1116892907 J * cryo ~say@212.86.243.154 1116893223 J * hellekin ~hellekin@v41.ath.cx 1116893714 J * ciphernaut ~a@61.88.18.130 1116893728 M * ciphernaut hi all 1116895155 Q * hellekin Quit: BitchX-1.0c19 -- just do it. 1116896434 J * eXplasm2 explasm@p549FF519.dip.t-dialin.net 1116896865 Q * explasm__ Ping timeout: 480 seconds 1116898554 J * bro ~vanity@lanparty.lv 1116900089 Q * matti Ping timeout: 480 seconds 1116900089 J * albeiro_ albeiro@linux.gentoo.pl 1116900091 Q * albeiro Ping timeout: 480 seconds 1116900110 N * albeiro_ albeiro 1116900131 J * matti matti@linux.gentoo.pl 1116900335 Q * shuri Quit: 1116902892 Q * ciphernaut Quit: 1116903342 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il 1116906123 N * Bertl_zZ Bertl 1116906138 M * Bertl morning folks! 1116909111 M * Bertl awy for a little ... 1116909115 N * Bertl Bertl_oO 1116910358 M * Beave what do i need to diable in grsec if im getting this on vps startup: 1116910361 M * Beave grsec: From 66.0.156.5: mount of /etc/vservers/www-softwink/vdi to . by /usr/lib/util-vserver/secure-mount[secure-mount:5199] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/vserver[vserver:7246] uid/euid:0/0 gid/egid:0/0 1116910518 M * Beave or is that to general of a question. 1116910824 M * Beave think i found it.. nevermind. 1116912705 J * tarantul ~tarantul@spray.anyhost.ru 1116912729 M * tarantul Hello! 1116912828 M * tarantul Ppl! I have debian sarge. What best way for build new vserver ? 1116912940 M * eyck newvserver ? 1116912953 M * eyck apt-get install vserver-debiantools 1116913311 M * DaPhreak morning eyck ;) 1116913868 M * eyck morning 1116914457 M * eyck my barrier still doesn't work 1116914518 M * Doener morning 1116915080 M * Doener eyck: you're on xfs, right? 1116915094 M * eyck right. 1116915538 J * hvd ~takeagues@fw-grz.hollomey.com 1116915544 M * eyck this is your mind on drugs... 1116915549 M * eyck this is your mind on xfs... 1116915583 M * hvd morning out there .. 1116915641 M * hvd i have another strange issue with rc2 and util-vserver 207 .. when trying to stop a vserver 1116915691 M * hvd it works fine if i run stop --debug .. but it hangs after killall waiting for khelper .. 1116915720 M * hvd 1691 pts/0 D+ 0:00 /bin/bash /usr/sbin/vserver qa-www-0 stop 1116915720 M * hvd 1699 pts/0 S+ 0:00 /usr/lib/util-vserver/lockfile /var/lock/vserver.etcvserversqawww0.startup /tmp/vserver-lock.TUCNEe 1116915720 M * hvd 1747 ? S< 0:00 [khelper] 1116915720 M * hvd 1748 ? S< 0:00 /bin/bash /sbin/vshelper shutdown 49152 1116915733 M * hvd grz-1:~# strace -p 1699 1116915733 M * hvd Process 1699 attached - interrupt to quit 1116915733 M * hvd setup() = 0 1116915733 M * hvd getppid() = 1691 1116915733 M * hvd nanosleep({10, 0}, {10, 0}) = 0 1116915763 M * hvd while vshelper is still listening to the pipe: 1116915763 M * hvd grz-1:~# strace -p 1748 1116915763 M * hvd Process 1748 attached - interrupt to quit 1116915763 M * hvd open("/tmp/vserver-stop.Xc38vi/pipe", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666 1116915763 M * hvd Process 1748 detached 1116915842 M * hvd according to vps xa all pids are killed within the vserver .. 1116915850 M * hvd hints anyone ? 1116916428 M * Doener hvd: you already created the dummy shutdown delegate script? 1116916514 M * hvd mhh whats that .. 1116916531 M * Doener sec... 1116916598 M * Doener http://archives.linux-vserver.org/200505/0085.html 1116916698 M * hvd thx bjoern .. 1116916703 M * hvd thats it ;) 1116916728 M * Doener great :) 1116916797 M * hvd util-vserver bug ? 1116916947 M * Doener I'd say so... looks like a race between two vshelpers... 1116917175 M * Doener I expect that to be fixed in .208, we fixed the syscall that allows to wait for a context to be shutdown and enrico is testing that stuff atm AFAIK... if that shouldn't work out, it's still easy enough to provide such a dummy delegation script with the tools as a workaround ;) 1116917286 M * hvd yes looks like a really cheap workaround ;) 1116918594 J * jsambrook ~jsambrook@aelfric.plus.com 1116918607 P * jsambrook 1116920063 M * eyck Bertl: hmmmm 1116920096 M * eyck Bertl: this: http://vserver.13thfloor.at/Stuff/chrootescape 1116920102 M * eyck doesn't woork 1116920126 M * eyck BUT, when I compile rootescape.c ( which I assumed was the source code for that ) 1116920130 M * eyck it works, 1116920137 M * eyck it escapes from vserver 1116920170 M * Doener probably i misguided you there, and that the one is not what you get, when you compile the other... 1116920198 M * Doener s/that// 1116920211 M * eyck I just assumed too much, 1116920234 M * Doener no, actually i said it is the source to that binary ;) 1116920264 M * eyck do you have any idea what could be wrong with my setup? 1116920279 M * eyck I started from scratch... 1116920285 M * Doener i'm trying to figure out the xfs code atm... 1116920290 M * eyck and still get out of vserver 1116920370 M * eyck which I strange, because I tested this when the issue was hot, and the barrier did work. 1116920828 J * prae ~prae@ezoffice.mandriva.com 1116921071 M * Doener eyck: hm, just a wild guess, but try setattr --iunlink --barrier /vservers 1116921115 M * eyck this isn't ok: ---Bu-- /var/lib/vservers/ 1116921117 M * eyck ? 1116921141 M * eyck (btw, you keep talking about /vservers/, maybe the problem is that I keep mounting this somewhere deeper?) 1116921164 M * Doener i'm just too lazy to type /path/to/vservers/ 1116921176 M * eyck which unfortunatelly has nasty side effect for running sploit/setattr - the path /var/lib/ gets chmodded to 0000 1116921178 M * Doener ... and folks start to think of /bla/vservers/myvserver then 1116921184 M * eyck oh, ok. 1116921298 M * Doener what may cause trouble is when /var/lib/vservers is not the real directory containing the vservers, thus Bertl suggests using: /vservers/*/.. (note the dots) 1116921332 M * Doener that will always end up being the real directories containing the vserver directories 1116921467 M * Doener AFAICT the tools have "Barrier == permissions=0000", while 1.2.10 says: "Barrier = permissions=0000 AND IUNLINK flag is set" 1116921851 M * eyck oh, 1116921901 M * eyck iunlink doesn't help 1116921922 M * eyck now I've got: ---BU-- /var/lib/vservers 1116921923 M * Doener then let's wait for Bertl... I'm out of ideas... 1116921971 M * Doener extended attributes for xfs are enabled, right? (if you can disable them at all, never used xfs...) 1116921999 M * eyck I don't know how to disable them 1116922019 M * eyck but I can sure change them: ---Bu-- /var/lib/vservers/ 1116922030 M * eyck that was with setattr --~iunlink --barrier /var/lib/vservers/tst/../ 1116922046 M * eyck howether setattr --iunlink --barrier /var/lib/vservers/tst/../ 1116922046 M * eyck /var/lib/vservers/tst/../: Operation not permitted 1116922823 N * BobR_afk BobR 1116922882 N * id_sleep id 1116922889 N * Bertl_oO Bertl 1116922897 M * id Hi Bertl 1116922904 M * Bertl hey id! 1116922918 M * id problem solved =) 1116922931 M * Bertl eyck: still working on that xfs issue? 1116922946 M * Bertl id: congrats! 1116923030 M * Bertl Doener: did you get around testing the network patches? 1116923080 M * eyck Bertl: yup. 1116923098 M * Bertl eyck: did you try with vanilla kernel yet? 1116923159 M * eyck Bertl: nope, but I created infrasttructure for tests, 1116923163 M * eyck god bless laptops 1116923408 M * eyck Bertl: and I noticed that http://vserver.13thfloor.at/Stuff/chrootescape doesn't work, while http://vserver.13thfloor.at/Stuff/rootescape.c does. 1116923430 M * Bertl so which one did you use? ;) 1116923510 M * Doener Bertl: hmm... the qemu instance is still running... but i don't remember what i did... will do some tests now... (again?) 1116923628 M * eyck Bertl: I used rootescape.c, sorry I told you it was chrootescape, I was under an impression that those two are the same (ie, one is the source, the other is the binary ) 1116923639 M * Doener BOOM! :) 1116923651 M * Doener kernel BUG at :62443! 1116923656 M * Bertl kernel BUG at kernel/vserver/network.c:91! 1116923672 M * Doener seems like i forgot some debugging options... again(!)... 1116923672 M * Bertl (if you compile in the verbose debug stuff ;) 1116923732 M * Bertl so either we discovered an existing bg, or we did something wrong ;) 1116923739 M * Bertl s/bg/bug/ 1116923755 M * SiD3WiNDR =) 1116923829 M * Bertl eyck: don't worry, I made notes about my tests yesterday, will redo it with that one ... would be nice to have 'your' binary for that to test with (as I requested yesterday) 1116924020 M * eyck Bertl - gcc -o roote rootescape.c ;) 1116924021 M * eyck http://eyck.forumakad.pl/~eyck/chroota 1116924070 M * eyck Bertl: I'm in the middle of compiling, this can take until later today, I'll report to you in the evening if pure 2.4.30+1.2.10 works. 1116924075 M * Bertl well, you know that the url you posted doesn't exist? 1116924089 M * eyck which one? 1116924100 M * Bertl probably you mean rootesc.c, no? 1116924118 M * eyck yes. 1116924135 M * eyck I thought you know what you keep in your Stuff ;) 1116924140 M * eyck sorry, 1116924150 M * Bertl I do, as you can see ;) 1116925858 M * Bertl eyck: hmm, seems I can confirm the rootesc working in my test setup ... 1116925940 M * matti Hi Bertl. 1116925947 M * Bertl hey matti! 1116925959 M * matti eyck: Hm, .pl? : 1116926008 M * matti Indeed, .pl :) So, "czesc" :) 1116926181 M * matti romke: Dude... Wake up! ;) 1116926454 M * Bertl yip yip horray! 0.29 dietlibc ;) 1116926570 M * matti ;P 1116926571 M * matti :) 1116926590 M * DaPhreak hopefully now works a bit better ;) 1116926602 M * matti And what about uClibc? 1116926627 M * Bertl well, did you try to compile tools with that? 1116926641 M * matti With uClibc? 1116926663 M * matti Nope, but I'll soon ;) Maybe... :) 1116926710 M * matti I want to help romke a bit, etc. 1116926728 M * matti Yh, whatever. Back to work... 1116926895 Q * id Ping timeout: 480 seconds 1116927451 J * id ~id@relax-media.softwarezentrum.de 1116927730 M * eyck Bertl: working ie the barrier is working fine? 1116927747 M * Bertl no, as in, the barrier seems to fail in xfs 1116927747 M * eyck matti: yeah, this means that I speak perl. 1116927768 M * eyck good, good, I'm only halfway through with kernel compiling ;) 1116928106 M * Doener Bertl: hmm... do we need a barrier check in xfs_iaccess? 1116928138 M * Bertl not sure yet, I'm seeing two different issues here 1116928182 M * Bertl one issue is that the 0.30.204 tools seem not to set the barrier correctly, but it is reported back as set .. which looks fishy 1116928238 M * Bertl the other one seems that a correct barrier doesn't work ... 1116928250 M * Doener they only set/check for "chmod 000" as do the .207 tools... i noticed that, but got lost about what is the 'real barrier thing' when i started comparing 1.29 and 1.2.10 1116928280 M * Bertl hmm, why don't they use the proper interface? 1116928341 M * Doener what is the proper interface? 1116928342 M * Bertl hmm, probably because it's not there ... ;) 1116928347 M * Doener yep :) 1116928350 M * Bertl gee 1.2.x is old!! 1116928382 M * eyck :) 1116928385 M * Bertl and 207 does the same 'faulty' check? 1116928411 M * Bertl currently 'trying' to get 207 through on mdk 9.1 :/ 1116928420 M * Doener if ( (old_mask&VC_IATTR_BARRIER) && S_ISDIR(st.st_mode)) { 1116928420 M * Doener *mask |= VC_IATTR_BARRIER; 1116928420 M * Doener if ((st.st_mode&0777) == 0) *flags |= VC_IATTR_BARRIER; 1116928420 M * Doener } 1116928420 M * matti eyck: Perl? 1116928455 M * Bertl Doener: so that's a bug to file then, could you do that for me? 1116928484 M * Doener so the time to register at savannah has come... ;) 1116928513 M * Doener setting IUNLINK for < 1.2.10 is fine, too, right? 1116928560 M * Bertl should be ... but 1.2.10 it's not, right? 1116928659 M * Doener hm? AFAICT 1.2.10 requires IUNLINK more than the previous versions did... 1116928692 M * Bertl right, IUNLINK + 000 just verified 1116928702 M * Bertl before it was enough to have 000 1116928723 M * Bertl so enrico just 'missed' that change :/ 1116928861 M * albeiro matti: vserver tools can be commpiled with uclibc 1116928865 M * albeiro i did once 1116928953 M * Bertl Doener: if we require a check in xfs_iaccess, then probably on both 2.4 and 2.6, no? 1116929030 M * Doener didn't check the xfs code in 2.6 but I'd say so... I didn't really check on 2.4, if we need it, but as vfs_permission has it, it seems to make sense ;) 1116929059 M * Bertl why does xfs override vfs_permission? 1116929135 M * Bertl but you're right, it does, maybe we should put the check _before_ the fs specific one? 1116929160 M * matti albeiro: OK, thanks. 1116929161 M * matti :) 1116929170 M * albeiro Bertl: be carefull dealing with xfs, it is common for it to overwrite kernel functions 1116929182 M * Bertl yeah, I can see that ;) 1116929207 M * Doener vfs_permission is generic, every fs providing its own checks overrides it 1116929232 M * Doener yep, putting it before the fs specific checks sounds good 1116929247 M * Bertl would sync it with 2.6 ... 1116929339 M * Bertl okay, we also have no callers for vfs_permission which would interfere with that, checking now ... 1116929351 M * Doener hm, can't login at savannah using firefox... let's see how elinks does... 1116929369 M * Bertl huh? galeon did work quite fine ... 1116929393 M * Doener elinks works, too... 1116929435 M * Doener looks like a firefox bug... savannah forwards my to the right page after login, but ff doesn't ask about cookies... 1116929648 J * terr ~gilles@ip-213-49-162-64.dsl.scarlet.be 1116929714 M * Doener Bertl: it's still chattr +t for IUNLINK, right? 1116929763 P * terr 1116929885 M * Bertl Doener: yep, definitely on 1.2.x 1116929923 M * Doener ok, bug filed... 1116929933 M * Bertl thanks a lot! 1116929974 M * Doener did i just miss the proper field or do they really don't have a priority attribute for bugs there? 1116929980 M * Bertl btw, I guess when we are at it .. the following applies too 1116929983 M * Doener s/priority/severity/ 1116929986 M * Bertl http://vserver.13thfloor.at/Experimental/FOR-1.9.5/delta-xfs_dinode-fix01.diff 1116929999 M * Bertl Doener: hmm, IIRC I saw some fields ... 1116930001 N * id id_werk 1116930024 M * Doener right (the patch) 1116930228 M * Loki|muh hows ipv6-implementation going on? anything useable yet? 1116930230 M * eyck hmm, so what should I do now to enable the barrier? 1116930237 M * eyck because I'm lost 1116930240 M * Bertl wait for 1.2.11 ;) 1116930242 M * eyck downgrade to 1.2.9 ? 1116930247 M * eyck ooh, goodie, goodie, thanks. 1116930342 M * Bertl Doener: now while I'm compiling and testing this, any ideas regarding the net issue on vs2.0-rc1++ 1116930369 M * Doener simple and easy: no ;) 1116930390 M * Bertl hmm ... 1116930408 M * Doener ah, savannah is another site that doesn't put encoding headers in their emails... i love it... 1116930408 M * Bertl I'd opt for that this did happen before, we just didn#t notice yet ;) 1116930510 M * Bertl what did you do to trigger it? 1116930516 M * Doener hm... ok, the body doesn't contain anything non-ascii, so no header required... but the from/to headers didn't get encoded... 1116930521 M * Doener i stopped a vserver 1116930545 M * Bertl okay, same here ... funny thing is, all the testme.sh tests didn#t trigger it 1116930772 M * Doener Bertl: just to make sure, it's the nx_tasks check that triggers, right? 1116930783 M * Bertl yup 1116930831 M * Bertl BUG_ON(atomic_read(&nxi->nx_tasks)); 1116932293 M * Doener Bertl: hm, in copy_process, there's no claim_nx_info, only a claim_vx_info... 1116932366 M * Doener and as chbind does not fork(), but exec() that might also explain why testme.sh doesn't trigger it, right? 1116932399 M * Bertl sounds good ... 1116932476 M * Doener compiling 1116932718 M * Doener yep, that did it 1116932729 M * Bertl excellent work! 1116932742 M * Doener my pleasure 1116932779 M * Bertl somehow xfs on 2.4 is still refusing to accept +t on dirs ... 1116933253 M * Doener xfs_dic2xflags? (just guessing, i don't get the code...) 1116933266 M * Bertl well, I added the relevant parts there ... 1116933305 M * Bertl I think more the setattr doesn't understand the +t 1116933680 Q * BWare Ping timeout: 480 seconds 1116933989 J * terr ~gilles@ip-213-49-162-64.dsl.scarlet.be 1116934008 M * terr Hello. 1116934013 M * Bertl hey terr! 1116934024 M * terr Hi Herbert! 1116934029 M * Bertl struggling with the routing? 1116934040 M * terr Yes :-} 1116934061 M * Bertl did you read the reference I pointed to in the first reply carefully? 1116934069 N * lilo_ lilo 1116934100 M * terr I read it, yes; but "carefully" enough I don't know... 1116934127 M * terr I tried something along the lines shown there 1116934142 M * Bertl with separate routing tables? 1116934148 M * terr ... but as I wrote in my reply, it didn't work. 1116934179 J * BWare ~bware@office.intouch.net 1116934181 M * terr No. The "rule" command fails, I think 1116934214 M * Bertl evil rule command ;) 1116934223 M * terr The "ip" docs talk about setting CONFIG_IP_MULTIPLE_TABLES 1116934227 M * Bertl wb BWare! 1116934258 M * Bertl terr: yup ... 1116934286 M * terr But I didn't see it in my ".config" 1116934299 M * Bertl which kernel? 1116934309 M * terr 2.6.11.9 1116934322 M * Bertl linux-2.6.11.10-vs2.0-P1]# grep TABLE .config 1116934322 M * Bertl # CONFIG_IP_MULTIPLE_TABLES is not set 1116934349 M * terr (!) I'll check again. 1116934353 M * Bertl so probably you are missing a prerequisite too ... 1116934362 M * Bertl like advanced routing or so ;) 1116934468 M * terr Indeed: # CONFIG_IP_ADVANCED_ROUTER is not set 1116934515 M * terr I'll compile a new kernel first and come back later. Thanks! 1116934525 M * Bertl you're welcome! 1116934880 Q * flock Ping timeout: 480 seconds 1116935053 Q * rs Quit: rs 1116935089 Q * BWare Ping timeout: 480 seconds 1116935502 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il 1116935588 J * BWare ~bware@office.intouch.net 1116936095 M * BWare Ah the ip rule terror :) 1116936125 M * BWare I just sent a mail to the list with the dependencies (reading from scrollback buffer) 1116936182 M * BWare I should've read my scrollback buffer better 1116936288 M * Bertl argl, I'm too old for 2.4 ;) 1116936357 M * eyck too old? wasn't Bertl this young hot-shot programmer from austria? 1116936369 M * Bertl emphasis on _was_ *G* 1116936396 M * Bertl well, it seems that I completely forgot about 2.4 kernels ;) 1116936414 M * Bertl but the issue seems fixed now ... 1116936684 J * sebd ~sebd@lesdeveloppementsdurables.org 1116936783 M * eyck great :) 1116936812 M * Bertl but it seems you have to wait a little, as the machine where I was compiling/testing it just vanished from my radar ... 1116936879 M * SNy hehe, http://bash.org/?5273 comes to mind 1116936903 M * Bertl LOL 1116936958 M * eyck yeah, that's why they put those blue leds on servers these days 1116937026 J * knoppix_ ~knoppix@dsl-082-082-083-125.arcor-ip.net 1116937224 J * rs ~rs@staff.lycos.fr 1116937460 M * Bertl morning rs! 1116937473 Q * rs Read error: No route to host 1116937723 M * eyck Bertl: hey, what about sending security bulletin to bugtraq? ;) 1116937775 M * Bertl be serious, who uses 2.4 and xfs ;) 1116937812 J * rs ~rs@staff.lycos.fr 1116937816 M * Bertl but feel free to file one ... 1116937846 M * eyck why me? I'm not a developer, 1116938016 J * Jdogg Jdogg@c-24-1-174-133.hsd1.tx.comcast.net 1116938025 M * Bertl welcome Jdogg! 1116938051 M * eyck yo, dog, 1116938059 M * Bertl Doener: I 'thought' the delegates solved the 'helper is hanging' issue with 0.30.207? 1116938084 M * Doener uhm.. yeah? they do... 1116938089 M * Jdogg sup 1116938103 M * Bertl Doener: I have a newly (with 0.30.207) installed debian guest 1116938121 M * Bertl and I did echo the required things to silence the startup/shutdown 1116938139 M * Bertl nevertheless the reboot helper hangs :( 1116938153 M * Doener o.O 1116938248 M * Bertl Rebooting... ifdown: shutdown eth0: Permission denied 1116938260 M * Bertl /usr/sbin/vserver: line 79: 17520 Killed "${NICE_CMD[@]}" ${USE_VNAMESPACE:+$_VNAMESPACE --enter "$S_CONTEXT" -- } $_VCONTEXT $SILENT_OPT --migrate --chroot --xid "$S_CONTEXT" -- "${INITCMD_STOP[@]}" 1116938265 M * Bertl Vserver '/etc/vservers/test3' still running unexpectedly; please investigate it manually... 1116938269 Q * albeiro Remote host closed the connection 1116938454 M * Bertl hehe, I'm really getting old ... guess _who_ disabled the host I was working on ... 1116938474 J * albeiro albeiro@albeiro.usercloak.oftc.net 1116938582 M * DaPhreak Bertl: probably you ?! :) 1116938588 M * Bertl bingo! 1116938605 M * DaPhreak ;) 1116938625 M * Bertl luckily I have a serial console there, so it was easy to recover ... 1116938661 J * aba ~aba@2001:a60:f006::2 1116938667 M * DaPhreak nah has nothing to do with your age .. has more to do with lazyness and/or obliviousness 1116938701 N * BobR BobR_afk 1116938704 M * Bertl what does that mean? I don't want to look it up in the dictionary *G* 1116938728 M * DaPhreak hehe Bertl its forgetfulness or in german "vergesslichkeit" ;) 1116938750 M * Bertl wutt? wutt? 1116938757 M * albeiro ? ;] 1116938776 M * Bertl DaPhreak: and for the punch line, I was talking about lazyness ;) 1116938798 M * DaPhreak heh 1116938826 M * DaPhreak didn't changed boot-managers entry eh ? *G* 1116939749 M * Bertl no, did paste ifconfig statements on the host ;) 1116939800 M * Bertl eyck: time for you to test ... 1116939999 M * Bertl http://vserver.13thfloor.at/Experimental/delta-2.4.30-vs1.2.10-vs1.2.10.1.diff 1116940140 M * DaPhreak hmm does this xfs_escape also apply to 2.6 ? 1116940158 M * eyck Bertl: ok, thnx, I'm going to get a bike and drive to testing facility 1116940557 M * Bertl great! and please verify that it works fine for ext2/3 too 1116941117 M * Bertl eyck: and don't forget: only you can save mankind! ;) 1116941212 M * DaPhreak heh, Bertl have you already tried to install dietlibc ? *g* 1116941240 M * Bertl the new one? no 1116941507 Q * aba iridium.oftc.net jupiter.oftc.net 1116941507 Q * berni iridium.oftc.net jupiter.oftc.net 1116941507 Q * mugwump iridium.oftc.net jupiter.oftc.net 1116941507 Q * stupidawy iridium.oftc.net jupiter.oftc.net 1116941507 Q * SNy iridium.oftc.net jupiter.oftc.net 1116941507 Q * pusling iridium.oftc.net jupiter.oftc.net 1116941507 Q * albeiro iridium.oftc.net jupiter.oftc.net 1116941507 Q * Jdogg iridium.oftc.net jupiter.oftc.net 1116941507 Q * sebd iridium.oftc.net jupiter.oftc.net 1116941507 Q * prae iridium.oftc.net jupiter.oftc.net 1116941507 Q * hvd iridium.oftc.net jupiter.oftc.net 1116941507 Q * gaba iridium.oftc.net jupiter.oftc.net 1116941507 Q * Vudumen iridium.oftc.net jupiter.oftc.net 1116941509 Q * ndim iridium.oftc.net jupiter.oftc.net 1116941509 Q * mep__ iridium.oftc.net jupiter.oftc.net 1116941509 Q * romke iridium.oftc.net jupiter.oftc.net 1116941509 Q * ruuth iridium.oftc.net jupiter.oftc.net 1116941509 Q * maharaja iridium.oftc.net jupiter.oftc.net 1116941509 Q * virtuoso iridium.oftc.net jupiter.oftc.net 1116941509 Q * DaPhreak iridium.oftc.net jupiter.oftc.net 1116941509 Q * mcp iridium.oftc.net jupiter.oftc.net 1116941509 Q * Loki|muh iridium.oftc.net jupiter.oftc.net 1116941509 Q * Psy0rz iridium.oftc.net jupiter.oftc.net 1116941509 Q * FaUl iridium.oftc.net jupiter.oftc.net 1116941509 Q * _mountie iridium.oftc.net jupiter.oftc.net 1116941509 Q * eyck iridium.oftc.net jupiter.oftc.net 1116941509 Q * janra iridium.oftc.net jupiter.oftc.net 1116941509 Q * BWare iridium.oftc.net jupiter.oftc.net 1116941509 Q * terr iridium.oftc.net jupiter.oftc.net 1116941509 Q * matti iridium.oftc.net jupiter.oftc.net 1116941509 Q * bro iridium.oftc.net jupiter.oftc.net 1116941509 Q * eXplasm2 iridium.oftc.net jupiter.oftc.net 1116941509 Q * micah iridium.oftc.net jupiter.oftc.net 1116941509 Q * case iridium.oftc.net jupiter.oftc.net 1116941509 Q * gregster iridium.oftc.net jupiter.oftc.net 1116941509 Q * sith iridium.oftc.net jupiter.oftc.net 1116941509 Q * Seraph iridium.oftc.net jupiter.oftc.net 1116941509 Q * Hunger iridium.oftc.net jupiter.oftc.net 1116941509 Q * nox iridium.oftc.net jupiter.oftc.net 1116941509 Q * rs iridium.oftc.net jupiter.oftc.net 1116941509 Q * flock iridium.oftc.net jupiter.oftc.net 1116941509 Q * cryo iridium.oftc.net jupiter.oftc.net 1116941509 Q * TheSeer iridium.oftc.net jupiter.oftc.net 1116941509 Q * lilo iridium.oftc.net jupiter.oftc.net 1116941509 Q * Zoiah iridium.oftc.net jupiter.oftc.net 1116941509 Q * Beirdo iridium.oftc.net jupiter.oftc.net 1116941509 Q * Beave iridium.oftc.net jupiter.oftc.net 1116941509 Q * sladen iridium.oftc.net jupiter.oftc.net 1116941509 Q * SiD3WiNDR iridium.oftc.net jupiter.oftc.net 1116941509 Q * Snow-Man iridium.oftc.net jupiter.oftc.net 1116941509 Q * Bertl iridium.oftc.net jupiter.oftc.net 1116941521 J * albeiro albeiro@albeiro.usercloak.oftc.net 1116941521 J * Jdogg Jdogg@c-24-1-174-133.hsd1.tx.comcast.net 1116941521 J * sebd ~sebd@lesdeveloppementsdurables.org 1116941521 J * prae ~prae@ezoffice.mandriva.com 1116941521 J * hvd ~takeagues@fw-grz.hollomey.com 1116941521 J * gaba ~gaba@protest.net 1116941521 J * Vudumen vudumen@perverz.hu 1116941521 J * ndim hun@helena.bawue.de 1116941521 J * mep__ mep@p5091C703.dip.t-dialin.net 1116941521 J * romke ~romke@procyon.romke.net 1116941521 J * ruuth VooDoo@topas.informatik.uni-ulm.de 1116941521 J * maharaja maharaja@ipax.at 1116941521 J * virtuoso ~s0t0na@80.253.205.251 1116941521 J * DaPhreak ~phreak@lms.rz.uni-greifswald.de 1116941521 J * mcp ~hightower@wolk-project.de 1116941521 J * Loki|muh loki@satanix.de 1116941521 J * Psy0rz ~psy0rz@195.169.61.234 1116941521 J * FaUl ~immo@ip88.164.1211G-CUD12K-01.ish.de 1116941521 J * pusling ~pusling@195.215.29.124 1116941521 J * mugwump ~samv@210-54-92-184.ipnets.xtra.co.nz 1116941521 J * stupidawy foo@you.wish.you.were.pimp.olicio.us 1116941521 J * SNy ~mfr@bmx-chemnitz.de 1116941521 J * janra janra@paradox.homeip.net 1116941521 J * eyck eyck@81.219.64.71 1116941521 J * _mountie ~mountie@CPEdeaddeaddead-CM000a739acaa4.cpe.net.cable.rogers.com 1116941521 J * nox ~nox@noxlux.de 1116941567 J * aba ~aba@2001:a60:f006::2 1116941567 J * berni ~berni@svr01.mucip.net 1116941574 J * BWare ~bware@office.intouch.net 1116941574 J * matti matti@linux.gentoo.pl 1116941574 J * bro ~vanity@lanparty.lv 1116941574 J * eXplasm2 explasm@p549FF519.dip.t-dialin.net 1116941574 J * micah micah@micha.hampshire.edu 1116941574 J * case ~case@donpanic.faveve.uni-stuttgart.de 1116941574 J * gregster ~gregor@greart.de 1116941574 J * sith sith@aaronp.com 1116941574 J * Seraph kk@projects.verfaction.de 1116941574 J * Hunger Hunger.hu@Hunger.hu 1116941580 J * rs ~rs@staff.lycos.fr 1116941580 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il 1116941580 J * cryo ~say@212.86.243.154 1116941580 J * TheSeer ~theseer@212.12.45.62 1116941580 J * lilo ~lilo@lilo.usercloak.oftc.net 1116941580 J * Zoiah Zoiah@matryoshka.zoiah.net 1116941580 J * Beirdo ~gjhurlbu@beirdo.usercloak.oftc.net 1116941580 J * SiD3WiNDR luser@bastard-operator.from-hell.be 1116941580 J * sladen paul@starsky.19inch.net 1116941580 J * Bertl ~herbert@janus.mc.tuwien.ac.at 1116941580 J * Beave ~beave@vistech.org 1116941580 J * Snow-Man ~sfrost@snowman.net 1116941843 M * Bertl Doener: okay, seems this issue is self-made, please ignore 1116941865 M * Doener ok ;) 1116942044 M * Bertl but the part with the hanging reboot helper seems to be valid ... 1116942345 Q * eXplasm2 Remote host closed the connection 1116942407 J * Jd0gg Jdogg@c-24-1-174-133.hsd1.tx.comcast.net 1116942418 Q * Jd0gg Quit: 1116942440 Q * Jdogg Read error: Connection reset by peer 1116942463 M * Bertl Doener: root 29443 0.1 0.0 2324 1308 ? S< 15:51 0:00 /bin/bash /sbin/vshelper restart 42 1116942492 M * Bertl strace -fF -p 29443 1116942492 M * Bertl Process 29443 attached - interrupt to quit 1116942492 M * Bertl open("/tmp/vserver-stop.Ki5Ys0/pipe", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = -1 ENOENT (No such file or directory) 1116942495 M * Bertl write(2, "/sbin/vshelper: line 89: /tmp/vs"..., 82) = 82 1116942497 M * Bertl rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 1116942500 M * Bertl exit_group(1) = ? 1116942502 M * Bertl Process 29443 detached 1116942512 M * Bertl interesting, isn't it? 1116942547 M * Doener indeed... 1116943695 M * Bertl okay, I'm off for now .. back later ... 1116943703 M * Doener cya! 1116943706 T * services.oftc.net http://linux-vserver.org/ | latest stable 1.2.10, devel 1.9.5, 2.0-rc1, ng9.4 -- He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) 1116943716 N * Bertl Bertl_oO 1116944041 J * eXplasm explasm@p549FF519.dip.t-dialin.net 1116944042 M * matti Bye Bertl. 1116944517 J * yarihm ~yarihm@vpn-global-015-dhcp.ethz.ch 1116946215 Q * yarihm Quit: Leaving 1116946674 M * romke does vserver works on alpha systems? 1116946684 M * romke s/systems/arch/ 1116946894 M * Doener it's supposed to... i don't know if this was tested yet, but Bertl is always happy if someone is able to test on a new arch 1116947048 M * aba well, IIRC sukria tested it recently ... 1116947231 N * id_werk id 1116950279 J * Doener` ~doener@p54877F87.dip.t-dialin.net 1116950336 M * eyck Bertl: barrier works again! rock 1116950366 M * eyck oh wait 1116950439 M * eyck what is the correct barrier right now? 1116950451 M * eyck setattr --barrier --unlink ? 1116950537 J * mep_ mep@p5091E1EF.dip.t-dialin.net 1116950719 Q * Doener Ping timeout: 480 seconds 1116950756 M * eyck barrier + iunlink works fine. 1116950969 Q * mep__ Ping timeout: 480 seconds 1116951468 J * newz2000 ~newz2000@12-226-91-204.client.mchsi.com 1116951542 M * newz2000 howdy, I'm running a batch program in a vserver and I'm curious to know if it's using some swap memory. Anyone know a way to find out? I'm using old vserver ctx17. 1116951586 M * eyck newz2000: exactly like you would with normal program running outside of vserver 1116951626 M * newz2000 eyck, I guess I don't know how to do that. Top usually shows a W if it's swapped, but my program doesn't have that. Yet its running extremely slow. 1116951629 M * newz2000 Top says: 12415 root 9 0 313M 313M 6064 S 0.0 35.4 0:28 0 mono 1116951670 M * eyck 313M is a lot 1116951682 M * newz2000 it's got a lot of in memory hash tables for doing lookups. 1116951700 M * eyck newz2000: I think W means your whole program gets swapped out, 1116951707 M * eyck this shouldn't normally happen 1116951716 M * eyck this is emergency tactic for the kernel, 1116951731 M * newz2000 That's what I thought too. Any obvious way to see if it's using swap memory? BUt I've found no quick answers. 1116951738 M * eyck normally it swaps out only less used pages, and this happens with all programs. 1116951800 M * eyck newz2000: look at free output: Swap: 996020 107540 888480 1116951810 M * newz2000 Hmm... I'm thinking that if I'm constantly scanning entire hash tables then chances are none are less used. 1116951819 M * newz2000 Swap: 2048248 168352 1879896 1116951826 M * eyck this mean I've got ~100M swapped out, and those are 'random' pages from different programs 1116951841 M * eyck how much RAM have you got? 1116951856 M * newz2000 905160 1116951915 M * eyck newz2000: your program is trying to keep all it's pages in memory, 1116951924 M * eyck this is not a very friendly behavior, 1116951931 M * eyck typical for java apps though ;) 1116951961 M * newz2000 Well, it's a very active batch script that is trying to normalize data. I suspect it's constantly using all of the data in the hash tables. 1116952004 M * eyck hmm, if you've got 1G ram, 300M shouldn't be that much of a problem 1116952034 M * newz2000 Yeah, that was what I'm thinking. The funny thing is, with this particular log file, sometimes it runs in 3 mins, some times in runs in 5 hours. 1116952053 M * eyck any idea of load avg during that time? 1116952054 M * newz2000 The only thing I can think of is that part of the prog is being paged out. 1116952064 M * newz2000 load average: 0.04, 0.04, 0.01 1116952070 M * newz2000 I'm running it now actually. 1116952095 M * eyck not very busy, 1116952107 M * eyck how about disk? maybe it's waiting for it? 1116952131 M * newz2000 Could be, but it's just processing one line at a time in a log file. Most of the data is in RAM. 1116952149 M * newz2000 Hmm... I found /proc/{pid}/... I wonder what all this stuff is. 1116952219 M * eyck numbers ;) 1116952228 M * newz2000 no kidding. Lot's of interesting numbers. 1116952235 M * newz2000 I don't know what they mean of course. 1116952282 M * ruuth hi! after testing gentoo + vserver I want to test debian + vserver - is there a good howto? 1116952289 M * eyck psutils are good at interpreting those 1116952291 M * newz2000 cat /proc/12415/status yelds State: S (sleeping) 1116952319 M * eyck probably waiting for disk or net 1116952330 M * newz2000 Hmmm... Very interesting. 1116952364 M * eyck you can try stracing it and watching what it does 1116952367 M * eyck strace -p 12415 1116952369 M * newz2000 That means it's not the ram likely. There are some occassions when it hits a db server, so maybe it's spending more time there than it should. 1116952374 M * newz2000 ok 1116952454 M * newz2000 Holy cow. 1116952549 M * eyck don't stare at it, just take a peek ;) 1116952571 M * newz2000 Yeah, it's waiting for something. Must be the db server. It looks like the load on the dbserver is very high so maybe it's making my program run very slow. 1116952615 M * eyck those damn db servers... 1116952649 M * newz2000 Well, now the question is, what's making my dbserver load so high? I think I can figure that one out on my own though. 1116952689 M * eyck that's a question for DBA, and I haven't acted as one for ages 1116952748 M * newz2000 That's me, actually. 1116952766 M * eyck oh, nice to meet you ;) 1116952775 M * newz2000 Funny how one thing, not really related will show you a big problem somewhere else. 1116952792 M * newz2000 When you start investigating, you never know where the root cause will be sometimes. 1116952832 Q * rs Quit: rs 1116952876 M * eyck yeah. 1116952918 N * Bertl_oO Bertl 1116952921 M * Bertl short visit! 1116952933 M * Bertl eyck: everything working fine? 1116952953 M * eyck Bertl: I think so, now I have to test if trying to unset unlink would work 1116952972 M * Bertl okay, did you also check for ext2/3 and reiser? 1116952982 M * eyck not yet. 1116953001 M * Bertl do you plan to do so? ;) 1116953026 M * eyck yeah, it's a breaze, I've got lvm partition set beside especially for this task 1116953034 M * eyck i mean, it should be a breeze 1116953040 M * Bertl excellent, TIA! 1116953147 M * Bertl okay, off again, back in the evening ... 1116953154 N * Bertl Bertl_oO 1116953175 M * eyck have fun 1116953423 M * ruuth daniel_hocac: hi! after testing gentoo + vserver I want to test debian + vserver - is there a good howto? (you are the gosu in here :) ) 1116953435 M * ruuth daniel_hozac: hi! after testing gentoo + vserver I want to test debian + vserver - is there a good howto? (you are the gosu in here :) ) 1116953445 M * daniel_hozac haha, i'm no such thing ;) 1116953448 M * daniel_hozac not even close. 1116953458 M * daniel_hozac but i don't know of a Debian howto. 1116953483 M * newz2000 I put a quick-and-dirty one on the list recently. It wasn't complete, let me see if I can find the link... 1116953538 M * newz2000 This can get you started: http://list.linux-vserver.org/archive/vserver/msg09330.html 1116953570 M * ruuth newz2000: Thx! 1116953580 M * newz2000 You may not thank me after you've read it. ;-) 1116953590 M * newz2000 No, seriously, it should get you most of the way there. 1116953732 Q * prae Quit: Client exiting 1116954189 M * ruuth newz2000: looks good - but I was thinking of using the prepatched vserver-kernel 1116956210 J * rs ~rs@80.214.248.1 1116956761 Q * Beave oxygen.oftc.net jupiter.oftc.net 1116956761 Q * sladen oxygen.oftc.net jupiter.oftc.net 1116956761 Q * SiD3WiNDR oxygen.oftc.net jupiter.oftc.net 1116956761 Q * Zoiah oxygen.oftc.net jupiter.oftc.net 1116956761 Q * TheSeer oxygen.oftc.net jupiter.oftc.net 1116956761 Q * cryo oxygen.oftc.net jupiter.oftc.net 1116956761 Q * flock oxygen.oftc.net jupiter.oftc.net 1116956761 Q * Snow-Man oxygen.oftc.net jupiter.oftc.net 1116956761 Q * lilo oxygen.oftc.net jupiter.oftc.net 1116956761 Q * Beirdo oxygen.oftc.net jupiter.oftc.net 1116956761 Q * Bertl_oO oxygen.oftc.net jupiter.oftc.net 1116956761 Q * rs oxygen.oftc.net jupiter.oftc.net 1116956761 Q * sith oxygen.oftc.net jupiter.oftc.net 1116956761 Q * gregster oxygen.oftc.net jupiter.oftc.net 1116956761 Q * bro oxygen.oftc.net jupiter.oftc.net 1116956761 Q * BWare oxygen.oftc.net jupiter.oftc.net 1116956761 Q * Seraph oxygen.oftc.net jupiter.oftc.net 1116956761 Q * micah oxygen.oftc.net jupiter.oftc.net 1116956761 Q * Hunger oxygen.oftc.net jupiter.oftc.net 1116956762 Q * matti oxygen.oftc.net jupiter.oftc.net 1116956762 Q * case oxygen.oftc.net jupiter.oftc.net 1116956762 Q * berni oxygen.oftc.net jupiter.oftc.net 1116956762 Q * aba oxygen.oftc.net jupiter.oftc.net 1116956762 Q * stupidawy oxygen.oftc.net jupiter.oftc.net 1116956762 Q * mugwump oxygen.oftc.net jupiter.oftc.net 1116956762 Q * SNy oxygen.oftc.net jupiter.oftc.net 1116956762 Q * pusling oxygen.oftc.net jupiter.oftc.net 1116956762 Q * newz2000 oxygen.oftc.net jupiter.oftc.net 1116956762 Q * mep_ oxygen.oftc.net jupiter.oftc.net 1116956762 Q * Doener` oxygen.oftc.net jupiter.oftc.net 1116956762 Q * eXplasm oxygen.oftc.net jupiter.oftc.net 1116956762 Q * _mountie oxygen.oftc.net jupiter.oftc.net 1116956762 Q * eyck oxygen.oftc.net jupiter.oftc.net 1116956762 Q * FaUl oxygen.oftc.net jupiter.oftc.net 1116956762 Q * Psy0rz oxygen.oftc.net jupiter.oftc.net 1116956762 Q * Loki|muh oxygen.oftc.net jupiter.oftc.net 1116956762 Q * virtuoso oxygen.oftc.net jupiter.oftc.net 1116956762 Q * maharaja oxygen.oftc.net jupiter.oftc.net 1116956762 Q * ruuth oxygen.oftc.net jupiter.oftc.net 1116956762 Q * romke oxygen.oftc.net jupiter.oftc.net 1116956762 Q * ndim oxygen.oftc.net jupiter.oftc.net 1116956762 Q * Vudumen oxygen.oftc.net jupiter.oftc.net 1116956762 Q * hvd oxygen.oftc.net jupiter.oftc.net 1116956762 Q * sebd oxygen.oftc.net jupiter.oftc.net 1116956762 Q * janra oxygen.oftc.net jupiter.oftc.net 1116956762 Q * albeiro oxygen.oftc.net jupiter.oftc.net 1116956762 Q * DaPhreak oxygen.oftc.net jupiter.oftc.net 1116956762 Q * mcp oxygen.oftc.net jupiter.oftc.net 1116956762 Q * gaba oxygen.oftc.net jupiter.oftc.net 1116956762 Q * nox oxygen.oftc.net jupiter.oftc.net 1116956801 J * newz2000 ~newz2000@12-226-91-204.client.mchsi.com 1116956801 J * mep_ mep@p5091E1EF.dip.t-dialin.net 1116956801 J * Doener` ~doener@p54877F87.dip.t-dialin.net 1116956801 J * eXplasm explasm@p549FF519.dip.t-dialin.net 1116956801 J * Snow-Man ~sfrost@snowman.net 1116956801 J * Beave ~beave@vistech.org 1116956801 J * Bertl_oO ~herbert@janus.mc.tuwien.ac.at 1116956801 J * sladen paul@starsky.19inch.net 1116956801 J * SiD3WiNDR luser@bastard-operator.from-hell.be 1116956801 J * Beirdo ~gjhurlbu@beirdo.usercloak.oftc.net 1116956801 J * Zoiah Zoiah@matryoshka.zoiah.net 1116956801 J * lilo ~lilo@lilo.usercloak.oftc.net 1116956801 J * TheSeer ~theseer@212.12.45.62 1116956801 J * cryo ~say@212.86.243.154 1116956801 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il 1116956801 J * Hunger Hunger.hu@Hunger.hu 1116956801 J * Seraph kk@projects.verfaction.de 1116956801 J * sith sith@aaronp.com 1116956801 J * gregster ~gregor@greart.de 1116956801 J * case ~case@donpanic.faveve.uni-stuttgart.de 1116956801 J * micah micah@micha.hampshire.edu 1116956801 J * bro ~vanity@lanparty.lv 1116956801 J * matti matti@linux.gentoo.pl 1116956801 J * BWare ~bware@office.intouch.net 1116956801 J * albeiro albeiro@albeiro.usercloak.oftc.net 1116956801 J * sebd ~sebd@lesdeveloppementsdurables.org 1116956801 J * hvd ~takeagues@fw-grz.hollomey.com 1116956801 J * gaba ~gaba@protest.net 1116956801 J * Vudumen vudumen@perverz.hu 1116956801 J * ndim hun@helena.bawue.de 1116956801 J * romke ~romke@procyon.romke.net 1116956801 J * ruuth VooDoo@topas.informatik.uni-ulm.de 1116956801 J * maharaja maharaja@ipax.at 1116956801 J * virtuoso ~s0t0na@80.253.205.251 1116956801 J * DaPhreak ~phreak@lms.rz.uni-greifswald.de 1116956801 J * mcp ~hightower@wolk-project.de 1116956801 J * Loki|muh loki@satanix.de 1116956801 J * Psy0rz ~psy0rz@195.169.61.234 1116956801 J * FaUl ~immo@ip88.164.1211G-CUD12K-01.ish.de 1116956801 J * pusling ~pusling@195.215.29.124 1116956801 J * mugwump ~samv@210-54-92-184.ipnets.xtra.co.nz 1116956801 J * stupidawy foo@you.wish.you.were.pimp.olicio.us 1116956801 J * SNy ~mfr@bmx-chemnitz.de 1116956801 J * janra janra@paradox.homeip.net 1116956801 J * eyck eyck@81.219.64.71 1116956801 J * _mountie ~mountie@CPEdeaddeaddead-CM000a739acaa4.cpe.net.cable.rogers.com 1116956801 J * nox ~nox@noxlux.de 1116956817 J * aba ~aba@2001:a60:f006::2 1116956817 J * berni ~berni@svr01.mucip.net 1116957341 J * terr ~gilles@ip-213-49-162-64.dsl.scarlet.be 1116957378 Q * newz2000 Quit: Chatzilla 0.9.68a [Firefox 1.0.4/20050511] 1116957784 Q * ruuth Quit: Nettalk6 der Freeware IRC-Client 1116959873 M * eyck on ext2 exploit works 1116959934 M * eyck oh wait. 1116961474 M * eyck ok, I checked again, on ext2 the exploit works, on xfs it doesn't 1116962056 M * eyck on reiserfs it also works. 1116962731 M * eyck isn't this surprising? 1116962847 M * id it is 1116962948 M * micah eyck: what exploit? 1116963119 M * eyck get-out-of-chroot 1116963538 Q * knoppix_ Quit: Verlassend 1116963858 M * Beave out of the VPS, I assume? 1116963901 M * Beave do you have a url to the exploit? 1116963905 M * Beave code that is... 1116965138 Q * eXplasm Ping timeout: 480 seconds 1116965486 J * eXplasm explasm@p549FC572.dip.t-dialin.net 1116965519 Q * eXplasm Quit: 1116965549 J * eXplasm explasm@p549FC572.dip.t-dialin.net 1116966097 M * DaPhreak Beave: http://vserver.13thfloor.at/Stuff/rootesc.c 1116966164 M * aba hu, what's that exploit? 1116966287 M * Beave 2 get-out-of-chroot 1116966288 M * SiD3WiNDR aww, works here too 1116966297 M * Beave thanks DaPhreak. 1116966298 M * SiD3WiNDR can you stop that? 1116966314 M * SiD3WiNDR or is it some bug 1116966320 M * Beave I'll try it here in a bit.. . are you running pax/grsec by change? 1116966330 M * aba is that a bug in all servers? 1116966379 A * SiD3WiNDR running simple vs1.9.5 on 2.6.11 1116966733 M * daniel_hozac what is the exploit supposed to do? 1116966793 M * eyck run away from chroot 1116966821 M * daniel_hozac doesn't work here. 1116966931 M * Beave I'll test it 2.0rc1 w/ pax/grsec here in a bit. 1116966951 M * daniel_hozac # uname -r 1116966951 M * daniel_hozac 2.6.11-1.27_FC3.vs2.0.0.0.rc1 1116966969 M * DaPhreak Beave: well im running vsgrsec :) but that doesn't change anything 1116967189 M * DaPhreak eyck: where _should_ the exploit create the baz dir ? outside of the vps (real /baz) or inside the vps (/vserver//baz) ? 1116967197 M * daniel_hozac inside. 1116967276 M * eyck inside 1116967291 M * eyck it shouldn't work. 1116967306 M * eyck AFAIK the only problem is with 1.2.10, and nobody uses that, right? 1116967312 M * DaPhreak yeah 1116967334 M * eyck also, supposedly there were things unsynchronized between tools and kernel 1116967339 M * DaPhreak eyck: it _works_ ;) on 2.6.11.9/xfs thats my problem :) 1116967369 M * SiD3WiNDR it created baz inside vserver here 1116967376 M * eyck DaPhreak: is your barrier really OK? 1116967377 M * SiD3WiNDR but after that, I had hostfilesystem as / 1116967389 M * SiD3WiNDR and I'm running 1.9.5 1116967408 M * SiD3WiNDR hmm barrier 1116967415 M * eyck you people talk too much, 1116967422 M * eyck wait for Bertl or Doener` 1116967430 M * SiD3WiNDR that's what irc is for 1116967432 M * SiD3WiNDR for talking too much :) 1116967444 M * eyck nope, that's what we created webchats for 1116967461 M * eyck irc is for exchanging information and stuff 1116967478 M * SiD3WiNDR you created webchats? 1116967479 M * SiD3WiNDR omg 1116967483 A * SiD3WiNDR crucifies eyck 1116967496 M * SiD3WiNDR exchanging information is for mailinglists :p 1116967534 M * eyck I KNOW YOU 1116967537 M * eyck you killed me! 1116967540 M * eyck you bastard! 1116967554 M * SiD3WiNDR ah indeed 1116967557 M * SiD3WiNDR and now I crucified you again 1116967567 M * SiD3WiNDR as quakenetkiddies would say, "pwnd" 1116967568 M * SiD3WiNDR ;) 1116967688 J * tbenita ~tbenita@tbenita.net1.nerim.net 1116967703 A * SiD3WiNDR curious about the rootesc :) 1116967756 M * tbenita Hi, I try to start a vserver on gentoo kernel 2.6 and I get vcontext: execvp("/etc/init.d/rc"): Permission denied. Is it normal ? 1116967786 M * eyck fakeinit is in force? 1116967795 M * eyck ls -l /etc/initd/rc ? 1116967885 M * tbenita eyck, ls -l /vservers/zopeplone/etc/init.d/rc says -rwxr-xr-x 1 root root 2235 sep 10 2004 /vservers/zopeplone/etc/init.d/rc 1116967909 M * daniel_hozac tbenita: tagxid? 1116967959 M * tbenita daniel_hozac, what is tagxid ? It's not installed. 1116967967 M * daniel_hozac it's a mount option. 1116968010 M * daniel_hozac just to be sure, lsxid /vservers/zopeplone/etc/init.d/rc 1116968036 M * tbenita !!ERR!! /vservers/zopeplone/etc/init.d/rc 1116968069 M * daniel_hozac ok. 1116968088 M * tbenita ok I added the option ; btw what does it mean ? 1116968103 M * daniel_hozac well, you shouldn't add the option unless you need it ;) 1116968216 M * daniel_hozac http://linux-vserver.org/Linux-VServer-Paper-04 1116968216 M * tbenita is it the same reason that makes impossible to chroot into the vserver folder ? 1116968220 M * daniel_hozac section 04.5 1116968579 M * tbenita daniel_hozac, sorry : section 04.5 of what documentation ? 1116968604 M * daniel_hozac http://linux-vserver.org/Linux-VServer-Paper-04 ;) 1116968605 M * tbenita oops sorry O missed the line :) 1116969667 M * tbenita daniel_hozac, eyck I don't need tagxid ;) The issue was bad mount options ;) Thanks for your help. 1116969701 M * eyck no problem. 1116969957 M * SiD3WiNDR I guess you had noexec? ;) 1116969987 M * tbenita SiD3WiNDR, I had noexec, nosuid, nodev 1116970108 M * SiD3WiNDR hehe 1116970110 M * SiD3WiNDR that explains 1116970116 M * tbenita :) 1116970766 M * case i read a thread from february 2004 that virtual networking would be implemented in some time. 1116970789 M * case is there a doc/thread about it somewhere where i might not have looked at ? 1116970800 M * daniel_hozac define virtual networking. 1116970811 M * case right now i try to confiure a tun/tap solution 1116970847 M * case internet <-> eth0 <- iptaples/ebtables> tapn <-> vserver(s) 1116970897 M * case well, it might sure be that 'virtual networking' is not the correct expression. 1116970954 M * daniel_hozac why would you want that though? 1116970987 M * case to enclose a user not only a service. 1116971030 M * daniel_hozac that sounds fairly similar to what ngnet does though. 1116971032 M * case like, some practical example, ssh in, telnet out, which i did in a chroot 1116971047 M * case then i might want ngnet.. 1116971055 M * case i'll look that up. thanks. 1116971087 M * daniel_hozac why can't you limit that sort of thing now? 1116971165 M * case with tun/tap i did it so far. but in that february thread bertl did not sound pleased/convinced about tun/tap. 1116971171 M * case or what do you mean ? 1116971255 M * daniel_hozac i'm just trying to understand why you'd want to do that. 1116971273 M * case with no 'virtual network device' my problem ist how to implement it with iptables. the other thing is that i know of no other, right now. 1116971284 M * case hm. i have a user. 1116971300 M * case i want to enclose his doings. 1116971302 M * daniel_hozac so you want your vserver users to be able to use iptables? 1116971317 M * case no. 1116971418 M * case with chroot the solution was: 1116971438 M * daniel_hozac so you want to limit outgoing traffic from the vserver? 1116971447 M * FaUl are there some special tools for vserver on gentoo like that debian-tools? 1116971492 M * case $IPTABLES -A OUTPUT -p TCP --dport 1:8079 -m owner --uid-owner 1002 -j 1116971492 M * case DROP 1116971492 M * case $IPTABLES -A OUTPUT -p TCP -d $iptoallow --dport 8081:65535 -m owner 1116971492 M * case --uid-o wner 1002 -j DROP 1116971508 M * case dan: yes. 1116971522 M * daniel_hozac and why can't you do that now? 1116971537 M * daniel_hozac iptables -A OUTPUT -s ... 1116971550 M * case too restricted capabilities. i am not sure, i still look for the point i am missing. 1116971562 M * case oh. 1116971570 M * case i try that. sec. 1116971715 M * daniel_hozac FaUl: no, why do you need them? 1116971758 M * FaUl daniel_hozac: some collegue asked me, and i don't know so i asked here :-) 1116971792 M * FaUl so what is the recommed method of building a vserver on gentoo? vserver create? 1116971804 M * daniel_hozac http://dev.gentoo.org/~hollow/vserver/guide/ ;) 1116971887 M * FaUl thx 1116972049 M * case dan: there hangs something else. i'll try in that direction. thanks so far. 1116972146 M * tbenita anybody knows where to put the vserver's config file in gentoo ? 1116972166 N * Bertl_oO Bertl 1116972176 M * Bertl evening folks! 1116972188 M * tbenita hi Bertl 1116972197 M * Beave howdy Bertl. 1116972198 M * Bertl Doener`: still around? 1116972348 M * Bertl hey tbenita! Beave! 1116972407 M * Bertl tbenita: 'config file'? 1116972446 M * Beave Sorry to ask again, but what was that link to that exploit. 1116972462 M * tbenita Bertl, I need some network inside my vserver ;) With debian 2.4 this was in /etc/vservers but in gentoo I don't find a correct place ... 1116972497 M * daniel_hozac Beave: http://vserver.13thfloor.at/Stuff/rootesc.c 1116972552 Q * click Remote host closed the connection 1116972561 M * Bertl tbenita: check vserver-info - SYSINFO 1116972578 M * tbenita ok thanks Bertl 1116972587 J * click click@dsl-static-122-208.aal.tiscali.no 1116972609 M * Beave thanks. 1116972714 P * click 1116972816 M * tbenita Bertl, I have 'cfg-Directory: /etc/vservers' and I have myvserver.conf (for a vserver called myvserver) into /etc/vservers but the options aren't taken into account... 1116972904 M * Beave Hrmph.. didn't seem to work on 1116972909 M * Beave err. 1116972937 M * Beave didnt work on 2.6.11.9-vs2.0-rc1 (one w/ reiser other with ext3). Both have pax/grsec. 1116972997 J * rs ~rs@imhotep.rhapsodyk.net 1116973092 M * Beave I have I question, do most of you guys just kill /dev/hdaX devices in VPS? 1116973153 M * SiD3WiNDR they're not even there when I build one ;) 1116973202 M * Beave well, I just built images via gentoo, and though "wait.. i dont need these". just for grins.. of couse, i'm about to pull information off the host via 'dd 1116973203 M * Beave ' 1116973227 M * Beave So, I assume you probably just remove those types of devices.. 1116973234 M * Bertl tbenita: which options? 1116973283 M * tbenita Bertl, IPROOT="192.168.243.104" 1116973285 M * Bertl Beave: a 'default' install via tools will only contain a few (about 8) devices 1116973303 M * Bertl and for good reason (security) 1116973314 M * Bertl tbenita: and what do you expect the tools to do? 1116973343 M * Bertl (aside from the fact that you are using legacy config) 1116973387 M * Beave sorry, but can you point me to a reference to what you mean, "a 'default' install via tools'? 1116973418 M * Beave I've been building my own images. I see that i need to trim down the /dev listing . 1116973422 M * tbenita Bertl, I expect to have a eth0:zopeplone mapped to 192.168.243.104 accesible into the vserver, but ifconfig gives nothing after starting the vserver and entering it. 1116973475 M * Bertl which is expected ;) 1116973488 M * Bertl try IPROOT="eth0:192.168.243.104" 1116973498 J * monski ~monrad@213083190130.sonofon.dk 1116973596 M * SiD3WiNDR Beave: "vserver xxx build" 1116973618 M * tbenita Bertl, same result 1116973658 M * Bertl Beave: see util-vserver page (link from linux-vserver org) 1116973663 M * Beave ah! 1116973678 M * Bertl tbenita: kernel, tools, complete config please ;) 1116973680 M * Beave ok. i see what you mean. bleh. 1116973688 M * tbenita :) 1116973890 M * tbenita gentoo2005 - Linux version 2.6.11-rc3-vs1.9.4 - sys-cluster/util-vserver 0.30.196 - sys-kernel/vserver-sources 1.9.5 - vserver unpacked into /vserver - config into /etc/vservers - some folders into /etc/vservers that have the vserver name 1116973921 M * Bertl strange combination ... 1116973938 M * Bertl but should work anyways ... 1116973965 M * tbenita Ah I just see that I forgot to update grub.conf ;) 1116973970 M * Bertl but you are talking about 'folders' and yet you are using IPROOT=? 1116974041 M * tbenita For my vserver zopeplone , I have a folder /etc/vservers/zopeplone that contains apps fstab interfaces name run run.rev uts vdir 1116974069 M * Bertl so in this case you do not want the IPROOT anyways, no? 1116974081 M * tbenita when I start my vserver it looks like /etc/vservers/zopeplone.conf is not used 1116974089 M * Bertl you put the network config in interfaces 1116974124 A * tbenita used to like the old monolytic config file :-( 1116974134 M * Bertl you basically have to decide if you want to use old (legacy) config or the newstyle (tree) config, you can not mix it for one server 1116974199 M * tbenita ok it works fine now, without the folder ! 1116974358 M * Bertl and you should update kernel and tools sooner or later 1116974450 M * tbenita thanks Bertl ; is there a place where this new configuration model is documented ? 1116974470 M * Bertl yup, it's the flower page ;) 1116974505 M * Bertl main page, 3rd line in Documentation ... 1116974540 M * Bertl http://www.nongnu.org/util-vserver/doc/conf/configuration.html 1116974638 M * tbenita pretty css :)) 1116974663 M * Bertl actually it's more than one ;) 1116974671 M * tbenita lol 1116974796 M * tbenita verry interesting content thanks :) 1116975004 M * Bertl you're welcome! 1116975395 N * monski monrad 1116975403 Q * rs Quit: rs 1116975550 Q * tbenita Quit: Leaving 1116975617 M * Bertl okay folks, have a good night! 1116975626 N * Bertl Bertl_zZ 1116976580 M * FaUl n8 bertl 1116976592 M * FaUl hmm, a little bit to late :-) 1116976601 M * FaUl anyway, illgo to bed, too 1116976935 J * rs ~rs@imhotep.rhapsodyk.net 1116977289 J * brc bruce@200165178001.user.veloxzone.com.br 1116977588 P * terr