1106439348 Q * we2by Quit: Leaving
1106440451 J * we2by ~jinxi@145.116.6.75
1106443263 Q * rs Quit: Lost terminal
1106443341 Q * sannes Read error: Operation timed out
1106443412 N * Doener Doener_zZz
1106446598 J * tchan_ ~tchan@c-24-13-81-164.client.comcast.net
1106446703 Q * tchan Killed (NickServ command used by tchan_)
1106446714 N * tchan_ tchan
1106449960 Q * anonymous-coward Ping timeout: 480 seconds
1106449995 Q * monrad Ping timeout: 480 seconds
1106450022 J * monrad ~monrad@213083190130.sonofon.dk
1106450113 J * eyck_ eyck@81.219.64.71
1106450145 Q * xmb Ping timeout: 480 seconds
1106450176 J * xmb ~xmb@80-218-18-128.dclient.hispeed.ch
1106450176 Q * eyck Read error: Connection reset by peer
1106450644 J * Rusty Rusty@test2.custsh.interware.hu
1106450646 M * Rusty hello guys :)
1106450653 M * Rusty is here anybody?
1106450669 Q * prae Quit: Client exiting
1106450795 Q * TheSeer Ping timeout: 480 seconds
1106450823 J * TheSeer ~theseer@border.office.salesemotion.net
1106452210 Q * Rusty Quit: 
1106455501 J * nox- ~vps@c207131.adsl.hansenet.de
1106455795 Q * nox Ping timeout: 480 seconds
1106455802 N * nox- nox
1106457663 J * sannes ~ace@home.skarby.no
1106457745 Q * TheSeer iridium.oftc.net charm.oftc.net
1106457745 Q * xmb iridium.oftc.net charm.oftc.net
1106457745 Q * monrad iridium.oftc.net charm.oftc.net
1106457745 Q * tchan iridium.oftc.net charm.oftc.net
1106457745 Q * hesus iridium.oftc.net charm.oftc.net
1106457745 Q * v00dY iridium.oftc.net charm.oftc.net
1106457745 Q * lilo iridium.oftc.net charm.oftc.net
1106457745 Q * ndim iridium.oftc.net charm.oftc.net
1106457745 Q * Medivh iridium.oftc.net charm.oftc.net
1106457745 Q * Snow-Man iridium.oftc.net charm.oftc.net
1106457745 Q * Pinnen iridium.oftc.net charm.oftc.net
1106457745 Q * no_maam iridium.oftc.net charm.oftc.net
1106457839 J * TheSeer ~theseer@border.office.salesemotion.net
1106457839 J * xmb ~xmb@80-218-18-128.dclient.hispeed.ch
1106457839 J * monrad ~monrad@213083190130.sonofon.dk
1106457839 J * tchan ~tchan@c-24-13-81-164.client.comcast.net
1106457839 J * hesus darksoul@pingu.ii.uj.edu.pl
1106457839 J * v00dY v00dy@62.241.52.143
1106457839 J * lilo ~lilo@lilo.usercloak.oftc.net
1106457839 J * ndim U2FsdGVkX1@helena.bawue.de
1106457839 J * Medivh ck@paradise.by.the.dashboardlight.de
1106457839 J * Snow-Man ~sfrost@snowman.net
1106457839 J * Pinnen ~pinnen@h194n2fls35o917.telia.com
1106457839 J * no_maam ~erik@194.95.226.17
1106457850 Q * Snow-Man Read error: Operation timed out
1106457862 J * Snow-Man ~sfrost@snowman.net
1106457903 Q * TheSeer Read error: Operation timed out
1106457979 J * no_maam_ ~erik@datenzone.de
1106457993 Q * no_maam Read error: Connection reset by peer
1106458045 Q * hesus Ping timeout: 480 seconds
1106458155 Q * Medivh iridium.oftc.net charm.oftc.net
1106458155 Q * ndim iridium.oftc.net charm.oftc.net
1106458155 Q * v00dY iridium.oftc.net charm.oftc.net
1106458155 Q * tchan iridium.oftc.net charm.oftc.net
1106458155 Q * monrad iridium.oftc.net charm.oftc.net
1106458155 Q * xmb iridium.oftc.net charm.oftc.net
1106458155 Q * lilo iridium.oftc.net charm.oftc.net
1106458155 Q * Pinnen iridium.oftc.net charm.oftc.net
1106458347 J * Pinnen ~pinnen@h194n2fls35o917.telia.com
1106458442 J * xmb ~xmb@80-218-18-128.dclient.hispeed.ch
1106458442 J * monrad ~monrad@213083190130.sonofon.dk
1106458442 J * tchan ~tchan@c-24-13-81-164.client.comcast.net
1106458442 J * v00dY v00dy@62.241.52.143
1106458442 J * lilo ~lilo@lilo.usercloak.oftc.net
1106458442 J * ndim U2FsdGVkX1@helena.bawue.de
1106458442 J * Medivh ck@paradise.by.the.dashboardlight.de
1106458447 J * hesus darksoul@pingu.ii.uj.edu.pl
1106458747 Q * lilo Remote host closed the connection
1106458758 J * lilo ~lilo@lilo.usercloak.oftc.net
1106462056 Q * dsanta Ping timeout: 480 seconds
1106467550 Q * sannes Read error: Connection reset by peer
1106467753 M * mikelcu this is just about the quietest 54 people I've ever seen
1106468162 M * xmb ull get used to that
1106469686 M * mikelcu where is CVS for the project housed anyway
1106469692 M * mikelcu bertl running it?
1106472701 N * Bertl_zZ Bertl
1106472713 M * Bertl morning folks!
1106472722 M * aba Hi Bertl 
1106472729 M * Bertl morning aba!
1106472756 M * Bertl mikelcu: what do you expect on a sunday? some folks have a real life ;)
1106472778 M * xmb arf!
1106472789 M * xmb i read fastest instead quietest
1106472789 M * mikelcu a real life?
1106472792 M * mikelcu what's that?
1106472795 M * aba Bertl: real life? What's that? The place where the pizza comes from?
1106472805 M * xmb hah
1106472808 M * mikelcu I think it was a TV show
1106472812 M * Bertl yeah, the outside .. where the daystar lurks!
1106472832 M * aba * Cannot join #reallife - you are banned
1106472839 M * Bertl LOL
1106472849 M * Bertl mikelcu: what CVS are you looking for?
1106472968 M * Bertl (or looking at?)
1106473010 M * mikelcu oh I was just curious
1106473033 M * mikelcu I suppose I meant the util-vserver cvs
1106473047 M * mikelcu but I didn't bother actually looking for it
1106473050 M * Bertl well, that is run by savannah iirc ;)
1106473055 M * mikelcu ah
1106473230 M * Bertl so if nobody has a real life here, what about some ngnet beta testing?
1106473279 M * mikelcu ok I was gonna recompile anyway
1106473335 M * Bertl rs was so kind to put up a howto ...
1106473337 M * Bertl http://linux-vserver.org/NGNET-Testing-HOWTO
1106473357 M * mikelcu I may be porting bme to 2.6.10, I need read-only bind mounts, is there anything else providing that...before I spend time on it?
1106473376 M * Bertl IIRC sannes was/is doing that ...
1106473399 M * mikelcu oh cool I hope so, I'm busy as hell as it is
1106473422 M * Bertl http://vserver.13thfloor.at/Experimental/BME/patch-2.6.10-bme0.5.05.1-dangerous.diff
1106473463 M * Bertl the explanation of the 'dangerous' part is that he wasn't sure that he got it right .... but it passed all my tests, so I guess it's fine ...
1106473543 M * mikelcu well I'm not testing on anything production, obviously, so even if it panicked it's no big deal
1106473569 M * Bertl if there is enough interest for such things (memory-split, variable HZ, Bind Mount Extensions) I am inclined to put up a kernel tree with 'useful' stuff ... just let me know ...
1106473573 M * mikelcu btw, I noticed someone was letting you all use a Sun U10
1106473584 M * mikelcu do you need any more Sun stuff?
1106473631 M * Bertl currently no sun is available for various reasons ... so doing some testing on one would be appreciated (but I got no time for testing myself atm)
1106473650 M * mikelcu I have a bunch of U10s here, I can test at least
1106473682 M * Bertl that would be great! if you encounter any issues we'll fix them asap ...
1106474011 M * mikelcu give me a day or two to get the linux U10 up to date, I've only been running my Solaris ones for the past 6 months or so
1106474029 M * Bertl hey, no problem with that at all ;)
1106474063 M * Bertl when you're ready, you're ready .. just let us know ...
1106474241 M * Bertl okay, lunch time .. back in a few ...
1106474246 N * Bertl Bertl_oO
1106474523 J * sannes ~ace@home.skarby.no
1106474785 Q * meebey Ping timeout: 480 seconds
1106475388 N * Bertl_oO Bertl
1106475399 M * Bertl I'm back ...
1106476402 J * meebey meebey@meebey.net
1106476419 M * Bertl wb meebey! hello sannes btw!
1106476768 M * mikelcu hey sannes, Bertl mentioned you might be updating the bme patch
1106477381 Q * meebey Ping timeout: 480 seconds
1106478960 N * Doener_zZz Doener
1106478968 M * Bertl morning Doener!
1106478972 M * Doener morning
1106479003 M * Doener found one bug in the openfd code, another one's out there...
1106479028 M * Bertl okay, I'll disable the code, but leave the pieces in place, hmm?
1106479117 M * matti Hi Bertl ;]
1106479125 M * Bertl greetings matti!
1106479164 M * Doener ok, but please fix the one i found ;)
1106479174 M * Bertl patch?
1106479188 M * Doener sec
1106479334 M * matti :>
1106479412 M * Doener http://doener.homeip.net/doener/vserver/openfd-fix1.diff
1106479417 M * Bertl tx
1106479447 M * Doener i guess the comment can be removed ;)
1106479499 M * Bertl well, it's fine for me ;)
1106479521 M * Doener that fixes 11 and 12, both L and D
1106479548 M * Bertl btw, I added another test .. sec I'll upload ...
1106479580 M * Doener http://pastebin.com/232405
1106479617 M * Bertl hey that looks cool ;)
1106479625 M * Doener that's what's left to fix... fd's get decreased twice for the same fd on exit
1106479649 M * Bertl could it be the fork, which is misaccounted?
1106479664 M * Bertl i.e. on fork/clone/etc we should 'duplicate' the fds?
1106479733 M * Doener the numbers within the parantheses are the fds... 0-2 get closed twice
1106479751 M * Bertl which is pretty all what a process has stdin/out/err
1106479851 M * Doener but normally they're closed only once
1106479915 M * Bertl http://vserver.13thfloor.at/Stuff/SCRIPT/testme.sh-0.09
1106479929 M * Bertl (adds two fork specific tests)
1106479953 J * prae ~prae@sherpadown.net
1106479961 M * Bertl welcome prae!
1106480086 M * Doener lunch time... back later
1106480089 N * Doener Doener|gone
1106480775 M * prae hi team :)
1106481406 Q * we2by Remote host closed the connection
1106481447 J * we2by ~jinxi@145.116.6.75
1106481572 Q * we2by Remote host closed the connection
1106481596 J * we2by ~jinxi@145.116.6.75
1106482529 N * Doener|gone Doener
1106482545 M * Bertl Doener: I guess I found the missing openfs piece ...
1106482548 M * Doener just a short visit to tell that the new tests also work for me 
1106482549 M * Bertl openfd even ;)
1106482551 M * Doener great!
1106482566 M * Bertl ah, you too?
1106482599 M * Doener no, just ran the 0.09 testme and 21 and 22 work, nothing else
1106482614 M * Bertl ah, okay .. they are _expected_ to work ;)
1106482621 M * Doener i'm just at the box for a past-lunch cigarette ;)
1106482630 M * Bertl the D/L tests are just triggers for various issues
1106482650 M * Doener works = openfd is 0 at exit
1106482691 M * Bertl hmm, that is strange then ...
1106482705 M * Doener with my patch applied that is
1106482714 M * Bertl with your latest patch I get -6 and -12 there
1106482748 M * Doener i'm using my old 2.6.10-vs1.9.3.16-openfd
1106482761 M * Doener anyway, time for a shower, back in about 20 minutes
1106482766 M * Bertl k, cya
1106482770 N * Doener Doener|gone
1106482978 Q * sannes Read error: Connection reset by peer
1106483855 J * nacl ~nacl@dsl093-174-016.pdx1.dsl.speakeasy.net
1106483864 M * mikelcu groovy
1106483864 M * Bertl welcome nacl!
1106483870 M * mikelcu naw it's just me
1106483876 Q * nacl Remote host closed the connection
1106483883 M * Bertl hmm .. k ;)
1106483946 M * Bertl testing irc clients or what?
1106483952 M * mikelcu logbot
1106483972 M * Bertl hmm, which one?
1106483989 M * mikelcu something I put together real quick
1106484005 M * Bertl but not for logging #vserver or?
1106484014 M * mikelcu yeah if you want it to
1106484029 M * mikelcu it's realtime
1106484034 M * Bertl http://irc.13thfloor.at/LOG/
1106484046 M * Bertl 1106484029 M * mikelcu it's realtime
1106484048 M * mikelcu cool
1106484440 M * aba Bertl: please hide mail addresses there, I get already enough spam :)
1106484712 M * Bertl hmm, don't paste mail adresses then ...
1106484736 M * Bertl (or paste them in a spame safe way)
1106484740 M * Bertl -e
1106484750 M * aba Bertl: someone else did that.
1106484760 M * aba ok, can you just delete mine from the log?
1106484914 N * Doener|gone Doener
1106484925 M * Doener back once again ;)
1106484948 M * Bertl wb ...
1106484977 M * Bertl Doener: I don't see how your patches could work right without changing copy_files()
1106485071 N * PazZzooo Pazzo
1106485111 M * Pazzo hi guys!
1106485124 M * Bertl morning Pazzo!
1106485124 M * Pazzo (and girls, if any :-)
1106485145 M * Pazzo moin bertl!
1106485208 M * Doener damnit, got to go...
1106485211 N * Doener Doener|gone
1106485713 J * nish ~nish@220.224.23.35
1106485733 M * Bertl welcome nish! ;)
1106485815 M * nish everning  Bertl :-)
1106486679 J * mhepp ~mhepp@r72s22p13.home.nbox.cz
1106486740 M * Bertl welcome mhepp!
1106486757 M * mhepp Hello!
1106487662 M * Bertl okay, off for now, back later ...
1106487671 N * Bertl Bertl_oO
1106489780 Q * nish Ping timeout: 480 seconds
1106489862 Q * mhepp Remote host closed the connection
1106490855 Q * are|afk Ping timeout: 480 seconds
1106490925 J * sannes ~ace@home.skarby.no
1106491392 J * gaber gaber@linux.gentoo.pl
1106491511 J * are|afk ~are@dsl-084-056-129-147.arcor-ip.net
1106491773 J * nish ~nish@220.224.14.249
1106492540 Q * gaber Ping timeout: 480 seconds
1106492551 Q * matti Ping timeout: 480 seconds
1106492593 J * matti matti@linux.gentoo.pl
1106492826 M * sannes :) morning
1106492826 J * gaber gaber@linux.gentoo.pl
1106493546 J * meebey meebey@meebey.net
1106494741 N * Bertl_oO Bertl
1106494756 M * Bertl evening folks!
1106494932 M * meebey hiya Bertl 
1106494947 M * meebey I got strange problems lately with apache and permissions, I am investigating
1106494958 M * meebey http://cvs.meebey.net/
1106494961 M * meebey thats all I get now
1106494986 M * Bertl well, looks like a bad config for apache ;)
1106495001 M * meebey if apache changes itself, yes
1106495017 M * Bertl first, add a file there ... for example xyz.txt
1106495034 M * Bertl then if this gives the same error, try to become apache
1106495046 M * Bertl and access that file (with su)
1106495063 M * Bertl (of course, reading the logs could provide valuable info too ;)
1106495272 M * meebey it happened on 21. Jan
1106495291 M * meebey 16 o clock
1106495299 M * meebey on hit before it worked, after that none
1106495314 M * Bertl did you do what I suggested?
1106495340 M * meebey I cant add files there its a python script
1106495357 M * meebey or I need to change the docroot
1106495366 M * Bertl the entrie apache is a python script?
1106495388 M * meebey ah I see all pages don't work anymore
1106495396 M * meebey gateway.meebey.net
1106495420 M * meebey there I can add a testfile
1106495426 M * Bertl good!
1106495471 M * meebey http://gateway.meebey.net/test.txt
1106495495 M * Bertl okay, now second test, as 'user' apache ...
1106495516 M * Bertl su - apache cat /path/to/test.txt
1106495553 M * Bertl most likely your root dir / lost some permissions ...
1106495560 M * meebey thats that I tried
1106495567 M * meebey it can't use the shell
1106495579 M * meebey web_bullfrog:/var# su - www-data
1106495579 M * meebey Unable to cd to "/var/www"
1106495584 M * Bertl okay, check with ls -la /
1106495592 M * Bertl hmm -lad
1106495623 M * meebey drw-r--r--   22 root     root         4096 May 23  2004 /
1106495626 M * meebey ohoh
1106495627 M * meebey no x
1106495642 M * Bertl add the x back, IIRC we did this for barrier testing, remember? ;=
1106495643 M * meebey thats the / of the vserver
1106495650 M * meebey uh
1106495652 M * meebey lol
1106495654 M * meebey it was me?
1106495662 M * Bertl most likel LOL
1106495669 M * Bertl *likely
1106495672 A * meebey takes his head and hits it against the wall
1106495693 M * meebey seems like I was not really awake at that time
1106495711 M * meebey so no user could change/read diretories
1106495763 M * meebey works again, thanks Bertl!
1106495796 M * meebey http://cvs.meebey.net/
1106495799 M * meebey :) much better
1106495847 M * Bertl you're welcome!
1106495901 M * Bertl the interesting part is the users can read the / dir, but not access anything below ...
1106495953 J * dsanta ~santa@c68.190.156.105.roc.mn.charter.com
1106496083 M * meebey :)
1106496091 M * Bertl welcome dsanta!
1106496640 Q * nish Quit: Leaving
1106497770 M * Bertl dinner time ... back later ...
1106497776 N * Bertl Bertl_oO
1106498372 Q * matti Quit: 8-X
1106499050 Q * sannes Ping timeout: 480 seconds
1106499073 J * manju1234 ~root@220.224.14.249
1106499088 M * manju1234 hi every body
1106499116 M * manju1234 i want to know how can i use selinux to handle chroot bug
1106499220 N * Bertl_oO Bertl
1106499235 M * manju1234 hi bertl
1106499237 M * Bertl manju1234: what chroot bug?
1106499264 M * manju1234 that u can escape from a chroot environment
1106499285 M * Bertl chroot for linux-vserver guest? or in general?
1106499317 M * manju1234 i dont want to use namespaces or chmod 000 /vservers solution
1106499330 M * manju1234 i m talking about chroot for linux-vserver
1106499370 M * Bertl 2.6/1.9.x has a barrier flag, which is designed for this purpose and works without namespaces
1106499410 M * manju1234 can i use selinux features to handle this
1106499423 M * Bertl don't know, wrong channel ... 
1106499485 M * manju1234 i read about this in presentation on linux-vserver in german
1106499523 M * Bertl url?
1106499730 M * manju1234 http://www-user.tu-chemnitz.de/~ensc/util-vserver/doc/virtual-servers.pdf
1106499888 M * manju1234 please go to the 46th page 
1106499982 M * manju1234 any help
1106500145 M * Bertl hmm, it has only 42 pages ;)
1106500320 M * Bertl but I found some stoff on page 13
1106500358 M * Bertl there it says: "according to Russel Coker, SELinux allows for secure chroots"
1106500374 M * Bertl and it also says that this solution is not implemented ...
1106500405 M * manju1234 sorry for inconvinience
1106500417 M * Bertl no problem! you're welcome ;)
1106500435 M * manju1234 but can u tell the feasibililty of the solution
1106500465 M * Bertl well, I don't know SElinux, but anything able to protect a directory against manipulation would suffice ...
1106500497 M * Bertl same would be valid for a stacked approach regarding chroot() i.e. a push/pop architecture
1106500535 M * manju1234 please eleborate the last point
1106500567 M * Bertl one weakness of chroot() is that you leave behind the previous chroot() on each new chroot()
1106500590 M * manju1234 ok
1106500606 M * Bertl if you would keep a history of all chroots done so far, and make sure that each new chroot is always 'below' all others ...
1106500622 M * manju1234 fine
1106500818 M * Bertl then you basically can prevent all the 'known' chroot escapes
1106500831 M * manju1234 how
1106500852 M * Bertl with the chroot() I just described ...
1106500934 M * manju1234 please explain
1106500943 M * Bertl again?
1106500980 M * Bertl do you know how chroot escapes work?
1106501039 M * manju1234 probably chroot to a lower directory and then fchdir .. etc
1106501157 M * Bertl yep
1106501214 M * Bertl so if you have a chroot stack, where all previous chroots are stored, and you do not allow to change to a dir above, then you should be safe!
1106501346 M * manju1234 and how do we prevent changing to dir above
1106501600 J * matti matti@linux.gentoo.pl
1106501801 M * Bertl by checking the lowest (current) chroot dir
1106501807 M * Bertl wb matti!
1106501835 M * manju1234 checking against what
1106501871 M * Bertl for all accesses ...
1106501892 M * Bertl (i.e. filesystem lookups)
1106501996 M * manju1234 basically we do chmod 000 to /vservers
1106502002 M * manju1234 isnt it
1106502224 M * Bertl well, no, we have some kind of 'marker' for the upper boundary (of change roots inside a vserver)
1106502250 M * Bertl for the stable 2.4 branch this is the combination of chmod 000 and chattr +t
1106502271 M * Bertl for 2.6/1.9.x this is a barrier flag, similar to the immutable flag
1106502298 M * manju1234 how does it work
1106502342 M * Bertl http://vserver.13thfloor.at/Experimental/split-vs1.9.3.14/15_inode.diff
1106502378 M * Bertl look for BARRIER
1106502383 M * manju1234 ok
1106502537 M * manju1234 this barrier flag is set for /vservers directory of for individual vps directory like /vserver/vps1
1106502553 M * Bertl for the /vservers directory
1106502584 M * manju1234 fine
1106502595 M * manju1234 got the concept
1106502688 M * manju1234 let talk about some networking stuff now
1106502817 M * manju1234 how do we bind a vserver to a particular ip address
1106502945 M * Bertl the vserver is not 'bound' to some ip, it is limited to a subset of the host ips
1106502958 M * Bertl (the chbind name is a little misleading)
1106502998 M * manju1234 how? please explain
1106503016 M * Bertl http://vserver.13thfloor.at/Experimental/split-vs1.9.3.14/08_net.diff
1106503052 M * Bertl each vserver has a set of ip addresses and all operations (conenct/listen/bind/etc) are limited to those addresses
1106503104 M * manju1234 ok
1106503201 M * Bertl but this is going to change with ngnet ... which will use stricter isolation for this purpose (i.e. interface and routing virtualization)
1106503265 M * manju1234 how
1106503302 M * Bertl http://vserver.13thfloor.at/Experimental/NGNET/diff-2.6.11-rc1-vs1.9.4-rc2-ng8.12.diff
1106503373 M * manju1234 do we have create virtual nics
1106503395 J * nayco ~nayco@lns-vlq-47-nan-82-252-228-207.adsl.proxad.net
1106503415 M * nayco 'llo !!!
1106503431 M * Bertl welcome nayco!
1106503457 M * Bertl manju1234: yes, there are special interfaces (virtual ones) which replace the real eth0/lo devices
1106503486 M * manju1234 do we have to write any special drivers to use them
1106503523 M * Bertl no, it's not a hardware emulation, it's a special form of virtualization
1106503551 M * Bertl the vnet (so we call the virtual interfaces) devices look and act like normal network devices ...
1106503864 M * manju1234 if we say devices then drivers must exist
1106503902 M * Bertl sure ... just no hardware to drive behind ;)
1106503974 M * manju1234 are we creating aliases of existing nic
1106503986 M * Bertl check drivers/net/vnet.c (of the patch I pasted)
1106504070 M * manju1234 ok
1106504437 M * manju1234 can u explain me the contents of file in brief
1106504522 M * Bertl hmm .. not easily ... but if you have specific question, I can try to answer them ...
1106504564 M * manju1234 what is the puppose this file
1106504576 M * Bertl the diff or the vnet.c ?
1106504589 M * manju1234 vnet.c
1106504603 M * Bertl it's the device driver for the virtual network device ...
1106504800 M * manju1234 ok
1106504890 M * manju1234 how does it handle request from a forgien server
1106504976 J * pulsar ~pulsar@82.209.237.8
1106504990 M * pulsar Hi!
1106505290 M * Bertl welcome pulsar!
1106505305 M * Bertl manju1234: what do you mean by 'foreign server'?
1106505355 M * manju1234 like telnet request from a server other than then the host server not any vserver
1106505374 M * daniel_hozac requests come from clients ;)
1106505393 M * manju1234 yes
1106505416 M * Bertl (nitpick aside ;) those are handled by the host, as usual and 'delivered' via the virtual devices
1106505439 N * Doener|gone Doener
1106505460 M * Bertl wb Doener!
1106505484 M * manju1234 how do the virtual devices interact with the host nic
1106505552 M * Bertl they are 'created' from (i.e. linked to) the host nics, and use them to transmit (and receive) packets
1106505575 M * Bertl evening daniel_hozac btw!
1106505595 M * we2by what type of website do u visit most?
1106505619 M * Bertl huh?
1106505635 M * we2by Bertl, it is just a question
1106505640 M * we2by what is so weird of it?
1106505658 M * Bertl hmm, okay, the 'working' type ;)
1106505670 M * we2by lol
1106505722 Q * Pazzo Quit: ...
1106505934 M * manju1234 does vnet.c resembles shaper device
1106505963 Q * manju1234 Quit: Leaving
1106506024 M * pulsar I've read some posts on kerneltrap about what linux kernel needs "jail" technology, seems like they doesn't hear about vserver...
1106506077 M * Bertl feel free to do some linux-vserver related advertising ...
1106506124 M * pulsar :-)
1106506412 M * Doener evening!
1106506477 M * Doener Bertl: i guess i know why 21 and 22 don't fail here ;)
1106506495 M * Doener    79 121 UNKNOWN    root            Z   [bash]
1106506495 M * Doener    82 49159 UNKNOWN    root            Z   [bash]
1106506561 M * Doener their std(in|out|err) probably never get closed
1106506601 M * Doener that's with qemu and your diskimage
1106506603 M * Bertl use init=/bin/bash
1106506612 M * Bertl it's a busybox deficiency ...
1106506665 M * Bertl but thanks to your bugfix of the openfd stuff, I found the missing piece ...
1106506696 M * Doener i just ran the testme within a separate bash session and when i exited that one, i got the missing errors
1106506707 M * Bertl http://vserver.13thfloor.at/Experimental/delta-openfd.diff
1106506727 M * Bertl @@ -637,6 +637,8
1106506789 Q * prae Quit: Client exiting
1106506842 M * Doener yup, looks good
1106506858 M * Bertl well, yes and no
1106506875 M * Bertl basically we allow to cross the limit for that resource
1106506898 M * Bertl but accounting should be fine for this version
1106506908 M * Bertl (and I guess we do not add more for now)
1106506913 M * Bertl s/do/should/
1106507009 M * Doener yeah, and there's a FIXME, so that's fine for now ;)
1106507056 M * Bertl but we have a different issue with preemption/sleeping
1106507244 M * Bertl (if you add might_sleep() to __clr_vx_info() and test with preemption debugging) 
1106507497 M * Doener with 2.6.11-rc2?
1106507506 M * Bertl yep
1106507523 M * Doener ok, need to get that one
1106507543 M * Doener rcu is removed in 1.9.4-rcWhatever, right?
1106507547 M * Bertl yep
1106507703 M * Bertl uploaded 1.9.4-rc3
1106507728 T * Bertl http://linux-vserver.org/ | latest stable 1.2.10, devel 1.9.3, 1.9.4-rc3, ng8.12 
1106508127 M * eyck_ 1.2.10 has version 1.29 inside ( in Makefile )
1106508247 J * nish ~nish@220.224.14.249
1106508279 M * Bertl eyck_: thanks for spotting ...
1106508336 M * nish hi ;)
1106508346 M * Bertl welcome nish!
1106508364 M * nish evening all !
1106508541 M * Doener hi nish
1106508663 M * Doener Bertl: preemption debugging? or spinlock debugging?
1106508700 M * Bertl in doubt, add both ;)
1106508721 M * Bertl in case of doubt, that is ...
1106508745 A * Doener goes looking at menuconfig... don't remember anything called preemption debugging...
1106508802 M * Bertl CONFIG_DEBUG_PREEMPT=y
1106508817 M * Bertl CONFIG_DEBUG_SPINLOCK=y
1106508817 M * Bertl CONFIG_DEBUG_SPINLOCK_SLEEP=y
1106509285 M * aba Bertl: Hm, how is it with vserver and ipv6? Does that work?
1106509330 M * Bertl with ngnet it will work (soon) without just on the host (not for the vserver)
1106509360 A * aba can't parse the answer
1106509398 M * Bertl 1.9.x will allow you to use ipv6 on the host system, not within the guests (vservers)
1106509421 M * aba Uh? Currently, I even can't use ipv6 at all?
1106509428 M * Bertl with ngnet (next generation entworking, currently in testing phase) it will be possible soon ...
1106509441 M * aba ok.
1106509447 M * Bertl aba: you _can_ use it on the host
1106509470 M * aba better :)
1106509476 M * Bertl (there is no concept to specify/check ipv6 addresses for vservers)
1106509624 M * aba what not do it the same way like for ipv4?
1106509685 M * Bertl because the networking stuff is ancient and the rules valid for ipv4 do not map to ipv6 easily ...
1106509692 M * Bertl but feel free to send patches ;)
1106510036 M * Doener Bertl: using your 2.6.10-vsX qemu config i get a build error with 1.9.4-rc3
1106510049 M * Doener   CC      net/ipv4/netfilter/ip_conntrack_standalone.o
1106510049 M * Doener In file included from net/ipv4/netfilter/ip_conntrack_standalone.c:34:
1106510049 M * Doener include/linux/netfilter_ipv4/ip_conntrack.h:135: warning: `struct ip_conntrack' declared inside parameter list
1106510064 M * Doener include/linux/netfilter_ipv4/ip_conntrack.h:306: error: parameter `manip' has incomplete type
1106510079 M * Bertl hmm, yes stumbled across that, didn't investigate it further but I guess it's 2.6.11-rc2 related
1106510095 M * Doener ok, so i'll just drop conn tracking
1106510100 M * Bertl I cowardly disabled it ;)
1106510147 J * prae ~prae@sherpadown.net
1106510197 M * Bertl wb prae!
1106510302 M * prae 'night Bertl 
1106510557 J * DuckKing ~Duck@dyn-83-157-150-204.ppp.tiscali.fr
1106510724 M * Doener Bertl: any way to trigger the preemp issue?
1106510952 M * Bertl did you add might_sleep() to _clr_vx_info() ?
1106510978 M * Doener *crouches*
1106510982 Q * DuckMaster Ping timeout: 480 seconds
1106511106 M * Doener ah ok, now i get it at boot time
1106511221 M * Bertl it comes from finish_task_switch()
1106511238 M * Bertl more precisely the mmdrop(mm); there
1106511250 M * aba Bertl: can one make a "private" ethernet string, e.g. by using the dummy device? Or how is the recommended way?
1106511289 M * Bertl hmm, what do you mean by 'private'?
1106511338 M * aba well, if they were real machines, than they would all be connected to only one switch, and all other machines to another, and one machine / the host server is the gateway.
1106511351 M * Doener Bertl: should we just move the might_sleep call below the "if(!vxo)" check?
1106511372 M * Bertl doesn't help, it will happen inside the vserver too
1106511413 M * Bertl aba: no, wrong, _all_ vservers are connected via the same interfaces ... 
1106511419 Q * monrad Read error: Operation timed out
1106511468 M * Bertl using dummy or lo or whatever you can get will not change anything, because the packets will be sent over eth0/1/2 ...
1106511501 M * Bertl but you can use different physical interface and separate data this way ...
1106511569 M * aba Hm. I don't want to seperate it hard, I want to firewall it.
1106511587 M * Bertl well, no forwarding, no firewalling, right?
1106511607 M * aba But I can probably do that waith just giving out ip addresses on a different subnet on eth0, and firewalling on ip address.
1106511642 M * Bertl you can do whatever you can do on a single host ... iptables/nat/etc ...
1106511685 M * aba Hm, yes. But it looks a bit different for other hosts on that network - but I don't care too much.
1106511981 Q * serving Read error: Connection reset by peer
1106512055 J * monrad ~monrad@213083190130.sonofon.dk
1106512090 M * Bertl welcome monrad!
1106512162 M * Bertl Doener: it's an old issue, and I guess we can not fix it in 1.9.4
1106512178 M * Bertl (well we could, but I would like to get some more testing on it first)
1106512639 Q * _ruben_ Quit: leaving
1106512814 J * sannes ~ace@home.skarby.no
1106512826 M * Bertl wb sannes!
1106513763 Q * nish Quit: Leaving
1106513800 J * nish ~nish@220.224.14.249
1106514046 M * Bertl nish: I'd like to get a little more info about you!
1106514075 M * nish lets get it personnel
1106514461 J * manju ~manj___@220.224.14.249
1106514601 P * manju 
1106514637 J * manju1234 ~manj___@220.224.14.249
1106514767 M * manju1234 hi bertl
1106514827 M * manju1234 i was talking about the networking in vservers
1106514967 M * manju1234 how does the host server handle requests coming for vservers from the outside world
1106515188 J * f3ew ~f3ew@202.88.172.195
1106515445 M * Bertl manju1234: not different from a normal host!
1106515454 M * Bertl welcome f3ew!
1106515505 M * f3ew ty
1106515532 M * manju1234 what ip address does the packet addressed to a vserver contains when it reches the host server
1106515568 M * Bertl the address it was sent to (probably the one of the vserver)
1106515678 M * f3ew manju1234: tcpdump is your friend?
1106515716 M * manju1234 then how does the host deliver the packet to specific vserver
1106515784 M * Bertl as host and vserver share the networking, it is automatically delivered to the 'right' place ...
1106515792 M * f3ew Isn't it documented someplace?
1106515805 M * manju1234 i couldnt find
1106515805 M * f3ew ISTR this being in the docs
1106515824 M * manju1234 how do they share networking
1106515833 M * f3ew since I haven't yet done a RTFS for vserver
1106515931 M * Bertl manju1234: the host and the vservers use the same ipstack/interfaces and the vserver 'bind' to the specific ips ...
1106515946 M * manju1234 ok
1106516000 M * manju1234 can i find some documentation about it
1106516030 M * Bertl check the source for detailed info 
1106516038 J * xaero ~amit@220.224.14.249
1106516063 M * f3ew yeouch
1106516069 M * xaero hi
1106516079 M * manju1234 vnet.c is like shaper. Right
1106516086 A * Doener runs away...
1106516095 M * Doener no railgun hits for me today ;)
1106516104 M * Bertl ;)
1106516118 M * manju1234 :]
1106516152 M * xaero which is the best virtual machine
1106516227 M * xaero xen,vmware,umlinux,vserver
1106516230 M * Bertl the one which virtualizes without any overhead, right?
1106516245 M * xaero yeah
1106516268 M * xaero so which add least overhead
1106516274 M * Bertl vmware is a virtual machine, like qemu or bochs
1106516278 M * f3ew a new box?
1106516281 M * xaero ok
1106516284 A * f3ew runs
1106516309 M * Bertl xen is a virtual hardware ...
1106516324 M * xaero that means ???????
1106516354 M * Bertl it abstracts the hardware to allow soft partitioning
1106516360 M * xaero i have read that xen is near to mainframe architecture 
1106516376 M * xaero what does that mean
1106516383 M * Bertl umlinux is a linux kernel run in userspace ...
1106516393 M * xaero yeah
1106516406 M * f3ew xen is like vmware, only better
1106516415 M * Bertl linux-vserver is basically isolation and shared resources on the same kernel/host
1106516415 M * f3ew thats the short story
1106516431 M * daniel_hozac how does UML and qemu compare?
1106516446 M * daniel_hozac (excuse my laziness)
1106516456 M * xaero is qemu an emulator
1106516459 M * Bertl UML is a separate arch in the kernel
1106516471 M * Bertl (like x86 or ppc or sparc)
1106516502 M * Bertl QEMU allows to run (unmodified) kernels of same or different architecture ...
1106516528 M * Bertl (it also emulates a lot of hardware)
1106516557 M * xaero why is xen faster 
1106516569 M * Bertl from the performance point of view, I'd say the following order is correct
1106516602 M * Bertl real-system, xen/linux-vserver, uml, vmware, qemu, bochs ...
1106516618 M * Bertl (this is for 1 on 1 systems)
1106516625 M * daniel_hozac would it be possible to use UML to run x86 apps on sparc?
1106516643 M * Bertl no, the uml arch uses the binary format of the host
1106516650 M * daniel_hozac ah, ok.
1106516669 M * daniel_hozac thanks.
1106516672 M * xaero can xen work without host os
1106516684 M * Bertl xen _is_ the host system
1106516700 M * xaero xen itself acts as an os
1106516703 M * xaero ??
1106516718 M * Bertl it's some kind of minimal resource manager/supervisor
1106516723 M * xaero ok
1106516741 M * Bertl you have to use a xen-modified kernel to work on the 'xen' arch
1106516742 Q * manju1234 Quit: Leaving
1106516778 M * xaero how is vserver faster than uml or vmware during switching between virtual servers
1106516824 M * Bertl the overhead on linux-vserver is minimal, because the processes share the host system very efficiently
1106516845 M * Bertl (resources like caches or buffers are shared)
1106516863 M * xaero how do they handle conflicts
1106516864 M * Bertl the processes run as if they are running on a normal host
1106516887 M * Bertl the isolation takes care of that ...
1106516913 M * xaero the chroot isolation ??
1106516942 M * xaero or do you have to add something extra
1106516979 M * Bertl entire process isolation (filesystem, pids, signals, etc)
1106517058 M * xaero can a process in chroot dir , share memory with process of another chroot environment
1106517105 M * Bertl sure, as on any other linux-system
1106517114 M * pulsar hm
1106517116 M * Bertl (but not across contexts)
1106517122 M * pulsar aha
1106517143 M * xaero that is taken care by the chroot itself?/
1106517166 M * Bertl no, that is taken care of by the chcontext (and the entire context concept)
1106517173 M * xaero ok
1106517204 M * xaero that u assign different pid's to each context process
1106517273 M * xaero i have read that xen has maximum separation between servers and vserver very less
1106517298 M * xaero ??
1106517317 M * Bertl yes, linux-vserver does not separate resources between contexts, on the contrary it does share them where possible
1106517340 M * Bertl (this allows for a huge number of vserver guests)
1106517341 M * xaero so that makes it faster or slower
1106517356 M * xaero ok
1106517372 M * Bertl it can make it faster if you have many resources to share ...
1106517394 M * xaero example??
1106517440 M * xaero but wouldn't that allow more number of servers on xen too
1106517441 M * Bertl simple, consider a /bin/bash (on an unified vserver system) with 2 vservers
1106517459 M * xaero ok i got it
1106517480 M * Bertl while the first /bin/bash invocation pulls in a lot of libraries, the second can use the mapped data/buffers/etc
1106517496 M * Bertl (this is not desired or possible with xen)
1106517516 M * xaero why is it still faster then?
1106517530 M * xaero or even comparable to vserver
1106517576 M * Bertl for separate resources (or single guest, as I said before) it is compareable ... (i.e. 98-99% native speed)
1106517607 M * Zoiah Bertl: the vserver build helppage mentions flags like 'sched', but if I build one with --flags sched I get "Unknown flag 'sched'". Is the help-page out of date or am I doing something wrong?
1106517622 M * Bertl url?
1106517631 M * Zoiah vserver test build --help
1106517632 M * Zoiah :)
1106517656 M * xaero but as the no. of vservers increase vserver gives better performance , right
1106517681 M * Bertl Zoiah: probably out of date help ... or just valid for stable 
1106517696 M * Zoiah Bertl: using sched in legacy vservers works.
1106517716 M * Zoiah Bertl: and I'm using util-vserver-0.30.196.
1106517730 M * Bertl okay, so just valid for legacy/stable then ...
1106517742 M * nish Bertl: goin to be hectic day for yea :)
1106517749 M * nish goonight all!
1106517755 M * Bertl night nish!
1106517761 P * nish Leaving
1106517768 M * Zoiah Bertl: how would I get the same effect/flag with the new tools?
1106517801 M * Bertl on stable or 2.6./1.9.x?
1106517811 M * Zoiah 2.6./1.9.x?
1106517819 M * xaero but as the no. of vservers increase vserver gives better performance , right
1106517852 M * Zoiah Bertl: 2.6./1.9.x
1106517878 M * Bertl with VXF_SCHED_PRIO
1106517912 M * Bertl DECL("sched_prio",    VC_VXF_SCHED_PRIO),
1106517923 M * Bertl so you use sched_prio as flag
1106517926 M * Zoiah Okie. :)
1106517939 M * Bertl xaero: right, especially when the resources can be shared
1106518006 M * xaero on xen u can have different os but not on vserver right
1106518049 M * Bertl yep, xen allows for different guests, and it also adds the kernel overhead for each guest
1106518073 M * Bertl so if you run 5 linux guests, you are running 5 kernels (same as with UML)
1106518098 M * xaero so switching between vservers would be slow on xen
1106518133 M * Bertl well, it's a context switch on the hardware, so it's probably compareable ...
1106518151 M * Bertl but you have to consider the kernel too
1106518172 M * xaero does uml use different kernel for each context
1106518188 M * Bertl yes, uml uses a kernel in userspace for each guest
1106518204 M * mikelcu http://linode.com
1106518218 M * xaero the whole kernel is virtualized ??
1106518231 M * mikelcu yes, it's a fully running linux kernel in userspace
1106518240 M * xaero but no changes to the host kernel
1106518247 M * xaero as against xen
1106518252 M * xaero and vserver
1106518261 M * Bertl well, yes and no
1106518285 M * Bertl you can run uml kernels without changes on the host system, but they are slower than necessary
1106518307 M * Bertl usually (i.e. hosting providers) will use host kernel support for uml
1106518314 M * xaero ok
1106518337 M * Bertl qemu, bochs and vmware allow for unmodified kernels.
1106518348 M * Bertl (both guest and host)
1106518349 M * xaero ok
1106518367 M * mikelcu vmware is slowwww
1106518376 M * xaero are these emulators
1106518390 M * xaero or virtual machines
1106518394 M * mikelcu http://www.vmware.com
1106518417 M * Bertl define emulator and virtual machine ...
1106518557 M * xaero emulation is complete virtualization i guess
1106518616 M * pulsar vmware Åtranslate cpu commands to real CPU - no emmulation AFAIR
1106518617 M * Bertl well, qemu uses binary translation and emulation for the hardware ... but it provides 'complete' virtualization ;)
1106518668 M * xaero so qemu is an emulator and vmware virtual machine??
1106518712 M * Bertl personally I consider java a virtual machine ...
1106518737 M * Bertl simply because it bytecode (usually) does not run on real machines ...
1106518747 M * xaero does qemu virtualize hardware that is not present
1106518770 M * Bertl yes, all qemu emulated hardware does not really exist
1106518772 M * daniel_hozac gcj :)
1106518779 M * xaero thanx 
1106518797 M * Bertl you're welcome!
1106518871 Q * nayco Quit: Bonne nuit !
1106518944 J * serving ~serving@213.186.183.108
1106519127 Q * f3ew Read error: Connection reset by peer
1106519869 J * manju1234 amit@220.224.14.249
1106519926 M * manju1234 hi bertl
1106519945 M * Bertl hi manju1234!
1106519987 M * manju1234 how do we handle arp requests for a vserver
1106520090 M * Bertl the host handles them as on any other host
1106520113 M * Doener with the current network virtualization, the vserver's don't have any 'own' network. they are just limited in what part of the networking stuff they can use
1106520150 M * manju1234 do they have thier own mac addresses
1106520169 M * Bertl no
1106520173 M * Doener arp/tcp/udp whatever works as usual and "in the host".
1106520250 M * manju1234 then how r frames routed at mac layer
1106520254 M * pulsar MAC is NIC hardware address - only one per NIC - vhost can't have own mac AFAIR
1106520292 M * Doener manju1234: the host has all ip addresses.
1106520300 M * Bertl pulsar: well, you can play such games, but they are expensive
1106520331 M * Doener the vservers does not have anything on its own, it just gets access to a part of the hosts resources
1106520355 M * Doener it's a little like chroot for ip addresses
1106520374 M * manju1234 how
1106520422 M * Doener the context has a set of ip addresses that are 'allowed' all others are virtualized away
1106520442 M * manju1234 ok
1106520459 M * Doener http://linux-vserver.org/Linux-VServer-Paper-04
1106520467 M * manju1234 u r talking about chbind
1106520471 M * manju1234 right
1106520475 M * Doener yep
1106521233 Q * prae Quit: leaving
1106521483 Q * xaero Quit: Leaving
1106521505 T * Bertl http://linux-vserver.org/ | latest stable 1.2.10, devel 1.9.{3,4-rc3}, ng8.12  
1106521546 M * Bertl have a good night everyone! I'm off to bed ...
1106521553 M * Doener night Bertl!
1106521558 M * mikelcu you sleep too early ;)
1106521566 M * mikelcu coffee: you can sleep when you're dead
1106521569 M * Bertl heh ;)
1106521578 N * Bertl Bertl_zZ
1106522824 J * xaero amit@220.224.14.249
1106522835 M * xaero hi
1106522851 M * xaero does vserver support SMP
1106522873 M * are|afk i run vserver on a dual opteron and a dual xeaon, so I'd say: yes
1106522915 M * xaero any idea how it does it
1106523552 Q * manju1234 Quit: Leaving
1106523608 M * Doener xaero: linux-vserver just hides some part of the system from processes (simplified ;), so we can rely on the standard scheduler there...
1106523655 M * xaero thanx
1106523686 M * xaero see ya
1106523686 M * xaero bye
1106523696 Q * xaero Quit: Leaving
1106523791 J * nacl ~nacl@dsl093-174-016.pdx1.dsl.speakeasy.net