1110672001 M * Seraph Bertl: if there's a allot new sources it takes some time till you're built by a daemon 1110672028 M * ola And I uploaded earlier today so it will probably take a few more days. 1110672052 M * Seraph Bertl: thus if it reads needs-build there's no log yet.. 1110672054 M * ola I do not really remember but why was dietlibc a good thing? 1110672073 M * Seraph ola: it was essential 1110672078 M * Bertl okay, all 4 available 'failed' expose dietlibc issues 1110672084 M * Seraph ola: the glibc was having major issues according to upstream.. 1110672102 M * Bertl ola: for several purposes, one of them is security 1110672102 M * Seraph ola: is that 0.30.204 uploaded to dhs.org already? 1110672157 M * Bertl ola: another one are the resolver issues 1110672162 M * ola It is awaiting approval from my own little daemon. 1110672174 M * ola Just one more minute. 1110672185 M * Seraph ola: debarchiver or dak? *g* 1110672190 M * Seraph ola: or mini-dinstall? 1110672299 M * ola Seraph: Yes, debarchiver. 1110672310 M * ola I'm the author of that tool :) 1110672333 M * Seraph ola: heh 1110672413 M * Seraph so is that finally accepted? 1110672447 M * Seraph or can you put that latest debian/ into my SVN? 1110672453 M * Seraph then i can build it from svn-buildpackage.. 1110672495 M * ola http://debian.opal.dhs.org/dists/unstable/main/binary-i386/net/ 1110672508 M * ola http://debian.opal.dhs.org/dists/unstable/main/source/net/ 1110672510 M * Seraph net?! *g* 1110672520 J * tchan ~tchan@c-24-13-81-164.client.comcast.net 1110672527 M * ola Don't ask me... I noted that myself. 1110672537 M * Seraph whoups, no orig.tar.gz .. looks like debarchiver has a bug 1110672550 M * Seraph it should only omit that if that's already there, no? 1110672580 M * ola Well it is not debarchivers fault. I actually did not upload the source as it was a -2 version. 1110672595 M * ola The .orig.tar.gz can be found in the debian archives. 1110672608 M * Seraph and well, there's a http://debian.opal.dhs.org/dists/unstable/main/source/net/util-vserver_0.30.203-2.diff.gz but no 204 version 1110672615 M * Seraph or do i miss something? 1110672658 M * Seraph the 0.30.203-2 is even in the SID for alpha already, yet it doesn't work.. so the idea was to try 0.30.204 1110672689 M * Seraph not that it feels like being working from what i had seen before i interrupted to get the new deb.. 1110672709 M * ola Ahh yes I missed that 204 is not the same as 203. 1110672710 M * Seraph so is there s 0.30.204 in the pipeline? 1110672717 M * ola Yes of course. 1110672727 M * ola I was not aware of that latest version. :) 1110672738 M * Seraph heh, add a debian/watch :-P 1110672746 M * ola I'll do. 1110672753 M * ola But now it is really bedtme. 1110672757 M * Seraph or use websec with the archive.. 1110672763 M * Seraph heh, ok. 1110672769 M * ola See you later. 1110672780 M * Seraph cu 1110672878 M * Bertl night! 1110672885 M * matti :] 1110673013 M * yarihm in a vserver, what would you use to export filesystems to other linux-machines? userspace-nfsd or samba? 1110673047 M * Bertl hmm, probably ftp 1110673055 M * Bertl or ssh based filesystems 1110673062 M * yarihm the network is secure 1110673082 M * Seraph GFS? 1110673084 A * Seraph hides 1110673106 M * yarihm i am not keen on using cpu-wasting strong cryptography for this 1110673143 M * yarihm i'd like to be able to mount the file system in question on the remote machine, thus ftp is not quite my preferred choice either 1110673482 Q * ndim Ping timeout: 480 seconds 1110673489 M * Bertl why do you want a vserver to export the filesystem? 1110673498 M * Bertl why not simply export it on the host? 1110673780 J * ndim hun@helena.bawue.de 1110673883 M * yarihm Bertl: for security-reasons 1110673914 M * Bertl well, isn't samba kernel based too? 1110673919 M * yarihm i'd like the host to be as un-reachable to the public as possible 1110673959 M * yarihm Bertl: well, not the daemon ... i mean you have the samba-daemon that exports the filesystem and you can (if you want) mount it then via kernel-space but afaik via userspace too 1110674032 M * Bertl ah, okay, well, then smaba with unix extensions or nfsd will do I guess 1110674050 M * yarihm userspace nfsd you mean? 1110674093 M * yarihm performance is not that much of an issue ... i guess i'll go for ... damn, i don't know 1110674102 M * yarihm samba is not famous for being very secure 1110674128 M * yarihm and userspace nfsd seems to be not that nice in terms of performance and "clean-ness" 1110674151 M * yarihm (e.g. it has no locking) 1110674787 M * Bertl I guess the optimal fielsystem would be a pure userspace unix fs mapper 1110674808 M * Bertl but I havent heard of such a beast yet (at least nothing working) 1110675322 Q * maharaja Ping timeout: 480 seconds 1110676435 J * borg_number_one ~borg_numb@p54B8865B.dip0.t-ipconnect.de 1110676470 M * borg_number_one Hi 1110676526 M * Bertl hey borg_number_one! LTNS! 1110676538 M * borg_number_one Sladen: http://bnobtc.pix-art.com -> the final release of bnobtc v5 is there. 1110676562 P * borg_number_one 1110676567 M * Bertl ;) 1110676660 Q * yarihm Quit: Leaving 1110678917 Q * jd86 Read error: Connection reset by peer 1110680024 T * * http://linux-vserver.org/ | latest stable 1.2.10, devel 1.9.5-rc2, ng9.4 -- He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) 1110680024 T * Doener - 1110681530 J * maharaja maharaja@ipax.at 1110681542 M * Bertl wb maharaja! 1110683143 N * jd86 jd86_Zz 1110683145 M * jd86_Zz ta ta 1110683165 M * Bertl hmm? 1110683225 M * jd86_Zz whats the hmm to? 1110683335 M * jd86_Zz well farewell i'll be back l8er 1110683443 M * Bertl ah, okay ... ;) 1110687428 M * DaPhreak Bertl ? 1110687475 M * Bertl yep? 1110687485 M * DaPhreak got a minute ? 1110687516 M * Bertl sure 1110687568 M * DaPhreak hmm i tried to install dhcpd in an vserver but it doesn't act nicely :) 1110687578 M * DaPhreak telling me " Open a socket for LPF: Operation not permitted" 1110687593 M * DaPhreak and i have no clue what this is about .. 1110687607 M * Bertl dhcp operates at a very low level 1110687632 M * Bertl i.e. it requires access to the network stack to create it's own packets 1110687636 J * mef ~mef@pcp09895218pcs.ewndsr01.nj.comcast.net 1110687645 M * Bertl welcome mef! 1110687653 M * mef hey bertl... was looking for you. 1110687655 M * DaPhreak hmm it has CAP_NET_RAW if you mean this 1110687673 M * mef have another project idea that might be more in line with your interests. 1110687717 M * mef will send you email... 1110687719 M * mef ciao 1110687725 Q * mef Quit: 1110687725 M * Bertl okay, thanks! 1110687756 M * Bertl DaPhreak: #define CAP_NET_BROADCAST 11 1110687765 M * DaPhreak broadcast ? hmm 1110687784 M * DaPhreak only broadcast or net_raw and broadcast ? 1110687791 M * Bertl but it could be that it requires some parts of CAP_NET_ADMIN too 1110687827 M * Bertl I'd try with broadcast + raw first ... 1110687916 M * DaPhreak hmm .. 1110687938 M * DaPhreak CAP_NET_RAW 1110687939 M * DaPhreak CAP_NET_BROADCAST 1110687939 M * DaPhreak CAP_NET_ADMIN 1110687987 M * DaPhreak didnt solve it .. its again this "Open a socket for LPF: Operation not permitted" 1110688036 M * Bertl k, please strace -fF it and upload the output somewhere ... 1110688066 M * DaPhreak second 1110688561 M * Bertl interesting, which kernel version is that? 1110688589 M * DaPhreak 2.6.11 with -rc2 1110688649 M * DaPhreak 2.6.11-vs1.9.5-rc1 1110688650 M * Bertl and you're sure you have CAP_NET_RAW? 1110688651 M * DaPhreak oh .. 1110688673 M * DaPhreak phreak@quasimodo $ cat /etc/vservers/dhcp/bcapabilties 1110688673 M * DaPhreak CAP_NET_RAW 1110688673 M * DaPhreak CAP_NET_BROADCAST 1110688673 M * DaPhreak CAP_NET_ADMIN 1110688701 M * Bertl grep Cap /proc/self/status inside the vserver says? 1110688794 M * DaPhreak root@fahrenheit # grep Cap /proc/self/status 1110688794 M * DaPhreak CapInh: 0000000000000000 1110688794 M * DaPhreak CapPrm: 00000000d44c04ff 1110688795 M * DaPhreak CapEff: 00000000d44c04ff 1110688855 M * Bertl hmm ... CAP_NET_RAW = 13 so, 1<<13 or 0x2000 1110688878 M * Bertl I don't see that here ... 1110688943 M * DaPhreak well, why does the vserver dont get CAP_NET_RAW ? since the file (bcapabilities) should be right .. 1110688958 M * Bertl http://savannah.nongnu.org/cgi-bin/viewcvs/util-vserver/util-vserver/lib/bcaps-v13.c?rev=HEAD 1110688967 M * Bertl #define DECL(VAL) { #VAL, sizeof(#VAL)-1, 1 << (CAP_ ## VAL) } 1110688979 M * Bertl DECL(NET_RAW), 1110688990 M * Bertl so I'd use NEW_RAW for a try ;) 1110688996 M * Bertl *NET_RAW even 1110689031 M * Bertl and just NET_RAW for now ;) 1110689050 M * DaPhreak root@fahrenheit # grep Cap /proc/self/status 1110689051 M * DaPhreak CapInh: 0000000000000000 1110689051 M * DaPhreak CapPrm: 00000000d44c04ff 1110689053 M * DaPhreak CapEff: 00000000d44c04ffroot@fahrenheit # grep Cap /proc/self/status 1110689053 M * DaPhreak CapInh: 0000000000000000 1110689055 M * DaPhreak CapPrm: 00000000d44c04ff 1110689083 M * DaPhreak root@quasimodo # cat /etc/vservers/dhcp/bcapabilties 1110689083 M * DaPhreak NET_RAW 1110689098 M * DaPhreak very strange 1110689205 Q * berni_ jupiter.oftc.net venus.oftc.net 1110689205 Q * aba jupiter.oftc.net venus.oftc.net 1110689230 M * Bertl well, no it should remove the prefix if there 1110689246 M * Bertl which toolversion is this? 1110689289 M * DaPhreak 0.30.204 1110689309 M * Bertl let me check that ... (just a minute) 1110689311 M * micah maybe its grsecurity? ;) 1110689318 M * micah ok, bad joke 1110689326 J * berni ~berni@svr01.mucip.net 1110689332 J * aba ~aba@sol.turmzimmer.net 1110689341 M * DaPhreak not possible ;) non grsec kernel :) 1110689351 N * berni Guest60 1110689353 M * micah ok, i just remember you workng on grsec patches :) 1110689397 M * DaPhreak yeah :) thats right .. but they running on a different host 1110689550 P * ccooke 1110689557 J * erwan_ho ~erwan@lns-vlq-39f-81-56-133-136.adsl.proxad.net 1110689752 M * Bertl DaPhreak: with 0.30.196 it works flawlessly .. checking now with 0.30.204 1110689858 M * Bertl # echo "CAP_NET_RAW" >/etc/vservers/MMMM/bcapabilities 1110689858 M * Bertl # vserver MMMM start 1110689871 M * Bertl # vserver MMMM enter 1110689871 M * Bertl bash-2.05b# grep Cap /proc/self/status 1110689871 M * Bertl CapInh:0000000000000000 1110689871 M * Bertl CapPrm:00000000d44c24ff 1110689871 M * Bertl CapEff:00000000d44c24ff 1110689897 M * Bertl so no idea what you are doing differently ... 1110689974 M * DaPhreak root@fahrenheit # grep Cap /proc/self/status 1110689974 M * DaPhreak CapInh: 0000000000000000 1110689974 M * DaPhreak CapPrm: 00000000d44c04ff 1110689978 M * DaPhreak CapEff: 00000000d44c04ff 1110689992 M * DaPhreak same as you did (well other name ;)) 1110690068 M * Bertl okay, could you give the testme.sh a spin? 1110690078 M * DaPhreak sure 1110690295 M * DaPhreak where is the testme.sh ? 1110690358 M * Bertl http://vserver.13thfloor.at/Stuff/SCRIPT/testme.sh 1110690384 M * DaPhreak inside the vserver ? 1110690395 M * Bertl nope, on the host (as root) 1110690647 M * Bertl well, let's check your config once again, and what you did after changing it .. okay? 1110690666 M * DaPhreak okay .. 1110690733 M * Bertl for example, could it be that your tools use a different config dir? 1110690751 Q * erwan_ho Remote host closed the connection 1110690762 M * Bertl or maybe you didn't add a newline after the CAP_NET_RAW 1110690772 M * Bertl (so maybe retry with the echo above) 1110690791 M * DaPhreak it needs a newline at the end ?! :) 1110690810 M * Bertl yes 1110690829 M * DaPhreak root@fahrenheit # grep Cap /proc/self/status 1110690829 M * DaPhreak CapInh: 0000000000000000 1110690829 M * DaPhreak CapPrm: 00000000d44c04ff 1110690830 M * DaPhreak CapEff: 00000000d44c04ff 1110690835 M * DaPhreak much better now :) 1110690845 M * Bertl hmm, not really ... 1110690858 M * DaPhreak yeah ;( 1110690869 M * DaPhreak its the same again 1110690877 M * Bertl okay, let's try the following: 1110691060 M * Bertl # vxc --xid 666 --secure --bcap CAP_NET_RAW -- grep CapPrm /proc/self/status 1110691090 M * DaPhreak should i stop the vserver before this ? 1110691107 M * Bertl well, not unless you have a vserver with xid 666 1110691145 M * Bertl http://vserver.13thfloor.at/Experimental/TOOLS/vxc <-- here is the script 1110691206 M * DaPhreak root@quasimodo # ./vxc --xid 666 --secure --bcap CAP_NET_RAW -- grep CapPrm /proc/self/status 1110691210 M * DaPhreak New security context is 666 1110691212 M * DaPhreak CapPrm: 00000000d44c24ff 1110691242 M * Bertl so that works fine ... 1110691255 M * Bertl the tools are built from the tarbal? 1110691258 M * Bertl *ball 1110691265 M * DaPhreak yeah 1110691274 M * Bertl with dietlibc? 1110691279 M * DaPhreak none :) 1110691296 M * Bertl which gcc? what distro? 1110691324 M * Bertl okay, should not really matter, the tools work 1110691331 M * DaPhreak gcc version 3.3.5 (Gentoo Hardened Linux 3.3.5-r1, ssp-3.3.2-3, pie-8.7.7.1) 1110691348 M * DaPhreak and im compiling with glibc since dietlibc isnt working here 1110691373 M * Bertl well, let's start the vserver with vserver --debug start (stop it before, and then pleaseupload the output) 1110691386 M * Bertl why doesn't dietlibc work there? 1110691655 M * Bertl okay, where is your bcapabilities file located? 1110691676 M * DaPhreak /etc/vservers/dhcp/ 1110691709 M * Bertl could you copy/paste the following command? 1110691716 M * Bertl cat /etc/vservers/dhcp/bcapabilities 1110691734 M * Bertl and paste the output 1110691759 M * DaPhreak fscking .. 1110691778 M * Bertl ;) 1110691781 A * DaPhreak bangs his head against the wall 1110691782 M * DaPhreak .. 1110691794 M * DaPhreak bcapabilties <-- thats what it's named now 1110691833 M * Bertl 05:42 < DaPhreak> well, why does the vserver dont get CAP_NET_RAW ? since the 1110691833 M * Bertl file (bcapabilities) should be right .. 1110691845 A * DaPhreak bangs his head against the wall 1110691846 A * DaPhreak bangs his head against the wall 1110691851 M * DaPhreak yeah, i know :) 1110691875 M * Bertl that's why I alway say, use copy/paste on such complicated words ;) 1110691884 M * DaPhreak heh :) 1110691905 M * DaPhreak works now with CAP_NET_RAW \n\n 1110691917 M * Bertl good to hear! 1110691942 M * Bertl btw, doing my suggested echo would have cought that too ... ;) 1110691942 M * DaPhreak hmm i think i gonna write this stuff for hollow's tut down .. :) 1110691952 M * Bertl *caught 1110691955 M * DaPhreak yeah, thats what caught it :) 1110691970 M * DaPhreak since it replied "No such file or directory" :) 1110692072 M * DaPhreak great it works :) 1110692156 M * DaPhreak 06:23 < Bertl> why doesn't dietlibc work there? 1110692169 M * DaPhreak just because it doesnt compile here with dietlibc 1110692180 M * DaPhreak or is it linking against dietlibc ? 1110692201 M * DaPhreak diet i686-pc-linux-gnu-gcc -march=athlon-xp -O2 -pipe -fforce-addr -std=c99 -Wall -pedantic -W -o tests/getinitpid tests/getinitpid.o lib/.libs/libvserver.a 1110692218 M * DaPhreak lib/.libs/libvserver.a(lib_libvserver_la-syscall_gettaskxid.o)(.text+0x15c): In function `vc_get_task_xid': 1110692222 M * DaPhreak : undefined reference to `syscall' 1110692224 M * DaPhreak : undefined reference to `syscall' 1110692226 M * DaPhreak lib/.libs/libvserver.a(lib_libvserver_la-syscall_getvxinfo.o)(.text+0xa9): In function `vc_get_vx_info': 1110692229 M * DaPhreak : undefined reference to `syscall' 1110692231 M * DaPhreak lib/.libs/libvserver.a(lib_libvserver_la-checkversion.o)(.text+0x83): In function `utilvserver_checkCompatVersion': 1110692238 M * Bertl so gentoos dietlibc is broken? 1110692257 M * DaPhreak not the dietlibc in general .. only on hardened 1110692272 M * Bertl ah, interesting ... ;) 1110692304 M * DaPhreak yeah .. the only solution for me was to compile against glibc .. 1110692319 M * Bertl well, you probably going to tell me in a few seconds why syscall() in dietlibc-'hardened' is evil, while syscall() in glibc-'hardened' is not? 1110692345 M * DaPhreak no idea :) 1110692375 M * Bertl so I'd say at least one of those packages is broken, correct? 1110692397 M * DaPhreak yeah 1110692449 M * Bertl okay, just please don't report issues with glibc compiled tools (there might be some, as those tend to use the vservers resolver libs) 1110692473 M * DaPhreak nope, thats what the warning was telling about :) 1110692491 M * Bertl k, then have fun, with gentoo hardened ;) 1110692565 M * DaPhreak yeah, already having :) 1110692976 M * Bertl guess the gentoo init style support help here ;) 1110693125 M * DaPhreak yeah :) 1110695482 M * sebd helli 1110695490 M * sebd hello 1110695622 M * Bertl hey sebd! 1110695707 N * Doener_zZz Doener 1110695716 M * Doener morning! 1110695742 M * Doener Bertl: verfaction.de is kk's site, right? 1110695768 M * Bertl morning Doener! 1110695784 M * Bertl hmm, guess so ... 1110695796 M * Doener since that tutorial mixes old and new config stuff 1110695814 M * Doener (the site you added to the wiki) 1110695823 M * Bertl yes, he admitted that he did it 'by hand' ;) 1110695832 M * Doener heh 1110696405 M * Bertl okay, I'm off to bed now ... have a nice one, everyone! 1110696421 N * Bertl Bertl_zZ 1110696421 M * sebd sleep well Bertl 1110696428 M * Doener night Bertl! 1110696444 M * Bertl_zZ night sebd, Doener! 1110705336 J * redLED redled@d54C2DE0C.access.telenet.be 1110705380 M * DaPhreak mornin Doener :) 1110705386 M * DaPhreak sebd .. 1110705405 M * sebd morning DaPhreak 1110705737 A * DaPhreak tortures vserver with some samba ... 1110706721 J * DuckMaster ~Duck@dyn-83-157-164-233.ppp.tiscali.fr 1110706774 N * DaPhreak DaPhreak|snow 1110707152 Q * duckx Ping timeout: 480 seconds 1110707295 Q * alexx Quit: Bye 1110707334 J * alexx ~alexx@82.225.136.176 1110707676 N * DaPhreak|snow DaPhreak 1110707706 Q * redLED Quit: Leaving 1110708322 A * sebd prepares a minimal template sarge vserver tar.gz 1110708411 M * DaPhreak heh, did this already for my guests .. 1110708440 M * DaPhreak in the end it is a 58MB tarball .. with a full working server/vserver 1110709261 J * yarihm ~yarihm@217-162-204-144.dclient.hispeed.ch 1110709344 J * erwan_ho ~erwan@lns-vlq-39f-81-56-133-136.adsl.proxad.net 1110711249 M * ola Morning. Now 0.30.204 version of util-vserver is uploaded to debian. 1110711261 M * ola And debian.opal.dhs.org if people need to test it. 1110711447 M * Doener nice, maybe i'll abuse my sister's box to give it a try :) 1110711619 M * sebd ola: i'll try it later today 1110711709 M * ola Sounds good. 1110711883 M * Seraph ola: have you received Bertl's mail about some archs (3 IIRC) need a debian/rules patch to get the correct syscall 1110711886 M * Seraph one of them being alpha 1110711902 M * Seraph i.e. without that patch the tools do build ok, but won't work 1110711945 M * Seraph he was checking his mailarchive about kernel-developers, but that may be upcoming for packaging if enrico won't take that into util-vserver upstream 1110712009 M * ola Seraph: No I do not think I have got such a mail. Will check the vserver list now. 1110712020 M * Seraph ola: maybe he hasn't sent it yet 1110712034 M * Seraph ola: but just that you know there's a problem out there which will come up sooner or later 1110712051 M * Seraph ola: and it's present in 204 too unless your building host has a vserver kernel present at compile time 1110712053 M * ola Ok. 1110712079 M * Seraph i.e. it can be easily fixed when building against vserver kernel sources, but that's not an option long term :-P 1110712083 M * ola Strange that it works for me. But is it just on some arches? 1110712123 M * Seraph yes, it's only 3 arches or so 1110712127 M * ola Ahh ok. 1110712149 M * Seraph and these don't have the syscall id defined in the kernel sources, therefore util-vserver needs to look them up in the kernel 1110712167 M * ola Ahh ok. Do you know what arches it is? 1110712177 M * Seraph and for that to be fixed you need to either hardcode them at build time or wait for the upstream kernel development to allow them in 1110712208 M * Seraph alpha, ia64, hppa 1110712212 M * ola Ok. 1110712213 M * Seraph that's what bertl named so far 1110712252 M * ola Brb 1110712288 M * Seraph ola: basically the rules would need to have a "CPPFLAGS='-D__NR_vserver='" for these arches.. 1110712315 M * Seraph ola: for alpha it'd be: 1110712316 M * Seraph vserver(2) syscall#: 428/kernel 1110712339 M * Seraph as reported from the vserver-info utility once it has succeeded to build ok 1110712495 M * Seraph ola: maybe aba can help with hppa.. it's only needed to have a patched kernel tree and run configure in util-vserver to know 1110712496 M * ola Ok. Do you know how to use ifdef in Makefiles? 1110712502 M * Seraph sure 1110712522 M * ola With that I would be able to define that for all arches. 1110712541 M * Seraph well, wait for bertl to report it's needed 1110712548 M * ola Ok. 1110712551 M * ola I'll wait. 1110712554 M * Seraph maybe we're lucky and that's not even needed at packaging level 1110712565 M * ola That would be the best. 1110712579 M * ola Now I'm going out. See you later. 1110712609 M * Seraph heh, have fun ;) 1110712639 M * ola Thanks. 1110716527 M * Doener Seraph: excuse my ignorance, but what is dchroot? 1110716914 N * DaPhreak DaPhreak|detached 1110717316 J * _Radiance kryptonite@wrath.shellfx.net 1110717399 M * Seraph Doener: "Description: Execute commands under different root filesystems 1110717400 M * Seraph " 1110717406 M * Seraph like in "apt-get install dchroot" 1110717416 M * Seraph i.e. a user-wrapper for chroot.. 1110717423 Q * Radiance Ping timeout: 480 seconds 1110717436 M * Seraph when your user account does exist in the target chroot, then you're allowed to execute dhcroot as user without any more sudo etc. etc. 1110717448 M * Doener ah i c 1110717456 M * Seraph it plain "just works" after telling dchroot.conf which chroots are there and adding users to it 1110717483 M * Seraph and having that one also setting chbind on top of chroot should be easy enough. 1110717672 M * Doener and chcontext and probably vnamespace... 1110717675 M * Seraph yet as so often with buildd related stuff there's 2 versions around. the one in main and the one in the db.d.o buildd repository 1110717718 M * Seraph Doener: heh, that's why i didn't try to get a patch proposed so far as i do lack too many internals about vserver extensions 1110717752 M * Seraph Doener: but if you could add a bug with tag:patch to the BTS i think it might be worth hoping for to be accepted. 1110717788 M * Doener IIRC enrico wants to create a single c program to handle vserver start/stop/enter, that one could probably easily enhanced in that regard 1110717804 M * Seraph and replacing the rather clumsy suexec would be quite convenient IMHO 1110717819 M * Seraph ok, sounds fair enough too 1110718179 M * Doener ssh may be an option, too 1110718189 M * Seraph argl 1110718195 M * Doener ;) 1110718202 M * Seraph that would however be another service and need more IPs 1110718213 M * Seraph yet the dchroot idea would even work without networking at all 1110718228 M * Seraph no services, no daemons, not even IP configured on that host 1110718846 M * Doener hmm... changing the uid with "vserver xxx suexec user cmd" doesn't work here... 1110718855 M * Doener root 1178 0 MAIN 7716 0 14:00 ? 00:00:00 /usr/sbin/cron 1110718885 M * Doener erm, wrong line 1110718892 M * Doener root 1145 10 test3 414 0 13:59 pts/5 00:00:00 sleep 60 1110718906 M * Doener command was: # vserver test3 suexec doener sleep 60 & 1110718929 M * Doener am i doing anything wrong? never used the suexec stuff 1110719246 J * DukeGangsta|aw ~uefgangst@p54869CDB.dip.t-dialin.net 1110722025 M * Seraph yes you are 1110722031 M * Seraph it's supposed to eat numeric UIDs 1110722033 M * Seraph not usernames 1110722042 M * Seraph and Bertl reckons that's supposed to be a "feature" 1110722069 M * Seraph i.e. put some "vserver xxx suexec 1001 sleep 60" there 1110722177 M * Doener hm, shouldn't be much work to make it accept usernames as well... 1110722361 M * Seraph well, but which ones? the name in target space or in host space? *eg* 1110722364 M * Seraph or both.. 1110722407 M * Doener target space of course... 1110723721 M * daniel_hozac it should accept usernames from target space. 1110724231 M * Seraph Snow-Man: where's http://kenobi.snowman.net/~sfrost/patch-2.6.10-5-debian-vs1.9.4.diff gone? 1110724284 M * Seraph mmh, i guess i've found it 1110725482 M * Doener Seraph: i hacked together a little wrapper that you'll probably like ;) 1110725524 M * Doener unfortunately my access to 13thfloor.at is broken atm... 1110725605 M * Doener http://217.225.45.176/doener/vserver/vexec.c 1110725642 M * Doener should be available for some hours at least... 1110725724 M * Doener works only with new style config. if a user of the same name as the current user exists in the given vserver, the given command is executed in the vserver by that user 1110725733 M * Doener s/by that user/under its uid/ 1110726530 M * sebd ola, thanks for putting the latest util-vserver in sid. Much easier now. 1110726544 M * sebd Now I am wondering about something : 1110726598 M * sebd (nothing to do with util-vservers though) 1110726614 M * sebd I have two nic on my machine : eth0 to the outside world, and eth1 to nothing so far (spare nic). 1110726640 M * sebd I want to use eth1 between my host and my vservers 1110726664 M * sebd I created a vserver that uses eth1 with 192.168.0.1 1110726679 M * sebd the host uses eth1 with 192.168.0.254 1110726705 M * sebd but the host cannot ping the vserver 1110726711 M * sebd and the vserver cannot ping the host 1110726725 N * Bertl_zZ Bertl 1110726739 M * Bertl evening folks! 1110726739 M * Doener morning Bertl! 1110726752 M * sebd hi Bertl 1110726773 M * Doener Bertl: my public key is not used when i ssh to www.13thfloor.at 1110726776 M * Bertl hey sebd! 1110726781 Q * SiD3WiNDR Ping timeout: 480 seconds 1110726793 M * sebd am i supposed to do that (share eth1 with my vservers) ? 1110726796 M * Bertl Doener: k, will look into it ... 1110726818 M * Bertl sebd: well, no, but it should not hurt, unless you have strict firewalling 1110726829 M * sebd no firewall so far 1110726832 M * Bertl because eth1 will not be used, it will use lo instead 1110726882 M * sebd Bertl: do you mean that the host is actually using lo instead of eth1 ? and lo cannot be seen by a vserver ? 1110726927 M * Bertl Doener: hehe, sshd got smarter .. too smart! 1110726954 M * Bertl sebd: no, lo is used for all _local_ connections and host to vserver is always local 1110726980 M * Bertl try to tcpdump your 'ping' on the host please 1110726995 M * sebd ok 1110727326 M * Bertl 'tcpdump -vvnei lo' 1110727334 M * sebd I don't understand. You are right, Bertl, my packets go through lo. 1110727350 M * sebd though I have this route : 192.168.0.0 * 255.255.255.0 U 0 0 0 eth1 1110727367 M * sebd therefore ping 192.168.0.1 should use eth1 1110727372 M * Bertl that is because all involved ips are _local_ and local traffic _always_ uses lo 1110727372 M * sebd but it uses lo 1110727380 M * sebd ok 1110727387 M * sebd Now, what is the solution ? 1110727394 M * Bertl for what? ;) 1110727399 M * sebd since I cannot see lo from the vservers 1110727420 M * sebd how do I make the host talk to the vservers (and back) through a network interface ? 1110727430 M * sebd should I use dummy0 ? 1110727431 M * Bertl like eth1? 1110727461 M * Bertl a network interface like eth1 instead of lo? 1110727461 M * sebd for exemple 1110727468 M * sebd yes 1110727475 M * Bertl no chance at least not with normal linux networking ... 1110727483 M * sebd ok. 1110727489 M * Bertl but the host and vserver should talk quite fine ... 1110727504 M * Bertl it is no problem that the traffic goes over lo 1110727509 N * DaPhreak|detached DaPhreak 1110727520 M * Bertl just the eth1 is your personal fun ;) 1110727521 M * sebd ah ok 1110727526 M * sebd ok :) 1110727529 Q * monrad Ping timeout: 480 seconds 1110727552 M * DaPhreak morning Bertl 1110727555 M * Bertl some folks still believe it increases security to use such an interface ... 1110727576 Q * eyck Max SendQ exceeded 1110727592 M * sebd all right. Now I'd like to achieve this : my host acts as a firewall for my vservers. 1110727598 M * Bertl uh-ok kernelnewbies is under attack again ... 1110727603 Q * albeiro Max SendQ exceeded 1110727603 Q * Doener Max SendQ exceeded 1110727608 J * albeiro albeiro@linux.gentoo.pl 1110727630 J * Doener doener@193.24.208.125 1110727678 J * eyck eyck@81.219.64.71 1110727683 M * Doener albeiro: looks like that guy still doesn't like us ;) 1110727688 M * Bertl wb Doener! 1110727764 M * DaPhreak hmm Bertl ;) that dhcp is now running fine ;P but the shitty samba is still trying to fool me .. ;) 1110727785 M * Bertl lol, what's the issue there? 1110727864 M * DaPhreak well it starts .. and is reachable via ip ... but not via its name 1110727886 M * Bertl doesn't that use ipx packets and such? 1110727889 M * DaPhreak doesn't work with disable netbios = false | true 1110727892 M * DaPhreak nope .. 1110727948 M * Bertl well, you can do a network trace of a working samba and a failing one ... 1110727975 M * DaPhreak well if you tell me how :) then i will do 1110728019 M * Bertl tcpdump -vvnei -w 1110728034 M * albeiro Doener: mayby. anyway i am likely to make him a huge ddos on all his comprised hosts next time ;] 1110728081 M * Doener would just mean about 160 windows boxes less, but probably no problem for him to get some new... 1110728120 M * albeiro yeah :/ 1110728153 M * Bertl well, let's not spend more time than necessary on such misguided individuals ... 1110728699 M * sebd OK, now I've decided to change strategy because I'm too bad at kernel and networking : all my vservers will share the same ip address as their host. 1110728707 M * sebd let's try that 1110728720 M * Bertl uh-hu ... 1110728791 M * sebd mmmm ... vserver pinging outside and not getting pong back ... 1110728836 M * sebd ah yes, it does 1110728839 M * sebd :)))) 1110728851 M * sebd ok, that was easy, but I am easily happy 1110728947 M * Bertl :) 1110729475 Q * aba kinetic.oftc.net jupiter.oftc.net 1110729475 Q * Guest60 kinetic.oftc.net jupiter.oftc.net 1110729475 Q * nox kinetic.oftc.net jupiter.oftc.net 1110729475 Q * Doener kinetic.oftc.net jupiter.oftc.net 1110729475 Q * DaPhreak kinetic.oftc.net jupiter.oftc.net 1110729475 Q * rs kinetic.oftc.net jupiter.oftc.net 1110729475 Q * sebd kinetic.oftc.net jupiter.oftc.net 1110729475 Q * sannes kinetic.oftc.net jupiter.oftc.net 1110729475 Q * Seraph kinetic.oftc.net jupiter.oftc.net 1110729475 Q * pusling kinetic.oftc.net jupiter.oftc.net 1110729475 Q * Medivh kinetic.oftc.net jupiter.oftc.net 1110729475 Q * anonymous-coward kinetic.oftc.net jupiter.oftc.net 1110729475 Q * weasel kinetic.oftc.net jupiter.oftc.net 1110729475 Q * atsab kinetic.oftc.net jupiter.oftc.net 1110729475 Q * virtuoso kinetic.oftc.net jupiter.oftc.net 1110729475 Q * logger kinetic.oftc.net jupiter.oftc.net 1110729475 Q * lilo kinetic.oftc.net jupiter.oftc.net 1110729475 Q * Zoiah kinetic.oftc.net jupiter.oftc.net 1110729475 Q * TheSeer kinetic.oftc.net jupiter.oftc.net 1110729475 Q * locksy kinetic.oftc.net jupiter.oftc.net 1110729475 Q * daniel_hozac kinetic.oftc.net jupiter.oftc.net 1110729475 Q * DaCa kinetic.oftc.net jupiter.oftc.net 1110729475 Q * bro kinetic.oftc.net jupiter.oftc.net 1110729475 Q * meebey kinetic.oftc.net jupiter.oftc.net 1110729475 Q * stupidawy kinetic.oftc.net jupiter.oftc.net 1110729475 Q * eyck kinetic.oftc.net jupiter.oftc.net 1110729475 Q * albeiro kinetic.oftc.net jupiter.oftc.net 1110729475 Q * DukeGangsta|aw kinetic.oftc.net jupiter.oftc.net 1110729475 Q * erwan_ho kinetic.oftc.net jupiter.oftc.net 1110729475 Q * alexx kinetic.oftc.net jupiter.oftc.net 1110729475 Q * maharaja kinetic.oftc.net jupiter.oftc.net 1110729475 Q * ndim kinetic.oftc.net jupiter.oftc.net 1110729475 Q * ntrs kinetic.oftc.net jupiter.oftc.net 1110729475 Q * sladen kinetic.oftc.net jupiter.oftc.net 1110729475 Q * grecea kinetic.oftc.net jupiter.oftc.net 1110729475 Q * Snow-Man kinetic.oftc.net jupiter.oftc.net 1110729475 Q * ola kinetic.oftc.net jupiter.oftc.net 1110729475 Q * click kinetic.oftc.net jupiter.oftc.net 1110729475 Q * spocki kinetic.oftc.net jupiter.oftc.net 1110729475 Q * sith kinetic.oftc.net jupiter.oftc.net 1110729475 Q * micah kinetic.oftc.net jupiter.oftc.net 1110729475 Q * ciphernaut kinetic.oftc.net jupiter.oftc.net 1110729475 Q * Bertl kinetic.oftc.net jupiter.oftc.net 1110729483 J * Guest60 ~berni@svr01.mucip.net 1110729483 J * aba ~aba@sol.turmzimmer.net 1110729483 J * Doener doener@193.24.208.125 1110729483 J * DaPhreak ~phreak@lms.rz.uni-greifswald.de 1110729483 J * rs ~rs@194.98.28.10 1110729483 J * sebd ~sebd@lesdeveloppementsdurables.org 1110729483 J * sannes ~ace@home.skarby.no 1110729483 J * Seraph kk@projects.verfaction.de 1110729483 J * pusling ~pusling@195.215.29.124 1110729483 J * Medivh ck@paradise.by.the.dashboardlight.de 1110729483 J * anonymous-coward ~nwalsh@shaggy.internode.com.au 1110729483 J * weasel weasel@weasel.noc.oftc.net 1110729483 J * logger ~rs@vds.pas-mal.com 1110729483 J * lilo ~lilo@lilo.usercloak.oftc.net 1110729483 J * atsab ~as@lotes.vtu.lt 1110729483 J * Zoiah Zoiah@matryoshka.zoiah.net 1110729483 J * DaCa ~danny@mail.limehouse.org 1110729483 J * TheSeer ~theseer@border.office.salesemotion.net 1110729483 J * locksy ~locksy@mrtg.sisgroup.com.au 1110729483 J * daniel_hozac ~daniel@h212n1fls33o829.telia.com 1110729483 J * virtuoso ~s0t0na@tranq.dorms.spbu.ru 1110729489 J * eyck eyck@81.219.64.71 1110729489 J * albeiro albeiro@linux.gentoo.pl 1110729489 J * DukeGangsta|aw ~uefgangst@p54869CDB.dip.t-dialin.net 1110729489 J * erwan_ho ~erwan@lns-vlq-39f-81-56-133-136.adsl.proxad.net 1110729489 J * alexx ~alexx@82.225.136.176 1110729489 J * maharaja maharaja@ipax.at 1110729489 J * ndim hun@helena.bawue.de 1110729489 J * ntrs ntrs@Dardeene-68.188.50.87.charter-stl.com 1110729489 J * sladen paul@starsky.19inch.net 1110729489 J * grecea ~grecea@h-195-22-237-74.mdl.net 1110729489 J * Snow-Man ~sfrost@snowman.net 1110729489 J * ola ~ola@c-adt-5.ataco.se 1110729489 J * click click@dsl-static-122-208.aal.tiscali.no 1110729489 J * spocki ~mk@lex.knuettel.de 1110729489 J * ciphernaut ~a@61.88.18.130 1110729489 J * micah micah@micha.hampshire.edu 1110729489 J * sith sith@aaronp.com 1110729489 J * Bertl ~herbert@janus.mc.tuwien.ac.at 1110729493 J * nox ~nox@213.39.150.155 1110729534 J * bro ~vanity@lanparty.lv 1110729534 J * meebey meebey@meebey.net 1110729534 J * stupidawy foo@you.wish.you.were.pimp.olicio.us 1110729543 J * SiD3WiNDR luser@bastard-operator.from-hell.be 1110729563 M * Bertl welcome SiD3WiNDR! 1110729631 M * SiD3WiNDR greetings 1110729649 M * DaPhreak mornin SiD3WiNDR 1110729934 J * kk ~kk@220.224.51.64 1110729979 M * Bertl welcome kk! 1110729994 M * kk hi Bertl 1110730122 M * Seraph Doener: is that vexec gonna be in 0.30.205? 1110730155 M * Doener Seraph: i've sent a mail to the list, guess enrico will tell us if he has any plans to do so 1110730178 M * Seraph ok 1110730198 M * Seraph btw. the suexec has a "feature" of not doing a proper initgroups() of the target user.. 1110730206 M * Seraph can you confirm it doesn't do that? 1110730216 M * Seraph i.e. vserver xyz suexec 1000 id 1110730303 M * Doener yep, same here... the wrapper can't fix that 1110730327 M * Bertl JFMI: what is the sudden interest in suexec? 1110730350 M * Seraph Bertl: just general overall checking for Debian SID 1110730365 M * Seraph Bertl: when a tool does tell me there's a feature, i want to use it.. sorry if that's a problem ;) 1110730374 M * Doener heh 1110730385 M * Seraph (at least assuming that i do like the feature) 1110730388 M * kk Bertl: could u help me regarding daemons inside chroot ?? 1110730407 M * daniel_hozac suexec should work. 1110730417 M * Bertl ah, no, wanted to rip out suexec some time ago, but folks keep insisting on 'entering' a vserver ;) 1110730426 M * Seraph daniel_hozac: it does for the UID, but not for the user's groups 1110730427 M * Doener daniel_hozac: yes, but it doesn't set groups correctly... 1110730452 M * Bertl it does, but for host groups I guess 1110730456 M * Seraph Bertl: well, if you see vserver as the consequent prolonged chroot or bsd-jail, then that's natural i guess 1110730499 M * Doener Bertl: gid=0(root 1110730503 M * Seraph Bertl: and especially when running on a single IP host where sshd is not an option 1110730517 M * Bertl have you tried 'vserver exec su - wossname ? 1110730543 M * Bertl that's what you would do with chroot, right? 1110730589 M * Seraph uid=1000(kk) gid=100(users) 1110730589 M * Seraph vs. 1110730593 M * Seraph uid=1000(kk) gid=0(root) groups=0(root) 1110730612 M * Seraph the first with su - kk, the latter with suexec 1000 id 1110730622 M * kk ok 1110730623 M * Bertl yeah, forget suexec 1110730627 M * Seraph heh 1110730632 M * Seraph well, then let's have vexec ;) 1110730667 M * Bertl yeah, and what iis it supposed to do? 1110730676 M * daniel_hozac suexec :) 1110730730 M * kk how daemons know that they are in chroot ?? (kernel side implementation) 1110730757 M * Bertl daniel_hozac: maybe I'm missing something, but: 1110730758 M * Bertl # suexec 1110730758 M * Bertl bash: suexec: command not found 1110730764 M * Seraph Bertl: the correct version of suexec *g* 1110730769 M * Seraph Bertl: yes, but try dchroot :-P 1110730785 M * Bertl kk: processes have a root vfsmount and filesystem 1110730796 M * Bertl kk: that's not different to 'normal' linux kernel 1110730801 M * Seraph Bertl: basically it's the consequent prolonged dchroot with contexts and namespaces etc. 1110730803 M * kk ok 1110730816 M * Bertl # dchroot 1110730816 M * Bertl bash: dchroot: command not found 1110730818 M * Seraph Bertl: and it looks kinde cute =) 1110730822 M * Doener Seraph: http://www.13thfloor.at/~doener/vserver/tools/vexec-0.02.c 1110730825 M * Seraph Bertl: well, wrong distro then *gggg* 1110730837 M * Doener that does the "exec su - " thing, and thus uses correct groups 1110730841 M * Bertl Seraph: I'm pretty sure you don't want to go that path ;) 1110730859 M * daniel_hozac so why isn't suexec setting the correct groups? 1110730871 M * kk thers no problem with daemons parent which is root ? 1110730877 M * Bertl daniel_hozac: because it just sets specified user/group 1110730892 M * daniel_hozac hmm. 1110730900 M * daniel_hozac ... 1110730901 M * daniel_hozac Esetgroups(1, &p->pw_gid); 1110730901 M * daniel_hozac Esetgid(p->pw_gid); 1110730901 M * daniel_hozac Esetuid(p->pw_uid); 1110730902 M * daniel_hozac ... 1110730904 M * Bertl daniel_hozac: the "exec su - " executes su _inside_ the vserver 1110730937 M * Bertl this might be a modified binary or not existant at all 1110730982 M * kk Bertl: thers no problem with daemons parent inside vserver ,which is root ? 1110730988 M * daniel_hozac yeah, but i'm not seeing why suexec isn't setting the groups. AFAICT, it does everything needed? 1110730997 M * Bertl kk: no, not really ... 1110731009 M * kk ok 1110731020 M * daniel_hozac (well, for setting the groups to the primary group, anyway) 1110731024 M * Bertl daniel_hozac: host <-> guest ? 1110731064 M * daniel_hozac the above snippet is executed after the chroot into the guest. 1110731099 M * daniel_hozac (as is p = getpwnam(suid_user)) 1110731110 M * Doener daniel_hozac: i guess enrico simply refuses to read any file within the vserver's filesystem (i.e. /etc/passwd, /etc/group) 1110731112 M * Bertl yes, and what does groups kk on the host tell you? 1110731165 M * daniel_hozac Doener: shouldn't getpwnam read /etc/passwd? 1110731187 M * Doener he didn't chroot yet i guess 1110731195 M * daniel_hozac Doener: he did. 1110731201 M * daniel_hozac (http://savannah.nongnu.org/cgi-bin/viewcvs/util-vserver/util-vserver/src/capchroot.c?rev=HEAD&content-type=text/vnd.viewcvs-markup) 1110731265 M * Doener read the comment above the calls... 1110731290 M * kk ok 1110731304 M * daniel_hozac yeah, but getpwnam(user) is called after the chroot. 1110731510 M * Doener hm, that stuff isn't used anymore... http://savannah.nongnu.org/cgi-bin/viewcvs/util-vserver/util-vserver/src/vcontext.c?rev=HEAD&content-type=text/vnd.viewcvs-markup 1110731514 J * monrad ~monrad@213083190130.sonofon.dk 1110731576 M * Doener there's not even any gid stuff left in vcontext ;) 1110731622 Q * kk Remote host closed the connection 1110731758 M * daniel_hozac capchroot? 1110731849 M * Doener yep, that's not used anymore 1110731859 M * daniel_hozac ah, yes. 1110731860 M * Doener exec /usr/sbin/chbind --silent --ip 192.168.100.10/24 /usr/sbin/vnamespace --enter 10 -- /usr/sbin/vcontext --silent --migrate --chroot --xid 10 --uid 1000 -- ls 1110731923 M * daniel_hozac yeah, i misread the vserver.suexec. 1110732119 M * Bertl k, dinnertime ... back later ;) 1110732127 N * Bertl Bertl_oO 1110733253 N * Bertl_oO Bertl 1110733294 M * Bertl Seraph: btw, is the default config sanitized now? 1110733326 M * Seraph Bertl: in what way? 1110733343 M * Bertl well, static context, no obsolete flags ... 1110733360 M * Seraph uhm, good question.. 1110733361 P * click 1110733373 M * Seraph Bertl: which files are you referring to for that? 1110733385 J * click click@dsl-static-122-208.aal.tiscali.no 1110733397 M * Bertl well, all what the debian-vserver tools create 1110733398 M * click damn, wrong net :/ 1110733428 M * Bertl Seraph: or aren't they used anylonger? 1110733507 M * Seraph Bertl: well, from what i read on packages.qa.d.o debian-utils aren't removed.. but i'm sure ola can comment on that 1110733583 M * Bertl well, I guess it is important to fix the critical things there then, or use the 'default tools' for vserver creation, right? 1110733653 M * Seraph mmh, we should discuss that with ola.. he also removed the ndim_rollup for some reason 1110733659 M * Doener and yet another version of vexec ;) 0.02 broke any parameters passed to the final command (i.e. something like "vexec vs1 ps -Af") 1110733669 M * Seraph thus he's either not building documentation or shipping it by other means.. 1110733683 M * ndim What? 1110733692 M * Seraph ndim: http://packages.qa.debian.org/u/util-vserver/news/3.html 1110733700 M * ndim It was I who removed the ndim_rollup - it wasn't required any more. 1110733701 M * Seraph read the 3rd line in changelog 1110733706 M * ndim will do 1110733707 M * Seraph aaaah, ok =) 1110733721 M * Seraph well, ok, then that's just as should be =) 1110733722 M * ndim Don't you read the svn logs? 1110733746 M * Seraph i wasn't sure which of *our* svn was used for that deb.. 1110733761 M * Seraph and somewhat i thus expected it to be none of it.. 1110733792 M * ndim Looks like ola took our ideas, and restructured it to remove the dpatch dependency and stuff. 1110733798 M * Seraph yep 1110733810 M * Seraph well, having dpatch without any dpatch in there is indeed kinda pointless 1110733816 M * ndim In fact, I think dpatch is pretty neat, but YMMV from the appearance of it. 1110733839 M * Seraph it's a good means, but just having it "because" is kinda stupid too 1110733868 M * Seraph dpatch and quilt both have the problem of not catching proper interdiffs.. 1110733874 M * Bertl okay, and that means for the default config? ;) 1110733876 M * Seraph i.e. joining patches which do the same result.. 1110733925 M * Seraph Bertl: could you just brief us what *was* the issue, so we can just "try" this? *g* 1110733938 M * ndim IIRC, I still hade some patches in there... 1110733946 M * Seraph Bertl: i'm not really current with the discussion about half a year ago or whenever it was.. 1110733964 M * Bertl well, a new vserver created with 'debianewvserver' or what it was called 1110733978 M * Bertl has a best-to-be-called funny config 1110733997 M * Bertl (and it's been a year now ;) 1110734048 M * Seraph $ dpkg -L util-vserver|grep deb 1110734049 M * Seraph /usr/lib/util-vserver/vserver-build.debootstrap 1110734049 M * Seraph /usr/lib/util-vserver/defaults/debootstrap.uri 1110734051 M * Seraph $ 1110734073 M * Seraph looks "fixed" .. no 'new' anywhere either.. 1110734077 M * Bertl as I said, debian-vserver-tools 1110734088 M * Bertl never has been in util-vserver ... 1110734116 M * Doener gone now, back in a few hours (probably...), Seraph, if you get around to test it, please let me know if vexec 0.03 meets your needs ;) 1110734117 M * Doener cya! 1110734130 M * Bertl cya 1110734131 N * Doener Doener|gone 1110734184 M * Seraph http://packages.qa.debian.org/v/vserver-debiantools/news/1.html 1110734194 M * Seraph hmm, vserver-debiantools (0.1.10) unstable; urgency=low 1110734194 M * Seraph . 1110734194 M * Seraph * Added support for util-vserver 0.30.204 and later versions. 1110734202 M * Seraph looks like they're still there.. 1110734226 M * Bertl so, let's see what default config they create then ;) 1110734242 M * Seraph ndim: you have a testhost to try that? 1110734300 Q * erwan_ho Remote host closed the connection 1110734346 J * erwan_ho ~erwan@lns-vlq-39f-81-56-133-136.adsl.proxad.net 1110734596 M * ndim Seraph: no. 1110734613 M * Seraph *grummel* immer ich.. 1110734670 M * Seraph :-P 1110736183 M * Seraph ok, let's see.. the $newvserver.conf comes with: 1110736199 M * Seraph S_NICE="" 1110736199 M * Seraph S_FLAGS="lock nproc" 1110736199 M * Seraph ULIMIT="-H -n 1024" 1110736199 M * Seraph S_CAPS="CAP_NET_RAW" 1110736199 M * Seraph # *NOT* DNS domain name, for NIS only 1110736201 M * Seraph S_DOMAINNAME="" 1110736204 M * Seraph -- 1110736212 M * Seraph i.e. no static context number, but a NEW_RAW 1110736225 M * Bertl okay, now how it 'should' look like: 1110736242 M * Seraph ola: and it doesn't respect --vsroot in the postinstall 1110736271 M * Seraph ola: plus CAP_NET_RAW is a *very bad bad* idea 1110736272 M * Bertl S_NICE="" 1110736272 M * Bertl S_FLAGS="nproc" 1110736272 M * Bertl S_CAPS="" 1110736272 M * Bertl ULIMIT="-HS -n 1024" 1110736272 M * Bertl S_DOMAINNAME="" 1110736274 M * Bertl S_CONTEXT=42 1110736365 M * Seraph 42? static context? 1110736380 M * Bertl yeah, well, 42 is an example ... 1110736544 M * Seraph heh, alright 1110736682 M * Seraph and what's the benefit of having a static context-id? 1110736706 M * Bertl well, first, that things will not break when using tagxid ;) 1110736764 M * Bertl dynamic contexts are not designed for vservers, they are designed for single processes you want to isolate 1110736837 M * Seraph mmh, ok 1110736883 M * Seraph from my experiment that works well without though =) 1110736891 M * Seraph at least i haven't seen any problem with it so far.. 1110736903 M * Seraph is there any proven case which will break when not using it? 1110737380 M * Bertl well, enable tagxid on /vservers (or wherever that is for debian) 1110737392 M * Bertl and start/stop a vserver with dynamic context twice 1110737399 M * Seraph it's /var/lib/vservers, though i prefer to have /srv/vserver/ *g* 1110737417 M * Seraph mmh, i guess i see what you mean 1110738368 M * DaPhreak nah .. were was the page with the applications on the wiki ?! 1110738410 M * Bertl there is a search feature ;) 1110738445 M * DaPhreak thanks Bertl, next time i'll scroll down completly before asking ;) 1110738466 M * Bertl http://linux-vserver.org/ProblematicPrograms 1110738487 M * Bertl hey look, there is samba ;) 1110738531 M * DaPhreak yeah :) see it :) 1110739789 M * SiD3WiNDR :p 1110739795 M * jd86_Zz :P 1110740921 Q * weasel Read error: Connection reset by peer 1110740937 J * weasel weasel@seppia.noreply.org 1110741005 Q * jd86_Zz Remote host closed the connection 1110741130 Q * erwan_ho Remote host closed the connection 1110741276 J * erwan_ho ~erwan@lns-vlq-39f-81-56-133-136.adsl.proxad.net 1110742473 J * jd86 ~jim@ip68-9-97-23.ri.ri.cox.net 1110743741 Q * erwan_ho Remote host closed the connection 1110747931 Q * Loki|muh Read error: Connection reset by peer 1110747950 J * Loki|muh loki@satanix.de 1110748451 N * DaPhreak DaPhreak|detached 1110748507 M * Bertl okay, enough for me for today ... back tomorrow ... 1110748518 N * Bertl Bertl_zZ 1110749449 M * SiD3WiNDR night Bertl_zZ :) 1110750149 J * ridan ~ridan@nadirb.xs4all.nl 1110750301 M * ridan Hi all, trying to get started w/ server and wondered what version should I download for my current kernel (e.g. 2.6.8.1-10mdk)? 1110751589 M * daniel_hozac you should probably get 2.6.11.3 and 1.9.5-rc2. 1110752180 M * ridan thanks, but I can only see 1.9.4? any pointers? 1110752512 M * daniel_hozac http://vserver.13thfloor.at/Experimental/ 1110753629 N * _Radiance Radiance 1110754388 M * ridan thanks. 1110754397 P * ridan 1110754711 Q * flock Ping timeout: 480 seconds 1110755413 J * brc bruce@200165239133.user.veloxzone.com.br 1110755463 Q * lilo Read error: Operation timed out 1110755555 M * SiD3WiNDR eck, is 2.6.11.3 out now 1110755560 M * SiD3WiNDR I just put 2.6.11.2 on my laptop :p 1110755757 M * brc is it worth upgrading from 2.6.9 to 2.6.11.3 concerning stability ? 1110756951 Q * yarihm Quit: Leaving