1111190404 M * Bertl now let's change our point of view and see what would be required to leave a vserver guest
1111190414 M * yarihm sounds promising ... 
1111190437 M * Bertl recent vservers are protected by a namespace mapping (private namespace)
1111190459 M * yarihm ... BTW, is the wiki at strahlungsfrei.de the official one?
1111190471 M * Doener no, http://linux-vserver.org is
1111190491 M * yarihm Bertl: and why is vserver not in the official kernel? that makes patching sometimes somewhat hairy
1111190530 M * Bertl well, I'd say not everybody need a vserver system ...
1111190556 M * Bertl and maing the code conditional is a little more hairy than patching it in lateron
1111190563 M * yarihm Doener: some google-bombing would then be apropriate i guess, searching for "vserver wiki" doesn't show that one up on the first page
1111190615 M * yarihm Bertl: oh come on, since when would that have been the criteria for linux not to include something? there are for sure more vserver-users than hamradio or even video4linux
1111190636 M * yarihm but if it's more practicable for you to maintain the code that shall be fine with me ,)
1111190645 M * Bertl yeah, but hamradio does not hook into 100 places deep inside the kernel ;)
1111190681 M * yarihm Bertl: yeah, but OTOH it would be nice to combine ... say RSBAC with vserver or something the like, both of which are rather invasive patches i guess
1111190715 M * Bertl no problem with that, if the RSBAC guys are interested in doing so why not ...
1111190737 M * yarihm ok, that's really just a guess because RSBAC is on my todo-list, but i fear that i won't get a kernel with RSBAC and vserver ... wolk not being an alternative i guess
1111190747 M * yarihm Bertl: you know rsbac?
1111190761 M * Bertl well, from hear-say ...
1111190762 M * yarihm it's AFAICT only one guy, amon ott :)
1111190770 M * Doener yarihm: well, search for "vserver" only, and you get it as first result ;)
1111190795 M * yarihm RSBAC is his diploma work or something ... dunno. it's some sort of superset of grsec's functionality
1111190804 M * yarihm Doener: ok, that'll count
1111190842 M * yarihm listen guys, i'll be back later, gotta pick up someone downtown ... 
1111190846 M * Bertl yarihm: so if Amon is interested in combining linux-vserver with RSBAC, then he has my support from the vserver side ... no second thought required ...
1111190911 M * Bertl k, cya later then ...
1111190920 M * yarihm Bertl: well, i don't know him, but i may ask ... maybe he's easy and sees it fit too. IMHO that would be a cool thing ... 
1111190921 M * yarihm l8ers
1111192012 M * Vudumen have a good night
1111192033 M * Doener night Vudumen 
1111192076 M * Bertl night Vudumen!
1111192263 M * Doener Bertl: patch looks good
1111192279 M * Bertl yeah, but the results look ... hmm strange ;)
1111192875 J * erwan_ho ~erwan@lns-vlq-39f-81-56-133-136.adsl.proxad.net
1111192890 M * Bertl evening erwan!
1111193035 M * erwan_ho evening Bertl 
1111193582 M * yarihm re everyone
1111193594 M * Bertl wb yarihm!
1111193735 M * yarihm Bertl: Q: "What is a vserver?" A: "A Virtual Server is not Hardware. It's more a simulation in Software.." ... heh :D where's the happy-users page?
1111193784 M * yarihm i mean the wiki ... well ... am I missing something?
1111193797 M * Bertl http://linux-vserver.org/ <-- wiki
1111193806 M * Bertl http://linux-vserver.org/VServer+Users
1111193827 M * yarihm ah, i was on http://linux-vserver.org/Hacker+Page
1111193873 M * Bertl yeah, that is pretty popular ...
1111194107 M * yarihm ok, added myself and one of the sites i administer and use vserver for ...
1111194165 M * Bertl great! so enjoy your linux-vserver then ;)
1111196950 Q * erwan_ho Remote host closed the connection
1111207981 Q * nox Ping timeout: 480 seconds
1111208011 J * nox ~nox@213.39.135.142
1111208446 J * DuckMaster ~Duck@dyn-83-157-172-161.ppp.tiscali.fr
1111208708 Q * duckx Read error: Operation timed out
1111209429 M * Bertl okay, have a good whatever everyone ... I'm off to bed for now ;)
1111209448 N * Bertl Bertl_zZ
1111218061 Q * Vudumen Read error: Connection reset by peer
1111224283 J * _sebd ~sebd@lesdeveloppementsdurables.org
1111224283 Q * sebd Read error: Connection reset by peer
1111225879 Q * Radiance Remote host closed the connection
1111225930 J * Radiance kryptonite@wrath.shellfx.net
1111225978 Q * Radiance Remote host closed the connection
1111226032 J * Radiance kryptonite@wrath.shellfx.net
1111227328 J * prae ~prae@sherpadown.net
1111228798 J * Vudumen vudumen@perverz.hu
1111228868 Q * Vudumen Quit: 
1111228873 J * Vudumen vudumen@perverz.hu
1111232347 J * erwan_ho ~erwan@lns-vlq-39f-81-56-133-136.adsl.proxad.net
1111233472 Q * flock Read error: Operation timed out
1111233494 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il
1111237067 Q * erwan_ho Remote host closed the connection
1111238530 J * jd86 ~jim@ip68-9-97-23.ri.ri.cox.net
1111239732 Q * flock Quit: Expert, n.:  Someone who comes from out of town and shows slides.
1111240358 Q * prae Quit: Pwet
1111243126 J * duckx ~Duck@dyn-83-157-172-161.ppp.tiscali.fr
1111243194 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il
1111243291 Q * albeiro Ping timeout: 480 seconds
1111243526 Q * DuckMaster Quit: Client exiting
1111243631 J * albeiro albeiro@linux.gentoo.pl
1111244123 Q * duckx Quit: Client exiting
1111249565 Q * DaPhreak Quit: Reconnecting
1111249587 J * DaPhreak ~phreak@lms.rz.uni-greifswald.de
1111255365 N * Bertl_zZ Bertl
1111255386 M * Bertl morning folks!
1111256405 M * alexx morning Bertl 
1111256672 J * jbase jbase@ts1-a81.Astrakhan.dial.rol.ru
1111256710 M * jbase hello
1111256747 M * jbase just to become a fool for 1 min :)
1111256763 M * jbase any idea why apache 2.0.51 would crash under vserver with this err:
1111256771 M * jbase no space left on device: mod_rewrite etc etc
1111256807 M * Bertl welcome jbase!
1111256832 M * Bertl how many guests (vps) do you have on the amchine?
1111256861 M * jbase about 10
1111256864 M * jbase actually I don't have access to vserver config :) I am a "guest"
1111256867 M * Bertl it sounds to me like ipc resources (shared memory or semaphores) are depleted ...
1111256874 M * jbase yes
1111256881 M * jbase but ipcs yeilds nothing
1111256924 M * Bertl what does uname -a tell you about the host system?
1111256933 M * jbase the ipcs command I mean
1111256968 M * jbase  2.4.26-vs1.28-grsec
1111256995 M * jbase all forums tell me system is out of semaphores but ipcs command shows none are used
1111256995 J * hws123 ~sebastian@pD9504E3A.dip.t-dialin.net
1111257001 M * hws123 hi
1111257004 M * Bertl welcome hws123!
1111257050 A * jbase sighs
1111257057 M * Bertl jbase: sec, checking something
1111257121 M * hws123 I am experiencing a problem with my vserver on Gentoo. It used to work when I last checked it but for some reason they stop to work now on...I did issue vprocunhide and when I start my vserver, it just get those messages here:
1111257144 M * hws123 "vserver template start"
1111257153 M * hws123 "* Caching service dependencies..."
1111257155 M * jbase ok
1111257156 M * hws123 And that's it
1111257176 M * hws123 I do believe it worked just like two or three weeks ago but that's it
1111257181 M * hws123 No more messages, nothing
1111257207 M * hws123 Hollow: I was the guy posting the latest start script bug on bugs.gentoo.org
1111257208 M * miller7 hws123: do the following
1111257215 M * miller7 from the host type
1111257218 M * Bertl jbase: try cat /proc/sys/kernel/{shmall,shmmax,msgmni,msgmnb,msgmax}
1111257229 M * miller7 vserver vservername enter
1111257247 M * miller7 then do /etc/init.d/syslog (whatever you have) start
1111257260 M * miller7 and start your servers like that and see if all is ok
1111257266 M * miller7 your daemons I mean
1111257290 M * hws123 after I started my vserver, vserver-stat only reports my host but not a single vserver
1111257303 M * hws123 so for some reason it is not starting at all
1111257303 M * miller7 do what I tell you and see what happens
1111257314 M * Bertl hws123: yes, that is because they have not started any services
1111257343 M * miller7 hws123: have you patched the init scripts on the gentoo vserver?
1111257344 M * hws123 vserver template enter
1111257345 M * jbase Bertl this cat command yeilds some numbers...
1111257350 M * hws123 'vserver ... suexec' is support for running vservers only; aborting...
1111257365 M * miller7 suexec?
1111257367 M * jbase 2097152   33554432   16   16384   8192
1111257368 M * Bertl hws123: please msg me in private or upload them somewhere
1111257368 M * hws123 vserver-stat
1111257369 M * hws123 CTX   PROC    VSZ    RSS  userTIME   sysTIME    UPTIME NAME
1111257369 M * hws123 0       40  39.3M   3.6K   0m04s89   2m36s67  24m52s72 root server
1111257397 M * Bertl sorry, jbase: please msg me in private or upload them somewhere
1111257399 M * hws123 I did not patch the gentoo init script, why should I?
1111257419 M * Bertl okay, forget it, I'm still sleeping ;)
1111257421 M * miller7 so that the gentoo vserver won't try to use HD or swap or networking etc
1111257431 M * jbase oki
1111257448 M * Doener miller7: that would end in an error IIRC, thus his vserver would never have worked
1111257464 M * Bertl jbase: could you try to start apache with strace -fF and look which syscall get's the ENOSPC?
1111257504 M * miller7 Doener: If I don't do that on my Gentoo vservers they just hang there for ages
1111257509 M * miller7 anyhow
1111257523 M * Doener hws123: gentoo init-stuff saves it state somewhere... /var/lib/init.d/started/ or so...
1111257545 M * hws123 Ok, it just debugged the start of my vserver, see http://www.pastebin.com/260248
1111257551 M * Doener AFAIK if that isn't cleaned on startup services won't be started, cause they are assumed to be running
1111257572 M * hws123 oh ok, hold on
1111257609 M * Doener hws123: i'm not sure if it is the right location, so just move them somewhere else for now, instead of removing
1111257609 M * Bertl yeah, it's basically gentoo knowing better than you ;)
1111257616 A * miller7 thinks that just by entering the gentoo server and trying to start daemons hws123 would see immediatelly what is wrong
1111257638 M * miller7 -> /etc/init.d/service zap
1111257647 M * miller7 -> /etc/init.d/mysqld zap
1111257647 M * Bertl miller7: that doesn't work with new tools ...
1111257652 M * miller7 why not? :(
1111257654 M * miller7 since when?
1111257661 M * Bertl because you can not enter a stopped vserver
1111257665 M * Doener Bertl: chroot should do in this case
1111257666 M * miller7 sigh
1111257672 M * Doener zap just resets the state
1111257673 Q * jbase Quit: 
1111257674 M * miller7 why is it so? 
1111257674 M * Bertl you can enter the 'context' with vcontext --migrate
1111257685 M * DaPhreak morning folks!
1111257698 M * miller7 Bertl: is it security related issue or just new feature?
1111257759 M * Bertl guess it's a response to the many incidents and complaints about half started guests, where folks entered the context and left soemthing running, then couldn't start nor stop the vserver ...
1111257768 A * miller7 thinks that "vserver whatever enter" was a very convenient thing (TM)
1111257834 M * miller7 :( folks could just enter the context again and kill it if they forgot something running :(
1111257836 M * Bertl yes, and I hope that something like that, just with a different name will be reintroduced soon, but please send an email to the ml to kick on some discussion
1111257840 M * hws123 So what can/should I do know?
1111257859 M * hws123 sorry now
1111257860 M * miller7 Bertl: this is enrico's responsibility?
1111257885 M * Bertl yes Enrico is doing util-vserver and that's where it was removed
1111257914 M * hws123 chroot /vservers/template /bin/bash
1111257924 M * hws123 /etc/init.d/syslog-ng start * WARNING:  "syslog-ng" has already been started.
1111257925 M * Bertl hws123: vserver is starting /sbin/rc default quite fine in your debug trace
1111257943 M * Bertl so it's your 'guest' which refuses to start it's services
1111257955 M * miller7 hws123: do a /etc/init.d/syslog-ng zap
1111257955 M * hws123 but I can't enter it and vserver-stat is not seeing any services
1111257960 M * Bertl (as Doener already explained)
1111257960 M * miller7 and then try to start it again
1111257979 M * hws123 ah cool
1111257982 M * hws123 it works again
1111257993 M * hws123 hhmmm, so what was my mistake then?
1111258025 M * Doener hws123: was the vserver shutdown correctly?
1111258026 M * Bertl I guess latest tools could fix that
1111258027 M * hws123 Last time I just typed "exit" in the vserver and issues "vserver template stop"
1111258041 M * hws123 How must I shutdown the vserver correctly?
1111258056 M * Bertl IIRC enrico added some gentoo specific scripts for this purpose ...
1111258072 M * Bertl (removing those service started files and such)
1111258098 M * Bertl morning Doener, btw!
1111258113 M * hws123 Doener: How to shutdown the vserver correctly?
1111258129 M * Bertl vserver <name> stop is quite fine
1111258152 M * miller7 There was a German person's Wiki about vserver-gentoo somewhere
1111258160 M * miller7 I ran onto it some time ago
1111258165 M * miller7 perhaps you can google it
1111258173 M * miller7 it was very nice and plain instructions
1111258176 M * Bertl look at the linux-vserver.org Documentation page
1111258224 M * Bertl http://linux-vserver.org/Documentation
1111258244 M * hws123 ok, thanks anyway. My vserver is up and running again. I entered it, typed in "exit", stopped the vserver and just rebooted the system (exactly what I did last time). Now I will see whether this is a permanent issue
1111258290 M * DaPhreak naah .. anyone knows how to get vserver-kernel inside qemu to work ?! :)
1111258296 M * hws123 Maybe the services *inside* the vserver are not starting up, because they were not appropriately stopped?
1111258299 M * Bertl hmm, okay, guess the reboot is not involved here ...
1111258330 M * Bertl hws123: yes, could be, but that would mean that your stop scripts don't work (inside the guest)
1111258336 M * Bertl DaPhreak: quite easy ...
1111258370 M * Bertl DaPhreak: select the 2/2 split and whatever option you use for qemu kernels ...
1111258388 M * DaPhreak you mean in the kernel config ?!
1111258393 M * Bertl yes
1111258407 M * hws123 Bertl: I will try that out
1111258409 M * Bertl (you only need that for qemu-fast btw)
1111258475 M * Bertl DaPhreak: here is some QEMU related stuff: http://vserver.13thfloor.at/Stuff/QEMU/
1111258475 M * DaPhreak simple qemu-i386 :)
1111258504 M * Bertl well, I use qemu-fast because it's faster and I do not need any graphical output (just console) for testing ...
1111258861 J * erwan_ho ~erwan@lns-vlq-39f-81-56-133-136.adsl.proxad.net
1111258873 M * Bertl evening erwan!
1111258908 M * hws123 How do I copy a vserver template? Just cp -R /vservers/template /vservers/customer? What about /etc/vserver?
1111258925 M * hws123 Or is there a tool provided by util-vservers that I can use?
1111258943 M * DaPhreak no, not to copy the config ..
1111258971 M * DaPhreak just cp -R as you said, but you have to correct vdir and run inside the config
1111258994 M * hws123 so copy /etc/vserver/template as well and edit it accordingly?
1111259016 M * Bertl there is a tool called vserver-copy, but it's not up-to-date
1111259045 M * DaPhreak hws123: yeah, especially the names and ip and all the other stuff
1111259078 M * Bertl simplest way is to create a new server as skeleton (makes all the config options)
1111259094 M * Bertl then copy over the template contents and reunify 
1111259803 M * _sebd Hello
1111259808 N * _sebd sebd
1111259845 J * malogato ~get@234.123.205.68.cfl.res.rr.com
1111259868 M * miller7 hws123: I'd suggest taking the vserver down, logging into it and do tar gz on root and all files
1111259880 M * miller7 this way you will keep the inodes and perms
1111259882 M * malogato can anyone see me?
1111259893 M * miller7 malogato: no, you're hiding behind your monitor
1111259912 M * sebd How is one supposed to do after unifying debian vservers, for updates ? unlinking existing files is often a problem...
1111259924 M * malogato Had to ask.. in kernelnewbies 15 lines of people talking went past my "can you see me's"
1111259951 M * miller7 malogato: perhaps they didn't see you :)
1111259955 M * Bertl sebd: unlinking should not be any problem ...
1111259974 M * sebd malogato: so many strange things happen on internet. Consider opening an X-File. :)
1111259981 M * miller7 btw, has anyone used unification on gentoo vserver?
1111260025 M * sebd Bertl: you are right ; what I often see is the way dpkg handles updates ... hang on, I'll copy the error message.
1111260052 M * Bertl malogato: what do you expect on a kernel related channel when you ask such offtopic stuff there?
1111260068 M * Bertl (that's what you can do in #offtopic ;)
1111260163 M * malogato anyone here use everydns.net ?
1111260175 M * malogato since the one person in there that's alive isn't replying anymore
1111260187 M * Bertl and how would that now be vserver related?
1111260231 M * malogato well...with..my..dns..not..working....vserver...doesn't...either.
1111260234 M * jd86  /me does a little dance.
1111260253 M * Bertl malogato: so your dns is inside a vserver then? 
1111260303 M * sebd dpkg: (...) "rmdir/unlink" "/usr/bin/newgrp.dpkg-tmp" failed : unauthorized
1111260311 M * Bertl malogato: what named software do you use?
1111260312 A * miller7 starts to understand why noone replied to malogato :)
1111260339 M * miller7 sebd: is this immutable file?
1111260342 A * malogato starts to understand why linux geeks have no girlfriends.
1111260347 P * malogato 
1111260350 M * sebd miller7: yes
1111260355 M * sebd mmm
1111260366 M * miller7 hehe we are linux geeks
1111260433 M * sebd the girlfriend is the worse enemy of the kernel hacker.
1111260441 M * sebd worst
1111260443 M * sebd even
1111260449 M * miller7 the girlfriend is the worst enemy of any computer person
1111260457 M * Bertl hmm, is that so?
1111260461 M * miller7 whining "you love your computer more than me"
1111260463 M * miller7 and stuff
1111260483 M * sebd and wanting to go _outside_
1111260491 M * sebd shopping, see friends, ...
1111260493 M * sebd horrible
1111260495 M * miller7 yeah! imagine that... _outside_!!!!
1111260504 M * miller7 that's so boring to do
1111260549 M * sebd Enjoying shopping is something I could never feel.
1111260626 M * Bertl well, I guess you folks are living a cliche ... but let's get back to something _ontopic_
1111260656 M * Bertl sebd: you are the one who reported those unification debian issues last time, right?
1111260665 M * sebd no
1111260668 M * sebd just today
1111260678 M * Bertl ah, okay, then this is the second report ... sec
1111260699 M * sebd but I found out a long time ago, it's not blocking, running the dpkg command a second time fixes it.
1111260714 M * Bertl yes, that was reported too ...
1111260724 M * Bertl it looks to me like there happens some race ...
1111260744 M * Bertl let's try to narrow down the setup, shall we?
1111260774 M * sebd ok, so this is happening on the old generation vserver kernel patch
1111260780 M * sebd let me get the version numbers
1111260804 M * Doener DaPhreak: hmm... isn't qemu-i386 the "programs-only" emulation mode?
1111260882 M * Doener Bertl: on which Linuxwochen event will you talk?
1111260911 M * sebd Bertl: is there a way I can get the patch release number (from /proc or something) ?
1111260920 M * sebd I did not name the kernel after it
1111260929 M * DaPhreak no idea Doener :)
1111260931 M * sebd it's a 2.6 kernel
1111260936 M * sebd 2.6.8
1111260950 M * Bertl Doener: Linuxwochen 2005 in Vienna, Thursday
1111260958 M * Doener sebd: vserver patch version? uname -r should tell...
1111260990 M * sebd well, I did not compile it the right way, I get "2.6.8+ctx"
1111261004 M * sebd hang on, I'll get my compilation Makefile back
1111261182 M * Bertl 2.6.8 hmm, that reminds me of the unwanted attribute propagation we had some time ago?
1111261202 M * sebd sorry, I lost my old makefile :/
1111261210 M * Doener sebd: 2.6.8+ctx? debian patch?
1111261221 M * Bertl np, what does cat /proc/virtual/info say?
1111261221 M * sebd possibly
1111261234 M * Doener IIRC debian is the only one still referring to linux-vserver as ctx
1111261241 M * sebd VCIVersion:     0001:0020
1111261241 M * sebd VCISyscall:     273
1111261242 Q * ciphernaut_zz Ping timeout: 480 seconds
1111261251 M * Bertl yeah, just a year and a half behind ;)
1111261257 M * sebd :)
1111261271 M * sebd anyway, I'll refresh that kernel soon
1111261293 M * Bertl okay, but first let's try to figure what the issue is, yes?
1111261299 M * sebd ok Bertl 
1111261311 M * Bertl http://irc.13thfloor.at/LOG/LOG_2005-03-17.txt
1111261352 M * Bertl 1111091151
1111261392 M * sebd micah's lines ?
1111261402 M * Bertl so it seems to me that dpkg tries to remove an empty directory (probably one it created a few seconds ago)
1111261425 M * Bertl and indeed it is empty, but the call returns with permission denied
1111261461 M * sebd yes. That's the error I'm getting
1111261478 M * Bertl now we have to check two things there ...
1111261504 M * Bertl a) can we reproduce the rmdir return code after it happened?
1111261526 M * Bertl (by doing rmdir on that dir from within that vserver)
1111261543 M * Bertl b) can we identify any reason for this -EPERM
1111261569 M * Bertl I see two causes for getting EPERM
1111261587 M * Bertl 1) the directory itself has some strange tagging/barrier
1111261608 M * Bertl 2) the directory _above_ that is sticky/immutable/other xid
1111261679 M * Bertl patch-2.6.8.1-vs1.9.2.diff:+#define VCI_VERSION0x00010020
1111261700 M * Bertl so the kernel is 2.6.8/1.9.2 (probably debian)
1111261781 M * sebd (the host is a debian sarge, yes, but the kernel is custom)
1111261947 J * jbase jbase@ts1-a119.Astrakhan.dial.rol.ru
1111261954 M * jbase hello again
1111261968 J * keyser_soze ~keyser@host65.201-252-24.telecom.net.ar
1111261970 M * Bertl sebd: okay, could you try to reproduce that by up and downgrading some small package?
1111261983 M * Bertl wb jbase! got your son?
1111261988 M * sebd yes
1111261990 M * Bertl welcome keyser_soze!
1111262008 M * jbase Bertl: yep
1111262027 M * sebd yes Bertl. I have one of my vservers that I should update now.
1111262032 M * keyser_soze hello
1111262047 M * jbase Bertl... should I pmsg you now?
1111262063 M * Bertl if it's vserver related, no need to ;)
1111262091 M * sebd Bertl: 36 packages will be upgraded ... Just tell me whether you want me to trace any syscall or anything
1111262091 M * jbase yes its vserver related
1111262092 M * jbase ...
1111262129 M * Bertl sebd: is it possible to upgrade a single package? and then maybe downgrade it again?
1111262144 M * jbase Bertl so could you assist us in solving this "out of semaphore space" problem?
1111262161 M * sebd Bertl: never done it, I'll try. But then, I guess it's files won't be "unified" anymore
1111262167 M * Bertl jbase: sure, did you try to strace the apache startup yet?
1111262183 M * Bertl (if not, then that's the next step, strace -fF)
1111262184 M * jbase well i'm sort of new to this, I will try now
1111262209 M * Bertl get strace installed, and look at the httpd start script how to start apache
1111262218 M * jbase ok
1111262224 M * jbase strace IS installed
1111262241 M * Bertl good! ;)
1111262312 M * hws123 Hi guys, just a quick question. What about doing reboots in a vserver?
1111262324 M * Doener hws123: use "reboot -f"
1111262329 M * Bertl if the host is configured properly that works just fine
1111262335 M * hws123 reboot WARNING: could not determine runlevel - doing soft reboot  (it's better to use shutdown instead of reboot from the command line) init: /dev/initctl: No such file or directory
1111262339 M * Doener is you're using plain initstyle, you can also use just "reboot"
1111262352 M * hws123 I am using Gentoo
1111262370 M * Bertl hws123: reboot -f is what you want
1111262372 M * hws123 ok, reboot -f seems to work fine
1111262379 M * hws123 alright, cheerio
1111262567 M * sebd Bertl: ok, I'll type this: strace -fF aptitude dist-upgrade | tee aptitude.log 2>&1
1111262617 M * daniel_hozac sebd: strace -o aptitude.log -fF aptitude dist-upgrade will likely work better.
1111262623 M * Bertl hmm, better use strace -fF -o apt.trace
1111262631 M * sebd ok
1111262847 M * hws123 Alright guys, thanks for all again and have a nice weekend, cheers!
1111262850 M * hws123 bye
1111262856 M * Bertl you too!
1111262884 M * sebd I got the expected error : Preparing to replace login 1:4.0.3-30.7 (using .../login_1%3a4.0.3-30.10_i386.deb) ... Unpacking replacement login ... dpkg: error processing /var/cache/apt/archives/login_1%3a4.0.3-30.10_i386.deb (--unpack):  failed to rmdir/unlink `//usr/bin/newgrp.dpkg-tmp': Operation not permitted
1111262916 M * Bertl okay, now let's look at the dir
1111262924 M * Bertl does //usr/bin/newgrp.dpkg-tmp exist?
1111262949 M * sebd Bertl: not anymore. Now I'll look for /usr/bin/newgrp.dpkg-tmp in aptitude.log (strace's)
1111262967 M * Bertl k, maybe that happens in some chroot?
1111263075 M * sebd no idea, I can see 2917  write(1, "\261\350\264\245\0\346\227\240\346\263\225 chroot \345"..., 4096 <unfinished ...>
1111263079 Q * hws123 Quit: Leaving
1111263092 M * sebd then, later
1111263095 M * sebd rmdir("/usr/bin/newgrp.dpkg-tmp") = -1 ENOENT (No such file or directory)
1111263103 M * sebd then
1111263105 M * sebd link("/usr/bin/newgrp", "/usr/bin/newgrp.dpkg-tmp") = 0
1111263127 M * Bertl could you upload that strace somewhere?
1111263149 M * sebd Bertl: yes, it'll be simpler :)
1111263151 M * sebd hang on
1111263444 M * sebd http://www.lesdeveloppementsdurables.org/aptitude.log.gz
1111263498 M * Bertl tx
1111263500 M * sebd (sorry for the delay, I'm looking after 3 kids here :) yes, the girlfriend is the worst enemy ;) ...)
1111263515 M * Bertl hey 3 kids means fun, no?
1111263529 M * sebd beep me if needed, I won't be far
1111263535 M * Bertl k, np
1111263547 M * sebd Bertl: fun, but less time hacking
1111263576 M * Bertl ah, you just have to teach them, once they are hacking too, you'll have even more fun ;)
1111263622 M * Bertl Doener: 2922  chmod("//usr/bin/newgrp.dpkg-tmp", 0600) = -1 EPERM (Operation not permitted)
1111263643 M * Bertl looks like the barrier/dpkg issue, eh?
1111263647 M * Doener yup
1111263707 M * Bertl but was that an issue with 1.9.2?
1111263780 M * Doener i have no idea... should be an 1.2x issue only...
1111263795 M * Bertl yes, that's my opinion too ...
1111263873 M * jbase Bertl, httpd is started up using the daemon $httpd $OPTIONS command
1111263877 M * jbase can strace trace daemons?
1111263898 M * Bertl just use httpd $OPTIONS instead
1111263909 M * jbase ok
1111263914 M * Bertl strace -fF -o httpd.trace httpd $OPTIONS
1111263934 M * jbase $httpd is a variable... /usr/sbin/httpd
1111263943 M * jbase strace -fF -o httpd.trace /usr/sbin/httpd $OPTIONS
1111263943 M * Bertl k
1111263945 M * jbase correct?
1111263960 M * Bertl $OPTIONS are the options, so you need toe xpand that too ;)
1111263994 M * Bertl but simplest way is to replace the 'daemon' of the script with the strace -fF -o /tmp/httpd.trace
1111264043 M * jbase omg i'm looking at the httpd.trace file ;)
1111264072 M * Bertl hehe, compress and upload it or scan for ENOSPC
1111264122 M * jbase ok
1111264273 M * jbase found it
1111264316 M * jbase semget(IPC_PRIVATE, 1, IPC_CREAT|600) = -1 ENOSPC
1111264336 M * Bertl okay, so the number of semaphores (system wide) was depleted
1111264353 M * jbase but the ipcs command shows no semaphores at all
1111264376 M * Bertl the provider has to test that on the host
1111264384 M * Bertl (as I said, it's system wide)
1111264392 M * jbase I understand
1111264409 M * jbase oh
1111264420 M * jbase system wide meaning semaphores are shared between all vhosts?
1111264437 M * Bertl the semaphores are not shared, but the global limit is ;)
1111264442 M * jbase ok
1111264443 M * Bertl cat /proc/sys/kernel/sem
1111264477 M * jbase 250 32000 32 128
1111264492 M * Bertl yes, those are the defalt limits for a linux system
1111264508 M * Bertl a vserver host should increase them somewhat ...
1111264559 M * jbase when I do cat /proc/sys/kernek/sem am I displaying global system values (for host system) ?
1111264566 M * Bertl yep
1111264574 M * jbase ok thanks much
1111264575 M * Bertl (not virtualized yet)
1111264618 M * Bertl btw, depending on the proc security setup, you might succeed changing the limits yourself ;)
1111264634 M * jbase interesting ;)
1111264677 M * jbase how do i?
1111264753 M * jbase should I edit the file?
1111264803 M * jbase oh its like echo 250 32000 100 128 > /proc/sys/kernel/sem 
1111264813 M * jbase ?
1111264923 M * Bertl yep
1111264946 M * jbase ok
1111264949 M * jbase sorry for being too lame ;)
1111265014 M * jbase but if the limit for semaphores is reached, how can I see the list of them? and see they are actually hitting the limit?
1111265122 M * jbase I am googlesearching it and finding irc log with your name :) Bertl
1111265143 M * Bertl well, I'm trying to goole for that, but my network connection is too bad right now
1111265185 M * Bertl google for an explanation of /proc/sys/kernel/sem
1111265257 M * jbase hehe permission denied
1111265269 M * jbase it tried echo "500 64000 64 256" > /proc/sys/kernel/sem
1111265653 M * Bertl sebd: could you try something inside the vserver for us?
1111265665 M * sebd yes Bertl 
1111265708 M * Bertl mkdir /tmp/test && chmod 000 /tmp/test && chmod 777 /tmp/test && rmdir /tmp/test
1111265724 M * sebd it worked fine
1111265734 M * sebd no error
1111265738 M * Bertl okay, could you try that as some user?
1111265781 M * sebd Bertl: tried it 5 times as a user, it worked fine
1111265797 M * Bertl okay, so it's definitely not the barrier issue ...
1111265994 M * Bertl hmm, hmm ...
1111266031 M * Bertl I remember something about // being special for filesystems
1111266057 M * daniel_hozac cifs and smbfs?
1111266102 M * Bertl not only, IIRC posix reserves those names for something
1111266727 J * gloobert ~goobert@67-137-122-183.dsl2.brv.mn.frontiernet.net
1111266743 M * Bertl welcome gloobert!
1111266747 M * gloobert hey man
1111266752 M * gloobert i got more questions :)
1111266784 M * gloobert should i be using the latest kernel from kernel.org
1111266795 M * gloobert i try and patch and get an error message
1111266796 M * gloobert patch: **** strip count l is not a number
1111266824 M * Bertl sounds interesting, what is your command? patch -pl ?
1111266842 M * gloobert yea
1111266847 M * Doener should be p1
1111266853 M * Doener (that's a one)
1111266870 M * gloobert oh i see now
1111266875 M * gloobert your smart there man
1111266884 M * gloobert thanx
1111266895 M * Bertl yeah, just smart fork here, you're welconme!
1111266988 M * gloobert when i extracted the linux-vserver-1.9.4.tar.gz file to use with 2.6.11.5 there where two files as well inside 'patch-2.6.10-vs1.9.4.diff'  & 'patch-2.6.11-rc3-vs1.9.4.diff'
1111267014 M * Bertl yes, but you should go for 1.9.5-rc3 (with 2.6.11.5)
1111267030 M * gloobert oh sweetness
1111267042 M * Bertl http://vserver.13thfloor.at/Experimental/patch-2.6.11.3-vs1.9.5-rc3.diff
1111267055 M * gloobert thanks man
1111267060 M * Bertl my pleasure!
1111267172 M * gloobert ok ill be back
1111267190 M * gloobert are there any other patches that need to go in the kernel for quotas and limits to work
1111267228 M * Bertl quotas as in user/group quotas work on single partitions (not shared), disk limits are part of the release
1111267228 M * gloobert or are they just things that need to be something like './configure make make install etc.'
1111267270 M * gloobert this kernel doesnt limit ram usage does it by chance?
1111267288 M * gloobert per vserver context
1111267330 M * Bertl RSS, VM and VML
1111267362 Q * flock Remote host closed the connection
1111267401 M * gloobert sorry but im a little confused
1111267410 M * gloobert RSS sounds like XML ;)
1111267420 M * gloobert do i need a UML patch too or now
1111267421 M * gloobert no
1111267455 M * gloobert im gonna google it out
1111267461 M * gloobert thanks for your help guys
1111267465 M * gloobert means a lot to me
1111267467 M * sebd good night (for those who are on this side of the planet)
1111267484 M * Bertl gloobert: look at linux-vserver.org ;)
1111267586 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il
1111267598 M * gloobert http://linux-vserver.org/?action=find&find=RSS%2C+VM+and+VML
1111267757 M * Bertl those are acronyms for Resident Set Size Virtual Memory and Virtual Memory Locked
1111267794 M * gloobert thanks man
1111267795 M * Bertl it doesn't make sense to limit the RAM, as you are sharing resources, UML or QEMU (which have a separate kernel) can limit RAM
1111267799 M * gloobert i guess my question is
1111267805 M * gloobert or keep going :)
1111267826 M * gloobert k
1111267837 M * Bertl you do not start a separate kernel with linux-vserver, instead you use isolated (but partially shared) resources
1111267880 M * Bertl RSS is the number of pages kept in ram
1111267899 M * Bertl and VM is the amount of address space used by applications
1111267920 M * gloobert hrmmm
1111268171 M * gloobert ill try and let this sink in my teeth :)
1111268281 Q * miller7 Ping timeout: 480 seconds
1111268317 M * Bertl gloobert: well, if you ahve specific questions, just go ahead and ask (see topic ;)
1111268396 M * gloobert well basically my situation is i want to see if i can limit a vservers context in memory (maybe the usage of page file or whatever)
1111268415 Q * virtuoso Read error: Operation timed out
1111268437 M * gloobert cause then theyd be easy to split and share like a dedicated server
1111268441 M * gloobert just my thoughts
1111268444 M * Bertl yes, as I tried to explain, you can limit 3 different aspects of memory usage
1111268550 M * Bertl you can examine the 'current' usage of a vserver with /proc/virtual/<xid>/limits
1111268885 M * gloobert ok thanks bertl
1111268889 M * Bertl np
1111268895 M * gloobert sorry my brain farts a lot
1111268901 M * gloobert ill need to look into this
1111268912 M * gloobert im thinking of one more question
1111268921 M * gloobert do i need to patch the kernel for any of these
1111268929 M * gloobert cause i was gonna compile one here soon
1111268942 M * Bertl well, yes, with the linux-vserver patch of course ;)
1111268962 M * gloobert oh thats it
1111268978 M * gloobert ok im just being overly cautious i guess :)
1111268987 M * gloobert you rock man
1111268993 M * Bertl thanks! ;)
1111269140 M * gloobert [root@air508 linux-2.6.11.5]# patch -p1 ../patch-2.6.11.3-vs1.9.5-rc3.diff
1111269148 M * gloobert my servers just sitting there
1111269158 M * gloobert this supposed to take a while right?
1111269159 M * Bertl yeah, it's waiting for the patch ;)
1111269164 M * Bertl try:
1111269175 M * Bertl patch -p1 <../patch-2.6.11.3-vs1.9.5-rc3.diff
1111269215 M * gloobert so should i try and get out of the current line its in?
1111269234 M * Bertl just press CTRL-C
1111269250 M * Bertl it's waiting for input from the keyboard ...
1111269263 M * Bertl patch doesn't handle 'files' on the command line
1111269298 M * gloobert well it worked my friend
1111269301 M * gloobert thanks again 
1111269307 M * Bertl np
1111269313 M * gloobert you guys are the vserver superheros
1111269327 M * Bertl hehe, are we? ;)
1111269471 M * gloobert collect2: ld returned 1 exit status
1111269471 M * gloobert >> Unable to find the Ncurses libraries.
1111269471 M * gloobert >>
1111269471 M * gloobert >> You must install ncurses-devel in order
1111269471 M * gloobert >> to use 'make menuconfig'
1111269473 M * gloobert make[2]: *** [scripts/lxdialog/ncurses] Error 1
1111269473 M * gloobert make[1]: *** [menuconfig] Error 2
1111269475 M * gloobert make: *** [menuconfig] Error 2
1111269543 M * Doener well, do what it says, install ncurses-devel ;) if you happen to use debian, the package is called libncurses5-dev
1111269596 M * gloobert then rerun makemenuconfig
1111269613 M * Doener yep
1111269636 M * gloobert ok thanks man
1111269839 M * Doener you're welcome
1111269863 M * Doener btw, if you're really running debian, make sure to disable CONFIG_SECURITY
1111269904 M * gloobert its rh9
1111269908 M * Doener ok
1111269970 M * gloobert should i stil disable confi_security
1111269999 M * Doener yep, i just mentioned it because debian's default config has it enabled and linux capabilities built as a module
1111270013 M * gloobert k
1111270025 M * Doener that causes a heavy security problem if you don't happen to built the kernel with the right module loading 'tricks'(?)
1111270069 M * gloobert im compiling from scratch
1111270070 M * gloobert here
1111270119 M * Doener 2.6 kernels try to use your current kernel's configuration if no .config file is found in the source tree
1111270136 M * gloobert yea i think it picked something up
1111270201 M * DaPhreak great Bertl :)
1111270221 M * DaPhreak 2.6.11.3-grsec-vs1.9.5-rc3 #4 SMP
1111270227 M * DaPhreak ... profile done.
1111270241 A * Bertl is scrolling up to get some context ...
1111270258 M * DaPhreak nah, you know the context ;)
1111270264 A * Doener already tried and failed ;)
1111270268 M * DaPhreak lol :)
1111270273 M * Doener ... in getting context that is
1111270328 M * Bertl DaPhreak: ah, congrats then! ;)
1111270360 M * DaPhreak qemu -nographic -L /usr/share/qemu/ -m 64 -snapshot -hda ~/qemu/TEST_32M_public.img -kernel linux-2.6.11.3-vserver-1.9.5rc3-grsec/arch/i386/boot/bzImage -append "rw root=/dev/hda1 devfs=mount"
1111270383 M * DaPhreak qemu-fast is segfaulting ... doesn't know why ..
1111270391 M * jbase Bertl I have another vserver related q.
1111270398 M * Bertl DaPhreak: which gcc and what compiler?
1111270408 M * jbase when we reboot our server the sshd service always goes down
1111270416 M * jbase so we have to ask the host admin to restart it
1111270427 M * Bertl is it configured to be started on bootup?
1111270441 Q * gloobert Quit: 
1111270442 M * DaPhreak gcc version 3.4.3
1111270447 M * Bertl jbase: (some distros provide chkconfig for that)
1111270475 M * Bertl DaPhreak: try again with 3.3.x
1111270509 M * DaPhreak okydokz :) but later not now ;) gonna test the grsec-kernel :)
1111270529 M * Bertl k, qemu is fine too, just a lot slower ;)
1111270533 M * jbase Bertl the host admin doubled the semaphore settings and Apache is now running!
1111270542 M * Bertl excellent! ;)
1111270547 M * jbase thanks man!
1111270555 M * Bertl you're welcome!
1111271571 Q * brc Ping timeout: 480 seconds
1111271798 Q * keyser_soze Quit: Abandonando
1111271805 J * keyser_soze ~keyser@host65.201-252-24.telecom.net.ar
1111271824 M * Bertl wb keyser_soze!
1111273537 Q * erwan_ho Remote host closed the connection