1115859624 J * eXplasm2 ~explasm@p549FF4DF.dip.t-dialin.net 1115859639 M * Bertl wb eXplasm2! 1115860067 Q * eXplasm Ping timeout: 480 seconds 1115860707 M * mep bertl alive? 1115860728 M * mep base-files depends on awk; however: 1115860728 M * mep Package awk is not installed. 1115860735 M * mep chmod: changing permissions of `/var/mail': Permission denied 1115860745 M * mep W: Failure trying to run: chroot /opt/vservers/gl dpkg --force-depends --install /var/cache/apt/archives/base-files_3.1.2_i386.deb /var/cache/apt/archives/base-passwd_3.5.9_i386.deb 1115860762 M * mep and then some umount errors 1115860896 M * Bertl yup alive ... 1115860905 M * mep can i ignore this shit? 1115860929 M * Bertl why do you get 'permission denied'? 1115860944 M * mep good question ;) 1115860960 A * Doener` places his bet on grsec ;) 1115860979 M * mep drwxrwsr-x 2 root man 4096 Jul 22 2004 mail 1115860994 A * Bertl holds with 000 on wrong dir, and raises ... 1115860995 M * mep Doener` yes its grsecur patched 1115861060 M * Bertl Doener`: but chances are good that you win ;) 1115861082 M * mep bertl any idea? :/ 1115861096 M * mep i got it on two diffrent boxes 1115861097 M * Doener` ls -l /path/to/vserver-root 1115861097 M * Bertl actually we already provided 'two' ideas ;) 1115861107 M * Doener` erhm -ld 1115861134 M * Doener` and: lsattr -d /path/to/vserver-root 1115861144 M * mep drwxr-xr-x 4 root root 104 May 12 03:15 /opt/vservers 1115861163 M * mep s-S-i-dAc------t- /opt/vservers 1115861179 M * Doener` hm, forget about the lsattr, you're on 2.6... 1115861188 M * mep on the one box i installed a vserver before with a older vserver-util and diffrent kernel 1115861194 M * Doener` vserver-root is one level deeper ;) 1115861204 M * Doener` i.e. /opt/vservers/my-vserver 1115861250 M * mep drwxr-xr-x 20 root root 480 May 12 03:18 gl 1115861258 M * Doener` looks good 1115861274 M * Doener` then check your logs to see if grsec is complaining 1115861275 M * mep s-S-i-dAc-------- gl 1115861310 M * mep arg :x 1115861336 M * Bertl guess you win ;) 1115861346 M * Doener` strike! :) 1115861374 M * mep denied chmod +s of /opt/vservers/gl/var/mail by /opt/vservers/gl/bin/chmod[chmod:29631] uid/euid:0/0 gid/egid:0/0, parent /opt/vservers/gl/var/lib/dpkg/info/base-files.postinst[base-files.post:15466] uid/euid:0/0 gid/egid:0/0 1115861589 M * mep found it :) 1115862668 M * Doener` good night folks! 1115862674 N * Doener` Doener_zZz 1115862780 J * rs_ ~rs@82.229.176.40 1115862815 Q * rs Read error: Operation timed out 1115862841 M * Bertl night Doener_zZz! 1115862856 Q * alexx Ping timeout: 480 seconds 1115862922 J * alexx ~alexx@82.225.136.176 1115866931 Q * gart Ping timeout: 480 seconds 1115866971 J * gart ~yossarian@ip68-0-206-237.ri.ri.cox.net 1115867684 M * Bertl hmm, I thought that LIB2_DIVMOD_FUNCS controls/contains the libgcc2 functions like _divdi3 and friends ... 1115867728 M * Bertl but they are built, even if I clear this in a t-* file ... 1115867856 M * Bertl btw, mklibgcc(.in) mentions LIBGCC as input (in 3.3.6) although it isn't used in the file 1115868315 M * Shuri gnite 1115868317 Q * Shuri Quit: 1115868333 M * Bertl night! 1115875938 M * micah if I do a vserver exec "somecommand" and that "somecommand" is a perl script that does a "cp" will that fail? 1115876027 M * Bertl depends .. it will happen inside the vserver guest 1115876043 M * Bertl so if the 'script' would fail doing so inside, then yes ;) 1115876058 M * micah hmm 1115876069 M * micah thats what I was hoping it would do 1115876073 M * micah that means that is not my problem 1115876095 M * Bertl what _is_ your problem, if I may ask? 1115876125 M * micah i'm trying to call mysqlhotcopy from the host system, by doing: 1115876137 M * micah vserver exec mysqlhotcopy --options --here 1115876152 M * micah and the mysqlhotcopy dies, without much information... :P 1115876161 M * Bertl hmm, what about doing something like: 1115876176 M * Bertl vserver exec -- /path/to/mysqlhotcopy --options --here 1115876194 M * micah I think I tried that, but let me see... 1115876203 M * Bertl (where the path/to part is relative to the vserver root) 1115876224 M * Bertl and don't forget the -- ;) 1115876250 M * micah yeah, if I do it with the -- there, I get the error: 1115876251 M * micah vcontext: execvp("--"): No such file or directory 1115876267 M * Bertl hmm, what tool version? 1115876308 M * micah 0.30.201 1115876315 M * Bertl hmm, hmm ... try 1115876336 M * Bertl vserver -- exec /path/to/mysqlhotcopy --options --here 1115876358 M * Bertl if that fails too, then do: 1115876385 M * Bertl vserver exec bash -c "mysqlhotcopy --options --here" 1115876428 M * Bertl and if that fails too, then it 'just' failed ... i.e. it doesn't do anything with the given env inside the vserver guest 1115876459 M * Bertl anyway, I'm off to bed now ... so cya all later ... 1115876465 M * micah yeah, hmm those didn't work 1115876470 M * micah ok, goodnight Bertl! 1115876474 N * Bertl Bertl_zZ 1115876480 M * Bertl_zZ night micah! and good luck! 1115876529 M * ciphernaut night bertl 1115877127 Q * sukria Quit: Going back to real life 1115878049 J * erwan_ho ~erwan@konilope.dyndns.org 1115878709 J * sukria ~sukria@213.223.184.205 1115880434 Q * erwan_ho Remote host closed the connection 1115881348 N * ciphernaut ciphernaut_zz 1115884502 M * sukria hi there 1115884506 J * prae ~prae@ezoffice.mandriva.com 1115884533 M * sukria I have created a new vserever and it seems to work properly (when I use chcontecxt I can use it) 1115884560 M * sukria I'd like to knwo how I can bind the IP adress I have on eth:name on the context session... 1115884732 M * DaPhreak sukria: which version of tools and which kernel ? :) 1115884786 M * sukria kernel 2.6.8+vserver - VSAPI: 0x00010025 1115884827 M * sukria testme.sh works fine, vserver-stat shows my context 1115884856 M * sukria but hwen I chcontext --xid CID, if you do an ifconfig, I see all the network interfaces 1115884963 M * DaPhreak normally you bind an eth:name via configfile to the specific vserver 1115884991 M * sukria that's done 1115885112 M * sukria DaPhreak: when I run vserver vs00 start, I see the IP stuff : 1115885115 M * sukria ipv4root is now 172.16.54.91 1115885143 M * sukria and the virtual interface eth0:vs00 is up 1115885185 M * DaPhreak hmm that seems like old tools .. and not alpha tools, am I right ? 1115885237 M * sukria well, I use the debian provided tools, maybe I should not? :) 1115885273 M * DaPhreak from testing ? 1115885279 A * DaPhreak has no debian :) 1115885280 M * sukria yes 1115885296 M * DaPhreak that should be 0.30.201 or so ? 1115885309 A * DaPhreak looks at packages.debian.org 1115885327 M * sukria util-vserver 0.30.204-5 1115885400 M * DaPhreak no idea currently :) you'll gonna have to wait till Doener_zZz or Bertl_zZ get back here :) or any of the others :) 1115885410 M * sukria ok 1115887925 M * sukria I'm building a 2.4 kernel to see if I have the same problems... 1115891879 M * meebey wtf 1115891890 M * meebey I have apache running in a vserver with own IP 1115891895 M * meebey and the vserver is limited to that IP 1115891903 M * meebey apache runs on 80 in the vserver 1115891910 M * meebey apache on the host can not start 1115891919 M * meebey [Thu May 12 11:37:00 2005] [crit] (98)Address already in use: make_sock: could not bind to port 80 1115891933 M * meebey but netstat -pltn shows that port 80 is not used on the host 1115891936 M * meebey is this a bug? 1115891957 M * meebey when I stop the apache in the vserver, the apache on the host can start 1115891966 M * aba meebey: does apache on the host want to bind to *:? 1115891974 M * meebey oh, damn 1115891982 M * meebey ok that makes sense now :) 1115891990 M * meebey the host is not isolated 1115891992 M * meebey true... 1115891998 M * meebey aba: thanks :) 1115892195 M * meebey if apache on the host would start before the vservers do, it would not conflict. but that is error prone 1115892417 M * aba meebey: no. than the apaches inside can't start. 1115892424 M * aba I already experienced that. 1115892466 M * meebey aba: oh true because of 0.0.0.0 1115892508 M * meebey I found a big problem using NAT and MASQUERADE togehter with vservers and own ips 1115892512 M * meebey it just doesn't work 1115892548 M * meebey all packets go out to ppp0 without beeing masqed 1115892566 M * meebey packets from the internal network to ppp0 gets masqe 1115892589 M * meebey found that with an bind inside an vsrerer 1115892599 M * meebey it could resolve anything 1115892605 M * meebey +not 1115892672 M * meebey eh apache Listen and BindAddress directory is errr a bit stupid 1115892684 M * meebey it only take one IP, but I would like 2 1115892710 M * meebey using the directory 2 times, doesn't help, only the last IP specified is used then 1115893767 Q * rs_ Quit: rs_ 1115895278 N * Pazzo PazZzzzooo 1115895359 M * aba meebey: IIRC there is some switch to tell "masquerade from local host" 1115897844 M * DaPhreak meebey: or use SNAT .. works fine here .. 1115897893 J * cryo_ ~say@212.86.243.154 1115898161 Q * cryo Ping timeout: 480 seconds 1115898679 J * rs ~rs@staff.lycos.fr 1115898953 J * ruuth VooDoo@topas.informatik.uni-ulm.de 1115899132 M * meebey I know that SNAT works :) 1115899141 M * meebey but that is not a solution for me 1115899144 M * meebey dynamic ip 1115899157 M * meebey aba: hm 1115899161 M * meebey aba: interesting, in the kernel? 1115899214 M * meebey aba: I know there was a DNAT for local connection switch, but its removed since 2.4.30 1115899271 M * meebey aba: oh, that is the problem?!? by default MASQUERADE does not masq connection from own host? 1115899290 M * meebey hm that must be a setting then 1115899469 J * wurd ~kvlt@modemcable157.235-201-24.mc.videotron.ca 1115899480 M * aba meebey: well,I guess it's that. I never needed to use that. 1115899621 M * meebey aba: proc setting? 1115899635 M * meebey aba: I googled but could not find something related 1115899646 M * aba meebey: I can just remember that such a switch existed at some place. But perhaps lartc may contain something useful. 1115901184 N * PazZzzzooo Pazzo 1115901412 M * ruuth Hi! how can I mount specific directories (from my root-server) in the vserver? 1115901426 M * ruuth and where? 1115901433 M * aba ruuth: with -o bind? 1115901480 M * ruuth aba: I'm totally new to veservers ... can you be more specific? 1115901508 M * aba ruuth: eh, that has nothing to do with vservers. One way would be to mount them in the master before starting the vserver 1115901522 M * Pazzo ruuth: man mount => -o bind is used to mount a directory 1115901548 M * Pazzo ruuth: if you mount them to a mountpoint inside a running vserver it will not be visible from inside the vserver unless you 1115901553 M * Pazzo a) reboot the vserver or 1115901570 M * Pazzo b) use vnamespace to run the mount command 1115901702 M * ruuth Pazzo: Can I edit /etc/vservers/vservername>/fstab to always mount certain directories when starting the vserver? 1115901766 M * daniel_hozac ruuth: indeed. 1115901795 M * Pazzo ruuth: I never did so - but should work, don't forget to add "bind" or "rbind" (man mount) as an option 1115901817 M * ruuth daniel_hozac: Can you give me an example line? 1115901833 M * Pazzo has anyone read "[Vserver] ELF Loader Bug exploitable inside a vServer" on the ml? and did anyone give it a try? 1115901858 M * daniel_hozac ruuth: /pub /pub bind bind 0 0 1115901886 M * ruuth daniel_hozac: ah ... ok ... that's really simple :) thanks a lot! 1115902195 M * wurd daniel_hozac , first hi ;P , do i need to install anything at all on my "client machine" in order for it to access to my vserver's gui ? 1115902208 M * wurd it has mandrake 10.1 1115902209 M * daniel_hozac wurd: well, an X server. 1115902260 M * wurd x11-xorg ? 1115902275 M * daniel_hozac wurd: sure. 1115902337 M * daniel_hozac you'd want to have the GUI running on your client, open a terminal, run ssh -Y 1115903591 M * wurd k, the client has "xorg-x11" installed 1115903595 M * wurd this is the error i get : 1115903597 M * wurd bash-3.00# gaim 1115903599 M * wurd _X11TransSocketINETConnect() can't get address for localhost:6010: Name or service not known 1115903608 M * wurd (gaim:8406): Gdk-CRITICAL **: file gdkdisplay-x11.c: line 378 (gdk_display_get_name): assertion `GDK_IS_DISPLAY (display)' failed 1115903615 M * wurd ** (gaim:8406): WARNING **: cannot open display: unset 1115903623 J * jsambrook ~jsambrook@aelfric.plus.com 1115903647 P * jsambrook 1115903799 M * wurd and when i type "ktron" 1115903801 M * wurd it says : 1115903826 M * wurd ktron: cannot connect to xserver localhost:10.0 1115903893 M * wurd any idea ? 1115904500 N * Doener_zZz Doener 1115904506 M * wurd the "display" thing, i dont need to do it ? 1115904508 M * Doener morning! 1115904511 M * wurd the "display export"! 1115904517 M * wurd (no "!") 1115904523 M * wurd morning Doener 1115904566 M * Doener wurd: "X11UseLocalhost no" in sshd_config 1115904675 M * Doener (in the vserver) 1115904677 Q * ruuth Quit: Nettalk6 der Freeware IRC-Client 1115904697 M * wurd thanks Doener 1115904861 M * wurd X11DisplaytOffset 10 1115904864 M * wurd do i need to change this ? 1115904867 M * Doener no 1115904870 M * wurd k 1115904882 M * wurd and what should be the value of my vserver's $DISPLAY ? 1115904901 M * wurd (or the client's $DISPLAY..?) 1115904915 M * wurd (not sure which one i need to change) 1115904931 M * Doener no don't have to change any... ssh should do that... 1115904956 M * wurd ok 1115905007 M * Doener try: ssh -Y "echo \$DISPLAY" 1115905039 M * Doener should be your vserver's ip address:10 or the vserver's hostname:10 1115905055 M * Doener (or :11, :12 etc.) 1115905067 M * wurd yeah 1115905068 M * wurd 10.0 1115905089 M * Doener ah yeah, forgot the .0... ;) 1115905103 M * Doener now try: ssh -Y xterm 1115905235 M * Doener you'll notice that ssh blocks until you close the xterm, use -f to make ssh go into background mode... 1115905246 M * Doener i.e.: ssh -fY xterm 1115905257 M * wurd _X11TransSocketINETConnect() can't get address for localhost:6010: Name or service not known 1115905259 M * wurd Warning: This program is an suid-root program or is being run by the root user. 1115905276 M * wurd xterm Xt error: Can't open display: %s 1115905393 M * Doener hm? 1115905413 M * Doener DISPLAY was _not_ "localhost:10.0", right? 1115905441 M * wurd bash-3.00# echo $DISPLAY 1115905441 M * wurd localhost:0.0 1115905454 M * Doener i your ssh session... 1115905455 M * wurd thats weird 1115905458 M * wurd cuz... 1115905461 M * Doener 15:36:47 Doener try: ssh -Y "echo \$DISPLAY" 1115905489 M * wurd ok 1115905531 M * Doener what output do you get? 1115905553 M * wurd result of ssh -Y 10.99.1.16 "echo \$DISPLAY" is : 1115905564 M * wurd localhost:10.0 1115905592 M * Doener hm.. i guess you didn't restart the vserver's ssh after changing the X11UseLocalhost setting... 1115905605 M * wurd thats right.. thanks 1115905641 M * Doener our dogs need a walk... back in a few... 1115905643 N * Doener Doener|gone 1115905653 M * wurd now its test:10.0 1115905700 M * wurd when i try to run an app 1115905714 M * wurd "cannot connect to xserver test:10.0" 1115905733 M * daniel_hozac you are running X on the client, right? 1115905807 M * wurd i've installed xorg-x11 on the client... i probably didnt "start" it (if i need to?) 1115905828 M * daniel_hozac you'd want to have the GUI running on your client, open a terminal, run ssh -Y 1115905849 M * wurd yeah? 1115905909 M * wurd so i have to "start" x11 or something ? 1115905938 M * daniel_hozac yes, of course. 1115906015 M * Pazzo hi Doener! 1115906025 M * wurd as a service ? 1115906028 M * Pazzo ehm... bye Doener ;-) 1115906033 M * wurd "service x11 start" ? 1115906035 M * daniel_hozac no. 1115906043 M * daniel_hozac start a GUI session. 1115906048 M * wurd how? :) 1115906057 M * daniel_hozac with something like startx. 1115906084 M * daniel_hozac (or start, if mandrake has those scripts and you have a DE installed.) 1115906133 M * wurd you mean, "startx" on my client ? or , "startx" on my vserver 1115906142 M * daniel_hozac on your client. 1115906150 M * wurd theres already a gui running on my client 1115906177 M * daniel_hozac ... you just said you didn't start X. 1115906236 M * daniel_hozac so, from your terminal, you can start X programs, right? 1115906265 M * daniel_hozac such as xterm. 1115906366 M * wurd from my client ? 1115906373 M * daniel_hozac yes. 1115906462 M * wurd i'll try starting xterm 1115906519 M * wurd i dont seem to have xterm installed on the client 1115906533 N * Doener|gone Doener 1115906559 M * daniel_hozac well, try any other graphical program. 1115906606 M * wurd any program at all?!? 1115906612 M * wurd of course it will work.. the gui works fine.. 1115906620 M * wurd i browse the net etc. 1115906647 M * daniel_hozac so you can start graphical programs from the same terminal you are running ssh from? 1115906655 M * daniel_hozac -from 1115906687 M * wurd ssh itself is some sort of graphical program... 1115906691 M * wurd it's a window 1115906702 M * wurd resizable, moveable, color-changeable, etc 1115906713 M * daniel_hozac that's the terminal. 1115906733 M * wurd oh by 'terminal' you mean 'console' right ? 1115906788 M * wurd in the ssh window i just did "xterm" and some window popped up. 1115906792 M * wurd (i installed xterm) 1115906916 M * daniel_hozac define ssh window. 1115906925 M * daniel_hozac the same terminal you're running ssh from? 1115906929 M * wurd i mean a terminal window. 1115906933 M * wurd yes 1115906941 M * wurd a shell-window. 1115906967 M * daniel_hozac so, that's working. 1115906972 M * wurd (forget the "ssh window" thing. thats not what i meant) 1115906983 M * daniel_hozac and ssh -Y xterm doesn't work? 1115907022 M * wurd i dont see why it wouldnt have worked though.. the client already has a functionnal gui.. whats the difference between starting graphical programs 1.from a shell window & 2.by clicking on it's icon ? 1115907112 J * Hollow ~Hollow@home.xnull.de 1115907127 M * wurd heres the result of "ssh -y ip xterm" : xterm XT error: cant open display: test:10.0 1115907196 M * Doener -Y not -y 1115907217 M * wurd yes 1115907224 M * wurd i just roughly typed the thing 1115907252 M * wurd but the command is fine. ssh -Y ip.ip.ip.ip xterm 1115907300 M * wurd Doener do you understand what daniel_hozac means? (because i dont) is there a situation where running a program from a shell wont work, while clicking on its icon will work ? 1115907333 M * Doener i guess he just wanted to test if it works at all... 1115907341 M * wurd ok 1115907728 M * Pazzo [-> kernel-image-2.6.11.9-vs2.0-pre4 is running fine <-] 1115907757 M * Doener great :) 1115907758 M * Pazzo don't know if ELF bug affects vserver systems - anyone? 1115907792 M * Pazzo Doener: 1 hunk succeeds two lines earlier, but that's fine 1115908411 M * ntrs What is # showattr -d /vservers/ supposed to show? 1115908418 M * ntrs ---bui- /vservers/ 1115908423 M * ntrs ---Bui- /vservers/ 1115908426 M * ntrs ---BuiX /vservers/ 1115908429 M * ntrs ??? 1115908594 M * Doener second one looks good... i guess the third one is with IUNLINK set, should also be fine... 1115908594 M * ntrs Also, is /vservers still supposed to be chmod 000? 1115908611 M * Doener shouldn't be needed anymore... 1115908626 M * ntrs What is the difference between bui and Bui? 1115908683 M * Doener b = barrier flag is not set, B = barrier flag is set 1115908726 M * ntrs How do I set the barrier flag? 1115908738 M * Doener setattr --barrier 1115908744 M * Doener setattr --barrier 1115908757 M * ntrs Ok, thanks. 1115908777 M * ntrs this only has to be done on /vservers right? no other directories? 1115908800 J * jsambrook ~jsambrook@aelfric.plus.com 1115908800 M * Doener if all your vservers are below /vservers then yes 1115908805 M * ntrs yes, ok. 1115908810 P * jsambrook 1115908821 M * ntrs Thanks again Doener 1115908833 M * Doener ok, confirmed, chmod 000 is not needed with 2.6 kernels 1115909848 N * Pazzo PazZzzzooo 1115910886 Q * sukria Quit: Going back to real life 1115911528 M * wurd daniel_hozac ? 1115914689 Q * prae Quit: Client exiting 1115914813 N * Bertl_zZ Bertl 1115914823 M * Bertl evening folks! 1115915000 M * Doener evening Bertl! 1115915070 M * Bertl hey Doener! everything fine? 1115915087 M * Doener yup yup. what about you? 1115915202 M * Bertl I feeling good today ... 1115915220 M * Bertl managed to 'compile' binutils/gcc for 26 different archs yesterday 1115915232 M * Doener woah 1115915236 M * Bertl now I have to test it (but first tests look good) 1115915561 P * click [IRSSI] 1115915930 J * click click@dsl-static-122-208.aal.tiscali.no 1115915941 M * Bertl hmm, wb click! 1115915946 M * click thanks 1115915953 M * click darned net fell down completely here 1115916026 M * Doener off now, back later... 1115916030 N * Doener Doener|gone 1115916075 M * Bertl cya 1115916156 M * click how's things going here then? 1115916168 M * click (haven't been active on irc for quite some time) 1115916745 M * Bertl yeah, we barely remember you ;) 1115916763 M * Bertl (well, we remember you being drunk ;) 1115916796 M * Bertl ad your question: things are going fine so far, 2.0 is at pre state 1115916804 M * Bertl (but you probably saw that) 1115916804 J * mep_ mep@p5091E3EB.dip.t-dialin.net 1115916810 M * Bertl welcome mep_! 1115916917 M * DaPhreak morning ;) 1115917005 M * Bertl evening DaPhreak! 1115917237 Q * mep Ping timeout: 480 seconds 1115917571 Q * kevinp Ping timeout: 480 seconds 1115917674 M * wurd can anybody help? im still trying to use my vserver's gui through x forwarding or ssh -X 1115917700 M * wurd from the vserver itself, i try to run "xterm" and i get this : 1115917702 M * wurd [teh@test xinitrc.d]$ xterm 1115917702 M * wurd _X11TransSocketINETConnect() can't get address for localhost:6000: Name or service not known 1115917702 M * wurd xterm Xt error: Can't open display: localhost:0.0 1115917786 M * Bertl okay, let's check what you actually do ... 1115917801 M * Bertl - how do you reach/logon to the guest? 1115917821 M * wurd the guest ? 1115917831 P * mikegrb 1115917836 M * Bertl (guest = the vserver thingy running on the host) 1115917838 J * mikegrb ~michael@mikegrb.netop.oftc.net 1115917843 M * mikegrb oops 1115917848 M * Bertl wb mikegrb! 1115917851 M * wurd well i've got a vserver (which is supposed to contain kde) and a client (which is mandrake 10.0 , graphical) 1115917859 M * mikegrb Bertl! THANKS! 1115917878 M * wurd i open a shell on the mandrake computer (the "client" as i call it) and do ssh -X myvserver'sIP 1115917884 M * Bertl wurd: and you got a host (i.e. the phyiscal machine the vserver guest is running on), no? 1115917893 M * wurd yes 1115917935 M * Bertl okay, so on the guest, is X11 Forwarding enabled for sshd? 1115917987 J * kevinp ~kevinp@ny.webpipe.net 1115918002 M * Bertl welcome kevinp! 1115918009 M * wurd yes 1115918016 M * wurd uh, no! 1115918019 M * wurd uh, yes! 1115918022 M * wurd sorry. lol 1115918029 M * Bertl hehe, let's try the following: 1115918120 M * Bertl ssh -v user@vserver.guest (please replace user and vserver.guest) 1115918138 M * Bertl and upload the output to pastebin.com or so 1115918202 M * wurd this command, you want me to run it from my client? 1115918205 M * wurd or from my host 1115918296 M * Bertl from the client, yes 1115918430 M * wurd 283264 1115918436 M * wurd www.pastebin.com/283264 1115918525 M * Bertl okay, and now the same with -X please 1115918532 M * Bertl i.e. ssh -v -X ... 1115918551 M * Bertl and including the logon, (i.e. supply the password) 1115918641 M * wurd www.pastebin.com/283267 1115918695 M * wurd www.pastebin.com/283270 (for the logon) 1115918774 M * Bertl okay, are you still logged on? 1115918780 M * wurd yeah 1115918802 M * Bertl what does the /var/log/messages log on the guest show? 1115918894 M * Bertl (maybe something about xauth missing or so?) 1115918925 M * wurd www.pastebin.com/283273 1115919095 M * Bertl okay, after you logged on to the guest (as above with -X and -v) what does 'set | grep SSH' return? 1115919174 M * wurd it returns nothing 1115919237 M * Bertl hmm, what distro is your guest? 1115919243 M * wurd wait! 1115919245 M * wurd not true 1115919246 M * wurd sorry 1115919261 M * wurd www.pastebin.com/283274 1115919441 Q * rs Quit: rs 1115919495 M * Bertl okay, and what does 'set | grep DISPLAY' give? 1115919506 M * Bertl (logged on to the guest, that is) 1115919616 M * wurd test:10.0 1115919639 M * wurd DISPLAY=test:10.0 1115919930 M * Bertl and how is 'test' defined in /etc/hosts 1115919995 M * wurd its not defined, actually 1115920004 M * wurd theres no such file as /etc/hosts 1115920029 M * Bertl well, then let's add it and make it 1115920044 M * wurd what do i put in it 1115920044 M * Bertl test 1115920049 M * wurd k 1115920081 M * wurd done 1115920141 M * Bertl okay, now try 'xsterm' 1115920147 M * Bertl *xterm even 1115920242 M * wurd www.pastebin.com/283283 1115920305 M * Bertl check that you sshd config (on the guest) has 1115920308 M * Bertl X11UseLocalhost no 1115920331 M * Bertl then, logon again and try again 1115920344 M * wurd #X11Forwarding no 1115920344 M * wurd X11Forwarding yes 1115920344 M * wurd #X11DisplayOffset 10 1115920344 M * wurd X11UseLocalhost no 1115920388 M * Bertl on your client do 'xhost +' 1115920420 M * Bertl but it looks to me like your xauth is doing soemthing wrong ... 1115920481 M * wurd on my client, NOT logged in my vserver? 1115920500 M * Bertl yep, on your client ... 1115920509 M * Bertl this basically disables the x11 auth checking ... 1115920544 M * wurd www.pastebin.com/283286 1115920576 M * Bertl you sure that xauth is installed on your guest? 1115920581 M * wurd maybe not 1115920614 M * wurd xorg-x11-xauth is already the newest version. 1115920649 M * wurd you really mean "guest" here, huh? 1115920653 M * wurd not client. right? 1115920679 M * Bertl yes, you need xauth on the guest 1115920875 M * Bertl ahem, what ip did you add for the 'test' entry in /etc/host and on which unit (client, host, guest)? 1115920904 M * wurd im not sure i understand your question 1115920935 M * Bertl you did create an /etc/host file, no? 1115920941 M * wurd hosts , yes 1115920944 M * wurd (not host) 1115920953 M * Bertl yep, hosts 1115920957 M * wurd i added "10.99.1.16" 1115920961 M * Bertl where did yoi create it? 1115920969 M * Bertl *you 1115920969 M * wurd /etc/hosts 1115920978 M * Bertl guest, host or client? 1115920983 M * wurd guest 1115920991 M * Bertl okay, and the ip you used belongs to? 1115920997 M * wurd the guest. :) 1115921008 M * Bertl so 10.99.1.16 is the ip you ssh to, no? 1115921012 M * wurd yes 1115921038 M * Bertl okay, that should be fine ... to make sure, add another entry for your client too 1115921050 M * Bertl i.e. client 1115921075 M * Bertl make sure to restart the guest (so that the sshd picks up all the changes so far) 1115921096 M * wurd hm.... 1115921105 M * wurd vserver vservername restart ? 1115921110 M * Bertl for example 1115921138 M * wurd yes? 1115921142 M * Bertl yes 1115921145 M * wurd ok :) 1115921187 M * wurd is it normal that my ssh session didnt even get disconnected 1115921194 M * wurd even tho i restarted the vserver 1115921216 M * Bertl no, that's a good hint that it wasn't a connection to your guest ;) 1115921225 M * wurd .... 1115921227 M * wurd fuck 1115921233 M * Bertl maybe you didn't restrict the hosts sshd? 1115921271 M * wurd i need to delete all these vservers im not using anymore!!! 1115921283 M * wurd ive been confused by my own self 1115921291 M * wurd how do you delete htem ? 1115921297 M * Bertl rm -rf 1115921308 M * wurd in /vservers ? 1115921309 M * Bertl (there is no delete command yet) 1115921318 M * wurd or in /etc/vservers 1115921324 M * Bertl both ... 1115921330 M * Bertl but make sure they are stopped first 1115921443 M * wurd how can i delete everything in a folder, except ONE folder (the vserver i wanna keep) 1115921515 M * wurd basically, how can i do this : rm -rf * except one thing 1115921559 J * erwan_ho ~erwan@konilope.dyndns.org 1115921574 M * Bertl I would not do that ... (probably too dangerous ;) 1115922024 M * wurd ls 1115922026 M * wurd oop 1115922028 M * wurd s 1115922139 M * Bertl ;) 1115922229 M * wurd damN! !!! 1115922234 M * wurd [root@localhost vservers]# vserver 444 stop 1115922244 M * wurd Vserver '/etc/vservers/444' still running unexpectedly; please investigate it manually... 1115922244 M * wurd RTNETLINK answers: Cannot assign requested address 1115922356 M * wurd .. 1115922371 M * wurd how do you fixed the "KNOWN HOST ID HAS CHANGED!!!!!!!!! THIS COULD BE HAXOR!!!!!" problem ? 1115922377 M * wurd how do you fix& 1115922394 M * wurd wasnt it by deleting the 'know_hosts' file ? i did but still get the msg 1115922416 M * Snow-Man What's the right setattr command for the directory above the vserver root? 1115922427 M * Snow-Man setattr barrier? 1115922666 M * wurd nevermind. i found the problem 1115922852 Q * erwan_ho Remote host closed the connection 1115922871 J * erwan_ho ~erwan@konilope.dyndns.org 1115923341 M * Bertl okay, off for now ... back later ... 1115923346 N * Bertl Bertl_oO 1115923484 M * wurd :/ 1115923922 Q * erwan_ho Ping timeout: 480 seconds 1115923930 Q * DaCa Ping timeout: 480 seconds 1115924386 M * wurd is there anybody left ? 1115924412 M * wurd i fixed a bunch of stuff now, it shouldnt be too complicated to make it work 1115924430 M * wurd i just need to be guided a bit 1115924510 J * erwan_ho ~erwan@konilope.dyndns.org 1115925337 M * wurd anyone? :( 1115927029 J * Doener` ~doener@p54875133.dip.t-dialin.net 1115927153 M * wurd Doener` would you know why i get "cannot connect to x server test:10.0" ? 1115927342 Q * Doener|gone Read error: Operation timed out 1115927399 N * Bertl_oO Bertl 1115927404 M * Bertl short visit ... 1115927774 J * rs ~rs@80.214.248.1 1115927823 M * Doener` back now... seems my isp was friendly enough to drop my connection so that i don't have to change my nick myself... ;) 1115927860 M * Doener` wurd: no 1115928427 Q * rs Ping timeout: 480 seconds 1115929855 N * BobR_oO BobR 1115929993 N * BobR BobR_afk 1115930701 J * DaCa ~danny@mail.limehouse.org 1115930913 Q * alexx Quit: Bye 1115931095 N * BobR_afk BobR 1115932211 J * yarihm ~yarihm@80-218-3-145.dclient.hispeed.ch 1115933984 M * mep_ i know its offtopic but perhaps anyone helps me anyway 1115934008 M * mep_ what restriction i must disable in grsecurity to use mount --bind ina vserver+grsecurity environment 1115934027 A * Bertl has no idea ... 1115934035 M * mep_ :/ 1115934061 M * Doener` from what i've heard you should look out for rules concerning chroot environments 1115934061 M * Bertl but if I would have those issues, I'd look at the error/log messages 1115934084 M * mep_ bertl i have checked the logs hehe 1115934098 M * mep_ yes doener right' i reread all :/ 1115934155 M * Doener` hm... well... after re-reading your question, i guess the chroot part doesn't make sense... ;) 1115934180 M * ntrs Bertl, do you think this latest ELF coredump vulnerability can be avoided by setting the coredump max size to zero? 1115934361 M * Bertl do you have an url, I obviously missed it ... 1115934400 M * ntrs http://secunia.com/advisories/15341/ 1115934457 M * Bertl ah, it's already fixed in 2.6.11.9 ... 1115934467 M * ntrs I think there was a place i proc where you can set different things for core 1115934472 M * ntrs yes it is fixed in .9 1115934786 M * Bertl http://www.isec.pl/vulnerabilities/isec-0023-coredump.txt 1115934804 M * Bertl (hmm, I don't see how that would help yet ...) 1115934812 A * Bertl is reading on ... 1115934937 M * ntrs It was just a thought. I am not expecting that it would help 1115934958 M * Bertl well, it looks like it has a very good chance to kill the system before it gets elevated priviledges 1115934980 M * Bertl you could 'force' the core limit to 0 1115935000 M * Bertl but probably the best solution is to upgrade ... 1115935163 M * ntrs sure 1115936719 N * BobR BobR_zZ 1115937021 M * Bertl Doener`: did you read the mail regarding cpu ticks? 1115937026 M * Doener` yep 1115937041 M * Bertl did we have that in 1.9.3 or so? 1115937048 M * Bertl (it's definitely not in 1.9.4) 1115937088 M * Doener` to be honest, i've never noticed the cpu\d field before ;) 1115937110 M * Doener` and my kernel tree start somewhere around 1.9.5 1115937126 M * Bertl hmm, okay ... np ;) 1115937138 A * Bertl will dig out the old sources ;) 1115938101 N * ciphernaut_zz ciphernaut 1115938109 M * Bertl morning ciphernaut! 1115938163 M * Doener` morning ciphernaut 1115938164 M * ciphernaut gudday Bertl! 1115938214 M * ciphernaut Hello Doener` 1115938401 M * mep_ are there any known problems with dual cpu and vserver? 1115938414 M * mep_ patch-2.6.11.7-grsec2.1.5-vs2.0pre3-1.diff.bz2 1115938420 M * mep_ this version i want to use ;) 1115938432 M * mep_ i want lose the box hehe 1115938437 M * mep_ *don'T 1115938452 M * Bertl 2.6.11.8-vs2.0-pre4 works fine on SMP x86 and sparc64 1115938469 M * mep_ narf 1115938475 M * mep_ there is a 2.6.11.8 :( 1115938487 M * Bertl well, actually there is 2.6.11.9 ... 1115938494 M * mep_ now i have patched 4 boxes with the other patch ;( 1115938529 M * Bertl (2.6.11.9 fixes the elf priviledge escalation issue ;) 1115938577 M * albeiro now you have four vulnerable boxes ;p 1115938579 Q * yarihm Quit: Leaving 1115938591 M * mep_ nice 1115938603 J * jsambrook ~jsambrook@aelfric.plus.com 1115938642 M * Bertl evening jsambrook! 1115938707 P * jsambrook 1115938870 Q * erwan_ho Remote host closed the connection 1115938981 M * Bertl Doener`: hmm, now I remember why I removed those counters ... 1115939030 M * Bertl the kernel changed from scheduler_tick() with those arguments to doing the cpustat accounting in a slightly different way 1115939184 J * rs ~rs@imhotep.rhapsodyk.net 1115939192 J * jsambrook ~jsambrook@aelfric.plus.com 1115939192 M * Bertl evening rs! 1115939194 P * jsambrook 1115939210 M * rs yep bertl 1115939219 M * Doener` hm... ok ;) 1115939313 J * alexx ~alexx@82.225.136.176 1115939392 M * Bertl evening alexx! 1115939422 M * alexx hello Bertl :) 1115939422 J * jsambrook ~jsambrook@aelfric.plus.com 1115939479 Q * jsambrook Remote host closed the connection 1115939687 M * Bertl rs: how is it going? 1115939729 M * rs fine, lot of meeting with german people those day, but I survive :P 1115939764 M * Bertl hehe ;) 1115939769 M * rs german english accent is sometime worse than french one ;P 1115939898 M * Bertl Doener`: what do you think, should we go for cputime64_t in accounting there or just stay with our 'own' counters? 1115939931 M * Doener` i have no idea about the actual kernel code there, so i can't say something useful atm 1115939933 M * Bertl pros: 'kernel wide standard' cons: type issues, overhead 1115940504 M * ciphernaut I went to a irish pissup/bbq in bayeren once 1115940523 M * ciphernaut their german had the same accent as their english did 1115940937 M * rs bertl: is linux-vserver vulnerable to this : http://isec.pl/vulnerabilities/isec-0023-coredump.txt ? 1115940958 M * Bertl hehe, not with 2.6.11.9 ;) 1115940968 M * rs hmm ok but former kernels ? 1115940976 M * Bertl very likely ... 1115941066 M * DaCa disallowing coredumps (by forcing ULIMIT -c) could maybe help? 1115941081 M * Bertl yup, could help ... 1115941112 M * Doener` the guy who found the vulnerability says it helps IIRC 1115941376 M * DaCa mep_: ping 1115941419 M * mep_ yes? 1115941433 M * DaCa mep_: do you want to test a linux-2.6.11.9-grsec2.1.5-vs2.0-pre4 ? 1115941434 M * mep_ my system is vulnreable? 1115941445 M * mep_ sry no time now tomorrow 1115941456 M * mep_ my one box died after kernel upgrade :( 1115941471 M * mep_ but it has to hardware failures today perahps third one 1115941482 M * mep_ but no support at this time :/ 1115941719 M * Bertl you mean, nobody there to check the machine, no? 1115941750 M * mep_ yes 1115941769 M * mep_ damn sleep ;) 1115941783 M * Bertl well, what about remote console/reset/power? 1115941801 M * mep_ hardware reset don't help 1115941819 M * mep_ but i don't the kernel fucked it ebcause 1115941834 M * mep_ i only added vser and grsecurity 1115941920 M * Bertl aha, so you expect the machine to be dead, no? 1115941960 M * mep_ seems so :/ 1115941975 M * mep_ it failures with ahrddisk error this evening 1115941975 M * DaCa Bertl: whats the target again for compiling a 2.6 kernel with everything enabled? 1115941979 M * mep_ no system disk... 1115941988 M * Bertl DaCa: allyesconfig 1115941993 M * DaCa tnx