1126396802 M * Thorsten I delete tg_a.txt and x.log bevore I start? 1126396821 M * Bertl tg_a.txt yes, x.log no need to do so 1126396836 M * Bertl (otherwise you have to recreate it as before) 1126396865 M * Thorsten # cat /tmp/x.log 1126396865 M * Thorsten 11097 1126396865 M * Thorsten -rw-r--r-- 1 root root 25 Sep 10 23:54 /tmp/tg_a.txt 1126396865 M * Thorsten -rw-r--r-- 1 root root 25 Sep 10 23:54 /tmp/tg_a.txt 1126396865 M * Thorsten 11210 1126396866 M * Thorsten -rw-r--r-- 1 root root 25 Sep 11 00:00 /tmp/tg_a.txt 1126396867 M * Thorsten CapInh: 0000000000000000 1126396869 M * Thorsten CapPrm: 00000000d44c04ff 1126396873 M * Thorsten CapEff: 00000000d44c04ff 1126396875 M * Thorsten root 1126396877 M * Thorsten -rw-r--r-- 1 root root 25 Sep 11 00:00 /tmp/tg_a.txt 1126396879 M * Thorsten # cat /tmp/tg_a.txt 1126396881 M * Thorsten next line should be news 1126396919 J * cantabile_03 ~cantabile@AOrleans-204-1-4-205.w80-13.abo.wanadoo.fr 1126396984 M * cantabile_03 Bertl: Hre I am. The first part is okay. I'm afraid I didn't get really the second part : WHERE do I add the SNATOUT chain and what must I do in ifup ? 1126397033 M * Bertl cantabile_03: please remind me, what was the first part? 1126397108 M * cantabile_03 I wrote iptables -t nat -I POSTROUTING -s -j SNAT --to , but the public ip is still 'harcoded' 1126397133 M * Bertl Thorsten: do you use any additional security stuff like grsec or selinux? 1126397142 M * cantabile_03 BTW, works like a charm: apt-get running right now :) 1126397164 M * Bertl cantabile_03: okay, the second part then is the generalization of that setup 1126397197 M * Bertl cantabile_03: you should have a look into the iptables documentation how to create a custom chain 1126397223 M * Thorsten Bertl, if I do then not on purpose. 1126397269 M * Bertl Thorsten: my first idea, but that was obviously wrong, was that cron is running the script as non-root user (or at elast not with the permissions required to execute su) 1126397282 M * Thorsten ah, ok 1126397290 M * cantabile_03 Bertl: OK. Then, when the chain will be created, what should I do ? 1126397305 N * Duschinger [MUPPETS]Gonzo 1126397326 M * Bertl cantabile_03: whenever ppp* gets it's ip, you flush the custom chain and write a new version doing the SNAT 1126397346 M * Bertl hey [MUPPETS]Gonzo! liked the |rats :) 1126397368 M * Bertl Thorsten: so let's modify it again ... 1126397384 M * Thorsten ok 1126397398 M * cantabile_03 Ok, so I'll have to do it every time I connect to the net, unless I get a router or some gateway ? 1126397419 M * Bertl Thorsten: http://pastebin.com/360206 1126397443 M * Bertl cantabile_03: no, the ifup script will do it for you on ppp* up 1126397445 M * Thorsten Is there anything in /proc/config.gz I should check to see if there are additional security features turned on? 1126397469 M * Bertl Thorsten: let's have a look at the strace first (upload it somewhere if possible) 1126397520 M * cantabile_03 Ok. I'll try that. Thanks for the precious help. I've been lurking on the web for two days :) See you. 1126397523 Q * kas_3 Remote host closed the connection 1126397544 M * Bertl cantabile_03: my pleasure! feel free to idle around ... 1126397565 M * cantabile_03 I will ! 1126397575 Q * cantabile_03 Quit: Leaving 1126397610 J * dddd44 ~dhb55@tor-irc.dnsbl.oftc.net 1126397713 M * nayco_laptop back 1126397782 J * kas_3 ~dhb55@tor-irc.dnsbl.oftc.net 1126397800 M * Thorsten Bertl, http://tgunkel.de/vs/su.trace 1126397812 M * Bertl tx, wb nayco_laptop! 1126397860 M * Bertl Thorsten: ah, that's funny! 1126397878 Q * kas_3 Remote host closed the connection 1126397878 M * Bertl Thorsten: the resource limit is causing this ... 1126397909 M * Bertl the cron seems to lower the NOFILE to 1024, which in turn doesn't work for the su 1126397924 J * kas_3 ~dhb55@tor-irc.dnsbl.oftc.net 1126397939 M * Bertl Thorsten: IMHO there are 3 solutions to that: 1126397941 M * Thorsten And inside a vserver it can raise it again so it fails? 1126397959 M * Bertl it can _not_ raise it .. that's why it fails 1126397965 M * Thorsten sure 1126397981 M * Bertl a) you can use the rlimit ccapability 1126397993 M * Bertl b) you can remove the limit cron does imply 1126398027 M * Bertl c) you can change su to not bail out if it doesn't have the proper capability to raise limits (and a limit can not be raised) 1126398039 M * Bertl basically I'd opt for c) as it is a bug in su 1126398075 M * Bertl (of course, it will not be observed on typical linux systems, as they _have_ the proper capabilities) 1126398095 Q * dddd44 Ping timeout: 480 seconds 1126398139 M * Bertl I assume, the su fails if you simply remove CAP_SYS_RESOURCE (on any linux system) 1126398162 M * Thorsten But with c) I must patch the su binary in all vserver clients 1126398192 M * Thorsten With a) I must only change a vserver option, right? 1126398198 M * Bertl yeah, well, that's up to you :) 1126398241 M * Thorsten This is a standard Debian Sarge installtion, why I'm I the first one to discover this? 1126398293 M * Bertl maybe nobody runs cron scripts using su? maybe your cron is configured special? 1126398335 J * dddd44 ~dhb55@tor-irc.dnsbl.oftc.net 1126398358 M * Thorsten I guess this syslog entries are caused by the same issue? pam_limits[816]: setrlimit limit #6 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 1126398368 M * Bertl yep 1126398428 M * Thorsten So I guess I try to use a) Should we ask the su maintaier to fix su for c) as a long term solution? 1126398521 M * Bertl I would suggest to recreate this with the reducecap tool on a normal linux system, and then file a proper bugreport/featurerequest 1126398547 M * Bertl Thorsten: you're using 2.6/vs2.0.x? 1126398563 M * Thorsten # uname -a 1126398564 M * Thorsten Linux server 2.6.12.4-vs2.0 1126398625 Q * kas_3 Ping timeout: 480 seconds 1126398741 M * Thorsten Bertl, did I understand this right that I have to create a ccapabilities file for each vserver client and put VC_VXC_SET_RLIMIT in it? 1126398773 J * kas_3 ~dhb55@tor-irc.dnsbl.oftc.net 1126398857 M * Bertl DECL("rlimit", VC_VXC_SET_RLIMIT), 1126398868 M * nayco_laptop Mmmmm, I'm having a look to the kernel source to find where the quotactl is done, and to track the path from the syscall to the code actually doing the operation; 1126398880 M * Bertl Thorsten: so you simply add 'rlimit' to the ccapabilities file ... 1126398886 M * Thorsten ah, thx 1126398921 M * nayco_laptop But, I cannot find where the syscalls are implemented. I mean, syscalls are defined in ./include/linux/syscalls.h, 1126398942 M * nayco_laptop but where is the code of these functions ? 1126398954 M * nayco_laptop something like "syscall.c" ? 1126398985 M * Bertl nayco_laptop: the relevant code (which I'm checking right now :) is in fs/quota.c 1126399001 M * Bertl and xfs/quota/xfs_qm_syscalls.c 1126399160 Q * dddd44 Ping timeout: 480 seconds 1126399181 M * Bertl Thorsten: you have the cap_quota capability set, yes? 1126399198 M * Thorsten How do I check? 1126399234 M * Bertl Thorsten: *sorry* 1126399240 M * Bertl nayco_laptop: you have the cap_quota capability set, yes? 1126399263 M * nayco_laptop I found the last one, but as far as my poor C programming capabilities ("hello, world") enable me, I thought that there would be a corresponding "sysctl.c" file that would do the redirection to the actual quotactl function... 1126399265 M * Bertl Thorsten: just add the rlimit to the ccapabilities file and try again :) 1126399303 J * dddd44 ~dhb55@tor-irc.dnsbl.oftc.net 1126399321 M * Bertl nayco_laptop: okay, I guess I found it ... 1126399324 M * nayco_laptop So what I learn here is that syscalls are implemented all around the kernel sources, not in one file or directory ? 1126399345 M * Bertl nayco_laptop: yes, they are implemented where they make sense ... 1126399427 M * nayco_laptop mmmm... 1126399456 M * Bertl fs/xfs/quota/xfs_qm_syscalls.c 1126399475 M * Bertl change all appearances of !capable(CAP_SYS_ADMIN) 1126399488 M * Bertl which do return XFS_ERROR(EPERM); 1126399498 M * Bertl to something like this: 1126399528 M * Bertl if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_QUOTA_CTL)) 1126399532 M * Bertl return XFS_ERROR(EPERM); 1126399550 M * Thorsten Mmm, Bertl it seems I missed something. 1126399550 M * Thorsten 20658 setrlimit(RLIMIT_NOFILE, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = -1 EPERM (Operation not permitted) 1126399556 M * Thorsten ... 1126399558 M * Bertl nayco_laptop: (or in the force case) 1126399563 M * Thorsten 20658 write(2, "su: Permission denied\n", 22) = 22 1126399566 M * nayco_laptop so, there must be a quotactl redirector somewhere who directs the syscall to the right function depending on the fs type... hence the access to mtab 1126399570 M * Bertl if (!force && !capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_QUOTA_CTL)) 1126399580 M * Bertl return XFS_ERROR(EPERM); 1126399584 M * nayco_laptop no, forget my last sentence ;) 1126399592 M * Bertl nayco_laptop: then recompile the kernel, will you? 1126399613 M * nayco_laptop Ok, I first check the ccapabilities file 1126399660 M * nayco_laptop Bertl: [root@nayport linux]# cat /etc/vservers/quota/ccapabilities 1126399661 M * nayco_laptop quota_ctl 1126399670 M * Bertl yeah, should be fine 1126399673 M * nayco_laptop is it right ? 1126399676 M * nayco_laptop k 1126399680 M * nayco_laptop so.. 1126399685 Q * kas_3 Ping timeout: 480 seconds 1126399693 M * Bertl Thorsten: sec, checking ... 1126399707 Q * Blissex Read error: Connection reset by peer 1126399795 M * nayco_laptop Bertl: er... Should I use your 02:45 "patch", or your 02:46 one ? 1126399830 M * Bertl depends on what type of check you encounter (there are two kinds) 1126399850 M * nayco_laptop mmm, ok. 1126399862 M * Bertl Thorsten: inside the guest, please do 'grep Cap /proc/self/status' and verify that the ccap is set 1126399876 M * nayco_laptop do you think there are many, or will manual edit will do it 1126399876 M * nayco_laptop ? 1126399914 M * Thorsten Mmm, CapInh: 0000000000000000 1126399914 M * Thorsten CapPrm: 00000000d44c04ff 1126399914 M * Thorsten CapEff: 00000000d44c04ff 1126399914 M * Thorsten looks like bevore I changed it 1126399932 M * Bertl nayco_laptop: there are 4 1126399943 M * Bertl Thorsten: did you restart the guest? 1126399952 M * Thorsten Yes 1126399960 M * Thorsten I even tried a stop and start 1126399979 M * Thorsten Is this right: 1126399980 M * Thorsten # cat /etc/vservers/test3/ccapabilities 1126399980 M * Thorsten rlimit 1126399981 M * Bertl check the ccapabilities file in your config 1126400007 M * Bertl maybe a missing newline? 1126400121 M * Thorsten md5sum /etc/vservers/test3/ccapabilities 1126400122 M * Thorsten 6b119eabeb5551c11c672f08f64c8386 /etc/vservers/test3/ccapabilities 1126400136 M * Thorsten Is this right? 1126400142 M * Bertl no idea :) 1126400158 M * Thorsten I tried to remove the newline but that didn't work either 1126400162 M * Bertl but I'll try ... 1126400196 M * Thorsten echo rlimit | md5sum gives the same 1126400244 M * Bertl md5sum /etc/vservers/test101/ccapabilities 1126400245 M * Bertl 6b119eabeb5551c11c672f08f64c8386 /etc/vservers/test101/ccapabilities 1126400256 M * Bertl cat /proc/virtual/101/status 1126400256 M * Bertl UseCnt:27 1126400256 M * Bertl Tasks:12 1126400256 M * Bertl Flags:0000000002000010 1126400258 M * Bertl BCaps:00000000344c04ff 1126400261 M * Bertl CCaps:0000000000000103 1126400301 M * Bertl VXC_SET_RLIMIT 0x00000002 1126400315 M * Bertl so 103 is fine here, verify with your data ... 1126400325 M * Thorsten How can I find out which id test3 has? 1126400339 M * Bertl the grep before was nonsense .. use 1126400346 M * Bertl vserver-stat 1126400359 M * Bertl to get the xid, then check in proc 1126400361 M * Thorsten ah 1126400385 M * Thorsten # cat /proc/virtual/49178/status 1126400385 M * Thorsten UseCnt: 16 1126400385 M * Thorsten Tasks: 6 1126400385 M * Thorsten Flags: 0000000202000010 1126400385 M * Thorsten BCaps: ffffffffd44c04ff 1126400386 M * Thorsten CCaps: 0000000000000103 1126400388 M * Thorsten Ticks: 0 1126400403 M * Bertl so it is set now ... please retry including the strace ... 1126400465 M * nayco_laptop Bertl: http://pastebin.com/360245 <= If ok, I launch the compilation.... 1126400489 J * KeneK kht@gvtc01030.skypoint.net 1126400511 M * Bertl welcome KeneK! 1126400527 M * nayco_laptop But do I need to make oldconfig ? Do I need to make modules or will make bzImage will suffice ? 1126400530 M * KeneK hi! 1126400535 M * Bertl nayco_laptop: looks fine to me, except for the indentation (which doesn't matter) 1126400546 M * nayco_laptop Ooops ;) 1126400571 M * Bertl nayco_laptop: make && make modules_install && make isntall (or whatever you do to install it :) 1126400576 M * nayco_laptop ok, >setting up distcc< 1126400606 M * Thorsten Bertl, http://tgunkel.de/vs/su2.trace 1126400607 M * nayco_laptop 'cause My 128 Mb PIII700 is damn slow, and I don't wanna spend the night in front of it... :D 1126400628 M * Bertl nayco_laptop: the 2.6 kernel build system is quite efficient 1126400679 M * Bertl Thorsten: what is your arch? maybe testme.sh output? 1126400698 M * Thorsten i386 1126400732 M * Thorsten vserver.13thfloor.at/Stuff/SCRIPT/testme.sh ? 1126400739 M * Bertl yep 1126400767 M * Thorsten inside or outside the vserver? 1126400773 M * Bertl host 1126400839 M * Thorsten ./testme.sh 1126400839 M * Thorsten Linux-VServer Test [V0.13] Copyright (C) 2003-2005 H.Poetzl 1126400839 M * Thorsten chcontext is working. 1126400839 M * Thorsten chbind is working. 1126400839 M * Thorsten Linux 2.6.12.4-vs2.0 i686/0.30.207/0.30.207 [Ea] (0) 1126400840 M * Thorsten VCI: 0002:0001 273 03000016 1126400842 M * Thorsten --- 1126400844 M * Thorsten [000]# succeeded. 1126400846 M * Thorsten [001]# succeeded. 1126400848 M * Thorsten [011]# succeeded. 1126400850 M * Thorsten [031]# succeeded. 1126400851 M * Bertl k 1126400852 M * Thorsten [101]# succeeded. 1126400854 M * Thorsten [102]# succeeded. 1126400856 M * Thorsten [201]# succeeded. 1126400858 M * Thorsten [202]# succeeded. 1126400886 M * Thorsten Maybe the Debian Vserver package I've installed is too old for vserver 2.0? 1126400888 M * Bertl let me try something ... 1126400922 J * kas_3 ~dhb55@tor-irc.dnsbl.oftc.net 1126400957 M * Bertl anybody with a vanilla 2.6.12.4 kernel around? 1126401000 M * Bertl Thorsten: on the host, bash -c "ulimit -HS -n unlimited" fails with the same error, right? 1126401030 M * Thorsten bash -c "ulimit -HS -n unlimited" 1126401031 M * Thorsten bash: line 1: ulimit: open files: cannot modify limit: Operation not permitted 1126401052 M * Bertl the guest su is woody or sarge? 1126401069 M * Thorsten Guest and Host are both Sarge 1126401079 M * Bertl okay, here is my latest theory :) 1126401102 M * Bertl - some folks reported that woody/sarge has problems with 'very recent' kernels 1126401133 M * Bertl - in the kernel I see a check like this (kernel/sys.c): 1126401139 M * Bertl if (resource == RLIMIT_NOFILE && new_rlim.rlim_max > NR_OPEN) 1126401144 M * Bertl return -EPERM; 1126401158 M * Bertl - I have no idea where it comes from, actually, but ... 1126401176 M * Bertl - NR_OPEN = 1024 and RLIM_INFINITY = ~0 1126401183 M * nayco_laptop Bertl: time make -j 3 CC=distcc bzImage 1126401183 M * nayco_laptop ;-) 1126401201 M * Bertl Thorsten: so I assume this check 'just' fails :) 1126401222 A * Bertl is now checking where that line comes from ... 1126401262 M * nayco_laptop Huh ??? 1126401268 M * nayco_laptop ernel: arch/i386/boot/bzImage is ready 1126401268 M * nayco_laptop 41.14user 6.68system 1:47.28elapsed 44%CPU (0avgtext+0avgdata 0maxresident)k 1126401268 M * nayco_laptop 0inputs+0outputs (67major+150807minor)pagefaults 0swaps 1126401278 M * nayco_laptop er, that's what I call efficient ! 1126401280 Q * dddd44 Ping timeout: 480 seconds 1126401336 J * dddd44 ~dhb55@tor-irc.dnsbl.oftc.net 1126401340 M * nayco_laptop so, it missed the change, or it managed to compile only the change code then glued it with the rest :O ? 1126401375 M * Bertl yep, I said pretty efficient :) 1126401444 M * nayco_laptop oh, checked the dates: It did not touch the kernel binary ;) 1126401465 Q * kas_3 Ping timeout: 480 seconds 1126401480 M * nayco_laptop For a couple of seconds, I thought I had ben given a quadri-opteron laptop :D 1126401514 M * nayco_laptop ok, this time I gonna use "make clean" right ;çp 1126401540 M * Bertl why? 1126401558 M * Bertl are you masochistic? 1126401621 M * nayco_laptop Because "bzImage" dates from september 7 on the disk, and we are september 11... (Oh, I forgot that it was today ;-|) 1126401643 M * nayco_laptop No, i'm not, I stopped using MS software a couple of years ago ;) 1126401667 M * nayco_laptop no, I think it has not compiled anything ! 1126401720 M * Bertl well, if you modified the file, it will recompile the necessary stuff 1126401720 M * nayco_laptop but, well, how could I know ? 1126401741 M * Bertl might not be the kernel though, depends if you compiled the stuff as module or not 1126401742 M * nayco_laptop ohhh, I know, wait ! 1126401819 M * Bertl Thorsten: the line is in 2.6.10 too, I don't see how this could work on any vanilla kernel higher than 2.6.10, do you happen to ahve a more recent one (vanilla) lying around? 1126401821 M * nayco_laptop ok, looked in /boot, the kernel is the same. But you are right, maybe it's a module... 1126401839 M * Bertl check the date of the corresponding .o file 1126401850 Q * dddd44 Ping timeout: 480 seconds 1126401914 M * Thorsten No, sorry 1126401925 M * Thorsten I could just wget one for sure 1126401935 M * Bertl Thorsten: okay, would it be possible to try with 2.6.12.4 ? 1126401950 M * Bertl or make that 2.6.12 if that's easier ... 1126401957 J * dddd44 ~dhb55@tor-irc.dnsbl.oftc.net 1126401974 M * Thorsten But I already have 2.6.12.4? 1126401984 M * Bertl yes, but with the linux-vserver patches 1126402002 M * Bertl I'd like to see the ulimit fail with a vanilla (mainstream) kernel 1126402014 M * nayco_laptop ok, I cannot prove anything, so let's be confident in the kernel build tool : make install, make reboot ! 1126402022 M * Thorsten I fear I don't get the point 1126402034 M * Thorsten This is a vanilla kernel + vserver-patch? 1126402050 M * Bertl Thorsten: I assume that the su is somehow doing something which will fail on an unpatched linux kernel too 1126402076 M * Bertl the ulimit -HS -n unlimited fails, and so the su aborts ... 1126402083 M * Thorsten Ah, so I should boot a kernel *without* vserver patch 1126402094 M * Bertl yep, precisely, one newer than 2.6.10 1126402127 M * Thorsten My workstation has 2.6.12.2 1126402131 M * Thorsten just a second 1126402133 M * Bertl great! 1126402170 M * Thorsten # bash -c "ulimit -HS -n unlimited" 1126402171 M * Thorsten bash: line 1: ulimit: open files: cannot modify limit: Operation not permitted 1126402179 M * Bertl thought so ... 1126402203 J * kas_3 ~dhb55@66.254.98.196 1126402215 M * Bertl if you are really adventurous, you can try the cron script there ... (with the strace) 1126402233 M * Thorsten kk 1126402243 M * Bertl (might be that su behaves differently inside the guest) 1126402288 M * nayco_laptop Hey, the kernel build tool has improved over the years : Now one has only to type make install an every thing gets done, or only the delta ! There is no more need to type "make dep bzImage modules modules_install..." 1126402407 M * nayco_laptop ok, it lasted 02:30, and it recompiled some do_mounts stuff. So all I need now is to reboot: Be righ 1126402415 M * Bertl nayco_laptop: we should post that on lkml ... :) 1126402444 M * nayco_laptop what ? 1126402454 M * Bertl Hey, the kernel build ... 1126402479 M * Bertl guess the kernel folks do not get positive feedback that often ... 1126402486 M * nayco_laptop my great discover of the kernel programmers's talent or the patch 1126402490 M * nayco_laptop ok ;-) 1126402497 M * nayco_laptop Ahemmm : 1126402500 Q * dddd44 Ping timeout: 480 seconds 1126402501 M * nayco_laptop Hummmm ! 1126402509 M * nayco_laptop => LINUS, YOU ROCK 1126402516 M * nayco_laptop => ALAN, SO OF YOU 1126402521 M * nayco_laptop => ... ok, ok.. 1126402530 M * nayco_laptop they deserver it, that's true ;) 1126402544 M * nayco_laptop so : reboot 1126402560 Q * nayco_laptop Quit: Leaving 1126402573 J * dddd44 ~dhb55@tor-irc.dnsbl.oftc.net 1126402682 M * nayco Bertl: In fact, the kernel image was not built by make bzImage :O ! 1126402692 M * nayco It was built by make install ! 1126402698 A * MooingLemur leaks milk. 1126402711 M * nayco looking to /boot, I found the date finally changed. 1126402825 Q * kas_3 Ping timeout: 480 seconds 1126402872 M * Thorsten Bertl, http://tgunkel.de/vs/su3.trace 1126402980 M * Bertl oh, we investigated the wrong one :) 1126402999 M * Bertl guess that's not my day regarding tracking down issues :) 1126403015 M * Bertl setpriority(PRIO_PROCESS, 0, 0) = -1 EACCES (Permission denied) 1126403028 M * Bertl setpriority(PRIO_PROCESS, 0, 0) = 0 1126403052 M * Bertl so I assume it tries to raise the priority, do you use something to lower the nice value? 1126403071 M * Bertl i.e. do you have a nice value in the config or in your pam? 1126403090 M * Thorsten In which config? 1126403105 M * Bertl the vserver guest config, or the guest's pam config 1126403133 M * Thorsten The test3 vserver client is a fresh debootstraped sarge without any changes from me 1126403152 M * Bertl okay, let's investigate the config first ... 1126403164 M * nayco ouch : kernel panic, unable to mount root fs [...] keyboard reports too many key press (Is this one related ? No, my cat did not stepped on the keyboard) 1126403191 M * Thorsten /vservers/test3/etc/pam.conf seems to be empty (only comments) 1126403195 M * Bertl (something like 'find /etc/vservers/ -type f -print -exec cat {} \; ) 1126403240 M * Bertl nayco: I'd assume your initrd was rebuilt (maybe incorrectly) 1126403264 M * Thorsten # find /etc/vservers/test3/ -type f -print -exec cat {} \; 1126403264 M * Thorsten /etc/vservers/test3/apps/pkgmgmt/internal 1126403264 M * Thorsten /etc/vservers/test3/interfaces/dev 1126403264 M * Thorsten eth0 1126403264 M * Thorsten /etc/vservers/test3/interfaces/0/ip 1126403265 M * Thorsten 10.0.1.38 1126403269 M * Thorsten /etc/vservers/test3/uts/nodename 1126403271 M * Thorsten test3.localdomain.tgunkel.de 1126403273 M * Thorsten /etc/vservers/test3/name 1126403275 M * Thorsten test3 1126403277 M * Thorsten /etc/vservers/test3/fstab 1126403279 M * Thorsten none /proc proc defaults 0 0 1126403281 M * Thorsten #none /tmp tmpfs size=16m,mode=1777 0 0 1126403283 M * Thorsten none /dev/pts devpts gid=5,mode=620 0 0 1126403283 M * nayco oh... Want can I do ? Rebuild he entire kernel by "make"ing "clean" 1126403285 M * Thorsten /etc/vservers/test3/ccapabilities 1126403287 M * Thorsten rlimit 1126403314 M * Bertl nayco: was more thinking about using the old initrd? 1126403350 M * nayco Bertl: well, it must have been overwriten, no ? 1126403392 M * Bertl could be, how did you isntall the previous kernel/initrd? 1126403414 M * nayco well, with "make install" 1126403428 M * nayco same as today 1126403450 M * Bertl okay, I have no idea then why it fails/failed ... 1126403482 M * Thorsten My su? 1126403497 M * Bertl Thorsten: no, please do 'nice' inside the guest 1126403525 M * Thorsten # nice 1126403525 M * Thorsten 0 1126403536 M * Bertl now let's add that to the cron script please 1126403547 M * Bertl (output to x.log) 1126403549 M * nayco Bertl: Ok, I try again 1126403580 M * Bertl nayco: unless the kernel recompile did throw an error, which might be possible,a ctually 1126403595 M * Bertl I don't see a good reason why it should fail/affect it 1126403651 M * Thorsten Nice is 10 1126403654 Q * ag-2 Ping timeout: 480 seconds 1126403664 M * Bertl Thorsten: so where does that come from? crond? 1126403675 M * Thorsten Maybe anacron sets this 1126403695 M * Bertl anyway, we have a flag to fix that too :) 1126403697 J * kas_3 dhb55@60.48.203.132 1126403709 M * Thorsten Found it 1126403734 Q * kas_3 Remote host closed the connection 1126403739 M * Bertl DECL("igneg_nice", VC_VXF_IGNEG_NICE), 1126403741 M * Thorsten Nice is 0 from cron 1126403753 J * ag-2 ag@muaddib.roxor.cx 1126403786 J * kas_3 ~dhb55@tor-irc.dnsbl.oftc.net 1126403810 Q * dddd44 Ping timeout: 480 seconds 1126403826 M * Thorsten Bertl, if I change anacron to not use nice it works 1126403831 Q * kas_3 Quit: 1126403846 M * Bertl yes, the igneg_nice should help too 1126403859 M * Bertl (i.e. either or is probably sufficient) 1126403859 M * Thorsten But I try igneg_nice anyway, just a second 1126403898 J * nayco_laptop ~nayco@lns-vlq-49-mar-82-251-44-227.adsl.proxad.net 1126403904 M * nayco Bertl: you wont believe me : I type "make install" again (Running on the mandrake kernel, but it should not be relevant), rebooted the laptop on the vs2.0 kernel and... 1126403912 M * nayco_laptop here it comes :OP 1126404174 M * Thorsten Bertl, where is that igneg_nice from? Unknown ccap 'igneg_nice' 1126404309 M * Bertl it's a cflag 1126404323 M * Bertl # flags 1126404369 M * Thorsten So ccapabilities? 1126404381 M * Thorsten ah 1126404391 M * Thorsten forget the last question ;-) 1126404394 M * Thorsten Too late :) 1126404545 M * Thorsten next line should be news 1126404546 M * Thorsten news 1126404554 M * Bertl good :) 1126404567 M * Thorsten Thx Bertl :-) 1126404576 M * Bertl you're welcome! 1126404580 M * Thorsten Do you still thing this is a bug in su? 1126404589 M * Thorsten think 1126404610 M * Bertl no, because raising the nice value could be expected, although it's not perfect either ... 1126404641 M * Bertl it would be better to ignore the EPERM for the prio call too 1126404708 M * Bertl the thing/question is, what is the purpose of anacron setting a nice value of 10 for a root process, which then can (and does in the su case) change it back to 0 1126404867 M * Thorsten Well normally it doesn't hurt to set a nice level for cron jobs 1126404890 M * Bertl yes, your su does unset it again ... that fails and su is bailing out ... 1126404925 M * Thorsten Why does it unset it anway? 1126404938 M * Bertl no idea, guess that's a feature :) 1126404951 M * Bertl after all it does mess with all the resource limits too :) 1126405027 M * Thorsten Mmm, I don't understand why one wants to have that feature 1126405076 M * Thorsten If you run something with su you normally want to drop privileges, not to increase them? 1126405086 M * Bertl Thorsten: don't look at me .. :) 1126405125 M * Thorsten So maybe I should ask the su maintainer what he thinks about it 1126405147 M * Bertl would not hurt, I guess 1126405201 M * Thorsten To run all cron-jobs with a nice level is something I can understand so personally I won't blame the anacron people 1126405213 M * Bertl agreed! 1126405276 M * Thorsten ok, I will then submit a wishlist bug against the "su" debian package and cc the vserver list so you can correct me if I get something wrong, ok? 1126405334 M * Bertl perfect! 1126405423 M * nayco_laptop Bertl: http://pastebin.com/360271 :( 1126405433 M * Thorsten But first I need some hours sleep, Bertl you were - again - very very helpful thank you very much :-) 1126405439 M * nayco_laptop I ran testme.sh, it's good 1126405475 M * Bertl nayco_laptop: you're welcome! have a good night! 1126405531 M * nayco_laptop You're going ? 1126405547 M * Thorsten I guess that was addressed at me ;) 1126405562 M * nayco_laptop k ;) 1126405783 M * nayco_laptop Bertl: While i'm thinking of it, shouldn't there be something written in /etc/vservers/quota/bcapabilities ? 1126405829 M * Bertl hmm, no, not really ... 1126405864 M * Bertl and I guess I'm off to bed now too ... 1126405901 M * Bertl Thorsten: yes, it was addressed at you, got the prefix wrong again :/ 1126405922 M * Bertl that means, I definitely need some sleep ... so 1126405930 M * nayco_laptop ok. so that is actually and only in ccapabilities that the quota line goes... Ok. I mean, I fell it strange that the modification did nothing... 1126405948 M * Bertl ... have a good one everyone .... cya tomorrow ... 1126405957 M * nayco_laptop 'Night, and thanks ! 1126405966 M * Bertl nayco_laptop: maybe you didn't modify anything at all, will check later ... 1126405972 M * nayco_laptop I got to bed too ;-) 1126405975 M * nayco_laptop ok. 1126405978 M * Bertl k, cya! 1126405984 Q * nayco_laptop Quit: Leaving 1126405988 Q * Thorsten Quit: Leaving 1126405989 N * Bertl Bertl_zZ 1126407193 Q * nayco Quit: Bonne nuit ! 1126408482 P * KeneK 1126408709 J * xf ~local@ppp246-16.lns2.adl2.internode.on.net 1126408715 A * xf waves - anybody here? 1126408959 M * xf have a bit of a problem i'm stumped on... gave somebody in a virtual server CAP_MKNOD capabilities 1126408979 M * xf they've somehow accidentally done something with udev, and it's completely broken network connectivity to any of the vservers 1126408993 M * xf i've shut down the offending vserver, rebooted the host, everything, network connectivity is still dead 1126409009 M * xf (this is for all vservers, there's about 4 guests running, he only had access to one) 1126409016 M * xf accessing the host machine is fine. any clues? i'm stumped. 1126409057 M * xf the offending vserver with the udev stuff is no longer running, that was the first thing i stopped 1126409404 J * dddd44 dhb55@60.48.205.63 1126409417 Q * dddd44 Read error: Connection reset by peer 1126409441 J * dddd44 ~dhb55@tor-irc.dnsbl.oftc.net 1126411180 Q * dddd44 Ping timeout: 480 seconds 1126411229 Q * duckx Ping timeout: 480 seconds 1126411416 J * duckx ~Duck@mna75-1-81-57-39-234.fbx.proxad.net 1126415401 J * dddd44 debian-tor@tor-irc.dnsbl.oftc.net 1126420603 J * kusznir ~kusznir@pool-68-238-143-101.sea.dsl-w.verizon.net 1126425131 Q * nebuchadnezzar Remote host closed the connection 1126425995 Q * dddd44 Ping timeout: 480 seconds 1126426532 M * eyck hmm, I think that by giving away MKNOD capabilities you defeat most of vserver security 1126426578 M * eyck xf: offendind vserver is still running? 1126426895 J * dddd44 ~dhb55@tor-irc.dnsbl.oftc.net 1126427207 J * kas_3 ~dhb55@85.89.74.5 1126427410 Q * dddd44 Ping timeout: 480 seconds 1126427638 J * dddd44 ~dhb55@tor-irc.dnsbl.oftc.net 1126427695 Q * kas_3 Ping timeout: 480 seconds 1126427870 J * kas_3 ~dhb55@tor-irc.dnsbl.oftc.net 1126428140 Q * dddd44 Ping timeout: 480 seconds 1126428164 J * dddd44 ~dhb55@tor-irc.dnsbl.oftc.net 1126428255 Q * dddd44 Remote host closed the connection 1126428358 J * dddd44 ~dhb55@tor-irc.dnsbl.oftc.net 1126428376 Q * kas_3 Ping timeout: 480 seconds 1126428741 Q * dddd44 Remote host closed the connection 1126428765 J * nebuchadnezzar ~nebu@zion.asgardr.info 1126428769 J * dddd44 ~dhb55@tor-irc.dnsbl.oftc.net 1126429147 M * Greek0 Bertl_zZ: do you remember when I asked you to document some data structures a bit more? Not quite a data structure, but the context flags in linux/vserver/context.h would for sure like some documentation too ;) 1126429264 J * kas_3 ~dhb55@tor-irc.dnsbl.oftc.net 1126429375 Q * dddd44 Ping timeout: 480 seconds 1126429476 J * dddd44 ~dhb55@66.254.98.196 1126429765 Q * kas_3 Ping timeout: 480 seconds 1126429980 Q * dddd44 Ping timeout: 480 seconds 1126430102 J * dddd44 ~dhb55@tor-irc.dnsbl.oftc.net 1126430230 J * kas_3 ~dhb55@tor-irc.dnsbl.oftc.net 1126430585 Q * dddd44 Ping timeout: 480 seconds 1126430830 Q * kas_3 Ping timeout: 480 seconds 1126430936 J * kas_3 ~dhb55@tor-irc.dnsbl.oftc.net 1126431256 J * dddd44 ~dhb55@tor-irc.dnsbl.oftc.net 1126431259 M * eyck VPE is a virtual switch that can connect multiple virtual machines together, 1126431260 M * eyck both local and remote. 1126431524 Q * dddd44 Remote host closed the connection 1126431670 Q * kas_3 Ping timeout: 480 seconds 1126431994 J * dddd44 ~dhb55@tor-irc.dnsbl.oftc.net 1126432361 Q * cereal Read error: Operation timed out 1126432513 Q * SNy Ping timeout: 480 seconds 1126432766 J * yarihm ~yarihm@80-218-5-17.dclient.hispeed.ch 1126432816 J * SNy 27c68e539b@bmx-chemnitz.de 1126432821 J * cereal koepi@217.20.124.153 1126433074 Q * lilo Remote host closed the connection 1126433550 M * nebuchadnezzar hi 1126433561 M * renihs hi 1126433579 M * nebuchadnezzar I don't understand why newvserver tel me that I need to be in host server (security context 0) 1126433647 M * renihs i dont catch your drift, however i am just a small mouse here :) 1126433658 M * renihs (user) :) 1126433721 M * nebuchadnezzar okok 1126433837 M * Greek0 nebuchadnezzar: well, because you have to be in the host context to create new vservers 1126433846 M * Greek0 that is you can't create vservers inside vservers 1126433852 M * nebuchadnezzar I'm in host context 1126433874 M * nebuchadnezzar not in a vserver 1126433911 M * nebuchadnezzar #cat /proc/self/vinfo 1126433911 M * nebuchadnezzar XID: 0 1126433911 M * nebuchadnezzar 1126433916 M * renihs maybe you forgot the set the xid /context on the vserver files? chxid -c 1126433929 M * renihs ah 1126433965 M * Greek0 nebuchadnezzar: hmm. /proc/self/status | grep VxID # thinks that too? 1126433990 M * nebuchadnezzar -> cat /proc/self/status | grep VxID 1126433990 M * nebuchadnezzar VxID: 0 1126433990 M * nebuchadnezzar 1126434027 M * Greek0 hmm. newvserver is in vserver-debiantools, it's not one of enricos utils 1126434052 M * Greek0 you could try it with vserver build ... 1126434065 M * nebuchadnezzar ok 1126434077 M * Greek0 would be nice if you could put the newvserver error message online somewhere 1126434085 M * Greek0 along with an strace maybe 1126434105 M * nebuchadnezzar a bug report ? 1126434144 M * Greek0 hmm. perhaps first just in some paste-bin. later you/we can still file a bugreport against vserver-debiantools 1126434542 M * nebuchadnezzar http://zion.asgardr.info/~nebu/newvserver.strace 1126434781 M * nebuchadnezzar does it speak to you ? 1126435490 M * nebuchadnezzar vserver-debiantools search a s_context in /proc/self/status 1126435584 Q * yarihm Quit: This computer has gone to sleep 1126435693 M * nebuchadnezzar changing s_context with VxID make it work 1126435695 M * Greek0 nebuchadnezzar: could you rerun strace with the -f option? 1126435708 M * nebuchadnezzar ok 1126435711 M * Greek0 oh well 1126435714 M * Greek0 if you already fixed it 1126435717 M * nebuchadnezzar héhé 1126435722 M * Greek0 :) 1126435734 M * Greek0 would be nice if you could file a bug against the debian package 1126435746 M * nebuchadnezzar s_context if the old fashion ? 1126435756 M * nebuchadnezzar Greek0: I'll do it 1126435844 M * Greek0 I don't know if/when s_context was ever used.. 1126435893 J * yarihm ~yarihm@80-218-5-17.dclient.hispeed.ch 1126436940 M * nebuchadnezzar Greek0: do you think that bug is grave ? 1126437255 M * Greek0 no 1126437319 M * Greek0 unless you have a compelling reason I'd always file it with normal 1126437533 M * nebuchadnezzar is it better to just add a test with VxID or to remove the s_context test ? 1126437538 M * nebuchadnezzar I'll make a patch 1126437668 M * Greek0 I'd just drop s_context 1126437691 M * nebuchadnezzar ok 1126437697 M * Greek0 I don't want to discourage you, but it's probably not the best idea to put huge amounts of work into this 1126437710 M * Greek0 vserver-debiantools looks quite outdated, useless and broken to me 1126437716 M * nebuchadnezzar ok 1126437727 M * nebuchadnezzar just a bug report so 1126437729 M * nebuchadnezzar :-) 1126437738 M * nebuchadnezzar thanks for the advice 1126437846 M * Greek0 dupvserver newnfsvserver newvserver stripserver are the 4 tools in the debiantools 1126437878 M * Greek0 newvserver was apparently broken, dupvserver is broken, and the other 2 seem to be kind'a not-used-by-anyone 1126439415 J * mef ~mef@pcp09872021pcs.ewndsr01.nj.comcast.net 1126439459 Q * mef Quit: 1126439684 J * mef ~mef@pcp09872021pcs.ewndsr01.nj.comcast.net 1126439688 M * mef hello 1126440009 M * Greek0 hi 1126440079 Q * kusznir Ping timeout: 480 seconds 1126440772 J * nayco_laptop ~nayco@lns-bzn-8-nan-82-250-240-246.adsl.proxad.net 1126440789 M * nayco_laptop 'morning, all ! 1126440885 M * Greek0 hi 1126440940 Q * Doener Ping timeout: 480 seconds 1126440975 J * Doener ~doener@p5487456B.dip.t-dialin.net 1126441084 J * kusznir ~kusznir@pool-68-238-136-180.sea.dsl-w.verizon.net 1126441253 J * lilo ~lilo@lilo.usercloak.oftc.net 1126441323 Q * renihs Quit: Leaving 1126441833 Q * litage Read error: Connection reset by peer 1126441869 Q * flock Ping timeout: 480 seconds 1126442797 J * litage ~nick@203.201.96.84 1126443029 M * nebuchadnezzar is there a way to by pass the mesg: /dev/pts/0: Operation not permitted 1126443030 M * nebuchadnezzar ? 1126443070 M * SiD3WiNDR like, don't do that operation? :) 1126443097 M * nebuchadnezzar I want to have X in a vserver 1126443109 M * nebuchadnezzar if I want to use xterm I should have pts 1126443523 M * Greek0 yep strange error, I know it 1126443529 M * Greek0 isn't harmful though 1126443555 M * Greek0 I was told it can be fixed by using "su -" instead of "su" to get root on the host. 1126443571 M * Greek0 however I've no idea why it is this way 1126443946 Q * litage Read error: Operation timed out 1126444766 J * litage ~nick@203.201.96.239 1126445187 M * nebuchadnezzar well, entering a vserver cause a /dev/pts/0 error but launching a xterm is ok 1126445325 N * Bertl_zZ Bertl 1126445329 M * Bertl morning folks! 1126445356 M * Bertl nebuchadnezzar: it's pretty simple, whatever you do on the host (before entering the guest) do not bind to a pts ... 1126445398 M * Bertl or, alternatively, get a new one once inside the guest 1126445486 M * nebuchadnezzar i'm not sure to understand 1126445505 M * nebuchadnezzar ok 1126445519 M * nebuchadnezzar the error comme from my ssh connexion to the host ? 1126445521 M * Bertl what happens is simple: 1126445536 M * Bertl - you log on to the host and get a pts (pts/0) 1126445546 M * Bertl - then you move into the guest 1126445558 M * Bertl - then something tries to access the host's pty 1126445567 M * Bertl - this is not permitted for security reasons 1126445571 M * nebuchadnezzar ok 1126445610 M * Bertl classical example is using screen inside a guest 1126445630 M * Bertl (IIRC we have that mentioned on the problematic programs page) 1126445641 M * nebuchadnezzar right 1126445660 M * Bertl if you ssh into the guest (not to the host) the problem does not exist at all 1126445856 M * nebuchadnezzar ssh on a guest is in the futur for now 1126445901 A * nebuchadnezzar is happy 1126446116 M * Bertl excellent! 1126446127 M * Bertl okay, off for now ... back later ... 1126446133 N * Bertl Bertl_oO 1126447434 J * radsouthern ~radsouthe@pcp03618238pcs.wchstr01.pa.comcast.net 1126447455 M * radsouthern hi how do i make my fonts bigger on xchat? 1126447479 M * radsouthern im so blind i can barely see 1126447494 M * radsouthern i strain my brain 1126447503 M * radsouthern and get a headache 1126447532 M * radsouthern i have 20 over 800 vision 1126447549 M * radsouthern can you please help me sunny 1126447555 M * radsouthern i feel like im 90 1126447558 M * radsouthern lol 1126447568 M * radsouthern im only 29 1126447615 M * radsouthern oh well thanks anyway 1126447620 Q * michal Ping timeout: 481 seconds 1126447647 Q * radsouthern Quit: Leaving 1126447882 J * michal ~michal@graffias.estrefa.pl 1126447895 Q * nayco_laptop Remote host closed the connection 1126448185 J * menomc ~amery@200.75.27.102 1126448294 Q * mnemoc Ping timeout: 480 seconds 1126448294 N * menomc mnemoc 1126448458 Q * ag- arion.oftc.net unununium.oftc.net 1126448458 Q * logger arion.oftc.net unununium.oftc.net 1126448458 Q * BobR_oO arion.oftc.net unununium.oftc.net 1126448458 Q * Greek0 arion.oftc.net unununium.oftc.net 1126448458 Q * no_maam arion.oftc.net unununium.oftc.net 1126448458 Q * pusling arion.oftc.net unununium.oftc.net 1126448458 Q * mugwump arion.oftc.net unununium.oftc.net 1126448458 Q * TheSeer arion.oftc.net unununium.oftc.net 1126448458 Q * derbien arion.oftc.net unununium.oftc.net 1126448458 Q * cryo arion.oftc.net unununium.oftc.net 1126448458 Q * mountie arion.oftc.net unununium.oftc.net 1126448458 Q * maharaja arion.oftc.net unununium.oftc.net 1126448458 Q * alexx arion.oftc.net unununium.oftc.net 1126448458 Q * Hollow arion.oftc.net unununium.oftc.net 1126448458 Q * obi arion.oftc.net unununium.oftc.net 1126448458 J * no_maam_ ~erik@datenzone.de 1126448463 J * Hollow ~Hollow@home.xnull.de 1126448463 J * ag- ag@caladan.roxor.cx 1126448463 J * mountie ~mountie@CPEdeaddeaddead-CM000a739acaa4.cpe.net.cable.rogers.com 1126448465 J * mugwump ~samv@watts.utsl.gen.nz 1126448471 J * cryo ~say@212.86.243.154 1126448473 J * TheSeer ~theseer@border.office.salesemotion.net 1126448479 J * maharaja ~maharaja@chello080109078221.4.15.vie.surfer.at 1126448485 J * alexx ~alexx@proxy.ikse.net 1126448492 J * obi ~obi@asus.saftware.de 1126448498 J * Greek0 ~greek0@81.189.246.175 1126448511 J * BobR_oO ~georg@212.16.62.52 1126448515 J * pusling pusling@195.215.29.124 1126448572 J * derbien ~derbien@whiterabbit.nbmc.de 1126448724 J * logger ~rs@vds.pas-mal.com 1126451990 Q * dddd44 Remote host closed the connection 1126452898 Q * revenger_ Remote host closed the connection 1126453751 J * nayco ~nayco@lns-bzn-8-nan-82-250-240-246.adsl.proxad.net 1126453771 M * nayco 'llo !!!! 1126454011 J * nayco_laptop ~nayco@lns-bzn-8-nan-82-250-240-246.adsl.proxad.net 1126455455 J * lilo_ ~lilo@lilo.usercloak.oftc.net 1126455549 Q * lilo Ping timeout: 480 seconds 1126455812 Q * mef Remote host closed the connection 1126459753 N * Bertl_oO Bertl 1126459758 M * Bertl evening folks! 1126459888 M * michal hey Herbert :) 1126460467 M * nebuchadnezzar yo 1126460638 M * nebuchadnezzar Bertl: I see in the ttyHowto your way to have a login on a tty 1126460652 M * Bertl -hmm, yes? 1126460652 M * nebuchadnezzar 3:23:respawn:/sbin/getty -l /sbin/console-vserver -n 38400 tty3 1126460679 M * nebuchadnezzar you say that it would not require any change in the vserver, exept that I need to have a /dev/tty3 1126460680 M * nebuchadnezzar :-/ 1126460717 M * Bertl let me take a look at the howto *sec* 1126460845 M * Bertl ahem, no ... 1126460871 M * Bertl nebuchadnezzar: the first example is basically from 'within' the guest 1126460880 M * nebuchadnezzar yes 1126460897 M * Bertl the last one, the one you are referring to, does not require the tty inside the guest 1126460926 M * nebuchadnezzar Bertl: I try it and it only work with a /dev/tty2 (in my case) in the context :-/ 1126460950 M * Bertl what is the failure without that? 1126461016 M * nayco 'llo Bertl ! 1126461023 M * Bertl hey nayco! 1126461104 M * nayco I'm recompiling... I had a few ideas, but the kernel ddid not want to start. So, "make clean" and .... Wait ! 1126461194 M * Bertl when did you start the recompile? 1126461196 M * nayco What I find strange is that the code we modified last night is never executed (I added printk()s): I would mean that the error occurs in an other palce !!! 1126461248 M * nayco well, I started a couple of hours ago, without distcc (Because last time I tried this morning it failed :O), so it's looonngggggg 1126461251 M * nebuchadnezzar Bertl: Sep 11 19:53:31 monolite login[3440]: unable to determine TTY name, got /dev/tty2 1126461304 M * Bertl nebuchadnezzar: hmm, seems like login requires a tty ... 1126461313 M * nebuchadnezzar yes 1126461331 M * nebuchadnezzar I think it want to change permission on it 1126461336 M * nayco Bertl: It was soooo long that I stopped and restarted with distcc, and now it is compiling net drivers. 1126461347 M * Bertl nebuchadnezzar: maybe switching to a pts before the login could do the trick? 1126461379 M * Bertl nayco: okay, because I'd suggest that I upload a modified version/patch and you compile that ... 1126461385 M * nebuchadnezzar making the vserver exec login in a screen ? 1126461411 M * Bertl nayco: of course, if your current compile is almost done, try that first 1126461428 M * Bertl nebuchadnezzar: yes, something like that, maybe there are other utilities too 1126461488 M * nebuchadnezzar well, well, I must choose between creating a tty or configuring X to allow everybody to startx 1126461526 M * Bertl maybe using something like getty or mgetty could help too? 1126461560 M * nayco Bertl: Well, I think that it wont take long now. So, I gonna try, then i'll download your patch :) Anyway, I wanted to try to put " || 1 " in the 4 conditions we modified last night to see if this was the problem... That's strange my printk()s do not work :? ! (And I enabled them in /proc) 1126461594 M * Bertl || 1 -> && 0 :) 1126461609 M * nayco Bertl: What's more, as my lasts compilations failed, I have no more running vserver kernel here 1126461649 M * nayco Bertl: ? er.... waiiit....... Yes, ok, I got it, it's a negative condition ;-) 1126461764 J * prae ~benjamin@sherpadown.net 1126461768 M * nebuchadnezzar is it ok to remove sysvinit in a context ? 1126461794 M * Bertl nebuchadnezzar: the entire script system? or init? 1126461818 M * nebuchadnezzar well, both :-) 1126461901 M * Bertl well, you probably want something to start/run inside, no? 1126461918 M * nebuchadnezzar sure 1126462039 M * Bertl well, you can use a guest without everything, just a single service ... 1126462055 M * Bertl it just depends on the service ... 1126462196 M * nebuchadnezzar I install file-rc, commenting the problematics lines (hwclock &co.), because if I update-rc.d remove an upgrade will enable them again :-/ 1126462413 A * Bertl has no idea what file-rc is ... 1126462491 M * nebuchadnezzar instead of have /etc/rc*.d you have /etc/runlevel.conf :-) 1126463128 M * eyck Bertl: should inotify work with vserver? 1126463261 M * eyck (it uses filenames, so i think that it should be made vserver-aware to work correctly) 1126463595 M * Bertl hmm, examples or any test cases? 1126463761 M * eyck hmm, something like that: ./inotify_test /tmp/tst 1126463781 M * eyck which calls ioctl on /dev/inotify, like this: ioctl(fd, INOTIFY_WATCH, {/tmp/tst, -1}) 1126463801 M * Bertl source code? url? TIA! 1126463810 M * eyck now, how would it know which /tmp/tst it's referring to? 1126463822 M * Bertl namespaces ... 1126463837 M * eyck hmm 1126463891 M * eyck if so - namespaces are brilliant! 1126463895 M * Bertl but I agree, testing that would be a good idea, maybe we a) can improve things for host and/or spectator, and b) maybe we are missing some virtualization there 1126463897 M * eyck and magical 1126465276 Q * yarihm Remote host closed the connection 1126465791 M * eyck hmm, sorry for disturbing then, as soon as I'm on 2.6 I'll try and provide tests for that. 1126465812 M * Bertl excellent, tx! 1126465980 M * nayco Bertl: Is it normal that when compiling with distcc, then without, ALL the kernel and modules are recompiled ? 1126466002 M * nayco ...even if I think the answer is yes... 1126466002 M * Bertl only if the time stamps are wrong ... 1126466012 M * nayco well.... 1126466017 M * Bertl distcc requires proper time stamping 1126466030 M * nayco Wich means ? 1126466034 M * nayco +h 1126466082 M * nayco I've got a problem : since 14:00 today I can't manage to 'make install' the kernel. 1126466124 M * nayco It stops at the very end (initrd/lilo install) saying that an xfs dependency is missing. 1126466146 M * Bertl that's what I suspected yesterday 1126466150 M * nayco ? 1126466160 M * Bertl you also got a warning earlier, but you didn't see it 1126466167 M * nayco yes ? 1126466179 M * Bertl let me fix up this and provide a new patch ... 1126466191 M * nayco is it a vserver issue ? 1126466208 M * Bertl no, it's a hack issue from the hack we did yesterday :) 1126466233 M * nayco I mean, simply changing 4 lines prevents initrd to be made :O ? 1126466254 M * Bertl actually the kernel to be compiled properly ... 1126466299 M * nayco ...So, yesterday, the kernel wasn't built, and I restarted with the same, hence the modification did not seem to work... 1126466325 M * Bertl probably .. 1126466336 M * Bertl what kernel aptch did you test, btw? 1126466378 M * Bertl 2.6.13-vs2.1.0-pre6? 1126466396 M * nayco Well, I thought that changing a few lines wouldn't prevent from building... We only added a simple condition, which I think not depends on anything (apart from existing vserver code, I guess) 1126466406 M * nayco wait... 1126466433 M * nayco 2.6.12.6-vs2.0 ;çp !!! 1126466452 M * Bertl okay, we switch to 2.6.13-vs2.1.0-* k? 1126466454 M * nayco in fact, it is 2.6.12.4, I think 1126466466 M * nayco but I cahnged the version number 1126466474 M * Bertl so please get the 2.6.13 kernel/patch in the meantime 1126466480 M * nayco my famous "meta patch" :p 1126466487 M * nayco Ok, I do: 1126466507 M * Bertl regarding distcc, active ntpd on all clients and the host 1126466523 M * nayco Ok, I get it. 1126466533 M * nayco for the timestamps 1126466567 M * nayco Meanwhile, could you try to explain to me why this simple changes impact kernel build so much ? 1126466611 M * nayco_laptop Bertl: Looking for deps of module xfs 1126466611 M * nayco_laptop exportfs 1126466611 M * nayco_laptop Looking for deps of module exportfs 1126466611 M * nayco_laptop No module exportfs found for kernel 2.6.12.6-vs2.0, aborting. 1126466611 M * nayco_laptop mkinitrd failed: 1126466626 M * nayco_laptop Ok, I'm doanloading 1126467191 M * nayco_laptop ohh, where is the devel kernel patch ? 1126467420 M * nayco_laptop I found it ;) 1126467488 M * Bertl wait, I'll upload a newer one shortly ... 1126467565 M * nayco_laptop too late ;) 1126467594 M * nayco_laptop er, which kernel version must I use ? 2.6.13 or 2.6.13.1 ? 1126467648 M * Bertl 2.6.13.1 is already out? well, then we go for that of course! 1126467710 M * nayco_laptop k 1126467718 M * nayco_laptop 10 september 1126468337 M * nayco_laptop mmmm.... My two machines were already time sync'ed with ntp.... There is another problem. Could this be the gcc versions (3.3.6 and 3.3.4, I had no choice ... :-|) 1126468360 M * Bertl could be ... you should not use different gccs ... 1126468582 M * nayco_laptop I know, but :-| ... Anyway, I already done it at work, (3.3.x and 3.4.x) and it worked. Well, that's bad, but... 1126468609 M * nayco_laptop Ok, downloads are done, kernel untar'ed, i'm ready, and eating some beef ;-) 1126468659 M * Bertl okay, test compiling ehre, should be done in 3-4 minutes 1126468698 M * nayco k 1126468750 M * Bertl http://vserver.13thfloor.at/Experimental/patch-2.6.13-vs2.1.0-pre7.diff 1126468766 M * Bertl (this is the 2.6.13 version, applies cleanly except for the Makefile) 1126469090 M * nayco ok, I'm patching 1126469115 M * nayco no rejects ! 1126469126 M * nayco (I modified the EXTRAVERSION) 1126469135 M * nayco so, usual process, now ? 1126469239 Q * prae Quit: Pwet 1126469261 M * Bertl nayco: compiled fine here ... 1126469295 M * nayco ok, i'm making oldconfig... 1126469392 M * nayco do I need virtual root device support ? BLK_DEV_VROOT 1126469410 M * Bertl yes, please build it, but it should be in your old config too, no? 1126469465 M * nayco doesn't seem ! I think it's because it's tagged as NEW kernel option... Maybe it was experimental :? ? 1126469605 M * nayco Vserver debugging code ? 1126469640 M * Bertl can't hurt .. but you#re sure you are using an old vserver config? 1126469717 M * nayco no, i'm on the mdk kernel, because today I wasn't able to build an vserver kernel... And the old was erased. 1126469729 M * nayco I'm starting from the beginning 1126470128 Q * nayco_laptop Quit: Leaving 1126470164 M * nayco ok, it's compiling... should take, er... 1:30 :( 1126470193 M * Bertl hmm, sounds like you#re compiling in all kind of unused stuff 1126470211 M * Bertl wouldn't it be _much_ better jsut to compile the hardware/modules you need? 1126470234 M * Bertl I mean, my compile took about 12 minutes on a slow machine 1126470272 M * nayco yes, but I had very bad experiences when trying to remove what I did not (think I) used... I do not know the kernel and PC hardware enough to remove drivers. 1126470303 M * Bertl should be fairly easy .. you have a kernel with modules running there now, right? 1126470327 M * nayco Moreover, Mandrake always provide all-featured-enabled_many-patches kernels, so... 1126470334 M * nayco yes ! 1126470339 M * nayco Ok, I get it.... 1126470344 M * Bertl so make 'lsmod' to see what is loaded 1126470349 M * nayco yes... 1126470354 M * Bertl also have a look at lspci 1126470367 M * Bertl (to see what chipset/drivers might be important to you) 1126470379 M * nayco but for the drivers that are compiled inside the kernel ? 1126470388 M * Bertl then select the filesystems you need to boot and the drivers for booting as kernel builtin 1126470405 M * nayco mmmm... yes.... 1126470408 M * Bertl (this way you can avoid the initrd issues= 1126470441 M * nayco so I would have everything in the kernel and no modules ? 1126470452 M * Bertl everything for the boot ... 1126470466 M * Bertl put things you do not need to boto into modules (for the start) 1126470492 M * nayco Well, I used to dislike this because when changing hardware... But I do not change hardware that often ;-) 1126470646 M * nayco Well, Your advice is good, but I had such bad experiences before that I have given up these methods for the "cp /boot/config .config && make oldconfig" method. Anyway, i'm gonna try what you say, because when I'm used to do it, I'll spare many time... 1126471553 J * mef ~mef@pcp09874303pcs.ewndsr01.nj.comcast.net 1126471615 M * mef hello 1126471615 M * mef hmph 1126471693 M * Bertl hey mef! 1126471724 M * mef Do folks run systems where the vserver reference is based on different distributions? 1126471724 M * mef currently on PlanetLab all of our vservers are based off of a Fedora Core 2 reference, but we'd like to give folks the option to use FC3, FC4, or just about anything else. 1126471725 M * mef hey bertl 1126471729 M * mef bertl: I'll be in your neck of the woods on October 27th & 28th. 1126471764 M * Bertl neck of the woods? 1126471778 M * Bertl yes, mayn folks (e.g. lycos) use different 'templates' 1126471909 M * mef bertl: well, still about 1000KM away in Lausanne, Switzerland. 1126471909 M * mef bertl: neck of the woods is just an expression. ;) 1126471913 M * mef bertl: is it just a matter of building a different 'template' and then basing a vserver off of such a template? 1126471955 M * Bertl yes, there are even some templates available ... 1126472480 Q * nox Quit: Lost terminal 1126473786 J * fluor ~fluor@tanneries.squat.net 1126473805 M * mef So it is just a matter of building a vserver-reference based upon some distribution, using that as the template to build regular vservers, right?! 1126473840 Q * fluor Quit: 1126473869 J * fluor ~fluor@tanneries.squat.net 1126473915 M * mef ok 1126473968 M * mef bertl: I'll look into this further. 1126473998 M * Bertl mef: yes, bascially you can use a ormal installation 1126474003 M * Bertl *normal 1126474025 M * Bertl just remove hardware specific stuff and kernel drivers/module/etc 1126474452 Q * mef Read error: Operation timed out 1126475028 M * maharaja Bertl: fyi - right now the server is up and running - no probles during the last 2 days 1126475040 M * maharaja lets wait and see - its unpredictable when the server locks up 1126475056 M * maharaja from several hours to 1/2 months, every uptime is possible 1126475415 M * nayco Bertl: I've had an idea, for timestamps : My laptop's filesystems are mounted with noatime (I heard it is used to save battery by preventing disk accesses) => could this lead to recompile everything each time ? 1126475456 M * Bertl maharaja: k, maybe something with the power supply or climate control? 1126475467 M * Bertl nayco: yes, very likely :) 1126475534 M * nayco ohhh dear :( ! 1126475645 M * nayco Bertl: What are the new features of vs-2.1.0 ? I made a diff, but it's not that clear to me ;) ! 1126475769 M * Bertl a lot of experimental stuff, quota hashes, cow link breaking, BME patches 1126475818 M * Bertl and of course, the xfs quota changes ... 1126476159 M * nayco ;) 1126476167 M * nayco What are quota hashes ? 1126476176 J * wam ~wigwam@p549CD3A9.dip.t-dialin.net 1126476186 M * Bertl something which is required for per context quotas (first stage) 1126476193 M * Bertl welcome wam! 1126476198 M * wam hi! 1126476263 M * wam Hi! I'm trying to get disk-limit working. I have found a nice short summary about: http://linux-vserver.org/Disk+Limits. But this seems not to work with my current tools (debian sarge / apt-get utils-vserver). Are my tools too old? Or is this deprecated? 1126476297 M * Bertl do you know where to fin the testme.sh? 1126476302 M * wam yes 1126476316 M * Bertl could you upload the output somewhere (e.g. pastebin.com)? 1126476335 M * wam the problem is: I have no "vdlimit"-program ;) 1126476461 M * wam so is the "vdlimit"-way as described in the link above the current way to do it for the 2.0-version? Because if it is, I will investigate further. 1126476465 M * daniel_hozac 0.30.205+ has vdlimit, so you have some pretty old tools. 1126476493 M * wam I have 0.30.208-1 1126476496 M * Bertl wam: the testme.sh output would help gere 1126476506 M * maharaja Bertl: we exchanged the complete system 1126476506 M * wam oops - sorry 1126476524 M * wam only on my sid-machine :( Ok - I can fix this. thank you ;) 1126476539 M * maharaja Bertl: there might be a slight possibility that the system crashed because of the 4k stacks at first, and now there is a broken hardware - but that would be a strange coincident... 1126476549 M * maharaja Bertl: nevertheless, ill reconsider it! 1126476554 M * maharaja off to bed now 1126476652 M * Bertl maharaja: k, good night! 1126477159 M * wam what the... when calling "configure" in util-vserver-0.3.208 source, it says: "checking for C++ compiler default output file name... configure: error: C++ compiler cannot create executables". I compiled a kernel on that machine. Any ideas? 1126477219 M * daniel_hozac C++, not C ;) 1126477258 M * Doener wam: apt-get install g++ ;) 1126477259 M * Bertl wam: yes, you need a recent c++ compiler 1126477274 M * Doener should work in sarge and above, not in woody 1126477298 M * wam ok. installing g++ helped with that one ;) 1126477669 M * nayco this is looonnnggg and boring. When using distcc, the bottleneck is.... My laptop. Anyway, I remounted all my partitions without "noatime", I closed all services, apps, my wm (E17), and I have more memory to work with. 1126477683 M * nayco Oh, the modules are finally compiled. 1126477731 M * wam this is not perfect (to compile util-vserver myself). I'd have to write lots of scripts for init.d, if I use util-vserver from source. The debian-package would be better. Is there a good backport of a current version of the utils to sarge? 1126477745 M * nayco I had errors when compiling, and this causes modules_install to fail... I gonna make clean the faulty modules , and recompile them one by one, hope it works. 1126477755 M * daniel_hozac wam: what init.d scripts would that be? 1126477768 M * wam initproc..., starting servers, ... 1126477778 M * daniel_hozac wam: and couldn't you just copy those from the debian package? 1126477793 M * daniel_hozac wam: vprocunhide as well as vservers-default are part of util-vserver. 1126477796 M * wam daniel_hozac: I could. But the backport would be more comfortable... 1126477828 M * wam daniel_hozac: Well - I'll have to - if there is no backport package ;) 1126478065 A * wam is doing "make install" and hoping that "make uninstall" is working :-) 1126478292 M * Bertl it is ... just make also sure to do make distro-install (or whatever it is called) 1126478484 M * wam ok thanks. I'll work on it tomorrow. good night! 1126478495 P * wam 1126478779 J * Aiken ~james@tooax8-245.dialup.optusnet.com.au 1126478791 M * Bertl morning Aiken! 1126478802 M * Aiken hi 1126479226 M * nayco Bertl: What are MTD in the kernel ? Do you think I one some ? I had to desactivate them to compile the kernel... 1126479238 M * nayco ...i own... ? 1126479253 M * Bertl unlikely, it's memory devices like flash ram and such 1126479272 J * angel4u x@81.181.82.216 1126479287 M * Bertl welcome angel4u! 1126479291 M * angel4u hi sir 1126479292 M * nayco ok, that's great, because it's getting loooooooong. It's been a long time since I had such kernel building problems. 1126479294 M * angel4u prv 1 second 1126479297 M * nayco 'llo ! 1126479318 M * angel4u hi all -> sry for that but i`m verry mad 1126479598 M * Bertl angel4u: hopefully not mad at us? 1126479761 A * Aiken finally boots vs2.1.0-pre6 only to find there is a pre7 :( 1126479878 M * Bertl hmm, sorry, my fault ... 1126479900 T * Bertl http://linux-vserver.org/ | latest stable 2.0, 2.0.1-pre2, 1.2.10, 1.2.11-rc1, devel 2.1.0-pre7 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) 1126480480 M * angel4u no Bertl u are a nice man also :) 1126480801 M * angel4u one girl here ? 1126480801 M * angel4u :D 1126480936 M * Bertl angel4u: might be .. but unlikely ... 1126481761 M * nayco Bertl: compilation finally made, laptop rebooting... 1126481807 M * nayco I took a look at your xfs quota patch, it's the same thing we done yesterday. So, where was the problem ? 1126481859 M * nayco alleluhia ! Ok, performing tests... 1126481866 M * Bertl hmm, don't really know .. but you're right ... didn't have any issues 1126481989 M * Aiken pre7 seems to be working ok, can not make it oops which is a good thing 1126482030 M * fluor I read that "files that don't change frequently, such as libraries or binaries can be shared so that disk space and memory can be shared in a secure way." <- is this automatic, or does that need to be set up? 1126482191 M * Bertl it needs to be set up (called unification) 1126482223 M * Bertl the development patches contain a COW link breaking which was extensively tested by Aiken, who might have more details 1126482256 M * Bertl fluor: basically allows to link _all_ files, regardless if they change or not) 1126482292 M * angel4u Bertl thanks for infos 1126482294 M * Aiken I have been creating new guests manually from an image called master 1126482295 M * angel4u have a nice day 1126482297 M * Aiken cp -Rl master hoppy 1126482297 M * Aiken find hoppy -type f -exec setattr --iunlink {} ';' 1126482313 M * Bertl angel4u: u2! ca! 1126482317 M * angel4u bye all 1126482319 Q * angel4u Quit: 1126482343 M * Aiken fluor the cow link breaking looks very promising, for a 260 meg master image each guest is only taking 3 meg to setup 1126482413 M * fluor Bertl: thx 1126482426 M * fluor Aiken: how do you deal with updating a specific vserver, then? 1126482428 M * nayco One day i'll have o look to unification... But it seemed hard to achieve, so I left it. 1126482502 M * Aiken if you change a link file the kernel breaks the link and makes a copy, the copy is updated 1126482506 M * Bertl nayco, fluor: basically you can do unification (or hashification :) at any time over any files (when they are identical) 1126482529 M * Bertl it's basically just invoking vunify or vhashify with the proper arguments 1126482543 M * nayco Anyway, my vserver is up, i begin the tests. First, I noticed that klogd doesn't complain when starting, but it still doesn't start ;-) 1126482572 M * nayco I mean, when I type "klogd" on the command line, it simply does nothing. 1126482640 M * Bertl what is it supposed to do? IYO? 1126482871 M * nayco well, I understand that is is not useful at all in a vserver, if even possible, but I used to always have error messages when starting the syslog services... And this time, no. Ok, now, the hard part: 1126482916 M * nayco I've done yesterday's tests, and I think it's worst... What would you like me to paste ? 1126482996 M * Bertl what happens? 1126483016 M * Bertl best upload the strace of the quota command 1126483090 M * nayco K. I put too the results of "mount" and my mtabs inside and outside the vserver