1124841601 J * Doener ~doener@p54876ED1.dip.t-dialin.net 1124842045 P * Rob_ Leaving 1124847179 Q * keyser_soze Quit: Abandonando 1124848900 M * mnemoc Bertl: CC=gcc on make, does the difference 1124848925 M * mnemoc Bertl: no clue way 1124848934 M * mnemoc why* 1124849018 M * mnemoc Bertl: i found why, diet -Os gcc vs. gcc 1124849417 M * Bertl ah, so you basically disable dietlibc ... 1124849475 M * mnemoc disabling dietlibc support on configure? 1124849505 M * Bertl no, I mean, 'You' are disabling it (with the CC=gcc) 1124849517 M * Bertl as in, you should not do that :) 1124849532 M * mnemoc is dietlibc mandatory? 1124849625 M * Bertl it is _very_ suggested because of security issues 1124849635 M * mnemoc :) 1124849916 Q * Vudumen Ping timeout: 480 seconds 1124849997 M * mnemoc --disable-dietlibc worked.... (for non-dietlibc builds) now i'll try removing make arguments instead 1124850371 M * mnemoc worked to, now i'm happy :) 1124850441 M * Bertl excellent, please could you follow up your email with a short explanation (for the archives)? 1124850872 M * mnemoc Bertl: sure 1124850910 M * Bertl TIA, I'm pretty sure you will not be the last hitting this issue ... 1124851617 M * mnemoc sent 1124851624 M * Bertl thanks again! 1124851656 M * mnemoc thanks you :) 1124851668 M * Bertl you're welcome! :) 1124851881 M * mnemoc i'll bother you again later, when i get Sheba (my grsec/vserver server distribution-wannabe) more finished 1124851918 M * Bertl np, I'm always interested in good support on the distro side ... 1124852349 J * Vudumen vudumen@perverz.hu 1124853879 M * Bertl off to bed now ... back later ... 1124853896 N * Bertl Bertl_zZ 1124856629 J * lilo_ ~lilo@lilo.usercloak.oftc.net 1124856760 Q * lilo Ping timeout: 480 seconds 1124858135 J * Aiken_ ~james@tooax6-181.dialup.optusnet.com.au 1124858463 Q * Aiken Ping timeout: 480 seconds 1124865998 Q * mountie Ping timeout: 480 seconds 1124867584 J * revenger_ ~joe@bulldog.infosys.de 1124867977 Q * revenger Ping timeout: 481 seconds 1124868708 J * peet ~peet@217.170.94.110 1124868805 M * peet hello 2all. Can anybody help with vattribute & bcaps? 1124869637 A * peet . o O (I'll be fool for more than one minute... :)) 1124869644 Q * peet Quit: õÈÏÖÕ Ñ ÏÔ ×ÁÓ 1124872404 P * anonymousc adios 1124872531 J * comdata ~mertins@mx01.scheller.de 1124872715 M * comdata hello 1124872737 M * comdata still trying to compile 2.6.13-rc6 with the latest patches 1124873247 J * DuckMaster ~duckx@195.75.27.158 1124874233 A * comdata is away: waiting for Bertl 1124874591 J * martin ~multiplex@pc70-c512.uibk.ac.at 1124875132 P * fobi 1124875594 J * stephenM ~stephen@user-831.l6.c5.dsl.pol.co.uk 1124876449 Q * Hunger Remote host closed the connection 1124876490 J * Hunger Hunger.hu@Hunger.hu 1124877183 J * Neubix ~brian@p54B075D0.dip.t-dialin.net 1124877193 M * Neubix Hi all 1124877213 M * Neubix Medivh: you are alive ? 1124877873 M * Neubix :-( snief 1124879768 Q * obi Ping timeout: 480 seconds 1124879790 J * obi ~obi@asus.saftware.de 1124881256 J * revenger ~joe@bulldog.infosys.de 1124881442 Q * revenger_ Read error: Operation timed out 1124882368 J * dsoul_ darksoul@vice.ii.uj.edu.pl 1124882485 Q * dsoul Ping timeout: 480 seconds 1124882618 N * dsoul_ dsoul 1124884493 Q * Aiken_ Quit: Leaving 1124885272 N * Bertl_zZ Bertl 1124885293 M * Bertl morning folks! 1124885318 M * Bertl comdata: ping! 1124886239 M * Neubix Hi Bertl :) 1124886248 M * Neubix morning ??? 1124886263 M * Neubix you have a life !!!! 1124886267 M * Bertl hey Neubix! just got up half an hour ago :) 1124886305 M * Neubix working hard and sleep hard too *smile* 1124886426 M * Neubix last 2 Days I have create a guest image with a LAMP-Confixx installation an a Script that ask for "hostname" IP and domain .. The guest Image will configured automatic .. running well :) 1124886482 M * Neubix but I need Medivh for the network modification 1124886492 M * Bertl cool, is it available, free software? 1124886517 M * Bertl Neubix: did you try to reach him via email? 1124886539 M * Neubix yes .. but I must ask SW-Soft .. confixx is not free 1124886550 M * Neubix emal .. no .. you have the address? 1124886566 M * Neubix oh, I see 1124886597 M * Neubix I think this is not the Email .. 1124886741 M * Neubix bertl: can you send me Medives Email address ? my is kai@neubix.de 1124886897 M * Bertl http://freshmeat.net/~Medivh/ 1124886924 M * Neubix thany 1124886927 M * Neubix thanx 1124887300 J * keyser_soze ~cimarron@200-55-65-102.dsl.prima.net.ar 1124887836 M * Bertl welcome keyser_soze! 1124888014 J * menomc ~amery@200.75.27.72 1124888022 Q * mnemoc Read error: Operation timed out 1124888028 M * Bertl welcome menomc! 1124888263 M * martin hello bertl... can you spare some minutes for me again please :) 1124888651 M * martin after upgrading kernel2.4.19+vs1.2+ctx to kernel2.6+vs2.0 last week the uid.gid of all files inside the vserers changed... ie. before the owner was something like 1001.1001 and now it's 67108864.1275068416.... the old and new kernel both have been compiled with the uid24/gid24 option.... do you have any idea, i even don't know if this is related to vserver or if something else has gone wrong 1124889161 M * Bertl hey martin! 1124889197 M * Bertl martin: maybe you forgot to use the tagxid (formerly tagctx) option? 1124889294 M * martin no, it's set 1124889310 M * martin for sure, i had the old option in there before, and got an error 1124889326 M * martin /dev/cciss/c0d0p10 on /vservers type ext3 (rw,tagxid,usrquota,grpquota) 1124889382 M * martin this is what i had in the old kernel: 1124889382 M * martin CONFIG_UID16=y 1124889382 M * martin CONFIG_X86_CPUID=y 1124889382 M * martin # CONFIG_INOXID_GID16 is not set 1124889382 M * martin CONFIG_INOXID_GID24=y 1124889382 M * martin # CONFIG_INOXID_GID32 is not set 1124889410 M * martin this is the new one: 1124889411 M * martin CONFIG_UID16=y 1124889411 M * martin CONFIG_X86_CPUID=y 1124889411 M * martin # CONFIG_INOXID_UID16 is not set 1124889411 M * martin # CONFIG_INOXID_GID16 is not set 1124889412 M * martin # CONFIG_INOXID_UGID24 is not set 1124889443 M * Bertl ah, so you lied ... :) 1124889451 M * martin i lied? 1124889467 M * martin Persistent Inode Context Tagging -> (X) UID24/GID24 1124889467 M * Bertl old: CONFIG_INOXID_GID24=y 1124889475 M * Bertl new: CONFIG_INOXID_UGID24 1124889483 M * Bertl is not set :) 1124889498 M * martin but i enabled the option... Persistent Inode Context Tagging -> (X) UID24/GID2 1124889502 M * Bertl (from the .config you just pasted :) 1124889571 M * Bertl but if you upload the output of the testme.sh, I can tell you what you enabled :) 1124889578 M * martin k 1124889596 M * martin Linux-VServer Test [V0.13] Copyright (C) 2003-2005 H.Poetzl 1124889597 M * martin chcontext is working. 1124889597 M * martin chbind is working. 1124889597 M * martin Linux 2.6.12.5 i686/0.30.206/0.30.206 [Ea] (0) 1124889597 M * martin VCI: 0002:0001 273 04000016 1124889598 M * martin --- 1124889598 M * martin [000]# succeeded. 1124889600 M * martin [001]# succeeded. 1124889600 M * martin [011]# succeeded. 1124889602 M * martin [031]# succeeded. 1124889602 M * martin [101]# succeeded. 1124889604 M * martin [102]# succeeded. 1124889604 M * martin [201]# succeeded. 1124889606 M * martin [202]# succeeded. 1124889639 M * Bertl 0.30.206? 1124889692 M * martin it should be /usr/src/util-vserver-0.30.208/ 1124889700 M * Bertl you enabled CONFIG_INOXID_INTERN 1124889731 M * Bertl changing back to CONFIG_INOXID_UGID24 will fix that :) 1124889756 M * Bertl and the tools you are using report 0.30.206 ... 1124889781 M * martin INTERN... hm... i used menuconfig.... 1124889784 M * Bertl (and you might want to change the extraversion by hand) 1124889799 M * Bertl 2.6.12.5 -> 2.6.12.5-vs2.0 ... 1124890002 M * martin ok, i do a recompile then we'll see :) 1124890337 A * comdata is back 1124890345 M * comdata hello Bertl 1124890394 M * comdata tried kernel 26.13-rc6 with the pre4 patches, it doesn't compile on amd64 1124890451 M * comdata error begins with: : undefined reference to `vx_rsspages_add' 1124890451 M * comdata mm/built-in.o: In function `unmap_hugepage_range': 1124890533 M * Bertl how much memory do you have? 1124890542 M * comdata 2GByte 1124890571 M * Bertl you could disable the hugepage table stuff for now ... but you're right, it's a bug ... 1124890794 M * comdata Bertl: hopefully I found the switch in .config, will see the result in some minutes 1124890976 M * comdata Bertl: compiled fine 1124891009 M * Bertl could you reenable it and give me the first warning about vx_rsspages_add you get 1124891014 M * Bertl (not the final error) 1124891105 M * comdata Bertl: I can 1124891118 M * Bertl would be soo kind of you :) 1124891270 M * comdata Bertl: can u give me your mail-address 1124891347 M * martin bertl, can i post you a testme.sh output again? 1124891602 M * comdata Bertl: you should have a new message 1124891633 M * comdata Bertl: posted the full genkernel log 1124891681 M * Bertl martin: better upload it somewhere (e.g. pastebin.com) 1124891692 M * martin k 1124891705 M * Bertl comdata: k, tx ... 1124891726 M * martin http://pastebin.com/344998 1124891791 M * Bertl looks pretty identical to the previous one, no? 1124891815 M * martin CONFIG_INOXID_UGID24=y 1124891820 M * martin before it was not set 1124891841 M * Bertl yeah, but did you boot the new kernel? 1124891851 M * martin yep 1124891869 M * comdata bye will leave work now 1124891872 Q * comdata Quit: using sirc version 2.211+KSIRC/1.3.12 1124891943 M * martin up 23 min 1124891953 M * Bertl martin: your kernel info still says internal tagging ... 1124891982 M * Bertl please do 'uname -a' 1124891996 M * martin k, i'll do a recompile from scratch 1124892009 M * martin maybe somethings wrong with my build 1124892021 M * Bertl no need to with 2.6 .. what does your uname -a report? 1124892044 M * martin it booted the old kernel :( ... 1124892056 M * martin SMP Tue Aug 16 17:04:39 CEST 1124892068 M * Bertl okay, sounds better ... 1124892099 M * martin at least for you... ^^ 1124892105 M * martin i'll try again.... 1124892131 M * Bertl well, I guess we are both trying to resolve the issues, no? :) 1124892178 M * martin yes, ofcourse ... i just meant you've got a reason on your side why it doesn't work, and at my side am the fool... ^^ 1124892242 M * Bertl well, shit happens ... and luckily we are human ... 1124892604 M * Bertl okay, I'm off preparing lunch now ... but I'm confident that the proper kernel will resolve your issues ... 1124892619 M * Bertl will be back in 30-40 minutes ... 1124892629 N * Bertl Bertl_oO 1124893706 N * menomc mnemoc 1124895131 M * martin bertl you're a genious... everythings works again.... :D .... i'll owe you some beers when i'm in vienna ^^ 1124895216 M * martin i had a slighty problem with the xid's (capchroot error) but this was easily fixed with chxid 1124895565 N * Bertl_oO Bertl 1124895585 M * Bertl back now ... 1124895594 M * Bertl martin: you're welcome! 1124895640 J * revenger_ ~joe@bulldog.infosys.de 1124895669 M * Hollow hey Bertl 1124895683 M * Hollow what a window-ish day *bah* 1124895849 M * Bertl Hey Hollow! it is? 1124895859 M * Bertl welcome revenger_! 1124895875 M * Hollow yeah, i told you... remember? ;) but i think i'll never do... 1124896035 Q * revenger Ping timeout: 480 seconds 1124896876 M * Greek0 hmm. what happened to libvserver actually? svn shows that the last commit was the 0.3 release. 1124896910 M * Bertl Hollow is probably just holding back ... 1124896945 M * Hollow well, libvserver should work with the 2.0 api, and Bertl, you're right, i'll just look what's comming up ;) 1124896964 M * Hollow btw, did you think about kernel-userspace? what would be the best solution? 1124897024 M * Greek0 Hollow: so libvserver currently supports the full 2.0 api, and you're more or less waiting what happens on the kernel side and if someone descides to actually use libvserver to build userspace tools? 1124897054 M * Hollow kinda, yeah 1124897075 M * Hollow but i'll certainly improve libvserver by starting some new vserver apps 1124897124 M * Bertl it would be interesting to get a complete test suite for the syscall commands 1124897169 M * Bertl something systematically testing the various commands under the different circumstances ... (e.g. with/without root with/without CAP_CONTEXT) 1124897284 M * Greek0 I'm thinking of looking into swig to perhaps generate python bindings 1124897291 M * Greek0 no idea if/how this will work ot 1124897292 M * Greek0 +u 1124897376 M * Hollow Greek0: yeah, the api of libvserver will confirm to the syscalls, i don't know yet, if and how future changes to the syscalls will implemented.. 1124897450 M * Hollow i thought about making a ruby module 1124897474 M * Hollow but i stepped back wrt a vserver daemon 1124897514 M * Greek0 hmm. what would be the benifit of a vserver daemon? 1124897523 M * Greek0 (seems I have missed that discussion) 1124897562 M * Hollow the vserver daemon could handle all commands and state changes of a context 1124897636 M * Greek0 well, the commands are basically just syscalls. from the user perspective it doesn't matter IMHO if I use a lib that does syscalls, or if I use a lib that talks to the vs-daemon. 1124897665 M * Hollow i'd say the vserver daemon uses libvserver 1124897680 M * Hollow and you could talk to the daemon over rpc or sth like that 1124897691 M * Hollow would be handy for web interfaces as well 1124897692 M * martin bye 1124897692 P * martin 1124897705 M * Bertl Greek0: the advantage of a daemon would be that it could be state aware ... 1124897740 M * Bertl (i.e. it would be able to track and monitor guests) 1124897747 M * Greek0 hmm. I haven't seen too much RPC stuff that made sense to me and didn't look useless and/or overengeneered. 1124897778 M * Greek0 do we have that much state to keep? 1124897808 M * Bertl that depends on what we'll do in the future ... 1124897818 M * Greek0 I mean, some new vstools could also keep their state somewhere in /var/run (for example).. 1124897822 M * Greek0 Bertl: hmm, plans? 1124897867 M * Bertl ngnet, network devices, accounting, soft/min limits ... 1124897934 M * Greek0 btw, what are min limits supposed to do? they don't do anything currently AFAICS 1124897983 M * Bertl the complete and perfect limit plan looks like this: 1124897993 J * stefani ~stefani@superquan.apl.washington.edu 1124897997 M * Bertl (example for the NPROC case) 1124898002 M * Bertl welcome stefani! 1124898026 M * Bertl - min = 10, soft = 20, max = 30 1124898084 M * Bertl - below 20 processes the context will work as 'usual' 1124898104 M * Bertl - above 20 processes, it will get penalized for having too many processes 1124898127 M * Bertl - the absolute upper limit will be 30 processes (fork isn't possible anymore) 1124898216 M * Bertl - - if resources are scarce, (i.e. OOM killer will strike) then it will stop when the min is reached, and kill a different context :) 1124898249 J * mef ~mef@targe.CS.Princeton.EDU 1124898258 M * Bertl also the min resource will sum up over all contexts, ensuring that not more resources are 'guaranteed' than available ... 1124898261 M * Bertl welcome mef! 1124898277 M * mef bertl: I am typing an email to some folks in the EU who are interested in vserver-based IPv6 support. 1124898281 M * Greek0 ah. did you modify the OOM killer already to start killing off guest processes first? 1124898322 M * Bertl Greek0: no .. OOM killer is still unmodified ... 1124898482 M * Bertl mef: sounds interesting ... 1124898498 M * mef bertl: does my dcc chat not work because I am behind a firewall? 1124898529 M * Bertl could be ... 1124898546 M * mef did you get a request from me? Or did it not make it out? 1124899008 Q * keyser_soze Ping timeout: 480 seconds 1124899035 M * stefani how do people typoically monitor network traffic (bps e.g.) thru a guest's interface? 1124899120 J * keyser_soze ~cimarron@host30.201-252-10.telecom.net.ar 1124899170 M * Bertl stefani: with iptables and accounting rules 1124899192 M * stefani ok 1124899217 M * stefani that is what munin requires for Gb ethernet 1124899455 Q * brc Ping timeout: 480 seconds 1124899980 P * mef 1124900493 J * monrad ~monrad@213083190134.sonofon.dk 1124900796 J * sven111 ~sven@GKCDVI.dsl.saunalahti.fi 1124900910 M * sven111 hi, I am the guy who had problems with connecting to net from a vserver client 1124900947 M * sven111 I have been making some progress now 1124900964 M * sven111 I can ping the host from a vserver 1124900977 M * sven111 and other vserver from a vserver 1124900986 M * Bertl hey sven111! 1124900998 M * sven111 hi :) 1124901005 M * Bertl sounds good ... 1124901023 M * sven111 but still nothing in the outside 1124901053 M * sven111 I have ip addr show and ip route show outputs 1124901060 M * sven111 from host and a vserver 1124901067 M * sven111 I'll paste them here 1124901112 M * sven111 here is from host, ip addr show 1124901114 M * sven111 1: eth0: mtu 1500 qdisc pfifo_fast qlen 1000 1124901117 M * Bertl (use pastebin.com for larger data) 1124901121 M * renihs :) 1124901128 M * renihs hi bertl 1124901129 M * sven111 ok 1124901143 M * sven111 brb 1124901143 M * Bertl hey renihs! 1124901162 M * renihs i deployed 6 vservers today at a vienna hotel 1124901168 M * renihs smooth and fast :) 1124901177 M * Bertl cool, can we tell names? 1124901180 M * renihs sure 1124901183 M * renihs www.bestviennahotels.at 1124901188 M * Neubix bertl: http://www.neubix.de/vserver/ 1124901204 M * renihs terrible page, i am not responsible for the content 1124901205 M * renihs :) 1124901217 M * renihs i mean the hotels stuff 1124901257 M * renihs but not everyhting is up at the moment, (i guess), missing cables etc, webpage should be online though etc 1124901281 M * Bertl i.c. cool! 1124901337 M * renihs at the "congress" hotel, crystal i will deploy next week, than i need my vpns working :) 1124901382 M * Bertl Neubix: comment @ vroot: the patch is only required if vroot is not modular, and you do not need a vroot device if you don't use user/group quota inside a guest 1124901429 M * Neubix ok thanx .. I change it .. but now I must go off :( .. CU 1124901438 M * Bertl thank you, cya! 1124901458 M * sven111 Bertl: here's the stuff from iproute now: http://pastebin.com/345141 1124901477 M * renihs say, that "limit" plan, is it realised yet? :) 1124901495 Q * Neubix Quit: Verlassend 1124901503 M * Bertl sven111: tx 1124901520 M * Bertl renihs: currently the hard limits are supported (nothing more, nothing less) 1124901530 M * renihs :) k 1124901535 M * renihs good enough anyway 1124901588 M * renihs sven111, whats exactly is your problem? cant reach world from guest? or guest-guest? 1124901611 M * sven111 I can't reach the world from guest 1124901625 M * sven111 but I can reach guests, at least ping works 1124901629 M * sven111 and host 1124901642 M * Bertl sven111: you want to add something like: iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -j SNAT --to 85.76.xxx.xxx 1124901658 M * sven111 yes,I'll try that 1124901675 M * sven111 I'll let know how it goes 1124901681 M * Bertl excellent! 1124901695 M * renihs gruml, i just noticed i am very stupid 1124901704 M * Bertl hmm? 1124901829 M * renihs hmm never mind, i used a private ip on a webserver within the private subnet on some dynamic php stuff, never mind, if i connect my pc tries to reach a 192.168.0.20 ip bla 1124901836 M * renihs just got visitor, afk 1124902254 M * renihs hmm my gf says that 13thfloor is a movie, thats good to know! :) 1124902366 M * sven111 setting up nat did not work 1124902394 M * sven111 btw what does this prefix part mean in local ip address 1124902418 M * sven111 does higher value allow more local addresses? 1124902547 M * Bertl renihs: and a good one too :) 1124902578 M * Bertl sven111: okay, 'did not work' is not very informative ... 1124902594 M * Bertl sven111: let's try a few things together to narrow it down, okay? 1124902629 M * sven111 yes 1124902666 M * Bertl good, you have access via ssh to host and guest? 1124902695 M * sven111 I am using vserver on my local computer 1124902711 M * Bertl good, so I take that as a yes then :) 1124902719 M * sven111 ok :) 1124902746 M * Bertl first, if local, try to avoid any unnecessary traffic for the testing ... 1124902779 M * Bertl now let's start a terminal with 'tcpdump -vvnei eth0 icmp' 1124902786 M * sven111 ok,load is minimum because this is just a workstation 1124902807 M * sven111 starting up... 1124902829 M * sven111 ...done 1124902858 M * Bertl okay, now I'll use 85.x.x.x for your public ip 1124902864 M * sven111 ok 1124902868 M * Bertl (you replace that with the actual ip) 1124902915 M * Bertl on the host (in another terminal) we try 'ping -c 1 66.249.93.99 1124902931 M * Bertl that should show 2 packets in the tcpdump window 1124902961 M * sven111 yes,it succeeded 1124902962 M * Bertl both should contain your public ip, and the other one 1124902980 M * Bertl (one icmp echo request and a reply) 1124902985 M * sven111 yes,they are there 1124902994 M * Bertl okay, great, now let's do: 1124903018 M * Bertl 'ping -I 192.168.0.104 -c 1 66.249.93.99' 1124903036 M * Bertl I assume that will fail (in your setup) 1124903067 M * sven111 yes,it did fail 1124903068 M * sven111 bind: Cannot assign requested address 1124903119 M * sven111 no,that was because vserver was down 1124903130 M * sven111 I started it now 1124903137 M * sven111 and retried the last command 1124903160 M * sven111 it just failed, had 100% packet loss 1124903226 M * sven111 like this: 1 packets transmitted, 0 received, 100% packet loss, time 0ms 1124903348 M * Bertl okay, can you upload an anonymized version of your iptables -t nat -L and iptables -L ? 1124903360 M * Bertl (again pastebin.com pls) 1124903384 M * sven111 ok 1124904239 M * sven111 iptables -L is here: http://pastebin.com/345194 1124904245 M * Bertl tx 1124904261 M * sven111 but the other gives no output 1124904272 M * Bertl it doesn't? 1124904300 M * Bertl did you execute my suggested iptables command? 1124904329 M * sven111 I see, it is this new command 1124904331 M * Bertl iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -j SNAT --to 85.x.x.x 1124904344 M * Bertl does it fail? 1124904345 M * sven111 yes, I have it in my configuration 1124904351 M * Bertl try it manually 1124904357 M * sven111 ok 1124904360 M * Bertl maybe something is wrong ... 1124904376 M * sven111 it runs fine 1124904394 M * sven111 I am using firehol for iptables management 1124904403 M * Bertl okay, hope the iptables -t nat -L now shows something? 1124904423 M * sven111 yes 1124904432 M * sven111 I'll paste it 1124904435 M * Bertl good, then let's try the ping -I ... again ... 1124904489 M * sven111 http://pastebin.com/345200 1124904493 M * sven111 ok 1124904536 M * sven111 seems like it succeded :) 1124904549 M * sven111 1 packets transmitted, 1 received, 0% packet loss, time 0ms 1124904556 M * Bertl okay, now go and test from inside a guest (i.e. to reach the internet) 1124904565 M * sven111 ok 1124904575 M * Bertl lynx 66.249.93.99 (for example) 1124904641 M * sven111 I don't have lynx there yet, but pinging seems to work 1124904642 M * sven111 ping 66.249.93.99 1124904658 M * sven111 pinging names doesn't work,though 1124904670 M * Bertl that because of your resolver setup inside the guest 1124904675 M * Bertl /etc/resolv.conf 1124904682 M * sven111 ok,I see :) 1124904695 M * Bertl btw, the error you made (with your fw system) before is the /28 1124904707 M * Bertl your guests are at 104, 103 ... 1124904717 M * sven111 yes 1124904722 M * Bertl /28 means 28 bits for the network address 1124904724 J * revenger ~joe@bulldog.infosys.de 1124904743 M * sven111 ok,great to hear that :) 1124904752 M * Bertl this leaves 4 bits for the rest, so it will restrict 192.168.0.0/28 to 192.168.0.0-192.168.0.15 1124904767 M * sven111 I see 1124904771 M * Bertl which is not the best choice for 104,103 :) 1124904779 M * sven111 yep 1124904801 M * sven111 now what should I do with resolv.conf? 1124904819 M * Bertl look at the resolv conf on your host (I assume it's working) 1124904829 M * Bertl and copy that over to the guest (should work there too) 1124904836 M * sven111 ok 1124904857 Q * revenger_ Read error: Operation timed out 1124904866 M * sven111 yes,those name servers... 1124904941 M * sven111 done and all works now :) 1124904958 M * sven111 thanks for this all, Bertl 1124904959 M * Bertl excellent :) 1124904966 M * Bertl you're welcome! 1124905456 J * fliRt ~fliRt@dsl-082-082-118-196.arcor-ip.net 1124905558 M * fliRt hello all, question i am planing to offer vserver´s and would like to know if someone could tell me how many of vservers running for e.g on a Pentium4 3.060 Mhz with 1024 Ram 1124905579 M * Bertl welcome fliRt! 1124905619 M * Bertl the upper limits reported so far are around 200 guests on a dual Xeon with 3GB ... 1124905650 M * Bertl Pentium4 HT will count as dual 1124905680 M * Bertl but it really depends on the resources the guests require 1124905733 M * fliRt ok thx so far 1124905759 M * Bertl you're welcome! 1124907335 Q * revenger Quit: Reconnecting 1124907346 J * revenger ~joe@bulldog.infosys.de 1124907423 J * mess-mate ~mess-mate@lns-vlq-7-lil-82-254-200-164.adsl.proxad.net 1124907888 Q * fliRt Quit: ( www.nnscript.de :: NoNameScript 3.81 :: www.XLhost.de ) 1124907975 M * Greek0 Bertl: btw, do you have time for yet another round of vserver-patch questions? 1124908041 M * Bertl sure, bring it on ... 1124908223 M * Greek0 include/asm-i386/elf.h -- ELF_ET_DYN_BASE 1124908228 M * Greek0 why are you changing this? 1124908314 M * Bertl because of the split support 1124908340 M * Bertl usually it's a 3/1 split, so the TASK_SIZE/3 makes sense 1124908353 M * Bertl well, more or less IMHO :) 1124908356 M * Greek0 -v, the only change is a PAGE_ALIGN around TASK_SIZE/3 1124908449 M * Greek0 and when I looked up the uses of ELF_ET_DYN_BASE it was somewhere in the elf files (wow! ;), and there was some additional aligning going on there anyway. 1124908502 M * Greek0 oh, well. you align to 2*PAGE_SIZE, whereas binfmt_elf.c aligns to 1*PAGE_SIZE per default 1124908519 M * Bertl guess it doesn't really matter ... 1124908529 M * Greek0 (you align to 2 because you multiply TASK_UNMAPPED_BASE by 2) 1124908535 M * Bertl yep 1124908561 M * Bertl so we might remove that sooner or later 1124908596 M * Bertl (it seemed relevant when I did the split patches) 1124908731 M * Bertl yeah, I guess that might go ... 1124908798 M * Greek0 hmm. one thing just for discussion, in do_vserver you return -EPERM if the capability is missing. 1124908830 M * Greek0 would be -ENOSYS for xid > 1 an idea there? 1124908859 M * Bertl basically we 'planned' two branches/directions 1124908894 M * Bertl one which is verbose and informative for the admin, and another one which tries hard to make the vserver patch undetectable (stealth mode) 1124908927 M * Bertl as the interest in the stealth mode seized (because vps got more acceptance) we reduced the effords there 1124908959 M * Bertl but, if there is interest, we can do that based on a flag ... 1124908992 M * Greek0 nah, it's not really a huge concern for me. it was just something I noticed along the way 1124908994 M * Bertl (e.g. VXF_INFO_HIDE) 1124909042 M * Bertl (which already controls the /proc/self/{v,n}info visibility) 1124909060 M * DaCa whats the purpose of 'stealt mode'? 1124909084 M * Greek0 I think it's so stealth that it doesn't even exist currently ;) 1124909115 M * Bertl some time back the main purpose was to provide linux-vserver and make them look as real as possible ... so that you can not tell you're in a context ... 1124909142 M * Bertl (think honeypot and sandbox) 1124909175 J * pzYsTorM schak@dsl-082-082-157-063.arcor-ip.net 1124909183 M * Bertl welcome pzYsTorM! 1124909191 M * pzYsTorM good evening :) 1124909225 M * pzYsTorM got a question concerning the util-vserver 1124909259 J * Neubix ~brian@G5d05.g.pppool.de 1124909261 M * pzYsTorM what is the best method to replace the old 0.30.196 with the new 0.30.208? 1124909271 M * pzYsTorM i compiled without --prefix 1124909298 M * Bertl pzYsTorM: depends on how you installed 0.30.196 and how you are going to install 0.30.208 :) 1124909301 M * pzYsTorM are all paths the same? are all files the same?... will all be replaces? 1124909302 M * Bertl wb Neubix! 1124909305 M * pzYsTorM *replaced 1124909311 M * Neubix Hi, back :) 1124909342 M * Bertl pzYsTorM: if you compiled it from source, and plan to compile it from source right now ... then I'd go to the old dir and 'make uninstall' first 1124909345 M * pzYsTorM i wanted to compile without prefix, too. but if some paths have changed, i will have two versions 1124909381 M * pzYsTorM ah ok... 'make uninstall' was unknown to me... i will use it 1124909675 M * Greek0 Bertl: uh, well. I think that was the more important stuff 1124909718 M * Greek0 I have more written in my vserver-questions file, but these are either obsolete by now or stuff that I think I could easily come up with patches for. 1124909734 M * Bertl ah, interesting ... 1124909752 M * Greek0 think 10-line diffs 1124909755 M * Bertl care to give a short 'overview' (regarding patches) 1124909792 M * Greek0 include/linux/ext3_fs.h minor code cleanup, #ifdefs can be merged -- got to look at that one more closely, whether that really makes sense 1124909840 M * Greek0 __hash_dl_info: assert_spin_locked is missing (like in context.c) -- could also be in the set of trivial things I could add 1124909853 M * Bertl keep in mind, that we want to keep the 'changes' to mainline small, not the resulting code (for maintainability) 1124909937 M * Greek0 yep. these are just things that would probably take somewhere between 10 minutes to implement, and you could then tell me what you think of it 1124909947 M * Bertl okay, sounds good! 1124909971 Q * mess-mate Quit: leaving 1124910001 M * Greek0 one thing I've also written here is that documentation of some data structures would be nice. I don't really know if you care to provide some, but it would make reading and understanding the patch quite a bit easier IMHO 1124910027 M * Bertl examples? 1124910040 M * Greek0 the code itself is really quite well understandable, it's just that sometimes I bumped into code that used data structures that I just didn't see what they were doing. 1124910089 M * Greek0 I'm pretty sure I can come up with some. I don't have any documented yet, since this was basically just an off-the-cuff remark in my notes. 1124910279 M * Bertl okay, suprise me :) 1124910367 M * Greek0 hmm. it's also nice to read something in my notes, and just keep wondering what it may mean.. 1124910388 M * Greek0 pid_revalidate: -- discard wrong fakeinit?! 1124910392 J * spd1snd ~psingh@68-232-133-13.chvlva.adelphia.net 1124910412 M * spd1snd howdy 1124910430 M * Bertl welcome spd1snd! 1124910440 M * spd1snd im following the vserver howto on the gentoo wiki and having some trouble: ive created a "skeleton" gentoo install as the document suggest, but now i cant get it to start. i attempt to run "vserver TemplateServer start" and get "ipv4root is now . New security context is 49168. No command given; use '--help' for more information." Anyone have any ideas? (I realize that I could've asked this in the Gentoo-Vserver channel 1124910548 M * Bertl you can not start a skeleton guest 1124910570 M * Bertl also you should not use dynamic contexts but static context ids :) 1124910586 M * Bertl there is a Gentoo-Vserver channel? 1124910636 M * spd1snd hmm, so if ive installed the "skeleton" and now want to create testing vserver, i should use "vserver testserver build --context xxxx" and then copy over the files in the template directory to the new vserver directory? 1124910655 M * spd1snd yes, the gentoo channel is #gentoo-vserver on freenode 1124910756 M * spd1snd actually, where do I find a listing of the available build methods? the command that i wrote above doesnt seem to work, i need some sort of build method to create a new vserver 1124910797 M * daniel_hozac vserver - build --help ;) 1124910839 M * Greek0 Bertl: also I think we talked about vx_map_[ug]id() already, and whether that [ug]id = -2; is really correct there (instead of a plain return -2;) this would also be the kind of things I could send patches for. 1124910856 M * spd1snd daniel_hozac: thanks :) 1124911211 M * pzYsTorM Bertl: is it ok, that the make-process of util-vserver-0.30.208 consists of thousands and thousands of warnings concerning redefined symbols... and obsolete parameters? 1124911251 M * Bertl depends on the compiler, but some are quite okay ... 1124911263 M * Bertl Greek0: yeah, right ... 1124911299 M * Neubix Bertl: you can suggest me a good config for shmparam.h (Semaphoren) .. To start more guest I must echo .... 1124911399 M * Bertl Neubix: something to /proc/sys/kernel/... 1124911407 M * spd1snd if ive got gentoo installed into a skeleton vserver (as the gentoo wiki suggests), how can i use that as a template when a create new vservers? im trying to use the "copy" build method but am getting an error that "vserver-build.copy" doesn't exist 1124911452 M * Neubix I know .. echo "1024 32000 32 1024" > /proc/sys/kernel/sem .. but I don't know is this a good way .. 1124911466 M * Bertl for now, the best way is to create a new skeleton, then copy the template over to the dir ... 1124911544 M * spd1snd well if i copy the template over, how do i change the context id of the new vserver? or is that even necessary? 1124911571 M * Bertl the context id as well as the other config options are stored elsewhere (in /etc/vservers) 1124911743 M * spd1snd ah ok, let me give that shot 1124911785 M * spd1snd also- i notice that the gentoo-wiki says that we should use a "plain" initstyle, if i dont specify that option what does it default to? 1124911815 M * Bertl maybe the gentoo init style (or sysv) ... don't know 1124911849 M * Bertl there are defaults you can set, I don't know the gentoo ones 1124911939 M * spd1snd gotcha, well when i setup the original skeleton and installed gentoo in there, i dudnt specify a context or initstyle, im wondering why it doesnt start now... i'll play around a bit and make sure i didnt miss a step 1124911988 M * Bertl there is a --debug option to vserver and you can check the initstyle in the config dir in /etc/vservers/name/init* 1124912113 M * Bertl okay, I'm off for now .. will be back later ... 1124912116 M * Bertl have fun! 1124912120 M * spd1snd thanks for all the help 1124912121 N * Bertl Bertl_oO 1124912464 Q * Neubix Quit: Verlassend 1124912610 Q * keyser_soze Quit: Abandonando 1124915057 J * yarihm ~yarihm@80-218-5-17.dclient.hispeed.ch 1124915245 Q * pg`aw|cereal Ping timeout: 480 seconds 1124915987 Q * monrad Quit: Leaving 1124917115 J * mess-mate ~mess-mate@lns-vlq-7-lil-82-254-200-164.adsl.proxad.net 1124917121 J * monrad ~monrad@213083190134.sonofon.dk 1124917141 P * mess-mate 1124918385 J * case ~case@donpanic.faveve.uni-stuttgart.de 1124918464 J * pg`aw|cereal ~cereal@217.20.124.153 1124918959 J * Aiken ~james@tooax6-214.dialup.optusnet.com.au 1124919390 Q * OliverA Ping timeout: 480 seconds 1124919980 J * OliverA ~kvirc@ti200710a080-11067.bb.online.no 1124920047 Q * spd1snd Quit: spd1snd 1124920656 M * mlong168 inside one of my vservers can i use iptables and if yes how? 1124921348 J * mess-mate ~mess-mate@lns-vlq-7-lil-82-254-200-164.adsl.proxad.net 1124921383 Q * mess-mate Quit: 1124921726 J * keyser_soze ~cimarron@host30.201-252-10.telecom.net.ar 1124921812 Q * yarihm Quit: Leaving 1124922239 J * mess-mate ~mess-mate@lns-vlq-7-lil-82-254-200-164.adsl.proxad.net 1124922435 N * Bertl_oO Bertl 1124922460 M * Bertl mlong168: not yet ... networking has to be done on the host ... 1124922542 M * mess-mate Bertl: looked somewhat tighter to linux-vserver, didn't know newvserver is not part of it. 1124922627 M * Bertl mess-mate: ah, now we are heading somewhere ... doesn't mean that I don't like the idea of newvserver ... it just needs to be _more_ _generic_ so that it can be used on _all_ distros ... 1124922668 M * Bertl (and at this point, it can be integrated/fed back/whatever to util-vserver) 1124922670 M * mess-mate Bertl: as a newbie installed everything i've founded about vserver. 1124922711 M * Bertl yes, I know .. to some degree, every distro plays this game ... 1124922783 M * mess-mate Bertl: added in the debian vserver-utils 1124923039 Q * mess-mate Quit: leaving 1124923091 M * SiD3WiNDR it's actually in vserver-debiantools if I'm not mistaken :) 1124923105 M * SiD3WiNDR not in util-vserver package ;) 1124923134 M * Bertl yep ... 1124924080 Q * obi Ping timeout: 480 seconds 1124924109 J * obi ~obi@asus.saftware.de 1124924508 M * Bertl wb obi! :) 1124926004 J * litage ~nick@203.201.96.101 1124926007 M * Aiken which kernel is 2.1.0-pre4 against? 2.6.13-rc7? 1124926023 M * Aiken I was triggering a kernel bug in the combination that was current this time yesterday 1124926030 M * litage can multiple vservers each have their own ip address, but the actual host that the vservers are running on have no ip address? 1124926105 M * Bertl Aiken: no, it was rc6 ... but I have an rc7 version too 1124926128 M * Bertl litage: no, the host always has _all_ ips (for now) 1124926143 M * litage Bertl: ah...why is that? 1124926157 M * Bertl because networking is basically done on the host 1124926174 M * Bertl the guests are just subsets (regarding IP addresses) 1124926191 P * stefani I'm Parting (the water) 1124926202 M * Bertl litage: but you can limit the host services too .. this way you can prevent them from using guest IPs 1124926216 M * Bertl (by using chbind for them) 1124926228 M * Bertl Aiken: any records of the oops` 1124926235 M * Bertl s/`/?/ 1124926297 M * Aiken I'll put on pastebin what I have but no kernel symbols 1124926320 M * Bertl do you still have the kernel tree (with vmlinux)? 1124926329 M * Aiken yes 1124926333 M * Bertl excellent! 1124926345 M * Aiken it was pre1, still have to try pre4 1124926351 M * Aiken http://pastebin.com/345520 1124926392 M * Bertl okay, let's use addr2line -e vmlinux on the addresses 1124926396 M * Aiken I was playing with the cow feature, had made a guest with cp -Rl new-master/ hoppy;find hoppy -type f -exec setattr --iunlink {} ';' 1124926440 M * Aiken and the kernel would oops when starting the new vserver 1124926495 Q * renihs Quit: Leaving 1124926501 M * Bertl hmm, the bugon is COW related ... sounds interesting 1124926501 M * Aiken I get ??:0 1124926521 M * Aiken Aug 24 15:17:36 localhost kernel: Kernel bug at fs/namei.c:1232 1124926529 M * Bertl addr2line -e vmlinux fffffc00003a35a4 1124926539 M * Bertl doesn't report any line number? 1124926548 M * Aiken (root@pebbles) addr2line -e vmlinux fffffc00003a35a4 1124926548 M * Aiken ??:0 1124926574 M * Aiken To get that kernel small enough I used the embeded options to remove the kernel symbols 1124926587 M * Bertl i.c. ... 1124926596 M * Aiken the 4 meg limux with that machine is being more a problem with each kernel release 1124926605 M * Aiken 4 meg size limit 1124926635 M * Bertl let's try ksymoops them ... 1124926663 M * Bertl make sure to specify the System.map 1124926721 M * Bertl but did I get that right, you are able to reproduce that somehow? 1124926809 M * Aiken I am trying to get the kernel size down enough that I can have the symbols included 1124926867 M * Aiken and don't seem to have ksymoops installed 1124926956 M * litage Bertl: you mentioned "(for now)". are there plans to make the host not have all ip addresses? 1124927108 M * Bertl litage: we are planning to move to a virtual network setup (at least as option) 1124927132 M * litage Bertl: is it known when that will occur? 1124927141 M * Aiken goign through system.map manually the top line in the backtrace is in vfs_rename 1124927158 M * Bertl okay, that's what I suspected ... 1124927177 M * Aiken next line is in cow_break_link 1124927183 M * Bertl don't bother with the addresses any longer ... important is if you can reproduce it 1124927221 M * Aiken yes, I can reproduce it, all I have to do is trying starting the new vserver and it OOPs 1124927236 M * Bertl excellent! let me add some debug stuff ... 1124927252 M * Aiken I'll try pre4 first, just managed to download it 1124927260 M * Bertl okay, np 1124927273 M * Aiken I have 7 hours to go on a download so everything else is very very slow 1124927379 M * litage Bertl: where can i find out more about the virtual network setup? 1124927406 M * Bertl litage: here on the channel I'd say ... it's called ngnet 1124927902 Q * Doener Read error: Operation timed out 1124927931 J * Doener ~doener@p548750B8.dip.t-dialin.net