1119226099 J * mugwump ~sv@203.110.29.22
1119226145 Q * mugwump Quit: 
1119226180 J * mugwump ~sv@203.110.29.22
1119226207 M * mugwump heh, largest NZ ISP just lost half of North Island due to a single cut fibre
1119226300 M * Bertl evening, and what a pity ...
1119226356 A * mugwump shrugs
1119226360 M * mugwump I still have a connection :)
1119226372 A * mugwump connects through the NZ wireless underdog
1119226552 J * shuri shuri@64.235.209.226
1119226883 M * Bertl evening shuri!
1119227275 Q * _are_ Ping timeout: 480 seconds
1119227287 J * _are_ ~are@dsl-084-056-146-139.arcor-ip.net
1119227301 M * shuri evening Bert
1119227970 Q * shuri Remote host closed the connection
1119230178 Q * tchan Quit: leaving
1119230985 J * tchan ~tchan@c-24-13-81-164.hsd1.il.comcast.net
1119233022 M * neofutur VServer 2.0 will be only for 2.6 kernels ?
1119233096 M * Bertl yep
1119233196 M * neofutur ;(
1119233297 Q * p Quit: leaving
1119233308 M * neofutur there's no patch for 2.
1119233324 M * neofutur 2.4.31 on http://www.13thfloor.at/vserver/s_release/v1.2.10/ ?
1119233343 M * Bertl because the older patches still apply
1119233383 M * Bertl (or don#t they?)
1119233460 M * neofutur so http://www.13thfloor.at/vserver/s_release/v1.2.10/patch-2.4.30-vs1.2.10.diff is ok for 2.4.31 ?
1119233483 M * Bertl should be, if you ahve any rejects or succeeds with fuzz, please let me know
1119234290 M * neofutur ok
1119234312 M * neofutur should I apply it before or after grsec patch ?
1119234323 M * Bertl instead :)
1119234334 M * Bertl there are special patches if you want both ...
1119234336 M * neofutur the 2 cant be there ?
1119234348 M * neofutur ok where are patches for both ?
1119234370 M * Bertl ahve a look at the linux-vserver.org wiki, there are links to _all_ folks providing such patches
1119234379 M * Bertl (there are quite some)
1119234427 M * neofutur a grsec search on http://linux-vserver.org/ gives nothing ;(
1119234445 M * Bertl sec
1119234486 M * Bertl http://linux-vserver.org/?action=find&find=grsec
1119234497 M * Bertl http://linux-vserver.org/Tools+and+patches
1119234604 M * neofutur i hadn't found the link for ?action=find
1119234609 M * neofutur thanks
1119234619 M * Bertl it's the search form at the bootom :)
1119236209 M * neofutur http://linux-vserver.org/Tools+and+patches
1119236218 M * neofutur need a link in the main page nop ?
1119236300 M * Bertl nope, see Downloads: *  Tools and patches (including userspace tools)
1119236394 M * neofutur yes
1119236398 M * neofutur sorry ;)
1119236406 M * Bertl np
1119237229 Q * Alissa Read error: Connection reset by peer
1119237259 J * Alissa`Umount ali@151.81.3.199
1119237259 N * Alissa`Umount Alissa
1119237680 Q * badiane Remote host closed the connection
1119238923 J * Doener` ~doener@p54874883.dip.t-dialin.net
1119239350 Q * Doener_zZz Ping timeout: 480 seconds
1119241034 J * eXplasm explasm@p549F7EC2.dip.t-dialin.net
1119242352 Q * Alissa Read error: Connection reset by peer
1119242369 J * Alissa ali@151.81.3.199
1119242513 Q * eXplasm Quit: Verlassend
1119244472 N * eyck Eyck
1119244990 M * Eyck Bertl: what about vs1.2.11?
1119245005 M * Bertl hmm .. still pending ...
1119245018 M * Eyck ok.
1119245090 P * wolli Kopete 0.9.2 : http://kopete.kde.org
1119245516 M * FaUl moni
1119245520 M * FaUl moin even
1119245524 M * Bertl morning!
1119247328 M * DaPhreak morning Bertl, Eyck, FaUl :)
1119247369 M * FaUl morning DaPhreak 
1119247383 M * FaUl i'll go to school, bye
1119247384 M * FaUl  :-)
1119247392 M * DaPhreak cul FaUl ;)
1119247396 M * Bertl morning DaPhreak!
1119247433 M * DaPhreak morning Bertl! ;)
1119247443 M * DaPhreak how was the LinuxTag 2005 ?
1119247456 M * DaPhreak especially your speech ?
1119247475 M * Bertl hmm?
1119247507 M * DaPhreak didn't have a speech there ?
1119247519 M * DaPhreak s/have/had
1119247530 M * Bertl a) the LT starts at 23rd or 24th IIRC
1119247549 M * Bertl b) I canceled the workshop there ..
1119247561 M * DaPhreak ah :)
1119248477 M * Eyck morning DaPhreak
1119248488 J * erwan_ho ~erwan@konilope.dyndns.org
1119248519 Q * erwan_ho Remote host closed the connection
1119249357 M * Bertl okay, off to bed now .. cya later ...
1119249362 N * Bertl Bertl_zZ
1119250416 Q * _are_ Quit: bbl
1119250721 N * Doener` Doener
1119250731 M * Doener morning folks!
1119251887 M * DaPhreak morning Doener 
1119251919 M * Doener ah, there he is! ;)
1119252062 M * DaPhreak yeah *g*
1119252076 M * Doener argh, mysql drives me crazy...
1119252091 M * DaPhreak heh .. iptables drives me crazy ...
1119252115 M * DaPhreak since i told him to open up port 22, but port 22 isn't opened
1119252125 M * Doener i got some table where i need a key on a text column that has rows with german umlauts
1119252166 M * Doener now if i use a utf8 collation, mysql treats, for example, ö and o as equal. this does not work for me
1119252181 M * DaPhreak heh, yeah bit of bad ;)
1119252216 M * Doener if i use a latin1 german collation, mysql distinguishes between ö and o, but when i want to create a unique key now, it says duplicate key "blabla"
1119252257 M * Doener if i then search for a prefix(!) of "blabla", i get a single row in the result
1119252290 M * Doener (where "blabla" is some kind of path, i.e. a prefix search should give me a lot of results...
1119252329 M * Doener eek, forget the search, actually i didn't search on the path field, but some combination thing
1119252347 M * Doener but if there were only one row, it shouldn't complain wrt the unique key...
1119252426 Q * monrad Quit: Leaving
1119252481 M * Eyck drop mysql
1119252504 M * DaPhreak heh, yeah use db2 *ducks* and shoot yourself in the knee ;)
1119252519 M * DaPhreak naah .. only joking :)
1119252544 M * Doener ah, now it's the equality between ß and ss (though i still don't know why the previous search didn't work then...)
1119252573 M * Doener if it was for myself, i'd go for postgres, but it isn't...
1119254395 M * maharaja good morning everyone
1119254418 M * maharaja still wondering about "setgpid not allowed" issues
1119254443 M * maharaja mhm - setgpid not permitted is the right error msg
1119254468 J * _are_ ~are@gateway-dsl.lihas.de
1119254784 J * prae ~prae@ezoffice.mandriva.com
1119254843 M * Doener maharaja: where does that show up?
1119255407 M * id brb
1119255825 J * stephen-^ ~stephen@user-2774.l6.c5.dsl.pol.co.uk
1119255841 M * stephen-^ hey all
1119255855 M * stephen-^ how do I impose a cpu limit on a vserver but still allow it to burst?
1119256140 Q * Aiken Quit: Leaving
1119256230 M * Doener stephen-^: http://archives.linux-vserver.org/200410/0209.html should get you started
1119256236 M * stephen-^ thanks
1119256245 J * rs ~rs@ATuileries-153-1-32-89.w82-123.abo.wanadoo.fr
1119256255 M * Doener welcome rs
1119256265 M * rs hi there
1119256390 M * Doener rs: are those strange zombies still showing up?
1119256417 M * rs yeah I guess so, the new kernel isn't in place yet
1119256451 M * stephen-^ Doener: do you have any idea how I would convert those ticks / 'jiffies' into real CPU power? say for example I wanted to give a vserver 500mhz of processing power
1119256714 M * Doener rs: ok
1119256756 M * Doener stephen-^: somewhere later in that thread, there's some example how to convert to %cpu
1119256767 M * stephen-^ yeah I got it :)
1119256769 M * stephen-^ thanks dude
1119256777 M * Doener you're welcome
1119257072 M * stephen-^ hmm, where do I get the 'vcontext' program from?
1119257080 M * stephen-^ I can't find it on the system and util-vserver is installed
1119257326 M * Doener are you on 2.6?
1119257335 M * stephen-^ 2.4
1119257337 M * prae neofutur: ah oui :)
1119257356 M * prae DaPhreak: my dear, are you here ?  :)
1119257367 M * neofutur prae: ;)
1119257367 M * Doener ah ok, the 2.4 versions don't have this feature
1119257372 M * stephen-^ oh crap :P
1119257377 M * DaPhreak yeah prae, i'm here ;)
1119257412 M * prae DaPhreak:  :o)
1119257421 M * stephen-^ is 2.6 stable (enough) for production?
1119257432 M * prae DaPhreak: all is ok with your new repository ?  :)
1119257479 M * Doener we're near to a 2.0 release, current is 2.0-rc4. several folks are using this and earlier versions in production
1119257487 M * stephen-^ ah right
1119257520 M * prae neofutur: I present 'you, DaPhreak. DaPhreak is a current maintainer for vs+grsec patch for 2.6.x
1119257578 M * Doener ok, off now, back in the evening... cya folks!
1119257582 N * Doener Doener|gone
1119257583 M * DaPhreak cya Doener ...
1119259290 Q * TheSeer Quit: Client exiting
1119259858 J * TheSeer ~theseer@border.office.salesemotion.net
1119261761 M * neofutur Hi DaPhreak 
1119261772 M * DaPhreak morning neofutur 
1119261787 M * neofutur i will _try_ to maintain a 2.4 grsec+vserver rpm for mandrake
1119261828 A * neofutur will surely need much help . . .
1119261865 M * DaPhreak heh .. 2.4 *ugs*
1119262403 M * Eyck 2.4 rocks.
1119262705 M * DaPhreak yeah sure :)
1119262711 M * DaPhreak but its a bit old ;)
1119262852 M * Eyck old? only at 2.4.31
1119262871 M * Eyck I've got friends running 2.0.x 
1119263063 J * BWare ~bware@office.intouch.net
1119263091 J * eXplasm explasm@p549F7EC2.dip.t-dialin.net
1119263498 M * DaPhreak Eyck: on newer hardware or on older one ?
1119263623 M * Eyck DePhreak: newer then what?
1119263740 M * DaPhreak no idea .. :)
1119263757 M * DaPhreak btw. Eyck whats about vserver patches for 2.4.31 ?
1119264309 Q * rs Quit: rs
1119265321 M * Eyck DaPhreak: vs1.2.10.11 ?
1119267142 M * stephen-^ hmm, I'm trying to install a centos4 guest via yum but I'm getting this error during install:
1119267143 M * stephen-^ public key not available for filesystem-2.3.0-1.i386.rpm
1119267152 M * stephen-^ how do I disable public key checking?
1119267767 M * stephen-^ any ideas guys?
1119267780 M * stephen-^ I've set 'gpgcheck' to 0 but it's still stopping with that error
1119268154 M * daniel_hozac did you set gpgcheck to 0 in all the repo files as well as yum.conf?
1119268473 M * stephen-^ yeah just trying that now
1119268555 M * daniel_hozac but why don't you just add the keys instead?
1119268623 M * stephen-^ isn't there an individual key for all the packages?
1119268689 M * daniel_hozac i don't know. i haven't used CentOS.
1119268720 M * stephen-^ to be honest right now all I want to do is get it working, I can worry about security once I actually know it works :P
1119269834 M * DaPhreak Eyck: yeah .. that one for 2.4.31 ;) don't know the exact version ;)
1119270122 M * stephen-^ hmm, how do I change a vserver's IP / hostname once it's been created?
1119270219 N * ArnY[AwaY] ArnY
1119270252 M * daniel_hozac edit the files in /etc/vservers/<vserver name> appropriately.
1119270295 M * stephen-^ yeah done that, but when I start the vserver it doesn't bind the IP address to the vserver
1119270301 M * stephen-^ it just brings up eth0:hostname
1119270463 Q * eXplasm Remote host closed the connection
1119270704 J * eXplasm explasm@p549F7EC2.dip.t-dialin.net
1119270832 M * stephen-^ ah actually... I've edited /etc/vservers/<vserver>/interfaces/0/ip but it's still using the old value
1119270836 M * stephen-^ is there another config file somewhere?
1119270925 M * ArnY try this: shutdown your vserver, ifconfig down the interface, restart the vserver
1119270934 J * rs ~rs@ATuileries-153-1-7-18.w82-123.abo.wanadoo.fr
1119270952 M * ArnY i mean the ethX:alias interface
1119270989 M * stephen-^ ArnY: done that, but it seems the alias is started with even 'ifconfig eth0 up'
1119270991 M * stephen-^ the alias is: eth0:doma
1119271082 M * ArnY and if you do a ifconfig eth0:doma down does it bring down the alias?
1119271120 M * stephen-^ it says
1119271120 M * stephen-^ SIOCSIFFLAGS: Cannot assign requested address
1119271506 M * stephen-^ a reboot fixed it :)
1119271581 M * stephen-^ uh, ok next problem - in my guest, yum isn't installed, and it won't let me install it either - it gives this error: 
1119271581 M * stephen-^ Config Error: Insufficient repository configuration. No repositories Found/Enabled. Aborting.
1119271594 M * stephen-^ I'm using vyum from the master server
1119271713 J * sepp ~|Rogue@port-212-202-71-232.dynamic.qsc.de
1119271715 M * sepp hi
1119271720 M * stephen-^ hu sepp
1119271721 M * stephen-^ gi*
1119271723 M * stephen-^ hi*
1119271724 M * stephen-^ even
1119271756 M * sepp what is the equivalent of onboot=yes in the new 1.9/2.x config ?
1119271829 M * id look @ /etc/init.d/vservers-default
1119271838 M * id you have to set marks in the config
1119271845 M * id to autostart them
1119271852 M * sepp ok thx
1119271903 M * sepp pretty easy when you know where to look :)
1119271928 M * id ;)
1119273979 Q * sepp Quit: ... hone
1119274515 J * sukria ~sukria@213.223.184.201
1119274760 Q * Alissa Read error: Connection reset by peer
1119274770 J * Alissa ali@151.81.3.199
1119275377 P * sukria See you later
1119277710 J * hiaslboy ~matthias@164.Red-83-52-224.pooles.rima-tde.net
1119278105 M * stephen-^ hmm, I'm trying to use vcontext to limit CPU resources for a vserver... but when I enter the command, it reports this:
1119278106 Q * rs Read error: Connection reset by peer
1119278106 M * stephen-^ vcontext: execvp("500"): No such file or directory
1119278116 M * stephen-^ any ideas why? (500 is the vserver's context)
1119278181 M * _are_ what does the command line look like?
1119278202 M * stephen-^ I'll paste it:
1119278202 M * stephen-^ vcontext --create 500 -- \
1119278202 M * stephen-^    vsched --fill-rate 30 \
1119278202 M * stephen-^           --interval 100 \
1119278202 M * stephen-^           --tokens 100 \
1119278202 M * stephen-^           --tokens_min 30 \
1119278204 M * stephen-^           --tokens_max 200 \
1119278204 M * stephen-^            --cpu_mask 0
1119278230 M * _are_ oh, try vcontext --create --xid 500 ....
1119278244 M * _are_ if you indeed crete it only then, else drop the --create
1119278252 M * stephen-^ it's already running
1119278262 M * _are_ drop the --create then, I'd say
1119278305 J * rs ~rs@ATuileries-153-1-7-18.w82-123.abo.wanadoo.fr
1119278513 M * stephen-^ still getting vcontext: execvp("500"): No such file or directory
1119278618 M * _are_ you added the --xid in front of the 500?
1119278846 M * stephen-^ now I'm getting this
1119278846 M * stephen-^ vc_set_sched(): Operation not permitted
1119278917 M * _are_ well, now it is a vsched problem and I never worked with that one. in some similar case I was told I should use vnamespace, but I am no expert in that section of vserver
1119279483 J * hiaslboy2 ~matthias@164.Red-83-52-224.pooles.rima-tde.net
1119279522 Q * hiaslboy2 Quit: 
1119281620 M * micah hi all
1119282599 M * micah when did s_context appear in /proc/self/status?
1119283250 Q * rs Ping timeout: 480 seconds
1119283855 Q * eXplasm Ping timeout: 480 seconds
1119284119 J * rs ~rs@Laubervilliers-151-13-4-57.w82-127.abo.wanadoo.fr
1119284482 N * Bertl_zZ Bertl
1119284501 M * Bertl morning folks!
1119284526 M * Bertl micah: hmm, ever since I can remember ... why?
1119284560 M * Bertl stephen-^: you cannot configure the scheduler from _inside_ a context
1119284634 M * micah Bertl: because I think the debian 2.6.8 patch that we made does not have it
1119284654 M * micah Bertl: but the debian newvserver script of ola's looks for it in creating new vservers ;P
1119284721 M * stephen-^ Bertl: I'm not inside it, I'm running from the master server
1119284743 M * Bertl yes, but the vcontext puts you _inside_ (partially) ...
1119284789 M * stephen-^ ah, so how would you suggest I set it up?
1119284792 M * micah there is VxID however
1119284840 M * stephen-^ I get this output:
1119284840 M * stephen-^ New security context is 49164
1119284840 M * stephen-^ vcontext: execvp("500"): No such file or directory
1119284848 M * stephen-^ 500 is the vserver's contextID
1119284980 M * Bertl that is because you got the commands wrong, the command created a dynamic context and wonders about the 500 (because it treis to execute it as command)
1119285007 M * stephen-^ ah
1119285015 M * stephen-^ shall I paste the commands?
1119285093 M * Bertl no, give me a second, I make a 'demo' command for you
1119285093 M * Bertl (I can see your commands in the history :)
1119285142 M * stephen-^ ah ok =)
1119285144 M * stephen-^ thanks
1119285231 M * Bertl vcontext --xid 501 --create -- vsched --xid 501 --fill-rate 10 -- vcontext --migrate-self --endsetup -- sleep 100 &
1119285323 M * stephen-^ yeah it's hanging on the console - does that apply CPU limits to the vserver?
1119285345 M * stephen-^ I want to restrict the CPU available to certain vservers
1119285352 M * TheSeer Bertl: can you explain to me what the .rpmdb directory is used for?
1119285374 M * TheSeer Bertl: the /var/lib/rpm is symlinked to that dir in the root folder but i don't see any reason for that..
1119285396 N * kevinp|gone kevinp
1119285408 M * Bertl TheSeer: it is used for external package management ...
1119285414 M * Bertl welcome kevinp!
1119285424 M * TheSeer Bertl: that's what i believed.. but it's wrong
1119285427 M * kevinp howdy!  long time no chat!
1119285433 M * TheSeer at least the rpmdb in there is pretty much empty
1119285451 M * TheSeer and out of "sync" to the vrpm <host> -- -qa result
1119285488 M * kevinp I think enrico is still working on that
1119285503 M * TheSeer so what do i do?
1119285511 M * TheSeer copy the "vrpm"-rpmdb over?
1119285516 M * TheSeer hardlink it?
1119285544 M * TheSeer bad idea for a directory though ;>
1119285583 M * stephen-^ Bertl: any ideas?
1119285593 M * kevinp which package management option do you want? internal or external (host based)?
1119285618 M * TheSeer kevinp: well.. i use vapt-get / vrpm usually
1119285629 M * TheSeer but i have that vserver as a build-box
1119285647 M * Bertl (probably means internal then?)
1119285647 M * TheSeer so i need the rpmdb in there to be correct anyway
1119285670 M * TheSeer so in a way, i'd like both ;>
1119285681 M * TheSeer and if the db would be shared it should work (
1119285698 M * TheSeer i'd like to use rpmbuild  *in* the vserver
1119285707 M * kevinp TheSeer: Have you read this ML posting yet? http://list.linux-vserver.org/archive/vserver/msg09694.html
1119285719 M * TheSeer while using vrpm /vapt-get to update/install packages for the server
1119285722 M * micah Bertl: could I be viewing /proc/self/status incorrectly?
1119285729 M * TheSeer kevinp: checking..
1119285754 M * Bertl micah: yeah, possible, what do you do?
1119285771 M * kevinp I believe that is the last explaination we got from enrico
1119285778 M * micah Bertl: cat /proc/self/status |grep s_context
1119285783 M * micah Bertl: from the host
1119285824 M * Bertl should give: s_context: 0
1119285836 M * micah yeah, there is no s_context at all
1119285876 M * stephen-^ Bertl?
1119285893 M * TheSeer kevinp: looks promising..
1119285898 M * TheSeer will try it..
1119286104 M * micah Bertl: ah! this requires CONFIG_VSERVER_LEGACY to be enabled?
1119286116 M * Bertl micah: yes
1119286136 M * micah Bertl: I thought that was only needed if you had legacy configs
1119286140 M * TheSeer kevinp: okay.. seems to work ;>
1119286155 M * TheSeer kevinp: looks like one cannot have boith ;>
1119286273 M * micah Bertl: if I am correct, s_context was deprecated then? Was it replaced by VxID?
1119286429 M * Bertl yup, that's for the non-legacy mode ...
1119286519 M * micah Bertl: huh, ok so these tools should be searching s_context *or* VxID
1119286535 M * Bertl well, they should not exist at all :)
1119286539 M * Bertl (the tools :)
1119286549 M * stephen-^ Bertl, do you have a suggestion please?
1119286557 M * micah Bertl: I was wondering that actually
1119286570 M * micah Bertl: the debian tools you mean
1119286589 M * micah they seem like a duplication of the enrico tools
1119286589 M * Bertl stephen-^: hmm, didn't my example work for you?
1119286600 M * Bertl micah: yes exactly
1119286625 M * Bertl I asked Ola to remove them and isntead add patches to util-vserver
1119286639 M * Bertl especially as the tool create _broken_ and _outdated_ configs
1119286652 M * stephen-^ Bertl: I want to restrict the CPU available to certain vservers, but the xid you used (501) isn't a valid vserver, the ID of the vserver I want the restrictions placed on is 500
1119286660 M * Bertl micah: get a lot of things regarding the _barrier_ wrong ...
1119286665 M * micah yeah
1119286668 M * micah I was noticing that
1119286729 M * micah yet they exist and they are confusing people :P
1119286736 M * Bertl stephen-^: change all 501 to 500 but if you want to configure an existing one, you would use:
1119286748 M * Bertl vsched --xid 501 --fill-rate 10
1119286754 M * Bertl without the vcontext stuff ...
1119286758 M * stephen-^ ahh
1119286763 M * Bertl (my example _creates_ a context)
1119286788 M * Bertl stephen-^: you can check the settings in /proc/virtual/<xid>/sched then
1119286815 M * stephen-^ thanks :-)
1119286820 M * Bertl micah: if you see any way to convince ola .. pleas go ahead ... we'll add it to the hall of fame later ;)
1119286821 M * stephen-^ what does fill-rate do?
1119286848 M * Bertl the token bucket scheduler has basically 4 parameters, you know how a token bucket works?
1119286886 M * albeiro morning !
1119286889 M * albeiro evenind !
1119286890 M * Bertl stephen-^: http://www.paul.sladen.org/vserver/archives/200410/0210.html
1119286894 M * Bertl albeiro: hey!
1119286896 M * albeiro eveninG ;)
1119286913 M * albeiro whatever, still a bit twisted ;p
1119287007 M * albeiro grrr, jiffies, kernel folks and their customs
1119287068 M * micah what am I missing in this build command? vserver eggplant build -m debootstrap -- -d sarge -- --exclude=$REMOVE_PACKAGES --hostname backup --interface 69.20.14.190 --netmask 255.255.255.128 --netdev eth0
1119287077 M * micah it just returns not building anything
1119287098 M * Bertl the proper sequence of commands/arguments :)
1119287116 M * Bertl the vserver commands look like this:
1119287159 M * Bertl <tool> [<command>] <options> -- [<prog>] <arguments>
1119287174 M * Bertl so you actually want something like:
1119287212 M * Bertl vserver eggplant build -m debootstrap --hostname backup --interface eth0:69.20.14.190/25 -- -d sarge
1119287579 M * micah Bertl: and the -- --exclude=$REMOVE_PACKAGES?
1119287584 M * micah if I put that at the end I get:
1119287595 M * micah E: No such script: /usr/lib/debootstrap/scripts/pppconfig,...,....
1119287602 M * micah (the env variable expanded)
1119287649 M * micah  --exclude should be a flag passed to deboostrap
1119287698 M * Bertl if I udnerstood it right, the -d sarge is an argument to debootstrap too, no?
1119287720 M * Bertl so I'd add the --exclude=$REMOVE_PACKAGES right after the -d sarge
1119287903 M * micah same result
1119287913 M * micah yes, -d sarge is an argument to dbootstrap
1119287932 M * micah vserver eggplant build -m debootstrap --hostname backup --interface eth0:69.20.14.190/25 -- -d sarge --exclude=$REMOVE_PACKAGES
1119287963 M * Bertl looks much better now ...
1119287973 M * micah but I get the same error
1119287983 M * Bertl which is?
1119287999 M * Bertl the no such script error ...
1119288007 M * maharaja re Bertl
1119288013 M * Bertl hey maharaja!
1119288021 M * maharaja Bertl: i've got an     error regarding bash pipes
1119288021 M * micah  /usr/lib/util-vserver/vserver-build: unrecognized option `--exclude=sparc-utils,dhcp-client,lilo,makedev,pcmcia-cs,ppp,'
1119288074 M * Bertl hmm?
1119288088 M * Bertl micah: try with --debug to see what happens
1119288159 M * albeiro get the scale ! http://money.cnn.com/2005/06/17/news/master_card/index.htm?cnn=yes
1119288180 M * micah Bertl: ah! yes there was a problem in the $REMOVE_PACKAGES variable
1119288208 M * micah albeiro: get the scale?
1119288232 M * maharaja Bertl: what happens if you do "echo test|grep e" in a vserver 1.9.5grsec environment?
1119288259 M * Bertl micah: I got one :), but I guess he means the 'effect' or dimension of this hack/breach ...
1119288266 M * albeiro yeah
1119288273 M * micah ah, yes :)
1119288279 M * micah I know many people who have one
1119288293 M * Bertl yeah, but mine is really nice ... sub gram precision
1119288297 M * maharaja i get a:
1119288301 M * maharaja -bash: child setpgid (6516 to 6515): Operation not permitted
1119288301 M * maharaja test
1119288352 M * Bertl maharaja: as I do not use grsec, and most grsec setups are not properly configured/patched, I don't know :)
1119288380 M * micah Bertl: ;)
1119288389 M * maharaja Bertl: it does not happen on the host system
1119288405 M * maharaja but happens in every guest vserver
1119288420 M * Bertl unfortunate grsec setup I'd say ...
1119288439 M * Bertl doesn't happen without grsec here :)
1119288475 M * Bertl but IIRC, somebody was recently attacking grsec policy for vserver ...
1119288484 M * Bertl (you might want to check the irc logs)
1119288498 M * maharaja which vserver version did you try it in?
1119288503 M * albeiro aproximate date ?
1119288512 M * maharaja or is there any strace/ltrace output i can verify the grsec problem?
1119288546 M * Bertl chcontext --secure --xid 666 -- bash -c "echo test|grep e" 
1119288546 M * Bertl New security context is 666
1119288546 M * Bertl test
1119288571 M * Bertl works like a charm on 2.0-rc4,a nd probably does so too on 1.2.10
1119288679 M * micah hm
1119288679 M * micah chbind: vc_set_ipv4root(): Function not implemented
1119288685 M * micah means I didn't compile that in either
1119288701 M * Bertl probably ... looks like msot legacy missing :)
1119288711 M * micah why is legacy needed if I am not using it though?
1119288724 M * micah ah
1119288726 M * micah ngnet
1119288730 M * micah is not here yet :)
1119288745 M * Bertl well, unfortunately most tools use some legacy stuff ...
1119288746 M * micah but I dont need the legacy AP
1119288749 M * micah err, API
1119288754 M * micah or.. maybe I do?
1119288766 M * Bertl check with vserver-stat and vps
1119288786 M * Bertl IIRC they make use of the elgacy api
1119288787 M * maharaja Bertl: no problem if i try this from the host vserver
1119288803 M * maharaja but as soon as i'm inside a guest, the echo/grep stuff produces this error
1119288809 M * maharaja i still get the expected result thou
1119288839 M * Bertl maharaja: could you try with a non grsec patched kernel?
1119288857 M * maharaja unfortunatly, currently no
1119288864 M * maharaja im here via vnc ;)
1119289291 N * Doener|gone Doener
1119289298 M * Doener evening folks!
1119289313 M * Bertl evening Doener!
1119289343 M * Doener hey Bertl! how are you?
1119289350 M * Bertl fine thanks! and you?
1119289488 M * Doener quite fine, been checking out a car that will hopefully be mine soon... the seller has another potential buyer and i got to wait till wednesday to know whether i'll get the car, so i'm a little nervous/excited ;)
1119289585 M * Doener only thing that bothers me, is that is (as usual in the summertime) way too hot in my room...
1119289616 M * Bertl what kind of car?
1119289637 M * Doener http://autoscout24.de/home/index/detail.asp?ts=7558394&id=famlkt1gduo&redir=1
1119289659 A * Bertl can sustain temperatures up to 40 °C if it isn't direct sun exposure ...
1119289699 M * Bertl hmm, nice ...
1119289720 A * Doener starts to look like he was swimming at 35° C, i.e. about start of june ;)
1119290085 J * kjo ~krischan@p5484C3C0.dip.t-dialin.net
1119290122 M * Hollow hey Bertl, Doener 
1119290128 M * Doener evening Hollow 
1119290145 M * Hollow do i need to enable legacy api if i only use the syscall wrapper?
1119290167 M * Doener depends on the actual commands you use ;)
1119290178 M * Hollow just the vserver() command
1119290203 M * Doener vserver() = syscall, VCMD_something = command
1119290219 M * Alissa Hi Bertl =)
1119290220 M * Hollow right... :)
1119290244 M * Hollow so how can i find out which commands need legacy api?
1119290309 M * Doener hm, I'd just check do_vserver() in the kernel sources
1119290512 M * Hollow so i'm safe... ;)
1119291136 M * micah heh, I was just experimenting with disabling the legacy stuff int he kernel
1119291157 M * micah it seems the tools need it sti
1119291228 Q * prae Quit: Execute Order 69 !
1119291233 J * erwan_ho ~erwan@konilope.dyndns.org
1119293286 M * _are_ will anyone in here be at 'linuxtag'?
1119293903 Q * _are_ Quit: bbl
1119294119 J * yarihm ~yarihm@80-218-6-224.dclient.hispeed.ch
1119294138 M * yarihm hi everyone
1119294144 M * Bertl hey yarihm!
1119294275 J * eXplasm explasm@p549F7EC2.dip.t-dialin.net
1119294382 M * Bertl welcome eXplasm!
1119295361 J * Val ~val@v41.ath.cx
1119295370 M * Val hi
1119295377 M * Bertl hey Val!
1119295490 M * Val got now my old 2.4.X-vs1.2.10 system completly migrated to 2.6.X vs2.0-rc4 without using old legacy stuff : all working well
1119295502 M * Bertl great!
1119295513 M * Val very good job guys ;-)
1119295562 M * Val just missing some references about /etc/vserver/<name> configuration options
1119295669 M * Val but i hope 2.0 release will come with more "unified" docs ;-)
1119295693 M * Greek0 search the linux-vserver.org frontpage for "Flower page"
1119295710 M * Val already seen
1119295716 M * Val but not up to date
1119295727 M * Val i'm currently writing a quick howto for debian stable release
1119295767 M * Val i'll publish it on linuxfr page and then do an english version with all comments
1119295895 Q * kjo Ping timeout: 480 seconds
1119296479 Q * eXplasm Remote host closed the connection
1119296921 Q * Hunger uranium.oftc.net quasar.oftc.net
1119297012 J * Hunger Hunger.hu@LevNor.Hu
1119297285 Q * rs Quit: rs
1119297322 M * Hollow Bertl: if i create a context and run bash inside, the original process which created the context is still running inside the context... what's the trick here? ;)
1119297344 M * Bertl hmm, no ...
1119297404 J * _are_ ~are@dsl-084-056-153-152.arcor-ip.net
1119297430 M * Bertl Hollow: you mean the vcontext? or what?
1119297467 M * Hollow Bertl: i mean vc_ctx_create + execvp("/bin/bash")
1119297492 Q * ola Ping timeout: 480 seconds
1119297502 M * Bertl and what do you observer?
1119297511 M * Bertl *observe even
1119297552 M * Hollow bash is running inside the context, and with ps i also see the programm which created the context... like here: http://phpfi.com/66619
1119297600 M * Bertl source code?
1119297624 M * Hollow http://home.xnull.de/work/libvserver/
1119297631 J * monrad ~monrad@213083190130.sonofon.dk
1119297656 M * Hollow test/context.c
1119297790 M * Bertl you're passing argv unmodified
1119297807 M * Bertl so the execed process will be 'called' the same as the original one
1119297842 M * Hollow argh.. right.. should be argv[1] ?
1119297859 M * Bertl well, probably you want to shift them by one at least
1119297864 M * Hollow k
1119299795 J * duckx ~Duck@mna75-1-81-57-39-234.fbx.proxad.net
1119299814 Q * duckx Quit: 
1119300601 Q * erwan_ho Quit: Leaving
1119301631 Q * Val Quit: zZz
1119301793 N * _are_ are|afk
1119303909 J * Alissa`Umount ali@151.81.4.17
1119304081 J * rs ~rs@imhotep.rhapsodyk.net
1119304098 M * Bertl welcome Alissa`Umount! rs!
1119304113 M * Alissa`Umount Bertl =))
1119304140 Q * Alissa Killed (NickServ command used by Alissa`Umount)
1119304142 N * Alissa`Umount Alissa
1119304658 J * Aiken ~james@tooax6-190.dialup.optusnet.com.au
1119304785 M * Bertl welcome Aiken!
1119304802 M * Aiken hello
1119304829 M * Aiken have been playing with the alpha
1119304843 M * Bertl excellent!
1119304846 M * Aiken still have to the 2 tests fail
1119304853 M * Bertl yep, and I know why :)
1119304865 M * Aiken most of the tools are build with dietlibc and I have lockfile built against glibc
1119304875 A * Bertl has been playing with his alpha too :)
1119304895 J * Alissa`Umount ali@151.81.4.17
1119304898 M * Aiken I tried looking but don't know the code but am quite happy to test for you
1119304961 M * Bertl well, it's not fixed yet, and I guess you can ignore it 'somewhat'
1119304998 M * Bertl the issue is, that alpha folks 'think' they ahve to implement some kernel functions in assembler, instead of C, and those functions are missing virtualization yet
1119305036 M * Aiken once I stopped lockfile from segfaulting I had no trouble starting/stopping a vserver
1119305039 Q * Alissa Ping timeout: 480 seconds
1119305040 N * Alissa`Umount Alissa
1119305088 Q * yarihm Quit: Leaving
1119305127 M * Aiken from what I gather is fakeinit allows a process to pretend to be process #1 in a vserver
1119305167 M * Aiken I am wondering if that functionality is not required is there a problem?
1119305186 M * Aiken or does the problem reach further than fakeinit? I am still not sure.
1119305208 M * Bertl this is one of the missing virtualizations ..
1119305312 Q * Alissa Quit: —I-n-v-i-s-i-o-n— 2.0 Build 3515
1119305519 M * stephen-^ Bertl: I've set those CPU limiting restrictions up, but the server's load is still rising - does that mean the restrictions aren't working?
1119305542 M * stephen-^ (it's under load btw)
1119305568 M * Bertl depends .. care to share some details?
1119305612 M * stephen-^ well, I've downloaded the 'stress' program and have run it in the restricted vserver (stress --cpu 15)
1119305618 M * stephen-^ but the load is rising
1119305618 M * stephen-^  22:13:16 up  9:34,  3 users,  load average: 14.37, 7.06, 2.77
1119305623 M * stephen-^ though the console doesn't seem lagged at all
1119305638 M * Vudumen hi allz
1119305639 M * Bertl what about the cpu usage?
1119305647 M * stephen-^ Bertl: how do I view that?
1119305652 M * Bertl top?
1119305665 M * stephen-^ ah, from inside the context you mean
1119305667 M * Vudumen Bertl: do i have to face any problems if i want to install an openvpn to a vserver as the concentrator part of my tunnels?
1119305672 M * Bertl (or vtop from outside)
1119305682 M * stephen-^ lol it's showing as 0.0 :P
1119305687 M * stephen-^ that means it's working I guess
1119305697 M * Bertl Vudumen: hmm, guess not
1119305720 M * stephen-^ aha, no -  I was top'ing from the wrong console
1119305730 M * stephen-^ there are 15 stress processes running with 15% cpu each
1119305731 M * Vudumen fine :) currently i use vserver on some of our production systems :)
1119305777 M * Bertl stephen-^: could you upload the output of 'cat /proc/virtual/<xid>/*' somewhere (e.g. pastebin.com)
1119305791 M * Bertl replace <xid> with your context id ...
1119305820 M * stephen-^ yeah ok 
1119305834 M * stephen-^ pastebin.com seems to be down
1119305840 M * stephen-^ SQL errors
1119305853 M * Bertl well, take one of the 100 other pastebins ...
1119305881 M * stephen-^ I'm not familiar with them, do you have a URL?
1119305888 M * Bertl http://pastebin.ca/
1119305909 M * Bertl http://paste.uni.cc/
1119305947 M * stephen-^ http://paste.uni.cc/7292
1119306030 M * stephen-^ Bertl: is there a specific command I need to restrict the CPU usage to MHz, for example 500MHz ... but the catch is, I'd like to give the vserver some flexibility for bursting
1119306067 M * Bertl restrictions are not done in MHz or something like that, and a burst is easily done
1119306073 M * stephen-^ ah
1119306085 M * stephen-^ is there a way to get the equivelant power of 500mhz?
1119306095 M * stephen-^ in jiffies or whatnot
1119306109 M * Bertl if you know how much power your cpu is equivalent off, yes
1119306117 M * stephen-^ is there a way to find out?
1119306121 M * stephen-^ it's a 2.8GHz
1119306128 M * Bertl probably /proc/cpuinfo :(
1119306135 M * Bertl s/:(/:)/
1119306154 M * stephen-^ bogomips        : 5586.94
1119306156 M * stephen-^ would that be it?
1119306196 M * Bertl well, I guess you consider your CPU as 2800Mhz equiv, no?
1119306213 M * Bertl not that I think this is a good categorization
1119306214 M * stephen-^ yep
1119306253 M * Bertl so a 500Mhz 'equiv' in your terminology would be about 17.9% of the total cpu power, no?
1119306259 M * stephen-^ correct
1119306282 M * Bertl your current setup gives about 30%
1119306303 M * stephen-^ the one I made with vsched?
1119306306 M * Bertl with a burst of 200 tokens
1119306332 M * Bertl if I assume your HZ setting is fixed to 1kHz
1119306336 M * stephen-^ yeah it is
1119306345 M * stephen-^ which vsched argument sets the cpu percentage?
1119306350 M * Bertl then this is equiv to 0.2 seconds of bursting
1119306374 M * stephen-^ and the process gets punished if it goes over that?
1119306383 M * Bertl not without the proper flags set
1119306391 M * Bertl which you are missing (in your setup)
1119306398 M * stephen-^ ah.. what happens if the flags aren't set and it goes over that?
1119306406 M * Bertl nothing :)
1119306410 M * stephen-^ oh :P
1119306416 M * stephen-^ which flags would I need to set?
1119306426 M * Bertl #define VXF_SCHED_HARD          0x00000100
1119306439 M * Bertl for strict limiting (you need to have the ahrd scheduler actived)
1119306446 M * DaCa maharaja: you need to disable kernel.grsecurity.chroot_findtask if you want to allow setpgid
1119306456 M * Bertl stephen-^: (this is done at kernel compile time)
1119306463 M * stephen-^ yeah
1119306464 M * Bertl or #define VXF_SCHED_PRIO          0x00000200
1119306472 M * stephen-^ which file would that be in?
1119306479 M * Bertl which only adjusts priorities according to the setup ...
1119306495 M * Bertl you add either sched_prio or sched_hard to the flags section of your config tree
1119306511 M * Bertl you can verify the setting via the #
1119306512 M * Bertl Flags:  0000000202000010
1119306525 M * stephen-^ so I add "#define VXF_SCHED_HARD          0x00000100" to .config?
1119306531 M * Bertl no
1119306550 M * Bertl you are talking about the kernel config file?
1119306565 M * stephen-^ I need to know where to put the #define line
1119306571 M * stephen-^ which file in the kernel source
1119306573 M * stephen-^ sources*
1119306583 M * Bertl nowhere, I just copied them to show you the numbers ...
1119306588 M * stephen-^ oh
1119306600 M * Bertl they are already part of the kernel header files ...
1119306607 M * stephen-^ so how do I activate them?
1119306607 M * Bertl include/linux/vserver/context.h
1119306631 M * Bertl as I said, you add sched_hard or sched_prio as flag to your guest config
1119306639 M * Bertl or you can change them at runtime with
1119306657 M * Bertl the vattribute command
1119306678 M * stephen-^ how would I set them as a flag in the config?
1119306746 M * stephen-^ trying the vattribute command:
1119306746 M * stephen-^ [root@vs1 /]# vattribute --xid 500 --bcap sched_hard
1119306746 M * stephen-^ Unknown bcap 'sched_hard'
1119306769 M * Bertl echo "sched_hard" >/etc/vservers/hansi/flags
1119306778 M * Bertl it's a cflag not a ccap
1119306797 M * Bertl and the bcaps are soemthing different anyway :)
1119306799 M * stephen-^ vattribute: unrecognized option `--cflag'
1119306820 M * Bertl try --flag (see vattribute --help)
1119306864 M * stephen-^ \o/ it's working!
1119306919 M * stephen-^ hehe... the vserver is lagging badly but the host is flying :)
1119306922 M * stephen-^ thanks Bertl!
1119306932 M * Bertl you're welcome!
1119306992 M * stephen-^ another thing... which arg of vsched sets the percent of CPU a vserver can have?
1119307072 M * Bertl long term, it's the ratio of intervall and fillrate
1119307100 M * stephen-^ mm... thing is, I have no idea how to use those 2 variables :P I really need a conversion into cpu % or mhz
1119307143 M * stephen-^ could you give me an indication as to how they compare? for example fillrate of 10 and interval 10 == 10% CP@U
1119307146 M * stephen-^ CPU*
1119307150 M * stephen-^ or something like that
1119307188 M * Bertl you should get an idea first, do you know what a token bucket is?
1119307210 M * stephen-^ not really
1119307301 M * Bertl http://linux-vserver.org/Scheduler+Parameters
1119307357 M * stephen-^ thanks :)
1119307360 M * stephen-^ nn all
1119307362 N * stephen-^ steve|bed
1119307466 M * Bertl night steve|bed!
1119307619 M * Aiken a newer strace shows a better trace
1119307709 M * Aiken I have a bit more sensible strace from setattr than I did the other day
1119308184 M * Bertl has anybody a good C++ online reference?
1119308204 M * Aiken should setattr -x --~hide /proc/loadavg hide loadavg from the host?
1119308238 M * Bertl no, it unhides it everywhere
1119308239 M * Aiken I had one setatter that worked, one that would not work and another that hides it from the host
1119308695 M * Bertl what do you want to do?
1119308696 M * Aiken bertl I forget, does setattr compiled against glibc work for you?
1119308709 M * Bertl hmm, sec
1119308738 M * Aiken I was trying setattr -x --~hide /proc/loadavg on the host followed by showattr to see it it worked
1119309234 M * Bertl http://vserver.13thfloor.at/Experimental/TOOLS/vxid-0.02.tar.bz2
1119309251 M * Bertl please compile this tool and give the following commands a try:
1119309264 M * Bertl ./vxid /proc/uptime
1119309275 M * Bertl ./vxid -i /proc/uptime
1119309289 M * Bertl ./vxid -f 1 /proc/uptime
1119309305 M * Bertl ./vxid -i -f 1 /proc/uptime
1119309316 M * Bertl and let me know the output including all messages
1119309572 M * Aiken http://paste.uni.cc/7294
1119309712 M * Bertl interesting ...
1119309735 M * Bertl ah, my fault, sec ...
1119309840 M * Aiken I have been trying glibc 2.3.5 and dietlibc 0.29
1119309930 M * Aiken glad I reinstalled ccache
1119309942 M * Bertl hehe
1119310396 J * jdgiguere ~geom@Toronto-HSE-ppp3772603.sympatico.ca
1119310404 M * Bertl welcome jdgiguere!
1119310416 M * jdgiguere hi Bertl 
1119310537 M * jdgiguere Is there a place where I can find the signification of an error code of the testme.sh script ?
1119310553 M * Bertl hmm, which one?
1119310590 M * jdgiguere 011
1119310689 M * jdgiguere the command executed is : "chcontext --secure --ctx $UXID mknod $tmpdir/node c 0 0"
1119310695 M * Bertl means that your capability system is not working
1119310832 M * Bertl Aiken: http://vserver.13thfloor.at/Experimental/TOOLS/vxid-0.03.tar.bz2
1119310843 M * Bertl please try this version
1119311160 M * Bertl jdgiguere: maybe you can describe your setup a little?
1119311176 M * Bertl jdgiguere: i.e. arch, tools, config ...
1119311249 M * jdgiguere Bertl: I miss a step at kernel configuration, I'm checking if a can load appropriate module, if I have to compile it or recompile my kernel...
1119311279 M * Aiken finally guessed the letters in the yellow box      http://paste.uni.cc/7295
1119311324 M * Bertl Aiken: okay, that looks quite fine, and the interface is working
1119311347 M * Bertl if the userspace tools do not work properly, I'd check again with the dietlibc version
1119311366 M * Aiken I am compiling a different dietlibc version now
1119311377 M * Aiken had tried 0.29, now trying 0.25
1119311386 M * jdgiguere Bertl: I pass the test after inserting the capability module
1119311408 M * Bertl jdgiguere: how did you manage to build it as module?
1119311434 M * jdgiguere by default it was built as module I suppose...
1119311438 M * Bertl ansi
1119311443 M * Bertl oops*
1119311460 A * jdgiguere should check his kernel configuration
1119311483 M * Bertl you are probably using an older version, but I can't tell without more info ...
1119311557 M * jdgiguere Bertl: I have CONFIG_SECURITY_CAPABILITIES=m in my kernel
1119311576 M * jdgiguere I just have to load the capability module at startup
1119311635 M * Bertl kernel/vserver/Kconfig
1119311638 M * Bertl config  VSERVER_SECURITY
1119311641 M * Bertl         bool
1119311644 M * Bertl         select SECURITY_CAPABILITIES
1119311656 M * Bertl so it should not be possible to make it a module :)
1119311676 M * Bertl (this is the Kconfig from vs2.0-rc4)
1119311974 M * jdgiguere Bertl: where did you get this version ?
1119311995 M * Bertl an interesting question ...