1117756839 M * Bertl and that was? 1117756866 M * Bertl how am I supposed to 'guess' your vserver config? 1117756930 M * Bertl I can tell you so much, it's probably wrong ;) 1117756958 M * terr ip=172.83.0.100 prefix=16 dev=eth0.2 1117756977 M * Bertl yup, wrong, remove the prefix and the dev, add nodev 1117757025 M * terr I'll try, just a minute... 1117757278 M * terr Not much better and note that I had tried that (nodev) last week already... 1117757279 M * Aiken finally got it built 1117757304 M * Bertl terr: why don't you try the ping example first? 1117757321 M * Bertl if that fails, your setup is still different, no? 1117757347 M * terr But now the "RTNETLINK" errors appear when running the "routing" script, not when starting the vserver. 1117757393 M * terr From phony.harfang.homelinux.org (172.83.0.100) icmp_seq=1 Destination Host Unreachable 1117757410 M * Bertl what was the ping command? 1117757426 M * terr ping phony 1117757459 M * terr # ip route ls 1117757459 M * Bertl did I do that in my examples? 1117757473 M * terr default via 192.168.107.20 dev eth0.4 1117757482 M * terr (and nothing else!) 1117757560 M * Bertl look, you're constantly messing with routing entries and such .. it will not work if you have default routes and various ip alternatives, you have to create a very sensible and precise setup ... if you want to simulate this non-linux setup 1117757672 M * Bertl start with a simple setup until you understand the routing details here ... 1117757695 M * Bertl first, remove all routes, rules and interface configs 1117757716 M * Bertl then just configure an eth0.x with specific source dependant routing 1117757774 M * terr May I just say something (maybe sensible)? 1117757781 M * Bertl no problem ... 1117757837 M * terr The above is my I would say "regular link" between the workstation I'm typing this on now, and the my gateway to the Internet. 1117757881 M * terr Nothing to do with the vserver which is supposed to be on eth0.2 1117757926 M * terr I just notice that after changing the prefix from "24" to "16" for the vserver, 1117757963 M * terr the route weren't set up anymore as they were when there was the prefix mistake. 1117758036 M * Bertl you might 'suppose' a vserver to 'be' on eth0.2, but, as long as you do not use ngnet, the vserver will _never_ 'be' on _any_ interface. period. 1117758086 M * Bertl further, it seems you are assuming that eth0.x and eth0.y are different from the host/guest perspective, which they really aren't 1117758124 M * terr I assumed the first, not the second. 1117758137 M * Bertl third, what might 'look' natural to you (from a routing perspective) is absolutely against how linux does it .. so you have to be tricky ... 1117758169 M * Bertl does it work, yes (just recreate my example with two qemu instances) 1117758212 M * Bertl will you get it working by turning a few knobs and trial-error? not very likely ... 1117758282 M * Bertl you have to get everything right to make this setup work, the slightest error or deviation and it will not work .. why? because it basically circumvents the routing system inherent to linux 1117758289 M * terr So is it possible to summarize (or point me somewhere where it is explained) the difference between "natural" and "how linux does it"? 1117758325 M * Bertl hehe, well, I did write a few postings which _tried_ to explain this ... 1117758358 M * Bertl but I give you a simple example which might show the complexity of your setup 1117758393 M * Bertl look at the output of 'ip rule ls' and tell me what the first column could be ... 1117758451 M * terr Priorities if I understood what I've read from the manual. 1117758488 M * Bertl well, yes if you consider that 0 is highest or first ... (I'd personally call it sequence number) 1117758501 M * Bertl (or simply order of rules) 1117758525 M * Bertl now what do you see in the first line? 1117758547 M * terr "from all lookup local" 1117758570 M * Bertl so that means, any routing decision first looks into the local table ... 1117758578 M * terr (the kernel-maintained table, not to be messed with) Right? 1117758603 M * Bertl yep, you can change it a little, but you can not use it for your purposes 1117758619 M * Bertl whenever you 'assign' an ip on your host 1117758627 M * Bertl (doesn't matter which interface) 1117758640 M * Bertl you will get an entry in the 'local' table 1117758676 M * Bertl now, whenever a routing decision is to be made (new packet for example), the host first looks at the local table 1117758706 M * terr Which will contain? 1117758708 M * Bertl if it finds the 'destination' there, the routing is done, the lo interface will be used and the packet it looped back 1117758733 M * Bertl this happens _regardless_ of all your routing setups ;) 1117758764 M * terr I understand but, how is my entry there? From the vserver config? 1117758781 M * Bertl what is 'your' entry? 1117758814 M * terr I mean, the "destination" I would like to routed somewhere else. 1117758863 M * Bertl if you do 'ifconfig eth0.2 10.0.0.1' and 'ifconfig eth0.3 10.1.0.1' then the local table will contain a bunch of entries for that 1117758896 M * Bertl if you remove those entries, which is actually possible, then you will not be able to bind those IPs ;) 1117758948 M * terr So (1) they *must* be there (?) 1117758989 M * terr and (2) if they are there, the packets go through lo (?) 1117759005 M * Bertl yup, that's how linux networking is designed ... 1117759038 M * Bertl with the to-from mapping I did in my example, this can be circumvented ... 1117759057 M * terr So that's why you had said the setup is "funny" and "not very useful"? 1117759059 M * Bertl but you still have to make sure that the routing you use is precisely defined ... 1117759082 M * Bertl terr: yes, it just doesn't make sense from the linux perspective ... 1117759117 M * terr Does is make sense from another (any other) perspective? 1117759149 M * Bertl if you have a router (or actually separate hosts) then it probably makes sense 1117759246 M * badiane hello bertl 1117759249 M * badiane http://pastebin.com/294302 1117759273 M * badiane while there's a routing conversation going on 1117759286 M * Bertl ;) 1117759298 M * terr Yes, this I hopefully would assume correctly (DMZ--FW--Local) but I had thought it could be mimicked 1117759318 M * Bertl terr: it can, see example ;) 1117759344 M * terr the same way vserver mimicks a system for a running web server... 1117759365 M * badiane and this is the host http://pastebin.com/294304 1117759443 M * badiane this is a ping from the vserver http://pastebin.com/294305 1117759444 M * Bertl okay? 1117759449 M * terr Yes, but is it the "same" kind of abstraction from the real environment, or a workaround the "way" it is done? 1117759465 M * badiane the 192.168.0.103 is the ip on the eth0 on the host 1117759470 M * badiane the vservers are on eth1 1117759488 M * badiane from the vproxy I can ping the address on eth0 192.168.0.103 1117759494 M * badiane but i can't seem to ping 1117759518 M * terr Bertl: Bottom line: Does "NGnet" change *something* to this problem? 1117759518 M * badiane the other address @ the other end of the eth0 interface which is 192.168.0.1 1117759557 M * Bertl badiane: same reason (i.e. backlog of an hour ;) 1117759580 M * Bertl terr: yes, ngnet changes everything, because it virtualizes routing ... 1117759589 M * badiane hold on I have to go downstairs 1117759594 M * badiane will be back 1117759654 M * terr So if I use ngnet, the setup can become useful (even if it stays funny ;-) ? 1117759716 M * Bertl again, define useful ;) 1117759758 M * Bertl it has already become useful, in showing how complicated it is to get it right ;) 1117759789 M * terr Useful == Behaving like two physically separate subnets (the same way 2 vservers mimick 2 separate dedicated servers). 1117759871 M * Bertl assumed that ngnet is complete (and working) the config there will be similar to separate hosts, sending packets to the network (different vlans maybe) 1117759985 M * terr And these virtually separate hosts could be one on the DMZ subnet and the other, well, somewhere else (?) 1117760050 M * badiane I'm back 1117760055 M * Bertl terr: ngnet is based on mapping virtual network devices to real ones 1117760094 M * Bertl because eth0.x (although a vlan interface) looks to the host like a real one, it can be used for the mapping 1117760094 M * badiane bertl, I didn't get the backlog mention earlier 1117760141 M * terr One goal is to achieve the same level of isolation between v-subnets as exists between v-servers? 1117760148 M * badiane ok I have to take my earlier statement back 1117760151 M * Bertl badiane: well, as you observed, we had a longer discussion about 'how' linux networking works ... this basically contains the information 'why' the behaviour you see is expected ;) 1117760198 M * badiane I understand it to a decent degree 1117760228 M * terr (Which was my original assumption/hope). 1117760246 M * badiane what I would like to do is be able to do 1117760265 M * Bertl badiane: SNAT ;) 1117760267 M * badiane is set routing tables for each subnet 1117760282 M * badiane I just turned off all firewalling 1117760292 M * badiane and I could ping the other ip 1117760307 M * badiane I'm using shorewall on the host 1117760313 M * badiane :-) 1117760315 M * Bertl fine for you ;) 1117760405 M * Bertl folks, I have a bad headache ... and I'm off to bed now ... we can talk about routing stuff tomorrow ... 1117760406 M * badiane I don't seem to be able to dnat to the vserver without first explicitly allowing traffic to the fw which is the eth0 (the host) and that's not supposed to be 1117760414 M * terr Bertl: So am I right in assuming that ngnet will achieve the same level of isolation between v-subnets as exists between v-servers? 1117760418 M * badiane ok later 1117760431 M * Bertl but I'd advise to have a deep look at the archived knowledge (on linux-vserver.org) 1117760438 J * eXplasm2 explasm@p549FF9DB.dip.t-dialin.net 1117760443 M * terr And then "Good night"! 1117760456 M * Bertl precisely! good night everyone! ;) 1117760463 N * Bertl Bertl_zZ 1117760482 M * terr Bye. 1117760486 P * terr 1117760878 Q * eXplasm Ping timeout: 480 seconds 1117764258 Q * romke Quit: brb 1117764905 J * romke ~romke@procyon.romke.net 1117765546 Q * monrad Quit: Leaving 1117766341 Q * hwarrier Quit: 1117768374 J * Aiken_ ~james@tooax8-250.dialup.optusnet.com.au 1117768699 Q * Aiken Ping timeout: 480 seconds 1117770752 Q * romke Quit: ^? 1117771761 Q * Aiken_ Quit: Leaving 1117771936 J * romke ~romke@procyon.romke.net 1117772561 J * Aiken ~james@tooax8-250.dialup.optusnet.com.au 1117773709 Q * enum Quit: Leaving 1117773805 J * enum ~enum@ip-207-145-127-226.lax.megapath.net 1117773881 M * enum yo, any ever compiled vserver on a gentoo amd64 system? 1117773886 M * enum er util-vserver 1117775995 Q * enum Quit: Leaving 1117776322 N * Doener|gone Doener 1117776329 M * Doener morning folks! 1117777447 Q * mef Quit: Leaving 1117778520 Q * mugwump Quit: Stupid linux online FS resizing b0rked 1117778915 J * mugwump ~samv@210-54-92-184.ipnets.xtra.co.nz 1117779841 Q * mugwump Quit: rebooting vserver 1117779884 J * mugwump ~samv@210-54-92-184.ipnets.xtra.co.nz 1117783736 M * DaPhreak morning Doener ;P 1117786175 M * Pazzo morning folks! 1117786262 M * Pazzo I'm running Debian Sarge (host- and vhost-side) with 2.6.11.11-vs2.0-rc3, utils 0.30.207, initstyle plain - if root runs "reboot" inside a vserver the vserver stops but doesn't come back - any idea? 1117786290 M * Doener IIRC Bertl had a hack for that, but no clean solution yet... 1117786329 M * Doener AFAICT it falls into the same category as the hanging reboot helper... 1117786383 M * Pazzo hmmm... *grrr* 1117786725 M * Aiken I wonder if that lot is related to what I was finding today 1117786754 M * Aiken vserver betty stop followed by a vshelper poweroff or restart sitting there doing nothing 1117786807 M * Doener http://archives.linux-vserver.org/200505/0085.html 1117787242 J * Aiken_ ~james@tooax6-110.dialup.optusnet.com.au 1117787485 M * Aiken_ cool 1117787502 M * Aiken_ I added poweroff and halt 1117787560 Q * Aiken Ping timeout: 480 seconds 1117787602 N * Aiken_ Aiken 1117787697 M * Doener hm, actually only shutdown should be necessary... if you use poweroff, that may break stopping the vserver from the inside 1117787802 M * Aiken I used /etc/vserver/betty/apps/init/runlevel.stop to make it use runlevel 0 when shutting down instead of 6 1117787813 M * Aiken and noticed it was using vshelper poweroff 1117788016 M * Pazzo Doener: any idea where to dig for the reboot problem? is this debian-related or is every vserver unable to reboot itself? 1117788531 M * Doener no idea, i'm 99% lost in the bash scripts of util-vserver 1117788533 J * erwan_taf ~erwan@81.80.43.67 1117788564 M * Aiken is it all bash script? 1117788852 J * DuckMaster ~duckx@195.75.27.158 1117788968 M * DaPhreak mostly Aiken 1117788986 M * DaPhreak some parts are also c and c++ 1117788989 M * Doener got to go now... back later 1117788993 N * Doener Doener|gone 1117789176 M * Aiken I know about the C bits, ran into problems them with linux headers I had installed until 9 hours ago 1117789382 M * Aiken from my poking around today I knew some of the scripting was bash 1117792175 J * Aiken_ ~james@tooax6-110.dialup.optusnet.com.au 1117792604 Q * Aiken Ping timeout: 480 seconds 1117794635 N * Bertl_zZ Bertl 1117794670 M * Bertl morning folks! 1117794712 Q * Vudumen Ping timeout: 480 seconds 1117794715 M * Pazzo moin Bertl! 1117794730 M * Bertl hey Pazzo! 1117794739 M * Pazzo ;-p one short question to wake up: 1117794741 M * Bertl regarding the reboot issues, you have to ask enrico ;) 1117794749 M * Pazzo :( 1117794752 M * Pazzo workaround? 1117794761 M * Pazzo enriiiiicoooo!? 1117794766 M * Bertl yeah, we did one, just as a proof of concept 1117794797 M * Pazzo maybe you have some url for me? irc log? day? 1117794832 M * Bertl sec 1117794832 Q * erwan_taf Read error: Connection reset by peer 1117794868 M * Bertl http://vserver.13thfloor.at/Experimental/vshelper-hack-01.diff 1117794893 M * Bertl requires the vwait (from same dir) to be compiled and installed in /tmp/ 1117794921 M * Pazzo *brrr* 1117794930 J * erwan_taf ~erwan@81.80.43.67 1117795029 M * DaPhreak morning Bertl .. ;) Pazzo .. erwan_taf ;) 1117795046 M * erwan_taf hey DaCa 1117795049 M * erwan_taf hey DaPhreak 1117795094 M * Pazzo hi DaPhreak! 1117795107 M * DaPhreak Bertl: pipe-logging is now working fine ... syslog-ng in the guest was starting again and "blocked" the pipe (or modified or whatever) .. so the syslog-ng on the host had troubles .. removed it completly (on the guest) and is now working fine :) 1117795122 M * Pazzo Bertl: hehe... I'll choose another path - debian cleans up /tmp at every boot :-) 1117795138 M * Bertl DaPhreak: thought something like that would happen ... 1117795314 J * Vudumen vudumen@perverz.hu 1117795329 M * FaUl re 1117795350 M * Bertl welcome Vudumen! wb FaUl! 1117795414 M * Aiken_ Bertl after this mornings fun with the headers I have vserver running now 1117795500 M * Bertl excellent! 1117795668 M * Aiken_ that was the worst the changes with userspace + kernel headers has bitten me, since 2.2 I have always used the raw headers with glibs 1117795693 M * Aiken_ grabbed the sanitized headers that lfs now uses and util-verser compiled and works :) 1117795719 M * Aiken_ I like the hardcpu limit 1117795857 M * Bertl yeah, I'd prefer it too if the kernel headers would be clean ... 1117796083 Q * matti Ping timeout: 480 seconds 1117796108 J * matti matti@linux.gentoo.pl 1117797681 M * albeiro http://weblogs.java.net/blog/kirillcool/archive/2005/05/the_real_story.html 1117797683 M * albeiro rotfl 1117799715 M * Vudumen hi Bertl 1117800124 Q * Aiken_ Quit: Leaving 1117800137 J * pflanze ~chris@62.12.148.70 1117800144 M * pflanze Hello 1117800158 M * Bertl welcome pflanze! 1117800356 M * pflanze Does vserver 2 provide precise stopping of having-gone-wild vservers now? (atomic sigstop or whatever) 1117800435 M * Bertl there is a vkill 1117800459 M * pflanze in kernel space? 1117800462 M * Bertl and doing the following sequence should stop everything: 1117800467 M * Bertl (yes in kernel space) 1117800488 M * Bertl sched_pause, vkill, vkill 1, ~sched_paus 1117800563 M * pflanze I'm thinking about implementing some daemon which stops vservers which don't behave nicely. 1117800592 M * pflanze Assuming something like that doesn't exist already. 1117800637 M * Bertl yeah, an userspace admin daemon would be a good thing ... already mentioned that several times 1117800658 M * Bertl such a daemon could do the start/stop/reboot and config updates in realtime ... 1117800690 M * pflanze So I'll probably write that soon. 1117800734 M * pflanze Currently I'm still unsure about whether to use kernel 2.4 (vserver 1.2) or 2.6 (vserver 2) 1117800766 M * pflanze The recent vulnerabilities in 2.6 driving me towards 2.4 quite strongly. 1117800858 M * Bertl hmm, IIRC we had the same vulnerabilities in 2.4, no? 1117800867 M * pflanze The only reason to use 2.6 would be the better scheduler, but with ulimit -u 1000 2.4 works well enough if the daemon can stop a badly behaving vserver - not sure if he could with vserver 1.2 though. 1117800926 M * pflanze Same vulnerabilities? There have been discouvered two in 2.6 within a week or so, 2 weeks ago. 1117800983 A * pflanze checks 1117801015 P * erwan_taf Leaving 1117801297 Q * Hollow Remote host closed the connection 1117801454 Q * DaCa Ping timeout: 480 seconds 1117801475 M * pflanze (I don't know where to look really without taking me much time. I thought, 2.6 has about twice as many holes discovered per time frame than 2.4, if not more.) 1117801552 M * Bertl all 'holes' have been silently fixed in 2.4 too AFAIR 1117801629 J * Hollow ~Hollow@home.xnull.de 1117802154 M * pflanze where 'all' is something between 0 and 100 percent, I suppose 1117802186 M * pflanze but I don't want to nitpick, I don't know better. 1117803618 M * pflanze Is there a page summarizing the differences between vserver 1.2 and 1.9/2.0 ? 1117803645 M * Bertl yes, but it is not up-to-date 1117803673 M * Bertl http://linux-vserver.org/Release+FAQ 1117803703 M * pflanze The feature matrix? 1117803708 M * Bertl yup 1117803711 M * pflanze I'll update it if you tell me what's missing. 1117803739 J * robig ~robig_m@envoppp84.envia-tel.de 1117803741 M * Bertl looking at it right now ... 1117803753 M * Bertl s/at/into/ 1117804279 M * Bertl okay, updated the freature matrix 1117804409 M * robig hi 1117804425 M * Bertl hey robig! 1117804463 M * robig i vergot how to mount a tmpfs into a vserver, can u repeat? 1117804552 M * Bertl it's usually done by default (depending on entries in /etc/vservers//fstab 1117805033 M * pflanze Thanks Bertl. 1117805070 M * Bertl my pleasure! 1117805449 Q * Vudumen Ping timeout: 480 seconds 1117805509 M * robig writing it to fstab will need a reboot of the vserver, right? 1117805521 M * pflanze robig: yes 1117805631 J * Vudumen vudumen@perverz.hu 1117805946 Q * eXplasm2 Quit: Verlassend 1117806101 J * prae ~prae@ezoffice.mandriva.com 1117806208 J * rs ~rs@staff.lycos.fr 1117806320 M * pflanze Bertl: I can spend about two days on such a daemon. What I want is protection against malicious vserver users, a) fork bombs (but, I don't know, maybe vserver 2 already protects enough with cpu bucket and scheduler tweaks?), b) check against filling disks (I'd like to use reiserfs, and so don't have vserver quotas, thus my current idea is to periodically run lsof in ctx 1 and stop ververs which are writing huge files quickly). 1117806347 M * pflanze Additionally, I'd like to measure cpu/disk usage of all vservers to calculate payment. 1117806392 M * Bertl pflanze: hmm, why should the vserver dlimits not work with reiser? 1117806420 M * pflanze hm, I thought it was an ext2/3 only patch. 1117806428 M * pflanze All the better if I'm wrong. 1117806444 M * Bertl dlimits are an integral part of 2.0 1117806458 M * pflanze Maybe it was vserver quotas? (I meant disklimit, yes) 1117806461 M * Bertl if you find that they do not work on reiser, please let me know 1117806468 M * pflanze fine!:) 1117806479 M * pflanze What about the fork bomb issue? 1117806489 M * pflanze And measurements. 1117806497 M * Bertl block I/O is accounted, as are the ticks for each context, you might use that for your calculations 1117806528 M * Bertl there is no fork-bandwidth limit yet, but you might check and add that 1117806609 M * pflanze So you think that's better solved in the kernel? 1117806635 M * Bertl long-term yes 1117806652 M * Bertl for now, a policy daemon is probably the best 1117806727 M * pflanze I've done several projects in C, but I'm much more fluent in perl, and considering it is a temporary solution I'm tending towards using perl. 1117806757 M * pflanze But maybe I'm missing c libraries for things like resolving ctx ids? 1117806834 M * Bertl well, you can make use of the util-vserver libs for that 1117806847 M * pflanze I'll check them. 1117807587 M * robig writing it to fstab doesnt work 1117807610 M * robig ive done it from the host system before.. 1117807675 Q * Psy0rz Ping timeout: 480 seconds 1117807825 M * Bertl robig: well, there are two options: a) you provide your config and what you are trying to accomplis, or b) look through the irc logs ... 1117807989 Q * rs Quit: rs 1117808080 Q * Pazzo Ping timeout: 480 seconds 1117808183 J * rs ~rs@staff.lycos.fr 1117808670 J * DaCa ~danny@mail.limehouse.org 1117808695 M * Vudumen Bertl: did you rebooted the machine and it booted up well or didn't tried it? :) 1117808758 M * Bertl didn't get around doing it yet .. no new kernel 1117808769 M * Bertl wb rs! DaCa! 1117808979 J * Pazzo ~Pazzo@host130-250.pool8172.interbusiness.it 1117809212 M * pflanze I thought, NGNET was not coming in 2.0 (but would be postponed to 2.1), but now it's in the kernel config of rc3? 1117809232 Q * matti Quit: 8-X 1117809241 M * pflanze ah, that's the old one?. 1117809317 M * Bertl well, it's a negated selection ... 1117809392 M * pflanze yes. That's why I was surprised it's "on by default" (negation is off by default), but I didn't understand it's about the *old* chbind networking. 1117809441 M * pflanze what's hard cpu limit? The section in the Paper is empty. 1117809509 M * Bertl it's limiting the available cpu resources for a context 1117809519 M * pflanze ah. 1117809578 M * pflanze for the whole context; I guess it's being set by a config file from alpha utils 1117809611 M * Bertl yes, or via the userspace tools 1117809701 A * pflanze added a small note on http://linux-vserver.org/Linux-VServer-Paper-14 1117809874 M * Bertl k 1117809986 Q * nox Quit: leaving 1117810985 M * robig there was some tool what executes the mount of the tmpfs from the real host for me 1117811030 M * pflanze robig: the alpha utils automatically mount tmpfs if it's in the /etc/vservers/*/..somewhere../fstab 1117811047 M * pflanze (upon vserver start) 1117811082 M * robig :) i found the file :) 1117811087 M * pflanze (/etc/vservers/x/fstab it is) 1117811107 M * robig the path is relative to the vserver? 1117811129 M * pflanze hm. This is the absolute path on the *host*. 1117811191 M * pflanze Inside the vserver, you should have a basically empty /etc/fstab, or something like: 1117811199 M * pflanze /dev/hdv1 / ext2 defaults 1 1 1117811208 M * Bertl that's the mtab ;) 1117811227 M * pflanze all the better. (it's also my fstab for whatever reason) 1117811233 M * robig if the vserver root dir is in /raid/vservers/vs1 the path would be /raid/vservers/vs1/home/www-data/tmpfs for example 1117811281 M * Bertl http://www.nongnu.org/util-vserver/doc/conf/configuration.html 1117811284 M * pflanze ah, nope, relative to veserver root yes. 1117811313 M * pflanze you didn't say what you meant with "the path", robig :) 1117811568 M * robig :) thanks 1117811595 M * robig it seems to work :) 1117811831 M * robig bye 1117811837 Q * robig Quit: Miranda IM! Smaller, Faster, Easier. http://miranda-im.org 1117812063 M * pflanze I assume it's ok to use util-vserver-0.30 (stable, as opposed to the alpha versions of the alpha utils :) 1117812081 M * pflanze with 2.0pre 1117812087 M * Bertl it's okay, but you will 'just' get the 1.2 features 1117812098 M * Bertl (it's called legacy mode ;) 1117812126 M * pflanze sure? I'm talking about util-vserver, not vserver-util? 1117812144 M * Bertl no idea what vserver-util is ... 1117812152 M * Bertl I'm talking about enricos userspace tools 1117812164 M * pflanze (or vserver-utils or whatever the very old utils were called) 1117812186 M * Bertl util-vserver-0.30 is about a year old 1117812210 M * Bertl util-vserver-0.30.207 is current (for 2.0 features) 1117812340 M * pflanze ok 1117813682 Q * DuckMaster Quit: Leaving 1117814345 J * Doener` ~doener@p548746C3.dip.t-dialin.net 1117814364 T * services.oftc.net http://linux-vserver.org/ | latest stable 1.2.10, devel 1.9.5, 2.0-rc3, ng9.5 -- He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) 1117814784 Q * Doener|gone Ping timeout: 480 seconds 1117815117 M * Doener` evening folks! 1117815137 A * Doener` .oO( what a timing... ) 1117815195 M * Bertl evening Doener`! 1117816178 Q * alexx Ping timeout: 480 seconds 1117816376 J * alexx ~alexx@82.225.136.176 1117817569 M * FaUl hey doener 1117817623 M * FaUl Bertl: how much work has do be done til vserver-2.0? 1117817664 M * FaUl is there any way to support you? maybe testing? 1117817666 M * Bertl depends on enrico, and if he is 'planning' to release tools 1117817682 M * Bertl testing is always good ... 1117817922 Q * prae Quit: Client exiting 1117818042 M * FaUl so your part of 2.0 is ready right now 1117818043 M * FaUl ? 1117818077 M * Bertl basically yes ... 1117818157 M * FaUl fine 1117818188 M * Bertl indeed! 1117818399 Q * alexx Quit: Bye 1117818464 Q * DaCa Ping timeout: 480 seconds 1117818660 J * shuri sjnesjd@64.235.209.226 1117818663 M * shuri hello 1117818667 M * Bertl hey shuri! 1117818671 M * shuri hy Bertl 1117818690 M * shuri hey Bertl is it possible to change to root directory of only one vserver? 1117818731 M * Bertl huh? 1117818731 M * shuri with latest stable 1117818756 M * shuri for exemple for vserverx001 the root will be /vservers 1117818776 M * shuri for vserver002 /vserver2/vserver002... 1117818793 M * shuri i got no more space left on /vservers :( 1117818811 M * Bertl mount --bind is your friend ;) 1117818830 M * shuri ok 1117818842 M * shuri but not way to do this in the conf? 1117818859 M * Bertl there are options for that, but it doesn't work very well 1117818867 M * shuri strange 1117818874 M * shuri why is it so hard to do? 1117818901 M * Bertl you're asking the wrong person ... 1117818907 M * shuri i see 1117818908 M * shuri :) 1117818933 M * shuri thx for the mount -bind trick 1117818942 M * Bertl my pleasure! 1117818971 M * shuri could be a nice feature from the conf file.. 1117819237 J * monrad ~monrad@0x535b06c0.ronxx3.adsl-dhcp.tele.dk 1117819768 J * eXplasm explasm@p549FF9DB.dip.t-dialin.net 1117819812 Q * monrad Quit: Leaving 1117819920 Q * rs Quit: rs 1117820759 J * DaCa ~danny@mail.limehouse.org 1117821498 J * alexx ~alexx@82.225.136.176 1117823821 J * monrad ~monrad@213083190130.sonofon.dk 1117824737 J * jkl_ eric@c-67-173-254-242.hsd1.co.comcast.net 1117824791 M * jkl_ what provides is_vserver_guest ? somehow it's missing all of the sudden 1117824841 M * Bertl huh? 1117824860 M * DaPhreak jkl_: are you using gentoo ? 1117824862 M * jkl_ i had my vserver starting and stopping just fine 1117824863 M * jkl_ yes 1117824891 M * jkl_ then it started going nuts and can't find is_vserver_guest, and its complaining about filesystem errors 1117824893 M * jkl_ :( 1117824928 M * DaPhreak you probably see this complains if you're starting/stopping a vserver, right ? 1117824933 M * jkl_ yes 1117824975 M * DaPhreak so could you please put an rc-update -s form your vserver on pastebin / similar ? 1117825022 M * jkl_ pastebin? 1117825056 M * DaPhreak yeah .. http://pastebin.com ;) 1117825061 M * DaPhreak or in a querywindow 1117825094 M * jkl_ do you want the rc-update -s from the host or from within the vserver? 1117825146 M * DaPhreak within the vserver please :) since the error comes from a vserver 1117825209 Q * cryo Ping timeout: 480 seconds 1117825214 M * jkl_ sent it as my nic handle 1117825223 J * cryo ~say@212.86.243.154 1117825246 M * FaUl hmm, is nongnu,org down 1117825276 M * DaPhreak also pastebin (for me) 1117825297 M * Bertl FaUl: seems so :/ 1117825504 M * jkl_ ^[[32;01m*^[[0m Remounting root filesystem read-only (if necessary) ... 1117825504 M * jkl_ ^[[A^[[95C ^[[34;01m[ ^[[31;01m!!^[[34;01m ]^[[0m 1117825504 M * jkl_ ^[[32;01m*^[[0m Checking root filesystem ... 1117825505 M * jkl_ fsck.ext3: No such file or directory while trying to open /dev/ROOT^M 1117825505 M * jkl_ The superblock could not be read or does not describe a correct ext2 1117825507 M * jkl_ filesystem. If the device is valid and it really contains an ext2 1117825507 M * jkl_ filesystem (and not swap or ufs or something else), then the superblock 1117825510 M * jkl_ is corrupt, and you might try running e2fsck with an alternate superblock: 1117825510 M * jkl_ e2fsck -b 8193 1117825512 M * jkl_ ^[[31;01m*^[[0m Filesystem couldn't be fixed :( 1117825512 M * jkl_ ^[[A^[[95C ^[[34;01m[ ^[[31;01m!!^[[34;01m ]^[[0m 1117825514 M * jkl_ Give root password for maintenance 1117825514 M * jkl_ (or type Control-D to continue): 1117825516 M * jkl_ Login incorrect. 1117825516 M * jkl_ Give root password for maintenance 1117825518 M * jkl_ (or type Control-D to continue): 1117825518 M * jkl_ ^[[32;01m*^[[0m Unmounting filesystems 1117825520 M * jkl_ ^[[32;01m*^[[0m Rebooting 1117825520 M * jkl_ ^[[32;01m*^[[0m Remounting root filesystem read/write ... 1117825522 M * jkl_ ^[[31;01m*^[[0m Root filesystem could not be mounted read/write :( 1117825522 M * jkl_ ^[[A^[[95C ^[[34;01m[ ^[[31;01m!!^[[34;01m ]^[[0m 1117825524 M * jkl_ Give root password for maintenance 1117825524 M * jkl_ (or type Control-D to continue): 1117825526 M * jkl_ ^[[32;01m*^[[0m Setting hostname to localhost ... 1117825526 M * jkl_ ^[[A^[[95C ^[[34;01m[ ^[[32;01mok^[[34;01m ]^[[0m 1117825528 M * jkl_ ^[[32;01m*^[[0m Starting metalog ... 1117825528 M * jkl_ ^[[A^[[95C ^[[34;01m[ ^[[32;01mok^[[34;01m ]^[[0m 1117825530 M * jkl_ i figured that would happen 1117825543 M * Bertl cool, folks will love you! ;) 1117825598 M * pflanze jkl_: don't paste output with color sequences! 1117825611 M * jkl_ sorry guys, that was a my bad 1117825612 M * pflanze ;) 1117825983 M * albeiro rotfl 1117825995 M * albeiro looks like dump of your mind 1117827502 J * matti matti@rivendell.lexx.eu.org 1117828979 M * pflanze Hmmm: on http://linux-vserver.org/alpha+util-vserver : "* all affected vservers must be stopped; else symlink attacks are possible" 1117828982 J * indiox ~cpereira@200.179.22.105 1117828993 M * pflanze that doesn't make any sense to me, why should stopping them help? 1117829003 P * indiox 1117829026 M * Bertl context? 1117829070 M * pflanze I thought it was talking about symlinks that point outside of the vserver subtree. 1117829086 M * pflanze How does context come into play here? 1117829094 M * pflanze (if you mean, ctx id) 1117829101 M * Bertl in what context was this said? ;) 1117829105 M * pflanze ah 1117829108 M * pflanze hehe 1117829124 M * pflanze # lsattr -R 2>/dev/null /vservers | grep -- '----i------t-' | cut -d ' ' -f 2 | xargs setattr --iunlink 1117829134 M * pflanze " Obviously, these commands are not very reliable: " then the above line 1117829150 M * pflanze (5th last line on the page) 1117829211 M * Bertl hmm, I guess I will not get around reading it ;) 1117829236 M * pflanze np, I'll add a note 1117829289 M * Bertl ah, okay, got it 1117829314 M * Bertl well, if a vserver is running, and you have a daemon waiting there for some immutable file to become mutable ... 1117829325 M * Bertl (so this requires the guests to be stopped) 1117829419 M * pflanze you mean a daemon inside a vserver, right? -- but the above is only setting --iunlink and afterwards the vserver will be started again, so.. ? 1117829443 M * pflanze Maybe I don't get what setattr is doing. 1117829505 M * pflanze ah the race between --iunlink and chattr -t ?. 1117829532 M * Bertl no, I guess what he actually meant here is that a symlink _inside_ the guest could do evil, when it's pointing outside the guest (when doing those commands on the host) 1117829558 M * pflanze yep that's what I understood as well -- but the symlinks will be there after shutting them down, still 1117829607 M * Bertl yes, but nobody can _create_ them while the pipe is running ;) 1117829607 M * pflanze (One should do a find -type f -print0 |xargs -0 lsattr ... instead for this.) 1117829616 M * pflanze yes true. 1117829893 A * pflanze added a note to that page. 1117829969 M * Bertl not so important to mention that, we get a notification on wiki changes ;) 1117829998 M * Bertl (nevertheless feel free to do so ;) 1117830002 M * pflanze k :) 1117833753 M * Bertl okay, back later ... 1117833759 N * Bertl Bertl_oO 1117833853 Q * pflanze Quit: night 1117833939 J * rs ~rs@imhotep.rhapsodyk.net 1117834199 J * terr ~gilles@ip-213-49-114-75.dsl.scarlet.be 1117839414 J * brc bruce@201008077213.user.veloxzone.com.br 1117839807 M * romke i'm trying to forward some ports to vserver guest without success - anyone can help? iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp -d --dport 2022 -j DNAT --to-destination 172.17.1.3:22 1117840693 M * romke generally I want map host port 2022 into one guest port 22