i don't know what is rules to put in iptables: is it masquerading, SNAT ? 1105742105 M * _are_ iptables do the firewalling based on IPs, not interfaces as all aliases are regarded as one interface 1105742155 M * marmotte yes, so i can i do to let pass and retun packet from vserver ? 1105742156 M * _are_ snat on external interface you do via iproute2 tool 'ip' to my knowledge 1105742177 M * _are_ i assume so, however, never done it myeelf, only use vservers for 1 month now 1105742258 M * marmotte i will try some rules with SNAT 1105742535 M * marmotte _are_: thanks, i will say here if i have managed to do that 1105743191 M * meebey snat works with netfilter/iptables 1105743229 M * meebey does vserver foo exec bar need a tty? 1105743241 M * meebey I have problems starting a program from a tty-less script 1105743289 M * _are_ meebey: no idea 1105743298 N * _are_ are|afk 1105743413 J * Rusty Rusty@3e44a83a.adsl.enternet.hu 1105743428 M * Rusty hi guys 1105743429 M * Rusty :) 1105743431 N * Rusty Rusty` 1105743436 J * nayco ~nayco@lns-vlq-47-nan-82-252-230-81.adsl.proxad.net 1105744079 M * nayco 'llo, :) ! 1105744162 M * nayco Anyone use Cups in a vserver ? It needs absolutely a lo:127.0.0.1 interface, and I dunno how to make this available inside a vserver.... 1105744811 Q * prae Quit: Pwet 1105745004 Q * nayco Quit: Bonne nuit ! 1105745494 P * marmotte 1105745499 J * prae ~prae@sherpadown.net 1105745525 J * marmotte ~marmotte@ca-metz-1-173.w80-8.abo.wanadoo.fr 1105745555 M * prae marmotte: ?! 1105745628 M * marmotte prae: oui ? 1105745662 M * prae marmotte: je suis surpris de voir un francophone ... ca va me passer ;) 1105745739 P * marmotte