1128211623 M * michal thx. 1128211626 A * michal goes to sleep now 1128211631 M * michal have a nice whatever 1128211672 M * Bertl you too! 1128212567 J * menomc ~amery@200.75.27.91 1128212582 Q * Blissex Remote host closed the connection 1128212603 M * Bertl welcome mnemoc! 1128212616 M * menomc i hate my ISP :'( 1128212676 Q * mnemoc Ping timeout: 480 seconds 1128212676 N * menomc mnemoc 1128212689 M * mnemoc i was 17h trying to mirror grsec 1128212690 M * mnemoc svk: found 54558 rev(s) with 18090 tag applications 1128212690 M * mnemoc svk: aggregating changes 1128212691 M * mnemoc svk: writing revisions: [####- ] 17954/36670 1128212714 M * mnemoc and i was dropped! before svk was able to do any commit :'( 1128212821 A * mnemoc feels highly frustrated 1128215188 M * Hollow heya 1128215223 M * Johnsie Hey guys. :) 1128215232 M * Bertl heya! :) 1128215236 M * Johnsie Hollow: Is there any problem with using the Gentoo init style? 1128215247 M * Johnsie All of my guests are using Gentoo... 1128215261 M * Johnsie And I sort of like watching stuff come up. 1128215265 M * Johnsie Hey Bertl. 1128215286 M * Johnsie I dunno what happened with my dedicated server, but they're building up a new one for me and they're going to copy all of my data to my NAS. 1128215288 M * Hollow well, you can use it, it _should_ work, but it's not supported (at least i don't) 1128215302 M * Johnsie Okay, I have been, actually. 1128215308 M * Johnsie I just wondered if it'll blow up. 1128215309 M * Johnsie haha 1128215320 M * Hollow baselayout-vserver-1.12.0_pre8 even contains some special settings for gentoo init style 1128215321 M * Bertl ah, now I know what the advantage of the 'gentoo' init style over the 'plain' one is, thanks for clarification! :) 1128215335 M * Hollow Bertl: yeah, we need console virtualization ;) 1128215336 M * Johnsie LOL Bertl 1128215345 M * Johnsie That's all I've noticed... heheh 1128215356 M * Johnsie You can see services as they start up or shut down, etc. 1128215364 M * Johnsie I just like to be nosy and see if things come up as they should or not. 1128215371 M * Bertl Hollow: okay, when, how, suggestions? requirements? 1128215431 M * Hollow when: asap ;) how: you're the master.. suggestions: make virtual consoles readable from outside.. ;) 1128215734 M * Bertl hmm, well, I see a few options here ... 1128215779 M * Bertl a) we could 'virtualize' the console device, and output the guest stuff to the 'host' console 1128215819 M * mnemoc cp -a /dev/vc/4 /vserver/foo/dev/vc/0 ? 1128215836 M * Bertl b) we could do some kind of 'kernel pipes' which can be written from the guest, and read from the host (via syslogng or so) ... 1128215890 M * Bertl c) we could switch to some kind of network logging? 1128215908 M * Hollow hm, does init support network logging? 1128215925 M * Bertl no idea :) 1128215932 M * Hollow i don't think so ;) 1128215964 M * Hollow imo b) sounds good 1128216002 M * Bertl but this needs special setup to work, i.e. you have to configure them for the xid and such (similar to vroot device) 1128216044 M * Hollow a) doesn't need this? 1128216064 M * Bertl OTOH, we could do some kind of dynamic allocation and provide the device nodes via procfs or lvsfs :) 1128216130 A * Hollow shrugs 1128216156 M * Bertl no, a doesn't need this, as everything is 'forwared' to the real console 1128216354 M * Hollow do we need any changes in the utils for a to work? 1128216373 M * Bertl hmm, probably not, just a new flag or so 1128216402 M * Hollow sounds good then.. 1128216417 M * Bertl well, it has drawbacks too ... 1128216443 M * Bertl 1) we do not know which guest ist logging (might be solved with a prefix) 1128216462 M * Bertl (but prefixing might get ugly too) 1128216485 M * Bertl 2) the console messages might overlap/intermix 1128216525 M * Bertl Johnsie: you as user/customer, which kind of solution would you prefer? what drawbacks would you accept/tolerate? 1128216540 M * Johnsie Oh geez, don't do this on my account. :) 1128216554 M * Johnsie Look, I am, at best, at the intermediate level in Gentoo. 1128216554 A * Bertl is just collecting opinions ... 1128216568 M * Johnsie I'm not the person you should ask. 1128216575 M * Johnsie I am very pleased with what you guys have done. :) 1128216583 M * mnemoc what about screen sockets? 1128216584 M * Bertl but unfortunatly, you -are_ the person I asked :) 1128216585 M * Johnsie I love the VServer project. 1128216591 M * Hollow the question is: which devices do we virtualize? (/dev/console /dev/vc/* etc) and what should the guest/host be able to do with it 1128216597 M * Johnsie Bertl: I can live with a plain init style. 1128216615 M * Johnsie I just like to be able to see services as they come up... however you decide to do that is your option. 1128216627 M * mnemoc or dtach sockets 1128216631 M * Hollow i would liek to see inits output too... would make debugging much easier 1128216631 M * Johnsie You know more about security and caveats than I'd even be able to begin to guess at. 1128216640 M * Bertl mnemoc: please elaborate ... 1128216647 M * Johnsie Although, so far, I've had no problems with the Gentoo init style. 1128216659 M * Johnsie I run all Gentoo guests... I haven't given them options to do anything else. :) 1128216688 M * Hollow Johnsie: i commited many updates today... ;) 1128216689 M * Johnsie But, you know, if you could come up with a standardized method of some form common to every distribution out there to which you support and have it output data, that'd be neat. 1128216709 M * Johnsie Hollow: Cool. I'm about to make a new system. 1128216714 M * Johnsie I ordered a P3200 from ThePlanet. 1128216716 M * mnemoc Bertl: somehow map /dev/console, /dev/vc/* to a unix socket which screen can attach to 1128216723 M * Johnsie So, as soon as they provision it, bye bye RHEL 3. 1128216724 M * Johnsie haha 1128216738 M * Hollow Johnsie: if you run stable don't forget to keyword vsever ebuilds.. they're not in stable yet 1128216746 M * Johnsie Oh okay. 1128216748 M * Johnsie Thank you. 1128216753 M * Bertl mnemoc: hmm, unix socket ... inside procfs/lvsfs .. good idea ... 1128216757 M * Johnsie I didn't know you had one there. 1128216762 M * Johnsie Just toss it in my USE flags? 1128216777 M * Hollow in /etc/portage/package.keywords 1128216777 M * Johnsie And, do I need to add those on the guest side or just the host or both? 1128216780 M * Hollow you need: 1128216780 M * mnemoc screen does multi console, but dtach is a simpler implementation which handles only one console per socket 1128216784 M * Johnsie Oh oh oh... okay. 1128216791 M * Hollow sys-apps/baselayout-vserver-1.11.13-r1 in the guest 1128216801 M * Hollow sys-cluster/util-vserver-0.30.208-r3 on the host 1128216808 M * Johnsie Okay. 1128216816 M * Johnsie There are no vserver USE flags, right? 1128216820 M * Hollow right 1128216822 M * Johnsie Okay. 1128216829 M * Johnsie I'm sort of an idiot, so pardon my questions. 1128216834 M * Hollow hm.. and you could try the new howto.. 1128216844 M * Hollow but it's not uploaded anywhere.. sec 1128216847 M * Johnsie Is it on Gentoo's site? 1128216849 M * Johnsie Oh okay. 1128216874 Q * lilo Ping timeout: 480 seconds 1128216894 M * Hollow i updated the howto to the new changes, but won't commit it until things gone stable.. 1128216903 M * Johnsie Okay. 1128216917 M * Johnsie When do you expect that to happen? 1128216941 M * Hollow if i get enough "it works" results, so you're welcome to test it ;) 1128216948 M * Johnsie Alright. 1128216954 M * Johnsie I'll let you know ASAP. 1128216962 M * Johnsie I'm hoping they put my system online tonight. 1128216963 M * Hollow http://home.xnull.de:8008/doc/en/vserver-howto.xml 1128216978 M * Johnsie My other one crashed... I think the motherboard went out to lunch. :( 1128216982 M * Johnsie The killer is, I lease it too. 1128217020 M * Johnsie Oh, that's another thing... 1128217033 M * Johnsie I haven't been building with contexts...the system was generating its own contexts. 1128217036 M * Johnsie Is that safe to do? 1128217059 M * Hollow Bertl says: don't use dynamic context ids ;) 1128217069 J * lilo ~lilo@lilo.usercloak.oftc.net 1128217077 M * Hollow so vserver-new doesn't support it ;) 1128217079 A * Aiken never does what he is told 1128217087 M * Bertl yeah, that's right! :) 1128217089 M * Johnsie Okay. 1128217090 M * mnemoc Bertl: http://cvs.sourceforge.net/viewcvs.py/dtach/dtach/ 1128217099 M * Johnsie Just out of curiousity, why is that? 1128217117 M * Aiken I have wondered how much difference there was between dynamic and static contexts 1128217118 M * Johnsie I'm not trying to be smart, I'm just totally ignorant of many things and I'm curious. 1128217143 M * Johnsie And, as far as contexts go, what are valid values? 1128217151 M * Johnsie 1 - 63556 or something? 1128217151 M * Bertl the actual problem lies in the dynamicness ... 1128217167 M * Hollow Johnsie: 1 is the watch context.. 1128217167 M * Johnsie Do they have to be set lengths, i.e. four digits? 1128217185 M * Bertl first, you have to store the context id somewhere, and 'know' it when you manipulate the context 1128217193 M * Johnsie Okay, so what are safe values? 1128217200 M * Johnsie For example, should I never build one under 1000 or something? 1128217207 M * Bertl of course, this info can not be stored in the config itself 1128217225 M * Johnsie I see. 1128217225 M * Bertl Johnsie: good values are 2-49151 1128217265 M * Johnsie Okay. 1128217273 A * Johnsie takes notes. 1128217275 M * Bertl second, if you start/stop/start/stop the guest several times, network conenctions and similar might exist long after the guest was stopped 1128217288 M * Johnsie Is that what that RTNETLINK crap is? 1128217306 M * Bertl no, that's just bad configuration :) 1128217311 M * Johnsie LOL 1128217322 M * mnemoc ip a del ... :) 1128217330 M * Johnsie I'd get that on rare occassions when a guest would stop and then I'd later restart it. 1128217336 M * mnemoc or interfaces/ifname/nodev 1128217345 M * Johnsie Well, uhh... uhm... blame Hollow! 1128217348 M * Johnsie Kidding. 1128217349 M * Johnsie LOL 1128217364 M * Bertl Johnsie: would stop as in 'was stopped from inside'? 1128217375 M * Johnsie Yes. 1128217386 M * Johnsie I had an idiot user who halted his once. 1128217388 M * Bertl yes, that's a tool bug/missing feature 1128217392 M * Johnsie And for no real reason either. 1128217393 M * Johnsie Okay. 1128217404 M * Johnsie Well, that was in the days of 1.9.4. 1128217417 M * Bertl actually the future tools (right Hollow?) will handle that properly :) 1128217417 M * Johnsie I'm a big boy now... I moved to 2.1.0_pre5. 1128217432 A * Johnsie takes off his training wheels. 1128217483 M * Bertl btw, this is the right moment to mention the Happy Linux-Vserver Users/Providers pages :) 1128217510 M * Hollow right.. ;) 1128217527 M * Johnsie Eh? 1128217552 M * Johnsie Oh, is that part of the deal? I have to make one? 1128217554 M * Johnsie LOL 1128217556 M * Hollow the future utils.. they will be marvelous.. ;) 1128217578 M * Johnsie Hollow: If you can Bertl could make utils to wash my dishes, I'd be forever thankful. 1128217585 M * Hollow Bertl: btw, libvserver compiles with diet.. just tried it today 1128217585 M * Bertl Johnsie: nope, they are already there, but you can add yourself, if not already done so, and you like to ... 1128217603 M * Bertl http://linux-vserver.org/VServer+Hosting 1128217605 M * Johnsie Bertl: Where is this? www.linux-vserver.org? 1128217607 M * Johnsie Oh okay. ;) 1128217611 M * Bertl http://linux-vserver.org/VServer+Users 1128217614 M * Johnsie Thank you. 1128217624 M * Hollow probably i should add myself too.. 1128217640 M * Bertl just _copy_ an existing section, and modify it to your needs ... 1128217680 M * Bertl (it's a wiki, with preview and change-ml) 1128217689 M * Johnsie Oh okay. 1128217714 M * Johnsie The company I am with provides VPS crap, but it's Virtuozzo garbage. 1128217725 M * Johnsie No offense if that's where you make your money and invented that. 1128217727 M * Johnsie LOL 1128217734 A * Johnsie may have just shot himself in the foot. 1128217744 M * Johnsie I had a lot of problems with Virtuozzo. 1128217750 M * Johnsie That's where I originally started. 1128217769 M * Johnsie Then after I figured out (with the help of friends) that I could "roll my own", I got goin'. 1128217770 M * Bertl no, VZ and now OVZ is a different thing ... 1128217791 M * Johnsie I figured. 1128217796 M * Johnsie Seemed different. 1128217796 M * Bertl (but similar technology) 1128217801 M * Johnsie Nice idea, though. 1128217883 M * Johnsie Actually, my dedicated server provider doesn't even support Gentoo. 1128217894 M * Johnsie But if you build it off of an existing system and run it, they don't care. 1128217913 M * Johnsie It's just when you call in, they basically say, "Oh, you run unsupported stuff... go to Hell." :) 1128217974 M * Bertl yeah, well, it's understandable too .. 1128217982 M * Hollow Bertl: did you look at dtach? 1128217990 M * Johnsie The best they can do is RHEL 3 and 4 ... which I sort of laugh at. 1128218003 M * Bertl Hollow: not yet ... 1128218036 M * Hollow nice idea to have a controlling terminal you can attach to.. 1128218070 M * Bertl I consider the unix socket approach doable ... 1128218088 M * Hollow how does it work? 1128218145 M * Bertl dtach, unix sockets, or the virtual console? :) 1128218159 M * Johnsie I'll take all three for $500, Alex. 1128218180 M * Bertl lol 1128218283 M * Hollow unix sockets 1128218300 M * Bertl basically network sockets without network ... 1128218327 M * Hollow i know what unix sockets are.. but how would they solve our problem? 1128218346 M * Bertl ah, sorry, didn't want to insult your intelligence ... 1128218351 M * mnemoc *g* 1128218353 M * Hollow nm ;) 1128218359 M * Johnsie We know you're both geniuses. 1128218369 M * Johnsie That's been established. 1128218372 M * Hollow right 1128218374 M * Hollow ;) 1128218376 M * Johnsie :) 1128218385 A * Johnsie is just a tool and part time comic relief. 1128218387 M * Johnsie LOL 1128218542 M * Bertl Hollow: in a few minutes, I'll investigate how this could work :) 1128218551 M * Hollow great :) 1128218688 M * mnemoc screen is a mess, but dtach is very easy to read 1128219665 Q * Aiken Quit: Leaving 1128222210 J * Aiken ~james@tooax6-079.dialup.optusnet.com.au 1128223655 Q * Aiken Read error: Connection reset by peer 1128223992 M * Bertl hmm, what happens if you copy the 'console' c:5,1 over into the guest? 1128224035 M * Bertl (with a plain init style) 1128224129 M * Bertl will continue investigations tomorrow ... off to bed now 1128224138 M * Bertl have a nice whatever everyone ... cya! 1128224146 N * Bertl Bertl_zZ 1128224866 J * sebi ~sebi@C4e95.c.strato-dslnet.de 1128224973 Q * sebi_ Ping timeout: 480 seconds 1128225110 J * douglas ~douglas@douglas.user.oftc.net 1128229039 Q * dddd44 Ping timeout: 480 seconds 1128229554 Q * douglas Ping timeout: 480 seconds 1128230385 Q * nokoya Ping timeout: 480 seconds 1128230500 J * nokoya young@hi-230-82.tm.net.org.my 1128233186 J * Aiken ~james@tooax6-079.dialup.optusnet.com.au 1128233663 J * douglas ~douglas@douglas.user.oftc.net 1128233665 M * douglas hey 1128233670 M * douglas anyone there? 1128234798 M * douglas whats a good firewall system to use in combination with vserver? 1128235509 M * case netfilter/iptables as a generic answer until you specify your needs. 1128236016 M * douglas umm 1128236037 M * douglas firewall per ip, web access per ip so that customers can set there own firewall rules? 1128236044 M * douglas am I asking to much? :) 1128237299 M * eyck isn't it what NG networking acomplishes? 1128237488 M * douglas NG networking? 1128240351 M * eyck yeah, the one Bertl's been working on for 2.6.x? 1128241039 M * douglas is there a webpage for that? 1128243067 M * SiD3WiNDR ngnet makes every guest have their own network 1128243072 M * SiD3WiNDR so they get their own lo and eth0 1128243081 M * SiD3WiNDR and can do own firewalling through netfilter 1128243083 M * SiD3WiNDR afaik 1128243519 M * eyck precisely. 1128245396 J * Blissex pcg@82-69-39-138.dsl.in-addr.zen.co.uk 1128245987 M * douglas thats not done yet? 1128246017 M * douglas I mean its not finished? its still being developed? and is there devel patches for it? if so where? 1128246203 M * Hollow ngnet is brken 1128246830 Q * Blissex Remote host closed the connection 1128246853 M * eyck as finished as 2.6.x 1128247140 Q * Aiken Ping timeout: 480 seconds 1128252815 Q * [Act]ViPeR Read error: Connection reset by peer 1128253019 J * dddd44 dhb55@60.49.78.240 1128255129 J * Pazzo ~Pazzo@host130-250.pool8172.interbusiness.it 1128257300 Q * ^WinZiP Read error: Connection reset by peer 1128257606 M * SiD3WiNDR eyck is a funny guy isn't he :p 1128257623 Q * dddd44 Read error: Connection reset by peer 1128258287 J * dddd44 dhb55@60.49.78.240 1128260506 N * Bertl_zZ Bertl 1128260511 M * Bertl morning folks! 1128260523 M * Bertl SiD3WiNDR: yes, he definitely is :) 1128260749 M * sannes morning :) 1128260825 J * prae ~benjamin@sherpadown.net 1128261062 J * hippo ~calum@82-69-161-141.dsl.in-addr.zen.co.uk 1128261232 M * hippo Hello all - I have a question about security. I understand that in normal usage, a user in a vserver shouldn't be able to escape from a vserver. However, what happens where there is a local kernel root exploit around? As the vserver uses the same kernel as the host, what impact would running an exploit in a vserver have? Also, how do other users of vservers minimise the security risk? 1128261368 Q * lilo Remote host closed the connection 1128261762 J * lilo ~lilo@lilo.usercloak.oftc.net 1128261990 M * Bertl welcome hippo! 1128262030 M * Bertl well, there are several aspects to this question: 1128262071 M * Bertl - kernel exploits usually use intimate knowledge of the kernel structures, plus access to the kernel via 'certain' syscalls or modules 1128262107 M * Bertl - linux-vserver changes a lot of the basic structures to allow for the virtualization 1128262139 M * Bertl - linux-vserver guests do not have permission to do lowlevel stuff like hardware access, configuration, module loading and such ... 1128262178 M * Bertl - 'escaping' the guest requires three things: 1128262193 M * Bertl + leaving the chroot/rbind/namespace 1128262206 M * Bertl + leaving the context 1128262216 M * Bertl + leaving the network restrictions 1128262264 M * Bertl all of them do not appear on a 'normal' kernel, so a kernel exploit (local root issue, e.g.) will give you root (assumed that it works at all), but inside the guest 1128262937 M * lonewolff afternoon all 1128262973 M * Bertl good afternoon! 1128264277 M * hippo Bertl, thanks for the reply 1128264284 M * hippo I was away from my PC for a bit there 1128264354 M * Bertl np :) 1128264413 M * hippo So, if I understand it - running a kernel exploit in the vserver will just leave you as root, but still inside the vserver? 1128264433 M * hippo And as such still limited to the restrictions on syscalls? 1128264473 M * Bertl yes, given that your kernel exploit isn't targeted on the vserver aspects ... 1128264584 M * eyck hmm, that would be security-by-obscurity 1128264600 M * hippo I'm not a coder, so I don't really understand the way that the host and guest servers are seperated, apart from the fact that the processes are unable to see each other. I just worry (as I have people on my servers that I don't know) that it might be possible to escape. 1128264609 M * eyck OTOH, i don't quite grasp this namespace thingy 1128264637 M * eyck hippo: be carefull, and they shouldn't be able to escape 1128264666 M * hippo Bertl, I read most of the docs on linux-vserver.org, but I was wondering if you can give a list of steps that someone (like myself) can take to prevent any nasty "accidents". 1128264679 M * hippo eyck, Define "careful" :) 1128264680 M * Bertl well, if you 'code' an exploit to explicitely overwrite the xid information of a process, it would magically escape the guest and run with host priviledges ... 1128264704 M * eyck adj 1: exercising caution or showing care or attention; "they were 1128264704 M * eyck careful when crossing the busy street"; "be careful to 1128264704 M * eyck keep her shoes clean"; "did very careful research"; 1128264704 M * eyck "careful art restorers"; "careful of the rights of 1128264704 M * eyck others"; "careful about one's behavior" [ant: {careless}] 1128264752 M * hippo Bertl, So it would take a "standard" kernel exploit, but with the shellcode modified to do some vserver speciality? 1128264763 M * Bertl for example ... 1128264823 M * Bertl hippo: things you should do if you worry: 1128264859 M * Bertl - make sure that no services run on the host (except for a secure sshd) 1128264887 M * Bertl - make sure that you have the barrier and attributes onfigured properly (not as debian used to do it :) 1128264925 M * Bertl - keep all packages inside and outside the guests up-to-date 1128264938 M * Bertl and some things you should not do: 1128264958 M * Bertl - add device nodes to the default (7-8 nodes) inside the guests 1128264975 M * Bertl - add capabilities (bcaps and ccaps) to the guest config 1128264992 M * Bertl - use 127.x.x.x addresses inside the guests 1128265020 M * Bertl - run services on the host 1128265034 M * Bertl - use the legacy config without namespace support 1128265056 M * Bertl - allow more /proc entries than vprocunhide does by default 1128265080 M * Bertl - share directories or devices/mounts over guests 1128265124 M * Bertl this should give you a security level inside the guests, which is already a magnitude higher than on the typical linux host 1128265148 M * eyck Bertl: are there any success stories about migration 2.4->2.6 non-legacy?, ie, what problems people encountered and how did they solve them? 1128265194 M * hippo Bertl, thanks for that - some interesting things there. 1128265199 M * Bertl eyck: no problems were encountered, nothing to solve ... I got a few reports of uneventful migrations ... 1128265207 M * Pazzo > Bertl: - use 127.x.x.x addresses inside the guests <== is this possible?? 1128265225 M * Pazzo btw: hi Bertl, hi eyck, hi hippo! (and all others :-) 1128265228 M * Bertl Pazzo: sure, you can assign 127.0.0.x to a guest, why not? 1128265240 M * Pazzo ah, ok 1128265248 M * hippo How can I list barrier and attributes and capabilities assigned to a specific vserver? 1128265254 M * Pazzo but no virtual loopback yet, right? 1128265259 M * hippo And what is a good minimal list for a paranoid sysadmin? :) 1128265265 M * hippo Hello Pazzo 1128265338 M * Pazzo hippo: http://www.ranum.com/security/computer_security/papers/a1-firewall/index.html (for paranoid sysadmins) 1128265345 M * eyck Bertl: 'no problems' is impossible. Seems like noone serious tried migrating yet:(, oh well, another 6 month waiting 1128265355 M * Bertl showattr lists attributes/barrier, capabilities are part of the configuration (depends on the config) and can be seen in /prov/virtual//status 1128265356 M * eyck Pazzo: is there any other kind of sysadmin? 1128265366 M * hippo Hah :) 1128265396 M * Bertl eyck: there _is_ nothing to migrate if you ahve a non legacy config on 2.4 .. you just move the guest to the 2.6 machine and/or boot with the new kernel ... 1128265401 M * Pazzo eyck: you might wonder what kind of persons declare themselves to be a "sysadmin"... 1128265438 M * eyck Bertl: well, ulimits get changed, ONBOOT flag is no longer valid etc, 1128265458 M * Bertl there _are_ no such flags in non legacy config :) 1128265464 M * eyck Bertl: not to mention different networking... there MUST be something that goes wrong 1128265476 M * hippo ---bui- /home/vservers/ - that should be OK, with the barrier, shouldn't it? 1128265503 M * Bertl that is a missing barrier for example (like debian used to have it) 1128265519 M * hippo But I don't have the /proc/virtual at the moment - running 1.9.5 still. I didn't want to upgrade as the Gentoo 2.x has removed GRsec 1128265526 M * hippo A missing barrier? 1128265532 M * eyck Bertl: so, let me rephrase, are there any success stories about migration 2.4 legacy -> 2.6 non-legacy, ie, what problems people encountered, and how did they solve them? 1128265559 M * eyck Bertl: well, it was vserver that was missing a barrier, not a debian per-se 1128265561 M * Bertl usually folks do this in two steps 1128265572 M * eyck Bertl: stop alienating debian folks. 1128265578 M * Bertl 1) migration from 2.4 to 2.6 1128265591 M * Bertl 2) migration from legacy to new-style config 1128265600 M * Bertl you can also do it the other way round 1128265619 M * eyck I tried, when moving to non-legacy 'everything' brakes ;) 1128265640 M * eyck non-legacy generally assumes you're running on 2.6 1128265653 M * Bertl that's just plain wrong ... 1128265668 M * eyck although I've got one or two vservers running non-legacy on 2.4 1128265672 M * Bertl alpha util-vserver was more tested with 2.4 than with 2.6 1128265714 M * eyck hmm, well, I always had a knack at finding problems 1128265725 M * Bertl s/finding/making/ :) 1128265751 M * eyck that too, 1128265769 M * eyck but I haven't contributed a single line to vservers code, so you can't blame me yet 1128265785 M * hippo Bertl, did you mean that that showattr output wasn't set how it should be? 1128265808 M * Bertl hippo: 'b' means barrier capable, 'B' means barrier set 1128265868 M * eyck woa, that looks quaint: 1128265874 M * eyck ---Bu-- /fs/dat/vservers/mazter 1128265874 M * eyck ---bu-- /fs/dat/vservers/servant 1128265907 M * hippo Hmm. That's not good. I've not really been able to find much information about how to use the setattr command 1128265910 M * Bertl and this is how you do not do it :) 1128265921 M * Bertl setattr --help ? 1128265933 M * eyck hmm, why are we talking about barrier? 1128265944 M * eyck I thought this is unnecesarry on non-legacy? 1128265946 M * hippo Yep - I've seen that - but it doesn't really explain what all the options are 1128266013 M * Bertl iunlink|admin|watch|hide|barrier|iunlink-but-not-immutable 1128266032 M * Bertl iunlink = immutable + iunlink (unification flags) 1128266036 M * eyck Pazzo: you ain't a sysadmin until you got a 'UNIX SysAdm' nameplate on your door ;) 1128266052 M * Bertl admin/watch/hide = proc security flags 1128266063 M * Bertl barrier = the chroot barrier 1128266073 M * Bertl iunlink-but-not-immutable = iunlink flag 1128266099 M * Bertl the iunlink stuff is explained in the unification docs 1128266108 M * Bertl the proc security stuff on the proc security pages 1128266123 M * Bertl the barrier is self explanatory, no? 1128266347 M * Bertl http://linux-vserver.org/chroot-barrier 1128266351 M * Bertl http://linux-vserver.org/Proc-Security 1128266380 M * hippo I was having a little read of paper.txt just then 1128266389 M * hippo I shall have a look at those 2 links 1128266396 M * Bertl http://linux-vserver.org/Linux-VServer-Paper-06 1128266404 M * Bertl (regarding iunlink) 1128266631 M * hippo I like the idea of sharing files, libraries, etc But I think I'll not try that out yet :) 1128266776 M * hippo # ls /home/vservers/33/dev/ | wc -l 1128266776 M * hippo 1475 1128266784 M * hippo Hmm. I'm assuming that's not too great. 1128266797 M * hippo Is mknod restricted in a vserver? 1128266803 M * hippo I assume it must be 1128266804 M * Bertl yes, it is ... 1128266864 M * Bertl ls /vservers/test106/dev/ 1128266872 M * Bertl fd full null ptmx pts random stderr stdin stdout tty urandom zero 1128266908 M * Bertl (fd and std* are symlinks) 1128267318 M * ag- Bertl: is there any new devel code for ngnet, except the one in ? 1128267329 M * Bertl no 1128267546 M * hippo What is ptmx out of interest? 1128267651 M * Bertl the pty master for pts 1128267850 M * AndrewLee hi 1128267892 M * AndrewLee hi folks. 1128267926 M * Bertl hey AndrewLee! 1128267950 M * hippo Bertl, No /dev/log needed? 1128267961 A * AndrewLee is just passed the challenge of typhoon 1128268059 M * Bertl hippo: /dev/log is a fifo, similar to initctl it is created by syslog/init 1128268079 M * Bertl hippo: you can leave that, no device-node -> no issue 1128268117 M * Bertl hippo: jsut out of curiousity, what distro do you use, what tools and how was the guest isntalled? 1128268176 M * hippo I use Gentoo (Thanks Hollow :) ). I'm on 2.6.11.6-grsec-vs1.9.5 currently, and util-vserver-0.30.205-r1 1128268182 M * AndrewLee Bertl: Does the fails 109 and fails 121 of testfs.sh script mean some possible security problem? 1128268276 M * Bertl 109 and 121 indicate that the barrier is not working ... 1128268318 M * Bertl -> minor issue with namespaces, major chroot security issue with legacy guests 1128268324 M * AndrewLee Bertl: I don't know how to explain there was a security problem of util-vserver in sarge. 1128268387 M * Bertl yes, there are some ... 1128268437 M * AndrewLee Bertl: Cause Ola is asking, he is thinking that was only a security problem with kernel patch 1128268469 M * AndrewLee Bertl: So he is thinking maybe he should deny my bug report. 1128268484 M * Bertl well, ola should know better, after all we have filed a bunch of ug reports .. 1128268585 M * Bertl okay, dinnertime ... back in 20 ... 1128268586 M * AndrewLee Let me quote Ola's reply here: 1128268592 N * Bertl Bertl_oO 1128268594 M * AndrewLee I have now tested on one of my systems and that I have a security problem there. 1128268597 M * AndrewLee On the other system (2.4.26 + grsec) the problem do not exist. So I'm not 1128268600 M * AndrewLee sure if I can confim or deny this. 1128268602 M * AndrewLee It would be really good if you could install the sarge util-vserver on the 1128268605 M * AndrewLee sid kernel-patch-vserver + linux-source-2.6.12 system to see if this is a 1128268607 M * AndrewLee problem with util-vserver or with the kernel patches. 1128268610 M * AndrewLee Regards, 1128268612 M * AndrewLee // Ola 1128268632 Q * tchan Quit: leaving 1128268938 M * hippo Bertl, on a completely different subject - is there any movement on IPv6 support in vserver yet? (I'm not running the latest, so apologies if I'm out of date). I'd be very willing to test out patches for it on my dev box if there were any? 1128269072 M * AndrewLee 解釋 1128269098 M * AndrewLee sorry, I typed in a wrong window. :( 1128269124 J * lilo_ ~lilo@lilo.usercloak.oftc.net 1128269190 Q * lilo Remote host closed the connection 1128269379 J * tchan ~tchan@c-67-174-18-204.hsd1.il.comcast.net 1128270262 N * Bertl_oO Bertl 1128270434 J * Razor_Blade Snake@spc1-cosh3-4-0-cust7.cosh.broadband.ntl.com 1128270442 M * Bertl welcome Razor_Blade! 1128270445 M * Razor_Blade hey 1128270459 M * Razor_Blade where can i go for linux help?> 1128270474 M * Bertl hippo: we delayed that to ngnet, which might be available during the end of this year 1128270500 M * Bertl Razor_Blade: general linux help? or something specific? 1128270508 M * Razor_Blade well im compltely new to it 1128270516 M * Bertl 'it' being? 1128270521 M * Razor_Blade linux 1128270525 M * Razor_Blade egg drop 1128270531 M * Razor_Blade i want to learn about egg drop 1128270535 M * Razor_Blade but i need linux 1128270546 M * Bertl hmm, try #offtopic ... 1128270644 M * Johnsie heh 1128270933 M * Bertl AndrewLee: and, did you do what ola suggested? 1128270949 M * AndrewLee Bertl: Yes, and I got same fails 1128270973 M * Bertl and, does it work with mainstream util-vserver? 1128271027 M * AndrewLee Bertl: And one strange result I found, I got same fails with util-vserver 0.30.208-2 and 2.6.12 from sid on an i386 machine. 1128271047 Q * dddd44 Read error: Connection reset by peer 1128271049 Q * Razor_Blade Quit: bye! 1128271063 M * AndrewLee Bertl: I think there will be a toolchains problem when I build the packages. 1128271075 M * Bertl why? 1128271079 M * AndrewLee Bertl: I will rebuild the kernel+patch and util-vserver again. 1128271093 M * AndrewLee Bertl: Cause on powerpc was no error at all. 1128271114 M * AndrewLee Bertl: So I will rebuild them all on i386 again for testing. 1128271153 M * AndrewLee Bertl: So confirm that is a toolchains problem when building packages. 1128271243 M * AndrewLee Bertl: I have gave Ola the fails of testfs.sh, you can see that on the button of http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329090 1128271289 M * AndrewLee Bertl: My wife is asking me to offline, I will be back tomorrow afternoon then. Thanks for you help. Goodnight. :-) 1128271297 M * Bertl cya 1128272102 J * lilo ~lilo@lilo.usercloak.oftc.net 1128272201 Q * lilo_ Ping timeout: 480 seconds 1128274845 M * yarihm hey guys ... i've now migrated all my vservers to the new config-style and like it quite a bit so far. there is just one thing, my initscript doesn't start them vservers :) is this again a debian-issue or what's going? the script calls a wrapper that's written by the util-vserver-upstream AFAICT 1128275080 M * Bertl the init script is called vserver-default and it requires a 'mark' entry with a single line containing 'default' 1128275096 M * Bertl (in the new style config, for each guest to be started) 1128275294 Q * ag- Quit: BRB 1128275476 J * ag- ag@caladan.roxor.cx 1128275648 M * yarihm ... umm ... 1128275677 M * yarihm ok, so echo "default" >> /etc/init.d/vserver-default should do the job? 1128275695 M * daniel_hozac no, echo "default" > /etc/vservers/*/apps/init/mark 1128275708 M * yarihm ah, thanks 1128275734 M * Bertl /etc/init.d/vserver-default is the runlevel script which has to be enabled on startup 1128275781 M * yarihm Bertl: so vservers have their own runlevel-system now? cool :) 1128275808 M * Bertl hmm, well, they have a runlevel script (they had one on 2.4 too :) 1128276143 J * liquid__ ~liquid@p5497468F.dip.t-dialin.net 1128276547 M * hippo Bertl, Just finished watching the video of the presentation you gave 1128276568 M * Bertl the WTH one? 1128276568 M * hippo Shame you didn't have more time to explain in depth... 1128276570 M * hippo Yep 1128276587 M * Bertl yeah, well, next time we will make it a workshop 1128276593 Q * liquid_ Ping timeout: 480 seconds 1128276596 Q * nox Ping timeout: 480 seconds 1128276601 M * hippo Where was the presentation given? 1128276651 M * Bertl in the netherlands on some (large, but very wet) private area near boxtel 1128276703 M * hippo Do you think I should get on with it, and upgrade to vserver 2.x? 1128276733 A * Bertl didn't realize the camera, otherwise he wouldn't have walked around all the time ... 1128276793 M * Bertl hippo: 2.0 is stable for 2.6 kernel, so if you think 2.6 is for you, 2.0 is the logical conclusion 1128278031 M * hippo Bertl has got very long hair too! 1128278042 M * hippo It's not just your normal pony tail, is it? 1128278054 M * hippo :) 1128278080 M * Bertl my SO always complains because her hair is shorter :) 1128278103 M * hippo The reason I haven't upgraded (and also why I came to this channel) is because the 2.0 series in Gentoo doesn't have the Grsec patches in, and that's why I was asking about the possibility of problems with exploits etc. 1128278127 M * Bertl gentoo is also using the devel branch ... 1128278146 M * hippo Be careful you don't annoy her, or she might just snip it off and make a wig 1128278147 M * hippo :) 1128278154 J * gndmstr ~gndmstr@ip1.pathworx.sbbsnet.net 1128278213 M * lonewolff Bertl: im in the same boat, gf has shorter hair than me ;) 1128278252 M * gndmstr gentoo question: if i chose the most current stage3 binary build for regular gentoo, then installed the vserver version of baselayout, would that be all that is needed to convert that template to a guest, or are there other things in the stage such that i should stick with the stage3 Hollow has available? 1128278282 M * Bertl hippo: yeah, I have to take care of that ... :) 1128278297 M * gndmstr and also with the updated utils and base layout is the command : vattribute --xid 3407 --flag ^37 still needed? 1128278305 M * Bertl Hollow: ping!? 1128278349 M * hippo Bertl, OK, I suppose it comes down to this: If you were running a service to the public, making (a little) money from vservers, what kernel source, and what vserver patches would you run? Would you go with your distros sources, or roll your own? 1128278387 M * Bertl I personally would roll my own .. 1128278404 M * hippo So vanilla from kernel.org, and apply the latest (stable?) patch 1128278412 M * Bertl and/or patches ... 1128278426 M * hippo What sort of patches would you include? 1128278476 A * hippo wants to learn 1128278477 M * hippo :) 1128278561 J * Hollow|mobile ~Hollow@p54979B21.dip0.t-ipconnect.de 1128278574 M * Bertl basically I'd include most of my patches, like BME ... 1128278601 M * Bertl then updates to ACPI and lmsensors 1128278612 M * hippo Aaah, OK, I was wondering if you meant ck, or mm, or anything like that. 1128278625 M * hippo Why bother with ACPI for a server in a datacentre? :) 1128278642 M * Bertl because of the APIC and irq routing :) 1128278661 M * Hollow|mobile hola 1128278662 M * hippo ? What about it? :) 1128278674 M * Bertl a proper APIC setup can improve over all performance drastically 1128278687 M * Bertl hey Hollow|mobile! 1128278705 M * hippo Hello Hollow|mobile 1128278713 M * hippo I'm hasling Bertl like you suggested : 1128278714 M * hippo :) 1128278759 M * hippo Bertl, Isn't APIC just for SMP machines? 1128278878 M * Bertl no, local APIC is for UP, and HT (SMT) amchines have an APIC too 1128278905 M * gndmstr i have several single proc machines that need the apic support. 1128278966 M * hippo Hmmm. L( 1128278988 M * hippo gndmstr, What happens if you don't apply it? 1128279012 M * hippo www1 linux # grep -i apic .config 1128279012 M * hippo CONFIG_X86_GOOD_APIC=y 1128279012 M * hippo # CONFIG_X86_UP_APIC is not set 1128279012 M * hippo www1 linux # 1128279017 M * hippo Is that the one? 1128279050 M * Bertl yep, that's for UP 1128279090 M * hippo Hmm. Doesn't look like I am using it now 1128279150 M * hippo opensuse.org hacked: http://img.photobucket.com/albums/v225/Spaz007/78ff2f91.jpg 1128279745 Q * ag- Quit: BRB 1128279829 J * ag- ag@caladan.roxor.cx 1128279841 M * gndmstr hippo: dont know.. ive had that in these guests in a post-start script for several days now and my tests with the new baselayout and utils worked flawlessly. ill have to wait till i finish this new template to tell how it works without it. cant keep restarting production servers:) 1128280127 Q * ag- Quit: leaving 1128280179 J * ag- ag@caladan.roxor.cx 1128280227 M * Hollow|mobile gndmstr: which version of baselayout-vserver did you test? 1128280249 M * gndmstr 1.12.0 1128280273 M * gndmstr baselayout-vserver-1.12.0_pre8 1128280286 M * Hollow|mobile do you have guests with 1.11.13-r1? 1128280290 M * Hollow|mobile or 1.11.13 1128280291 M * gndmstr and the -r3 utils 1128280311 M * gndmstr the guests i had trouble stopping all the time stopped flawlessly after installation 1128280320 M * Hollow|mobile good to hear 1128280336 M * Hollow|mobile we spent much time on it.. damn timeout ;) 1128280365 M * gndmstr i was gonna make a template out of the latest 2005.1 p3 stage 3 from the mirror then add baselayout, but these new instructions are so easy i gave up on that :) 1128280384 M * gndmstr yeah thanks... it has made my life lots easier even in the past few hrs 1128280409 M * Hollow|mobile gndmstr: try http://dev.gentoo.org/~hollow/vserver/stages/build-stages 1128280417 M * Hollow|mobile you can build p3 vserver stages with it 1128280430 M * Hollow|mobile fo sample configs look at the build.configs dir 1128280431 M * gndmstr hmm cool 1128280440 M * Hollow|mobile build-configs 1128280453 M * Hollow|mobile we are building stages with it, and will release some new ones soon 1128280506 M * gndmstr cool.. hehe maybe in time for my huge job with 'bertha' :) 1128280514 M * gndmstr looks like that is several weeks away yet 1128280523 M * Hollow|mobile you're chuck? 1128280545 M * gndmstr yeah 1128280550 M * Hollow|mobile ah.. k :) 1128280554 M * Hollow|mobile i wrote it on the ml too 1128280596 M * Bertl the first one absolutely and committedly using the ML, I appreciate it :) 1128280601 M * Hollow|mobile as soon as 1.11.13-r1 is stable we'll release new stages.. 1128280650 J * nox ~nox@noxlux.de 1128280651 M * gndmstr just saw it. for the big machine ill use whatever stable is avail rather than experiment.. maybe 1.12 will be stable by then 1128280664 M * Bertl Hollow|mobile: hmm, so now we do not need the reboot_kill? 1128280684 M * Hollow|mobile we'll see... but 1.11.13-r1 should be working fine now.. 1.12.0_pre8 still has issues 1128280702 M * gndmstr im assuming the baselayout overwrote the rc that i did the kludge with and it works perfectly 1128280707 M * gndmstr hmm 1128280708 M * Hollow|mobile Bertl: well, i thought it should be the default behaviour anyway... 1128280713 M * gndmstr figures i would wind up using that 1128280764 M * Bertl Hollow|mobile: hmm, but the flag needs to be set, no? 1128280771 M * Hollow|mobile no, it works without 1128280957 M * Hollow|mobile Bertl: shouldn't it work liek this: halt: kill it, done; reboot: kill it, call helper to start again 1128280969 M * Hollow|mobile without any flag.. 1128280992 M * Bertl well, we will not change this behaviour in the stable branch ... 1128281004 M * Bertl we might consider this a default in devel though ... 1128281036 M * Hollow|mobile yeah, sure 1128281169 M * Hollow|mobile btw... i read sth about changing the versioning? 1128281175 M * Hollow|mobile but can't remember.. 1128281222 M * gndmstr would i make things unstable if within a guest i used the i686 stage3 but then used p3 cflags for application installs? or should i just leave it allone and add the -jx compile flag and leave it 1128281236 M * Hollow|mobile you can change it 1128281257 M * Hollow|mobile as long as you leave CHOST unchanged you should be safe ;) 1128281264 M * gndmstr btw that vserver-new is incrediblely easy!! i had a phone call and by the time i came back to the computer it had fully installed itself. 1128281268 M * gndmstr fine.. ok 1128281270 M * gndmstr thanks 1128281281 M * Hollow|mobile gndmstr: yeah, it's pure magic ;) 1128281320 M * gndmstr heh before with individual hardware it would take me days to get a server into production.. now i can do it in a few hours 1128281354 M * Hollow|mobile if you have different hardware you should probably stick to i686, so you can move guests around.. 1128281395 M * gndmstr different chipsets, all intel but various flavors of the 440 series and all p3 processors 1128281410 M * Hollow|mobile ok, if all are p3, you can use p3 of course.. 1128281450 M * gndmstr ill stick with i686.. im not sold that the p3 is THAT much faster than i686 although when i go to the big machine im gonna want to optimize everything possible 1128281478 M * gndmstr ill probably do a stage3 p3 build for that one 1128281503 M * Hollow|mobile yeah, i'd love to hear success/failure stories with build-stages if you try it 1128281521 M * gndmstr im actually not gonna move these guests over, im gonnamake new ones with the latest optimizations i can do, then just move the configs over 1128281526 M * gndmstr will let you know 1128281563 M * Hollow|mobile yeah, you could do a cron job on one machine to build weekly templates or so.. 1128281565 M * gndmstr so thats where the p3 build for its template will be done 1128281594 M * gndmstr ive had lots of trouble with linking so im gonna be doing individual guests as full installs 1128281617 M * gndmstr linking was a great idea, but i kept running into the occasional file that was ro and blowing up my installs and stuff 1128281642 M * gndmstr and the rsync backup is blowing up on one of the guests in /lib somewhere and never competes the backup 1128281646 M * Hollow|mobile hm, not sure, Bertl, has this something to do with latest COW fixes? 1128281708 M * Bertl could be, but more likely that rsync doesn't understand the attributes correctly ... 1128281746 M * Bertl maybe also rsync-ing a single guest might make a difference to rsyncing all of them ... and of course, there are different rsync options :) 1128281774 M * Hollow|mobile *shrug* i don't use it ;) 1128281784 M * gndmstr the host is rsyncing all guests to a backup server and its only blowing up on one guest 1128281806 M * gndmstr thats also the one ive had the read only file problems.. kinda run into one randomly 1128281817 M * gndmstr so it could just be a messy install 1128281851 M * gndmstr it continues with the rest of the guests fine 1128281879 M * gndmstr after i finish this new template ill try a link again with this new code and see 1128281895 M * gndmstr im using 2.6.13.1-vs2.1.0-rc2 1128281907 M * gndmstr is there a strong enough reason to go to 2.6.13.2? 1128281961 M * Bertl some kernel fixes, nothing great I guess, check kernel.org changelog for details 1128281999 M * gndmstr ok 1128282240 M * intrigeri 'lo * 1128282250 M * Hollow|mobile hi intrigeri 1128282261 M * intrigeri the flower page doesn't say the valid range for context IDs ; what is it ? 1128282269 M * Bertl 2-49151 1128282278 M * intrigeri thks! 1128282285 M * Bertl you're welcome! 1128282306 J * fluor ~fluor@tanneries.squat.net 1128282324 M * Bertl welcome fluor! 1128282338 M * fluor hi there! 1128282349 M * gndmstr nope no fixes i need :) one less thing to worry about 1128282354 M * intrigeri 'lo fluor 1128282358 M * fluor I'm having trouble with vnamespace 1128282363 M * fluor intrigeri: damn2d :) 1128282408 M * fluor I'm trying to mount --bind a directory into a vserver from the host using vnamespace -e vserver_name mount --bind source_on_host dest_on_host 1128282429 M * fluor but I can't see the resulting mount within the vserver itself 1128282453 M * intrigeri fluor, I sometime have to stop/stat the guest vserver in order to see mounts in it 1128282472 M * Bertl intrigeri: that's voodoo :) 1128282488 M * Hollow|mobile evil namespaces.. ;) 1128282491 M * Bertl fluor: show me the complete line please :) 1128282612 M * daniel_hozac fluor: and you are in fact using namespaces, right? 1128282641 M * fluor daniel_hozac: I guess I am, since they're not disabled in the config file 1128282792 M * gndmstr why are these stageroot links in the runlevels? even when running they remain broken. ive been changing them to point to init.d local -> /tmp/stage1root//etc/init.d/local 1128282893 M * Hollow|mobile they're in there because of the tstage1 building which happens with ROOT=/tmp/stage1root but it shouldn't do you any harmm 1128282934 M * Hollow|mobile the rc system only looks if the symlink is there, not if it's pointing to the init script 1128282984 M * gndmstr oh ok. so it looks for a name in default then goes itself to init.d to runit 1128282990 M * Hollow|mobile yep 1128282995 M * gndmstr hehe ok 1128283021 M * gndmstr shep and i were wondering about that cause it seemed like all the boot and defaults were broken yet stuff ran :) 1128283108 M * Hollow|mobile no you have it in the default stages as well... 1128283119 M * Hollow|mobile it's just poor cosmetic by design :P 1128283142 M * gndmstr hehe no prob... we were amazed that stuff was loaded when the links were broken is all... couldnt figure it out :) 1128283213 M * hippo In a nutshell, how can I limit a vserver to X MB of physical ram? Is it /etc/vservers/sarge/rlimits/rss.hard ? 1128283267 M * Bertl well, basically you can't, but this is probably as close as it gets for now 1128283304 M * Bertl hippo: the problem is mainly the shared resources ... if you don#t share anything, this will be precise and correct 1128283329 M * hippo What units is that limit in - bytes, kb, pages? 1128283616 M * Bertl sec 1128283641 M * Bertl http://linux-vserver.org/Resource+Limits 1128283687 M * hippo Aaah, OK 1128283706 M * hippo You know the next question I'm going to ask :) 1128283714 M * Bertl yeah 1128283720 M * Bertl how large is a page :) 1128283724 M * hippo Heh - bingo 1128283726 M * hippo :) 1128283739 M * Bertl do you know my answer too? 1128283753 M * hippo Nope :( 1128283764 M * Bertl well, that depends :) 1128283770 M * hippo Hah :) 1128283773 M * hippo Typical 1128283782 M * Bertl on x86, pages are 4k, on x86_64 16k 1128283782 M * hippo No doubt it's defined at compile time ? 1128283821 M * hippo OK, that's great. 1128283832 M * Bertl it's often defined at hardware build time ... 1128283835 M * douglas hey bertl 1128283840 M * douglas long time no see 1128283840 M * hippo Can I add it to the resource-limit page? 1128283847 M * Bertl hippo: but some archs can have different sizes 1128283865 M * Bertl hippo: you can add the 4k on x86 (which is well defined) 1128283890 M * hippo OK - is there a kernel file that people can look in to check? 1128283894 M * hippo for other archs? 1128283917 M * douglas hey bertl what is this NG networking that I keep hearing about? is there a webpage that I can look at for this? 1128283967 M * Bertl hmm, we had one .. but basically it's some kind of network stack virtualization 1128283982 M * douglas its still in beta? or alpha? 1128284183 M * Bertl it is planned :) 1128284195 M * douglas haha 1128284200 M * douglas not even alpha yet :) 1128284204 M * Bertl currently I'm lacking the resources (time/money) to make it happen 1128284210 M * douglas ahh 1128284221 M * Bertl but we had some prototypes running (patches) 1128284228 M * Bertl which gave very promising results ... 1128284245 M * douglas do you need another test platform? 1128284253 M * hippo Bertl, is there a little C program that will alloc all memory to find out the actual memory limit, not just the one reported by free ? 1128284348 M * Bertl there were some perl one-liners to do that ... maybe search the archives/irc logsß 1128284352 M * hippo OK 1128284353 M * Bertl s/ß/? 1128284353 M * hippo :) 1128284391 M * Bertl but if you use virt_mem (memory info virtualization) then the free amount should be correct 1128284397 M * Bertl s/correct/accurate/ 1128284476 M * hippo I guess I'm not using that - is it stable? 1128284605 M * Bertl yes, it is one of several virt_* flags 1128284618 M * hippo Yep, just found it - just about to try it out 1128284707 M * hippo That's very nice - is that a new addition for 2.x, or is it in 1.9.5 too? 1128284790 M * Bertl should be there too, but I haven't checked ... 1128284883 M * douglas you need a plateform to continue to test bertl? 1128284916 M * Bertl you mean for ngnet? or in general? 1128284927 J * Blissex pcg@82-69-39-138.dsl.in-addr.zen.co.uk 1128284932 M * Bertl welcome Blissex! 1128284936 M * Blissex Hi! 1128284988 M * Bertl douglas: actually I would appreciate a test system, given that it fulfills some requirements ... 1128285001 M * douglas which is? 1128285011 M * Bertl primarily: 1128285025 M * Bertl - remote access to serial console (basically essential) 1128285037 M * Bertl - a way to reboot the machine remotely 1128285072 M * Bertl - network access and of course, SMP/SMT would be fine ... 1128285118 A * Bertl has a bunch of solutions for the remote console/reset 1128285175 M * douglas anything free? 1128285215 M * Bertl http://vserver.13thfloor.at/Remote-Reset/ 1128285220 M * Bertl http://vserver.13thfloor.at/Null-Modem/ 1128285239 M * Bertl (serial console can be as simple as minicom via ssh) 1128285557 M * douglas so serial cable plugged from another box persay? 1128285611 M * Bertl yep, that's fine, given the cable has a proper wiring (as on the pages) 1128285627 J * Aiken ~james@tooax6-223.dialup.optusnet.com.au 1128285632 M * Bertl morning Aiken! 1128285663 M * Aiken hello 1128286045 M * hippo Eeeek 1128286046 M * hippo torro:/# free 1128286046 M * hippo total used free shared buffers cached 1128286046 M * hippo Mem: 16384 14828 1556 0 0 609720 1128286046 M * hippo -/+ buffers/cache: 18014398508887092 611276 1128286059 M * hippo :) 1128286076 M * Bertl yes, that's a (known?) problem ... 1128286081 M * hippo Aaah, OK 1128286101 M * hippo Seems like in amd64 the rss.hard is in 1k pages. Is that possible? 1128286109 M * hippo # cat /proc/meminfo 1128286109 M * hippo MemTotal: 16384 kB 1128286127 M * hippo ~ # cat /etc/vservers/sarge/rlimits/rss.hard 1128286127 M * hippo 4096 1128286130 M * hippo Sorry, 4k 1128286292 M * Bertl hippo: hmm, I thought the x86_64 uses 16k pages ... 1128286302 M * hippo Not mine :) 1128286308 M * Bertl 64bit kernel? 1128286333 M * hippo Ja. 1128286341 M * hippo I assume 1128286357 M * Bertl okay, possible, haven't verified yet ... 1128286362 M * hippo # uname -m 1128286362 M * hippo x86_64 1128286450 Q * prae Quit: Pwet 1128286490 J * Sonarman ~cleetus@adsl-67-113-234-143.dsl.snfc21.pacbell.net 1128286666 M * gndmstr with the update util-vserver-0.30.208-r3, is there some kind of safe default for hard cpu limits or is it left unchecked? 1128286733 M * hippo Bertl, I get a segfault starting a 1.9.5 vserver with a rss.hard file, but it starts fine without 1128286751 M * Bertl probably your limit it too low? 1128286766 M * hippo let me try a large number 1128286807 M * hippo Nope 1128286812 M * hippo Doesn't make a difference 1128286830 M * hippo # cat 36/rlimits/rss.hard 1128286830 M * hippo 99999999 1128286830 M * hippo www1 vservers # vserver 36 start 1128286830 M * hippo /usr/sbin/vserver: line 132: 28303 Segmentation fault 1128286835 M * hippo # rm 36/rlimits/rss.hard 1128286835 M * hippo www1 vservers # vserver 36 start 1128286835 M * hippo www1 vservers # 1128286853 M * Bertl well, what's at line 132 in /usr/sbin/vserver ? 1128286877 M * hippo OPTION_NONAMESPACE= 1128286877 M * hippo OPTION_INSECURE= 1128286877 M * hippo OPTION_DEFAULTTTY= 1128286877 M * hippo while true; do 1128286877 M * hippo case "$1" in 1128286878 M * hippo (--help) showHelp $0 ;; 1128286880 M * hippo (--version) showVersion ;; 1128286910 M * Bertl all this is at line 132? :) 1128286930 M * hippo Nah - it's a blank line after OPTION_DEFAULTTTY= and before while true; do 1128286940 M * hippo ? :) 1128286966 M * Bertl use --debug option for the startup please 1128287012 M * hippo Last lines from debug output 1128287017 M * hippo + local num= 1128287017 M * hippo + local i 1128287017 M * hippo + set -- 29633 1128287017 M * hippo + test 1 -gt 0 1128287017 M * hippo + kill -HUP 29633 1128287018 M * hippo + shift 1128287019 M * hippo + test '' '!=' 1 1128287021 M * hippo + test -z '' 1128287023 M * hippo + test 0 -gt 0 1128287025 M * hippo + _VS_LOCKS= 1128287027 M * hippo Then back to # 1128287310 M * intrigeri Bertl, just watched wth movie ; great ! :) 1128287320 M * Bertl hippo: okay, please try mainstream vs2.0 and util-vserver 0.30.208+fix02 if the issue remains, we investigate ... 1128287330 M * Bertl intrigeri: you liked it? 1128287349 M * hippo Mmm, Tea Leoni in Bad Boys... MMmm 1128287483 M * intrigeri Bertl, I did :) 1128288080 M * gndmstr is there any way of geting rid of these besides a reboot? 8369 ? D 0:00 /bin/mount -n -o nodev -t proc none . 1128288124 M * gndmstr one of the guests caused that.. specifically the one that did not have the vattribute flag set in the post start script 1128288147 M * Bertl interesting ... which kernel version? 1128288164 M * gndmstr 2.6.13.1-vs2.1.0-rc2 1128288179 M * gndmstr patched vanilla 1128288187 M * Bertl it is probably waiting for something, maybe you got some info/stack trace in dmesg/klog? 1128288202 M * gndmstr lemme look 1128288270 M * gndmstr whats that postbin addy 1128288278 M * Bertl pastebin.com 1128288282 M * gndmstr no wonder 1128288283 M * gndmstr ok 1128288309 Q * Hollow|mobile Remote host closed the connection 1128288398 M * gndmstr http://pastebin.com/381012 1128288513 M * Bertl hmm, yeah, seen that before ... 1128288542 M * gndmstr could it just have gotten confused since i had updated baselayouts and then tried to shut them down? 1128288564 M * Bertl it is a bug in the kernel somewhere ... 1128288567 M * gndmstr i just shut off monitoring to that machine so i can try a reboot and see.. 1128288568 M * gndmstr ahh 1128288576 M * gndmstr maybe one of my settings are wrong? 1128288593 M * Bertl might be, but that is not really relevant 1128288602 M * gndmstr ok 1128288605 M * Bertl something happens which is not supposed to happen (kernel side) 1128288613 M * gndmstr its a dual proc p3-500 machine 1128288631 M * gndmstr with software raid1 mirrored drives 1128288691 M * gndmstr 2.6.13.2 maybe? 1128288750 M * Bertl no, I assume it is linux-vserver related 1128288751 M * gndmstr this is the first smp machine ive put these on.. which means maybe ill have the same problem on the big machine with this kernel.. maybe even worse since its 4proc 1128288769 M * gndmstr i dont have this problem on the ohter host which is single proc 1128288782 M * Bertl that is correct, SMP machines trigger race conditions ... 1128288818 M * Bertl you do not use dynamic context ids, no? 1128288821 M * gndmstr hmm... my workstation here at home is rock solid using the same kernel and same vserver patch.. however, i havent put guests on it yet :) 1128288840 J * alexx ~alexx@proxy.ikse.net 1128288844 M * alexx hello all 1128288847 M * Bertl welcome alexx! 1128288851 M * gndmstr its a dual p3-933.. difference is its not an intel mobo its a tyan 1128288862 M * Bertl gndmstr: I assume you want to investigate it further, yes? 1128288883 M * gndmstr kinda have to. cant keep rebooting the machine when i shut down a guest 1128288884 M * alexx Bertl, i found an issue with semaphore and vserver + apache2 1128288900 M * Bertl excellent! :) 1128288947 M * gndmstr gonna have to reboot it now to get that dead mount outta there or nothing will start 1128288951 M * alexx i create a vserver, launch apache2, ... stop vserver, recreate a vserver with the same context ID, launch apche ... 1128288959 M * alexx after a short time 1128288971 M * alexx i can't launch apache because i'm out of semaphore 1128288995 M * alexx exact error in apache log: [emerg] (28)No space left on device: Couldn't create accept lock 1128289043 M * Bertl alexx: could you upload the output of testme.sh to pastebin.com or so? 1128289069 M * alexx heu ... i don't know testme.sh ;) what is it ? 1128289109 M * Bertl http://vserver.13thfloor.at/Stuff/SCRIPT/ 1128289122 M * Bertl (a test script, to be run as root on the host) 1128289279 M * douglas Bertl, what country are you in? 1128289280 M * alexx it's long ? 1128289297 M * Bertl douglas: currently austria :) 1128289362 M * alexx Bertl, is it long ? because i have nothing ... 1128289384 M * Bertl nothing what? 1128289398 M * alexx i run testme.sh 1128289409 M * alexx have the banner, and ... nothin happen 1128289422 M * Bertl that's not a good sign :) 1128289445 M * Bertl it basically returns immediately 1128289463 M * alexx nothing after banner :/ 1128289497 M * alexx stop on "+ grep -q TELL_UNSAFE_CHROOT 1128289497 M * alexx " 1128289561 M * alexx oups 1128289570 M * alexx i haven't read "on the host" ! :/ 1128289620 M * alexx Bertl, http://pastebin.com/381031 1128290104 M * hippo Bertl, Do you actually live on the 13th floor, btw? 1128290309 M * Bertl hippo: virtually yes :) 1128290322 M * gndmstr shoot... gonna be a few. got a corrupted mysql radius table on that last one 1128290413 M * DaCa do folks in .at start counting floors from 0 or 1? 1128290491 M * Bertl DaCa: CS/IT does start at 0 :) 1128290561 M * Bertl alexx: what kernel patch was used for that? 1128290589 M * alexx patch for 2.6.12.4 applied on a 2.6.12.5 1128290641 M * DaCa Bertl: I agree, but its not so a stupid question, as in most parts of europe, 1st floor is 1 higher than ground floor, in scandinavia ground floor == 1st floor 1128290726 M * Bertl yeah, I know ... 1128290733 M * mnemoc at chile 1st=ground also 1128290747 M * Bertl in austria, we have 'ground floor', and 'first floor' 1128291125 M * Johnsie We are inconsistent and sloppy in America. 1128291134 M * Johnsie I'm sure this comes as no surprise. 1128291135 M * Johnsie haha 1128291182 M * Johnsie I graduated in the Class of 2000... 1128291196 M * Johnsie My peers and educators both said we were the kids of the new millenium. 1128291208 M * Johnsie Little did they know, 2001 started the new millenium. 1128291245 M * mnemoc that happened everywhere 1128291508 M * gndmstr ok when the machine rebooted, the guests did not start. there was evidence they tried to because i saw msgs like RTNETLINK answers: File exists ... they started fine when i started them manually. then i tried shutting the least impact guest down it timed out and all shut down.. they all restarted ffine with just the rtnetlink msg 1128291513 M * Bertl alexx: hmm, does vps show any hanging processes? 1128291525 M * alexx Bertl, nothing 1128291536 M * alexx no process left after killing the vserver 1128291546 M * alexx but sem stay 1128291803 M * Bertl that sounds like a kernel (mainstream) bug ... 1128291822 M * Bertl what happens on the host, if you start/stop apache? 1128291832 M * Bertl does it increase the semaphore count too? 1128291836 M * alexx i haven't apache on host 1128291920 M * Bertl try with a simple chroot to the guest 1128291991 M * alexx i will try tomorow on the dev server 1128291997 M * alexx for now, i can't 1128292001 M * alexx it's too late :/ 1128292005 M * mnemoc gndmstr: thats because you set your vserver to set an ip address which is already set 1128292017 M * Bertl alexx: okay, keep me posted ... 1128292021 M * alexx oki 1128292031 M * gndmstr they crashed tho 1128292034 M * gndmstr will look to be sure 1128292078 M * mnemoc that is harmless anyway 1128292190 M * gndmstr yeah they started fine... all ips are unique across all 3 cards 1128292334 M * mnemoc but they are not removed on stop 1128292345 M * mnemoc so on next start they are already there 1128292391 M * gndmstr right 1128292426 M * gndmstr ok interesting... i disabled the shared mounts in fstab inside a guest and started entered then exited and stopped and it was fine 1128292491 J * moony ~moony@p5496F61D.dip.t-dialin.net 1128292522 M * moony hi :) 1128292644 M * moony ive got some vservers running and searching for a method to get an report for the traffic by each ip, some ideas how to implement this simplest? 1128292723 M * mnemoc normal iptable accounting should work 1128292756 M * moony even if the ips are used by th vserver and not the "mainmachine"? 1128292827 M * mnemoc vserver is forced to use only one address of the 'mainmachine', but the address is on the mainmachine 1128292862 M * douglas bertl in order to secure a vserver properly we should only have a minimum amount of "stuff" created in /dev under the vserver correct? 1128292912 M * douglas like /null for instance, but most of the stuff, /dev/hda etc.etc. should not be there am I understanding how the vserver and the host work with phsyical hardware? 1128292937 M * moony mnemoc: can you advise me an programm for the analyse and creating the iptable roles? 1128292961 M * douglas moony=smoothwall perhaps? 1128292978 M * douglas freshmeat.net search for firewall gui or just plain firewall 1128292983 M * douglas theres tons of stuff there that does that. 1128292991 M * moony ok :) 1128293021 M * douglas I mean it all depends on how much "ease" of use you want versus complexity. 1128293051 M * douglas I mean the more ease a product has the less features you can you. thats typically. 1128293060 M * douglas features you can use. 1128293068 M * douglas stupid brain, can't keep up with my hands 1128293089 M * moony hm i just need to know the incoming and outgoing traffic, nothing else :) 1128293097 M * douglas pretty much 1128293136 M * douglas most firewall stuff you find on freshmeat will prolly be good for you. it doesn't sound like you need a serious complex iptables script. 1128293162 M * douglas just allow and block certain services or traffic 1128293568 M * gndmstr now it seems to all be working just fine 1128293578 M * gndmstr i foudn one thing which may or may not have a bearing 1128293588 M * lonewolff time I wasn't here - nighty night 1128293624 M * gndmstr there is one guest linked to a template.. the guest was updated to new baselayout but template never was. i figured it should not have made a difference.. 1128293663 M * gndmstr the newest guest was made with the vserver-new method cloned from a whole new template of a different name and has no hard links 1128293683 M * gndmstr dunno if that has anything to do with it or if its just that kernel bug deciding to behave : 1128293965 M * mnemoc Bertl: can i bother you a minute? 1128294082 J * ^WinZiP SM@85-65-208-175.barak-online.net 1128294083 M * ^WinZiP bertl 1128294155 M * mnemoc what's the relation between: 1128294157 M * mnemoc ((vma->vm_mm->locked_vm + grow) << PAGE_SHIFT) > current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur 1128294160 M * mnemoc and 1128294169 M * mnemoc vx_vmlocked_avail(vma->vm_mm, grow) 1128294997 M * hippo Nighty all 1128295004 M * hippo Thanks for all the help, Bertl 1128295009 M * gndmstr night 1128295013 M * hippo And others ;) 1128295020 Q * hippo Quit: Leaving 1128295045 M * Bertl hmm .. got disconnected ... back now 1128295067 M * Bertl hey ^WinZiP! 1128295215 M * Bertl mnemoc: vx_vmlock_avail is the check/accounting of locked memory 1128295234 M * ^WinZiP Hi bertl 1128295236 M * ^WinZiP im downloading 1128295243 M * ^WinZiP linux-2.6.12.4 1128295246 M * ^WinZiP + patch 1128295248 M * ^WinZiP is this good? 1128295274 M * Bertl should be .. but there is also a version for 2.6.13 ... 1128295288 M * mnemoc Bertl: and the comparison they are doing with current->signal->rlim? 1128295295 M * ^WinZiP alredy patched + Downloaded. now compiling. 1128295324 M * Bertl mnemoc: file/line? 1128295347 M * douglas hey bertl 1128295347 Q * litage Read error: Connection reset by peer 1128295374 M * douglas the /dev system in a vserver should not have much in it, other then like null right? 1128295408 M * mnemoc Bertl: arch/ia64/mm/fault.c 1128295409 J * litage ~nick@203.220.55.70 1128295433 M * mnemoc Bertl: on expand_backing_store() 1128295443 M * Bertl douglas: ls /vservers/test106/dev/ 1128295443 M * Bertl fd full null ptmx pts random stderr stdin stdout tty urandom zero 1128295445 M * gndmstr douglas: mine has this in it 1128295450 M * gndmstr colossus / # ll /dev 1128295450 M * gndmstr total 76 1128295451 M * gndmstr lrwxrwxrwx 1 root root 15 Oct 2 11:35 MAKEDEV -> ../sbin/MAKEDEV 1128295451 M * gndmstr crw-rw-rw- 4 root root 1, 7 Jun 11 20:25 full 1128295452 M * gndmstr prw------- 4 root root 0 Oct 2 18:50 initctl 1128295452 M * gndmstr srw-rw-rw- 1 root root 0 Oct 2 18:35 log 1128295453 M * gndmstr crw-rw-rw- 4 root root 1, 3 Jun 11 20:25 null 1128295453 M * gndmstr crw-rw---- 4 root tty 5, 2 Sep 25 19:15 ptmx 1128295454 M * gndmstr drwxr-xr-x 2 root root 0 Oct 2 13:43 pts 1128295455 M * gndmstr crw-rw-rw- 4 root root 1, 8 Jun 11 20:25 random 1128295455 M * gndmstr -rw-r--r-- 1 root root 49 Sep 30 18:10 stderr 1128295457 M * gndmstr -rw-r--r-- 1 root root 73294 Sep 30 17:29 tty 1128295457 M * gndmstr cr--r--r-- 4 root root 1, 9 Jun 11 20:25 urandom 1128295459 M * gndmstr crw-rw-rw- 4 root root 1, 5 Jun 11 20:25 zero 1128295464 M * mnemoc :@ 1128295475 M * Bertl gndmstr: plz don't flood :) 1128295484 M * douglas and thats all it should have in it? 1128295486 M * gndmstr sorry. forgot this was irc :) 1128295488 M * ^WinZiP Bertl :P 1128295490 M * douglas gotcha :) 1128295505 M * Bertl gndmstr: btw, the tty is a good sign that something is using tty, but you are missing tty :) 1128295537 M * gndmstr i havent logged into ssh to it yet. this is a fresh guest and im installing stuff via vserver guest enter 1128295550 M * gndmstr when i ssh into the others i get something in there 1128295552 M * ^WinZiP Bertl? 1128295572 M * ^WinZiP cant you add networking support into deploy-vserver.sh? 1128295581 M * Bertl gndmstr: your /dev/tty is a file, so some script did write something there ... 1128295589 M * mnemoc Bertl: between a ENOMEM due to RLIMIT_AS, and your ENOMEM due to vx_vmlocked_avail and vx_vmpages_avail, PAX adds another, when comparing to RLIMIT_MEMLOCK. 1128295598 M * Bertl ^WinZiP: I didn't even know that there is a deploy-vserver.sh? 1128295604 M * ^WinZiP wait 1128295615 M * daniel_hozac Bertl: Martin's script, IIRC. 1128295616 M * ^WinZiP deploy-vserver.sh] - 1128295624 M * ^WinZiP http://debian.marlow.dk/vserver/guest/deploy-vserver.sh 1128295627 M * ^WinZiP this 1128295627 M * gndmstr hmm. maybe portage did... other than that i havent.. i used hollow's newest stage3 so maybe it was already in there? 1128295661 M * gndmstr the tty file is just filled with a line of this Select File: 1128295673 M * Bertl daniel_hozac: ah, tx 1128295686 M * Bertl ^WinZiP: why would I want to add something there? 1128295714 M * ^WinZiP becuase it will be easy bertl, ./deploy-vserver os guestos ip context . and Vwalla ;) 1128295742 M * Bertl aha :) 1128295776 M * ^WinZiP damn this vmware takes time to compile 1128295889 M * gndmstr heh i gave up on it. used to run win2k inside it, but then i realized how much of my resources vmware by itself ws using up and decided i didnt need to look at windoze to give phone support :) 1128296106 M * Bertl mnemoc: that will be trickier ... 1128296161 M * Bertl mnemoc: but it seems that rsbac folks want to cooperate in the future ... so there is a good chance for a combined patch ... 1128296171 M * ^WinZiP gndmstr, vmware suck. 1128296196 M * mnemoc Bertl: http://pastebin.ca/24474 1128296205 M * gndmstr agreed. it has its place, just not with me at this time. someday i may need it again 1128296235 M * mnemoc Bertl: i don't like combined patches, but a vserver patch to apply over a PAX kernel 1128296240 M * gndmstr cause i refuse to have windoze control any of my hardware on my network. this way i control it. 1128296253 M * mnemoc Bertl: so i can really see what comes from where 1128296267 M * mnemoc Bertl: svk is _very_ helpfull 1128296276 Q * moony Quit: ( www.nnscript.de :: NoNameScript 3.81 :: www.XLhost.de ) 1128296297 M * Bertl ^WinZiP: I would not suggest to use the deploy script, as it creates old style (legacy) guests 1128296303 M * douglas winzip 1128296309 M * douglas martins script is based on legacy vserver 1128296338 M * Bertl wibble: and util-vserver - build is probably as simple as that .. 1128296345 M * ^WinZiP what does it mean Legacy Vserver? 1128296354 M * Bertl (see alpha util-vserver page for examples) 1128296360 M * ^WinZiP oh alpha style. 1128296364 M * ^WinZiP what should i use Bertl? 1128296370 M * Bertl http://linux-vserver.org/alpha+util-vserver 1128296372 M * mnemoc Bertl: did you see anything about unix-domain terminals on guests? 1128296387 M * douglas it will require a decent amount of modification to get to work, not to mention martins images are not exactly up 2 date, I've spoken to martin about it and he said he plans on switching and updating it, just not at the moment. :) 1128296407 M * douglas switching from legacy is current 1128296407 M * ^WinZiP so we dont have good images? :( 1128296415 M * douglas what distro do you run? 1128296419 M * ^WinZiP FC 3 1128296423 M * douglas ahh 1128296431 M * douglas why not use rpm or apt-rpm ? 1128296434 M * Bertl ^WinZiP: check the build examples 1128296436 M * douglas yea 1128296442 M * douglas shit you got it easy, you can use rpm 1128296445 M * douglas heh 1128296449 M * ^WinZiP i will , just the suck vmware should complete compiling. 1128296468 M * ^WinZiP damn dual xeon 3.06 is not enugh for it 1128296583 N * douglas Guest58 1128296609 M * Bertl ^WinZiP: well, vmware must be _really_ slow :) 1128296624 M * ^WinZiP yes bertl. 1128296629 M * ^WinZiP CC [M] fs/nfs/dir.o 1128296629 M * ^WinZiP CC [M] fs/nfs/file.o 1128296629 M * ^WinZiP CC [M] fs/nfs/inode.o 1128296629 M * ^WinZiP CC [M] fs/nfs/nfs2xdr.o 1128296629 M * ^WinZiP CC [M] fs/nfs/pagelist.o 1128296631 M * ^WinZiP takes days. 1128296663 M * mnemoc 1:20h on my p3 without ccache and 0:35 with ccache 1128296669 M * ^WinZiP with vmware? 1128296682 M * mnemoc would could i want to use that crap? 1128296698 J * douglas ~douglas@douglas.user.oftc.net 1128296700 M * ^WinZiP cuz u got a dual xeon server wich you cant reboot cuz u got 160 clients on it ? :) 1128296701 M * douglas that was strange 1128296721 M * douglas you be better off splitting that dual xeon and haveing two seperate systems. 1128296723 M * douglas :) 1128296739 M * ^WinZiP i do 1128296741 M * ^WinZiP i orderd 1128296751 M * ^WinZiP P 4 3.0 ghz 1m cache 80g sata 2gb ram 1128296757 M * ^WinZiP for VPS only. 1128296774 M * douglas so why run vmware on that dual xeon? 1128296783 M * douglas what are you running? two windows boxes? 1128296785 M * ^WinZiP cuz i need to learn how to use vserver first? 1128296788 M * ^WinZiP no no 1128296791 M * ^WinZiP i use Linux for servers 1128296794 M * ^WinZiP linux only. 1128296805 M * ^WinZiP i run vmware so i can test apps. 1128296807 M * ^WinZiP like Vserver. 1128296816 M * ^WinZiP without rebooting or touching the xeon itself. 1128296822 M * douglas eww, just run vserver and test that way lol 1128296832 M * douglas get rid of vmware all together 1128296833 M * douglas lol 1128296834 M * ^WinZiP heh 1128296842 M * ^WinZiP i was happy to, but Bertl here says i must reboot 1128296845 M * ^WinZiP and i cant afford that. 1128296855 M * douglas well you will need to to install. 1128296861 M * mnemoc you must reboot if you change your kernel 1128296864 M * douglas schedule a maintenance window and reboot it at 3 am 1128296865 M * Johnsie If you can afford to test on a production server, you can afford to reboot. 1128296883 M * mnemoc *ack* 1128296887 M * douglas 160 customers? what webhosting customers? 1128296895 M * ^WinZiP yes webhosting 1128296896 M * ^WinZiP and 1128296898 M * ^WinZiP i do reboot 1128296901 M * ^WinZiP when i update my kernel 1128296905 M * ^WinZiP but i dont do that often. 1128296909 M * ^WinZiP each 60-120 days. 1128296916 M * douglas yea you shouldn't to reboot it all that much 1128296923 M * douglas once to change the kernel to support vserver and thats all 1128296932 M * ^WinZiP yeah but i dont need vserver on the xeon 1128296937 M * ^WinZiP i dont want to make it "loaded" 1128296940 M * douglas but you need vmware? 1128296943 M * ^WinZiP i orderd a brand new P4 for that. 1128296955 M * ^WinZiP i need vmware cuz i cant wait testing out vserver :) 1128296969 Q * Guest58 Ping timeout: 480 seconds 1128296978 M * ^WinZiP i alredy tested it. it was nice, but i was having problems with the networking so i gave up. 1128296986 M * douglas vmware is a much more resource hog then anything else. 1128296991 M * ^WinZiP i know it 1128296995 M * douglas it would be better to install vserver or just wait to be honest. 1128296998 M * ^WinZiP im waiting to learn and test vserver, then bye bye vmware. 1128297006 M * ^WinZiP i work at night douglas 1128297006 M * douglas I think setting up vmware your gonna crash your box lol 1128297012 M * ^WinZiP there are almost no surfers at night. 1128297013 M * mnemoc you could test using uml 1128297025 M * Johnsie That and how accurate can one's setup be on VMWare anyway? 1128297027 M * douglas yea but even uml needs patches to the kernel doesn't it mnemoc? 1128297040 M * mnemoc ska patch is optional 1128297054 M * ^WinZiP yeah but i dont like uml. 1128297067 M * douglas uml isn't bad, it has its advantages and disadvantages 1128297075 M * mnemoc anything is better, and cheaper, than vmware 1128297080 M * ^WinZiP ofcourse 1128297082 M * douglas *agreed* 1128297085 M * ^WinZiP but vmware requires almost no config. 1128297089 M * ^WinZiP its up and runing. point. 1128297091 M * ^WinZiP like Virtuzzo. 1128297099 M * Johnsie Virtuozzo is crap. 1128297102 M * Johnsie haha 1128297105 M * ^WinZiP crap but those crap 1128297107 M * ^WinZiP makes money :) 1128297111 M * ^WinZiP alot of it :) 1128297120 M * Johnsie Doesn't mean its good. 1128297124 M * Johnsie err, it's 1128297142 M * douglas johnsie your a open source programmer aren't you?:) 1128297146 M * ^WinZiP it's ok john , my language is not english so i dont care about mistakes. 1128297154 M * Johnsie Nooo. 1128297174 M * Johnsie I'm just here to learn more about the VServer stuff. ;) 1128297190 M * douglas cuz a product that makes money is typically a good product in my eyes. 1128297204 M * ^WinZiP does anyone remmber how much does RedHat (zoot) release wieghs? 1128297208 M * Johnsie Like, uhh, Windows? 1128297226 M * ^WinZiP Windows is a good product john. go ahaed and get a trial of Windows 2003 1128297234 M * mnemoc a product that makes money is typically a product with good marketing and fool clients 1128297234 M * douglas sure windows is a GREAT product. if you look at it not from a linux hardcore person, but in a business standpoint. 1128297245 M * ^WinZiP windows 2003 ownz ur biz. 1128297248 M * douglas mnemoc not always 1128297249 M * Johnsie hah 1128297251 M * ^WinZiP i got hounders of pepole want to order 1128297254 M * ^WinZiP but i use linux ONLY 1128297274 M * douglas I mean as a client windows is superior to linux right now. 1128297283 M * Johnsie I disagree. 1128297285 M * ^WinZiP thats correct. 1128297287 M * douglas but that could be said because it has the market. 1128297295 M * Johnsie Linux is what you make of it. 1128297300 M * ^WinZiP Johnsie, Windows is easy to use, linux is not. 1128297303 M * douglas how many people run linux as there client versus windows. 1128297305 M * douglas and explain why 1128297308 M * ^WinZiP its easy for developer, expirenced user, but not for n00b 1128297310 M * Johnsie I don't find Linux hard to use. 1128297315 M * douglas thats you 1128297317 M * douglas I dont find it either 1128297319 M * douglas but 1128297323 M * douglas thats not my question 1128297327 M * ^WinZiP a 40 yr old mom will find it harder. 1128297336 M * ^WinZiP or a 10yo kid. that wants to play FIFA 1128297339 M * douglas why does microsoft and mac own the market in clients? 1128297342 M * Johnsie It doesn't make it a better client then. 1128297345 M * mnemoc you are comparing a kernel with a full easy-to-use psuedo-operative system 1128297351 M * Johnsie Easy doesn't mean better. 1128297363 M * douglas in terms of business it does. I'm not saying whats more powerful 1128297366 M * ^WinZiP Windows 2003, i think - is supeiror. 1128297368 M * ^WinZiP on linux.. 1128297371 M * ^WinZiP server env. 1128297375 M * douglas I'm a die hard linux person. but I dont bash microsoft either. 1128297383 M * Johnsie I'm not bashing them at all. 1128297387 M * douglas I give props were props are do. 1128297391 M * Johnsie Sure, MS has had some okay products. 1128297401 M * Johnsie But I haven't bought one that's been spectacular. 1128297417 M * ^WinZiP hm 1128297423 M * douglas they have as of right now a better client. Easier to use for people. and I know linux is more powerful, but the majority of the masses dont need powerful, they need ease of use. 1128297425 M * ^WinZiP you know i execly got tughts 1128297431 M * ^WinZiP i realy wanted to purchase windows 2003 1128297434 M * ^WinZiP untill i found vserver :D 1128297447 M * Johnsie douglas: Again, define 'better'. 1128297464 M * Johnsie I run Gentoo with E17 ... makes for one hell of a desktop. 1128297469 M * Johnsie Every application I have, I need. 1128297478 M * ^WinZiP John 1128297479 M * Johnsie Everything works extremely well and it's easy to use. 1128297486 M * ^WinZiP instead of one click, you compile 1128297489 M * Johnsie To me, this particular setup is better. 1128297491 M * ^WinZiP a 10yo kid wants to play fifa 1128297493 M * ^WinZiP cant compile 1128297502 M * Johnsie I'm not talking about a ten year old kid. 1128297502 M * ^WinZiP thats right, to YOU :) 1128297519 M * douglas better=more people choose microsoft then linux 1128297522 M * douglas why 1128297523 M * ^WinZiP Good morning children. today we will learn how to compile kernel. 1128297525 M * daniel_hozac Gentoo is about the only distro that _makes_ you compile software. 1128297526 M * ^WinZiP thats sound bad. 1128297538 M * daniel_hozac douglas: people don't choose Windows. 1128297545 M * Johnsie Exactly. 1128297565 M * Johnsie No PC manufacturer...well, at least 95% of them don't ask if you want Linux or Windows. 1128297574 M * Johnsie They assume you want Windows and that's what you get. 1128297574 M * ^WinZiP they just put windows on it. 1128297576 M * douglas most of the ones I deal with do 1128297582 M * ^WinZiP thats becuase most of users dont even know what linux is. 1128297589 M * Johnsie That's right. 1128297593 M * mnemoc they are payed to put it there