1127952210 Q * dddd44 Read error: Connection reset by peer 1127952716 Q * monrad Ping timeout: 480 seconds 1127952852 J * monrad ~monrad@213083190134.sonofon.dk 1127953410 M * MooingLemur moooo 1127953420 M * Bertl MooingLemur: moo moo! 1127953453 M * MooingLemur what occurs when you say: vserver blah stop? Does it send a signal to the init inside? 1127953475 M * Bertl depends, if the init style is plain, then yes, SIGINT is sent 1127953509 M * Bertl if the init style is sysv, then there is no init, so the runlevel scripts are executed 1127953537 M * MooingLemur ahh, then the init isn't doing what it's supposed to 1127953555 M * Bertl check for 'ca' handling 1127953579 M * MooingLemur it's a gentoo host and a gentoo guest 1127953597 M * Bertl yes, that's why I assume that this is missing :) 1127953631 M * MooingLemur ca handling? 1127953642 M * MooingLemur I'm not sure what that is or what it applies to 1127953650 M * Bertl if init gets SIGINT, it executes the 'ca' handler ... 1127953651 M * Bertl sec 1127953655 M * MooingLemur ahh 1127953656 M * MooingLemur inittab 1127953674 M * Bertl ca::ctrlaltdel:/sbin/shutdown -t2 -r now 1127953683 M * Bertl (for example) 1127953853 M * MooingLemur I think that'll solve the problem on most of my hosts.. thanks :) but now it's starting to do something else on more hosts.. init thinks it's in init 0, but it's not doing anything. I think something broke on a package update. 1127953952 M * MooingLemur # ps -ef | grep init 1127953952 M * MooingLemur root 1 0 0 17:34 ? 00:00:00 init [0] 1127953988 M * MooingLemur then I can do init 3 and it'll say [3] :P 1127954116 M * Bertl well, check the logs inside the guest, maybe init has something to say? 1127954163 M * Bertl also, if you want the guest to stop properly (no timeout) you need to set the reboot_kill flag ... 1127954178 M * MooingLemur Sep 28 17:48:49 src@mem-zip-07 init: Switching to runlevel: 6 1127954184 M * Bertl (at least for gentoo it seems) 1127954343 M * MooingLemur does that setting belong somewhere in /etc/vservers? 1127954367 M * MooingLemur the only references to reboot_kill in google searches seem to be logs of this channel :) 1127954384 M * Bertl yes, best is you scan over the logs from yesterday, we had it in detail 1127954399 M * Bertl the basic steps IIRC: 1127954409 M * Bertl - patch kernel with rkill fixes 1127954427 M * Bertl - add ^37 to the flags file /vservers/name/.../flags 1127954428 M * MooingLemur k, I've probably been in here for months so I'll have it :) 1127954446 M * Bertl - fix the ca issues 1127954463 M * Bertl http://irc.13thfloor.at/LOG/ 1127954563 M * MooingLemur thanks for the pointers.. this'll go a long way :) 1127955159 M * MooingLemur a-ha.. on the machines that are broken, calling rc reboot bails out. 1127955165 M * MooingLemur (from the guest) 1127955174 M * MooingLemur on the working boxes, it kicks me out 1127955925 Q * Pirogeth Quit: 1127956713 J * dddd44 dhb55@218.111.178.26 1127957177 Q * yarihm Quit: Leaving 1127957231 Q * nokoya Quit: changing servers 1127957280 J * nokoya ~young@hi-230-82.tm.net.org.my 1127958350 Q * douglas Ping timeout: 480 seconds 1127958663 M * MooingLemur http://pastebin.com/377388 1127958741 M * MooingLemur maybe it happens when I add sshd at some point 1127959026 M * MooingLemur ahh, the net.lo got clobbered by something 1127959074 M * MooingLemur I think that's it :) 1127959117 M * MooingLemur I have a good net.lo on some and a package update clobbered it on some other boxes (me not realizing that changes shouldn't be merged) 1127959138 A * MooingLemur gives Bertl an udder. 1127959142 M * MooingLemur :D 1127960343 M * MooingLemur oh, /sbin/rc got clobbered too. now it's all working 1127960559 Q * yungyuc Remote host closed the connection 1127960571 J * yungyuc ~yungyuc@220-135-53-220.HINET-IP.hinet.net 1127960598 Q * nokoya Quit: changing servers 1127960671 J * nokoya young@hi-230-82.tm.net.org.my 1127960735 M * litage if you change the ip address and subnet of a vserver host, how do you change all of the vserver guests' ip addresses? 1127960888 M * Bertl depends on the config ... 1127960899 M * MooingLemur /etc/vservers/*/interfaces/*/ip 1127960931 M * Bertl yep, changing those to the new subnet should do the trick (after stopping them) 1127961075 M * mnemoc Bertl: hi, if reboot gets killed, how should people reboot from within the vserver? 1127961101 M * fluor is there any way to dynamically do mount --bind within vservers? 1127961115 M * fluor I can't afford to reboot a vserver each time I do such a mount, 1127961123 M * fluor since they allow users to access their webdirectory 1127961127 M * fluor any workaround? 1127961151 M * Bertl mnemoc: by doing the very same reboot (with the helper) 1127961175 M * Bertl fluor: sure, you can always add/remove --bind mounts to/from guests 1127961225 M * Bertl mnemoc: the complete solution will probably take another round of fixes ... 1127961269 M * mnemoc what's the reason to send INT to init on stop, mixing reboot with halt? 1127961302 M * Bertl mnemoc: what alternatives are there? 1127961367 M * mnemoc at least runit handle -s CONT as a halt request 1127961408 M * Bertl well, but I guess this is the only one of _all_ inits :) 1127961426 M * mnemoc :p 1127961497 M * Bertl but feel free to make the stop/restart signal customizeable 1127961498 M * mnemoc what's wrong with a simple exec /sbin/init 0 ? 1127961557 M * Bertl mnemoc: a) runlevel 0 is not necessarily the right one, b) most distros use telinit, c) it requires to enter the guest ... 1127961576 M * Bertl but yes, I could imagine this as well 1127961606 M * mnemoc is "entering the guest" the problem? 1127961608 M * Bertl doesn't change much regarding the reboot/halt killing ... 1127961610 N * ag-2 Guest273 1127961622 J * ag-2- ag@muaddib.roxor.cx 1127961682 Q * Guest273 Read error: Connection reset by peer 1127962146 J * ag-2 ag@muaddib.roxor.cx 1127962157 Q * ag-2- Read error: Connection reset by peer 1127962715 M * fluor Bertl: I tried to mount --bind from guests, but it would say permission denied 1127962806 M * Bertl yep, either you allow the guest to do that, or you do it from the host (which is securer) 1127963567 M * fluor Bertl: would you have pointers documenting both methods? 1127963617 M * Bertl hmm, check the flower page, the ccaps should contain the *mount* capabilites, and for the host side, you want to enter the namespace with vnamespace ... 1127963673 M * fluor Bertl: thnaks! 1127963687 M * Bertl yw! 1127965060 M * mnemoc Bertl: can i just copy linux/vserver/signal.h from 2.1 to 2.0.1? 1127965628 M * Bertl might be fine ... 1127965689 J * sebi_ ~sebi@C4d4f.c.strato-dslnet.de 1127965793 Q * sebi Ping timeout: 480 seconds 1127966246 Q * Aiken Quit: Leaving 1127966339 M * Bertl okay, folks, I'm off to bed for tonight ... 1127966345 M * Bertl cya all tomorrow! 1127966349 N * Bertl Bertl_zZ 1127966394 M * mnemoc gn8 Bertl_zZ 1127967348 M * litage when i burn /etc/vservers/.defaults/vdirbase/ to dvd, growisofs fails to properly close the session. but if i burn each vserver guest onto the same dvd 1 at a time, everything's peachy. why might this happen? 1127967812 Q * Johnsie Remote host closed the connection 1127967949 Q * litage Ping timeout: 480 seconds 1127968735 J * Johnsie ~john@acs-24-154-53-217.zoominternet.net 1127968757 J * douglas ~douglas@douglas.user.oftc.net 1127968759 M * douglas hey hey 1127968803 J * litage ~nick@203.201.98.38 1127970734 Q * dddd44 Ping timeout: 480 seconds 1127972466 J * matti matti@linux.gentoo.pl 1127972497 M * matti Whoa... Too late... Bertl fall to sleep. Damn. 1127972885 M * douglas wasup 1127973098 M * matti Hi douglas. 1127973111 M * matti Damn. I've some really strange problem here... LOL 1127973251 M * nokoya hello, may i ask something non-related with vs ? it's about named/bind :D 1127973270 M * matti Sure. 1127973295 M * nokoya I saw this msg on named.log 1127973297 M * nokoya lame-servers: info: unexpected RCODE (SERVFAIL) resolving 1127973300 M * nokoya what's RCODE ? 1127973414 M * matti Hm... 1127973545 M * matti Some weird RR? 1127973564 M * matti Good question indeed. 1127973572 M * nokoya RR ? 1127973577 M * nokoya hehe what's RR ? 1127973682 J * Mystine ~meerzill@fire.webotek.com 1127973690 M * matti Hmm... Or maybe some strange error code response. 1127973729 M * Mystine does anyone know how i can build ext2/3 image when i have downloaded system with debootstrap? 1127973741 M * nokoya not sure matti 1127973758 M * Mystine or should i first do some kind of empty file and mount it somewhere and then install system into it 1127973837 M * matti nokoya: Yeah, It seems too. 1127973841 M * matti nokoya: http://www.faqs.org/rfcs/rfc1035.html 1127973870 Q * litage Read error: Connection reset by peer 1127973903 M * matti nokoya: "RCODE Response code - this 4 bit field is set as part of responses.", and bla bla bla :) 1127973948 M * nokoya thanks matti 1127973968 M * matti nokoya: You should disable lame-servers loggind in named.conf. 1127973976 M * matti nokoya: Lame servers sucks :D 1127975691 Q * matti Ping timeout: 480 seconds 1127975867 J * matti matti@linux.gentoo.pl 1127976346 J * litage ~nick@203.220.55.70 1127977921 Q * litage Ping timeout: 480 seconds 1127978877 J * litage ~nick@203.220.55.70 1127981017 J * prae ~prae@gut75-1-81-57-27-189.fbx.proxad.net 1127982332 P * jayeola 1127982994 J * hvd ~takeagues@fw-grz.hollomey.com 1127983117 M * hvd i have some servers where contextid->contextname does not resolve .. (so i see only the ctxid in vservers-stat, vps..) however all server have same kernel and util-vservers (same .defaults, and util-vserver-vars) hints ? 1127983136 M * hvd s/the/get/ 1127983177 M * hvd 2.6.13-vs2.0.1-pre2/0.30.208-1 1127983211 J * yarihm ~yarihm@84-74-18-28.dclient.hispeed.ch 1127983313 Q * litage Ping timeout: 480 seconds 1127983939 J * litage ~nick@203.220.55.70 1127984695 Q * litage Ping timeout: 480 seconds 1127984835 J * litage ~nick@203.220.55.70 1127985089 J * Vudumen_ vudumen@perverz.hu 1127985092 Q * Vudumen Read error: Connection reset by peer 1127985628 Q * monrad Ping timeout: 480 seconds 1127985776 Q * litage Ping timeout: 480 seconds 1127985902 J * litage ~nick@203.220.55.70 1127988836 Q * litage Ping timeout: 480 seconds 1127989412 J * litage ~nick@203.220.55.70 1127989747 J * prae_ ~prae@84.14.106.134 1127989962 J * monrad ~monrad@213083190134.sonofon.dk 1127990127 M * yarihm hesse:/home/yarihm# vserver build start 1127990127 M * yarihm chbind: vc_set_ipv4root(): Function not implemented 1127990131 M * yarihm what's this? 1127990146 Q * prae Ping timeout: 480 seconds 1127990151 M * yarihm (the kernel should have vserver support patched in) 1127990204 M * yarihm Linux version 2.6.13.1-vs2.1.0-rc2hesse1 (root@hesse) (gcc version 3.3.5 (Debian 1:3.3.5-13)) #1 Thu Sep 29 01:09:50 CEST 2005 1127990348 M * hvd yarihm: : which util-vserver version ? 1127991049 M * yarihm hdv: 0.30.204-5sarge2 1127991082 M * yarihm too old for my kernel? 1127991743 J * Aiken ~james@tooax6-200.dialup.optusnet.com.au 1127991744 M * hvd well im running 207 1127991749 M * hvd but should not be too old .. 1127991894 M * hvd check if you realy have a vserver enabled kernel (check system.map for vc_set_ipv4root) 1127991914 M * hvd s/realy/really 1127991914 M * SiD3WiNDR yarihm: did you perhaps disable the legacy networking or so? 1127991970 M * hvd well we will see if the symbol is in system.map 1127992046 M * yarihm hmm ... yeah, i disabled legacy networking ... (it said this was not neccessary anymore) 1127992063 M * SiD3WiNDR well, unless you have ngnet, it is, afaik 1127992156 M * yarihm well, it rather seems the like, huh? ,) i'll recompile the kernels 1127994890 J * Lunar^ ~lunar@poivron.org 1127994905 M * Lunar^ Hi 1127994933 A * Lunar^ is trying to get vs2.1.0-rc2 compiling on PPC 1127994972 M * Lunar^ it seems that CLONE_KTHREAD is defined too big (> 16 bits) 1127995739 M * Hollow Lunar^: iirc there was some change in CLONE_KTHREAD in 2.1.0_rc2... does 2.0/2.0.1 work for you? 1127995791 Q * Aiken Quit: Leaving 1127995792 M * Lunar^ Hollow: I did not tested it 1127995832 M * Hollow Lunar^: it's probably best to try these versions first.. if it's a 2.1.0 issue, you should wait for Bertl_zZ and tell him about the bug 1127995864 M * Hollow well, if it's a 2.0 issue you have to wait for him too probably ;) 1127995879 M * Lunar^ Hollow: it seems to be fairly easy to correct after digging through PPC asm ref. 1127995886 M * Lunar^ current call is ori r3,r5,CLONE_VM|CLONE_KTHREAD /* flags */ 1127995912 M * Lunar^ but CLONE_KTHREAD is higher than 2^16 1127995940 M * Lunar^ so that's only a matter of using oris instead and doing the or in two instructions instead of one 1127995946 M * Lunar^ I am going to try that 1127995975 M * Lunar^ mhhh 1127995977 M * Hollow ok, patches are always welcome.. ;) 1127995978 M * Lunar^ even simplier 1127995992 M * Lunar^ the line just under the one having the error is : 1127995993 M * Lunar^ oris r3,r3,CLONE_UNTRACED>>16 1127996014 M * Lunar^ so s/CLONE_UNTRACED/(CLONE_UNTRACED|CLONE_KTHREAD)/ should be enough 1127996044 M * Hollow Lunar^: just fyi the CLONE_KTHREAD change appeared in 2.1.0_pre11 1127996050 M * Hollow http://vserver.13thfloor.at/Experimental/patch-2.6.13.1-vs2.1.0-pre11.diff 1127996057 M * Lunar^ Hollow: thanks 1127996110 M * Lunar^ misc.S successfully compiles with that modification 1127996113 M * Hollow off for a couple of hours.. good luck 1127996116 M * Lunar^ thanks 1127996133 M * Hollow great, diff it and send it to bertl/mailinglist.. 1127996237 M * Lunar^ Hollow: i'll try it fis 1127996238 M * Lunar^ first 1127997895 J * dddd44 dhb55@218.111.178.26 1127998097 Q * dddd44 Quit: 1127999080 J * dddd44 dhb55@218.111.178.26 1127999289 Q * dddd44 Read error: Connection reset by peer 1127999557 J * dddd44 dhb55@218.111.178.26 1128000644 Q * Mystine Quit: 1128000784 Q * dddd44 Read error: Connection reset by peer 1128001484 J * menomc ~amery@200.75.27.89 1128001593 Q * mnemoc Ping timeout: 480 seconds 1128001593 N * menomc mnemoc 1128003757 J * kikov ~kikov@67.Red-83-46-20.dynamicIP.rima-tde.net 1128004892 N * Bertl_zZ Bertl 1128004899 M * Bertl morning folks! 1128004917 M * Lunar^ Bertl: hi :) 1128004917 M * Bertl Lunar^: ah, yes, thanks! 1128004926 M * lonewolff morning Bertl 1128004933 M * Lunar^ Bertl: I just rebooted on the new kernel 1128004946 M * Lunar^ Bertl: so changing the "oris" line just after "ori" is enough 1128004948 M * Bertl yeah, your change sounds reasonable ... will add it 1128004985 M * Lunar^ Bertl: but I'm getting an "Invalid argument" on the setattr --barrier call 1128004993 M * Bertl filesystem? 1128005017 M * Lunar^ ext3 1128005038 M * Bertl kernel/tool versions? 1128005050 M * Lunar^ Bertl: I'll investigate myself a bit, first 1128005077 M * Lunar^ 2.6.13, 0.30.208 1128005082 M * Bertl k, tx 1128005151 M * Lunar^ CONFIG_EXT3_FS_XATTR=y 1128005153 Q * cryo Read error: Connection reset by peer 1128005311 J * cryo ~say@gw.psoft.od.ua 1128005374 M * Bertl Lunar^: how does this look for you? http://vserver.13thfloor.at/Experimental/delta-ppc-fix01.diff 1128005494 M * Lunar^ Why do you need another set of parenthisis for ppc64? 1128005614 M * Lunar^ otherwise, it looks exactly like what I have in my misc.S 1128005860 M * Lunar^ I don't find what is causing the EINVAL. It's simple ext3, XATTR compiled in... 1128005878 M * Bertl do you have debugging enabled? 1128005898 M * Lunar^ which level? the vserver debugging kernel option? 1128005905 M * Bertl yes 1128005916 M * Lunar^ nope, let's have another compilation then 1128006013 M * Bertl 208 with or without the fix02? 1128006031 M * Lunar^ Bertl: it's Debian unstable package 1128006098 M * Bertl hmm, you should try with source + fix02 1128006152 M * Lunar^ thanks 1128006166 M * Lunar^ Bertl: fix02 is already in the Debian package 1128006246 M * Lunar^ * Applied patch-0.30.208-fix02.diff instead of patch-0.30.208- 1128006247 M * Lunar^ fix01.diff. 1128006247 M * Lunar^ -- Ola Lundqvist Sun, 25 Sep 2005 22:26:45 +0200 1128006271 M * Bertl k 1128006465 M * Lunar^ I'm rebuild a kernel with debug enabled right now 1128006864 P * matti 8-X 1128007333 M * douglas hey bertl 1128007347 M * douglas what are the most common steps to securing vserver? 1128007360 J * stefani ~stefani@superquan.apl.washington.edu 1128007394 M * douglas morning stefani 1128007424 M * Bertl douglas: currently, not using the debian tools :/ 1128007435 M * douglas I dont use debian tools 1128007440 M * douglas all my stuff is compiled from source 1128007452 M * douglas what I mean for example is like chmod /vservers 000 1128007462 M * Bertl 2.4 vservers? 1128007467 M * douglas well chmod 000 /vservers to be precised 1128007469 M * douglas 2.6 1128007480 M * Bertl no, the tools did everything required for you 1128007485 M * douglas ahh 1128007489 M * douglas ok 1128007491 M * Bertl you can verify/set the barrier with 1128007507 M * Bertl showattr/setattr 1128007555 M * Bertl make sure that /dev is as the tools install it (7 or 8 entries) 1128007565 M * Bertl dont give any additional capabilities 1128007585 M * douglas 7 or 8 entries? so when I do a skeleton leave the dev entries in place? 1128007597 M * Bertl yep, that's the secure default 1128007613 M * douglas ok 1128007648 M * douglas and about giving vservers the ability to mount stuff. is there a chance that can fubar the host? cuz I believe you can to enable that cap to allow samba to work properly yes? 1128007695 M * douglas you have to enable that cap is what I mean 1128007758 M * Bertl yes, for network mounting and similar, you have to give additional caps 1128007783 M * Bertl some of them are reasonable secure, other allow for DoS and hacking ... 1128007790 M * douglas but does that give them access to possibility mess with the host? or no? I mean is there any reason why you wouldn't want that on by default? 1128007830 M * Bertl e.g. CAP_SYS_ADMIN will give you access to the host, CAP_NET_ADMIN to the hosts networking ... 1128007878 M * douglas ahh so in a paranoid enviroment you dont want to really give any caps. other then raw_icmp 1128007894 M * Bertl maybe not even that ... 1128007916 M * douglas icmp_raw they can dos people with it, but I'm not neccessarily worried about that 1128007942 M * douglas I'm only worried about the host being hacked or accessed. 1128008182 M * Bertl should be fine ... 1128008190 M * Bertl okay, have to leave now ... will be back later 1128008194 N * Bertl Bertl_oO 1128008195 M * douglas those trialing ... 1128008196 M * douglas worry me 1128008216 J * mess-mate ~mess-mate@82.250.107.110 1128008236 M * mess-mate hi folks 1128008340 M * douglas salut mess-mate 1128009221 M * mess-mate salut douglas :) 1128009356 M * mess-mate tought to create a lfs (linux from scratch) in a vesserver 1128009570 M * mess-mate this vserver, of course, must be empty and created with a skeleton. That's what i did. bertl advised using the unification method fter that. 1128009651 M * mess-mate And didn't found some doc about unify :( 1128009716 M * mess-mate seems i'm talking to myself... 1128009773 J * hiaslboy ~hiaslboy@62-99-160-157.static.adsl-line.inode.at 1128010500 M * daniel_hozac mess-mate: doesn't LFS require a working compile environment? 1128010593 M * yarihm i realized that i have a /tmp-mountpoint inside my vservers ... i just switched to new-style-configs ... where would i .... ah gimme a sec 1128010609 M * daniel_hozac /etc/vservers//fstab ;) 1128010633 M * yarihm daniel_hozac: yeah, i just thought about the file, it seemed rather obvious ... sorry for bothering and thanks for the prompt answer :) 1128010654 Q * prae_ Quit: Execute Order 69 ! 1128010766 M * mess-mate daniel_hozac: yes, so i've installed busy-box on that vserver but i've to start him up and that do not work without any other stuff 1128010910 M * mess-mate So maybe unification would help ? 1128010936 M * daniel_hozac i don't see how unionfs nor unification would help. 1128010981 M * daniel_hozac i would just install a full guest and go from there. 1128011108 M * mess-mate Maybe the best way ... but then i've to build a LFS in a virtual or chrooted environment ? 1128011275 M * mess-mate What i search to do exactly, is building an LFS system i can still running the same machine on other things while LFS is compiling. 1128011387 M * mess-mate And emulation is not possible, they can't access other partitions. 1128011431 M * daniel_hozac you would be able to do that even without vservers. 1128011463 M * mess-mate like how ?? 1128011625 M * daniel_hozac you do the initial builds into a chroot, when that's done, chroot in there in a shell or two, do the rest of the compiling. 1128012017 M * mess-mate ok, i'll do a try. Thanks 1128012248 M * Lunar^ Bertl_oO: I have a kernel with debugging enabled 1128012683 M * yarihm does any of you guys know whether there are some variables such as IP of a vserver available as shell-variables for the shellscripts under /etc/vservers//scripts ? 1128012852 J * prae ~benjamin@sherpadown.net 1128013016 M * TheSeer yarihm: since there could be multiple IPs that would result in mutliple variables? 1128014438 M * yarihm TheSeer: yeah ... probably ... so one would need the netmasks and stuff too ... in my case it is only one IP and i would need it to set up some routing stuff. but if that variables aint there, they aint there and i'll hardcode the stuff in the scripts, no problem. but OTOH one could just have IPN where N is an integer ... i mean because there are mor than one it doesn't mean it wouldn't be useful. 1128014471 M * TheSeer i'm not exactly sure as to the context the scripts are run in.. 1128014489 M * TheSeer if they're run in the host context, you can easily read the information you want from the config files yourself 1128014509 M * yarihm TheSeer: yeah, that's right ... thanks for the hint 1128016182 M * douglas sorry mess-mate had to go to class 1128016215 M * douglas the best way is to try to make your own images and use those in combination of vserver build skeleton method 1128017739 T * * http://linux-vserver.org/ | latest stable 2.0, 2.0.1-pre2, 1.2.10, 1.2.11-rc1, devel 2.1.0-rc2 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) 1128017739 T * Bertl - 1128019467 Q * Hunger Remote host closed the connection 1128020377 Q * Johnsie Quit: G'bye! 1128021462 J * Johnsie ~john@acs-24-154-53-217.zoominternet.net 1128022434 M * ntrs_ Anyone here using apt-get? 1128023153 M * mnemoc Bertl_oO: should i set something for the vservers i want rkill? 1128023929 Q * kikov Quit: This computer has gone to sleep 1128024604 J * mrec_ ~revenger@p54B00B46.dip0.t-ipconnect.de 1128025018 Q * mrec Ping timeout: 480 seconds 1128025933 Q * douglas Ping timeout: 480 seconds 1128027087 J * Aiken ~james@tooax6-047.dialup.optusnet.com.au 1128027236 M * mess-mate yes 1128027372 Q * mess-mate Quit: leaving 1128029578 Q * yarihm Quit: Leaving 1128030532 M * micah Bertl_oO: I am testing the rootesc.c and it says that the exploit works, but I am not actually put into a shell in the host system 1128031381 J * Blissex pcg@82-69-39-138.dsl.in-addr.zen.co.uk 1128031385 M * daniel_hozac micah: the exploit is dumb and prints that all the time ;) 1128031581 M * micah daniel_hozac: hehe, really? 1128031592 M * micah what is dumb about it? 1128031642 M * micah none of the if blocks exit(1), so it assumes that everything works fine 1128031731 M * stefani hrm. by the wiki, showattr should tell me ---Bui- but i get ---bui- 1128031802 M * micah I think --bui- is correct nowdays 1128031905 M * daniel_hozac ---bui- == barrier, iunlink not set. 1128031919 M * daniel_hozac the capital B means that the barrier is enabled. 1128032011 M * micah I'm confused -- 'B' means the barrier is enabled, but you say ---bui- means the barrier is on, with iunlink not set? 1128032022 M * micah so B and b both mean barrier? 1128032034 M * daniel_hozac barrier and iunlink are both unset in the bui case. 1128032058 M * stefani so i should reset the barrier then 1128032134 M * micah hmm, this seems conflicting to me 1128032138 A * micah digs for info 1128032166 M * daniel_hozac an upper case letter means enabled, lower case letter means available. 1128032244 M * micah yeah, it should be: 1128032250 M * micah ---Bui- /vservers 1128032257 M * micah ---bui- /vservers/guest 1128032301 M * micah hmm, but if I do 1128032311 M * micah setattr --barrier /home/vservers 1128032315 M * micah showattr /home/vservers 1128032317 M * micah ----ui- /home/vservers 1128032323 M * micah it doesn't get set 1128032328 M * daniel_hozac because it's not available. 1128032338 M * daniel_hozac whatever filesystem /home/vservers is on doesn't support the barrier flag 1128032347 M * daniel_hozac (or /home/vservers isn't a directory) 1128032353 Q * hiaslboy Ping timeout: 480 seconds 1128032370 M * micah ah /home/vservers is a symlink 1128032403 M * stefani ok i have that set now. 1128032483 M * micah daniel_hozac: in what situation would the "Exploit seems to work" be printed, when it actually doesn't? 1128032717 M * daniel_hozac micah: any 2.6 setup with namespaces, at least. 1128032835 J * douglas ~douglas@douglas.user.oftc.net 1128032922 M * micah daniel_hozac: what does ---BU-- mean? barrier is enabled and 'U'? 1128032937 M * micah means iunlink is set? 1128032948 M * daniel_hozac i think so. 1128034103 Q * prae Quit: Pwet 1128035832 P * stefani I'm Parting (the water) 1128036357 N * Bertl_oO Bertl 1128036362 M * Bertl evening folks! 1128036392 M * Bertl micah: yes, the exploit is buggy :) 1128036409 M * Bertl mnemoc: yes, the ^37 flag 1128036440 M * Bertl Lunar^: still there? 1128036502 M * Bertl micah: if you get alternating 'seems to work' and 'permission denied' (plus some kernel logging) then it actually didn't work ... 1128037321 M * mrec_ what exploit? 1128037325 N * mrec_ mrec 1128037468 M * Bertl mrec: about one and a half year ago, out of the blue the root escape exploit came over us ... 1128037483 M * Bertl well, actually it's two years ago, I think 1128037498 M * litage is there a command that will stop all vservers? 1128037506 M * mrec ok as long as it's not active anymore :) 1128037516 M * Bertl and it is haunting us since then, especially as various distros get the barrier stuff wrong ... 1128037536 M * Bertl litage: there is the vserver-default script and you can also kill them 1128037543 M * litage thanks 1128037610 M * litage is there a way of determining which vservers are currently running? 1128037725 M * Bertl vserver-stat 1128037778 M * litage Bertl: `vserver-stat` returns "vc_create_context(): Invalid argument" 1128037819 M * Bertl that is a good indication for a badly configured system .. (i.e. missing legacy support or so) 1128037893 M * Bertl litage: did you run the testme.sh yet? 1128037899 M * litage Bertl: what can i read that will help me understand how to better configure the host? 1128037938 M * litage Bertl: i can't find a testme.sh 1128037947 M * Bertl litage: sec 1128037955 M * Bertl http://vserver.13thfloor.at/Stuff/SCRIPT/ 1128038100 M * litage Bertl: so i should run testme.sh with no args? 1128038158 M * Bertl yep, as root, on the host 1128038170 M * Bertl gives you a bunch of lines, you can then upload to pastebin.com 1128038205 M * litage Bertl: http://rafb.net/paste/results/IJWdhk31.html 1128038265 M * Bertl hmm, looks ... interesting :~/ 1128038287 M * Bertl litage: okay, know what, let's get a new kernel and new tools, shall we?