1114646412 N * ciphernaut_zz ciphernaut 1114646424 M * Bertl morning ciphernaut! 1114646554 M * ciphernaut morning Bertl 1114646688 Q * berni jupiter.oftc.net plasma.oftc.net 1114646688 Q * aba jupiter.oftc.net plasma.oftc.net 1114646760 J * berni ~berni@svr01.mucip.net 1114646760 J * aba ~aba@sol.turmzimmer.net 1114652239 J * Doener__ ~doener@p54876E46.dip.t-dialin.net 1114652661 Q * Doener_ Ping timeout: 480 seconds 1114654845 M * mugwump Bertl: I'm not an Oracle "expert" :) but I do know how to do sequences 1114654856 M * Bertl good to hear! 1114654879 M * mugwump but you can't use them to make auto_increment columns like in Pg/mysql/etc, afai 1114654882 M * mugwump k 1114654902 M * Bertl hmm, okay, so no 'serial' type then? 1114654917 M * Bertl can the sequences be used to generate 'default' values? 1114654972 M * mugwump so, the sequence is independant of the table 1114654985 M * Bertl well, that's the same for psql 1114654989 M * Bertl *pgsql even 1114654997 M * mugwump you go CREATE SEQUENCE foo; SELECT foo.nextval ...; 1114655026 M * mugwump or INSERT INTO bar (id,baz) VALUES (foo.nextval, "frop"); 1114655033 M * Bertl so can you do a table with blabla default SELECT foo.nextval ... ? 1114655050 M * mugwump that's an interesting idea, I don't know tbh 1114655056 M * mugwump you might need to use a trigger, like you say 1114655073 M * mugwump either way, you won't be able to get the last_insert_id... 1114655075 M * Bertl yeah, well, I _know_ it works with a trigger, but that's somewhat overkill IMHO 1114655080 M * mugwump for sure 1114655191 M * mugwump doesn't look like you can do anything complex with a default value 1114655325 M * Bertl guess that's a feature then ... 1114655366 M * mugwump heh 1114655412 M * mugwump yeah, don't want people making these things automatic. They need to learn about sequences 1114655445 M * Bertl I see, and once they learned it, they have to do it by hand every time, so they just don't forget ;) 1114655445 M * mugwump How else are they going to write insert transactions that don't contend with each other for the next ID? 1114655480 M * Bertl btw, is there a 'smart' client for oracle, which has command completion and history? 1114655484 M * mugwump dbish 1114655500 M * mugwump er, don't know about the command completion a la mysql 1114655509 M * mugwump hmm, no it doesn't have that 1114655528 M * mugwump (dbish is in the DBI::Shell module, which assumes you have Perl and DBD::Oracle etc) 1114655544 M * mugwump I think it's even bundled with older DBI.pm's 1114655556 M * Bertl okay, thanks again for the info ... 1114655566 M * mugwump Otherwise, there's tora, which is a TOAD clone 1114655581 M * Bertl cloned toads? 1114655602 M * mugwump sure. This is the 21st century! 1114655612 M * Bertl yeah, after dolly ... 1114655638 M * mugwump tora works with oracle, or Pg/mysql (via kde's DB abstraction layer, though I could never get that to work) 1114655650 M * Bertl eek - kde ;) 1114655654 M * mugwump yeah 1114655696 M * mugwump I can never be bothered waiting for it to load, and it does have a nasty habit of segfaulting on my system. I have to start it with LD_ASSUME_KERNEL=2.4.26 for some reason 1114655721 M * mugwump but hey, it's got lots of gui clicky buttons 1114655727 M * mugwump and a schema browser 1114655749 M * mugwump and you can "explain" queries without a mammoth query to find out their (predicted) cost 1114655766 M * Bertl explain itself doesn't do that on oracle? 1114655807 M * mugwump no, but its equivalent gives you much more useful information for tuning queries 1114655969 M * mugwump ie, it returns heirarchical information which it inserts into a table. then you use a recursive query to explain it 1114655976 M * mugwump s/explain/display/ 1114662586 Q * flock Remote host closed the connection 1114664652 M * Doener__ morning folks... *yawns* 1114664901 M * Bertl morning Doener__! 1114664906 M * mugwump hey there 1114665182 M * Doener__ anything important i missed? 1114665207 M * Bertl tons of ... especially my patches so far ;) 1114665608 M * Doener__ FOR-2.0 i guess? (reading ml atm) 1114665643 M * Bertl yup, mostly cleanups, except for the comp32 stuff 1114665664 M * Bertl (which will get another cleanup soon) 1114666174 M * Doener__ ok, the cleanups are fine ;) 1114666391 M * Bertl glad to hear ... 1114666891 M * Bertl Doener__: if you find some time, have a look at the LKML thread 'Re: [PATCH] private mounts' 1114666941 M * Doener__ is that about those mount trees that are not attached to the 'main' mount tree? 1114666983 M * Bertl yes, and no, I found the chroot into /proc/NNN/root interesting ... 1114667029 M * Doener__ ah... just 208 messages... 1114667075 M * Doener__ is there a service that has such stuff available as a mbox? 1114667173 M * Bertl hmm, not that I know of .. but very likely I'd say ... 1114667278 M * romke morning, ugh, barbarian hour, 7AM, wrr 1114667491 M * Bertl yeah, right .. have to make me some breakfast and go to bed soon ... 1114667514 A * Bertl is just waiting for a test compile to finish ... 1114668054 A * romke just woke up 1114668136 M * romke forunatelly my fiancee did some breakfast, yummy 1114668354 A * Doener__ loves reading mail from viro ;) 1114668381 M * DaPhreak haha, yeah "This is not how we do stuff" type of mail ;) 1114668390 M * Bertl yeah, he definitely is a 'funny' guy ... I like his mails too ;) 1114668415 M * Doener__ counting the word "hell" in his mails i have to assume he's a doom3 addict ;) 1114668577 M * romke Bertl: /usr/sbin/chcontext: line 175: test: : integer expression expected 1114668606 M * romke Bertl: tools 204 with chcontext-dynamic-fix.diff 1114668610 M * Doener__ romke: util-vserver version? 1114668627 M * romke without fix it wouldn't work at all 1114668631 M * Doener__ hmm... do the 204 tools need that fix? 1114668665 M * romke imho this fix should also add else to that "if" 1114668680 M * romke else\n rc=0\n fi 1114668716 M * romke Doener__: with that fix it does work, but gives this stupid error 1114668747 M * Doener__ romke: that if has an "else\n rc=254\n fi" in .205 ... 1114668812 M * Doener__ the patch is not suitable for .204 I'd say.. 1114668839 M * Bertl romke: why do you try to fix/patch the 204 tools? 1114668857 M * Doener__ romke: what's the error you get _without_ the patch? 1114668864 M * romke because chcontext doesn't work without it 1114668880 M * Bertl well, why not take the 206 ones? 1114668907 M * romke vcontext: vc_create_context(): Invalid argument 1114668934 M * Bertl that's with 206 + patch? 1114668969 M * Doener__ romke: what command did you use? 1114668973 M * romke Bertl: 206 wont compile on my machine, it gives some errors bout kernelspace headers in sources, i didn't have time to fix it or even repport 1114669004 M * romke Doener__: chcontext --ctx 1 ps aux 1114669026 M * Doener__ kernel version? 1114669045 M * romke 2.6.11.7 + vs1.9.5 1114669073 M * Bertl romke: strange ... 1114669093 M * romke Bertl: I know 1114669096 M * Bertl romke: what distro? 1114669100 M * romke PLD 1114669108 M * Bertl something rpm based? 1114669114 M * romke yes 1114669114 M * Doener__ Bertl: not that strange... 1114669135 M * romke but kernel and tools i did myself 1114669141 M * Doener__ we changed the return values when we tried to fix the old tools IIRC 1114669144 M * romke s/did/build/ 1114669160 M * Doener__ .204 expects to get EEXIST, not EINVAL 1114669182 M * Doener__ let me check what we said about that back then... 1114669271 M * romke :> 1114669314 M * Bertl romke: could you give the following rpm a spin? 1114669315 M * Bertl http://vserver.13thfloor.at/Experimental/MDK/util-vserver-0.30.206-1mdk.src.rpm 1114669335 M * Bertl you might need to override the dependancies ... 1114669356 M * Bertl and if you do not have a working dietlibc yet, use that one: 1114669360 M * Bertl http://vserver.13thfloor.at/Experimental/MDK/dietlibc-0.28-1.src.rpm 1114669391 M * romke Bertl: (I have been warned and I don't use dietlibc :P) 1114669433 M * Doener__ http://vserver.13thfloor.at/Experimental/FOR-1.9.5/delta-create_info-feat05.diff 1114669461 M * Doener__ there we made the attempt to create ctx 1 return -EINVAL 1114669476 M * Bertl romke: you should use it ;) 1114669592 M * Bertl Doener__: btw, I filed some bug reports and feature requests to savannah/util-vserver .. if you know of any issues which are not already filed there, please do so ... 1114669609 M * Bertl (means, enrico asked me to add them there ;) 1114669668 M * Doener__ romke: do you have by chance CONFIG_VSERVER_LEGACY disabled? 1114669731 M * Doener__ IIRC (and telling from the code) .205 are the first tools to support that being disabled... 1114669772 M * romke http://procyon.romke.net/~romke/dev/util-vserver-0.30.206-configure.log 1114669774 M * romke http://procyon.romke.net/~romke/dev/util-vserver-0.30.206-make.log 1114669810 M * Doener__ Bertl: VCMD_ctx_create has a special check for xid==1 when CONFIG_VSERVER_LEGACY is enabled... 1114669853 M * Bertl yup 1114669896 M * Bertl romke: please try with the dietlibc 1114669987 M * Bertl btw, which package provides the /usr/include/linux/* stuff ? 1114670136 M * romke Doener__: CONFIG_VSERVER_LEGACY=n 1114670142 M * romke Doener__: good guess 1114670158 M * Doener__ well, an educated guess it was ;) 1114670167 M * Doener__ either enable that or get .205+ 1114670237 M * romke Bertl: rpm -q --whatprovides /usr/src/linux-2.6.11.7 => kernel-headers-2.6.11.7-1.2v 1114670260 M * Bertl ahem? /usr/src/linux-2.6.11.7? 1114670277 M * Bertl I was asking about /usr/include/linux/ 1114670355 M * Bertl but this is probably something I have to add to my todo list anyways (should not require spinlock.h in dlimit.h ... well, didn't know we do actually ... 1114670392 M * romke ugh, sorry, checking 1114670420 M * Bertl yeah, funny, didn't notice that before ... 1114670421 M * romke Bertl: linux-libc-headers-2.6.11.1-1 1114670457 M * Bertl okay, romke, check the kernel/dlimit.h file in the tools (extract the tar) 1114670470 M * Bertl and move the #include 1114670477 M * Bertl down until right after the ... 1114670480 M * Bertl #ifdef __KERNEL__ 1114670547 M * romke ok, moved, making 1114670761 M * romke Bertl: it works, great :> 1114670806 M * Bertl okay, I will fix this in the kernel includes, and send a note to enrico to pick up the changes in the next release 1114670860 M * Bertl seems PLD does actually clean up the kernel headers (at least somewhat) 1114670889 M * romke Bertl: i'm adding patches to our util-vserver.spec ;P 1114670916 M * Bertl for 206 this is fine, for the next release it should not be required ... 1114670946 M * Bertl btw, did the dietlibc build fine for you? 1114671087 M * romke Bertl: nope, still on glibc :P 1114671143 M * romke Bertl: currently not having enough time to play with dietlibc, moving my hosting servers to Vien :P 1114671153 N * ciphernaut ciphernaut_zz 1114671233 M * Doener__ Bertl: PLD? 1114671270 M * Bertl well, you really should use the dietlibc, I already observed a bunch of 'strange' effects on fc2 (while testing) which completely disappeared with the dietlibc build ... 1114671270 M * romke Doener__: PLD? 1114671305 M * Bertl Doener__: hmm? Programmable Logic Device ;) 1114671309 M * romke Doener__: http://www.pld-linux.org/ 1114671369 M * Bertl okay, I'm off to bed now ... have fun! 1114671370 M * romke Bertl: recursive acronyms are in fashion :P 1114671380 A * Doener__ didn't expect a programmable logic device to cleanup linux kernel headers... ;) 1114671398 M * romke Bertl: before that P stood for Polish :P 1114671405 M * Bertl always expect the unexpected! 1114671409 M * romke Doener__: rotfl 1114671423 M * romke Like Spanish Inquisition :P 1114671429 M * Bertl yes, indeed! 1114671441 M * Bertl night everyone! 1114671446 N * Bertl Bertl_zZ 1114671453 M * Doener__ night Bertl_zZ 1114671556 M * romke nite Bertl 1114673408 M * Doener__ Bertl_zZ: hm, that chroot /proc/NNN/root thing doesn't work... the procfs code checks for namespaces being the same 1114676418 N * sladen_ sladen 1114678839 J * martijn ~martijn@213-136-25-234.adsl.bit.nl 1114684179 M * kalou_ Is there a patch to change /proc/kmsg, so that klogd would be able to open it, but read nothing but nulls ? 1114684477 M * kalou_ looking at vproc, might do the trick 1114684668 M * kalou_ hmm. ok, according to http://www.linux-vserver.org/Proc-Security, setattr - - ~hide /proc/loadavg should hide the file for any context but 0 and 1 1114684696 M * kalou_ unfortunatelly, all I can get is a "Invalid option --~hide". 1114685011 M * romke kalou_: setattr on host system of course? 1114685021 M * kalou_ yep romke :) 1114685040 M * DaCa maybe you need more recent tools? 1114685052 M * romke kalou_: which version of tools ? 1114685060 M * kalou_ vserver utils 0.30 1114685140 M * kalou_ seems to be a link to showattr 1114685142 M * romke kalou_: try more recent ;P 1114685147 M * kalou_ ok 1114685222 M * romke kalou_: which kernel and vserver patch? 1114685272 M * meebey is it ok to let a special program run in context 1? 1114685280 M * meebey like a server process watcher 1114685676 M * kalou_ meebey, what's "watcher" doing ? 1114685793 M * meebey checking if certain processes are running, and also maybe stop special things 1114685800 M * meebey but I am not sure if that context 1 is allowed to change anything 1114685818 M * meebey maybe I need to add chcontext calls in my watcher program 1114685908 M * kalou_ context 1 can see every process on all the vservers and the host server 1114685984 M * meebey I know 1114685991 M * meebey but is he allowed to change anything? 1114685996 M * meebey kill process for example 1114685999 M * kalou_ but does not seem to be able to kill a process from there, just tried 1114686003 M * meebey ah ic 1114686009 M * meebey so its just a monitor context 1114686093 M * Doener right 1114686168 M * Doener but you could, for example, have two processes... one in context 0, one in context 1 and have a pipe between them... 1114686208 M * Doener the process in context 1 watches and tells the process in context 0 that XXX should be killed... 1114686270 M * meebey using chctx should be easier 1114687002 Q * kalou_ Read error: Connection reset by peer 1114687709 J * knoppix_ ~knoppix@dsl-082-082-080-215.arcor-ip.net 1114690056 Q * DaCa Ping timeout: 480 seconds 1114691127 J * virtuoso_ ~s0t0na@80.253.205.251 1114691128 Q * virtuoso Read error: Connection reset by peer 1114694657 J * DaCa ~danny@mail.limehouse.org 1114694664 M * Doener__ wb DaCa 1114694675 M * DaCa tx Doener__ 1114695127 J * erwan_taf ~erwan@choeur.l3m.univ-mrs.fr 1114695251 J * Tbery ~tb@pha-84-242-95-4.nat.karneval.cz 1114695582 M * Tbery I have troble with new patch and running samba.. 1114697110 Q * knoppix_ Quit: Verlassend 1114697872 Q * erwan_taf Ping timeout: 480 seconds 1114698069 Q * ruuth Quit: Nettalk6 der Freeware IRC-Client 1114698130 J * wurd ~kvlt@modemcable157.235-201-24.mc.videotron.ca 1114698316 N * Bertl_zZ Bertl 1114698324 M * Bertl morning folks! 1114698329 M * Tbery Bertl, Hi 1114698384 M * Tbery Bertl, with new patch sudo working but samba not... 1114698438 M * Bertl well, samba is a special beast, you want to run a server in the guest? 1114698464 M * Tbery yes.. 1114698511 M * Bertl samba uses broadcasts and other stuff, you probably have to 'assign' the broadcast ip to the guest too 1114698548 M * Bertl there should be a section in 'problematic programs' iirc 1114698845 M * wurd i have fc3, and a vserver on it, could i install, for example, mandrake on the vserver? 1114698859 M * Bertl yes, that should work fine ... 1114698879 M * wurd how should i proceed? 1114698906 M * Bertl basically you have three 'sane' options and a few others 1114698932 M * Bertl - find an apt/yum repository for the MDK of your choice, and just install from there 1114698948 M * Bertl - collect the RPMs required to install it and use the rpm-list method 1114698986 M * Bertl - install it on an empty partition or within an emulator and copy/tweak the image to work as guest 1114699328 M * Bertl Doener__: still around? 1114699389 M * Doener__ yep 1114699505 M * Bertl do we have any 'open' issues in the kernel? 1114699559 M * Bertl the mask_caps are not done, but more a feature than anything else 1114699597 M * Bertl token bucket per cpu is definitely post 2.0 1114699617 M * Bertl ipc limits are not verified but they 'seem' fine ... 1114699642 M * Bertl 32bit compat should be done with a little cleanup still in my queue ... 1114699679 M * Bertl ah, does the klogd work for you (with the syslog virtualization)? 1114699794 M * Bertl I'm going to do some decent cross compiling today .. so that we can look through the various 'issues' popping up ... 1114699952 M * Doener__ hm, let me check if i got any vserver with klogd... 1114700038 M * Doener__ ah, i got one to play around with... 1114700051 M * Bertl excellent ... 1114700327 Q * grecea Remote host closed the connection 1114700356 M * Doener__ strace at http://www.13thfloor.at/~doener/vserver/ 1114700377 M * Doener (with -ffF ...) 1114700397 A * Doener__ .oO( i should decide which client i use... ) 1114700397 M * Bertl ff makes sense? 1114700421 M * Doener__ in conjunction with -o, yes ;) separate files for each process 1114700483 M * Bertl hmm .. looks like it read it's pid from the pidfile and killed itself? 1114700526 M * Bertl could you start it with klogd -d maybe? 1114700619 M * Doener it didn't kill itself, i removed the pidfile and now that part is simply gone. the child still segfaults immediately 1114700633 M * Doener -d doesn't change anything 1114700644 Q * Doener__ Quit: leaving 1114700660 M * Bertl interesting ... 1114700693 M * Bertl btw, the issues gilles is experiencing are very strange ... what do you think? 1114700714 M * Bertl ad segfault, look for dmesg/kernel messages on the host (stack trace, etc) 1114700762 M * Doener ah, yeah... got some... 1114700791 M * Doener i'll try in qemu (debugging is disabled on my box...) 1114700806 M * Bertl k 1114700846 M * Doener regarding gilles, i got no idea... 1114700898 M * Bertl I'm still inclined to think it has something to do with processes communication/locking/etc across the isolation 1114701449 J * grecea ~grecea@h-195-22-237-74.mdl.net 1114701455 M * Bertl welcome grecea! 1114701560 M * kevinp Hi Bertl! 1114701581 M * kevinp Been a few days, looks like you have a 2.0pre2? 1114701599 M * Bertl yup, and pre3 is coming soon ... 1114701619 M * kevinp cool, need any testing on pre2 or want me to wait for pre3? 1114701642 M * Bertl testing is _alwys_ appreciated ... 1114701659 M * Bertl what kind of hardware do you have/use? 1114701682 M * Doener Bertl: hm, this is funny :) 1114701698 M * Doener i have a vserver without any assigned ip addresses, i.e. "ip a" output is empty 1114701708 M * Doener still i can access networking... 1114701730 M * Bertl maybe it has assigned 0.0.0.0 ? 1114701746 M * Bertl IIRC we wanted to fix something there ... 1114701753 M * kevinp Bertl: xeon 2.4, 2 GB RAM, sata raid 1114701789 M * Bertl you could have a look at the IPC isolation/accounting/limits if you like? 1114701881 M * kevinp hmm, might be beyond my level of understanding... 1114701922 M * Bertl no, it's quite simple ... 1114701926 M * kevinp I can test the klogd startup issue if that is fixed? 1114701937 M * kevinp okay, I'm willing to try 1114701966 M * kevinp I really need to get into the accounting and limits anyway 1114702033 M * Bertl # chcontext --xid 100 sleep 1000 & 1114702040 M * Bertl # tail -2 /proc/virtual/100/limit 1114702044 M * Bertl MSGQ: 0 0 -1 0 1114702044 M * Bertl SHM: 0 0 -1 0 1114702066 M * Bertl this for example are the currently visible limits for IPC 1114702077 M * Bertl shared memory and msg queues 1114702125 M * kevinp hmm, the columns going across? 1114702160 M * Bertl first on current, second one max observed, third one limit, last one hits (of the limit) 1114702177 M * kevinp ok, sounds good. I need to get the pre2 compile going 1114702311 M * Bertl while it is compiling, you can look for some tools (small test code) to use msq or shm 1114702543 M * Bertl http://grace.evergreen.edu/~sherri/sos/concurrency/secondEdition/chap15/sharedmemsum.c (example) 1114702785 M * kevinp ok, sure wish I had stayed in the cs degree when I was in school, sure would helped at times like this :) 1114702896 M * Bertl well, I guess there are some tools (i.e. posix compliance test suites and such) which do the testing ... 1114702920 M * Bertl you probably have to google a little for that ... 1114702946 M * kevinp remind me how to compile this sharedmemsum.c? 1114702973 M * Bertl it was just an example, you could 'reuse' the code there ... if you want tow rite something on your own ... 1114702985 M * Bertl http://posixtest.sourceforge.net/ 1114703040 M * kevinp ahh, okay, I'll take a look at this instead 1114703121 M * Doener http://www.13thfloor.at/~doener/vserver/bugs 1114703209 M * Bertl can you run the stack traces through ksymoops? 1114703243 M * Bertl looks like we do a current-> where we should not? 1114703643 Q * atsab Read error: Connection reset by peer 1114703734 J * atsab ~as@lotes.vtu.lt 1114703767 M * Doener hm.. i don't get any line numbers... 1114703854 M * Doener ksymoops -v ~/src/kernel/build/linux-2.6.12-rc3-vs2.0pre2-qemu/vmlinux -L -K -O -m ~/src/kernel/build/linux-2.6.12-rc3-vs2.0pre2-qemu/System.map < ~/bug1 1114703859 M * Doener should be fine, right? 1114703877 M * Bertl well, if you have debug info compiled in, yes ;) 1114703894 M * Bertl (and IIRC verbose debug too) 1114703943 M * Doener hm, verbose is off... rebuilding... 1114703954 Q * grecea Remote host closed the connection 1114704797 Q * martijn Ping timeout: 480 seconds 1114704968 M * Doener hm, the bug messages only appear when i strace the process with -fF (probably -f, too) not with plain klogd or "strace klogd"... 1114705042 M * Bertl interesting, maybe a kernel bug? 1114705128 M * Doener still no line numbers... 1114705191 M * Doener updated bugs 1114705247 M * Bertl okay, let's try the following: 1114705258 M * Bertl addr2line -e vmlinux 801ed81a 1114705314 M * Doener lib/kernel_lock.c:58 1114706371 M * Bertl okay, that's the final oops .. let's try to go up on the stack ... 1114706421 M * Doener hm? final oops starts with 80115ea8 1114706547 M * Bertl http://vserver.13thfloor.at/Experimental/TOOLS/stack2line 1114706563 M * Bertl stack2line vmlinux 1114706582 M * Bertl (then pipe/paste in the stack part) 1114706874 M * Bertl interesting part is I have both PREEMPT and PREEMPT debug on here but I don't see the oopses you have ... 1114706938 M * Bertl ahh, that's 2.6.12-rc3 .. hmm hmm ... 1114706981 M * Doener i can try with 2.6.11.7 too... 1114707002 M * Bertl would be great, so we can narrow down it a little ... 1114707015 M * Bertl s/down it/it down/ 1114707137 M * Doener bugs updated... 1114707187 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il 1114707195 M * Bertl welcome flock! 1114707278 M * Bertl Doener: what's at line 612 in your kernel/printk.c ? 1114707316 M * Doener printed_len += 3; 1114707335 M * Doener in vprintk 1114707356 M * Doener hm, guess some context can't hurt ;) 1114707358 M * Doener } 1114707359 M * Doener printed_len += 3; 1114707359 M * Doener } 1114707359 M * Doener log_level_unknown = 0; 1114707401 J * atsab_ ~as@lotes.vtu.lt 1114707405 M * Bertl Doener: hmm, don't have this kind of code here ... 1114707438 M * Bertl welcome atsab_ 1114707539 M * DaCa atsab: could it be your realname got truncated? 1114707599 Q * flock Remote host closed the connection 1114707647 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il 1114707691 M * Doener Bertl: ok, it's a bug in my port... (or -rc3) 1114707702 J * atsab__ ~as@lotes.vtu.lt 1114707712 M * Doener trace now says: 1114707719 M * Doener open("/proc/kmsg", O_RDONLY|O_LARGEFILE) = -1 EPERM (Operation not permitted) 1114707720 M * Doener write(2, "klogd: Cannot open proc file sys"..., 66) = -1 EBADF (Bad file descriptor) 1114707720 M * Doener syslog(0x7, 0, 0) = -1 EPERM (Operation not permitted) 1114707801 M * Bertl hmm .. and with CAP_SYS_ADMIN ? 1114707826 Q * atsab Ping timeout: 480 seconds 1114707886 M * Doener that works... klogd is running 'normal', i.e. without 99.9% cpu usage 1114707899 M * Doener got to go now, gf arrived :) 1114707901 M * Doener back later... 1114707902 M * Bertl okay, so we have to add that, probably as ccap? 1114707910 M * Bertl okay, send greetings! cya! 1114707925 M * Doener guess a ccap would be fine 1114707929 N * Doener Doener|gone 1114708052 Q * atsab_ Ping timeout: 480 seconds 1114708258 Q * flock Remote host closed the connection 1114708277 M * Bertl kevinp: do you need anything, atm? 1114708391 M * kevinp nope, just booting into the new kernel 1114708413 M * kevinp had some other stuff I had to do as well 1114708426 M * Bertl hey, no problem, just asking ;) 1114708557 M * kevinp so on the klogd is that something that should/needs to be fixed, or should I remove it from trying to start on my vservers? 1114708577 M * kevinp s/start/start & stop/ 1114708629 M * Bertl that will be fixed in pre3 (with a syslog ccap) 1114708639 M * kevinp ok 1114709210 M * wurd Bertl , so i need a repository for apt or yum that contains the whole mandrake installation ? 1114709226 M * wurd (for installing mandrake on a vserver) 1114709245 M * Bertl well, that's one option ... 1114709305 M * wurd the two other options seem more complicated 1114709328 M * wurd (this could be because i dont really understand them though) 1114709465 M * Bertl do you have an apt/yum repository for mandrake? 1114709581 M * wurd is this what i want? http://mirrors.usc.edu/pub/yum-repository/mandrake/10.1/ 1114709595 M * Bertl yup looks good ... 1114709610 M * wurd so this contains everything needed for a mandrake installation ? 1114709617 M * Bertl I hope so ... 1114709637 M * wurd i'll be able to graphically use mandrake on the vserver? 1114709672 M * Bertl define graphically ;) 1114709681 M * wurd with a gui, not command-line 1114709704 M * Bertl sure, guis are not bound to hardware ... 1114709719 M * wurd how will i be able to use mandrake's gui ? 1114709744 M * wurd (my vserver's gui) 1114709828 M * Bertl depends, but for example via ssh or via xdmcp or even via vnc would be good options 1114709868 M * wurd yeah vnc could work 1114709887 M * wurd but i didnt know you could use ssh for accessing to a gui 1114709908 M * Bertl well, if you ssh somewhere and there start xterm, what happens? 1114709928 M * wurd dont know, never tried :) 1114709940 M * wurd its just like vnc ? 1114709972 M * Bertl well, it's called x forwarding ... 1114709992 M * wurd oh 1114710012 M * wurd changing the DISPLAY variable ? 1114710043 M * DaCa you probably want ssh -X as most sane distri will disable X forwarding by default 1114710103 M * Bertl DaCa: are you talking about debian? 1114710126 M * DaCa Bertl: not in particular but its one of them :) 1114710138 M * Bertl aha, what are the others? 1114710168 M * wurd Bertl , does "x forwarding" consists in changing the value of the DISPLAY variable to an IP ? 1114710196 M * Bertl well, yes this and the xauth as well as a port forwarding via ssh 1114710206 M * wurd ok 1114710220 M * kevinp DaCa, I wondered why that stopped working when I moved of RH8! :) 1114710240 M * kevinp But obviously not enough to look into it! :) 1114710245 M * DaCa Bertl: I dont use other linux distri, but for example the BSD's disable it too 1114710261 M * kevinp looks like FC3 disables it 1114710278 M * Bertl DaCa: aha, so you are jumping to conclusions, right? 1114710297 M * Bertl debian does it -> it must be sane -> all sane distros do it ;) 1114710303 M * kevinp lol 1114710330 M * kevinp Bertl: I ran that POSIX test suite and everything failed! :) Must have something wrong... 1114710331 M * Bertl DaCa: now leaving the distro issue aside, why would it be sane to do it at all? 1114710340 M * DaCa Bertl: by enabling it, you are actually giving root at the destination access to your display hardware, thus it makes sense at the very least, and afair the openssh manpages warn you about that too 1114710396 M * kevinp Bertl: running the same test in the host gives a lot more passes 1114710412 M * Bertl interesting ... could you upload the results? 1114710428 M * Bertl and have a look at the limits, if they account some interesting stuff ... 1114710443 M * kevinp working on it 1114710506 M * Bertl DaCa: okay, that's an argument, if you do not trust the remote systems admin ... 1114710553 M * daniel_hozac i thought ssh -Y was the new default in upstream. 1114710683 M * daniel_hozac or, well, -X got a new meaning and -Y got the old one. 1114710815 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il 1114710877 M * wurd Bertl what do i do now that i found a repository for mdk 1114711055 M * Bertl /etc/vservers/.distributions/ 1114711084 M * Bertl you have to create an entry (according to the flower page) with the repository list 1114711092 M * Bertl best name it mdk10.1 or so 1114711171 M * wurd what 'flower page' &? 1114711208 M * kevinp Bertl: http://roundsphere.com/stuff/host.posix.out 1114711235 M * kevinp Looks like the vserver didn't have gcc installed like I thought, installing it now and will get you the output 1114711295 M * Bertl wurd: 'The Flower Page' 1114711317 M * Bertl kevinp: ah, okay ... that explains a lot ... 1114711365 M * kevinp yeah, had to kick myself for that one 1114711374 M * wurd this? http://www.celinesmusic.com/The_Flower_Pg7.htm :) 1114711396 M * Bertl kevinp: the many 'failed' on link, are you sure you ahve everything on the host? 1114711420 M * kevinp not sure 1114711422 M * Bertl wurd: not quite, did you have a look at linux-vserver.org yet? 1114711442 M * wurd :) just kidding. 1114711444 M * wurd yes i have 1114711449 M * wurd and im looking right now 1114711454 M * wurd for the "flower page" 1114711462 M * kevinp that is a good one though! 1114711507 M * Bertl wurd: 'Documentation' 3rd entry ... 1114711515 A * wurd has just found the flower page 1114711527 A * wurd thinks its even worse than celine's flower page 1114711552 M * wurd :) 1114711634 M * DaCa celine dion? 1114711677 M * Bertl .. my heart still goes on! ;) 1114711738 M * wurd yes DaCa 1114711748 M * wurd http://www.celinesmusic.com/The_Flower_Pg7.htm 1114711756 M * wurd the flower page! 1114711916 M * kevinp Bertl: vserver output: http://roundsphere.com/stuff/posix.out 1114712018 M * kevinp tail -2 /proc/virtual/601/limit 1114712018 M * kevinp MSGQ: 0 0 -1 0 1114712018 M * kevinp SHM: 2 2 -1 0 1114712129 M * Bertl so there is still shm allocated? 1114712141 M * Bertl what happens if you shutdown the vserver? 1114712300 M * kevinp I just ran this: http://roundsphere.com/stuff/msg.tests 1114712322 M * kevinp yeah the shm is still allocated 1114712358 M * kevinp When I shutdown the vserver I get : tail -2 /proc/virtual/601/limit 1114712358 M * kevinp tail: cannot open `/proc/virtual/601/limit' for reading: No such file or directory 1114712379 M * Bertl okay, so the context disappears ... 1114712388 M * Bertl (which is good! ;) 1114712401 M * kevinp and when it starts back up: 1114712403 M * kevinp tail -2 /proc/virtual/601/limit 1114712403 M * kevinp MSGQ: 0 0 -1 0 1114712403 M * kevinp SHM: 0 0 -1 0 1114712414 M * Bertl are there shm specific tests too? 1114712432 M * kevinp Not enabled by default, I'm still looking at it 1114712454 M * kevinp Do you want me to run the msg tests in the host? 1114712466 M * Bertl could you write down some short howto/usage note for the suite? 1114712608 M * kevinp There is a doc that comes with it that would probably be useful 1114712684 M * kevinp http://roundsphere.com/stuff/HOWTO_RunTests 1114712711 M * Bertl do you want to investigate this stuff a little further? 1114712726 M * Bertl (maybe other test suites too?) 1114712740 M * kevinp I need to go for now, but maybe in an hour or so 1114712762 M * Bertl yeah, no need to hurry on that, just in general ... 1114712782 M * kevinp I'm always willing to learn and help others at the same time... :) 1114712815 M * kevinp Are you thinking about what was mentioned on the ml with security tests and stuff too? 1114712817 M * Bertl sounds good ... okay, then cya later ... 1114712860 M * kevinp I think that would be really helpful for people to be able to test their vservers and no that they are securely configured 1114712867 M * kevinp s/no/know/ 1114712909 N * kevinp kevinp|gone 1114713230 J * hanf ~michael@dsl-082-083-244-023.arcor-ip.net 1114713260 M * hanf hi all 1114713429 M * hanf is this good or bad? 16:39:53 bluebox kernel: bdev=cf56bd60, gendisk=c13bea00 inode=cf56bdc4[3,1] 1114713497 M * Bertl welcome hanf! 1114713510 M * hanf hello ;) 1114713522 M * Bertl hmm, looks like some debug output ... 1114713537 M * Bertl when do you get it? what kernel/tools? 1114713625 M * hanf well i updated to 2.6.11.7-vs1.9.5.x last night and played around with flags like sched_hard 1114713641 M * hanf util-vserver: 0.30.206; Apr 18 2005, 02:30:34 1114713668 M * Bertl let me look that one up in the sources .. sec 1114713718 M * hanf k 1114713798 M * Tbery Bertl, it is inpossible use samba on new patch?? 1114713850 M * Bertl Tbery: no, should work, but will need some tricks (as I said) 1114713871 M * Tbery witch?? 1114713893 M * Bertl like allowing for the broadcast address (as I mentioned too ;) 1114713945 J * prae ~prae@sherpadown.net 1114713950 M * Bertl hanf: that's a debug output which was left over .. you can safely ignore it, if you can ;) 1114714001 M * hanf ok thank you, this morning it apperead very often like bluebox last message repeated 366 times 1114714017 M * hanf but now nothing since 16:39 ;) 1114714062 M * Bertl it is issued when somebody does a quote ioctl 1114714068 M * Bertl *quota 1114714085 M * Tbery Bertl, how?? 1114714098 M * Tbery I use samba on older patcked.. 1114714127 M * hanf hm i don't have quota on, who is this somebody... the kernel? 1114714220 M * Tbery on kernel 2.6.8 with 204 vserver util.. 1114714225 M * Tbery is working well 1114714394 M * Bertl hanf: well, no, userspace issues a quotaioctl, in this case against dev(3,1) 1114714415 M * Bertl Tbery: and how is it 'failing' with the new kernel/tools? 1114714449 M * hanf ah ok ;) 1114714510 M * Tbery some special trobes... 1114714513 M * Tbery troubles.. 1114714545 M * Tbery biggiest miistake restart server after that Im wish god 1114714582 M * Bertl hmm, didn't get that one ... 1114715363 M * hanf bertl: is there a switch when compiling util-vserver like: --with-dietlibc=/some/dir? 1114715389 M * hanf because dietlibc always get installed in /opt and util-vserver didn't find it ... 1114715498 M * daniel_hozac hanf: export PATH=$PATH:/opt/..., perhaps? 1114715532 M * hanf well good idea lol will try that thx ;) 1114715542 M * wurd Bertl if i understand well, i will build a new vserver (with the new entry in the repository list) and it will "magically" be a mandrake server? 1114715609 M * Bertl yes, because it will be created from the mandrake rpms ... 1114715645 M * wurd i wouldnt think it'd be that simple :) 1114715652 M * wurd i didnt, i mean 1114715653 M * wurd sorry 1114715829 M * wurd when you said i should best name it mdk10.1 1114715852 M * wurd you were speaking about the folder containing the lists ? 1114715865 M * wurd [root@localhost .distributions]# ls 1114715865 M * wurd fc1 fc2 fc3 rh9 suse91 1114715907 M * Bertl yup, on a closer look maybe mdk101 would be best 1114715965 M * wurd ok, and since my repository is yum, what option should i use? 1114715983 M * wurd normally i use -m apt-rpm 1114716326 M * Bertl well, I don't use yum, so I don't know ... 1114716342 M * wurd k.. "man vserver" doesnt say much unfortunately 1114716445 M * Bertl guess it's more 'yum' specific than vserver .. but additional docu is always welcome ... 1114716487 M * wurd you mean theres probably no yum option ? 1114716554 M * daniel_hozac -m yum -d mdk101 ? 1114716588 M * daniel_hozac (really just a guess) 1114716950 M * wurd http://mirrors.usc.edu/pub/yum-repository/mandrake/10.1/i586/ 1114716976 M * wurd could you check this list and tell me if its really all i need to have a fully-functional (with gui) mandrake linux ? 1114716986 M * wurd i find theres not many packages... 1114716998 M * wurd and many "not-that-useful" packages 1114717021 M * wurd im not familiar with repositories and such 1114717044 M * wurd (not familiar with installing a linux distro in any other way than with CDs) 1114717283 M * Bertl sec 1114717297 J * coruptkid ~coruptkid@82-43-89-92.cable.ubr08.croy.blueyonder.co.uk 1114717313 M * coruptkid Hello all 1114717321 M * Bertl hi! 1114717346 M * Bertl wurd: yup, that looks pretty complete ... 1114717358 M * coruptkid need some help... 1114717362 M * wurd ok Bertl thanks for looking 1114717413 A * Bertl gives coruptkid a small bottle of help ... 1114717455 M * coruptkid :-) I'm just getting into setting up a virtual private server, i've been looking around on the net and i found VSERVER which seems perfect, I am most familiar with FreeBSD, is this OS compatible and is it the best to work with as the base and the sub Os'??? 1114717494 M * daniel_hozac you'd think the Linux part of the name would answer that question ;) 1114717520 M * Bertl linux-vserver (the one we are _here_ talking about) is, as the name says, based on linux 1114717520 M * coruptkid so thats a BIG FAT NO :-? 1114717549 M * coruptkid what OS would you recomend to work with? 1114717559 M * Bertl if you port the kernel stuff to FreeBSD, it will probably work ;) 1114717590 M * coruptkid hmm.. would that be worth it in your opinion. or is it just worth making the switch to a more friendly OS now? 1114717611 M * Bertl well, sure it would be worth porting it ... 1114717642 M * coruptkid hmm thats opening a whole different can of worms 1114717700 M * coruptkid whato OS do you work with?? 1114717710 M * Bertl linux of course ... 1114717718 M * coruptkid which distro? 1114717740 M * Bertl depends .. mostly some Mandrake derivate 1114717830 M * albeiro coruptkid: linux-vserver is used to run multiple linuxes on one machine, but under one and common kernel. it is not an kind of emulator which would allow running multiple kernels (or oses) on one machine :] 1114717899 M * coruptkid would these multiple linuxes be able to run simultaneously? say as with a VPS?? 1114717948 M * coruptkid say i had 1114717950 M * Bertl yup, this _is_ vps 1114717970 M * coruptkid :-) 1114718022 M * coruptkid Bertl. do you think should i look into Mandrake or Fedora 2 as the linux base? 1114718037 M * coruptkid or Fedora (Latest) 1114718040 M * daniel_hozac not Fedora 2, that's for sure. 1114718052 M * coruptkid y would you say that?? 1114718053 M * daniel_hozac it's been transferred to legacy already ;) 1114718067 M * coruptkid lol how about the latest Fedora?? 1114718080 M * daniel_hozac define latest. 1114718094 M * coruptkid most recent. most fresh out of the factory... 1114718109 M * daniel_hozac so does that include test releases, or the daily updated rawhide? 1114718123 M * coruptkid id say production releases 1114718151 M * daniel_hozac that sounds more like RHEL ;) 1114718159 M * coruptkid RHEL? 1114718170 M * daniel_hozac (or one of the many respins, like CentOS, Whitebox etc. 1114718171 M * SiD3WiNDR red hat enterprise linux 1114718173 M * SiD3WiNDR :) 1114718205 M * coruptkid so red hat... is what youd suggest!! 1114718214 M * coruptkid ? 1114718221 M * SiD3WiNDR eww :p 1114718230 M * daniel_hozac that's what _i'd_ suggest. 1114718276 M * daniel_hozac you should pick whichever you're most comfortable with though. 1114718300 M * coruptkid well, I'm gonna be learning the OS from scratch! 1114718321 M * SiD3WiNDR oh my :p 1114718326 M * albeiro omg 1114718330 M * albeiro O_O 1114718346 M * coruptkid thanks for the encouragement :-| 1114718353 M * coruptkid :-) 1114718353 M * SiD3WiNDR ;) 1114718361 M * albeiro you're welcome, want some more ? ;p 1114718381 M * albeiro ok, mayby mandrake ? or suse ? 1114718433 M * coruptkid :-) mandrake is sounding pretty loved so i'm gonna go have a look at it. 1114718447 M * coruptkid tnx be back 1114718449 M * Bertl it's now called mandriva btw ... 1114718452 M * coruptkid k 1114718502 M * coruptkid do you know what the project home-site is? 1114718515 M * Bertl yup, it's the one in the topic ;) 1114718527 M * SiD3WiNDR :p 1114718533 M * coruptkid no i mean for mandriva :-P 1114718553 M * SiD3WiNDR google knows 1114718558 M * Bertl http://www.mandriva.com/ 1114718559 M * SiD3WiNDR google is your best friend 1114718561 M * SiD3WiNDR repeat after me :p 1114718568 M * coruptkid :p 1114718625 M * hanf slackware works good as host too, aswell as for the vservers ;) 1114718630 M * hanf at least for me :D 1114718684 M * coruptkid ic 1114718970 M * albeiro Bertl: using mandriva on ppc ? 1114718979 M * Bertl nope, mandrake ;) 1114719017 M * albeiro is there mandrake on ppc ? hm, why i had no idea it is ? ;p 1114719037 M * Bertl don't know ... mandrake supports several archs 1114719100 M * albeiro and how do you fell with it, i mean, hardware support ? much to be tweaked after instalation ? 1114719100 M * Bertl not as many as debian claims too, though ;) 1114719152 M * Bertl albeiro: well, my special version basically worked out of the box, except for the yaboot thingy ... 1114719178 M * albeiro uh, you have special version, that's why ;] 1114719186 M * albeiro what do you mean by special ? 1114719380 M * Bertl well, it's something between mdk 8.2 and 10.1 ... 1114719450 M * albeiro i gues it is your own version (or something more official) ? 1114719486 M * Bertl own version, I always compile the packages myself ... 1114719500 M * Bertl (removing unnecessary dependancies on my way ;) 1114719513 M * Hollow use gentoo :D 1114719543 M * Bertl never tried gentoo, maybe I will some day ... 1114719550 M * Hollow you should 1114719556 M * Hollow lo btw ;) 1114719566 M * Bertl well, I guess I will miss the rpm tool there ;) 1114719575 M * Hollow there is a rpm replacement 1114719582 M * Bertl and most likely the init scripts would drive me crazy, no? 1114719590 M * Hollow i like em 1114719612 M * eyck emerge is OK. 1114719615 M * Hollow the dependency tracking of init scripts if really cool imo 1114719625 M * Hollow *is 1114719644 M * Bertl didn't like this for minit and friends either ... 1114719681 M * Bertl btw, does it work with circular dependancies? 1114719690 M * albeiro gentoo is all cool 1114719699 M * albeiro init scripts are best ever seen 1114719703 M * Hollow heh 1114719731 M * Hollow i'm no portage dep expert, but iirc circular deps works 1114719732 M * albeiro ydl is working well here, but when i will get some free time i'am going back to gentoo ;] 1114719761 M * albeiro btw - gentoo has best documentation on all world, really. 1114719777 M * Hollow ah yeah.. the vserver handbook ;) 1114719784 M * albeiro many times i seen complete newbie that could install system just by reading and following docs 1114719796 M * albeiro and later after installing did not know what to do ;p 1114719802 M * Hollow lol 1114719813 M * albeiro they shouldn't be so seasy 1114719816 M * albeiro easy 1114719823 M * Bertl hmm, that reminds me that recently somebody said, he used hollow's guide to something (which was called somewhat stupid by me a few moments before ;) 1114719848 M * Hollow details? ;) 1114719864 M * Bertl no details, where is the guide ;) 1114719883 M * Bertl (i.e. I look at it right now, maybe I remember ... ) 1114719895 N * Doener|gone Doener 1114719896 M * Hollow depends what guide in which version, there are some.. ;) 1114719907 M * Doener evening folks 1114719919 M * Bertl wb Doener! 1114719971 M * Bertl Hollow: well, the first I find is the wiki on strahlungsfrei.de 1114719984 M * Bertl (hmm, I wonder how they will do that ;) 1114719988 M * Hollow i wrote the vserver handbook lately, though i decided to switch back to a normal dock, handbook is too bloated 1114719998 M * Hollow the current version is http://gentoo.home.xnull.de/doc/en/vserver-quickstart.xml 1114720035 M * Hollow it will be integrated to the main gentoo doc site soon 1114720037 M * Hollow (i hope) 1114720042 M * Bertl http://dev.gentoo.org/~hollow/vserver/guide/ <-- that's the one linked on the wiki, no? 1114720057 M * Hollow yup, that - say - the current stable version ;) 1114720165 M * Hollow the new baselayout-vserver package even works with init, so the gentoo init style could be removed in teh future 1114720174 M * Bertl basic config: where is the --context ??? 1114720184 M * albeiro heh, vserver under gentoo is so easy :] 1114720191 M * Bertl what is the purpose of lock and nproc? 1114720215 M * Hollow lock: Prevent the vserver from setting new security context 1114720221 M * Hollow nproc: Limit the number of processes in the vserver 1114720221 M * Hollow according to ulimit 1114720235 M * Bertl are we talking about 2.4 vservers or 2.6 ? 1114720241 M * Hollow 2.6 1114720250 M * Hollow there are no 2.4 sources for vserver in gentoo 1114720251 M * Bertl there is no nproc in 2.6 ... 1114720255 M * Hollow mhm 1114720258 M * Hollow good to know 1114720269 M * Bertl well, the flag is there, but it does nothing 1114720278 M * Bertl especially as you can't set the ulimits for 2.6 ;) 1114720291 M * Bertl (which is filed as bug report, but that's a different story ;) 1114720296 M * Hollow the context is assigned dynamically 1114720310 M * Bertl yeah, and Bertl says: DONT DO THAT! 1114720340 M * Hollow i don't do it anyway.. i'll update the howto 1114720349 M * Bertl isolated process -> dynamic context, vps/guest -> static context 1114720385 M * Bertl IMHO vserver config should not support dynamic contexts at all 1114720436 M * Bertl 5.7 code listing ... 1114720438 M * Hollow is the lock flag needed? 1114720460 M * Bertl key mappings? random number generator? network filesystems? 1114720473 M * Bertl no, the lock flag is basically inactive 1114720474 M * Hollow this is all removed from baselayout-vserver 1114720493 M * Bertl so why does it show up in your listing then? 1114720511 M * Hollow because that's an old ("stable") guide 1114720527 M * Bertl hmm ... s/stable/wrong/ ;) 1114720528 J * mountie ~mountie@24.42.99.232 1114720549 M * Bertl Hollow: rest seems fine .. don't know when vprocunhide is called but it probably is 1114720552 M * Hollow as is said it will be updated as soon as the ebuilds go stable etc 1114720555 M * Bertl welcome mountie! 1114720573 M * mountie Howdy... Just found this from google searching... 1114720596 M * mountie I've been trying to apply -vs1.2.10 to RHEL3 kernels ;-( 1114720607 M * Bertl Hollow: just because it reads: "# [Gentoo vserver on kernel 2.6 Guide] (This is completely new and current (for 2.6.x-vs1.9.3 and alpha tools)" 1114720614 M * Bertl mountie: don't do it ;) 1114720619 M * Hollow yeah it was.. :P 1114720636 N * kevinp|gone kevinp 1114720662 M * Bertl Hollow: well, the strahlungsfrei wiki is nothing better .. they apply the 2.4.25-rc1-vs1.3.7 patch ;) 1114720671 M * Hollow heh ;) 1114720676 M * mountie No - I'm using stock 2.4.30 right now, but actually almost "need" to get NPTL support... GLIBC on RHEL3 is seeming to segfault everything that uses threads unless I force LD_ASSUME_KERNEL is set.... 1114720682 M * kevinp Bertl: Can I block ssh through iptables to the host server without effecting the guests? 1114720699 M * Hollow .oO( ngnet ) 1114720711 M * Bertl kevinp: sure, if they have different ips ... 1114720725 M * Bertl mountie: what about using a 2.6 kernel? 1114720727 M * kevinp yeah, they do - I just don't want them effected 1114720744 M * Doener hmm... even with the same ip it should work... it has to be a different port then anyway ;) 1114720771 M * Bertl right, should work in any case ... 1114720810 M * kevinp thanks, gonna give it a try 1114720829 M * mountie Bertl: Not really an option yet - we need to get some drivers sorted on 2.6 before we can use 'em in that box 1114720991 M * Bertl which RHEL version is that? 1114721181 M * Bertl http://vserver.13thfloor.at/Experimental/OUTDATED/patch-2.4.21-20.EL-vs1.29.4.diff 1114721230 M * Bertl (probably some things don't work there, but I don't know any details) 1114721317 M * micah hello everyone! 1114721324 M * Bertl hey micah! 1114721344 M * micah hey bertl, nice to see you 1114721379 M * Bertl the pleasure is all mine ... 1114721386 M * micah I'm looking to find a way to be able to edit /etc/vservers//fstab to add/remove an entry without needing to restart the entire vserver afterwards, is it possible? 1114721425 M * Bertl well, the editing itself doesn't require to restart the vserver ... 1114721436 M * micah no, but to get the new entry recognized... 1114721457 M * Bertl you could do that from the namespace of the vserver ... 1114721496 M * micah with a simple mount -a? 1114721521 M * Bertl hmm, probably not that easy, but with mount, yes 1114721601 M * micah I shall experiment some 1114721707 M * Bertl vnamespace is probably what you want to use ... 1114721716 M * Bertl (to enter the namespace and do the mount) 1114721774 M * Doener micah: http://linux-vserver.org/Namespaces 1114721806 M * micah excellent 1114721813 M * Doener thanks :) 1114721820 M * Bertl :) 1114721838 M * micah btw. Namespaces are the same as "Contexts"? 1114721839 M * kevinp Bertl: hmm, I blocked ssh on the host and it blocks it on the guests too 1114721844 M * micah ie. context number 42 1114721854 M * Bertl micah: no .. 1114721857 M * kevinp same with http/https 1114721866 M * Doener namespaces are assigned to a context... but they're _not_ the same... 1114721883 M * Bertl kevinp: with what rule? 1114721883 M * Doener namespaces exist in vanilla kernels, too 1114721899 A * micah reads 1114721956 M * kevinp Bertl: iptables -A INPUT -p tcp -m multiport --destination-port 22,80 -j ACCEPT 1114721973 M * Bertl how about adding a -d there? 1114721977 M * micah Recent versions of alpha util-vserver automatically translate a vserver-name to a context id, while older tools still require the use of the correct context id. <--- that makes me think they are the same :) 1114721983 M * kevinp iptables -A INPUT -i 63.xxx.xxx.x -s 127.0.0.0/8 -j DROP 1114722001 M * kevinp with the xxx's replacing the real ip of the host 1114722008 M * Doener micah: the tools use the contexts to get the namespace asociated with them... 1114722018 M * Bertl kevinp: hmm, that looks dubious? 1114722024 M * micah ah, so they sort of appear to be transparant 1114722031 M * Doener in vanilla kernels you can only create new namespaces, there's no way to reference them 1114722040 M * Bertl kevinp: -i is interface, no? 1114722049 M * Bertl and -s is source address 1114722053 M * Doener either you're in a namespace, or you are not. no way to enter a different one... second class objects they are... 1114722070 M * Bertl kevinp: so you are dropping any packets from localhost arriving at that interface?! 1114722092 M * kevinp Bertl: also --> iptables -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT 1114722131 M * Bertl kevinp: what do you mean with the DROP rule anyway? 1114722172 M * kevinp here's a better look: http://deadbeefbabe.org/paste/450 1114722214 M * kevinp the drop is an anti-spoofing rule 1114722218 M * Bertl Doener: FOR-2.0 contains a fix for syslog 1114722273 M * kevinp I just added a couple more lines to the pastebin 1114722312 M * Bertl kevinp: why not just do iptables -A INPUT -i eth0 -s 127.0.0.0/8 -j DROP ? 1114722331 M * Bertl the other one doesn't make sense to me ... 1114722372 M * Bertl and the input chain has what default? 1114722389 M * kevinp the way I understand it they are really the same thing, but why is it applying to the guests? 1114722394 M * Bertl (btw, I'd really prefer the output of iptables ... -L 1114722501 M * kevinp http://deadbeefbabe.org/paste/451 1114722528 M * Doener Bertl: hmm... isn't cap_syslog a better place to do the check? 1114722571 M * Bertl thought about that too, but IMHO we want to hit the virtual for guests anyway ... 1114722601 M * Bertl the real solution will come with mask_caps 1114722635 M * Bertl any arguments for the cap_syslog? 1114722682 M * Doener IMHO it's the 'natural' location. less code duplication 1114722703 M * Bertl kevinp: hmm, you sure this drops anything on input? 1114722718 M * kevinp no, this allows it --> Here's the core issue: http://deadbeefbabe.org/paste/452 1114722797 M * Bertl kevinp: make an iptables setup, which should do what you want, but fails to do so, then upload the iptables -L for that .. then we can discuss it ;) 1114722809 M * kevinp ok 1114723057 M * kevinp ok, this is the iptables output with ssh blocked on the host and also blocking on the guests: http://deadbeefbabe.org/paste/453 1114723097 M * Bertl sure? 1114723115 M * Tbery Bertl, can you try help me with broadcast? 1114723121 M * kevinp sure 1114723128 M * Tbery Bertl, on samba in guest? 1114723128 M * Bertl kevinp: because I see: ACCEPT all -- anywhere anywhere 1114723148 J * kjo ~krischan@p5484B95D.dip.t-dialin.net 1114723148 M * Bertl Tbery: I can try ... 1114723155 M * Bertl welcome kjo! 1114723180 M * kjo hallo 1114723193 M * kevinp oh, crap, hold on 1114723415 M * micah vnamespace -e 49191 -- mount -a 1114723417 M * micah no, thats not it 1114723433 M * Tbery b 1114723448 M * Tbery Bertl, where could I start? 1114723455 M * Bertl micah: don't use dynamic contexts ;) 1114723476 M * Bertl Tbery: well, descibe your network and setup first 1114723568 M * Tbery S_HOSTNAME="klobouk" 1114723568 M * Tbery IPROOT="eth0:192.168.0.100/255.255.255.0 lo:127.0.0.1/255.0.0.0" 1114723568 M * Tbery IPROOTDEV="eth0 lo:127.255.255.255" 1114723585 M * Bertl okay, first make that: 1114723595 M * Bertl IPROOT="eth0:192.168.0.100/255.255.255.0" 1114723602 M * Bertl IPROOTDEV="" 1114723613 M * Bertl then you probably want to add the broadcast 1114723628 M * Bertl IPROOT="eth0:192.168.0.100/255.255.255.0 192.168.0.255" 1114723631 M * Bertl IPROOTDEV="" 1114723660 M * micah bertl: vnamespace -e MT -- mount --rbind /vservers/flat/var/www/site /var/www/site at least doesn't use dynamic contexts 1114723675 M * micah but it tries to do the mount in the root context :P 1114723700 M * Bertl well, that correct ... but /var/www/site is probably wrong anyways 1114723719 M * Bertl no idea what you want to rbind where ... 1114723763 M * micah Bertl: well in my /etc/vservers/MT/fstab I have: /vservers/flat/var/www/site /var/www/site auto rbind 0 0 1114723772 M * kevinp Bertl: Okay, I even tried it with the -i eth0 and it still doesn't work, do you have an example rule that should work? 1114723787 M * micah which will rbind the /vservers/flat/var/www/site (from the "flat" vserver) into /var/www/site in the "MT" vserver 1114723811 M * kevinp the previous pastebin was right, the last rules do the actual rejecting 1114723836 M * Bertl micah: when you enter the namespace with vnamespace, what do you see? (try vnamespace -e MT -- /bin/bash ) 1114723847 M * Doener micah: you have to use absolute paths in both cases 1114723859 M * Tbery Bertl, the same situation.. 1114723861 M * Doener the namespace's root is still the same as the hosts root 1114723866 M * Doener s/hosts/host's/ 1114723873 M * Bertl Tbery: same means? 1114723901 M * micah Bertl: hm, it doesn't seem to put me in a shell in the MT vserver at all 1114723929 M * micah Bertl: just it just launches another shell in the root context 1114724005 M * Tbery eth0:klob Link encap:Ethernet HWaddr 00:07:E9:31:80:1E 1114724006 M * Tbery inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0 1114724006 M * Tbery UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 1114724006 M * Tbery Base address:0x3040 Memory:fea60000-fea80000 1114724021 M * Tbery it look ok,, 1114724052 M * micah Doener: when I do an absolute path it gets mounted in the root context, not in the vserver 1114724086 M * Tbery what is this?? 1114724088 M * Tbery WARNING: can not find configuration, assuming legacy method 1114724089 M * Tbery ipv4root is now 192.168.0.100 192.168.0.255 1114724089 M * Tbery chcontext: vc_new_s_context(): Invalid argument 1114724138 M * Doener micah: shouldn't happen... which tools version? 1114724156 M * micah Doener: Kernel: 2.6.11-vs1.9.5-rc1 1114724156 M * micah VS-API: 0x00010025 1114724156 M * micah util-vserver: 0.30.201; Jan 31 2005, 12:12:18 1114724166 M * Bertl Tbery: no idea where the vc_new_s_context() comes from, details about kernel patch/versions? 1114724205 M * Doener micah: probably those can't resolve vservernames yet... 1114724211 M * Doener try with the xid instead 1114724234 M * kevinp Bertl: Does it matter if all of this was on 2.4.27-vs1.29-rc2 server? I should have mentioned that earlier... 1114724241 M * micah Doener: vnamespace -e 49191 bash gives same result 1114724245 M * Tbery 1.9.4 1114724247 M * Tbery patch 1114724252 M * Tbery kernel 2.6.11 1114724253 M * Bertl kevinp: not really ... 1114724264 M * Doener micah: when you do that, in which directory are you? 1114724287 M * micah Doener: I was in /etc/vservers/MT 1114724290 M * Tbery ii util-vserver 0.30.204-4 vserver-debian 0.1.10 1114724309 M * Bertl kevinp: but I don't see how an ACCEPT all/all rule should block anything ? 1114724322 M * Doener micah: then you probably _are_ in the vserver's namespace... compare /proc/mounts 1114724333 M * Bertl Tbery: try with the mainline tools (util-vserver-0.30.206) 1114724340 M * micah Doener: but when I do the vnamespace -e 49191 bash I get put into /vservers/MT -- but I see all the host's mounts etc. 1114724365 J * kalou_ ~kalou@AToulon-201-1-27-185.w81-48.abo.wanadoo.fr 1114724368 M * Doener micah: that's totally normal... in addition you should see the vserver's mounts (which you don't see in the host's namespace) 1114724369 M * micah Doener: weird... 1114724378 M * kalou_ 'lo 1114724379 M * Doener the virtualization depends on the chroot 1114724385 M * micah Doener: I get a different "view" if I do vserver MT enter 1114724391 M * micah i see 1114724407 M * Doener micah: that's what namespaces are about ;) different views on the mount tree 1114724429 M * kalou_ I spoke briefly to chandra (on #ckrm) 1114724454 M * Bertl hey kalou_! 1114724466 M * kalou_ told me that ckrm and vserver was already used together, by planetlab.org 1114724467 M * micah Doener: however, that would mean that when I do: vnamespace -e 49191 -- mount --rbind /vservers/flat/var/www/site/ /vservers/MT/var/www/site -- it should work 1114724469 M * kalou_ Hi Bertl 1114724481 M * Bertl kalou_: yup in a somewhat strange fashion ... 1114724505 M * Doener micah: exactly 1114724521 M * micah Doener: but when I do that, I see that mount in the root, and not in the vserver itself 1114724568 M * Doener hmm... 1114724604 M * micah perhaps I am misunderstanding something (completely possible) 1114724654 M * kevinp Bertl, because the default policies are iptables -P INPUT DROP and iptables -P OUTPUT ACCEPT 1114724655 M * Tbery Im reboot machne..with new 206 1114724662 M * Tbery and look better 1114724675 M * Tbery but samba still not running.. 1114724711 M * Bertl kevinp: yeah, but your first rule says, accept everything. 1114724721 M * kevinp And these rules drop anything else that is not specified: DROP tcp -- anywhere anywhere tcp 1114724721 M * kevinp DROP udp -- anywhere anywhere 1114724723 M * Bertl (first two rules actually) 1114724764 M * Tbery Bertl, please what can i do? 1114724791 M * Bertl Tbery: tell me what the problem is ... maybe samba is not running because you didn't start it? 1114724817 M * kevinp Bertl, we know that it is blocking it, so that is not the issue, the question is why does it effect the guests? 1114724831 M * Tbery Load smb config files from /etc/samba/smb.conf 1114724831 M * Tbery Processing section "[homes]" 1114724831 M * Tbery Processing section "[printers]" 1114724831 M * Tbery Processing section "[print$]" 1114724831 M * Tbery Loaded services file OK. 1114724831 M * Tbery Server role: ROLE_STANDALONE 1114724833 M * Tbery Press enter to see a dump of your service definitions 1114724835 M * Tbery 1114724849 M * Tbery /etc/init.d/samba restart 1114724849 M * Tbery Stopping Samba daemons: start-stop-daemon: warning: failed to kill 3553: No such process 1114724849 M * Tbery nmbd smbd. 1114724849 M * Tbery Starting Samba daemons: nmbd smbd. 1114724852 M * Bertl kevinp: it does not affect the guests, it just affects the host, all networking is done _on_ the host 1114724886 M * kalou_ Bertl: traffic from inside a vserver flows directly to the OUTPUT chain, right ? 1114724894 M * Bertl kevinp: let me give you a test setup within a qemu host ... 1114724906 M * Tbery [2005/04/28 23:44:36, 0] lib/util_sock.c:open_socket_in(708) 1114724907 M * Tbery bind failed on port 137 socket_addr = 192.168.0.150. 1114724907 M * Tbery Error = Cannot assign requested address 1114724934 M * Bertl Tbery: well, we had .100, no? 1114724969 M * Tbery yes 1114724981 M * Tbery 150 is main 1114724991 M * Bertl so why is it binding the main ip? 1114725057 M * Tbery Failed to open nmb socket on interface 147.32.129.104 for port 137. Error was Cannot assign requested address 1114725057 M * Tbery [2005/04/28 23:47:55, 0] nmbd/nmbd.c:main(736) 1114725057 M * Tbery ERROR: Failed when creating subnet lists. Exiting. 1114725137 M * Bertl now it is trying to use 147.32.129.104 ? 1114725154 M * Bertl Tbery: I guess you should _configure_ it properly first ... 1114725195 M * Tbery is public ip.. 1114725204 M * Tbery this machne have 2 faces.. 1114725209 M * Tbery 1 1114725233 M * Bertl well, fine, but your vserver just has _one_ ip ;) 1114725349 M * Tbery yes 1114725353 M * Tbery just one 1114725372 M * Tbery eth0 Link encap:Ethernet HWaddr 00:07:E9:31:80:1E 1114725373 M * Tbery inet addr:147.32.129.104 Bcast:147.32.143.255 Mask:255.255.240.0 1114725373 M * Tbery inet6 addr: fe80::207:e9ff:fe31:801e/64 Scope:Link 1114725373 M * Tbery UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 1114725373 M * Tbery RX packets:13073 errors:0 dropped:0 overruns:0 frame:0 1114725373 M * Tbery TX packets:1201 errors:0 dropped:0 overruns:0 carrier:0 1114725375 M * Tbery collisions:0 txqueuelen:1000 1114725377 M * Tbery RX bytes:2053005 (1.9 MiB) TX bytes:403937 (394.4 KiB) 1114725379 M * Tbery Base address:0x3040 Memory:fea60000-fea80000 1114725381 M * Tbery eth0:klob Link encap:Ethernet HWaddr 00:07:E9:31:80:1E 1114725383 M * Tbery inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0 1114725387 M * Tbery UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 1114725389 M * Tbery Base address:0x3040 Memory:fea60000-fea80000 1114725391 M * Tbery lo Link encap:Local Loopback 1114725393 M * Tbery inet addr:127.0.0.1 Mask:255.0.0.0 1114725395 M * Tbery inet6 addr: ::1/128 Scope:Host 1114725397 M * Tbery UP LOOPBACK RUNNING MTU:16436 Metric:1 1114725399 M * Tbery RX packets:18 errors:0 dropped:0 overruns:0 frame:0 1114725401 M * Tbery TX packets:18 errors:0 dropped:0 overruns:0 carrier:0 1114725403 M * Tbery collisions:0 txqueuelen:0 1114725405 M * Tbery RX bytes:1260 (1.2 KiB) TX bytes:1260 (1.2 KiB) 1114725407 M * Tbery sorry 1114725409 M * Tbery too big loods 1114725411 M * Tbery in guest 1114725435 J * Thorsten ~Thorsten@dsl-084-058-027-126.arcor-ip.net 1114725472 M * kalou_ Tbery: you may use "grep eth -A2", to display 2 lines after occurence of eth 1114725522 M * Bertl welcome Thorsten! 1114725548 M * Thorsten thx Bertl, hi * 1114725584 M * kalou_ Bertl, what do you think about ckrm and vserver used together ? 1114725604 M * Tbery what neext? 1114725688 M * Bertl kalou_: well, basically a good idea, unfortunately the ckrm stuff is more than unstable IMHO ... 1114725767 M * kalou_ Bertl: do you know that SuSE included ckrm into their Enterprise 9 version ? 1114725835 M * Bertl no, didn't know that, but they probably use an reduced version ... 1114725865 M * kalou_ Don't know which kernel version they are using, nor which functionnalities. If I have more informations on this, I'll post them. 1114725875 M * Bertl okay, great! 1114726133 J * duckx ~Duck@dyn-83-157-204-243.ppp.tiscali.fr 1114726429 M * Bertl welcome duckx! 1114726522 Q * DuckKing Ping timeout: 480 seconds 1114726957 M * Doener micah: if you do "vnamespace -e MT bash" and do the mount in that shell, does that work? 1114726981 M * Bertl Tbery: as I said, you should configure your smbd to use the proper ips first ... 1114726989 M * micah Doener: let me try 1114727020 M * Bertl kevinp: okay, in a few minutes (just need soemthing to eat) we can do an example setup .. okay? 1114727048 M * Doener and again the question arises... do i sleep tonight? *g* 1114727058 M * micah Doener: no, it doesn't change anything 1114727069 M * Bertl Doener: and? do you let time decide again? 1114727109 M * Doener Bertl: not so sure... this time university start a few hours later and the chance for me to fall asleep is higher... 1114727121 M * Doener OTOH i don't feel like going to bed... 1114727209 M * Bertl well, then do it! 1114727530 M * kevinp Bertl: sounds good, just let me know 1114727557 M * Doener Bertl: ehrm... do what? ;) 1114727653 M * Bertl 'feel like going to bed...' -> go to bed ;) 1114727658 Q * Tbery Remote host closed the connection 1114727670 M * Doener 00:25:21 Doener OTOH i _don't_ feel like going to bed... 1114727677 M * Bertl oops ... 1114727692 M * Doener ;) 1114727697 A * Bertl reverses all engines ... 1114728931 M * Doener ah, we got qemu 0.7... *goes checking the changelog...* 1114729055 Q * kjo Quit: Verlassend 1114729309 M * Bertl Doener: yup, the only thing I fear is that qemu-fast support is vanishing ... 1114729584 Q * berni xenon.oftc.net oxygen.oftc.net 1114729584 Q * aba xenon.oftc.net oxygen.oftc.net 1114729584 Q * Medivh xenon.oftc.net oxygen.oftc.net 1114729584 Q * DaPhreak xenon.oftc.net oxygen.oftc.net 1114729584 Q * locksy xenon.oftc.net oxygen.oftc.net 1114729584 Q * albeiro xenon.oftc.net oxygen.oftc.net 1114729584 Q * micah xenon.oftc.net oxygen.oftc.net 1114729584 Q * pusling xenon.oftc.net oxygen.oftc.net 1114729584 Q * alexx xenon.oftc.net oxygen.oftc.net 1114729584 Q * mikegrb xenon.oftc.net oxygen.oftc.net 1114729584 Q * Bertl xenon.oftc.net oxygen.oftc.net 1114729584 Q * wurd xenon.oftc.net oxygen.oftc.net 1114729584 Q * virtuoso_ xenon.oftc.net oxygen.oftc.net 1114729584 Q * romke xenon.oftc.net oxygen.oftc.net 1114729584 Q * DuckMaster xenon.oftc.net oxygen.oftc.net 1114729584 Q * ndim xenon.oftc.net oxygen.oftc.net 1114729584 Q * cereal xenon.oftc.net oxygen.oftc.net 1114729584 Q * hillct xenon.oftc.net oxygen.oftc.net 1114729584 Q * Vudumen xenon.oftc.net oxygen.oftc.net 1114729584 Q * mcp xenon.oftc.net oxygen.oftc.net 1114729584 Q * meebey xenon.oftc.net oxygen.oftc.net 1114729584 Q * Beirdo xenon.oftc.net oxygen.oftc.net 1114729584 Q * maharaja xenon.oftc.net oxygen.oftc.net 1114729584 Q * rs xenon.oftc.net oxygen.oftc.net 1114729584 Q * sith xenon.oftc.net oxygen.oftc.net 1114729584 Q * gregster xenon.oftc.net oxygen.oftc.net 1114729584 Q * Seraph xenon.oftc.net oxygen.oftc.net 1114729584 Q * duckx xenon.oftc.net oxygen.oftc.net 1114729584 Q * Thorsten xenon.oftc.net oxygen.oftc.net 1114729584 Q * flock xenon.oftc.net oxygen.oftc.net 1114729584 Q * DaCa xenon.oftc.net oxygen.oftc.net 1114729584 Q * kevinp xenon.oftc.net oxygen.oftc.net 1114729584 Q * Hollow xenon.oftc.net oxygen.oftc.net 1114729584 Q * monrad xenon.oftc.net oxygen.oftc.net 1114729584 Q * BWare xenon.oftc.net oxygen.oftc.net 1114729584 Q * ciphernaut_zz xenon.oftc.net oxygen.oftc.net 1114729584 Q * lilo xenon.oftc.net oxygen.oftc.net 1114729584 Q * bro xenon.oftc.net oxygen.oftc.net 1114729584 Q * nox xenon.oftc.net oxygen.oftc.net 1114729584 Q * stupidawy xenon.oftc.net oxygen.oftc.net 1114729584 Q * Hunger xenon.oftc.net oxygen.oftc.net 1114729584 Q * Zoiah xenon.oftc.net oxygen.oftc.net 1114729584 Q * cemil xenon.oftc.net oxygen.oftc.net 1114729584 Q * Snow-Man xenon.oftc.net oxygen.oftc.net 1114729584 Q * kalou_ xenon.oftc.net oxygen.oftc.net 1114729584 Q * mountie xenon.oftc.net oxygen.oftc.net 1114729584 Q * coruptkid xenon.oftc.net oxygen.oftc.net 1114729586 Q * prae xenon.oftc.net oxygen.oftc.net 1114729586 Q * hanf xenon.oftc.net oxygen.oftc.net 1114729586 Q * atsab__ xenon.oftc.net oxygen.oftc.net 1114729586 Q * daniel_hozac xenon.oftc.net oxygen.oftc.net 1114729586 Q * SNy xenon.oftc.net oxygen.oftc.net 1114729586 Q * Doener xenon.oftc.net oxygen.oftc.net 1114729586 Q * logger xenon.oftc.net oxygen.oftc.net 1114729586 Q * sladen xenon.oftc.net oxygen.oftc.net 1114729586 Q * Loki|muh xenon.oftc.net oxygen.oftc.net 1114729586 Q * eyck xenon.oftc.net oxygen.oftc.net 1114729599 J * cemil ~cemil@defiant.wavecon.de 1114729599 J * Snow-Man ~sfrost@snowman.net 1114729599 J * Zoiah Zoiah@matryoshka.zoiah.net 1114729599 J * locksy ~locksy@mrtg.sisgroup.com.au 1114729599 J * DaPhreak ~phreak@lms.rz.uni-greifswald.de 1114729599 J * albeiro albeiro@albeiro.usercloak.oftc.net 1114729599 J * pusling ~pusling@195.215.29.124 1114729599 J * micah micah@micha.hampshire.edu 1114729599 J * Medivh ck@paradise.by.the.dashboardlight.de 1114729599 J * berni ~berni@svr01.mucip.net 1114729599 J * aba ~aba@sol.turmzimmer.net 1114729599 J * Bertl ~herbert@janus.mc.tuwien.ac.at 1114729599 J * alexx ~alexx@82.225.136.176 1114729599 J * mikegrb ~michael@mikegrb.netop.oftc.net 1114729599 T * xenon.oftc.net http://linux-vserver.org/ | latest stable 1.2.10, devel 1.9.5, 2.0-pre2, ng9.4 -- He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) 1114729601 J * duckx ~Duck@dyn-83-157-204-243.ppp.tiscali.fr 1114729601 J * Thorsten ~Thorsten@dsl-084-058-027-126.arcor-ip.net 1114729601 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il 1114729601 J * DaCa ~danny@mail.limehouse.org 1114729601 J * kevinp ~kevinp@ny.webpipe.net 1114729601 J * Hollow ~Hollow@home.xnull.de 1114729601 J * monrad ~monrad@213083190130.sonofon.dk 1114729601 J * BWare ~bware@office.intouch.net 1114729601 J * Hunger Hunger.hu@Hunger.hu 1114729601 J * ciphernaut_zz ~a@61.88.18.130 1114729601 J * lilo ~lilo@lilo.usercloak.oftc.net 1114729601 J * bro ~vanity@lanparty.lv 1114729601 J * nox ~nox@noxlux.de 1114729601 J * stupidawy foo@you.wish.you.were.pimp.olicio.us 1114729602 T * services.oftc.net http://linux-vserver.org/ | latest stable 1.2.10, devel 1.9.5, 2.0-pre2, ng9.4 -- He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) 1114729607 J * kalou_ ~kalou@AToulon-201-1-27-185.w81-48.abo.wanadoo.fr 1114729607 J * mountie ~mountie@24.42.99.232 1114729607 J * coruptkid ~coruptkid@82-43-89-92.cable.ubr08.croy.blueyonder.co.uk 1114729607 J * prae ~prae@sherpadown.net 1114729607 J * hanf ~michael@dsl-082-083-244-023.arcor-ip.net 1114729607 J * atsab__ ~as@lotes.vtu.lt 1114729607 J * daniel_hozac ~daniel@h56n2fls32o829.telia.com 1114729607 J * SNy ~mfr@bmx-chemnitz.de 1114729607 J * Doener doener@193.24.208.125 1114729607 J * logger ~rs@vds.pas-mal.com 1114729607 J * sladen paul@starsky.19inch.net 1114729607 J * Loki|muh loki@satanix.de 1114729607 J * eyck eyck@81.219.64.71 1114729607 T * xenon.oftc.net http://linux-vserver.org/ | latest stable 1.2.10, devel 1.9.5, 2.0-pre2, ng9.4 -- He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) 1114729614 J * wurd ~kvlt@modemcable157.235-201-24.mc.videotron.ca 1114729614 J * virtuoso_ ~s0t0na@80.253.205.251 1114729614 J * romke romke@procyon.romke.net 1114729614 J * DuckMaster ~duckx@195.75.27.158 1114729614 J * ndim hun@helena.bawue.de 1114729614 J * cereal ~cereal@217.20.124.153 1114729614 J * hillct ~hillct@client200-5.dsl.intrex.net 1114729614 J * Vudumen vudumen@perverz.hu 1114729614 J * mcp hightower@217.171.201.37 1114729614 J * meebey meebey@meebey.net 1114729614 J * Beirdo ~gjhurlbu@beirdo.usercloak.oftc.net 1114729614 J * maharaja maharaja@ipax.at 1114729614 J * rs ~rs@194.98.28.10 1114729614 J * sith sith@aaronp.com 1114729614 J * gregster ~gregor@greart.de 1114729614 J * Seraph kk@projects.verfaction.de 1114729628 M * Doener probably... 1114730138 Q * prae Quit: Pwet 1114730307 M * Bertl hmm, so now after a lot of splitting and joining ... 1114730336 M * kevinp Bertl: we'll have to look at the firewall some other time, I gotta go 1114730360 M * Bertl kevinp: okay, just got ready ... but no problem ... 1114730372 M * Bertl we'll address it another time ... 1114730385 M * Bertl Doener: what was your final comment to the syslog cap/test? 1114730426 N * kevinp kevinp|gone 1114730471 M * Doener 23:10:36 Bertl any arguments for the cap_syslog? 1114730471 M * Doener 23:11:22 Doener IMHO it's the 'natural' location. less code duplication 1114730516 M * Bertl okay, wanna do a patch? (as replacement of mine) 1114730554 M * Doener ok... 1114731033 M * Bertl http://vserver.13thfloor.at/Experimental/FOR-2.0/delta-comp32-feat03.diff (final? version, replaces feat01+feat02) 1114731186 M * Bertl http://vserver.13thfloor.at/Experimental/delta-varhz-feat02.diff (RFC) 1114731737 M * Doener Bertl: hm, for CONFIG_SECURITY=y the capmask stuff probably also needs to modify cap_capable(). AFAICT that's the function that is called when that configuration option is set. 1114731775 M * Bertl IIRC, it does work there too ... 1114731790 M * Doener ok 1114731806 A * Bertl is checking now ... 1114731859 M * Bertl hmm, no, seems it doesn't ... 1114731909 M * Bertl ah, now I remember .. we have to replace the cap_capable() and capable() checks for the mask caps anyway 1114731946 M * Bertl (but for the local check ... that is, to specify a ccap) 1114732056 M * Bertl the entire cap_mask stuff will be fun, interestingly the 'demand' is very low atm ... 1114732314 M * Doener hm... not sure if i share your definition of fun there ;)