1128038498 M * douglas hey bertl 1128038501 M * douglas hows it going? 1128038528 M * litage Bertl: interesting in what way? =P 1128038573 M * Bertl litage: never saw a kernel with that footprint and configuration 1128038573 Q * litage Read error: Connection reset by peer 1128038616 J * litage ~nick@203.220.55.70 1128038720 M * litage Bertl: so you're saying that i should rebuild my kernel? 1128038766 M * Bertl I would advise to do so .. but probably configuring this one slightly different will get it working (somewhat) 1128038886 M * litage Bertl: what benefits are there for me doing this? 1128039049 M * mnemoc Bertl: echo '^37' >> /etc/vservers/test/flags ? 1128039256 M * Bertl mnemoc: yes 1128039285 M * Bertl litage: well, this kernel looks like the debian backport we did, plus the original debian tools (sarge) 1128039322 M * Bertl litage: it is missing a bunch of fixes both for the kernel and for the tools (which should be as version 0.30.208 available for debian unstable?) 1128039332 M * litage ah i see 1128039377 M * litage Bertl: so should i just remove the current (stable) vservers packages and install the unstable packages, then redo the kernel? 1128039388 M * litage Bertl: or are there other things that aren't so obvious that i should do? 1128039411 M * Bertl well, there should be a recent debian kernel somewhere too 1128039428 M * Bertl so if you don't want to compile it yourself, that might be an option 1128039449 M * Bertl otherwise I'd suggest to get 2.6.13.2 and vs2.0.1-pre2 1128039495 M * litage Bertl: yeah but i also need an smp kernel, so unless there's a debian smp+vserver kernel, i'll have to roll a new one 1128039513 M * Bertl okay, in this case, go for the vanilla one ... 1128039563 M * Bertl http://vserver.13thfloor.at/Experimental/patch-2.6.13.2-vs2.0.1-pre2.diff.bz2 1128039571 M * Bertl get the kernel from kernel.org 1128039583 M * Bertl take your current config, show me the output of 1128039589 M * Bertl grep VSERVER .config 1128039599 M * Bertl (we have to change a few options there) 1128039616 M * mnemoc Bertl: doesn't seem to do anything :\ 2.0.1-pre2 + rkill 1128039619 M * litage Bertl: experimental? 1128039621 M * Bertl litage: then roll your own (after doing make oldconfig) 1128039637 A * litage is a bit hesitant about using an experimental version 1128039654 M * micah Bertl: it should actually dump you in the root context if it does succeed, right? 1128039654 M * Bertl litage: no, this actually isn't experimental, I just didn't want to put the stable prereleases somewhere else 1128039678 M * Bertl mnemoc: how do you test? 1128039696 M * Bertl micah: yeah, with access to the rootfs (either immediately or after 'exit') 1128039737 M * Bertl mnemoc: first try with 'reboot -f' inside the guest 1128039751 M * litage Bertl: how much longer will you be on irc for? (there are some other critical things i need to do before i can attend to the vserves and kernel) 1128039762 M * mnemoc Bertl: vserver stop 1128039778 M * Bertl litage: at least an hour ... but probably longer 1128039840 M * litage thanks Bertl 1128039853 M * Bertl mnemoc: this requires that you a) have plain init style b) a running 'init' c) the init does something on SIGINT d) this something finally ends with reboot/halt -f :) 1128039868 M * Bertl litage: np 1128039888 M * mnemoc vkill -c 49157 -s INT -- 1 1128039903 M * Bertl micah: you might want to make a V2 of the exploit, which actually reports it right :) 1128039906 M * litage Bertl: btw, is using dhcp for the vserver guests well supported? 1128039919 M * mnemoc - runit: ctrl-alt-del request... 1128039920 M * mnemoc - runit: enter stage: /etc/runit/ctrlaltdel 1128039925 M * Bertl litage: if you want that all guests get the same IP, yes :) 1128039932 M * mnemoc - runit: system reboot. 1128039938 M * mnemoc (idle) 1128039977 M * Bertl mnemoc: you didn't take the debug patch, right? you might want to add some printks instead ... 1128039987 M * litage Bertl: all the guests will have the same ip address? is it possible for each of them to have a unique ip address? 1128039997 M * Bertl mnemoc: (so you see when vs_reboot() is invoked) 1128040008 M * mnemoc feat01, fix01, fix02 and signal.h 1128040011 M * mnemoc ok 1128040018 M * mnemoc any suggested line? 1128040023 M * Bertl litage: dhcp is based on MAC, and the MAC is the hardware address of the interface, no? 1128040038 M * mnemoc where printk outputs? 1128040050 M * litage Bertl: touche :) 1128040058 M * Bertl vs_reboot() at the beginning, add something which tells the cmd and vxi/xid 1128040078 M * mnemoc yes, i mean any suggested 'debug text' 1128040097 M * Bertl litage: also dhcp requires low level network access, so it's better to use something like ldap or nis for that (on the host) 1128040105 M * mnemoc i take about 1:30h buidling the kernel :\ 1128040119 M * Bertl mnemoc: why do you rebuild everything? 1128040155 M * Bertl mnemoc: while testing, you should keep a built tree around, the build system is very capable of handling such changes in a sane way 1128040173 M * Bertl change one line, compile 5 files, done ... 1128040187 M * mnemoc good idea :p 1128040343 M * mnemoc i'm used to build everything using the package manager 1128040421 M * mnemoc so i prepare a patch, 'simulate' a release, and blah blah blah 1128040452 M * Bertl drink some coffe :) 1128040469 M * mnemoc around 300gr per week :\ 1128040501 M * Bertl if it is good coffee, that can get quite expensive ... 1128040526 M * mnemoc nah.. cheap coffee 1128040543 M * mnemoc my stomach hates it :\ 1128041181 M * mnemoc Bertl: should i CONFIG_VSERVER_DEBUG next time? 1128041202 M * Bertl douglas: what about the http://hackers.progeny.com/~sam/rpmstrap/ (RPM bootstapping, for the IRC log :) 1128041222 M * mnemoc google points :) 1128041223 M * Bertl mnemoc: would not hurt ... might allow you to check what's going on 1128041870 J * stefani ~stefani@c-24-19-46-211.hsd1.wa.comcast.net 1128042066 M * Bertl welcome stefani! 1128042079 M * stefani hallo again. 1128042393 M * Lunar^ Bertl: still there yes 1128042446 M * Bertl okay, so let's continue where we left of, ext3 attributes? 1128042477 M * Lunar^ yep 1128042483 M * Lunar^ I now have a debugging kernel 1128042494 M * Lunar^ or at least, a kernel with debugging enabled 1128042500 M * Bertl okay, let's do a few basic tests now ... 1128042509 M * Bertl you ahve /tmp on ext3 too? 1128042526 M * Lunar^ Bertl: /tmp is tmpfs... but /var/tmp is ext3 1128042538 M * Bertl okay, then let's do the following: 1128042550 M * Bertl touch /var/tmp/x; showattr /var/tmp/x 1128042628 M * Lunar^ vc_get_iattr(): Invalid argument 1128042628 M * Lunar^ ERR /var/tmp/x 1128042643 M * Bertl okay, sec, checking source for debug flags ... 1128043013 M * douglas bertl sorry walked away, I haven't really tested it yet. I just reinstalled my test box. It was lost from moving and I just found it so I'm redoing that so I can test it locally 1128043014 M * douglas :) 1128043052 M * Bertl douglas: np, just wanted it recorded here ... 1128043065 M * douglas yea 1128043086 M * douglas I'll keep ya informed as soon as I get it working, one problem is my test box is a PIII 750 so its dog slow compiling stuff 1128043092 M * douglas took like over an hour to compile 2.6.12.4 1128043119 M * Bertl Lunar^: hmm, we have not too many debug entries there, let's start with: 'echo 255 >/proc/sys/vserver/debug_xid 1128043134 M * douglas anyone wanna donate a faster processor? :) 1128043137 M * douglas hehe 1128043158 M * Bertl Lunar^: then just redo the showattr and check the dmesg/klog, after that, run it again with strace -fF and upload the output 1128043161 M * Lunar^ vxD: vx_propagate_xid(ed78aa10[#96802.0]): 0, 1128043213 M * Lunar^ SYS_273(0, 0x3f, 0, 0x7fa7c874, 0x10001204) = -1 EINVAL (Invalid argument) 1128043253 M * Bertl okay, let's also add 'echo 255 >/proc/sys/vserver/debug_switch' 1128043332 M * Lunar^ [32001.074176] vxD: task_get_vx_info(d67e6e30) @fs/proc/array.c:325 1128043340 M * Lunar^ and again, vx_propagate_xid stuff 1128043450 M * Lunar^ can't see anything else 1128043458 M * Bertl hmm, that's weird ... 1128043463 M * Lunar^ any idea what to look for? 1128043500 M * Bertl ah, what arch/system is that? 1128043544 M * Lunar^ powerpc 1128043548 M * Lunar^ ppc32 1128043556 M * Bertl thought so, userspace issue ... 1128043577 M * Bertl ppc has a different syscall number 1128043583 M * Bertl (not 273) 1128043588 M * Bertl where did you get the tools from? 1128043605 M * Lunar^ locally built debian package 1128043613 M * Bertl built on the ppc? 1128043617 M * Lunar^ yep 1128043638 M * Bertl okay, please get the tar.gz, apply the patch and rebuild ... 1128043641 M * Lunar^ I'm trying to build it again, just in case 1128043671 M * Lunar^ let's do that also 1128043672 M * Bertl micah: what is the currently latest toolversion for debian? 1128043682 M * mnemoc my vserver with CONFIG_VSERVER_DEBUG is logging nothing.... 1128043695 M * Bertl mnemoc: you have to enable most of the log stuff 1128043706 M * Bertl mnemoc: you get the /proc/sys/vserver dir for that purpose 1128043721 M * Bertl mnemoc: check the Documentation/vserver/debug.txt for details 1128043767 M * mnemoc thanks 1128043782 M * Bertl yw 1128043798 M * Lunar^ back in few minutes 1128043829 M * mnemoc uhm.... no /proc/sys/vserver 1128043850 M * Bertl testme.sh? 1128043860 M * Bertl (the VCI line) 1128043923 M * mnemoc where is testme.sh? 1128043952 M * mnemoc not at /Stuff or /Experimental 1128043960 M * Lunar^ Bertl: does the userspace tools use kernel headers modified by the vserver patch? 1128043984 M * Bertl mnemoc: http://vserver.13thfloor.at/Stuff/SCRIPT/ 1128044000 M * Bertl Lunar^: no, by default, they don't 1128044024 M * mnemoc VCI: 0002:0001 273 03000016 1128044046 M * Bertl VCI_KCBIT_DEBUG = 16 1128044055 M * Bertl so no debugging enabled for this kernel :/ 1128044062 M * Lunar^ Bertl: the Debian package does! grmlml 1128044074 M * Lunar^ Bertl: I've built my package before having the kernel patched 1128044089 M * Lunar^ Bertl: I just rebuilt it, installed it, and it's working perfecly 1128044091 M * Lunar^ perfectly 1128044094 M * Bertl hmm, doesn't explain the 273 ... 1128044110 M * Bertl because ppc doesn't have vserver on 273 ... 1128044134 M * Lunar^ Bertl: maybe it defaults to i386 when unable to find the correct headers? 1128044136 M * Bertl I suspect some tricky brokenness in the debian package ... 1128044157 M * Bertl (it's not the first, and for sure not the last one) 1128044159 M * Lunar^ micah: Would you be insterested in looking that further together? 1128044173 M * Lunar^ micah: (not tonight, it's 3am here) 1128044230 M * Lunar^ Bertl: sorry for the waste of time 1128044251 M * Bertl np 1128044514 Q * litage Ping timeout: 480 seconds 1128044555 M * mnemoc ? 1128044574 M * Bertl mnemoc: how did you enable the debugging? 1128044639 M * mnemoc vi .config... CONFIG_VSERVER_DEBUG=y 1128044658 M * Bertl depends on CONFIG_DEBUG or so, did you enable that too? 1128044679 M * Bertl (if not, then the oldconfig will automagically disable it for you) 1128044689 M * mnemoc CONFIG_DEBUG_KERNEL? 1128044698 M * Bertl sec, checking ... 1128044705 M * mnemoc it was not self-disabled 1128044739 M * Bertl hmm, no, actually VSERVER_DEBUG doesn't depend on anything ... 1128045143 J * litage ~nick@203.220.55.70 1128045152 M * mnemoc Bertl: any hint? 1128045190 M * Lunar^ Bertl: seems to work well... i've debootstraped, and started without any problems 1128045216 M * Lunar^ thanks! 1128045218 P * Lunar^ 1128045236 M * douglas moved the server out into the garage 1128045240 M * Bertl mnemoc: wrong .config? wrong kernel booted? 1128045241 M * douglas I <3 wireless 1128045257 M * douglas that thing was nosier then hell 1128045315 M * douglas its a old rackmount server, had the 6 fans going all out 1128045315 M * douglas lol 1128045322 M * micah Bertl: this sounds like a similar ppc issue someone else had 1128045340 M * micah Bertl: I suspect it has to do with gcc4.0 vs. 3.3 toolchain wierdness 1128045373 M * Bertl could also be some upstream bug ... 1128045397 M * douglas compiling :) 1128045408 M * Bertl micah: do you have access to a ppc build host? 1128045447 M * micah Bertl: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328209 1128045454 M * micah I might, let me check 1128045489 M * micah actually i do, but I dont believe I can apply a kernel patch and reboot it 1128045511 M * Bertl no 1128045513 M * Bertl that's the idea, don't apply anything, kernel should be default, no vserver stuff 1128045533 M * micah yes, I've got one of those avail 1128045563 M * Bertl because we _know_ that it works once the kernel is patched, and the user rebuilt the package ... 1128045589 M * mnemoc Bertl: wrong kernel booted :\ 1128045595 M * Bertl micah: so I would suggest to do two things ... 1128045616 M * Bertl micah: first, get the package and the sources (.tar.bz2 + fix02) 1128045631 M * Bertl micah: then configure/build both with defaults ... 1128045655 M * Bertl micah: then check the config log and/or execute the vserver-info - SYSINFO 1128045676 M * Bertl depending on the results, we can deduce: 1128045677 M * micah Bertl: you mean get the debian package, or get the util-vserver .tar.bz2 +fix02 1128045683 M * Bertl both 1128045689 M * micah ah, got you 1128045701 M * Bertl debian fails, upstream fails -> upstream bug 1128045712 M * Bertl debian fails, upstream correct -> debian bug 1128045734 M * Bertl debian correct, upstream correct -> debian build bug :) 1128045766 M * mnemoc Bertl: what do you use? 1128045788 M * Bertl mnemoc: what do you mean? 1128045799 M * mnemoc OS 1128045805 M * Bertl linux of course! :) 1128045813 M * mnemoc distribution? ;) 1128045827 M * Bertl a severely hacked mandr* version ... 1128045884 M * douglas lol 1128045886 M * mnemoc uh 1128045890 M * douglas testing it out now bertl 1128045897 M * douglas its gonna be a few min while it grabs all the images 1128045902 M * douglas err rpms I should say 1128045905 M * douglas creating centos4 1128045954 Q * litage Ping timeout: 480 seconds 1128046000 M * mnemoc # uname -a 1128046000 M * mnemoc Linux lamborghini 2.6.11.12-vs2.0.1-pre2-rkill-dist #2 SMP Thu Sep 29 16:53:54 CLT 2005 i686 unknown unknown GNU/Linux 1128046094 M * mnemoc great! ... vserver stop stoped my runit :D 1128046094 M * Bertl lol @ lamborghini 1128046098 M * mnemoc :p 1128046136 M * Bertl afk for a moment ... 1128046587 J * litage ~nick@203.220.55.70 1128046706 M * litage Bertl: got disconnected, so i might've missed a message if you sent one 1128046850 M * mnemoc nothing for you since your last login 1128046863 M * litage thanks mnemoc 1128046876 M * litage what's the difference between "ln -s /foo/bar /dest" and "ln -s /foo/bar/ /dest"? 1128047036 M * douglas still downloading 1128047090 M * douglas heh 1128047104 M * douglas lets hope this works cuz I dont wanna have to sit here and download all this grud again 1128047105 M * douglas :) 1128047541 M * mnemoc litage: the send will produce a link to /foo/bar// 1128047549 M * mnemoc litage: but it's harmless 1128047560 M * litage thanks 1128047630 M * litage when creating a guest vserver, what's the difference bewteen specifying the ip address "10.0.0.10/24" and "10.0.0.10/32"? 1128047644 M * douglas umm 1128047648 M * douglas a /24 is a class c 1128047660 M * douglas a /32 wont work I believe 1128047661 M * douglas here 1128047725 M * litage why is that? if specifying a static ip address, /32 means it's static 1128047734 M * douglas http://exeter.org/~matt/digex/CIDR_block_cheat_sheet.pdf 1128047765 M * douglas lol calculate the bits 1128047766 M * mnemoc /32 == 255.255.255.255 1128047768 M * douglas google howto cidr 1128048254 M * douglas finally down downloading 1128048262 M * douglas it looks like it compiled it just fine 1128048271 M * douglas copying over 1128048361 M * micah Bertl: it seems like the bug report in the first powerpc issue had to do with sarge, and the one of Lunar^'s may be a newer version? 1128048460 M * micah also, you say "check the config log and/or execute the vserver-info - SYSINFO" and look for failures... what sort of failures am I looking for? 1128048830 M * litage douglas: what does having on "free" bits have to do with what ip address a vserver guest is given? 1128048918 M * douglas its how networking works 1128048948 M * douglas it has to do with everything, it defines the subnet mask. 1128048977 M * douglas I'm not going to go through a tutorial on networking, cuz that would just take too long. do some google searchs. 1128048988 N * ag-2 Guest284 1128048997 Q * Guest284 Ping timeout: 480 seconds 1128049000 J * ag-2- ag@muaddib.roxor.cx 1128049143 M * douglas where did bertl go 1128049183 M * micah douglas: 22:08 < Bertl> afk for a moment ... 1128049216 M * douglas key word being a "moment" 1128049217 M * douglas :) 1128049417 M * Bertl back now ... :) 1128049521 M * Bertl litage: ad ln -s, not much, an additional / which will result in // which in turn gets reduced to / :) 1128049544 M * Bertl ah, that was already answered :) 1128049580 M * Bertl micah: with the vserver-info - SYSINFO you look for the syscall invocation method and the id 1128049630 M * micah Bertl: ok, and about the first issue -- the reason i ask is because I will be testing on a sarge machine 1128049652 M * micah Bertl: that means I will be using util-vserver version in sarge vs. the newest+fix02 1128049687 M * Bertl in any case, let the 'original' 0.30.208 + fix02 have a play 1128049726 M * micah ok, no problem 1128049733 M * litage Bertl: which guide should i follow when rebuilding my kernel and whatnot?: http://linux-vserver.org/Step-by-Step+Guide+2.6 or http://deb.riseup.net/vserver/ or ..? 1128049754 M * Bertl IIRC, the step-by-step guide is fine ... 1128049756 M * micah Bertl: i can also get the debian packaged 0.30.208+fix02 and try that as well 1128049778 M * Bertl litage: but basically it's simply selecting the defaults (for the vserver specific options) 1128049804 M * Bertl litage: so, get kernel, apply patch, configure kernel (maybe with old config), build, install, boot 1128049812 M * micah Bertl: however, this is where I am convinced the problem is -- if I compile the packaged 0.30.208+fix02 on the powerpc it will work, but if I use the packaged one, it will fail (this is my guess and why I think its a toolchain issue) 1128049822 M * micah but I will test and get back to you 1128049904 M * Bertl micah: check the irc log from today, Lunar^ is willing to diagnose/improve/help, and he claims that he _built_ the package on his ppc machine without a patched kernel, and it resulted in a wrong package 1128049918 M * Bertl (after a rebuild with the proper kernel it was fine) 1128049971 M * micah ah, ok 1128050035 M * douglas hey bertl 1128050066 M * douglas built centos4 on top of debian, works good, need to edit the init scripts so it stops trying to /mount on shutdown and remove the kernel logger part of it 1128050078 M * douglas building fc4 right now 1128050094 M * Bertl yeah, that is 'normal' (shutdown issues) 1128050124 M * litage Bertl: what do you mean by "maybe with old config"? 1128050147 M * douglas but the fact that I did it on debian bertl :) 1128050148 M * Bertl well, might be that you have a working config for a 2.6 kernel (for your host) .. you might reuse that 1128050154 M * micah I will need to get the admins of the box to install some build dependencies 1128050160 M * douglas bootstraped it 1128050161 M * Bertl douglas: yeah, yay! excellent! :) 1128050166 M * douglas very excellent 1128050176 M * douglas I'm building fc4 now 1128050184 M * Bertl extraordinarily exquisite! *G* 1128050195 M * douglas it doesn't have support for redhat9 yet. but I'm thinking that shouldn't be too hard to create a script for that. 1128050205 M * douglas how differn't is redhat9 from fc? 1128050217 M * stefani from fc4 ? a bit. 1128050267 M * douglas hmm 1128050281 M * douglas is there a list of rpms just for bootstrapping it anywhere? 1128050286 M * stefani i think rh9 is more like fc2 or fc3 1128050327 M * douglas hmm I have scripts to build fc2 I wonder how hard it would be to modify it to build rh9 1128052081 J * sebi ~sebi@C4be3.c.strato-dslnet.de 1128052188 Q * sebi_ Ping timeout: 480 seconds 1128052219 M * mnemoc Bertl: merging 2.0.1 with grsec 2.1.6.... at kernel/signal.c what should be done first grsec or vserver validations? 1128052253 M * Bertl depends .. you should ensure functionality _and_ correctness :) 1128052278 M * mnemoc :\ 1128052284 M * Bertl i.e. if you need to send/allow a signal to guest processes 1128052299 M * Bertl then it really depends what you want to do ... 1128052331 M * mnemoc *little flood* 1128052333 M * douglas hmm 1128052333 M * mnemoc error = -ESRCH; 1128052333 M * mnemoc if (user && !vx_check(vx_task_xid(t), VX_ADMIN|VX_IDENT)) 1128052333 M * mnemoc return error; 1128052333 M * mnemoc if (gr_handle_signal(t, sig)) 1128052336 M * mnemoc return error; 1128052337 M * douglas bertl testing fc4 now 1128052338 M * mnemoc error = security_task_kill(t, info, sig); 1128052341 M * mnemoc if (!error) 1128052343 M * mnemoc gr_log_signal(sig, t); 1128052346 M * mnemoc return error; 1128052348 M * mnemoc ^--- how does that looks? 1128052443 M * Bertl assumed that the gr_handle_signal() will be configured to allo context kills (in a proper manner) this will work as expected ... 1128052473 M * Bertl OTOH, with gr_handle_signal() blocking stuff, you might break the reboot_kill for example ... 1128052489 M * mnemoc oh 1128052532 M * Bertl another detail, the 'user' condition is not even passed to the gr_handle_signal() so it can not judge based on user vs. kernel signalling ... 1128052572 A * mnemoc puzzled 1128052577 M * Bertl probably extending grsec to be xid aware and handle special kernel signals would be neede 1128052581 M * Bertl *needed 1128052612 M * mnemoc oh 1128052621 M * douglas should I run some type of grsec patches on my kernel? I mean does it imporve the security between vserver and host? 1128052646 M * mnemoc a lot :) 1128052709 M * mnemoc Bertl: i'll mark that block for later review... 1128052725 M * Bertl douglas: nobody was able to explain the advantage of 'having' a grsec patch over not having it, unless you 'configure' it properly, which nobody did yet :) 1128052768 M * Bertl douglas: the patch itself gives only strange and unexpected issues (without proper setup) 1128052825 M * mnemoc you need to build using -pie and configure grsec for your system 1128052987 M * Bertl mnemoc: in what way do you think that it improves security between host and guests btw? 1128053162 M * mnemoc not between 1128053175 M * douglas it just improves security on the host? 1128053176 M * mnemoc i missread douglas question 1128053185 M * mnemoc on host and in guest 1128053189 M * douglas well my hosts are completely firewalled by a cisco pix 1128053198 M * mnemoc vserver keeps them safely separated 1128053238 M * mnemoc a cisco pix doesn't defend you, just filters 1128053240 M * douglas I'm not worried about vserver security to be honest, thats the admins responsibility, if I were to worry about every vserver I run I would never sleep eat or do anything other then that. 1128053254 M * douglas well seeing how the only port I have open is ssh. 1128053260 M * douglas so they find a vulnerability in ssh 1128053262 M * douglas be my guess. 1128053270 M * douglas but I honestly doubt grsec could prevent it 1128053287 M * mnemoc if they find a vulnerability in ssh, PAX will not let them use it 1128053310 M * Bertl stack randomization doesn't help here ... 1128053314 M * douglas I dont plan on getting hacked via ssh, and I might just turn that off as well and use oob access 1128053336 M * mnemoc Bertl: why? ... i haven't been cracked yet :p 1128053386 M * stefani is there something about udp packets going from one vserver to another. i seem to lose some. 1128053403 M * Bertl mnemoc: well, I won my ipaq H1940 on a cracking contest (on SuSE 9.*) so we had to write PIC for the stack stuff :) 1128053413 M * douglas udp packets are droped when there is any congestion on the network. I mean any. 1128053432 M * Bertl stefani: on the same host? 1128053435 M * stefani y 1128053443 M * mnemoc Bertl: :D 1128053443 M * Bertl unlikely that they are dropped ... 1128053455 M * douglas if its on the same host then I dont think its the networking problem. hows resouce management? cpu idle etc? 1128053466 M * stefani cpu very low 1128053473 M * stefani over 90% idle 1128053489 M * Bertl I assume vs2.x ? check /proc/virtual/limit for both guests 1128053498 M * Bertl /proc/virtual//limit 1128053498 M * stefani k 1128053519 M * douglas low usage or low idle? 1128053596 M * stefani douglas: low use 95% idle 1128053808 M * douglas hmm 1128053827 M * douglas hmm 1128053832 M * douglas lol 1128053847 M * douglas fc4 /dev directory links to the / directory when doing the image lol 1128053858 M * douglas how do you remove something like that? 1128053878 M * douglas if all the /dev files point to / rm -rf wont work lol 1128053939 M * Bertl huh, what are you trying to tell us? 1128053947 M * douglas when I create the fc4 image 1128053966 Q * no_maam Ping timeout: 480 seconds 1128053968 M * douglas it wont let me delete the /dev directory inside the image. 1128053972 M * douglas for example 1128053983 M * Bertl hmm, why? 1128053990 M * douglas lets say I us vimages as my base dir. for redhat debian etc.etc images. 1128054007 M * douglas so I create a /vimages/fc4 for the image. 1128054033 M * douglas instead /vimages/fc4/dev there are symbolic links through out the /dev direct that points back to / 1128054047 M * douglas throught out its /dev directory 1128054089 M * Bertl so /dev is a link or a dir? 1128054094 M * douglas its a dir 1128054105 M * douglas wanna take a look? 1128054113 M * Bertl why? 1128054126 M * douglas shrug so you can see what I'm talking about lol 1128054127 M * Bertl I mean, you can surely remove a dir, no? 1128054133 M * douglas I try 1128054137 M * douglas gives me operation not permited 1128054158 M * Bertl who would forbid that? 1128054165 M * douglas err 1128054173 M * douglas its not the /dev dir 1128054176 M * douglas its the /proc dir 1128054176 M * douglas sorry 1128054178 M * douglas my mistake 1128054189 M * Bertl and I assume it's mounted too :) 1128054198 M * douglas its the /proc dir inside the image 1128054200 M * douglas mount to what? 1128054215 M * douglas ahh 1128054216 M * douglas it was 1128054216 M * Bertl well, as procfs of course ... 1128054221 M * douglas thank you 1128054228 M * Bertl my pleasure ... :) 1128054235 M * douglas never seen that before 1128054248 M * Bertl but almost every linux host has it :) 1128054264 M * stefani kids interruption break. sorry. 1128054273 M * douglas no worries stefani 1128054291 M * stefani i had them talking to each other, but then it stopped. 1128054293 M * douglas bertl no I mean I've used other images and never seen it mounted as it is. usually thats done by the vserver isn't it? 1128054308 M * douglas on startup? 1128054317 M * Bertl yep, vserver does that 1128054319 M * stefani actually.no 1128054333 M * douglas right, this wasn't done prior to starting vserver. it was mounted 1128054334 M * douglas shrug 1128054405 M * mnemoc http://mnemoc.pastebin.com/378442 <--- outch :( 1128054478 A * mnemoc wonders if this will even build.... 1128054502 M * litage this is off-topic, but just in case there're any djbdns users out there... :) 1128054503 M * litage how do you make a double-alias in tinydns? as in: 1.domain.com -> 2.domain.com, and 2.domain.com -> 1.2.3.4 1128054563 M * douglas I'm a bind person sorry 1128054568 M * mnemoc =1.domain.com:1.2.3.4 1128054576 M * mnemoc +2.domain.com:1.2.3.4 1128054579 M * mnemoc +3.domain.com:1.2.3.4 1128054582 M * douglas I though about trying djbdns but then I think, I can spend my time doing other stuff thats more productive 1128054585 M * douglas like watching the tv 1128054586 M * douglas :) 1128054602 M * mnemoc the first (=) sets A and PTR, the others just A 1128054626 M * mnemoc oh, you mean CNAMEs? 1128054635 M * douglas and I know djbdns fixes a few bind bugs however, I never run into them so I stick with bind 1128054647 M * mnemoc =2.domain.com:1.2.3.4 1128054653 M * mnemoc C1.domain.com:2.domain.com 1128054693 M * Bertl mnemoc: well, you are not on ia64, no? 1128054703 M * mnemoc p4 1128054706 M * litage mnemoc: yeah i tried that unfortunately (your last 2 msgs), but it fails; doesn't resolve 1128054717 M * Bertl mnemoc: so you'll never know :) 1128054723 M * mnemoc :) 1128054739 M * litage i like how djbdns is automagically taken care of by svc, and thus is *always* running 1128054789 M * mnemoc litage: tinydns-get A 2.domain.com on the dir which contains data.cdb 1128054929 M * mnemoc i'm making a distribution with dietlibc,grsec,vserver and runit (init which works like daemontools and GPL) ... now only grsec is the stoper :\ 1128054953 M * mnemoc lvm and unionfs 1128055020 M * Bertl what is the purpose of unionfs? additional slowdown? 1128055084 M * mnemoc save space and help updates.... but it's just available, you can use it if you want 1128055101 M * mnemoc i don't feel it that slow 1128055125 M * Bertl np, how does it help with updates? 1128055128 M * mnemoc lvm is also an additiaonal showdown... but it have save me a lot of troubles 1128055191 M * mnemoc stop all vservers, update using a DESTDIR, start all vserver... all are updated :p 1128055212 M * mnemoc of course that doesn't apply if your vservers are too different 1128055251 M * Bertl ahem, if any guest has updated anything? how would that fit in? 1128055335 M * mnemoc on hosting env, yes a guest can update things... which files will be at guest filespace, which will overlay common filespace 1128055363 M * Bertl which will break if the 'underlay' changes :) 1128055396 M * mnemoc ^_^ 1128055422 M * mnemoc if i decide to give hosting with ssh access, i'll be unable to use unionfs 1128055448 M * Bertl and in all other cases you can use --bind mounts or similar ... 1128055456 M * litage mnemoc: with "=2.domain.com:1.2.3.4" and "=C1.domain.com:2.domain.com", `tinydns-get A 2.domain.com` returns "1 2.domain.com:" and tinydns-get A C1.domain.com` returns "1 c1.domain.com:" which are both incorrect 1128055544 M * mnemoc Bertl: but with immutable mount --bind you don't let the write at those places 1128055567 M * mnemoc 'C1.domain.com:2.domain.com' != '=C1.domain.com:2.domain.com' 1128055635 M * litage mnemoc: `make` fails when having no prefix (+ or = or @ or ..) to "C1.domain.com:2.domain.com" 1128055668 M * litage mnemoc: each entry requires a prefix 1128055709 M * mnemoc C is the prefix 1128055713 Q * cryo Ping timeout: 480 seconds 1128055723 M * mnemoc C, CNAME... 'alias' 1128055752 M * mnemoc http://cr.yp.to/djbdns/tinydns-data.html <--- Cfqdn:p:ttl:timestamp:lo 1128055753 M * litage ah 1128055773 M * litage haven't seen that mentioned on djbdns/tinydns-data.html 1128055805 M * litage bah, i'm blind :) 1128055808 M * litage thanks mnemoc 1128055813 M * mnemoc np ;) 1128055879 A * mnemoc has no idea how to merge that code block :\ 1128055915 M * litage it says "Don't use Cfqdn for common aliases; use +fqdn instead." does that mean you should have "=1.domain.com:1.2.3.4" and "Cmail.domain.com:1.domain.com"? 1128055920 M * mnemoc Bertl: who used to make vserver/grsec patches? 1128055950 M * mnemoc litage: CNAMES add a extra resolve, what must be avoided 1128055989 M * mnemoc litage: NAME -> IP is always better than NAME -> NAME 1128055993 M * litage true 1128056011 J * dddd44 dhb55@218.111.178.26 1128056036 M * douglas well 1128056042 M * mnemoc btw, for a given IP you can only have _one_ = 1128056044 M * douglas I built the fedora core 4 vserver 1128056061 M * douglas when I start it I get secure-mount: chdir("/dev/pts"): No such file or directory 1128056078 M * litage mnemoc: obviously :) 1128056097 M * mnemoc :) 1128056109 M * daniel_hozac douglas: so... mkdir /vservers//dev/pts 1128056137 M * mnemoc vserver build -m skeleton creates it 1128056145 M * Bertl mnemoc: IIRC, the urls to the various folks doing grsec patches are still in the wiki ... 1128056157 M * douglas RTNETLINK answers: File exists 1128056163 M * douglas thats the other error I'm getting 1128056175 M * mnemoc Bertl: yes, i have seen them... but all are ancient 1128056202 M * Bertl douglas: means you either configured a device for an already existing IP or you changed the netmask and have old IPs lingering around 1128056203 M * mnemoc Bertl: i'll have to postpone vserver+grsec until i understand them better 1128056223 M * Bertl k, I'm off to bed now ... 1128056230 M * mnemoc same do i 1128056237 J * cryo ~say@gw.psoft.od.ua 1128056244 M * Bertl have a good one everyone ... cya later ... 1128056251 M * Bertl night mnemoc! 1128056254 M * daniel_hozac night! 1128056262 N * Bertl Bertl_zZ 1128056280 M * mnemoc night 1128056284 M * litage adios Bertl_zZ, thanks for your help 1128056299 M * mnemoc buenas noches litage y suerte ;) 1128056321 M * douglas bertl neither, maybe ones configured inside the version perhaps in a /etc/init.d/networking or something? 1128056328 M * douglas and he left 1128056330 M * douglas nevermind 1128056451 M * daniel_hozac douglas: so ip addr list doesn't show the IP you've configured for the guest (when it's off)? 1128056473 M * douglas just one moment 1128056478 M * douglas yum is updating 1128056479 M * douglas :) 1128056514 M * douglas errr 1128056516 M * douglas I think he's right 1128056518 M * douglas doh 1128056520 M * douglas lol 1128056533 M * douglas I fat fingered it 1128056544 M * douglas glad it was a test box 1128056545 M * douglas :) 1128056609 M * litage lates mnemoc 1128056635 M * douglas no actuall I was right I believe I used a diff ip 1128056642 M * douglas yea 1128056651 M * douglas I only have two vservers created at both have diff ips 1128061312 J * ag-2 ag@muaddib.roxor.cx 1128061335 Q * ag-2- Read error: Connection reset by peer 1128061728 P * stefani parting (is such sweet sorrow) 1128062076 M * dddd44 somebody spam mmy mail server pls.. bb@kas00.no-ip.info 1128062124 Q * monrad Quit: Leaving 1128062297 M * Loki|muh_ you are requesting spam? 1128062817 J * Doener ~doener@i5387D25A.versanet.de 1128063197 J * Aiken_ ~james@tooax7-025.dialup.optusnet.com.au 1128063197 Q * dddd44 Read error: Connection reset by peer 1128063543 Q * Aiken Ping timeout: 480 seconds 1128064469 Q * douglas Quit: 1128064954 Q * litage Ping timeout: 480 seconds 1128066170 J * litage ~nick@203.220.55.70 1128068463 J * prae ~prae@ezoffice.mandriva.com 1128069775 J * lilo_ ~lilo@lilo.usercloak.oftc.net 1128069879 Q * lilo Ping timeout: 480 seconds 1128069884 J * Mystine ~meerzill@fire.webotek.com 1128070438 Q * mrec Remote host closed the connection 1128070899 Q * lilo_ Ping timeout: 480 seconds 1128071092 J * lilo ~lilo@lilo.usercloak.oftc.net 1128071349 Q * Johnsie Remote host closed the connection 1128071424 J * lilo_ ~lilo@lilo.usercloak.oftc.net 1128071829 Q * lilo Ping timeout: 480 seconds 1128073744 J * Johnsie ~john@acs-24-154-53-217.zoominternet.net 1128073793 Q * flock Remote host closed the connection 1128074418 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il 1128074884 Q * Hollow Remote host closed the connection 1128076984 Q * Mystine Ping timeout: 480 seconds 1128077628 Q * Aiken_ Quit: Leaving 1128078150 J * Aiken ~james@tooax7-025.dialup.optusnet.com.au 1128079262 M * fluor q 1128080923 M * litage w 1128081401 J * Aiken_ ~james@tooax7-025.dialup.optusnet.com.au 1128081401 Q * Aiken Read error: Connection reset by peer 1128081410 J * monrad ~monrad@195.97.130.53 1128081858 J * Hollow ~hollow@home.xnull.de 1128081926 J * yarihm ~yarihm@84-74-18-28.dclient.hispeed.ch 1128082041 Q * Aiken_ Quit: Leaving 1128084588 J * dddd44 dhb55@218.111.178.26 1128085953 N * Bertl_zZ Bertl 1128085961 M * Bertl morning folks! 1128087653 Q * Blissex Read error: Connection reset by peer 1128088801 M * lonewolff morning Bertl 1128089136 M * Hollow Bertl: morning Bertl... the timeout issue wasn't solved in stable, but after reviewing again it's working now.. 1128089292 M * Bertl morning lonewolff! Hollow! 1128089308 M * Bertl Hollow: great! 1128092539 Q * tchan Quit: leaving 1128092752 J * tchan ~tchan@c-67-174-18-204.hsd1.il.comcast.net 1128093588 Q * Hollow Remote host closed the connection 1128093680 M * Bertl okay, back later ... 1128093685 N * Bertl Bertl_oO 1128093691 J * jayeola ~jayeola@host86-130-218-132.range86-130.btcentralplus.com 1128093734 J * Hollow ~hollow@home.xnull.de 1128093796 J * stefani ~stefani@superquan.apl.washington.edu 1128093858 M * jayeola hi guys. how does one tell ssh to bind to a dynamic ip from an isp? (there's a guide at http://deb.riseup.net that advises one to specify a fixed ip for ssh) 1128093907 M * jayeola otherwise it would be a s simple as ListenAddress [ip] 1128093916 M * jayeola in /etc/ssh/sshd_config 1128094057 M * daniel_hozac rewrite sshd_config whenever you get a new lease ;) 1128094119 M * jayeola heh - but i think that's every 18000 seconds ;) 1128094286 M * Hollow let sshd listen on localhost and forward the packets from your public ip with iptables..? 1128094309 J * intrigeri ~user@wiki.boum.org 1128094314 M * intrigeri hello 1128094382 M * intrigeri which combination of kernel + vserver patch + BME patch would you recomment ? 1128094448 M * intrigeri I was goign to build a 2.6.13 + patch-2.6.13.2-vs2.0.1-pre2 + split-2.6.13-vs2.x-bme0.06.1 1128094457 M * Hollow intrigeri: good choice 1128094499 M * intrigeri hum, I was wondering wether to use 2.0.1-pre2 or 2.1.0-rc2 1128094518 M * Hollow i'll stick to 2.0 for now 1128094522 J * hallyn ~hallyn@adsl-68-72-165-118.dsl.chcgil.ameritech.net 1128094527 M * intrigeri ok 1128094537 M * Hollow at least for production use 1128094560 M * intrigeri ok 1128094570 M * intrigeri will see how this applies to the Debian kernel 1128094623 M * intrigeri thanks :) 1128094668 M * Hollow you're welcome! 1128094826 Q * monrad Quit: Leaving 1128094833 M * intrigeri well, the latest Debian kernel is 2.6.12, so I'm going to try it with patch-2.6.12.4-vs2.0 + 2.6.11-rc5-bme0.06.1/ 1128094839 M * intrigeri will see how it goes together 1128096336 Q * prae Quit: Execute Order 69 ! 1128096734 Q * fluor Ping timeout: 480 seconds 1128096887 J * fluor ~fluor@tanneries.squat.net 1128097618 Q * dddd44 Quit: Leaving 1128097669 M * jayeola how does one create a dns record for a new vs? is it by editing /etc/hosts? 1128097670 J * Hunger Hunger.hu@Hunger.hu 1128098213 T * services.oftc.net http://linux-vserver.org/ | latest stable 2.0, 2.0.1-pre2, 1.2.10, 1.2.11-rc1, devel 2.1.0-rc2 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) 1128099276 M * jayeola can i create a new VS with `vserver [name] build -m debootstrap \ --hostname [name] \ --interface \ lo=127.0.0.2/25 1128099299 M * jayeola so that i can have the new VS listen to the loopback interface? 1128099425 M * jayeola this is a laptop, with it's ip assigned by the isp 1128099584 Q * flock Ping timeout: 480 seconds 1128099868 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il 1128101802 Q * yarihm Remote host closed the connection 1128103330 J * liquid__ ~liquid@p549771B8.dip.t-dialin.net 1128103378 Q * flock Quit: Expert, n.: Someone who comes from out of town and shows slides. 1128103764 Q * liquid_ Ping timeout: 480 seconds 1128104654 Q * jayeola Quit: leaving 1128104934 Q * hallyn Quit: leaving 1128106086 J * jayeola ~jayeola@host86-130-218-132.range86-130.btcentralplus.com 1128106896 J * monrad ~monrad@213.83.190.134 1128106995 J * menomc ~amery@200.75.27.43 1128107105 Q * mnemoc Ping timeout: 480 seconds 1128107105 N * menomc mnemoc 1128107440 Q * Doener Quit: Leaving 1128108815 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il 1128111002 J * Aiken ~james@tooax8-056.dialup.optusnet.com.au 1128111417 P * stefani I'm Parting (the water) 1128112749 Q * Aiken Quit: Leaving 1128115912 Q * ag-2 helium.oftc.net arion.oftc.net 1128115912 Q * Bertl_oO helium.oftc.net arion.oftc.net 1128115912 Q * Vudumen_ helium.oftc.net arion.oftc.net 1128115912 Q * nokoya helium.oftc.net arion.oftc.net 1128115912 Q * fluor helium.oftc.net arion.oftc.net 1128115912 Q * lilo_ helium.oftc.net arion.oftc.net 1128115912 Q * neofutur helium.oftc.net arion.oftc.net 1128115912 Q * eyck helium.oftc.net arion.oftc.net 1128115912 Q * Loki|muh_ helium.oftc.net arion.oftc.net 1128115912 Q * click helium.oftc.net arion.oftc.net 1128115912 Q * SNy helium.oftc.net arion.oftc.net 1128115912 Q * meebey helium.oftc.net arion.oftc.net 1128115912 Q * case helium.oftc.net arion.oftc.net 1128115912 Q * michal helium.oftc.net arion.oftc.net 1128115912 Q * tchan helium.oftc.net arion.oftc.net 1128115912 Q * litage helium.oftc.net arion.oftc.net 1128115912 Q * hvd helium.oftc.net arion.oftc.net 1128115912 Q * Hunger helium.oftc.net arion.oftc.net 1128115912 Q * sebi helium.oftc.net arion.oftc.net 1128115913 Q * AndrewLee helium.oftc.net arion.oftc.net 1128115913 Q * nox helium.oftc.net arion.oftc.net 1128115913 Q * derbien helium.oftc.net arion.oftc.net 1128115913 Q * Getty helium.oftc.net arion.oftc.net 1128115913 Q * mountie helium.oftc.net arion.oftc.net 1128115913 Q * DaCa helium.oftc.net arion.oftc.net 1128115913 Q * sladen helium.oftc.net arion.oftc.net 1128115946 J * nokoya young@hi-230-82.tm.net.org.my 1128115946 J * Vudumen_ vudumen@perverz.hu 1128115946 J * Bertl_oO herbert@212.16.62.52 1128115946 J * ag-2 ag@muaddib.roxor.cx 1128115998 J * Hunger Hunger.hu@Hunger.hu 1128115998 J * sebi ~sebi@C4be3.c.strato-dslnet.de 1128115998 J * AndrewLee ~andrew@tnlug.linux.org.tw 1128115998 J * nox ~nox@noxlux.de 1128115998 J * mountie ~mountie@CPEdeaddeaddead-CM000a739acaa4.cpe.net.cable.rogers.com 1128115998 J * Getty torsten@eisprinzessin.rz.unixnetwork.org 1128115998 J * sladen paul@starsky.19inch.net 1128115998 J * DaCa ~danny@mail.limehouse.org 1128115998 J * derbien ~derbien@whiterabbit.nbmc.de 1128116092 A * jayeola grr's in fustration 1128116170 J * fluor ~fluor@tanneries.squat.net 1128116170 J * lilo_ ~lilo@lilo.usercloak.oftc.net 1128116170 J * neofutur ~neofutur@neofutur.net 1128116170 J * eyck eyck@81.219.64.71 1128116170 J * Loki|muh_ loki@satanix.de 1128116170 J * michal ~michal@michal.usercloak.oftc.net 1128116170 J * click click@ti511110a080-1724.bb.online.no 1128116170 J * SNy 713549e1e4@bmx-chemnitz.de 1128116170 J * meebey meebey@booster.qnetp.net 1128116170 J * case ~case@donpanic.faveve.uni-stuttgart.de 1128116496 J * tchan ~tchan@c-67-174-18-204.hsd1.il.comcast.net 1128116857 J * tchan_ ~tchan@c-67-174-18-204.hsd1.il.comcast.net 1128116911 Q * tchan Killed (NickServ command used by tchan_) 1128116917 N * tchan_ tchan 1128116985 J * litage ~nick@203.220.55.70 1128117291 J * kevinp ~kevinp@ny.webpipe.net 1128117438 M * Bertl_oO jayeola: what's up? 1128117445 N * Bertl_oO Bertl 1128117795 M * Bertl okay, anyway ... back later ... 1128117800 N * Bertl Bertl_oO 1128119126 Q * SiD3WiNDR Ping timeout: 480 seconds 1128119569 J * SiD3WiNDR luser@bastard-operator.from-hell.be 1128120045 J * tomi ~tomi@pha-84-242-95-4.nat.karneval.cz 1128120074 Q * jayeola Quit: leaving 1128120294 J * gndmstr ~gndmstr@ip1.pathworx.sbbsnet.net 1128120362 M * gndmstr if I place vattribute --xid 39240 --flag ^37 inside a post-start script will that execute on the host after the guest starts, or on the guest? 1128120398 M * gndmstr i would place it in /etc/vservers/guestname/scripts 1128121206 M * daniel_hozac why not put ^37 in /etc/vservers//flags? 1128121271 M * daniel_hozac but scripts run on the host, IIRC. 1128121350 M * gndmstr ok just wasnt sure ithe post start and pre stop got run inside the guest by the host is all... 1128121387 M * gndmstr not sure... this was an experimental thing that Bertl told me to do with the command from the cmdline, so i just thought i would automate it 1128121399 M * gndmstr part of the gentoo stop bug workarounds 1128121473 M * gndmstr between that and the changes shep made to the rc script it appears to work well.. at least until Bert and hollow get together to figure out where the problem truly is and fix it :) 1128122906 Q * Johnsie Remote host closed the connection 1128122962 Q * fluor Quit: going offline for a while 1128122997 J * Johnsie ~john@acs-24-154-53-217.zoominternet.net 1128123592 Q * tomi Remote host closed the connection 1128124591 Q * gndmstr Remote host closed the connection