1112573230 M * Doener http://www.win.tue.nl/~aeb/linux/lk/lk-10.html 1112573285 M * Doener so we got: a session has (may have?) a controlling terminal and contains process groups which in turn contain processes 1112573310 M * Doener if a session's controlling terminal goes away, the s-leader gets a SIGHUP 1112573341 M * Doener if a pgrp-leader dies, the other processes in the pgrp get SIGHUP followed by SIGCONT 1112573427 M * Doener and if an s-leader dies, all fg processes get an SIGHUP 1112573581 M * Doener hm, if that's all, clearing the sid should be ok... clearing the controlling terminal and such should be the job of the daemon itself and session 0 won't go away anytime soon ;) 1112573584 M * Bertl so init having no session at all means it is never planned to die (of course) 1112573665 M * Doener hm, session of the idle process (that's pid 0, right?), but shouldn't matter anyway 1112573822 M * Bertl okay, I'll draft up a patch to test _removing_ the session id on initpid initialization ... 1112573848 M * Doener hm, how would i strace init? 1112573860 M * Bertl attach after it was started? 1112573868 M * Bertl but IIRC it is blocked 1112573885 M * Bertl (means: ptrace checks for pid=1) 1112573901 M * Doener hm, source code time then ;) 1112574132 M * Doener Bertl: won't work i guess... init calls setsid() 1112574161 M * Doener (at least version 2.84 ;) 1112574195 M * Doener hm, i wonder why it doesn't get sid 1 then though 1112574347 M * Bertl sid is 0 for pid=1 1112574373 M * Doener yep, but why? init (pid 1) calls setsid() so it should get sid 1 1112574378 M * Bertl at least that is what the getsid() example says ... 1112574397 M * Bertl # /tmp/getsid 1 1112574397 M * Bertl 0 1112576649 M * Bertl http://vserver.13thfloor.at/Experimental/delta-clrsid-feat01.diff 1112576655 M * Bertl (just a suggestion) 1112576962 J * monrad ~monrad@213083190130.sonofon.dk 1112576967 M * Doener welcome monrad 1112577618 M * Doener yep, should do... 1112577649 M * Bertl test compiling a slightly corrected version now 1112577990 M * Doener ah, now it makes sense (i guess ) :) init has pgrp/pgid 0, so sys_setsid() will just jump out... 1112578467 M * ciphernaut is there any guides on setting up packet filtering for vservers? 1112578510 M * Bertl what packets do you want to filer? and why should that be different from normal packet filtering? 1112578515 M * Doener it's done as usual... 1112578556 M * Doener just be aware that host<->vserver and vserver<->vserver communication happens on the lo interface 1112578589 M * Bertl (as expected ;) 1112578605 M * Doener if you know it ;) 1112578638 M * Doener where 'host' is the box itself (or your qemu or whatever) 1112578661 M * Bertl yeah, of course, you have to know how the linux network stack works ... 1112578748 M * Bertl # chcontext --xid 100 --flag fakeinit /tmp/getsid 1 1112578749 M * Bertl New security context is 100 1112578749 M * Bertl 0 1112578803 M * Bertl but I'm not sure that will work as expected 1112578836 M * Bertl uploading the patch for testing in a minute 1112579166 M * Bertl http://vserver.13thfloor.at/Experimental/delta-clrsid-feat02.diff 1112579277 M * Bertl hmm, OTOH, looks good with busybox/init 1112579316 M * Bertl Doener: do you have an init based vserver at hand? 1112579326 M * Doener a few even 1112579341 M * Bertl excellent! 1112579358 M * Doener on my real box as well as one in qemu 1112579372 M * Bertl guess qemu will suffice here ... 1112579606 M * Doener just 02, right? 1112579659 M * Bertl yep 1112579950 M * monrad evening 1112579970 M * Bertl evening monrad! 1112580128 J * keyser_soze ~cimarron@host201.201-252-39.telecom.net.ar 1112580425 P * keyser_soze 1112580607 M * Doener test1:/# ps axo stat,euid,ruid,tty,tpgid,sess,pgrp,ppid,pid,pcpu,comm 1112580607 M * Doener STAT EUID RUID TT TPGID SESS PGRP PPID PID PU COMMAND 1112580607 M * Doener S 0 0 ? -1 424 1 0 1 0.7 init 1112580757 M * Bertl is that good or bad? 1112580772 M * Doener SESS says 424, so i'd say that's bad 1112580772 M * Bertl and is it with fakeinit? 1112580793 M * Doener PID says 1 so i guess yes? 1112580795 M * Bertl ps axo (doesnÄt work here) 1112580823 M * Bertl hmm, it works ;) 1112580826 M * Doener that's how it looks on my host: 1112580827 M * Doener STAT EUID RUID TT TPGID SESS PGRP PPID PID PU COMMAND 1112580828 M * Doener S 0 0 ? -1 0 0 0 1 0.0 init 1112580862 M * Bertl could you give me the /proc/self/status entries for flags and ccaps? 1112580938 M * Doener ctxflags: 02000010 1112580938 M * Doener initpid: 424 1112580967 M * Doener CCaps: 0000000000000101 1112581092 M * Bertl hmm, when and how did we (I?) mess up that? 1112581110 M * Bertl ah, okay, sorry ... 1112581145 M * Bertl let's look at /proc/virtual//status 1112581163 M * Doener that's where the ccaps come from 1112581182 M * Bertl yeah, the flags are what I'm interested in ;) 1112581192 M * Doener flags are the same (except leading 0's) 1112581272 M * Bertl hmm hmm .. s 1112581297 M * Bertl so why does getsid return correctly now? 1112581399 M * Doener test1:~# ./test 1 1112581400 M * Doener 424 1112581404 M * Doener doesn't do here... 1112581462 M * Bertl hmm, well, it segfaults here now :/ 1112581536 M * Doener the test program or chcontext? 1112581538 M * Bertl no idea what changed .. will look into it ... 1112581544 M * Bertl the getsid ... 1112581560 M * Bertl ah, stupid me ... forget the argument 1112581561 M * Doener i tried with chcontext --flag fakeinit bash -c /home/doener/src/test/test 1 1112581565 M * Doener that makes chcontext segfault :) 1112581587 M * Bertl # /tmp/getsid 1 1112581587 M * Bertl 0 1112581587 M * Bertl # chcontext --xid 200 --flag fakeinit /tmp/getsid 1 1112581587 M * Bertl New security context is 200 1112581587 M * Bertl 0 1112581592 M * Doener hmm... strange segfault... 1112581596 M * Doener /usr/sbin/chcontext: line 173: 5409 Segmentation fault "${create_cmd[@]}" "${chain_cmd[@]}" -- "${migrate_cmd[@]}" --endsetup --migrate-self -- "$@" 1112581614 M * Bertl but expected, same issue as here ... 1112581626 M * Bertl use chcontext --flag fakeinit bash -c '/home/doener/src/test/test 1' 1112581631 M * Doener ah, missed the $@ 1112581651 M * Bertl # chcontext --xid 200 --flag fakeinit bash -c '/tmp/getsid 1' 1112581652 M * Bertl New security context is 200 1112581652 M * Bertl 0 1112581673 M * Bertl so ... which kernel do you test? 1112581691 M * Doener with chcontext i get the same, inside the vserver i don't 1112581736 M * Bertl # chcontext --xid 200 --flag fakeinit bash -c 'ps axo stat,euid,ruid,tty,tpgid,sess,pgrp,ppid,pid,pcpu,comm' 1112581739 M * Bertl New security context is 200 1112581742 M * Bertl STAT EUID RUID TT TPGID SESS PGRP PPID PID %CPU COMMAND 1112581745 M * Bertl R 0 0 tts/0 36 0 0 0 1 0.0 ps 1112581767 M * Bertl so that looks fine to me ... maybe the chcontext does something differently? 1112581793 M * Bertl I mean, maybe the init vserver startup messes up a little ... 1112581830 M * Doener chcontext --ctx 1000 --flag fakeinit bash 1112581836 M * Doener gets me a dead shell 1112581847 M * Bertl yes, I observed that too 1112581864 M * Bertl might be related to the terminal being detached (terminal group) 1112581910 M * Bertl but I suspect the daemonize to be guilty here ... 1112581915 M * Bertl (sec checking something) 1112582018 M * Bertl init does call setsid() ? 1112582068 M * Doener afaict yes 1112582076 M * Bertl okay, that explains it ... 1112582083 M * Bertl __set_special_task_pids(current, current->pid, current->pid); 1112582100 M * Bertl the current->pid is not 'virtualized here) 1112582112 M * Doener sey, that's why i wondered why sid is 0 for init anyway 1112582121 M * Doener s/sey/yes/ 1112582128 M * Bertl yeah, no idea why ... 1112582163 M * Bertl pid = find_pid(PIDTYPE_PGID, current->pid); 1112582171 M * Bertl if (pid) 1112582171 M * Bertl goto out; 1112582177 M * Doener yep, that's what i assumed as well.. 1112582197 M * Doener ah! that's not virtualized either... 1112582208 M * Bertl so let's simply virtualize all of that and check again 1112582239 M * Doener the find_pid should be sufficient... 1112582589 M * Bertl int rmnr = vx_rmap_pid(nr); 1112582604 M * Bertl and replace nr by rmnr, do you agree? 1112582779 M * Doener in find_pid? 1112582782 M * Bertl yep 1112582786 M * Doener ok 1112582868 M * Bertl # /tmp/getsid 1 1112582868 M * Bertl -1 1112582871 M * Bertl hmm ... 1112582902 M * Bertl if (pid == vxi->vx_initpid) 1112582902 M * Bertl return ~0U; 1112582910 M * Bertl suboptimal ;) 1112582951 M * Doener hm, but putting 1 there won't be much better i assume 1112582960 M * Bertl no it should be 0 1112582981 M * Bertl now I wonder why I did return -1 (or better ~0U) in the first place 1112582994 M * Bertl that's in __vx_info_rmap_pid() btw 1112583006 M * Doener thought so ;) 1112583096 M * Bertl pgrp = vx_rmap_pid(pgrp); 1112583096 M * Bertl if (pgrp < 0) 1112583096 M * Bertl return -EINVAL; 1112583104 M * Bertl tiocspgrp() 1112583141 M * Doener got up early today, getting tired... guess we (or at least i) have to continue tomorrow/later 1112583156 M * Bertl okay, no problem, have a good night then! 1112583161 M * Bertl and thanks for your help! 1112583180 M * Doener nighty night! 1112583183 N * Doener Doener_zZz 1112583427 Q * newz2000 Quit: Chatzilla 0.9.67 [Firefox 1.0.2/20050317] 1112584488 M * Bertl guess I'm off to bed now ... 1112584499 M * Bertl have a nice whatever everyone .. cya tomorrow! 1112584504 N * Bertl Bertl_zZ 1112589142 M * eyck cya 1112589161 M * eyck tomorrow? like tuesday? 1112592855 J * sannes ~ace@home.skarby.no 1112593981 J * keyser_soze ~cimarron@host201.201-252-39.telecom.net.ar 1112594194 P * keyser_soze 1112594234 J * keyser_soze ~cimarron@host201.201-252-39.telecom.net.ar 1112595246 P * keyser_soze 1112598257 J * alban ~acrequy@AToulouse-105-2-2-69.w217-128.abo.wanadoo.fr 1112598862 J * erwan_ho ~erwan@lns-vlq-39f-81-56-133-136.adsl.proxad.net 1112599531 Q * erwan_ho Remote host closed the connection 1112603138 J * erwan_taf ~erwan@81.80.43.68 1112603383 M * rs hi 1112603647 M * cereal hi 1112604018 J * prae ~prae@134.106-14-84.ripe.coltfrance.com 1112604385 J * BWare ~bware@212.26.196.195 1112604915 Q * BWare Read error: Connection reset by peer 1112605036 J * BWare ~bware@212.26.196.195 1112605273 J * ydupont ~dupont-y@tomintoul.cri.univ-nantes.fr 1112605483 J * virtuoso ~s0t0na@80.253.205.251 1112605521 P * virtuoso 1112605546 J * virtuoso ~s0t0na@80.253.205.251 1112606831 Q * BWare Read error: Connection reset by peer 1112607990 J * Pazzo ~thomas@host130-250.pool8172.interbusiness.it 1112608433 M * Vudumen hmmm what could be the problem? i said vserver susetest550 build --force --context 550 --hostname susetest550 --flags sched,lock --initstyle plain -m rpm -- -d suse91 1112608436 M * Vudumen -d suse91 -- 1112608444 M * Vudumen but it said No rpm-lists specified and no list found for distribution 'suse91'. 1112608444 M * Vudumen When this is really indented, please use the '--empty' option. 1112608971 Q * lilo Quit: 1112609435 J * lilo ~lilo@lilo.usercloak.oftc.net 1112609820 M * TheSeer Vudumen: edit /etc/vservers/.distributions/suse91/apt/sources.list 1112609845 M * TheSeer the default is commented out so you don't have any active servicces to get packages from 1112609852 M * Vudumen thanks 1112609882 M * Vudumen and i have to use apt-rpm method as i see 1112609883 M * Vudumen hmm 1112609897 M * Vudumen it sais that type rpm is not known on line 1 blabla sources.list 1112609908 M * TheSeer ? 1112609930 M * Vudumen E: Type 'rpm' is not known on line 1 in source list /etc/vservers/susetest550/apps/pkgmgmt/base/apt/etc/sources.list 1112609969 M * TheSeer run bild with " -m apt-rpm" 1112609973 M * TheSeer build even 1112609985 M * Vudumen the full command was: 1112609985 M * Vudumen vserver susetest550 build --force --context 550 --hostname susetest550 --flags sched,lock --initstyle plain -m apt-rpm -- -d suse91 1112610005 M * TheSeer looks good to me.. even though i have no clue about apt on suse 1112610022 M * Vudumen is vserver uses debian's apt-get? 1112610051 M * TheSeer it uses the core os apt, yeah 1112610080 M * Vudumen well in this case my apt-get doesn't know about rpm :/ 1112610080 J * BWare ~bware@212.26.196.195 1112610088 M * TheSeer vserver-build --force -m apt-rpm -n foo --hostname=foo.domain.tld --netdev=eth0 --interface 192.168.1.1 --netmask 255.255.255.224 -- -d fc3 1112610098 M * TheSeer that's how i build my fedora core 3 vserver 1112610099 M * TheSeer and that works 1112610372 M * Vudumen hmm 1112610384 M * Vudumen do you installed apt-rpm by hand or anything like this? 1112610391 M * Vudumen i installed only alien and rpm 1112610394 M * Vudumen (it's a debian sarge) 1112610432 M * TheSeer hmm well.. guess the fact the core system is also a fedora box makes the difference 1112610453 M * Vudumen hmm yes it could be the difference :) 1112611620 Q * alexx Read error: Connection reset by peer 1112612679 J * alexx ~alexx@82.225.136.176 1112612971 J * lilo_ ~lilo@lilo.usercloak.oftc.net 1112612971 Q * lilo Read error: Connection reset by peer 1112614235 Q * lilo_ Read error: Connection reset by peer 1112614269 J * lilo ~lilo@lilo.usercloak.oftc.net 1112618019 Q * ydupont Quit: Leaving 1112618091 J * ydupont ~dupont-y@tomintoul.cri.univ-nantes.fr 1112618171 J * jsambrook ~jsambrook@aelfric.plus.com 1112618548 J * DukeGangsta|aw uefgangsta@i5387DF44.versanet.de 1112618751 J * DJ_Freeman ~Sascha@muedsl-82-207-242-063.citykom.de 1112618770 M * DJ_Freeman hi 1112618780 M * DJ_Freeman i've a patch problem 1112618821 M * DJ_Freeman i wan't to patch a 2.4.26 kernel with the vs1.26 sources, but that doesn't work :( 1112618842 M * DJ_Freeman which files do i need and how do i patch the kernel? 1112619182 M * DJ_Freeman sry it's a 2.4.24 kernel 1112619188 M * eyck why so old? 1112619317 M * DJ_Freeman i want to build a vserver with the same sources like my provider does. It should become a copy of my vserver @ http://star-hosting.de/ 1112619388 M * DJ_Freeman you understand? 1112619439 M * DJ_Freeman no1 who can help me :( 1112619600 J * mcp hightower@herr-der-titten.de 1112620179 M * DJ_Freeman nobody got an idea? 1112620211 M * TheSeer use a recent kernel 1112620241 M * TheSeer there is *ZERO* point in using a known to be vulnerable kernel release 1112620308 M * DJ_Freeman but my provider uses also the old kernel :( 1112620636 M * TheSeer well, search bugtraq for exploints against that kernel release 1112620646 M * TheSeer and r00t the server ;> 1112620661 M * TheSeer write a nice mail to the admin using that r00t account ... 1112620673 M * TheSeer they'll be updating in no time ;-P 1112620682 M * TheSeer and if not, time to change isp 1112620856 M * DJ_Freeman lol 1112620938 M * DJ_Freeman webmaster@XXX:~$ uname -a 1112620938 M * DJ_Freeman Linux XXX 2.4.24-vs1.26 #6 Fri Sep 24 17:20:33 CEST 2004 i686 GNU/Linux 1112621444 J * tad ~truex@static-151-204-232-50.bos.east.verizon.net 1112621528 Q * tad Remote host closed the connection 1112621980 Q * erwan_taf Quit: Leaving 1112621985 J * erwan_taf ~erwan@81.80.43.68 1112622980 Q * DJ_Freeman Ping timeout: 480 seconds 1112623405 M * maharaja :) 1112623805 N * Doener_zZz Doener 1112623830 M * Doener morning folks 1112623832 M * Snow-Man err 1112623841 M * Snow-Man Where's experimental/ stuff again? 1112623852 M * Doener http://vserver.13thfloor.at/Experimental 1112623859 M * Snow-Man Oh 'E', not 'e 1112623861 M * Snow-Man +' 1112623862 M * Snow-Man thanks. :) 1112623869 M * Doener you're welcome :) 1112623883 M * Doener took me about 2 months two learn the E ;) 1112623887 M * Doener s/two/to/ 1112623888 M * Snow-Man haha 1112623906 M * Snow-Man hrmmm. 1112623914 M * Snow-Man I thought there were only 2 fix's. 1112623942 M * Snow-Man namei and unhold.. 1112623956 M * Snow-Man Is the blkio one a big deal? 1112623986 M * Doener only if you have the blkio-feat patched in 1112623997 M * Snow-Man oh, ok, I don't. :) 1112624344 J * Elchbulle ~elch@donut.toppoint.de 1112624348 M * Elchbulle hiho 1112624404 M * Elchbulle is there a tool like vkill ? 1112624416 M * Doener yep, vkill 1112624430 M * Elchbulle wow Im so stupid I should try before ask 1112624436 M * Doener ;) 1112624470 M * Elchbulle leia:~# man vkill 1112624470 M * Elchbulle No manual entry for vkill 1112624470 M * Elchbulle See 'man 7 undocumented' for help when manual pages are not available. 1112624525 M * Elchbulle btw my vservers runs very well, thanks to the programmer 1112624600 M * Snow-Man What distro? 1112624662 M * Elchbulle Debian 1112624668 M * Snow-Man version? 1112624702 M * Elchbulle testing, dunno what the name is 1112624714 M * Snow-Man It's sarge. 1112624727 M * Snow-Man That's probably a 'normal' or 'important' bug against the package. 1112624733 M * Snow-Man Or should be rather. 1112624740 M * Elchbulle it runs stable since up 33 days, 5 min 1112624751 M * Snow-Man Good. :) 1112624801 M * Elchbulle Im very happy only that I cant use a Bind inside a vserver is a little problem 1112624842 M * Snow-Man You can, just not the Debian bind. 1112624857 M * Snow-Man You have to compile bind w/o linux capabilities. 1112624888 M * Elchbulle I read that dns doesnt works cause there are some udp problems?!? 1112624905 M * Snow-Man erm, no.. 1112624911 M * Snow-Man Not that I know of anyway. 1112624916 M * ydupont hello all 1112624932 M * ydupont I Have 10 Dns here inside vservers ... so it works :-) 1112624934 M * Elchbulle you have one running ? 1112624938 M * Elchbulle ahh cool 1112624965 M * Elchbulle ydupont which dns ? 1112624980 M * ydupont BinD9 + 1 djbdns 1112624991 M * ydupont djbdns not for much time, either... 1112625058 M * Elchbulle ahh fine 1112625066 M * Elchbulle I will try it :-) 1112625173 M * Elchbulle I love this channel :-) 1112625276 A * Snow-Man likes bind9. 1112625324 A * Elchbulle likes Sinix ;-) 1112626180 M * Snow-Man VmallocTotal: 536870911 kB 1112626181 M * Snow-Man VmallocUsed: 2388 kB 1112626181 M * Snow-Man VmallocChunk: 536868495 kB 1112626183 M * Snow-Man uhm... 1112626217 M * Snow-Man That's kind of amusing. :) 1112626482 M * Snow-Man VmallocTotal: 34359738367 kB 1112626482 M * Snow-Man VmallocUsed: 2388 kB 1112626482 M * Snow-Man VmallocChunk: 34359735951 kB 1112626485 M * Snow-Man Even better! 1112626534 P * jsambrook 1112626575 M * Snow-Man I don't think I understand what VmallocTotal is. 1112626673 M * Snow-Man Bertl_zZ: Around? :) 1112626909 Q * monrad Quit: Leaving 1112627080 N * Bertl_zZ Bertl 1112627113 M * Bertl Snow-Man: hehe, you are lucky ;) 1112627121 M * Bertl morning folks, btw! 1112627159 M * Bertl ydupont: sorry again .. you've got mail ;) 1112627215 M * Bertl rs: you still around? 1112627378 M * ydupont Bertl: 1112627385 M * Bertl Doener: awake? available? 1112627390 M * ydupont sorry I have to leave. I juste read your mail 1112627400 M * ydupont Bertl Thanks again, Will testing it tomorrow! 1112627401 M * ydupont bye 1112627409 M * Bertl np, cya! 1112627415 M * Pazzo Moin Bertl! 1112627415 Q * ydupont Quit: Leaving 1112627418 J * Loki|muh_ loki@satanix.de 1112627427 M * Bertl morn Pazzo! Loki|muh_! 1112627444 M * Loki|muh_ hi :) 1112627461 M * Doener kind of... on my way to make some coffee... (of course my coffee machine is really near to my box ;) 1112627536 Q * cereal uranium.oftc.net kinetic.oftc.net 1112627536 Q * Zoiah uranium.oftc.net kinetic.oftc.net 1112627536 Q * Loki|muh uranium.oftc.net kinetic.oftc.net 1112627536 Q * maharaja uranium.oftc.net kinetic.oftc.net 1112627536 Q * bro uranium.oftc.net kinetic.oftc.net 1112627536 Q * ndim uranium.oftc.net kinetic.oftc.net 1112627536 Q * SiD3WiNDR uranium.oftc.net kinetic.oftc.net 1112627536 Q * cemil uranium.oftc.net kinetic.oftc.net 1112627536 Q * slapper uranium.oftc.net kinetic.oftc.net 1112627536 Q * eyck uranium.oftc.net kinetic.oftc.net 1112627536 Q * tchan_ uranium.oftc.net kinetic.oftc.net 1112627536 Q * atsab uranium.oftc.net kinetic.oftc.net 1112627536 Q * Beirdo uranium.oftc.net kinetic.oftc.net 1112627536 Q * Seraph uranium.oftc.net kinetic.oftc.net 1112627574 J * Zoiah Zoiah@matryoshka.zoiah.net 1112627605 J * ndim hun@helena.bawue.de 1112627624 J * SiD3WiNDR luser@bastard-operator.from-hell.be 1112627631 J * cereal ~cereal@stargate-galaxy.net 1112627635 J * Beirdo ~gjhurlbu@beirdo.usercloak.oftc.net 1112627643 J * cemil ~cemil@defiant.wavecon.de 1112627645 J * tchan ~tchan@c-24-13-81-164.hsd1.il.comcast.net 1112627661 J * atsab ~as@lotes.vtu.lt 1112627668 J * Seraph kk@projects.verfaction.de 1112627702 J * maharaja maharaja@ipax.at 1112627895 M * Doener Bertl: ok, got my coffe 1112627904 M * Doener s/ffe/ffee/ 1112627940 M * Bertl excellent! I guess I have a proper fix for the sid thingy/initpid 1112627951 J * eyck eyck@81.219.64.71 1112627957 M * Bertl but I also think it will not solve enricos issues ;) 1112627963 M * Bertl welcome eyck! 1112628094 M * eyck welcome... 1112628101 M * eyck I don't recall leaving though... 1112628136 M * Elchbulle Ahh Bertl nice to see you 1112628144 M * cereal re 1112628205 M * Bertl eyck: you were just lazy with joining after the split 1112628215 M * Bertl Elchbulle, cereal: greetings! 1112628256 J * DukeGangsta2 uefgangsta@i5387DF44.versanet.de 1112628284 Q * DukeGangsta|aw Ping timeout: 480 seconds 1112628285 M * Elchbulle Bertl you are my hero, only cause you helped me, my vserver runs so well 1112628315 M * Bertl yeah? well, probably the pleasure was all mine ;) 1112628336 M * Bertl Doener: http://vserver.13thfloor.at/Experimental/delta-clrsid-feat03.diff 1112628566 M * Doener Bertl: hm, why shouldn't it solve Enrico's issues? 1112628618 M * Doener the manpage says killall5 is only used in rc scripts. those are executed by init and should thus be in the same session as init. so init should not be killed then 1112628679 M * Bertl maybe it will, maybe not ... I discovered that the 'real' init is protected against most signals 1112628700 M * Bertl but it's easy to kill the 'virtual' init from inside ;) 1112628729 M * Bertl (should not be hard to fix that too, just needs _another_ patch ;) 1112628757 M * Doener yep, but killall5 shouldn't send a signal to init anyway, otherwise it's killall5's fault :) 1112628808 M * Doener ... with the fixed sid that is 1112628894 M * Bertl agreed, so let's see how it works out ... 1112629264 Q * locksy Ping timeout: 480 seconds 1112629267 J * locksy ~locksy@mrtg.sisgroup.com.au 1112629331 T * services.oftc.net http://linux-vserver.org/ | latest stable 1.2.10, devel 1.9.5, ng9.4 -- He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) 1112629928 M * rs re 1112629938 M * Snow-Man Bertl: Any idea what's up with that? It seems wrong... 1112630030 M * Bertl wb rs! 1112630067 M * Bertl Snow-Man: please repeat some important details (or even better, give me a short overview ;) 1112630112 M * Bertl rs: how was/is the testing going (you started last week?) 1112630133 M * rs really fine actually 1112630152 M * Bertl which version is that currently? 1112630155 M * rs no more crash and I didn't noticed bugs yet, not on kernel side at least 1112630170 M * rs there is still a bug in util-vserver that prevent some vserver to stop time to time 1112630197 M * rs 2.6.11.5-vs1.9.5-unholdfix-node 1112630237 M * Snow-Man VmallocTotal: 34359738367 kB 1112630237 M * Snow-Man VmallocUsed: 2388 kB 1112630237 M * Snow-Man VmallocChunk: 34359735951 kB 1112630241 M * Snow-Man wtf? 1112630246 M * Snow-Man Bertl: That's the 'short overview'. 1112630246 M * Bertl rs: ah, good, we fixed some minor issues since then ... you might consider to add the patches 1112630251 M * Snow-Man :) 1112630258 M * Snow-Man total used free shared buffers cached 1112630258 M * Snow-Man Mem: 2056872 76652 1980220 0 5380 32836 1112630258 M * Snow-Man -/+ buffers/cache: 38436 2018436 1112630258 M * Snow-Man Swap: 4194296 0 4194296 1112630259 M * Bertl Snow-Man: ah, okay, thought it might be that ;) 1112630276 M * Bertl is that _inside_ a vserver? 1112630283 M * Snow-Man Bertl: Is that just how much *can* be allocted or something? 1112630291 M * rs Bertl: which kind of issue ? 1112630299 M * Snow-Man Nope, this is on a host which isn't actually running any vservers atm. 1112630307 M * Snow-Man And it's from cat /proc/meminfo 1112630313 M * Snow-Man Linux dori 2.6.11.6-vs1.9.5ntwx.10 #1 SMP Mon Apr 4 10:47:02 EDT 2005 x86_64 GNU/Linux 1112630325 M * Bertl thenI'd say it's a bug ;) 1112630329 M * Snow-Man It's also got 2 of the fixes from FOR_1.9.6 1112630342 M * Snow-Man Bertl: What's VmallocTotal *supposted* to be? 1112630350 M * Snow-Man Bertl: And do you think it's just a reporting error? 1112630359 M * Bertl rs: http://vserver.13thfloor.at/Experimental/FOR-1.9.6/delta-initvx-clean01.diff 1112630377 M * rs Bertl: what does it fix ? 1112630378 M * Bertl (this solves a reproducable issue when you turn on memory debugging ;) 1112630400 M * rs the problem doesn't happen with memory debugging off ? 1112630407 M * Bertl basically some struture members are assumed initialized 1112630437 M * Bertl (it might happen without too, but it is easily triggerable with debugging enabled, because it scribbles poison patterns all over the memory ;) 1112630482 M * Snow-Man Bertl: It looks 'ok' on a x86 box, btw. 1112630486 M * Snow-Man VmallocTotal: 114680 kB 1112630502 M * Snow-Man That's certainly more reasonable, I think, but I'm still not sure what it's supposted to be. :P 1112630515 M * Snow-Man Is that kernel allocation amounts? 1112630537 M * Bertl rs: btw, I'll upload a final version for that ... we did beautify it somewhat ... 1112630549 M * Bertl Snow-Man: ah, that's a 64bit machine, right? 1112630562 M * Snow-Man Bertl: The one with the huge numbers, yes, x86_64. 1112630575 M * Bertl yes, that's basically some kind of harmless bug ... 1112630595 M * Bertl the kernel reserves a certain percentage of the address space for vmalloc 1112630610 M * Bertl on x86_64 this is insanely huge ... 1112630631 M * Snow-Man ahhh, alright, that's not actually allocated, just what you could allocate up to. 1112630650 M * Snow-Man I've hit that limit before on x86. :) 1112630650 M * Bertl yes, and IIRC there is an option to set it too ... (at boottime) 1112630675 M * Snow-Man Oh, is there? Just to lower it, or could you raise it? 1112630692 Q * prae Quit: Client exiting 1112630722 M * Bertl IIRC it was set (so lower and raise ;) 1112630756 M * Snow-Man hmmm, ok. 1112630844 M * Bertl rs: and this is shiny new (so not well tested ;) but should fix some issues with fakeinit based vservers 1112630853 M * Bertl http://vserver.13thfloor.at/Experimental/delta-clrsid-feat03.diff 1112632556 Q * sannes Ping timeout: 480 seconds 1112632984 M * rs really ? why that ? 1112632996 M * rs it soon like a util-vserver bug 1112633000 M * rs sound 1112633081 M * Bertl well, I don't know the details of your vserver issues .. but enrico reported that killall5 did kill the init process too which caused some issues 1112633101 M * rs ok 1112633103 M * Bertl (this might be solved by fixing the sid, which this patch does) 1112633111 M * rs nice 1112633116 M * rs I'll give it a try 1112633152 M * Bertl btw, do you have any feedback regarding the IPC limits/accounting? 1112633207 M * rs no I didn't got time to test it :/ 1112633304 M * Bertl np, just wanted to know ... 1112633524 M * Vudumen hi Bertl :) 1112633725 M * Bertl hey Vudumen! sup? 1112633756 M * Vudumen bit tired. 1112633763 M * Vudumen i'm working on a website currently 1112633776 M * Bertl for linux-vserver? *G* 1112633786 M * Vudumen not really :( for our lan-party 1112633794 M * Vudumen we organize big lan parties here in hungary 1112633810 M * Vudumen www.gpslan.com this is our main site and now i'm working on our 5th eventsite 1112633820 M * Vudumen check it at http://kirk.interware.hu/GPS5.html/ 1112633835 M * Vudumen or the psd snapshot at http://eswc.gpslan.com/d/snapshot6.jpg 1112633837 M * Vudumen or the psd snapshot at http://eswc.gpslan.com/d/snapshot06.jpg 1112633838 M * Vudumen sory 1112633839 M * Vudumen :) 1112633897 M * Bertl hmm, not bad, who does the graphics? 1112633923 M * Vudumen well sometime me sometimes a friend sometimes we buy it 1112633943 M * Bertl just asking because linux-vserver still lacks a logo ;) 1112633989 M * Vudumen our logo - the (G) sign - was created by a friend of us 1112634041 M * Vudumen the last design is from a template-store and i did some modifications 1112634183 M * Vudumen Bertl: i have a problem. how can i create a redhat/fedora/suse vps with vserver on debian? 1112634205 M * Vudumen i trued yum, rpm, apt-rpm methods and it seem to be the rpm method the solution but i have problems :/ 1112634218 M * Vudumen the last is that rpm cannot find libvserver.so.0 while it's in /usr/lib 1112634237 M * Bertl are the tools compiled with dietlibc? 1112634377 M * Vudumen yes 1112634387 M * Vudumen and it's not the newest 1112634402 M * Bertl could you upload the output (maybe of a build run with --debug)? 1112634404 M * Vudumen it's 0.30.204 1112634440 M * Vudumen yes a moment pls 1112634619 M * Bertl take your time ... 1112634620 M * Vudumen http://kirk.interware.hu/vserver/log.txt 1112634638 J * brc bruce@200141105098.user.veloxzone.com.br 1112634660 M * Bertl tx 1112634662 M * brc After a vserver STOP, how long would it take for th econtext do disappear so i could start the vserver again?? 1112634663 M * brc bertl! 1112634665 M * Bertl welcome brc! 1112634671 M * brc Bertl: Which would me the maximum time ? 1112634681 M * Bertl infinity I guess ... 1112634710 M * brc hmm 1112634715 M * Bertl but you should check the limits and status ... 1112634732 M * brc [root@localhost root]# cat /proc/virtual/113/limit 1112634732 M * brc PROC: 0 391 -1 0 1112634732 M * brc VM: 0 438294 -1 0 1112634732 M * brc VML: 0 0 -1 0 1112634732 M * brc RSS: 0 116405 -1 0 1112634732 M * brc FILES: 0 5573 -1 0 1112634734 M * brc SOCK: 32 32 -1 0 1112634734 M * brc OFD: 0 0 -1 0 1112634754 M * brc [root@localhost root]# cat /proc/virtual/113/status 1112634754 M * brc UseCnt: 2 1112634754 M * brc RefCnt: 32 1112634754 M * brc Flags: 0000000200000010 1112634754 M * brc BCaps: ffffffffd44c04ff 1112634754 M * brc CCaps: 0000000000000101 1112634754 M * brc Ticks: 0 1112634756 M * brc ---- 1112634765 M * brc the user is waiting for the reboot, should i give him another ctx ? 1112634793 M * Bertl so there are sockets keeping the context ... 1112634812 M * Bertl try to take down the interface ip, this might help 1112634870 M * Bertl also give the 'mount -o remount,rw /proc' a try 1112634922 M * brc ok 1112634932 M * brc hmm. now i cuold start it 1112634934 M * brc without doing anything 1112634946 M * brc :) 1112634951 M * Bertl well, then it timed out ;) 1112634954 M * brc eheeh 1112634969 M * brc if there was a way to find out what needs to timeout, it wuld be nice 1112634978 M * Bertl 19:12 < brc> SOCK: 32 32 -1 0 1112634984 M * Bertl means network/unix sockets ;) 1112635037 J * bro ~vanity@lanparty.lv 1112635068 M * Bertl Vudumen: libvserver.so.0 is available/installed, right? 1112635074 M * Bertl welcome bro! 1112635083 M * Vudumen Bertl: yes but i check it again 1112635102 M * Vudumen virtual:~# locate libvserver.so 1112635102 M * Vudumen /usr/lib/libvserver.so 1112635102 M * Vudumen /usr/lib/libvserver.so.0 1112635102 M * Vudumen /usr/lib/libvserver.so.0.0.0 1112635203 M * brc Bertl: ok :) 1112635234 M * brc so there were 32 sockets to timeout, is that it ? 1112635244 M * Bertl yep, precisely 1112635252 M * Bertl RefCnt: 32 1112635278 M * Bertl tells us, that those were the only it was waiting for 1112635338 M * Bertl Vudumen: could you give 0.30.205 a try? 1112635557 M * Vudumen Bertl: do i have to compile a newer kernel? 1112635558 M * Vudumen it's rc3 1112635559 M * Vudumen now 1112635592 M * Bertl no, this is not kernel related 1112635614 M * Bertl should even work with a 2.4/1.2 kernel ;) 1112635705 M * Vudumen :) 1112635706 M * Vudumen fine 1112635710 M * Vudumen in this case i give it a try :) 1112635724 M * Vudumen is there debian package available for sarge or do i have to compile? :) 1112635730 M * Bertl (nevertheless updating to a recent kernel might avoid other issues ;) 1112635743 M * Bertl Vudumen: you're asking me? ;) 1112635821 M * Vudumen :) 1112635823 M * Vudumen ok i compile it :) 1112635839 A * DaPhreak|school 's going .. have a good evening guys :) 1112635864 M * Vudumen by DaPhreak 1112635899 M * Vudumen hmm where can i download it? :) 1112636051 M * Bertl http://www.13thfloor.at/~ensc/util-vserver/files/alpha/ 1112636061 M * Vudumen thanks :) 1112636134 M * Bertl Doener: sorry to bother you, but does the sid fix work for you? 1112636541 M * Vudumen hmm it doesn't give me this error i think 1112636572 M * Vudumen hmm now i see this: No rpm-lists specified and no list found for distribution 'suse91'. 1112636573 M * Bertl you get a new one? 1112636594 M * Bertl okay, get the suse rpm list (from the previous install) 1112636596 M * Vudumen yes 1112636604 M * Bertl and specify it ... 1112636613 M * Vudumen is it available in the util-vserver sources? 1112636644 M * Vudumen hmm first i clean up my /vservers dir :) 1112636646 M * Bertl I tell you I don't know ... 1112636674 M * Vudumen okay :) 1112636728 M * Vudumen hmm a new error message :) 1112636732 M * Vudumen /tmp/vserver-build.rpm.manifest.mDb5xY: read manifest failed: Success 1112636762 M * Bertl please upload the --debug output again ... 1112636805 M * Vudumen ok 1112636822 M * Vudumen now it was a fc3 1112636959 M * Vudumen http://kirk.interware.hu/vserver/log1.txt 1112636980 J * Anders1 ~Anders@81-231-226-58-no40.tbcn.telia.com 1112636986 M * Bertl welcome Anders1! 1112637003 M * Anders1 hm 1112637017 M * Anders1 hi, i guess 1112637025 M * Bertl a good start! ;) 1112637029 M * Anders1 ;) 1112637034 M * Anders1 thought you were a bot or so 1112637045 M * Vudumen :)) 1112637056 M * Bertl well, and now you are sure I'm not? 1112637128 M * Anders1 indeed 1112637147 M * Bertl well, then tell me about your problems ... ;) 1112637153 M * Anders1 \o/ 1112637689 J * erwan_ho ~erwan@lns-vlq-39f-81-56-133-136.adsl.proxad.net 1112637703 M * Bertl evening erwan! 1112637712 M * erwan_ho hey Bertl 1112638037 M * Bertl rs: btw, before I forget it again, there was somebody reporting success with GFS and linux-vserver (probably no xid tagging though) ... 1112638254 Q * Anders1 Quit: Leaving 1112638287 J * monrad ~monrad@213083190130.sonofon.dk 1112638294 M * Bertl welcome monrad! 1112638468 M * Doener Bertl: sorry, had some emergency... 1112638502 M * Bertl no problem at all ... 1112638621 M * monrad hi 1112639163 M * Bertl Vudumen: the manifest seems too minimal to me ... 1112639249 M * Doener vcontext: setsid(): Operation not permitted 1112639273 M * Bertl is that good or bad? 1112639281 J * sannes ~ace@home.skarby.no 1112639283 M * Doener well, the vserver didn't start ;) 1112639379 M * Bertl now the question is, why does vcontext do setsid()? 1112639395 M * Bertl and more important, why isn't it permitted ;) 1112639422 M * Bertl btw, my tests with chcontext and init did work quite fine ;) 1112639559 M * Doener the why is easy... 1112639574 M * Doener seems we misinterpreted the find_pid check... 1112639585 M * Vudumen Bertl: if it's better i can give you root account for this machine 1112639606 M * Doener what the check does is: if the current process is not its pgrp leader, don't let it become a session group leader 1112639609 M * Bertl Vudumen: no, best would be to ask on the ml, enrico probably knows more ... 1112639633 M * Bertl Vudumen: make a short description what you tried and what errors you got ... 1112639658 M * Bertl Doener: okay, but we are not touching that right now, no? 1112639674 M * Bertl (i.e. my patch doesn't modify find_pid ;) 1112639686 M * Doener but the check 1112639687 M * Vudumen Bertl: ok. but am i right if i say that installing fedora/suse on a debian system is only possible with rpm method? 1112639697 M * Doener - if (pid) 1112639697 M * Doener + if (pid || vx_current_initpid(current->pid)) 1112639697 M * Doener goto out; 1112639716 M * Bertl Vudumen: it should be possible with apt-rpm too, but I do not know of an apt-rpm for debian ... 1112639717 M * Doener the vserver's initpit is always denied setsid 1112639736 M * Vudumen Bertl: yes i didn't found it too :( 1112639740 M * Bertl ahh, I understand! 1112639776 M * Doener ehrm, in the above explanation: s/is not its pgrp leader/is its pgrp leader/ 1112639797 M * Bertl Doener: okay, but without that check, the init will set the session back to something custom, where it should be 0 no? 1112639841 M * Doener yep, so we're back at: why the hell does it keep sid=0? 1112639847 M * Bertl (so sounds like a chicken-egg issue?) 1112639908 M * Bertl maybe we should return EINVAL? 1112639917 M * Bertl could you try: 1112639940 M * Bertl if (vx_current_initpid(current->pid)) 1112639940 M * Bertl return -EINVAL; 1112639992 M * Bertl Vudumen: some guy was 'building' it on debian, and IIRC gave up after some time 1112640013 M * Vudumen IIRC? 1112640029 M * Bertl acronymfinder? 1112640042 M * Vudumen ok :) 1112640059 M * Vudumen ahh i see :) 1112640076 M * Vudumen in this case i have to prepare some "template" systems 1112640108 M * Bertl you should bring that up on the ml (the apt-rpm case) because I consider it a real debian deficiency 1112640126 M * Bertl (maybe somebody stands up and build working apt-rpm packages for debian) 1112640158 M * Vudumen ok 1112640206 M * Bertl thanks! 1112640297 M * Vudumen sent 1112640298 M * Vudumen :) 1112641113 M * Doener fails now with: vcontext: setsid(): Invalid argument 1112641170 M * Bertl hmm, so how does it work with init anyway? and why does vcontext fail? not init? 1112641250 M * Doener init doesn't check for retval 1112641411 M * Bertl okay, so it's a vcontext bug? 1112641449 M * Bertl or how does 'real' init keep the sid=0? 1112641568 M * Bertl maybe we should disable the ptrace check for init and try with an straced init? 1112641585 M * Doener i got now: 1112641595 M * Doener if (!thread_group_leader(current) || vx_current_initpid(current->pid)) 1112641595 M * Doener return -EINVAL; 1112641611 M * Doener and i guess both init and vcontext fail there 1112641638 M * Doener vcontext because of being the context's fake init process and init because it is no thread_group_leader 1112641646 M * Doener STAT EUID RUID TT TPGID SESS PGRP PPID PID PU COMMAND 1112641646 M * Doener S 0 0 ? -1 0 0 0 1 0.0 init 1112641652 M * Doener notice the TPGID being -1 1112641676 M * Bertl thatÄs the tty's tpgid 1112641683 M * Bertl that's even 1112641708 M * Bertl we can remove that too, but it would be catastrophical if I do it in the kernel ... 1112641709 M * Doener hm? 1112641731 M * Bertl any initpid process would immediately drop the terminal 1112641747 M * Bertl (well, maybe it's how it should work, no idea ,) 1112641796 M * Doener what do you mean by "tty's tpgid"? 1112641806 M * Doener do ttys have threads? 1112641845 M * Bertl you sure that's the thread_group? 1112642065 M * Doener hm, no... 1112642074 M * Doener /proc/1/status says Tgid: 1 1112642088 M * Bertl it's the terminal process group 1112642090 M * Doener what would make init a thread group leader... 1112642120 M * Bertl maybe we should really drop that ... 1112642137 M * Bertl give me a few minutes to look into it, I'll prepare a patch 1112642147 M * Bertl (but that will not change the thread_group test) 1112642678 M * Bertl hmm, decided against it, but I have an idea ... 1112642703 M * Bertl we should add some good 'ole prinkt debugging to the sys_setsid() what do you think? 1112642739 M * Doener yeah, guess that will shed some light on it 1112642753 M * Bertl okay, do you prepare something ot shall I? 1112642813 M * Doener please do it ;) fighting with some far too huge mysql dump atm 1112642819 M * Bertl ok, np 1112643614 Q * DaPhreak|school Ping timeout: 480 seconds 1112644694 M * Bertl http://vserver.13thfloor.at/Experimental/delta-debug_setsid.diff 1112644864 M * Doener ah, finally a patch that doesn't cause some huge rebuilt :) 1112644876 M * Bertl hehe ;) 1112644891 M * Bertl http://vserver.13thfloor.at/Experimental/FOR-1.9.6/delta-kconfig-feat01.diff <-- this one will ;) 1112644999 M * Doener sys_setsid(810d9a80): pid=1, tgl=1, initpid=0 1112644999 M * Doener sys_setsid(810d9a80) -- no EINVAL 1112644999 M * Doener sys_setsid(810d9a80) -- ret=-1 1112644999 M * Doener INIT: version 2.86 booting 1112645030 M * Doener so we got -eperm, because we're (aka init) a group leader 1112645084 M * Bertl is that the real init? 1112645093 M * Doener yep 1112645120 M * Bertl okay, so my 'original' check is quite fine, right? 1112645130 M * Bertl if (pid || vx_current_initpid(current->pid)) 1112645161 M * Bertl should also return EPERM ... 1112645532 M * Doener checking output for vserver init... 1112645572 M * Bertl funny thing is my init does it twice ... (busybox) 1112645585 M * Bertl sys_setsid(610b95b0): pid=1, tgl=1, initpid=0 1112645585 M * Bertl sys_setsid(610b95b0) -- no EINVAL 1112645585 M * Bertl sys_setsid(610b95b0) -- ret=-1 1112645585 M * Bertl sys_setsid(61154070): pid=14, tgl=1, initpid=0 1112645585 M * Bertl sys_setsid(61154070) -- no EINVAL 1112645588 M * Bertl sys_setsid(61154070) -- no EPERM 1112645590 M * Bertl sys_setsid(61154070) -- ret=14 1112645596 M * Doener same here 1112645618 J * wurd ~kvlt@modemcable143.235-201-24.mc.videotron.ca 1112645659 M * wurd hello? 1112645665 M * Bertl hello wurd! 1112645665 M * Doener welcome wurd 1112645673 M * wurd hi 1112645683 M * Doener Bertl: i guess that's init forking to execute rc scripts 1112645707 M * wurd i was wondering which release of vserver i should download 1112645728 M * wurd i have a 2.4 kernel 1112645730 M * wurd redhat 9 1112645744 M * Bertl then the best one would be 1.2.10 I guess ... 1112645749 M * Doener if you want to stay with 2.4, then 1.2.10 1112645756 M * wurd "marcelo tree" ? 1112645776 M * wurd (i dont know what 'marcelo tree' is by the way) 1112645834 M * Doener marcelo is the maintainer of the 2.4 tree 1112645839 M * wurd doener i tried to compile a 2.6 kernel but failed :( some modules dont load, or something 1112645887 M * wurd ok i see. i'll try 1.2.10 then 1112645960 M * Doener for modules on 2.6 you need module-init-tools 3.x or something, see post-halloween (ask google ;) url is also mentioned by the kernel after building IIRC) 1112646142 J * prae ~prae@sherpadown.net 1112646313 M * kevinp|gone Bertl: Is there a patch for 2.6.11.6 or does 1.9.5 work? 1112646321 N * kevinp|gone kevinp 1112646349 M * Bertl kevinp: yep! 1112646361 M * Doener and yep ;) 1112646364 M * Bertl welcome prae! 1112646366 M * Doener i.e. both :) 1112646376 M * Bertl Doener: that's implicated by an 'or' 1112646378 M * prae hi :) 1112646452 M * Bertl Doener: what do you think of the kconfig feature? 1112646562 M * Doener hmm... that means: SECURITY_CAPABILITIES gets selected if CONFIG_SECURITY and CONFIG_VSERVER are selected? 1112646579 M * prae hmmmm, I install vservers into productions servers for a french registrar :) 1112646588 M * Doener s/VSERVER/VSERVER_SECURITY/ 1112646605 M * kevinp Do what's the link to the patch-2.6.11.6-vs1.9.6.diff? 1112646617 M * kevinp s/Do/So/ 1112646620 M * Bertl Doener: well, the first yes, the second isn't required (CONFIG_VSERVER) but that is on too 1112646631 M * Bertl (it is used for the config check) 1112646666 M * Bertl kevinp: latest experimental: http://vserver.13thfloor.at/Experimental/patch-2.6.11.6-vs1.9.5.6.diff.bz2 1112646680 M * Bertl 1.9.6 is not released yet ... 1112646701 M * kevinp ok, thanks 1112646727 M * Bertl Doener: the VSERVER_SECURITY forces the capabilites into the kernel 1112646839 M * Doener hmm... i'd go for: if CONFIG_VSERVER and CONFIG_SECURITY are selected, also select SECURITY_CAPABILITIES automatically, without an extra option... why would anyone want if to be disabled? it's evil enough if it is built modular... ;) 1112646888 M * Bertl no, you misinterpret it, there is no user visible option ;) 1112646907 M * Bertl i.e. it will not be queried at all ... 1112646918 M * Doener ah ok... i have no idea of that config stuff 1112646932 M * Bertl well, I'm learning but I had to ask too ;) 1112646937 M * Doener so that's just the way a constraint is defined, right? 1112646945 M * Bertl yeah 1112646952 M * Doener ok, that's fine then 1112646977 M * Doener wow, the ml is really active today =) 1112646986 M * Bertl yes, makes me happy ;) 1112647020 M * Doener maybe that's related to the fact that ola is involved? ;) 1112647063 M * Bertl of course ... 1112647080 M * Bertl so how does the vserver init do with the debug stuff? 1112647094 M * Doener sys_setsid(811f0020): pid=961, tgl=1, initpid=1 1112647094 M * Doener sys_setsid(811f0020) -- no EINVAL 1112647094 M * Doener sys_setsid(811f0020) -- ret=-1 1112647109 M * Doener (that's actually the failing vcontext) 1112647135 M * Bertl why is vcontext doing setsid anyway? 1112647159 M * Bertl and why isn't it thread group leader at that time? 1112647187 M * Doener don't know, yet... but it's within the synchronization stuff, so i expect that to be some daemonization 1112647211 M * Bertl hmm, no it is TGL, sorry ... missed that 1112647245 M * Doener it's also pgrp leader, and therefore fails 1112647277 M * Doener so it's probably missing a fork... 1112647282 M * Bertl okay, so basically enrico has to ignore the return value there, right? 1112647307 M * Doener AFAIK common practice is to simply fork() before setsid() 1112647340 M * Bertl or more precisely expect an EPERM 1112647349 A * Bertl *big lag* 1112647366 M * Bertl no fork would not be an option here 1112647385 M * Doener because we loose the pid then... 1112647389 M * Bertl the only thing once initpid is set he can do is exec 1112647408 M * Doener i've removed the checks, compiling now 1112647418 M * Bertl but in our case the setsid is useless anyway 1112647429 M * Bertl we do that for the init process now 1112647573 M * Doener hmm... compiling was quite ok inside qemu, installing takes ages 1112647583 M * Bertl interesting ... 1112647612 M * Bertl but probably disk I/O hasn't been optimized ... 1112647774 M * Doener ok, vserver starts without the checks and ps output as well as test program output is fine 1112647785 M * Doener host: 1112647788 M * Doener S 0 0 ? -1 0 0 0 1 0.0 init 1112647792 M * Doener vserver: 1112647795 M * Doener S 0 0 ? -1 0 0 0 1 0.6 init 1112648378 M * Bertl excellent! 1112648395 M * Bertl a small step for a man, but a huge leap for ... ;) 1112648475 M * ndim The Cause. 1112648502 M * Bertl evening ndim! 1112648509 M * ndim Hi. 1112648521 M * ndim Still no vserver running here :) 1112648610 M * Doener hmm... reboot inside a init-based vserver works 'sometimes' now... 1112648704 M * Doener doesn't work at all with 2.6.11.4-vs1.9.5-rc3 1112648769 M * Bertl Doener: hmm, sometimes means? 1112648808 M * Doener i've no idea... at first it seemed like: if i wait inside the context for my bash to be killed it works, otherwise it doesn't, but that proved to be wrong... 1112648841 M * Bertl what does the logging say? 1112648907 M * Doener nothing... so i guess init gets killed and never initiates the actual reboot 1112648937 M * Doener hm, maybe the 'working' reboots were just me, entering the vserver before it actually died 1112648942 M * Bertl ah, okay, that's possible ... you can check/work around that by protecting the init 1112648971 M * Bertl (another simple one file recompile patch ;) 1112648996 M * Doener hm, will init ever end then? 1112649014 M * Bertl I don't know but I guess init exits after the reboot ... 1112649032 M * Bertl the only issue for now is that vkill will not kill it either ;) 1112649054 M * Bertl but I can look into that ... I have some ideas regarding those issues 1112649236 M * Bertl hmm, there is a lot of init protection going on, actually ;) 1112649258 M * Bertl kernel/signal.c ~1892 1112649263 M * Bertl if (current->pid == 1) 1112649263 M * Bertl continue; 1112649287 M * Bertl change that to ((current->pid == 1) || vx_current_initpid(current->pid)) 1112649314 M * Bertl basically makes the init unkillable ... 1112649349 M * Bertl I'll look into a way to disable that for vkill 1112649376 M * Doener what was the qemu key-combo to write changes although -snapshot was given? 1112649391 M * Bertl try CTRL-A h 1112649404 M * Bertl IIRC it is 's' 1112649425 M * Doener ah, help :) 1112649431 M * Bertl ;) 1112649438 M * Snow-Man Bertl: Hey, found something interesting. 1112649444 M * Snow-Man Slab: 481328 kB 1112649452 M * Snow-Man That seems like it might be a bit much. 1112649468 M * Bertl hmm, well, yeah, could be ... 1112649486 M * Bertl Slab: 1160 kB 1112649487 M * Snow-Man MemTotal: 514416 kB 1112649506 M * Bertl but that's not on x86_64, right? 1112649507 M * Snow-Man MemFree: 10844 kB 1112649507 M * Snow-Man Buffers: 780 kB 1112649507 M * Snow-Man Cached: 9296 kB 1112649507 M * Snow-Man SwapCached: 6924 kB 1112649511 M * Snow-Man Active: 15052 kB 1112649511 M * Snow-Man Inactive: 2544 kB 1112649513 M * Snow-Man No, this one isn't. 1112649517 M * Snow-Man This is a regular x86 box. 1112649532 M * Snow-Man It's just got the older kernel that's actively being whacky. 1112649541 M * Bertl upload the output of cat /proc/slabinfo somewhere ... 1112649629 M * Snow-Man http://kenobi.snowman.net/~sfrost/slabinfo_output 1112649651 M * Snow-Man I didn't see anything really big in there... :/ 1112649694 M * Snow-Man Not that I really had any clue what I was looking at, but... :) 1112649711 M * Snow-Man Another interesting bit: 1112649711 M * Snow-Man LowTotal: 514416 kB 1112649711 M * Snow-Man LowFree: 6076 kB 1112649722 M * Snow-Man Mapped: 17244 kB 1112649729 M * Snow-Man I'm thinking that's not entirely healthy. :) 1112649802 M * Doener Bertl: that leaves me with the init process hanging around and keeping the vserver alive. thus it is not restarted ;) 1112649880 M * Bertl Doener: okay, but that's the first step, I guess 1112649892 M * Bertl if we now make vkill work on that, you should be fine, no? 1112649905 M * Bertl (i.e. vshelper _is_ called I hope?) 1112649930 M * Bertl Snow-Man: btw, did you read my email? 1112649937 M * Snow-Man Replying 1112649998 M * Snow-Man Bertl: I didn't get it working w/ dietlibc, but it works fine using glibc. 1112650008 M * Snow-Man And not working w/ dietlibc isn't a reason to drop it from Debian/amd64. 1112650059 M * Bertl ah, okay, I was just hoping for a working dietlibc on x86_64 ... 1112650067 M * Snow-Man nope, sorry. :) 1112650078 M * Snow-Man dietlibc doesn't interested me much. 1112650090 M * Snow-Man Bertl: Anyway, I think the craziness is fixed w/ a newer kernel. 1112650111 M * Snow-Man Bertl: Were you able to spot a culprit tho? 1112650228 M * Bertl well, I _know_ that I can not get dietlibc to build a working util-vserver on x86_64 :/ 1112650242 M * Bertl (not limited to debian, that is) 1112650255 M * Bertl and with the _latest_ kernels 1112650284 M * Bertl Snow-Man: well, it's a security matter (using glibc is insecure) 1112650293 M * Snow-Man Bertl: eh? 1112650306 M * Bertl unless you compile the tools static 1112650309 M * Snow-Man How's using glibc insecure? 1112650328 M * Snow-Man Which tools? 1112650337 M * Bertl because tools might pick up libraries from the guest 1112650359 M * Snow-Man erm. 1112650388 M * Snow-Man More reason not to use stupid shell scripts.. 1112650401 M * Bertl please send patches to the ml ;) 1112650403 M * Snow-Man How would they pick up libraries from the guest though? 1112650447 M * Bertl glibc does library loading all the time ... 1112650461 M * Snow-Man Sure it does, from LD_LIBRARY_PATH and ldconfig 1112650470 M * Snow-Man And LD_PRELOAD 1112650482 M * Bertl and when you change into the guest root? 1112650503 M * Snow-Man Once you're chroot'd you're going to be using local libraries, of course.. 1112650525 M * Bertl yeah, but probably for tools from 'outside' got it? 1112650529 M * Snow-Man If someone can overwrite those then they could overwrite whatever tools are being run too potentially. 1112650567 M * Snow-Man Once you're in a position to be using libraries inside the vserver you shouldn't be able to use libraries outside the vserver. 1112650596 M * Snow-Man Basically once you start running programs after you've chroot'd. 1112650746 M * Snow-Man heh, vcontext appears to be what does that, and that's a binary anyway. 1112650770 M * Bertl you have to ask enrico for the ugly details here ... 1112650778 M * Snow-Man Bertl: So, do you have an actual specific example of how glibc is unsafe or are you just assuming it is because it can load libraries? 1112650785 M * Snow-Man bleh. 1112650893 M * Bertl btw, a lot of small sized dma buffers (on your slabinfo) 1112650943 M * Snow-Man hmmm. 1112650984 M * Doener Bertl: yes, vshelper is called 1112651001 M * Snow-Man Yeah, I don't see as many on another system after being rebooted. 1112651009 M * Snow-Man I wonder what those could be from.. 1112651100 M * Snow-Man The numbers for them don't seem to be changing either, whereas on another system they change pretty frequently. 1112651117 M * Bertl maybe some leaking driver? 1112651131 M * Snow-Man probably, which has probably since been fixed... 1112651145 M * Snow-Man Odd though, it was happening on two different machines with very different hardware profiles.. 1112651159 M * Doener there were some leaks in some network driver(s?) some weeks ago IIRC 1112651170 M * Snow-Man hmmm, perhaps that was it. 1112651253 Q * DukeGangsta2 Quit: ( www.nnscript.de :: NoNameScript 3.81 :: www.XLhost.de ) 1112651273 M * Snow-Man The systems involved have intel and tg3 controllers. 1112651351 M * Bertl tg3 sounds like a good candidate ... always did ;) 1112651358 M * Snow-Man heh. 1112651386 M * Bertl Doener: testing something right now ... 1112651418 M * Snow-Man tg3's on the amd64 machines, intel's on the x86's. 1112651490 M * Doener hm, the one i meant were biovec leaks... 1112651497 M * Doener http://lkml.org/lkml/2005/2/7/272 1112651586 M * Doener ah... the thread went on... http://lkml.org/lkml/2005/2/15/298 1112651659 M * Bertl yep works ... 1112651671 M * Snow-Man Not using ndiswrapper here... 1112651682 M * Bertl Doener: http://vserver.13thfloor.at/Experimental/delta-vkill.diff 1112651706 M * Bertl you now can kill the otherwise protected init with a vkill to pid 1 1112651812 A * Bertl is now going to fix the x25 issues again ;) 1112651851 M * Doener Snow-Man: it's not been caused by ndiswrapper, it just triggers the issue more often... http://lkml.org/lkml/2005/2/16/193 ... unfortunately the thread seems to end without a result 1112651868 M * Snow-Man I see that. :/ 1112651901 M * Bertl well, you have to be optimistic -- better than we know, but we won#t fix it ... 1112652089 Q * erwan_ho Remote host closed the connection 1112652179 M * Bertl ahh, seems I removed the wrong init ;) 1112652222 M * Bertl (x25 related) 1112652241 M * Doener hm, how do i kill the init with vkill? 1112652277 M * Bertl I used my vkill with 'vkill -k 9 -p 1 -x 100' 1112652290 M * Doener yep, worked... 1112652319 M * Bertl that should probably be done in the reboot helper 1112652932 M * Bertl okay, x25 fix done, now to the vroot inclusion ... 1112652969 Q * prae Quit: Pwet 1112653766 J * muadda ~muadda@gar31-1-82-234-50-167.fbx.proxad.net 1112653810 M * Bertl welcome muadda! 1112653826 M * muadda Hello, I tried to "mount -o bind /something-on-the-host /var/lib/some-vserver/mnt/foo" from my host 1112653836 M * muadda Hello Bertl ! 1112653872 M * muadda On the host, it works 1112653883 M * muadda But on the vserver, /mnt/foo is void 1112653917 M * Bertl depends 'when' you do that ... and 'how' the vserver is configured 1112653952 M * muadda If I do that before the "vserver some-server start" ? 1112653968 M * Bertl then it should be visible inside 1112653990 M * muadda Bertl, thanks, I will try that ;) 1112654120 M * muadda Bertl, it is perfect, it works! thank you 1112654201 M * Bertl you're welcome! 1112654208 M * Doener muadda: for details see http://linux-vserver.org/Namespaces 1112654214 M * Bertl btw you can also add such mounts to the configuration of the vserver 1112654229 M * Bertl (in this case they will be mounted _only_ inside the vserver's namespace) 1112654235 M * muadda oh 1112654238 M * muadda cool 1112654269 M * Bertl yeah, cool stuff, btw, for what purpose do you use it, if I may ask? 1112654394 M * muadda Just testing now... but I wonder if I can give acces to my vserver to my friends to download/upload with scp 1112654681 Q * jd86 Read error: Connection reset by peer 1112654757 M * muadda Can I have something like "mount -o bind,ro" with namespaces? 1112654822 M * muadda vnamespace -e myvserver mount -o bind,ro /in-the-host /path/to/mount/point/ ? 1112654848 M * Bertl hehe, yes you can, but you need the BME patches 1112654870 M * Bertl the vanilla kernel is not able to do ro --bind mounts 1112654894 M * Bertl (well, it succeeds, but they are still rw after that ;) 1112654903 M * muadda oh, my kernel will be overpatched ! 1112654941 M * Bertl http://vserver.13thfloor.at/Experimental/FOR-1.9.6/delta-bme-feat01.diff 1112655064 M * muadda I have vs1.9.5, not 1.9.5.3... I hope the patch will apply 1112655088 M * Bertl yes, the FOR-1.9.6 are basically all ontop of 1.9.5 1112655145 M * Bertl if it doesn't apply cleanly (which I doubt) then you have to look at changes in the other patches there (see SEQ.info for sequence) 1112655181 M * Bertl fixes might be also interesting to you, btw 1112655227 M * muadda "patch --dry-run" says all will works 1112655233 M * muadda work 1112655240 M * Bertl that's a good sign ;) 1112655751 M * kevinp Bertl: what's the trick to get ext3 to work when recompiling the kernel? Does it need to be a module or something? I get a kernel panic on my new vanilla kernel... 1112655758 J * jd86 ~jim@ip68-9-97-23.ri.ri.cox.net 1112655768 M * Bertl welcome jd86! 1112655778 M * Bertl kevinp: I doubt that this is ext3 related ... 1112655793 M * kevinp oh, I thought I ran into this before... 1112655793 M * Bertl what is the distro kernel you used before? 1112655807 M * kevinp centos 4 1112655811 M * jd86 Bertl: feel pain for me. I had half of my chemistry lab report typed and my entire box just locked up. total lockup. .. i dont know if its the 2.6.11 kernel or what but i'm quite mad. 1112655826 M * Bertl redhat lookalike, right? 1112655832 M * kevinp right based of RHEL 1112655854 M * Bertl jd86: locked up in X? 1112655862 M * jd86 Bertl: whole box locked up. 1112655868 M * jd86 Bertl: but i was in X. 1112655869 M * Bertl kevinp: check for 'LABEL=' in the bootloader and such 1112655883 M * Bertl jd86: unreachable even via ssh? 1112655887 M * kevinp nope, took that out, boots fine off of orig kernel 1112655896 M * jd86 Bertl: first thing i tried. 1112655908 M * jd86 Bertl: there were kernel lockup problems with this kernel however it has yet to happen to me seriously. so>.. 1112655918 M * Bertl kevinp: okay, do you have the last few lines of the bootup? 1112655928 M * jd86 i have the worst headache and i'm like so sick too so getting what i got done was bad enough now doing it again is going to be painful 1112655952 M * kevinp I added jbd debugging and am in the middle of the make 1112655954 M * Bertl you use an edit which cannot recover? 1112655959 M * Bertl *editor 1112655984 M * Bertl kevinp: ext2/ext3 is compiled into the kernel? 1112655984 M * kevinp I'll write it down if it happens again with this one 1112656000 M * jd86 Bertl: i used OOo and i guess not 1112656005 M * kevinp yeah 1112656022 M * kevinp rebooting 1112656024 M * Bertl jd86: my vim does work with a swp file ... 1112656045 M * jd86 it needs to be very ver purdy with tables and shite 1112656058 M * Bertl latex does it quite fine ;) 1112656068 M * Doener hm OOo should also make temporary saves to recover stuff IIRC 1112656106 A * Doener .oO( even ms word does... ) 1112656175 M * Bertl jd86: of course I understand you do not want to draw extra attention to you by handing in a perfectly formated, nicely kerned report ... ;) 1112656204 A * Bertl always did ... 1112656233 M * jd86 Bertl: sadly i dont get what ur saying 1112656258 M * Bertl never mind ... it's insult to insury ... hope you can recover something ... 1112656337 M * kevinp Ok, Bertl, got the lines: 1112656345 M * kevinp Mounting root filesystem 1112656357 M * kevinp mount: error 19 mounting ext3 1112656367 M * kevinp mount: error 2 mounting none 1112656376 M * kevinp Switching to new root 1112656399 M * kevinp Switchroot: mount failed 22 1112656401 M * Bertl k, please upload you .config somewhere ... 1112656412 M * kevinp ok 1112656424 M * kevinp got a favorite pastebin? 1112656437 M * Bertl nope, but pastebin.com works 1112656445 M * muadda http://deadbeefbabe.org/paste/ 1112656461 M * muadda pastebin is slow sometimes 1112656501 M * Bertl hmm, indeed that one looks nice 1112656501 Q * muadda Quit: Leaving 1112656541 M * Bertl except for some stylesheet issues ;) 1112656848 M * kevinp is there any sections you want or all of it - and is there an easy way to paste all of it? 1112656906 M * Bertl all of it please ... 1112657421 M * kevinp http://deadbeefbabe.org/paste/214 1112657435 M * kevinp I think that's all of it 1112657459 M * kevinp Remember I'm new at this recompiling the kernel thing - so don't laugh to hard if it's a mess 1112657464 M * kevinp s/to/too 1112657478 M * Bertl (look at the topic ;) 1112657496 M * kevinp so true 1112657543 M * kevinp by the way, this is SATA on a 3ware card, maybe there are specifc drivers for that? 1112657544 M * Bertl ide, scsi, sata? 1112657550 M * kevinp :) 1112657701 M * Bertl you probably want this in the kernel too: 1112657702 M * Bertl CONFIG_BLK_DEV_SD=m 1112657709 M * Bertl CONFIG_SCSI=m 1112657753 M * Bertl and I don't see the 3ware driver ... 1112657803 M * kevinp ok, I'll look for it 1112657819 M * Bertl ah, your 3ware drivers are modules too 1112657825 M * Bertl CONFIG_BLK_DEV_3W_XXXX_RAID=m 1112657830 M * Bertl CONFIG_SCSI_3W_9XXX=m 1112657836 M * kevinp I may have screwed up my last paste, I increased my buffer and did it again here: http://deadbeefbabe.org/paste/215 1112657856 M * Bertl so either you have a good initrd with all those drivers or the fs will not be mounted 1112657914 M * kevinp which means that I need to trim the fat, get rid of all the extra stuff enabled by default? 1112657958 M * Bertl I would advise to compile in the 'essential' things (not as modules) 1112657958 M * kevinp Is it possible to convert my orig kernel to this kernel and add the vserver options to it? 1112657978 M * kevinp oh, okay, I understand 1112657979 M * Bertl yes, but I guess your 'original' kernel is bloated++ 1112657992 M * kevinp so no better, okay 1112658001 M * kevinp I'll change my drivers to compiled in 1112658004 M * Bertl so I would not suggest that ... but you can do the following: 1112658010 M * kevinp instead of modules right? 1112658023 M * Bertl use lsmod on your current kernel to figure all the drivers needed 1112658029 M * kevinp ok 1112658037 M * Bertl maybe have a look at lspci output too ... 1112658077 M * kevinp http://deadbeefbabe.org/paste/216 1112658104 M * kevinp http://deadbeefbabe.org/paste/217 1112658176 M * Bertl is there something connected to the scsi controller? 1112658187 M * Bertl the FUSION-MPT 1112658193 M * kevinp yeah, I put a 9 GB scsi drive on there for swap 1112658237 M * Bertl okay, so you want that compiled in too ... 1112658253 M * kevinp this is the same box I was going to build before, but my scsi raid card died before I could really use it and now I'm using this sata raid card 1112658257 M * Bertl select the serverworks where applicable ... 1112658269 M * kevinp I'll give it a try 1112658275 M * Bertl make sure to compile e1000 (can be as module) 1112658282 M * kevinp Is it best to use make menuconfig? 1112658291 M * Bertl make menuconfig is a good start 1112658330 M * Bertl (will use the defaults if there is no .config) 1112658724 M * kevinp ok, got the four you mentioned, plus the fusion mpt, any other recommendations? 1112658753 M * Bertl of couse, scsi disk support (you'll need that) 1112658765 M * Bertl and the filesystems you want ext2/ext3 1112658788 M * kevinp was that the CONFIG_BLK_DEV_SD=m and CONFIG_SCSI=m? 1112658803 M * Bertl yep, but not as modules, right into the kernel 1112658818 M * kevinp right 1112658837 M * kevinp what else needed to happen on the ext2/ext3? 1112658866 M * Bertl compile them into the kernel too, enable extended attributes, no need for ACL IMHO 1112658939 M * kevinp POSIX Access Control Lists? 1112658949 M * Bertl that's ACL 1112658965 M * kevinp what about JBD (ext3) debugging support ? 1112658978 M * Bertl usually you do not need that ... 1112658987 M * kevinp ok 1112659011 M * kevinp I'm going to try it out 1112659039 M * kevinp this is with 1.9.6 by the way 1112659046 M * Bertl no way! 1112659050 M * kevinp what? 1112659060 M * Bertl not released yet, I'd know ... 1112659067 M * kevinp you need someone to test it don't you? 1112659082 M * Bertl sure, but no way to have 1.9.6 yet ;) 1112659090 M * kevinp *experimental* 1112659118 M * kevinp sorry - vs1.9.5.6 1112659124 M * Bertl :)