1127088325 M * Aiken_ Bertl are you bored enough to see is a std 2.6.14-rc1 will even boot on your alpha? 1127088333 N * Aiken_ Aiken 1127088361 M * Bertl not bored, but if it would help you, I can try ... 1127088385 M * Aiken it won't boot on mine :( 1127088423 M * Aiken I had this really dumb idea of trying xfs in the latest kernel to see if the problem had been fixed 1127089334 Q * quasi2k_ Quit: Trillian (http://www.ceruleanstudios.com 1127089563 M * Bertl Aiken: okay, will try, but first I need some sleep ... 1127089573 M * Bertl night folks! 1127089579 N * Bertl Bertl_zZ 1127089687 M * Aiken ok 1127089746 M * gndmstr can anyone tell me what this log entry means? 1127089749 M * gndmstr Sep 18 20:27:51 ns1 cron[19848]: (*system*) BAD LINK COUNT (/etc/crontab) 1127089834 Q * dddd44 Ping timeout: 480 seconds 1127091181 Q * [MUPPETS]Gonzo Remote host closed the connection 1127092771 J * [MUPPETS]Gonzo gonzo@langweiligneutral.deswahnsinns.de 1127093036 N * [MUPPETS]Gonzo Telefongonzo 1127093207 Q * xf Quit: Lost terminal 1127093244 Q * RomanK Ping timeout: 480 seconds 1127093269 M * gndmstr i saw it once when i first started reading about vservers and now cant find it.. how do i keep my template from starting automatically when using /etc/init.d/vservers start? i want it to be able to run manually if ever needed, but otherwise no 1127093626 M * Aiken (root@pebbles) cat /etc/vservers/hoppy/apps/init/mark 1127093626 M * Aiken default 1127093642 M * Aiken where hoppy is the name of the vserver, have a look at the 'mark' file 1127093677 M * gndmstr i only have a style file in there 1127093684 Q * Telefongonzo Remote host closed the connection 1127093898 M * gndmstr so... then i would leave a mark file out of my template and place one with 'default' inside it in my guests i want autostarted? 1127093945 M * gndmstr im running the 2.1.0 version 1127093971 J * Telefongonzo gonzo@langweiligneutral.deswahnsinns.de 1127094187 M * Aiken out of my normal 2 guests, only one (hoppy) has the mark file 1127094197 M * Aiken the mark file has the word default in it 1127094204 M * Aiken it is the only guest that auto starts 1127094231 M * gndmstr ahh ok great thanks 1127094242 N * Telefongonzo [MUPPETS]Gonzo 1127094250 M * gndmstr so without one, my template will never autostart once my guest has a mark file in it 1127094331 M * Aiken your template has no mark file? I would have expected nothing to happen with it at boot time 1127094349 M * gndmstr i havent used the init script yet 1127094364 M * Aiken how are you starting them? 1127094381 M * gndmstr but on my test bed i have used the init script and it started everything. checking the test bed for mark files now 1127094394 M * gndmstr in testing im just doing vserver guestname start 1127094480 M * gndmstr no mark files 1127094498 M * gndmstr and /etc/init.d/vservers start starts everything including the template 1127094500 M * Aiken that will start a guest, mark file or no mark file 1127094537 M * gndmstr hmm so then how do i automate startups and shutdowns if not with the init script 1127094551 M * Aiken I am using /etc/rc.d/init.d/vservers-default 1127094566 M * gndmstr ill have to see if i have that 1127094588 M * Aiken I am using 0.30.208 tools and there is vservers-default and vservers-legacy 1127094623 M * gndmstr sys-cluster/util-vserver-0.30.208-r2 1127094670 M * gndmstr vservers-default doesnt seem to exist on my system 1127095584 M * gndmstr ok.. odd.. with this init script if i place a mark file into the template, then it does not start while all the others do 1127096070 M * gndmstr ok... that was my test bed. on the production server i have to have a mark file in every guest and the template.. then the guests are default and the template i put nostart in the mark file and it started everything but the template 1127096869 M * Aiken I don't have a mark file for my template 1127096879 M * Aiken my template does not have a configuration 1127096903 M * Aiken the template is just a directory called master with a system image in it 1127098413 J * Aiken_ ~james@tooax8-110.dialup.optusnet.com.au 1127098724 Q * Aiken Ping timeout: 480 seconds 1127100127 Q * gndmstr Remote host closed the connection 1127100208 Q * maharaja Ping timeout: 480 seconds 1127100893 J * eyck_ eyck@81.219.64.71 1127100895 Q * eyck Read error: Connection reset by peer 1127101477 J * dddd44 ~dhb55@tor-irc.dnsbl.oftc.net 1127102039 J * kas_3 ~dhb55@tor-irc.dnsbl.oftc.net 1127102495 Q * dddd44 Ping timeout: 480 seconds 1127102537 J * dddd44 ~dhb55@tor-irc.dnsbl.oftc.net 1127102869 Q * kas_3 Ping timeout: 480 seconds 1127106957 J * Aiken__ ~james@tooax6-128.dialup.optusnet.com.au 1127107280 Q * Aiken_ Ping timeout: 480 seconds 1127108619 Q * dddd44 Ping timeout: 480 seconds 1127109576 J * dddd44 ~dhb55@tor-irc.dnsbl.oftc.net 1127114263 J * Johnsie ~john@acs-24-154-53-42.zoominternet.net 1127114719 Q * Johnsie Quit: G'bye! 1127114723 J * Johnsie ~john@acs-24-154-53-42.zoominternet.net 1127115060 N * Bertl_zZ Bertl 1127115065 M * Bertl morning folks! 1127115535 M * AndrewLee Bertl: hi 1127115561 M * AndrewLee Bertl: I tried testme.sh & testfs.sh on sarge, I got errors. 1127115568 M * Bertl hey AndrewLee! 1127115587 M * Bertl AndrewLee: could you upload the output? 1127115595 M * Bertl (e.g. pastebin.com) 1127115602 M * AndrewLee Bertl: okay. 1127115606 M * AndrewLee Bertl: hold on 1127116395 M * AndrewLee Bertl: Here you go: http://pastebin.com/367840 1127116441 M * AndrewLee Bertl: This test in on sarge kernel-source-2.4.27+kernel-patch-vserver 1127116579 M * Bertl hmm ... but the testme.sh succeeded, right? 1127116628 M * Bertl AndrewLee: looks like a minor issue with the test script, it is mainly used/tested on 2.6(vs2.0) kernels 1127116628 M * AndrewLee Bertl: yap 1127116673 M * Bertl AndrewLee: ah, how did you invoke the testfs.sh? 1127116736 M * AndrewLee Bertl: What do you mean? The outputs are from testfs.sh. 1127116751 M * AndrewLee testfs.sh -E 1gb.test -D /dev/loop4 -M /mnt 1127116757 M * Bertl ah, okay, sec 1127116761 M * AndrewLee Bertl: Is this correct? 1127116814 M * Bertl looks good, but, could you add '-o' and '-x' for a try? 1127116826 M * AndrewLee ok 1127116856 M * Bertl ahem, forget the -E option 1127116866 M * AndrewLee Bertl: Still get several failed 1127116879 M * AndrewLee Bertl: let me try again without -E option 1127116879 M * Bertl could you upload it again, plz? 1127116908 M * AndrewLee Bertl: Sure. 1127116974 M * AndrewLee http://pastebin.com/367844 1127116977 M * Bertl tx 1127117042 M * Bertl hmm ... did you setup the loop4? 1127117047 M * AndrewLee And this without -E option: http://pastebin.com/367846 1127117052 M * AndrewLee Bertl: yap 1127117072 M * AndrewLee Bertl: I have several loop devices already. 1127117078 M * AndrewLee Bertl: So I use loop4 1127117120 M * Bertl yes, what I mean is, did you do something like losetup /dev/loop4 /path/to/1gb.test 1127117155 M * AndrewLee Bertl: yes 1127117158 M * AndrewLee Bertl: I did. 1127117174 M * Bertl okay ... good, let me check what the error actually means :) 1127117228 M * AndrewLee Bertl: Hopefully the debian package maintainer can upload a new version of vserver into sarge. 1127117231 M * Bertl ah, xid tagging option 'probably' wrong ... sec 1127117639 Q * dddd44 Ping timeout: 480 seconds 1127117658 M * Bertl AndrewLee: could you replace the word 'tagxid' inside the script by 'tagctx' and retry? 1127117718 Q * neofutur Ping timeout: 480 seconds 1127117719 M * AndrewLee Sure, but still getting failed 1127117725 M * AndrewLee let me post it again 1127117792 M * AndrewLee Bertl: http://pastebin.com/367850 1127117826 M * Bertl hmm, this is the debian kernel? 1127117857 M * AndrewLee Bertl: Yap, I built from kernel-source-2.4.27-10 with kernel-patch-vserver 1127117865 M * AndrewLee Bertl: These two package from sarge. 1127117875 M * Bertl ah, okay, so no quota patches, right? 1127117901 M * AndrewLee Bertl: I guess no, let me check. hold on. 1127117902 M * Bertl also you are using the testfs.sh 0.08 (although that version claims to be 0.07, which is my fault :) 1127117934 M * Bertl give me few minutes to fix that up (including some improvements) 1127117934 J * dddd44 ~dhb55@tor-irc.dnsbl.oftc.net 1127117944 M * AndrewLee Bertl: no quota patch. 1127118031 M * AndrewLee Bertl: There are two patches for 2.4.27 in kernel-patch-vserver, one is called vserver and another one called vserver-quota 1127118061 M * AndrewLee Bertl: I applied the vserver one: kernel-patches/diffs/vserver/patch-2.4.27-9-vs1.2.10-2.diff.gz 1127118082 M * Bertl okay, that is fine, but explains the failing xid checks 1127118092 M * Bertl 11-99 1127118099 J * prae ~prae@gut75-1-81-57-27-189.fbx.proxad.net 1127118136 M * AndrewLee Bertl: Err, I don't know how to explain.. 1127118542 J * kas_3 ~dhb55@tor-irc.dnsbl.oftc.net 1127118560 M * Bertl AndrewLee: okay, plz get the latest version (0.09) and try the following: 1127118617 M * Bertl ./testfs.sh-0.09 -l -t -x -D /dev/loop4 -M /mnt 1127118728 M * AndrewLee http://pastebin.com/367858 1127118735 M * AndrewLee still failed. 1127118776 M * AndrewLee Bertl: Does this means the vserver patch in sarge has problem? 1127118814 M * Bertl oops, could you try without the -x ? 1127118821 M * AndrewLee Bertl: sure 1127118835 M * Bertl (forgot about the missing quota patch) 1127118875 M * AndrewLee http://pastebin.com/367859 1127118904 Q * dddd44 Ping timeout: 480 seconds 1127118965 M * Bertl hmm .. looks like the sarge patch has some issues ... let me double check this with a 2.4 kernel here ... 1127118988 M * Bertl (will take a little, as I have to compile it without the quota patches) 1127119033 M * Bertl AndrewLee: if you like, you can test-build a kernel with quota (so we can check that too) 1127119052 M * Bertl (but keep the current one at hand) 1127119102 M * AndrewLee Bertl: Ok, let me built a kernel with quota patches. 1127119213 Q * prae Ping timeout: 480 seconds 1127119219 J * neofutur ~neofutur@neofutur.net 1127119225 M * Bertl welcome neofutur! 1127119370 J * prae ~prae@gut75-1-81-57-27-189.fbx.proxad.net 1127119486 M * AndrewLee Bertl: Which I should choose for Persistent Context ID for files? 1127119504 M * Bertl one of the tagging methods, e.g. 24/24 1127119507 M * AndrewLee (Disabled, UID32/GID16, UID24/GID24, UID32/GID32) [Disabled] (NEW) 1127119531 M * AndrewLee Ok, I shuold I enable debug option? 1127119544 M * Bertl not necessary, but you may if you like 1127119576 M * AndrewLee Bertl: Ok, I am building new kernel without debug option. 1127119965 Q * kas_3 Ping timeout: 480 seconds 1127121350 J * dddd44 ~dhb55@tor-irc.dnsbl.oftc.net 1127121444 J * prae_ ~prae@ezoffice.mandriva.com 1127121608 Q * prae Ping timeout: 480 seconds 1127122173 M * Bertl AndrewLee: the 'issue' seems twofold ... first, your tools seem to be too old (updating to 0.30.208 should fix all issues except 124), second it seems (unverified yet) that debian is missing a fix there ... 1127122589 Q * Johnsie Remote host closed the connection 1127122803 J * Johnsie ~john@acs-24-154-53-42.zoominternet.net 1127122953 M * AndrewLee Bertl: Does this 'issue' worth a bug report to Debian? 1127122996 M * AndrewLee Bertl: Sarge is released, the maintainer can only make update for RC bug. 1127123284 M * Bertl well, let me check 'how' critical that is :) 1127123341 M * AndrewLee Bertl: Thanks. :-) 1127123512 Q * duckx Remote host closed the connection 1127123663 M * Bertl AndrewLee: hmm, not really conclusive, could you do some specific guest/barrier tests for me? 1127123686 M * AndrewLee Bertl: sure, what should I do the tests for you? 1127123707 M * Bertl do you have a guest setup yet? 1127123712 M * AndrewLee Bertl: Yes 1127123722 M * AndrewLee Bertl: Should I build another guest for test only? 1127123737 M * Bertl would not hurt but isn't strictly required 1127123753 M * AndrewLee Bertl: ok 1127123768 M * AndrewLee Bertl: I am ready. 1127123833 M * Bertl http://vserver.13thfloor.at/Stuff/rootesc.c 1127123844 M * Bertl okay, please compile and copy that into your guest 1127123857 M * Bertl then make sure to ssh into your guest (not enter) 1127123878 M * AndrewLee Bertl: Oh? What's the difference? 1127123881 M * Bertl record the following before you start it: 1127123904 M * Bertl ls -lda /path/to/guest/.. 1127123915 M * Bertl showattr -lda /path/to/guest/.. 1127123951 M * Bertl *sorry* just showattr -d /path/to/guest/.. 1127123994 M * Bertl and 'lsattr -d /path/to/guest/.. 1127124021 M * Bertl the difference is, with enter you still have a conenction to the host, with ssh you are connected via network to a pure guest process 1127124120 Q * dddd44 Ping timeout: 480 seconds 1127124149 Q * yungyuc Remote host closed the connection 1127124167 J * yungyuc ~yungyuc@220-135-53-220.HINET-IP.hinet.net 1127124175 M * AndrewLee Bertl: ./rootesc 1127124176 M * AndrewLee Exploit seems to work. =) 1127124288 M * Bertl did it write that once? 1127124308 M * AndrewLee Bertl: yes 1127124328 M * Bertl that is bad ... okay, let's see if we can 'fix' that ... 1127124343 M * Bertl please stop the guest, and do the following: 1127125303 Q * Aiken__ Ping timeout: 480 seconds 1127126385 M * Bertl chmod a-rwx /var/lib/vservers 1127126399 M * Bertl setattr --barrier /var/lib/vservers 1127126423 M * Bertl then let's update to util-vserver 0.30.208 (-1 maybe) 1127126449 M * Bertl (jsut to make sure, repeat the commands afterwards) then try again (with the exploit) 1127126641 M * AndrewLee Bertl: I am filing the bug now, I will test util-vserver 0.30.208 later. 1127126650 M * Bertl okay ... 1127126661 M * AndrewLee Bertl: What name should put for the bug that the maintain won't ignore it again? :p 1127126710 M * Bertl hmm, maybe 'barrier not working, but chroot escape does'? 1127126773 M * AndrewLee Bertl: Thanks 1127126812 M * Bertl you can refer to the testfs.sh for the barrier, and the rootesc.c for the exploit 1127126832 M * AndrewLee Bertl: Do you want to get the bug report by email? 1127126851 M * Bertl but you should definitely test with 0.30.208, because it might also be a kernel issue 1127126866 M * Bertl AndrewLee: feel free to (B)CC me anytime ... 1127126916 M * AndrewLee Bertl: hum, okay, let me pending this report and then upgrade to 0.30.208 1127127083 A * AndrewLee is building backports on sarge. 1127127908 M * AndrewLee Bertl: I upgraded to 0.30.208 1127127938 M * AndrewLee Bertl: but I got these errors 1127127938 M * AndrewLee # chmod a-rwx /var/lib/vservers/people/.. 1127127938 M * AndrewLee chmod: changing permissions of `/var/lib/vservers/people/..': Operation not permitted 1127127949 M * AndrewLee # setattr --barrier /var/lib/vservers/people/.. 1127127949 M * AndrewLee /var/lib/vservers/people/..: Operation not permitted 1127127961 M * AndrewLee Bertl: Should I reboot the machine to fix this problem? 1127127984 M * Bertl did you already leave the guest? 1127128035 M * AndrewLee Bertl: still some guests are running 1127128051 M * AndrewLee Bertl: Let me stop all of them and try again. 1127128097 M * Bertl okay, just to make sure, reboot the system 1127128105 J * andrew_ ~andrew@linux3.cc.ntu.edu.tw 1127128120 M * Bertl welcome andrew_! 1127128130 M * andrew_ Ok, I will reboot the machine. 1127128139 Q * AndrewLee Quit: leaving 1127128144 N * andrew_ AndrewLee 1127128153 M * Bertl ah, tricky :) 1127128606 M * AndrewLee seems the machine can not get on anymore.... XD 1127128649 M * Bertl hmm, you mean you rebooted it, and you can not reach it anymore? 1127128691 M * AndrewLee Bertl: Yes, unfortunately.... 1127128780 M * Bertl hmm, interesting ... what exactly did you change? 1127128868 M * AndrewLee Bertl: That machine has been up for 9x days. I don't know how many changes I did. :p 1127128914 M * Bertl well, okay ... any remote hands available? 1127128937 M * AndrewLee Bertl: I think that machine will be back tomorrow morning. 1127128949 M * Bertl k, np 1127128966 M * AndrewLee oops, the machine is back 1127128980 M * AndrewLee I got icmp-reply 1127128982 M * Bertl ah, just did take a little longer ... 1127128992 M * AndrewLee yeah...:) 1127129008 M * Bertl maybe an unexpected fs check or so 1127129220 M * AndrewLee Bertl: The expolit is still working 1127129318 M * AndrewLee Bertl: it's so funny now I use the expolited root to fix permissions problem oh host. 1127129377 M * AndrewLee Bertl: So that means it's not only the util-vserver problem. 1127129763 M * AndrewLee Bertl: I reboot again for vserver-quota enabled kernel. 1127129949 M * Bertl hmm, make sure that the barrier is set correctly before you try the exploit 1127129967 M * Bertl (it's not easy to fix up on 2.4 after the exploit was run) 1127130006 M * Bertl I'll try to do a reference setup here ... 1127130009 M * AndrewLee Bertl: What do you mean fix up after... 1127130734 M * Bertl okay, here is what I did in my tests ... 1127130753 M * Bertl (vserver root dir is /vservers) 1127130762 M * Bertl setattr --barrier /vservers/XXXX/.. 1127130780 M * Bertl ls -lad /vservers/XXXX/.. 1127130780 M * Bertl d--------- 11 root root 1024 Jul 7 16:48 /vservers/XXXX/.. 1127130788 M * Bertl showattr -d /vservers/XXXX/.. 1127130788 M * Bertl ---BU-- /vservers/XXXX/.. 1127130799 M * Bertl lsattr -d /vservers/XXXX/.. 1127130799 M * Bertl -----------t- /vservers/XXXX/.. 1127130813 M * Bertl (on 2.4 it is important that you verify the following) 1127130853 M * Bertl the directory permissions _are_ 000, the barrier 'B' and iunlink 'U' is reported, the 't' flag shows up 1127130875 M * Bertl ('U' and 't' are connected on 2.4) 1127130890 M * Bertl starting the root exploit inside a guest now gives: 1127130904 M * Bertl cd ..: Permission denied 1127130908 M * Bertl chmod: Operation not permitted 1127130913 M * Bertl (alternating a few times) 1127130924 M * Bertl then the false: 1127130926 M * Bertl Exploit seems to work. =) 1127130943 M * Bertl because it actually failed, but nobody bothered to fix up the exploit :) 1127130995 M * Bertl in any case, it is important to verify the flags _before_ you try the exploit, and to start the exploit via ssh (not via enter) 1127131251 M * AndrewLee Yes, I confirmed I the directory permissions are 000, the Barrier 'B' and iunlink 'U' is reported, the 't' flag shows up. 1127131291 M * AndrewLee And the I ssh into a guest, starting the root exploit inide a guest now gives: Exploit seems to work. =) 1127131320 M * Bertl and you're outside? 1127131330 M * AndrewLee I tested on sarge kernel-source-2.4.27+kernel-patch=vserver 1127131344 M * AndrewLee Bertl: Yes, I can see all the vserver's conf file on host. 1127131358 M * Bertl which filesystem for /var/lib/vservers ? 1127131361 M * AndrewLee And be able to touch files 1127131367 M * AndrewLee ext3 1127131379 M * Bertl okay, then the kernel is buggy too :/ 1127131396 M * AndrewLee Bertl: What's wrong with util-vserver? 1127131414 M * Bertl just verified with 2.4.31-vs1.2.11-rc1 that this works, woll now go back to check older kernels 1127131420 M * AndrewLee Bertl: Seems 0.30.208-1 is same 1127131447 M * Bertl try the testfs.sh again, most of the tests should succeed now 1127131454 M * AndrewLee Bertl: Should I file a but to against the kernel-patch-vserver first? 1127131461 M * AndrewLee Bertl: Ok. 1127131584 J * Rushmoom ~me@80-219-252-33.dclient.hispeed.ch 1127131593 M * Bertl welcome Rushmoom! 1127131594 Q * Rushmoom Quit: 1127131638 M * AndrewLee Bertl: It still reports failed, http://pastebin.com/367954 1127131665 J * Rushmoom ~me@80-219-252-33.dclient.hispeed.ch 1127131697 M * Rushmoom Good morning everyone :) 1127131703 M * Bertl AndrewLee: yes, but 109 and 121 was fixed, no? 1127131737 M * AndrewLee Bertl: yes 1127131766 M * Bertl 2.4.30-vs1.2.10 works fine with the barrier too 1127131859 M * Bertl AndrewLee: do you know which vs* version the debian patches resemble? 1127131903 M * Bertl I assume vs1.28 or vs1.29 1127131931 M * AndrewLee ../kernel-patches/diffs/vserver/patch-2.4.27-9-vs1.2.10-2.diff.gz 1127131960 M * Bertl hmm, okay, so we checked the 1.2.10 already ... mainstream is fine, debian is broken :/ 1127131997 M * AndrewLee Bertl: Should I rebuild the kernel again to confirm it's broken? 1127132043 M * Bertl AndrewLee: okay, let's replace the kernel by one of those http://www.13thfloor.at/vserver/s_release/v1.2.10/ 1127132067 M * Bertl (so 2.4.29 or 2.4.30) 1127132138 M * AndrewLee Bertl: It's fine, I have time to confirm my running kernel+debian patch. 1127132163 M * AndrewLee Bertl: I will confirm the debian's again and replace the kernel with one of yours. 1127132188 M * AndrewLee Bertl: So that I will have confidence to report the bug to Debian. :p 1127132197 M * Bertl okay, good idea! 1127132290 M * AndrewLee Bertl: I reinstalling the kernel-source-2.4.27 and kernel-patch-vserver from sarge again. 1127132947 N * lilo_ lilo 1127133362 Q * AndrewLee Quit: leaving 1127133520 J * a_ ~a_@trt-gw.myrien.com 1127133551 J * AndrewLee ~andrew@linux3.cc.ntu.edu.tw 1127133617 M * a_ howdy. I am using util-vserver_0.30.208-1_i386.deb under debian. Is it possible to build fc4 or fc3 guest machines under debian? 1127133734 M * a_ vserver-build is saying "mount: mount point /etc/rpm does not exist" 1127134112 M * Bertl welcome a_! 1127134156 M * Bertl a_: yes, if you a) manage to get rpm/apt-rpm/yum working or b) just copy an existing fc3/fc4 template 1127134269 M * BWare Hmmm Gentoo kernel headers broken again ? 1127134297 M * Bertl BWare: are they? 1127134320 M * BWare Dunno... I do know that building util-vserver-* breaks 1127134325 M * BWare In file included from /usr/include/sys/syscall.h:23, 1127134325 M * BWare from /usr/include/syscall.h:1, 1127134325 M * BWare from lib/vserver-internal.h:26, 1127134326 M * BWare from lib/checkversion.c:24: 1127134328 M * BWare /usr/include/bits/syscalls.h:57: error: syntax error before string constant 1127134328 M * BWare /usr/include/bits/syscalls.h:57: error: ISO C forbids data definition with no type or storage class 1127134356 M * BWare I must admit that I am tried to build againt uclibc 1127134360 M * Bertl looks more like a gcc issue 1127134379 M * Bertl well, probably the c99 gcc is too strict for the headers 1127134408 M * BWare gcc (GCC) 3.3.6 (Gentoo 3.3.6, ssp-3.3.6-1.0, pie-8.7.8) 1127134411 M * Bertl BWare: have you applied the fix02? 1127134418 M * BWare It's a pretty new one ;) 1127134423 M * BWare fix02 ? 1127134424 M * Bertl (just curious) 1127134441 M * Bertl to util-vserver ... 1127134469 M * BWare >>> Unpacking util-vserver-0.30.208-gentoo-r2.tar.bz2 to /var/tmp/portage/util-vserver-0.30.208-r2/work 1127134469 M * BWare * Applying 0.30.208-fix-fastboot.patch ... [ ok ] 1127134469 M * BWare * Applying 0.30.208-fix-skeleton-build.patch ... [ ok ] 1127134470 M * BWare * Applying 0.30.208-fix02.patch ... 1127134491 M * BWare Same compile issue with this gcc/uclibc 1127134785 M * Bertl okay, what is at line 57 of /usr/include/bits/syscalls.h ? 1127134799 M * BWare ehrm.. line 57 of syscals.h is asm 1127134812 M * BWare dunno what this has to do with ISO C ;) 1127134970 M * Bertl plz. show me ... 1127134974 M * BWare from this codeblock: #ifndef __ASSEMBLER__ 1127134975 M * BWare define some macros here which later will be used. */ 1127134976 M * BWare asm (".L__X'%ebx = 1\n\t" 1127135007 M * Bertl could you upload the entire file somewhere? 1127135012 M * BWare Line 57 is the end of the asm: ".endm\n\t"); 1127135015 M * BWare Sure 1127135117 Q * Hunger Read error: Connection reset by peer 1127135131 M * BWare http://pastebin.com/367984 1127135137 M * AndrewLee Bertl: Yes, I confirmed that kernel-patch-vserver in sarge has security hole. 1127135144 M * BWare Line 57 is highlighted I hope 1127135181 M * AndrewLee Bertl: How about the util-vserver? What was wrong with testfs.sh's 109 and 121 failed report 1127135194 M * AndrewLee Bertl: I am going to file the bug 1127135209 M * BWare Bertl... Be right back 1127135326 M * AndrewLee BWare: No problme. :-) 1127135339 J * Hunger Hunger.hu@Hunger.hu 1127135532 Q * a_ Quit: . 1127135574 J * dddd44 ~dhb55@tor-irc.dnsbl.oftc.net 1127135747 M * Bertl AndrewLee: (reg. bug) okay, thnaks! 1127135842 M * Bertl AndrewLee: (reg. 109 and 121): 109 verifies that the barrier was removed correctly, while 121 checks that it was set correctly 1127135872 M * BWare back again 1127135923 M * Bertl BWare: why does it use those headers anyway? 1127135948 M * Bertl the alternative syscall implementation should take care of that, unless it fails to compile ... 1127135952 M * BWare Well, I guess because they got included ;) 1127135971 M * Bertl could you show me the output of the 'configure' run? (or at least the last overview) 1127136014 M * BWare Rerunning emerge 1127136041 M * BWare scrollback not big enough as usual 1127136152 M * BWare http://pastebin.com/367996 1127136277 M * AndrewLee Bertl: Ok, I file the bug to against kernel-patch-vserver first. 1127136425 M * Bertl BWare: strange ... why does it fall back to traditional syscall? 1127136460 M * Bertl # 1127136461 M * Bertl checking whether to use alternative _syscallX macros... yes 1127136464 M * Bertl (124) 1127136482 M * BWare Strange indeed 1127136492 M * Bertl # 1127136493 M * Bertl checking which syscall(2) invocation works... traditional 1127136495 M * Bertl 231 1127136510 M * Bertl please try to force it to alternative 1127136516 Q * Loki|muh Quit: Lost terminal 1127136546 J * Loki|muh loki@satanix.de 1127136559 M * BWare If I run ./configure --syscall=traditional && make it breaks as well (a bit later though), but it still breaks 1127136666 M * Bertl try --with-syscall=fast 1127136796 M * BWare http://pastebin.com/368003 -- traditional 1127136884 M * BWare http://pastebin.com/368004 --fast 1127136887 M * BWare both break 1127136953 M * BWare btw, this is the unpatched util-vserver-0.30.208 1127137038 M * BWare gcc -v output: http://pastebin.com/368006 1127137062 J * a_ ~a_@trt-gw.myrien.com 1127137102 J * _nokoya young@hi-230-82.tm.net.org.my 1127137222 M * a_ hi again. Is there some manual on vserver and network access? Previous times I have always succeeded with SNAT'ing traffic from virtual machine IP to ext. interface, but now I don't remember what I did to achieve that ;( 1127137275 Q * nokoya Ping timeout: 480 seconds 1127137560 M * BWare Does util-vserver explicitly depends on kernel sources or can it work with kernel-headers only ? 1127137622 M * AndrewLee Bertl: I filed bugs to kernel-patch-vserver and util-vserver 1127137634 M * AndrewLee Bertl: You may get a copy as well. 1127138029 M * a_ actually. never mind. I found my notes ;-) 1127138243 M * Rushmoom Hollow: ping 1127138252 M * Hollow pong 1127138255 M * Rushmoom Ah :) 1127138288 M * Rushmoom The advice you gave me yesterday, with bind mounting /usr/portage/[distfiles]... I didn't seem to get it completely 1127138314 M * Rushmoom I added the lines to the /etc/fstab on the host, mounted the two directories, and fired up the guest 1127138343 M * Rushmoom But still e.g. the /usr/portage/distfiles seems to be completely different on host and guest. Did I understand something wrong? 1127138355 M * Rushmoom The mount has to be done *only* on the host, right? 1127138368 M * Hollow you dont have to mount anything manually 1127138391 M * Hollow except you have /usr/portage on a seperate partition on the host then you should mount it of curse ;) 1127138425 M * Rushmoom Hollow: Of course, but I didn't want to restart the host (production server), so I added it to fstab, and did 'mount ' afterwards 1127138444 M * Rushmoom Or isn't even that necessary? 1127138454 M * Hollow so you have /usr/portage on a sepearte partition? 1127138471 M * Rushmoom nope, on / 1127138503 M * Hollow then you don't have to mount anything on the host except / 1127138510 M * Rushmoom But how / when is the /etc/fstab being read then? 1127138528 M * Hollow sorry, can't follow 1127138536 M * Hollow can you paste your fstab? 1127138541 M * Rushmoom Of course... 1127138607 M * Rushmoom http://nopaste.php-q.net/160894 (last two lines) 1127138631 M * Hollow ehm.. you should put it in the fstab for the guest 1127138643 M * Rushmoom Hollow: Oh, that's what I wasn't sure about :) 1127138656 M * Hollow /etc/vservers/name/fstab 1127138673 M * Rushmoom Hollow: I just thought, the fstab on the guest isn't read at all (because they're all empty until now) 1127138687 M * Hollow right 1127138702 M * Hollow that's why you put it in /etc/vservers/name/fstab instead of /vservers/name/etc/fstab 1127138724 M * Rushmoom Hollow: And I don't understand how the guest can access FSs on the host. Isn't that a security risk? 1127138728 M * Bertl BWare: no, kernel sources are not required 1127138758 M * Hollow Rushmoom: things are mounted outside the context but inside the namespace of the context 1127138839 M * Rushmoom Hollow: Ah, so programs executed on these FSs would acutally run in the security context of the guest? 1127138860 M * BWare Bertl: Well, they are installed already, but no difference ;) 1127138885 M * Hollow Rushmoom: define "these filesystems" please 1127138888 M * Bertl BWare: but it really seems header related, though no idea what could confuse gcc :) 1127138915 M * BWare Bertl: Gentoo :) 1127138953 M * Rushmoom Hollow: In this case, because /usr/portage lies on / on the host, the filesystem which is beeing accessed would be / ( = /dev/hda3 ) of the host 1127138974 M * Hollow Rushmoom: but you bind-mount /usr/portage and not / 1127138994 M * Rushmoom Hollow: But I just as well could bind-mount /etc/ ... 1127139005 M * Hollow if it makes sense for you sure 1127139014 M * Rushmoom Hollow: And access /etc/shadow for example.. From the guest... 1127139033 M * Hollow yup, but why would you mount the hosts /etc/ inside the vserver? 1127139067 M * Rushmoom Hollow: Not me, but someone that has control over the vserver, and want's to compromise the host... 1127139094 M * Hollow you can't mount inside a context (at least not without a flag) 1127139150 M * Rushmoom Hollow: Hmm, I think I still have to do some serious reading on security contexts... ;) 1127139167 M * Hollow well, it's not that hard... 1127139204 M * Hollow you create a new namespace, mount things in there, create a context, set your new namespace to the contexts one, and afterwards you won't need to mount anything in the vserver 1127139312 M * Rushmoom But the read access to the things mounted in the new context is still possible from the context of the vserver, isn't it? 1127139333 M * Hollow yep, else it won't make any sense ;) 1127139349 M * Hollow you can even write to it, depending on the mount options 1127139363 M * Rushmoom Sure, but that's exactly what worries me :) Because then it would be possible to access the hosts /etc/shadow e.g. 1127139366 M * Hollow (that's why you mount /usr/portage read-only) 1127139379 M * Hollow no, you mount /usr/portage ONLY, not /etc 1127139380 M * Rushmoom Yep, I noticed that, and ../distfiles RW... 1127139407 M * Rushmoom Oh, wait, NOW i got it! 1127139412 M * Bertl BWare: ah, where did I have my eyes, now I see it clearly! 1127139414 M * BWare Bertl: The CHOST was wrong - should be CHOST="i686-gentoo-linux-uclibc" instead of CHOST=i686-pc-linux-gnu 1127139442 M * Bertl the asm statement is complete humbug there ... 1127139443 M * Rushmoom The fstab lies in /etc/vservers//fstab, and is NOT accessible from inside the vserver... 1127139450 M * Hollow yep 1127139471 M * Hollow Rushmoom: better refer to context and namespace instead of vserver 1127139473 M * Rushmoom So it's the host that decides what is allowed to be mounted, not the vserver. -> Confusion lifted ;-) Thanks 1127139484 M * Hollow you're welcome 1127139494 M * Bertl BWare: there is no point in writing inline asm code inside a header file. there is some define missing! 1127139496 M * BWare Bertl: oke.. but someone probably put it there on purpose ;) 1127139510 M * Rushmoom Hollow: I try to avoid that because I still don't know exactly yet what these terms mean -> Some reading to do ;-) 1127139511 A * BWare did not touch it 1127139535 M * Hollow Rushmoom: namespaces refer to filesystems, every process can have a unique view of the filesystems 1127139552 M * Hollow you can do this without vserver as well 1127139559 M * Hollow it's a standard linux feature 1127139576 M * Rushmoom Hollow: So every process has it's own namespace? Or could have one, at least? 1127139585 M * Bertl yep 1127139602 M * BWare Bertl: Preceding the asm there is 1127139603 M * BWare #ifndef __ASSEMBLER__ 1127139605 M * BWare /* We need some help from the assembler to generate optimal code. We 1127139606 M * BWare define some macros here which later will be used. */ 1127139607 M * Hollow by default the processes share the namespace of their parent, but you can create new namespaces 1127139680 M * Rushmoom Thanks for the explanations, but I don't want to waste your time when I already found http://linux-vserver.org/Namespaces ;-) 1127139686 M * Hollow :) 1127139778 M * Bertl BWare: so? 1127139793 M * Bertl #if not define __ASSEMBLER__ is true, no? 1127139868 M * BWare Looks like it, otherwise the compiler wouldn't barf on the asm I guess (no programmer here ;) ) 1127139891 M * Bertl and asm (); is a statement to produce inline asm ... 1127139898 M * BWare Yep 1127139902 M * Bertl but, and that's the point, where does it go? 1127139923 M * Bertl probably you'd get the same error if you do 1127139927 M * Bertl exit (0); 1127139950 M * Bertl isntead of the asm ... 1127139970 M * BWare Oke... changing 1127140031 M * Bertl (or at least a similar one :) 1127140049 M * BWare Yep 1127140062 M * Bertl so I assume the headers are missing some: 1127140071 M * BWare Well... The code below calls the movl macro defined in the asm 1127140074 M * Bertl #define what_an_useful_inline asm 1127140095 M * Bertl right before the actual asm statement 1127140123 M * Bertl but with the fixed target arch, the file isn't used/included at all, right? 1127140216 M * BWare ehrm ... could you run that by me again ;) 1127140228 M * Bertl you said, you had the target arch wrong 1127140243 M * Bertl i686-pc-linux-gnu/gentoo 1127140268 M * BWare The same file is included 1127140280 M * BWare and the same error is produced 1127140281 M * Rushmoom Hollow: Sharing /usr/portage now works, but how do I achieve to get binary packages compiled and used on the guests? 1127140287 M * Rushmoom Hollow: The documentation on http://home.xnull.de/work/gentoo/vserver/tools/ is quite short, and some file headers actually seem to be mixed up :) (vemerge e.g.)Hollow: Sharing /usr/portage now works, but how do I achieve to get binary packages compiled and used on the guests? 1127140308 M * Bertl BWare: hmm, so it does fall back to traditinal too? 1127140310 M * BWare Rushmoom: emerge -B to_build / emerge -K to use 1127140322 M * BWare Bertl: yep 1127140330 M * Bertl maybe i686 vs i386? 1127140334 M * Rushmoom BWare: Thanks! 1127140338 M * BWare forcing does not help either :( 1127140350 M * BWare Let me check if i386 helps 1127140409 M * Bertl well, I can upload a config.log on x86, so you can compare with yours ... 1127140786 M * BWare i386 does not help unfortunately 1127140958 M * Bertl okay, feels like NAP-Attack ... back later 1127140967 N * Bertl Bertl_zZ 1127141930 Q * a_ Quit: Leaving 1127141931 N * _nokoya nokoya 1127142306 J * kevinp ~kevinp@ny.webpipe.net 1127143327 M * Rushmoom Sorry, me again: Would it be a bad idead to bind-mount /usr/portage RW, in order to also allow the guests building binary packages? 1127143529 M * Rushmoom Or maybe just mount /usr/portage/packages RW? This still would allow guests to mess with the host's packages directory, but in my case it would be so much more efficient, because most packages actually are built on the hosts... 1127143541 M * Rushmoom s/on the hosts/on the guests 1127145509 J * maharaja maharaja@ip52.ipax.at 1127147396 Q * Rushmoom Quit: 1127147672 Q * maharaja Ping timeout: 480 seconds 1127148016 M * AndrewLee Does it possible to convert the old configuration file to new style? 1127148304 M * kevinp yep 1127148387 M * kevinp AndrewLee: http://linux-vserver.org/Legacy-To-Newstyle-Config 1127148427 M * kevinp this is one example at least 1127148753 N * nokoya _nokoya 1127148785 M * AndrewLee kevinp: thank bro. :-) 1127148913 M * kevinp np 1127151930 J * cg ~cg@cpe.atm2-0-1011085.0x50c67b02.kd4nxx11.customer.tele.dk 1127151934 M * cg Hello 1127151962 M * cg I've got troule starting apache on a gentoo guest-sytem. 1127151965 Q * dddd44 Quit: Leaving 1127152019 M * cg I get: ERROR: "etc/inet.d/net" has syntax errors in it; not executing... 1127152050 M * cg ERROR: Problem starting needed services 1127152377 Q * cg Quit: 1127152828 J * gndmstr ~gndmstr@ip1.pathworx.sbbsnet.net 1127152903 M * gndmstr having a problem that i am sure is my ignorance. i am in a guest that is cloned by link copy with cow enabled and am installing nagios. in the configure it appears to stop at the following message 1127152911 M * gndmstr checking for ICMP ping syntax... 1127152921 M * gndmstr however it does not lock. i can ctrl-c out of it 1127153043 M * gndmstr i see the problem 1127153047 M * gndmstr 5082 pts/2 S+ 0:00 /bin/ping 127.0.0.1 -n 1 1127153497 Q * gndmstr Read error: Connection reset by peer 1127153895 N * Bertl_zZ Bertl 1127153914 M * Bertl evening folks! 1127153934 J * gndmstr ~gndmstr@ip1.pathworx.sbbsnet.net 1127154004 M * gndmstr problem.. i am trying to install a package in a guest and its configure insists on checking ping syntax on 127.0.0.1 which effectively stops it from continuing and it just sits there until I manually kill its processes... is there any way to overcome this? 1127154067 M * AndrewLee Bertl: hi 1127154070 M * Bertl gndmstr: evening! 1127154079 M * gndmstr evening! 1127154087 M * Bertl gndmstr: well, ping -n 1 127.0.0.1 doesn't work here either ... 1127154117 M * gndmstr now can i even temporarily fix this 1127154120 M * Bertl gndmstr: you are using 2.6 kernel, right? did you try the ccap for icmp? 1127154120 M * AndrewLee Bertl: I temporary solved the security proble on my machine by using linux-2.6.12+vs2.0 patch from sid 1127154141 M * Bertl AndrewLee: lol, that is a simple fix :) 1127154152 M * AndrewLee Bertl: It's quite late here, I will give you more tests tomorrow. 1127154182 M * AndrewLee Bertl: Good night then. :-) 1127154192 M * Bertl AndrewLee: good night and thanks for your time! 1127154215 M * gndmstr ccap? umm no 1127154224 M * gndmstr ill put that into bcapabilities then? 1127154246 M * Bertl gndmstr: no, it's a ccapability :) 1127154263 M * gndmstr ok im ignorant of those.. will get the chart and see where it goes :) 1127154391 M * kevinp Hi Bertl! 1127154411 M * Bertl gndmstr: raw_icmp in ccapabilities 1127154414 M * Bertl hey kevinp! 1127154563 M * gndmstr ahh ok 1127154630 M * gndmstr thanks will try that soon as this thing stops 1127154790 M * kevinp bertl: it's been a long time 1127154804 M * Bertl indeen LTNS ... 1127154835 M * kevinp I had my new vserver host kernel panic this morning when I was changing some iptables rules 1127154859 M * kevinp not sure if that's what caused it or not, is there a way to find out? 1127154885 M * Bertl do you have an oops backtrace and maybe a process/task dump? 1127154900 M * kevinp it's running 2.0-rc9 btw 1127154932 M * kevinp I know I enabled debugging when I compiled the kernel, where would i find the dump? 1127154947 M * Bertl kevinp: why an outdated release candidate? 1127155110 M * kevinp well, I looked at the change log and there were no changes from rc9 to 2.0 so I didn't bother to recompile for a different number 1127155162 M * gndmstr i still cant ping 127.0.0.1 from the guest. i placed ccapabilities with content raw_icmp on a single line in /etc/vservers/guestname 1127155201 M * Bertl check _if_ you can ping from inside 1127155210 M * Bertl (some other ip, outside) 1127155222 M * gndmstr im inside the guest.. and yes i can ping every normal routable 1127155224 M * gndmstr ip 1127155225 M * Bertl kevinp: k, sounds reasonable ... 1127155234 M * Bertl kevinp: well, you found it on your console ... 1127155238 M * gndmstr but this script insists on pinging 127.0.0.1 1127155259 M * Bertl gndmstr: sure, maybe it insists on pinging 'localhost'? 1127155289 M * Bertl check what /etc/hosts contains regarding this ... 1127155291 M * kevinp bertl: ahh, so that isn't saved anywhere else too? 1127155292 M * gndmstr the process list shows its pinging 127.0.0.1 and in my hosts file localhost is 127.0.0.2 1127155307 M * Bertl kevinp: unless you have some kind of remote console active, no 1127155309 M * gndmstr i can ping 'localhost' fine 1127155334 M * Bertl gndmstr: well, broken script then ... fix it ... 1127155344 M * gndmstr wonder if i can change that before it starts in some way.. its an automated ebuild 1127155352 M * kevinp bertl: So we have to go off my memory then, and that doesn't look good 1127155354 M * gndmstr may have to build the package manually 1127155375 M * Bertl kevinp: well, I would need the precise stack dumps and register values :) 1127155440 M * Bertl unless you have an idetic memory, it won't buy us much ... I guess 1127155447 M * kevinp bertl: well, now I know, I'll write it down next time. The only thing I remember was about some interrupt 1127155474 M * Bertl you _should_ attach a serial console, so you can monitor/record the data 1127155500 M * kevinp I'll have to look into that 1127155627 M * kevinp not sure why I thought that a paniced kernel would still be able to write to a file... 1127156203 M * kevinp bertl: I thought I remembered reading something in the ML about a crash with iptables - thought it might be a known issue? 1127156494 Q * prae_ Quit: Execute Order 69 ! 1127156527 M * Bertl kevinp: hmm .. details? 1127156894 M * kevinp bertl: I must have been thing of this one: http://list.linux-vserver.org/archive/vserver/msg10635.html 1127156957 M * kevinp be back in an hour or so... 1127156964 N * kevinp kevinp|gone 1127156997 M * Bertl k 1127157128 J * menomc ~amery@200.75.27.98 1127157204 M * Bertl welcome menomc! 1127157237 Q * mnemoc Ping timeout: 480 seconds 1127157237 N * menomc mnemoc 1127157647 J * Blissex ~Blissex@82-69-39-138.dsl.in-addr.zen.co.uk 1127158371 J * nayco ~nayco@lns-bzn-10-nan-82-251-49-43.adsl.proxad.net 1127158397 M * nayco 'llo !!! 1127158995 M * Bertl hey nayco! 1127159462 J * vip-vs ~vip-vs@cc521104-d.ensch1.ov.home.nl 1127159475 M * vip-vs hi folks! 1127159595 J * prae ~benjamin@sherpadown.net 1127159773 M * Bertl hey vip-vs! 1127159840 N * eyck_ Eyck 1127159875 M * Bertl wow big Eyck! 1127159959 M * vip-vs hey Bertl! 1127160001 M * vip-vs Bertl: is it possible to use dhclient inside a vserver-guest? Couldn't find any info on that one.. (guess not) 1127160039 M * Bertl well, it is possible, but it doesn't make any sense 1127160069 M * vip-vs and why is that? 1127160085 M * Bertl a) dhcp leases are assigned based on MAC, no? 1127160096 M * vip-vs right 1127160096 M * Bertl b) you can not set the ip inside a guest (for now) 1127160117 M * vip-vs but it is possible? 1127160123 M * vip-vs :) 1127160150 M * Bertl yes, you would need a few caps I guess 1127160161 M * Bertl (to allow broadcast and such) 1127160165 M * vip-vs wouldn't it be 'handy' if I got many servers with many vserver-guest to use dhcp for the guests? 1127160174 M * Bertl and you would get the same IP as the host :)) 1127160190 M * Bertl vip-vs: not really, as all would get the same ip too 1127160199 M * vip-vs yep ... that's the only problem I could think of ..uniqueness of the MAC 1127160280 M * vip-vs Then what is your filosofy for maintaining many servers with many virtual-guests? 1127160344 M * Bertl you can use a multitude of different protocols for remote identification and configuration 1127160368 M * Bertl e.g. get the guest configs from a remote server via rsync or nfs 1127160378 M * Bertl or use ldap to query/set the data 1127160391 M * vip-vs hmmzz never thought of that :) 1127160451 M * vip-vs but it would be complicated since you change the guests config when it's running... 1127160518 M * vip-vs Can big difference in the config of a guest break it down on shutdown? 1127160659 M * Bertl hmm, why would you change it while running? 1127160700 M * Bertl I mean, you could, but it's not necessary to do so 1127160745 J * any ~any@82.205.209.43 1127160753 M * Bertl welcome any! 1127160875 M * any hi 1127160973 Q * virtuoso Quit: leaving 1127160999 J * virtuoso ~s0t0na@shisha.spb.ru 1127161015 M * Bertl wb virtuoso! 1127161161 M * Bertl any: thing we can do for you? 1127161747 J * Aiken ~james@tooax6-076.dialup.optusnet.com.au 1127161841 M * Bertl morning Aiken! 1127161953 M * Aiken hi 1127161982 M * Bertl which reminds me of the alpha kernel I want to test :) 1127162016 M * Aiken after reading up on how to submitt an oops and crashing mine all day yesterday I am fed up with it 1127162038 M * Aiken would be interesting to know if yours will boot a std 2.6.14-rc1 or not 1127162055 M * Bertl yeah, I'm going to try now ... 1127162598 N * kevinp|gone kevinp 1127162624 M * Bertl wb kevinp! 1127162785 M * gndmstr hehe my friend who is technology director for creative-channel.tv in GB is finally convinced. took a bit of talking but he is installing his first 'test' vserver at home at this moment.. he wants to convert the entire company over to them if they prove as he believes they will 1127162858 M * Bertl good! another soon-to-be-happy user ... 1127162917 M * gndmstr yep 1127162969 M * gndmstr and he has lots of pull in britain too.. knows lots of people in large companies.. hehe he said that if this was 2 yrs ago at this time he could have saved himself about 6 racks of computers in a cluster he designed for someone 1127163025 M * Bertl hmm, well, we release 1.0 @ 1st of November 2003 :) 1127163031 M * Bertl *released 1127163060 M * gndmstr back then he did not believe any virtual technology was up to par with what he needed 1127163081 M * Bertl yeah, but it's interesting, isn't it? 1127163113 M * Bertl a lot of nifty and advanced stuff needs a long time to get popular ... 1127163321 M * gndmstr sure is 1127163346 M * gndmstr wish i knew about it a year ago when i rebuilt this workstation.. would have saved me an entire machine just for remote desktops 1127164096 Q * Blissex Remote host closed the connection 1127164463 M * vip-vs bye bye all! 1127164469 M * Bertl cya! 1127164478 Q * vip-vs Remote host closed the connection 1127165479 M * gndmstr brb walking dog 1127166285 M * gndmstr back 1127166336 M * Bertl and, enjoyed the walk? 1127166377 M * gndmstr of course... i love outside and walking him gives me some exercise 1127166395 M * gndmstr the advantage of 10 months of summer i guess 1127166403 M * Bertl so I assume you both enjoyed it :) 1127166418 M * gndmstr but then we have to put up with tropical storms 1127166440 M * gndmstr he loves it.. gets his workout too... when i tell him 'go for it' he begins pulling me around hard as he can to get his workout 1127166486 M * Aiken gndmstr both my dogs love a good walk or run as well 1127166497 M * Aiken they will be getting a 1 hour walk shortly 1127166501 M * gndmstr then along the line he does his stuff and then we find a quiet place to rest a few min then exercise coming back 1127166531 M * gndmstr i dont have that luxury usually of an hour but i make up for it in 6-10 walks a day averaging 10 min each 1127166596 M * gndmstr usually in daylight i let him run loose in the field and he runs around it in a large circle full bore 1127166605 M * gndmstr by the time we get back in he does nothing but sleep 1127166636 M * Aiken that the walk I want to do today, mine will treat that as a warm up for when we get home 1127166651 M * gndmstr hehe 1127166655 M * gndmstr cool 1127166715 M * Aiken 2 border collies whos parents were working dogs 1127166797 M * gndmstr cool.. i had a border collie for about 14 yrs.. he was probably the smartest dog i ever had 1127166877 M * gndmstr mine is a red-nose pit/charpei on his fathers side and golden retriever on his mother's.. he has his father's body and his mothers disposition 1127166893 M * Aiken I have had them for 24 years, they are a great dog 1127166965 M * nayco ok, util-vserver bugs posted to savannah ;-) ! 1127166977 M * nayco Hello, those I did not see ! 1127166982 M * gndmstr yeah.. i swear mine understood a decent english vocabulary too 1127167101 M * daniel_hozac nayco: chkconfig --add vservers-default && chkconfig vservers-default on 1127167178 M * Aiken gndmstr I am waiting for the day that mine know what the letters W A L K mean 1127167212 M * gndmstr LOL 1127167222 M * gndmstr it all means r u n to mos 1127167224 M * gndmstr most 1127167238 M * gndmstr run and play and exhaust the 'keeper' 1127167257 M * daniel_hozac nayco: and the util-vserver specfile creates %_localstatedir/run/vservers.rev, so that's a problem with Bertl's packages, i guess. 1127167286 M * Bertl ah, let's hear ... 1127167295 M * daniel_hozac https://savannah.nongnu.org/bugs/?func=detailitem&item_id=14592 1127167318 M * Bertl do I need to add some more configure options? 1127167355 A * Bertl is checking now ... 1127167432 M * daniel_hozac i guess it's the --localstatedir=%_var that's the problem. 1127167497 M * nayco daniel_hozac: You're fast ;) 1127167526 M * daniel_hozac maybe %define _localstatedir %_var? 1127167565 M * nayco daniel_hozac: for chkconfig, I'm not a specialist, so this may be my fault.... But using "chkconfig --add vservers-default" fails because the lack of "345" in the header of the init script. 1127167574 M * daniel_hozac "fails"? 1127167599 M * daniel_hozac chkconfig --add for a service with no default runlevel should just add the K??... links. 1127167599 M * nayco daniel_hozac: for %_localstatedir/run/vservers.rev : Yes, maybe, we should ask to Berl. 1127167623 M * nayco So, it wont start a t boot ? 1127167627 M * daniel_hozac right. 1127167633 M * daniel_hozac you need to enable it with chkconfig ... on. 1127167770 M * nayco Ok, so, as I'm used to all the init scripts (At list on Mandriva) having the "345" (Well something like this), I never use " chkconfig ... on" !!! Well, a long time ago I used " chkconfig --level 345 .... on", but since I learned that wasn't useful... And the vserver-legacy init script _has_ this "345" stuff ! 1127167783 M * nayco *at leat 1127167788 M * nayco *at least 1127167801 M * Bertl daniel_hozac: %define localstatedir %_var/run 1127167812 M * Bertl this seems to be the cause, no? 1127167852 M * nayco So, spec file problem ? 1127167891 M * Bertl daniel_hozac: but why do we have --localstatedir=%_var at all? 1127167904 M * Bertl shouldn't that be --localstatedir=%localstatedir ? 1127167971 M * daniel_hozac well, localstatedir is typically just %_var. 1127167993 M * daniel_hozac i guess the configure sets the paths to localstatedir/run. 1127168062 M * daniel_hozac and the %post script is wrong, as it uses %_localstatedir/run. 1127168093 M * daniel_hozac (thus the /var/lib/run path) 1127168104 M * Bertl okay, the post is better fo with: 1127168109 M * Bertl f="%confdefaultdir/vdirbase"; test -L "$f" -o -e "$f" || ln -s /vservers "$f" 1127168112 M * Bertl f="%confdefaultdir/run.rev"; test -L "$f" -o -e "$f" || ln -s %localstatedir/vservers.rev "$f" 1127168115 M * Bertl I agree on that ... 1127168133 M * daniel_hozac probably the post script fix would be enough. 1127168188 M * Bertl k, let's try that ... 1127168258 Q * prae Quit: Pwet 1127168768 N * Aiken Aiken-walk 1127168933 M * Bertl http://vserver.13thfloor.at/Stuff/MANDRAKE/ (the -3mdk if anybody is eager to try) 1127169148 M * nayco Mmmmm... Need an util-vserver guru : I'm looking for a place to store urpmi databases for each vserver (So each vserver can have its own version of the distro, its own sources), I think it is dumb to store them (~70 Mb) in "/etc/vserver/....." Would "/vserver/.pkg/....." be the right place ? 1127169166 M * nayco Bertl: Ok, I gonna try it. 1127169175 Q * yarihm Quit: Leaving 1127169198 M * daniel_hozac nayco: note that it won't change unless you completely uninstall the previous packages and remove the old symlinks. 1127169243 M * Bertl popd 1127169247 M * Bertl *oops* 1127169279 M * nayco Huh ??? My /vservers directory is unreadable ??? 1127169307 M * Bertl how so? 1127169311 M * nayco daniel_hozac: Yes ! 1127169346 M * nayco Bertl: ll /vservers/ 1127169346 M * nayco ls: reading directory /vservers/: Input/output error 1127169346 M * nayco total 0 1127169365 M * Bertl maybe a symlink? 1127169386 M * nayco # lsof | grep vservers 1127169397 M * nayco # umount /vservers 1127169397 M * nayco umount: /vservers: device is busy 1127169397 M * nayco umount: /vservers: device is busy 1127169408 M * nayco argh.... 1127169545 M * nayco Oh, dear !!! => this is really wierd : 1127169556 M * nayco # cat /proc/mounts 1127169574 M * nayco /dev/hda8 /vservers xfs rw 0 0 1127169585 M * nayco none /vservers/test1/dev tmpfs rw 0 0 1127169592 M * nayco /dev/hda8 /vservers/test1/.dev xfs rw 0 0 1127169647 M * Bertl interesting mounts :) 1127169662 M * nayco Well, last thing I did a couple of hours ago was creating a test vserver (With debootstrap method, and sarge then hoary distros), 'rm -rf' it, hten creating it again, and so on.... 1127169685 M * nayco I think the last time I ctrl- 1127169769 M * nayco I think the last time I 'ed the vserver-build of hoary... Mmmm, no, it failed on its own. But I've had typed on a previous build. 1127170631 M * nayco Well.... 1127170633 M * nayco umount /vservers/test1/.dev 1127170642 M * nayco umount /vservers/test1/dev 1127170658 M * nayco umount /vservers 1127170666 M * nayco mount /vservers/ 1127170678 M * nayco ll /vservers/ 1127170681 M * nayco Good. 1127170690 M * Bertl fascinating :) 1127170707 M * nayco Mmmm, is this a potential stability/disponibility threat ? 1127170722 M * Bertl dev mounts inside a guest? 1127170735 M * Bertl if you allow them ... 1127170805 M * nayco well, not really this, but the fact all this happened in the first place, while simply installing with debootstrap method, then ing... I known i've made the BOFH, but this is wierd... 1127170859 M * nayco You know what ? I'm not even on a VS kernel, because I do not need it to hack vserver-build (To support urpmi) 1127171700 M * nayco *installing 208-3" 1127171879 M * nayco Mmmm, I had to do "rm -f /usr/man/man8/vserver-copy.8 /usr/man/man8/vserver-stat.8 /usr/man/man8/vserver.8" after uninstalling 0.30.208-2mdk 1127172099 M * nayco Bertl: http://pastebin.com/368551 <= What do you think of this ? I've had this before... 1127172108 Q * Vudumen Ping timeout: 480 seconds 1127172200 M * daniel_hozac nayco: the scripts do setattr --barrier /vservers. 1127172205 M * daniel_hozac that won't work without a vserver kernel. 1127172234 M * Bertl yep, precisely! 1127172269 M * nayco Ok. I though about something like this... Is the setattr important (Ok, ok, that is just to be sure) 1127172306 N * kevinp kevinp|gone 1127172344 J * Vudumen vudumen@perverz.hu 1127172344 M * nayco anyway, I installed the utils, and the /var/run/vs{helper,ervers,ervers.rev} are created correctly !!! Thanks ! 1127172367 M * Bertl okay, then I'll go and update the Mandr* rpms on 13thfloor ... 1127172380 M * Bertl daniel_hozac: thanks a lot for the fast diagnosis! 1127172410 M * daniel_hozac heh, my pleasure. 1127172430 M * nayco Ok, one bug dead, next one ;) 1127172475 M * Bertl nayco: okay, could you close the bug for us? 1127172479 N * Aiken-walk Aiken 1127172491 M * nayco So, is /vservers/.pkg/ the right place to store urpmi DB's ? 1127172499 M * Bertl Aiken: my kernel is almost done ... 1127172523 M * nayco Bertl: Well, no, because this bug is a 5-in-1.... 1127172530 M * nayco But i'll post a comment ! 1127172563 M * Aiken cool 1127172582 M * Aiken while I was gone I had this thing building a new alpha tool chain to try 1127172590 M * daniel_hozac nayco: is the third problem gone now as well? 1127172591 M * Aiken this time based on gcc 2.95.3 1127172633 M * Bertl Aiken: ah, just to make sure? what was the last one based on? 1127172781 M * nayco Bertl: Oh, that's hard for me to tell now... I'll check as soon as possble, after having booted on the right kernel ;) 1127172797 Q * ag-2 Ping timeout: 480 seconds 1127172892 J * ag-2 ag@muaddib.roxor.cx 1127172931 Q * Johnsie Remote host closed the connection 1127172995 M * Aiken gcc 3.3.6 1127173006 J * Johnsie ~john@acs-24-154-53-42.zoominternet.net 1127173014 M * Bertl [4194003.371223] Kernel bug at mm/slab.c:1767 1127173014 M * Bertl [4194003.420051] swapper(0): Kernel Bug 1 1127173023 M * Bertl [4194003.566536] pc is at kmem_cache_create+0x6dc/0x800 1127173029 M * Bertl [4194004.404426] [] __start+0x1c/0x20 1127173079 M * gndmstr question.. if i rsync backups using -aH on the /vservers root, will rsync mess up teh hard links by setting archive bits or anything? 1127173115 M * Aiken close enough 1127173118 M * gndmstr if it does my guest tree may grow by a few gigs magically 1127173132 M * Bertl I guess so, at least I doubt that it will do proper backups of CoW hardlinks 1127173135 M * Aiken so it not just me then, alpha support in the new kernel has problems 1127173146 M * Bertl Aiken: definitely 1127173165 M * gndmstr hmm ok will have to find a way to do it without it touching the tree other than to back it up 1127173204 M * Bertl gndmstr: well, you can try ... if rsync is really good, it might get the job right ... 1127173228 M * Bertl (but I guess we will need a slightly modified rsync for that) 1127173233 M * Aiken first sparc sun4c then ide-scsi and now alpha support 1127173248 M * gndmstr will find out i guess 1127173249 M * gndmstr :D 1127173264 M * Aiken thanks for the check Bertl 1127173271 M * Bertl you're welcome! 1127173384 Q * obi jupiter.oftc.net plasma.oftc.net 1127174057 M * nayco oh dear, my hard drive is 1127174060 Q * nayco Quit: Bonne nuit ! 1127174089 M * Bertl .. too small? :) 1127174247 J * obi ~obi@B3114.karlshof.wh.tu-darmstadt.de