1128470443 M * micah pastebin site is lagging 1128470578 M * micah heh, I can't find a pastebin that is working 1128470587 M * micah Bertl: http://crow.riseup.net/~micah/strace_chcontext 1128470626 M * Bertl well, good choice (regarding pastebin :) 1128470681 M * Bertl micah: did the SYSINFO show traditional or alternative syscall? 1128470691 M * Bertl micah: and is it with dietlibc or not? 1128470731 M * micah Bertl: I know it is made with dietlibc 1128470759 M * micah syscall(2) invocation: alternative 1128470788 M * Bertl okay, please upload the chcontext binary .. I'd like to have a look at the asm code ... 1128470820 M * Bertl micah: you're sure you have a vserver kernel active, and test outside a guest, right? 1128470839 M * micah Bertl: yes, I am certain 1128470870 M * micah err, /usr/sbin/chcontext is a shell script 1128470893 M * Bertl right, let's try ... 1128470897 M * micah maybe you want: /usr/lib/util-vserver/chcontext-compat 1128470898 M * micah ? 1128470917 M * Bertl vcontext --create --xid 42 true 1128470930 M * Bertl and the vcontext binary ... 1128470934 M * micah http://crow.riseup.net/~micah/chcontext and http://crow.riseup.net/~micah/chcontext-compat 1128470950 M * micah # vcontext --create --xid 42 true 1128470950 M * micah vcontext: vc_create_context(): Function not implemented 1128470981 M * micah http://crow.riseup.net/~micah/vcontext 1128470986 M * Bertl perfect, tx 1128471058 M * micah if I recompile util-vserver on the machine with gcc3.3 the same failures 1128471070 M * micah so that gcc theory is probably off 1128471092 M * Bertl okay, what does 'cat /proc/virtual/info' give? 1128471102 M * micah VCIVersion: 0001:0025 1128471102 M * micah VCISyscall: 273 1128471102 M * micah VCIKernel: 83000016 1128471246 M * Bertl well, no idea what ola? messed up here ... 1128471275 M * Bertl please get the mainstream 0.30.208 + fix02 and try with that 1128471289 M * Bertl if that works (I suspect so) let's investigate the differences 1128471748 M * micah ok, that will take a minute, i need to start food 1128471770 A * micah boots up food 1128472604 M * micah this is the proper patch right: http://www.13thfloor.at/vserver/s_rel26/v2.0/patch-0.30.208-fix02.diff 1128472626 M * Bertl yep 1128472683 M * Bertl reminds me that I ahve to update that too 1128472707 M * micah before I compile, this is what configure tells me: 1128472707 M * micah syscall(2) invocation: alternative 1128472707 M * micah vserver(2) syscall#: 273/glibc 1128472719 M * Bertl okay, looks reasonably good 1128472856 M * micah not sure I want to make install this 1128472880 M * Bertl well, try the binary stand-alone 1128472886 M * micah ./src/vcontext --create --xid 42 true 1128472887 M * micah vcontext: vc_create_context(): Function not implemented 1128472919 M * Bertl okay, so something on your system is different than here 1128472949 M * micah I'm using the 1.9.5 patches, not 2.0 1128472955 Q * dentifrice Quit: . 1128472976 M * Bertl micah: I tested with the 1.9.5.x-4/5 kernel remember? 1128473001 M * micah sorry, low blood sugar, hard to remember :() 1128473005 M * Bertl vcontext --create --xid 42 true 1128473005 M * Bertl New security context is 42 1128473011 M * Bertl /tmp/vcontext --create --xid 42 true 1128473011 M * Bertl vcontext: vc_create_context(): Function not implemented 1128473018 M * Bertl the second one is your binary 1128473030 M * micah interesting 1128473119 M * Bertl ah, really interesting ... 1128473130 M * Bertl vserver(VCMD_09,1[0], 42) 1128473135 M * Bertl vserver(VCMD_09,1[1], 42) 1128473143 M * Bertl second one is failing ... 1128473607 M * Bertl hmm, yeah, seems it uses an interface version which isn't in that kernel 1128473665 J * gndmstr ~gndmstr@ip1.pathworx.sbbsnet.net 1128473678 M * Bertl welcome gndmstr! 1128473684 M * gndmstr hey Bertl 1128473692 M * gndmstr sorry i wasnt on earlier. just got hom 1128473693 M * gndmstr home 1128473706 M * Bertl np, you still ahve those kernel sources 1128473713 M * gndmstr had to replace a power supply in a server on site 1128473714 M * gndmstr yeah 1128473740 M * gndmstr i have the original and the patched one 1128473756 M * gndmstr was wondering if i should pick up the latest kernel and try that one 1128473783 M * Bertl micah: as I see it you have two options, either you add backwards compatibility to the 208 tools, means fallback to VCMD_ctx_create_v0 if the main one doesn't work, or you add the V1 command to the kernel :/ 1128473813 M * Bertl gndmstr: okay, let's try a few things, like: 1128473840 M * Bertl addr2line -e vmlinux c0136b7e 1128473857 M * Bertl (inside the kernel source tree of 2.6.13.1-vs2.1.0-rc2) 1128473906 M * Bertl micah: the v0 fallback should not be too complicated with enricos wrappers (if you know what to do) 1128473966 M * Bertl micah: just verified, newly built tools fail on the 1.9.5 kernels too ... 1128473985 M * gndmstr bash: add2line: command not found 1128473998 M * Bertl addr2line 1128474005 M * gndmstr oops 1128474020 M * gndmstr heh better put my glasses on for this 1128474021 M * gndmstr :0 1128474038 M * Bertl 8-) 1128474112 M * gndmstr i have 2 of them... do i run that in the 'kernel root' ? 1128474118 M * gndmstr apollo linux # find . -iname 'vmlinux' 1128474119 M * gndmstr ./arch/i386/boot/compressed/vmlinux 1128474119 M * gndmstr ./vmlinux 1128474130 M * Bertl kernel root ... 1128474154 M * gndmstr apollo linux # addr2line -e vmlinux c0136b7e 1128474155 M * gndmstr ??:0 1128474160 M * Bertl I feared that ... 1128474238 M * gndmstr sounds like fun. did you see the changelog for 13.3? i just noticed it was released 1128474245 M * Bertl let's try this one: 1128474248 M * Bertl objdump -d vmlinux | grep -A 5 '__dealloc_vx_info>:' 1128474260 M * Bertl no, make that -A 30 1128474271 M * Bertl and upload the output to some pastebin.com 1128474356 M * Bertl yeah, .13.3 seems like a good idea ... 1128474377 M * gndmstr http://pastebin.com/383362 1128474390 M * gndmstr ill wait till you have a patch for it then for vservers:) 1128474401 M * Bertl okay, tx 1128474406 M * gndmstr or will the one i use work 1128474595 M * Bertl hmm, could you do 1128474596 M * Bertl grep -A 20 '__dealloc_vx_info(s' kernel/vserver/context.c 1128474604 M * Bertl and upload that too, plz? 1128474660 M * micah Bertl: yikes, i need to eat before I can comprehend 1128474679 M * Bertl np, but I'll be off to bed soon ... 1128474717 M * gndmstr http://pastebin.com/383371 1128474759 M * micah Bertl: actually, now that I think a little - nobody should be using .208 on a kernel with 1.9.5 (at least in debian) 1128474822 M * Bertl gndmstr: okay, let's do ... 1128474833 M * Bertl make kernel/vserver/context.s 1128474843 M * Bertl then please also upload the kernel/vserver/context.s 1128474857 M * gndmstr ok 1128474857 Q * lonewolff Read error: Connection reset by peer 1128474876 J * lonewolff ~lonewolff@host86-128-128-38.range86-128.btcentralplus.com 1128474915 M * Bertl micah: hmm, just means that you have to fix 204 then, no? 1128474934 M * gndmstr will pastebin take a 30k paste? 1128474951 M * Bertl I hope so .. if not try to dcc me 1128474986 M * micah Bertl: 204 works though 1128475001 M * Bertl modulo the barrier/xid issues, yes 1128475032 M * Bertl (and on x86 only) 1128475617 M * Bertl micah: give me a moment for a test patch ... 1128475678 M * Johnsie Doodle doot doot dooo. 1128475679 M * Johnsie Hi. 1128475886 M * Bertl hi Johnsie! 1128475902 M * Johnsie Hey. ;) 1128475909 M * Johnsie How goes? 1128475929 M * Bertl fine, thanks! 1128475935 M * Bertl micah: http://vserver.13thfloor.at/Experimental/delta-0.30.208-fix02-fix03.diff 1128475945 M * Bertl micah: try that ontop of the fix02 1128475952 M * Johnsie I have a stumper for ya, Bertl. 1128475958 M * Johnsie Sort of one, I think...might be simple. 1128475963 M * Bertl hmm? 1128475967 M * Johnsie This is, of course, Gentoo related. 1128475974 M * Johnsie I copied a VPS from one host to another... 1128475980 M * Johnsie Gentoo to Gentoo. 1128475985 M * Bertl a guest, yes? 1128475989 M * Johnsie Yes. 1128475993 M * Johnsie rsync 1128476013 M * Johnsie Everything works fine except when I go to SSH to the guest, it connects to the host. :) 1128476025 M * Bertl simple :) 1128476040 M * Bertl the sshd on the 'new' host isn't restricted to host ips 1128476048 M * Johnsie Oh okay. 1128476057 M * Bertl thus it binds to all ips, the guest get's nothing :) 1128476059 M * gndmstr Bertl.. dangers in segmented pasting if you dont watch where your cursor is at :) you can get the file here off my site 1128476066 M * gndmstr http://www.forestoflives.com/context.s 1128476069 M * Johnsie Well, I can connect to the web server on the guest. 1128476074 M * Johnsie It can hear and listen, etc. 1128476083 M * Bertl web port != ssh port 1128476094 M * Johnsie Correct...heh 1128476106 M * Johnsie But wouldn't things get messy there? 1128476349 M * Bertl no, it's just that the sshd inside the guest fails to bind to the port 1128476363 M * Bertl checking the logs inside the guest will reveal that 1128476371 M * Johnsie Ohhhhhhhhhhhh. 1128476376 M * Johnsie I'm with you now. 1128476377 M * Bertl gndmstr: what compiler do you use, btw? 1128476391 M * Johnsie Thank you, Bertl. 1128476399 M * gndmstr me personally or the host machine we are working on 1128476405 M * Bertl Johnsie: my pleasure! 1128476418 M * Bertl gndmstr: the gcc/binutils which compiled the kernel 1128476460 M * gndmstr apollo src # gcc --version 1128476460 M * gndmstr gcc (GCC) 3.3.6 (Gentoo 3.3.6, ssp-3.3.6-1.0, pie-8.7.8) 1128476493 M * gndmstr binutils-2.15.92.0.2-r10 1128476502 M * Bertl that's the hardened version? 1128476510 M * gndmstr shouldnt be 1128476515 M * Bertl okay, just checking 1128476518 M * gndmstr i just did an emerge -uDpv world 1128476538 M * gndmstr when i updated this machine from the 2004.3 profile 1128476561 M * Bertl okay, lets do a 'grep VSERVER .config' in that kernel dir and upload that too 1128476569 M * gndmstr it went to 2005.1 then a week later i installed verserver stuff 1128476676 M * gndmstr http://pastebin.com/383401 1128476807 M * Johnsie Simple fix... 1128476820 M * Johnsie I edited /etc/ssh/sshd_config and made the host bind to an address and all's well. 1128476820 M * Bertl gndmstr: ahh, now I start to understand ... 1128476822 M * Johnsie Thank you. 1128476843 M * gndmstr oook what do i have set wrong 1128476844 M * gndmstr :) 1128476846 M * Johnsie I forgot to mention, sshd needs to be restarted on the host and guest...works great. 1128476855 M * Bertl Johnsie: you're welcome! you're not the first one, and probably not the last one with this issue ... 1128476871 M * Johnsie haha 1128476876 M * Johnsie I'll note it on the Wiki if it's not there. 1128476879 M * Bertl gndmstr: nothing on your side ... 1128476889 M * gndmstr ok 1128476925 M * gndmstr im not using hardcpu yet i just set it so it was ready when i needed to 1128476948 M * Bertl gndmstr: I'll upload a new version in a few minutes, please enable the following options next time: 1128476963 M * Bertl CONFIG_VSERVER_DEBUG=y 1128476968 M * Bertl CONFIG_VSERVER_HISTORY=y 1128476975 M * Bertl CONFIG_VSERVER_HISTORY_SIZE=256 1128476990 M * Bertl CONFIG_DEBUG_KERNEL=y 1128476998 M * Bertl CONFIG_DEBUG_BUGVERBOSE=y 1128477005 M * Bertl CONFIG_DEBUG_INFO=y 1128477011 M * Bertl CONFIG_DEBUG_SPINLOCK=y 1128477016 M * Bertl CONFIG_DEBUG_SPINLOCK_SLEEP=y 1128477017 M * Bertl :) 1128477034 M * Bertl this should help to track down the 'other' issues ... 1128477052 M * gndmstr ok ill set them now so its there 1128477084 M * Bertl keep a version/copy of your current source tree around, so that we can reinvestigate it later 1128477104 M * gndmstr ok 1128477551 M * micah Bertl: giving it a try 1128477604 M * gndmstr is this setting important to vservers? 1128477607 M * gndmstr [ ] Use 4Kb for kernel stacks instead of 8Kb (NEW) 1128477617 M * Bertl should not be ... 1128477627 M * gndmstr ok cause its not set 1128477633 M * Bertl http://vserver.13thfloor.at/Experimental/delta-2.6.13.1-vs2.1.0-rc2-rc3.diff 1128477639 M * Bertl or alternatively 1128477658 M * Bertl http://vserver.13thfloor.at/Experimental/patch-2.6.13.1-vs2.1.0-rc3.diff.bz2 1128477733 M * micah Bertl: # ./src/vcontext --create --xid 42 tru 1128477733 M * micah New security context is 42 1128477766 M * Bertl okay, so consider this fix03 and let's add it to 0.30.208 1128477870 M * gndmstr The next patch would create the file Documentation/vserver/debug.txt, 1128477870 M * gndmstr which already exists! Assume -R? [n] 1128477892 M * micah ok, this wont change the results of any of the testfs.sh stuff, right? it just fixes vc_create_context(): Function not implemented problems that come from using 208 with 1.9.5, right? 1128477915 M * Bertl gndmstr: are you patching the full one ontop of the current? 1128477924 M * Bertl or both? 1128477937 M * gndmstr im just using the rc3 patch on a vanilla kernel 1128477949 M * Bertl micah: this is a further fix to 0.30.208 (which hopefully will get into mainline) 1128477959 M * Bertl micah: it isn't even debian specific 1128478017 M * Bertl gndmstr: check that your vanilla kernel is vanilla 1128478175 M * gndmstr there is a vserver directory inside the kernel source dir 1128478215 M * Bertl which looks suspicious, as we are not in mainline yet :) 1128478276 M * gndmstr ok if i unpack another kernel will it break the links i just did in the experimental kernel dir? 1128478296 M * Bertl just move it away first 1128478371 M * Bertl and here is the 13.3 version 1128478372 M * Bertl http://vserver.13thfloor.at/Experimental/patch-2.6.13.3-vs2.1.0-rc3.diff.bz2 1128478392 T * Bertl http://linux-vserver.org/ | latest stable 2.0, 2.0.1-pre2, 1.2.10, 1.2.11-rc1, devel 2.1.0-rc3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) 1128478392 M * gndmstr so should i unpack 13.3 and use this one then? 1128478404 M * Bertl you can do that ... it's probably a good idea ... 1128478410 M * gndmstr ok 1128478444 M * Bertl I'm off to bed now ... please make sure that the .config options I listed above are enabled ... 1128478469 M * gndmstr already did. and i copy the config over from kernel to kernel so... 1128478470 M * Bertl any kernel trace which happens to you is interesting and should be reported ... 1128478497 M * gndmstr just makes me nervous, im only a few weeks away at best of making the big machine run 1128478503 M * Bertl I assume we will see the BUG_ON() in line 144 again ... as I haven't found/fixed this issue yet 1128478512 M * gndmstr ok 1128478523 M * Bertl gndmstr: you might consider testing/using the stable branch instead ... 1128478544 M * gndmstr will it do all the same things basically? 1128478546 M * Bertl but I'm confident we will track it down pretty soon ... 1128478561 M * Bertl except for the BME/CoW stuff, yes 1128478591 M * gndmstr ok cause i would prefer to stay with the latest kernel 1128478601 M * Bertl okay, have a good whatever everyone ... cya tomorrow ... 1128478605 M * gndmstr probably dont have to worry about that since im not linking at the moment 1128478609 M * gndmstr ok have a good nightg 1128478619 M * Bertl you too! 1128478624 N * Bertl Bertl_zZ 1128478699 Q * dddd44 Ping timeout: 480 seconds 1128479277 Q * litage Quit: Leaving 1128482027 J * lilo ~lilo@lilo.usercloak.oftc.net 1128482077 Q * gndmstr Remote host closed the connection 1128482134 Q * lilo_ Ping timeout: 480 seconds 1128484099 J * sebi_ ~sebi@C4d20.c.strato-dslnet.de 1128484208 Q * sebi Ping timeout: 480 seconds 1128484505 P * stefani parting (is such sweet sorrow) 1128485137 J * matti matti@linux.gentoo.pl 1128486318 J * dddd44 dhb55@60.49.78.240 1128491116 J * Sonarman_ ~cleetus@adsl-64-169-93-32.dsl.snfc21.pacbell.net 1128491460 Q * Sonarman Ping timeout: 480 seconds 1128492182 J * serving- serving@213.186.188.197 1128492446 Q * serving Ping timeout: 480 seconds 1128493414 Q * _pvh Remote host closed the connection 1128496565 J * Sonarman ~cleetus@adsl-64-169-93-32.dsl.snfc21.pacbell.net 1128496680 Q * Sonarman_ Ping timeout: 480 seconds 1128502078 J * tuxcapoeira ~capoeira@85-124-167-78.work.xdsl-line.inode.at 1128502139 M * tuxcapoeira X11 inside vserver fails, no devices detectet - help? 1128502197 M * matti Y. 1128502220 M * matti tuxcapoeira: You're crazy. 1128502266 M * tuxcapoeira jap! 1128502273 M * tuxcapoeira so can u help? 1128502336 M * matti Nope. I never use X* in vserver enviroment :D 1128502365 M * matti It is even possible? 1128502367 M * tuxcapoeira just trying 4 fun 1128502371 M * matti Oh. 1128502371 M * matti :) 1128502386 M * matti Lot of free time? Right? :) 1128502388 M * tuxcapoeira should be, enabled tty 1128502394 M * francois hi 1128502411 M * francois tuxcapoeira, by giving your vserver enough capabilities it is doable 1128502453 M * tuxcapoeira working after: http://linux-vserver.org/Linux-Vserver+FAQ 1128502494 M * tuxcapoeira francois: CAP_SYS_RAWIO is enabled, anything else? 1128502594 Q * Doener Read error: Connection reset by peer 1128502596 M * francois tuxcapoeira, i don't remember sorry 1128502641 M * francois tuxcapoeira, maybe CAP_SYS_ADMIN 1128502788 M * matti Hm... 1128502820 M * tuxcapoeira nope, what devices do i need? /dev/tty8 /dev/input/mice /dev/input/eventN /dev/mem 1128502955 M * matti tuxcapoeira: Try to use normal /dev/* not for vserver. For test only. 1128502988 M * tuxcapoeira matti: what else then? 1128503129 M * matti tuxcapoeira: I mean - use normal, static /dev, not from vserver package (or for vserwer guest) just for tests :) 1128503147 M * matti s/vserwer/server/ 1128503193 M * tuxcapoeira made extra device-nodes inside th vservers /dev/ 1128503404 M * matti OK, I have no idea :( 1128503462 M * tuxcapoeira tx anyway ;) 1128504271 J * sven12 ~sven@80-235-89-98-dsl.prn.estpak.ee 1128504354 M * sven12 I tried to get per vserver guest quotas to work yesterday but now I have had weird problems on startup 1128504369 M * sven12 libvserver.so.0 cannot be found 1128504382 M * sven12 although it is at /usr/lib, just like before 1128504418 M * sven12 in window manager I cannot ket consoles to work properly - all I get is a cursor but no prompt 1128504420 J * IEF ~ief@145.85.117.6 1128504449 M * IEF hiya 1128504474 M * sven12 and trying to run a command as root doesn't succeed, password is always wrong, although the same password works at ordinary console login 1128504536 M * sven12 at startup the first error is this: "stty: error while loading libvserver.so.0 - cannot be found..." 1128504901 M * sven12 then the next "libvserver.so.0 is not found" - error comes at filesystem mounting stage 1128507260 J * Doener ~doener@i5387D06A.versanet.de 1128507261 Q * ag-2 Read error: Connection reset by peer 1128507367 J * ag-2 ag@muaddib.roxor.cx 1128507574 Q * Aiken Quit: Leaving 1128507951 Q * sven12 Quit: Leaving 1128508208 J * litage ~nick@203.220.55.70 1128508755 J * Bubor bubor@innocent.dema.hu 1128510118 J * sven12 ~sven@80-235-89-98-dsl.prn.estpak.ee 1128510586 N * Bertl_zZ Bertl 1128510929 M * sven12 hi Bertl! 1128510979 M * sven12 is my problem still visible on your log? 1128511050 M * sven12 anyway, still at booting the host I get these two errors that libvserver.so.0 cannot be found 1128511134 M * sven12 first like this: "stty: error while loading shared library..." 1128511153 M * sven12 and then at mounting process 1128511196 M * sven12 this far I tried to make a soft link from /lib/libvserver.so.0 to /usr/lib/libvserver.so.0.0.0 1128511211 M * sven12 rebuild the util-vserver package 1128511225 M * sven12 but no luck 1128511293 M * Bertl morning folks! 1128511300 M * Bertl yes, it is ... 1128511339 M * Bertl sven12: what tries to use the libvserver? 1128511357 M * sven12 how could I find that out? 1128511388 M * sven12 it seems to appear at first before any daemons are loaded 1128511391 M * Bertl hmm .. let's first check (with vserver-info - SYSINFO) how your tools are configured ... 1128511399 M * sven12 right after the kernel messages 1128511406 M * Bertl could you upload the output to pastebin.com or so? 1128511415 M * sven12 yes,ok 1128511439 M * sven12 I forgot this weird side effect 1128511448 M * sven12 I cannot statr any consoles from X 1128511493 M * sven12 could I somehow go to text console and then get back to this X session without braking it? 1128511535 M * Bertl guess CTRL-ALT-F1 should do (and F5-F8 to get back) 1128511549 M * sven12 ok 1128511735 M * sven12 here it is now: http://pastebin.com/383698 1128511799 M * Bertl Use dietlibc: no (you have been warned) 1128511817 M * Bertl recompile the tools with dietlibc, and try again please 1128511827 M * sven12 ok 1128511832 Q * IEF Quit: /* IEF's IRC SPAM */ 1128512052 Q * flock Ping timeout: 480 seconds 1128512144 N * sven12 sven12-away 1128512221 M * Bubor w 1128512230 Q * Bubor Quit: Confucius say: Man with no legs bums around. 1128512488 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il 1128514843 M * meebey hi all 1128514843 M * meebey I found vmware sneeds special setup in order to work with graphics right 1128514854 M * Bertl hmm? 1128514868 M * meebey when vmware runs in a vserver 1128514886 M * meebey x works but some graphicsmode not for cvmware 1128514905 M * meebey chroot /vserver/x11_vmware/ and it worked 1128514917 M * meebey I will try all caps now 1128514927 M * meebey I am fighting with this ince 3 days 1128514932 M * meebey +s 1128514956 M * meebey good place will be ProblematicPrograms :) 1128514978 M * Bertl interesting .. what do they do? 1128515031 M * meebey not sure yet 1128515053 M * meebey NET_ADMIN and SYS_ADMIN it has already for the network bridge setuo 1128515060 M * meebey and RAWIO for X 1128515070 M * meebey but it seems vmware does something more 1128515215 M * Bertl well, that is nothing which will fly ... 1128515234 M * Bertl giving NET_ADMIN and SYS_ADMIN already roots your box 1128515258 M * Bertl I _thought_ vmware is userspace? i.e. you can run it as _user_ 1128515274 M * meebey sure, windows will run in vmware, so we can't speak about security at all :) 1128515305 M * meebey vmware is kernel + userspace tools 1128515366 M * meebey vmmon and vmnet modules for instance, but thats not the point, it is trying something that it can 1128515377 M * meebey can't do right when run from a vserver context 1128515400 M * meebey so I am playing now with all caps to see if I can get it running 1128515407 M * meebey maybe it does /proc fun, who knwos 1128515457 M * Bertl does it really matter? I mean, I'm not trying to stop you, but IMHO it's rather pointless ... 1128515559 J * eXa_bOy ~a@c220-239-68-228.rochd3.qld.optusnet.com.au 1128515563 M * eXa_bOy hi hi hi 1128515574 M * Bertl welcome eXa_bOy! 1128515602 M * eXa_bOy looking for a decent tutorial still! 1128515602 M * eXa_bOy on howto install vserver :( 1128515619 M * meebey Bertl: yes, images, prebuild servers 1128515628 M * meebey Bertl: modularity 1128515652 M * meebey the root system hsa nothing on it 1128515653 M * meebey for all custoerms 1128515676 M * meebey when their server do, we put a new root system on it, copy vserver over, boot, done 1128515680 M * Bertl okay, okay, as long as it isn't security ... 1128515682 M * meebey s/do/die/ 1128515682 M * eXa_bOy anyone give me directions on where to start? 1128515703 M * meebey Bertl: I knwow that giving caps removes all the security :) 1128515708 M * Bertl eXa_bOy: what do you need? 1128515733 M * Bertl http://linux-vserver.org/ 1128515737 M * eXa_bOy i want to setup vserver on my debian machine. i dont know where to start so im looking for a recomended tutorial 1128515750 M * meebey Bertl: we have only 2 special vservers with caps, one for openswan and one for x11/vmware 1128515756 M * Bertl eXa_bOy: http://linux-vserver.org/Step-by-Step+Guide+2.6 1128515764 M * meebey Bertl: those run usually stanadlone with nothing esle on it 1128515774 M * meebey Bertl: because of seucrity reasons 1128515795 M * eXa_bOy thank you alL!!!!!!!!!!! 1128516482 Q * mountie Remote host closed the connection 1128516507 J * mountie ~mountie@CPEdeaddeaddead-CM000a739acaa4.cpe.net.cable.rogers.com 1128516873 Q * SiD3WiNDR Ping timeout: 480 seconds 1128517021 J * lilo_ tor@lilo.usercloak.oftc.net 1128517041 J * SiD3WiNDR luser@bastard-operator.from-hell.be 1128517452 M * sven12-away Bertl: dietlibc seems to overwrite some glibc libraries - is it that much compatible with glibc so that I can safely allow it to do this? 1128517459 Q * lilo Ping timeout: 480 seconds 1128517459 N * sven12-away sven12 1128517867 M * meebey Bertl: feature request: log setting to log all denied caps/opperations 1128518155 M * meebey #define CAP_FULL_SET to_cap_t(~0) 1128518160 M * meebey thats all caps? 1128518197 M * meebey coping all caps for testing reasons is anoying :-P I was already looking for a CAP_ALL 1128518497 M * Bertl meebey: guess you have to bring that feature request to mainline 1128518512 M * Bertl the capability system is nothing vserver specific 1128518576 M * eyck hmm, does vserver conflict with SELinux? 1128518705 M * sven12 I think I missed one pint - glibc, dietlibc libraries are only needed for making software, not running it, right? 1128518772 M * Bertl eyck: not very much, so you can use that for detecting/logging some of them 1128518808 M * Bertl sven12: for glibc, most libraries are used at runtime, for dietlibc, just at compile time 1128519028 M * meebey Bertl: hm ic 1128519049 M * meebey Bertl: with all caps the graphics works right in vmware 1128519058 M * meebey so its for sure some strange cap 1128519059 M * sven12 ok 1128519517 M * sven12 I made a version of a dglibc package, overwrote the glibc libraries and tried with t.c example 1128519523 M * sven12 it compiled cleanly 1128519542 M * sven12 but on execution showed Segmentation fault 1128519567 M * sven12 are there some instructions for some other distro 1128519581 M * sven12 on how to set dietlibc up properly 1128519605 M * Bertl well, most distros provide dietlibc 1128519618 M * Bertl what distro do you use? 1128519627 M * sven12 Arch 1128519638 M * sven12 it doesn't seem to have that package yet 1128519654 M * Bertl hmm, well, you can compile it from sources 1128519666 M * sven12 yes,that seemed to succeed 1128519674 M * Bertl it's pretty simple and not very intrusive 1128519684 M * sven12 I am only not sure what files belong where 1128519684 M * Bertl (only installs the diet tool) 1128519699 M * sven12 is diet tool enough? 1128519710 M * sven12 no need to copy .a files anywhere? 1128519714 M * Bertl yes, it has a memory where the rest is ... 1128519731 M * sven12 ok,sounds good then 1128519739 M * Bertl so make, make install is usually fine 1128519751 M * sven12 I'll try to make only diet tool installed by the package 1128519760 M * Bertl also, once you've built the tools, you do not need dietlibc anylonger 1128519784 M * Bertl (as dietlibc builds static binaries) 1128519795 M * sven12 yeah,ok 1128520248 M * meebey found it 1128520254 M * meebey Bertl: CAP_IPC_OWNER 1128520270 M * meebey Bertl: with that the modechanges or what it does works 1128520285 M * meebey it shows now the graphics of the emulated machine 1128520324 M * Bertl funny 1128520346 M * meebey I guess its sloppy vmware :) if somethng fails it should escalate 1128520353 M * meebey to log or user interface that there is a problem 1128520373 M * meebey IMHO error hiding is one of the most dnagerous thing a software developer can do 1128520396 M * meebey neither the developer nor the user will be able to recognize there is a internal problem 1128520444 M * meebey good that I have exceptions for that reason in my programming language 1128520935 Q * neofutur Quit: leaving 1128521007 J * neofutur ~neofutur@neofutur.net 1128521443 M * sven12 now I did also make install and got more problems - vserver tools doesn't compile anymore. ./configure stops at c++ compiler default output filename and the error I get is: C++ compiler cannot create executables 1128521698 M * Bertl after isntalling dietlibc or what? 1128521709 M * sven12 yes 1128521739 M * sven12 installation overwrote some header files in /usr/include 1128521766 M * Bertl hmm, actually it's not supposed to overwrite anything there 1128521809 M * Bertl what about configuring dietlibc for /usr/local/ instead? 1128521814 M * sven12 luckily it is all inside a vserver guest I made for these tests :) 1128521833 M * sven12 my distro usually avoids using /usr/local 1128521844 M * sven12 but I guess I could try that 1128521851 M * Bertl well, okay, maybe /usr/diet then :) 1128521901 M * sven12 ok 1128521920 M * sven12 I'll start over with new vserver guest to see when it goes wrong 1128522747 J * zgrim ~zgrim@home-040126.b.astral.ro 1128522860 M * zgrim hello, i have a migration issue from vserver 1.x/kernel 2.4 vserver 2.0/kernel 2.6 1128522885 M * Bertl welcome zgrim! 1128522902 M * Bertl what kind of issue? 1128522930 M * zgrim to be more specific, do i need to migrate all my vservers' confs to 2.x style to be able to hide root netifs from within the vserver, or is there another option ? 1128522958 M * Bertl you can set the required flags manually ... 1128522964 M * zgrim because what happened was that suddenly all my vservers could see root's network aliases 1128522967 Q * Hollow Read error: Connection reset by peer 1128522985 M * Bertl (e.g. from the startup scripts) 1128523000 J * Hollow ~hollow@home.xnull.de 1128523038 M * zgrim Bertl: i read about VXF_HIDE_NETIF in the docs, but ... i need to migrate the confs to 2.x style for that to work, don't i ? :/ 1128523063 M * Bertl no, you just need to use vattribute to set it 1128523109 M * Bertl if you add the proper command to the startup script, it will be done automatical 1128523141 M * zgrim hm, that would be nice :) i'm googling it just now, thanks for the tip 1128523191 M * Bertl my pleasure ... 1128523242 M * zgrim VXF_HIDE_NETIF would be flag named ... (hide_netif) ? 1128523285 M * Bertl yep 1128523311 M * Bertl try it on a running guest, you should see the effect immediately 1128523470 M * Bertl okay, off for now ... back later ... 1128523476 N * Bertl Bertl_oO 1128523698 J * lilo ~lilo@lilo.usercloak.oftc.net 1128523791 Q * lilo_ Ping timeout: 480 seconds 1128523898 Q * zgrim Quit: thanks, indeed it worked :) 1128524247 J * lilo_ ~lilo@lilo.usercloak.oftc.net 1128524495 Q * lilo Remote host closed the connection 1128527158 J * mrec_ ~revenger@p54B02F16.dip0.t-ipconnect.de 1128527547 M * mnemoc what VC_VXC_*MOUNT are? 1128527572 Q * mrec Ping timeout: 480 seconds 1128527673 M * mnemoc are they a hack to not need CAP_SYS_ADMIN? 1128529168 J * menomc ~amery@200.75.27.85 1128529332 Q * mnemoc Ping timeout: 480 seconds 1128529332 N * menomc mnemoc 1128530327 J * Blissex pcg@82-69-39-138.dsl.in-addr.zen.co.uk 1128531067 J * erwan_taf ~erwan@84.5.73.123 1128531565 M * liquid hi 1128531613 M * liquid how could i limit the cpu time and the ram in a vserver ? 1128531677 M * mnemoc /etc/vservers/liquid/rlimits 1128531831 Q * erwan_taf Quit: Leaving 1128531851 M * liquid with vlimit in it? 1128531858 J * erwan_taf ~erwan@84.5.73.123 1128531882 M * liquid like vlimit --xid 32 ...? 1128531939 M * Blissex liquid: thin carefully as to what you are asking... 1128531963 M * Blissex liquid: try to be more precise in your thinking as to exactly what you are trying to limit and where. 1128532084 Q * erwan_taf Quit: 1128532096 M * liquid i try to limit the ram in an vserver to 64mb 1128532098 J * erwan_taf ~erwan@84.5.73.123 1128532864 J * erwan__taf ~erwan@84.5.73.123 1128532864 Q * erwan_taf Read error: Connection reset by peer 1128532956 M * tuxcapoeira liquid: in /etc/vservers/vserver-name.conf do ULIMIT="-v 64000" (sets limit in kB) 1128533108 M * liquid isn't ulimit for 2.4? 1128533130 M * mnemoc and vserver-name.conf is legacy 1128533143 M * mnemoc liquid: read the great flower page 1128533181 M * tuxcapoeira whats wrong with legacy? 1128533254 M * mnemoc nothing 1128533262 M * liquid ok thanks will try the flowerpage 1128533295 M * daniel_hozac except you don't get all the new features. 1128533507 Q * erwan__taf Ping timeout: 480 seconds 1128534556 Q * Doener Ping timeout: 480 seconds 1128534594 J * Doener ~doener@i5387ED19.versanet.de 1128534716 M * tuxcapoeira so what to do instead of ulimit? 1128534722 Q * eXa_bOy Read error: Connection reset by peer 1128534774 M * mnemoc [13:02:02] /etc/vservers/liquid/rlimits 1128535049 J * IEF ~ief@cp115413-b.landg1.lb.home.nl 1128535204 Q * Johnsie Remote host closed the connection 1128535271 J * Johnsie ~john@acs-24-154-53-217.zoominternet.net 1128535351 J * liquid_ ~liquid@p54974028.dip.t-dialin.net 1128535812 Q * liquid Ping timeout: 480 seconds 1128535837 M * tuxcapoeira changed from legacy to dir-nethod, can't stop the vserver anymore? 1128536055 M * tuxcapoeira what did i miss? 1128536197 M * sven12 tuxcapoeira: Could it be /var/run - pid - related thing? 1128536267 M * sven12 you must have a soft link to /var/run/vservers/ 1128536297 M * sven12 and - file must have the guests context number in it 1128536374 M * tuxcapoeira is no softlink but correct named file with correct context id 1128536451 M * sven12 I made recently a bash script that converted legacy vservers configs to current ones 1128536477 M * tuxcapoeira it was U! 1128536491 M * tuxcapoeira great work! 1128536514 M * sven12 in there I used the soft links: /etc/vservers//run => /var/run/vservers/ 1128536528 M * sven12 I haven't published it yet :) 1128536533 M * tuxcapoeira tx, just tried it out today today, the result is the problem 1128536562 M * sven12 the script I made works in relation with vskel 1128536568 M * tuxcapoeira think its an incorrect installation of util-vserver, I'm just updating ;) 1128536579 M * sven12 ok 1128536609 M * sven12 i'll publish my script as soon as I get the per vserver quota to work 1128536648 M * tuxcapoeira kernel 2.4 or 2.6? 1128536654 M * sven12 I'd like the easy way to create new vservers with vskel and use per vserver quota 1128536667 M * sven12 I've been using kernel 2.6 1128536686 M * tuxcapoeira by the way, how do i set the onboot=yes? 1128536721 M * sven12 I think I saw it somewhere... 1128536726 M * tuxcapoeira yesterday herbert told me, quota not implemented yet? 1128536736 M * tuxcapoeira onboot- ok, i search 4 it 1128536765 M * sven12 well,it is been hard to set up, at least for me 1128536771 M * sven12 I found a wiki doc 1128536783 M * sven12 here: http://linux-vserver.org/Disk+Limits 1128536818 M * sven12 and here is this vskel: http://linux-vserver.org/VSkel 1128536843 M * sven12 what I trying to do is to use just one command to make a new vserver guest from a skel 1128536874 M * sven12 like this: nvserver skelname myname myhost 250 1128536893 M * sven12 where 250 would be the disk space quota,allocated for this vserver 1128536946 M * tuxcapoeira skel: why don't use vserver-copy? 1128536968 M * sven12 I want to use the immutable-hard links 1128536982 M * tuxcapoeira tx for the wiki i am just reading.. 1128536986 M * sven12 this way,using vskel,each vserver guest takes up only 63 mgebytes 1128536997 M * sven12 np 1128537019 M * sven12 while otherwise a vserver guest would use over 400 MB 1128537037 M * sven12 I want to be able to host many users :) 1128537168 M * tuxcapoeira what hardware and distri are u using? 1128537174 M * tuxcapoeira sven12 1128537183 M * sven12 with apache as proxy on one vserver and a lighttpd-mysql-php on each guest 1128537222 M * sven12 2.8 GHz P4, 512 MB memory (for now), 2x80 GB harddrives 1128537243 M * sven12 and for distro I am using Arch Linux 1128537269 M * sven12 it has the nicest package management porgram imo 1128537280 M * tuxcapoeira why apache as proxy and not in every vhost 4 users to configure? 1128537298 M * sven12 because it uses more resources than lighttpd 1128537316 M * sven12 and I am planning to use vserver only as a security measure 1128537321 M * sven12 a "better chroot" 1128537348 M * sven12 because I am planning to host some sites for ordinary users 1128537361 M * sven12 not for linux people :) 1128537382 M * sven12 actually apache as a reverse proxy 1128537395 M * sven12 and mod_security as a gatekeeper on it 1128537406 M * sven12 with modified snort rules 1128537418 M * tuxcapoeira i got something simmilar in mind, but with apache in every host 1128537438 M * tuxcapoeira so to say, leaving the sec a bit more to the people 1128537459 M * sven12 yes 1128537488 M * sven12 I did only some copmarison about memory usage of apache and lighttpd 1128537500 M * sven12 there must some sites 1128537510 M * sven12 that have done good comparisons 1128537635 M * sven12 check this: http://e.cactuswax.net/index.php/2005/04/21/48/ 1128537711 M * sven12 Smaller memory footprint - While running a test, Apache processes had greater than 9% of system memory used. Running the same test with lighttpd showed around .2% used. 1128537754 M * tuxcapoeira up to now, apache was good enough for me, on my laptop i use cherokee 1128537768 M * tuxcapoeira just checking the mem of apache on my server ... 1128537807 M * sven12 I've checked cherokee,too 1128537814 M * sven12 does it support php yet? 1128537840 M * tuxcapoeira dont, know, using it as a debian-mirror-server, no php needed 1128537846 M * sven12 ok 1128537904 M * sven12 I checked it,seems to support now: http://www.0x50.org/?option=com_docu&topic=PHP_execution 1128537974 M * sven12 but as cgi, not as fastcgi like lighttpd 1128538060 M * tuxcapoeira ok, "heavy" load, over 10% on 256mb 1128538108 M * tuxcapoeira maybe should change the concept ;) 1128538118 M * sven12 those apache instances? 1128538140 M * tuxcapoeira what do you meen? 1128538163 M * sven12 those using over 10% under heavy load? 1128538179 M * tuxcapoeira yes 1128538183 M * sven12 ok 1128538224 M * sven12 here are also some test results: http://forums.bsdnexus.com/viewtopic.php?id=121 1128538613 Q * sven12 Quit: Leaving 1128538900 J * sven12 ~sven@80-235-89-98-dsl.prn.estpak.ee 1128539174 M * sven12 tuxcapoeira: if you plan to use vskel, too the easiest way to create a skel is to do it from that vserver guest you have set up with vserver 1128539201 M * sven12 I had to use the ordinary chroot to get into the guest 1128539211 M * sven12 and then used vskel.pl in there 1128539243 M * sven12 then just exited and copied the /vserver/.skel to the host 1128539266 M * tuxcapoeira sounds good.. 1128539311 M * sven12 what I also would like from my scripts is to let them create the ip addresses, context numbers and fill those in on a new vserver creation 1128539368 M * sven12 and I also was forced to let them make unique port numbers for each lighttpd instance in guests 1128539388 M * sven12 for some reason, I always got socket denied errors 1128539398 J * nayco ~nayco@lns-bzn-25-82-251-192-78.adsl.proxad.net 1128539403 M * sven12 when tried to use the same port number in each guest 1128539417 M * nayco Hello ! 1128539426 M * tuxcapoeira with different ips on the guests? 1128539448 M * tuxcapoeira out for a minute...... 1128539451 M * sven12 yes and ports, for lighttpd and fastcgi spawn 1128539652 M * tuxcapoeira maybe set the wrong CAPS? 1128539747 M * sven12 you mean flags in new configuration method? 1128539777 M * sven12 like lock, hide_netif 1128539809 M * tuxcapoeira nope, bcapabilities 1128539849 M * sven12 I don't got that file in my configuration yet :) 1128539891 M * tuxcapoeira add it by hand? 1128539895 M * sven12 that flower page :) 1128539899 M * sven12 it seems to be there 1128539942 M * sven12 yes,that's how I got localhost to work,too 1128539952 M * sven12 just added folder 1 to interfaces 1128539965 M * tuxcapoeira add the file, and then one CAP per line, easy ;) 1128539966 M * sven12 and then ip and prefix and name 1128539973 M * sven12 yes 1128540034 M * sven12 I haven't got into details yet with my work, just trying to get the main things work and then thought to look things mroe carefully 1128540240 M * sven12 but got to be more careful with that vdlimit command - I tried something yesterday and now I still get error on startup - libvserver.so.0 cannot be found 1128540291 M * sven12 in my case it seems compilacated because somehow I must take those hard-linked files in account when setting quota limits 1128540402 M * sven12 and a side effect is on this laptop I am trying vserver that I cannot open terminal in X :) 1128540488 M * tuxcapoeira u have x inside a vserver? 1128540496 M * sven12 no,on host 1128540520 M * sven12 just trying to build working protos 1128540527 M * sven12 and learn methods 1128540547 M * sven12 and then transfer everything I need to server 1128540588 M * tuxcapoeira that's what its all about, learning 1128540615 M * sven12 yeah,been over 8 months using only Linux 1128540665 M * sven12 should have converted before :) 1128540717 M * tuxcapoeira preeching to the converted.... 1128540779 M * sven12 I thought I got things secure enough in May - apache and php with suexec and then got paranoid after reading Hacking Linux 1128540810 M * sven12 and so found this vserver 1128540853 M * tuxcapoeira i saw bertl in an event in june talking about vservers... 1128541012 M * sven12 are the materials somewhere online? 1128541044 M * tuxcapoeira don't think so... 1128541093 M * sven12 it was the Linuxtag or some other? 1128541182 M * tuxcapoeira linuxwochen in vienna 1128541199 M * sven12 I see 1128541276 Q * nokoya Ping timeout: 480 seconds 1128541278 M * sven12 did bertl talk something interesting about the future of vserver? 1128541349 M * tuxcapoeira not that i remember... 1128541356 M * tuxcapoeira keep developing... 1128541371 M * sven12 ok 1128541529 M * sven12 I think I'll put up a wiki page as soon as I get my scripts better 1128541590 M * sven12 a vserver with everything that is needed in one click would be neat :) 1128541610 M * daniel_hozac one command isn't smooth enough? 1128541650 M * tuxcapoeira command like what? 1128541658 M * sven12 I'd like to have mysql and servers inside a vserver configured automatically, too 1128541760 M * sven12 like passwords generated and port numbers set to configuration files 1128541911 J * nokoya ~young@hi-230-82.tm.net.org.my 1128541955 Q * IEF Quit: 1128541977 M * sven12 that command could have: skel name that is used, username, hostname and quota amount in megabytes 1128541987 M * sven12 those as parameters 1128542037 M * sven12 and then it would output a random generated ip address and other info needed for servers inside a vserver 1128542090 M * sven12 then other scripts would edit config files using that previous info 1128542163 M * sven12 I like automation 1128542339 Q * sven12 Quit: Leaving 1128542392 J * sven12 ~sven@80-235-89-98-dsl.prn.estpak.ee 1128542411 Q * sven12 Quit: 1128542518 Q * francois Ping timeout: 480 seconds 1128544059 J * mef ~mef@targe.CS.Princeton.EDU 1128545042 M * nayco Bertl : There is a strange boat on this site... http://loupdemer.tuxfamily.org/races.php?lang=en&idraces=8 For sure, the #12 has a good sponsor ;) 1128546494 N * Bertl_oO Bertl 1128546503 M * Bertl evening folks! 1128546508 M * matti Hello Bertl. 1128546568 M * Bertl nayco: lol! 1128546576 M * Bertl hey matti! 1128546582 M * Bertl evening mef! 1128546817 M * nayco 'llo, Bertl !!! 1128546824 M * nayco The boat rocks, huh ??? 1128546830 M * nayco ;) 1128546912 M * Bertl nayco: sure it will win! :) 1128546958 M * nayco Well, er... no, that's too late to climb up, but I hope to end near #10 :) 1128546984 M * nayco Oh, I wanted to know, is Enrico around here, these days ? 1128547005 M * mnemoc is he alive? 1128547027 M * Bertl yes, he is alive, I had a chat with him yesterday ... 1128547033 M * nayco I wanted to ask him for help regarding utils-vserver and Mandriva... 1128547052 M * nayco ...for urpmi 1128547070 M * Bertl he was very busy with work lately, but he said he should find more time now ... 1128547186 M * nayco Ok, so I'll stay around here these days and try to catch him. And mail him too. This urpmi+util-vserver stuuf is a bit hard for me, so I'll need a few hints. 1128547214 M * daniel_hozac util-vserver is basically too hard for anyone but enrico ;) 1128547221 M * nayco :D ! 1128547281 M * Bertl yeah, it's very, hum .. complex ... 1128547988 M * nayco oh, are there some of you guys in need of a cheap and simple accouting software for Cups ? I wrote a little soft this year, and finally released a first version last week: I need testers... This was a great moment: I learned that releasing, packaging and documenting code can take slighty more time than actually writing code ;) Anyway, as this is not vservers related (Well, it was written _inside_ vservers, but ;)...), I won't post 1128547988 M * nayco the url without Bertl's agreement. If you find this disturbing, I'll never talk about it again ;) 1128548025 M * Bertl go ahead, I have no problem with it ... 1128548127 M * nayco Ok, thank you :) : This is called JASmine and can be downloaded here => http://nayco.free.fr/wiki/doku.php?id=jasmine Thanks to those trying it. 1128548164 M * nayco Oh, dear, this is GNU/GPL, of course. 1128548227 M * tuxcapoeira help? changed vserver from legacy to default configmethod but cant stop it anymore! 1128548271 M * nayco Er, you mean you did not stop it before changing conf ? 1128548298 M * tuxcapoeira wasnt started at all! 1128548318 M * nayco Ok, so now you start it, and then cannot stop it ? 1128548326 M * tuxcapoeira right! 1128548336 M * tuxcapoeira only way: init 0 on the host 1128548337 M * nayco any error message ? 1128548357 M * tuxcapoeira nope, stopping vserver ... and nothing else 1128548404 M * nayco the stop command returns immediately or it actually tries to stop the vserver ? 1128548444 M * tuxcapoeira tries to stop, short cpuload and then nothing 1128548596 M * nayco The bash prompt returns ? 1128548607 M * tuxcapoeira no 1128548638 M * nayco oh, it is blocked, so ? mmm... 1128548652 J * Aiken ~james@tooax6-100.dialup.optusnet.com.au 1128548709 M * nayco have you tried building a new vserver from scratch, and started/stopped it ? 1128548739 M * nayco (-ed +ing ) * 2 1128548743 M * Bertl tuxcapoeira: what distro/kernel/tools are we talking about? 1128548749 M * tuxcapoeira not yet, good idea! will try that 1128548855 M * tuxcapoeira Bertl: gentoo vserver2.6.13 vs 2.0 release and utilvserver 0.30.208 1128548903 M * Bertl hmm, Hollow had the tartup/shutdown fixed recently, do you use the latest stuff there? 1128548909 M * Bertl *startup even 1128548964 M * tuxcapoeira don't think so, i will, bye! and tx 1128548974 M * Bertl you're welcome! 1128548982 Q * tuxcapoeira Quit: Ex-Chat 1128548986 M * Johnsie http://home.xnull.de:8008/doc/en/vserver-howto.xml 1128548994 M * Johnsie Damn. 1128549821 J * jayeola ~jayeola@host-84-9-35-93.bulldogdsl.com 1128550074 M * Bertl evening jayeola! 1128550083 M * jayeola wotcha! 1128550111 M * jayeola met alan cox today 1128550573 M * Bertl how is he? heven't seen him for a while now ... 1128550598 J * ionsphere ~ionsphere@S01060050dab69981.no.shawcable.net 1128550619 M * Bertl welcome ionsphere! 1128550625 M * jayeola um, looked ok to me. "linux world london" - not like we are buddies or something 1128550760 M * Bertl he spent a few days in vienna (a few years ago) 'we' showed him the city :) 1128550872 M * ionsphere hello! 1128550899 Q * Greek0 Ping timeout: 480 seconds 1128551051 M * ionsphere I am searching for documentation on vserver specifically regarding limiting CPU/diskspace on a per-server basis. I am unclear as to the differences in using a 2.4.x and 2.6.x kernel. Can anyone help clear my muddled understanding? 1128551127 M * Bertl http://linux-vserver.org/Release+Faq for the 2.4/2.6 differences) 1128551143 M * Bertl http://linux-vserver.org/Documentation (general docu) 1128551157 M * Bertl http://vserver.13thfloor.at/Linux2.6/index.php?page=Per+Context+Disk+Limits 1128551168 M * Bertl http://linux-vserver.org/Quota+and+Disk+Limits 1128551176 M * Bertl http://linux-vserver.org/Disk+Limits 1128551180 M * mnemoc *G* 1128551186 M * mnemoc Bertl needs a bot 1128551201 M * jayeola ya, good idea 1128551207 M * jayeola /bot docs 1128551209 M * Bertl http://linux-vserver.org/Scheduler+Parameters 1128551223 M * jayeola /msg bot help 1128551225 M * Bertl and for resources (as bonus :) http://linux-vserver.org/Resource+Limits 1128551228 M * jayeola and so on 1128551315 J * Greek0 ~greek0@85.255.145.201 1128551357 M * Bertl wb Greek0! 1128551471 M * matti Bertl: Is CAP_SYS_RESOURCES neccesery for vserver guest to make a connection from some process inside that enviroment? For example, lynx to some website. 1128551492 M * Bertl not that I know of? 1128551502 M * matti Bertl: Hmm... 1128551509 M * matti Bertl: I notice some strange thing. 1128551522 M * matti Bertl: If I don't enable such capability. 1128551535 M * matti Bertl: Network from and to vserver guest is tottaly dead. 1128551603 M * matti Bertl: And... What is funny in all that mess... If I do some ping from or to such guest... tcpdump shows that everyting is normal - I mean, ping is working, but in vserver i've 100% packet loss. 1128551649 M * matti Weird... 1128551660 M * Bertl weird indeed ... 1128551730 M * matti I thought, that ping will require CAP_NET_RAW. 1128551760 M * matti But, that don't help at all :) 1128551800 M * matti If I don't enable CAP_SYS_RESOURCES in bcapabilities... Network is dead :) 1128551805 M * Bertl some ping utilities required NET_RAW, most of them work with icmp_raw or even without 1128551826 M * matti Yeah. 1128551837 M * matti But ping is not only that is affected. 1128551868 M * matti For example: normal TCP connections from lynx is also broken without CAP_SYS_RESOURCES. 1128551876 M * matti I mean - web sites don't work ;p 1128551878 M * matti Hehehe. 1128551947 M * matti Hm... 1128551960 M * matti Bertl: I ask my friend romke for help. 1128551995 M * matti Bertl: And we're stick all night in my work, and try to solve the problem. 1128552047 M * Bertl I'm pretty sure SYS_RESOURCE is not required for network access or lynx :) 1128552054 M * matti So do I. 1128552062 M * matti But, it don't work without it. 1128552091 M * matti And THAT is 'aint funny :) 1128552112 M * Bertl ahem, it works here without it :) 1128552118 M * matti :P 1128552136 M * matti Yeah... I know :P 1128552217 M * Bertl okay, I'm off to bed now ... have a nice whatever everyone, cya tomorrow! 1128552264 N * Bertl Bertl_zZ 1128552336 M * matti Sleep well Bertl ;) 1128552337 J * waters33637 ~waters336@etcb01-00-bnwkga-69-173-45-114.atlaga.adelphia.net 1128552344 Q * dddd44 Ping timeout: 480 seconds 1128552399 M * ionsphere btw, can u make a vserver on a vserver? 1128552431 M * matti ionsphere: You mean root vserver in a vserver guest? 1128552443 M * ionsphere yes 1128552481 P * waters33637 Leaving 1128552488 M * matti ionsphere: Hmm... IMHO not. But, I am not an expert :) You need to ask Bertl :] 1128552543 M * ionsphere ok 1128552637 M * daniel_hozac you need CAP_SYS_ADMIN to create contexts. 1128552706 M * daniel_hozac i don't quite see the point in having vservers within vservers though. 1128552754 M * ionsphere nor do I, I was think more about what an end user could do 1128552804 M * ionsphere and if there was any possible security/stability issues 1128553611 Q * ionsphere Quit: ChatZilla 0.9.61 [Mozilla rv:1.7.12/20050915] 1128553712 Q * Blissex Read error: Connection reset by peer 1128554051 J * ionsphere ~ionsphere@S01060050dab69981.no.shawcable.net 1128554062 T * ionsphere http://linux-vserver.org/ | latest stable 2.0, 2.0.1-pre2, 1.2.10, 1.2.11-rc1, devel 2.1.0-rc3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) ! 1128554118 M * ionsphere can anyone explain what "per context quota" means? 1128554480 Q * ionsphere Quit: ChatZilla 0.9.61 [Mozilla rv:1.7.12/20050915] 1128554482 M * eyck single partition, multiple guests, multiple quotas 1128554486 M * eyck oh well... 1128554502 Q * nayco Quit: Bonne nuit ! 1128554946 J * gndmstr ~gndmstr@ip1.pathworx.sbbsnet.net 1128554980 M * mnemoc any looser can join and change topic at will? 1128555021 M * daniel_hozac yes. 1128555024 M * gndmstr hehe guess he didnt worry about security on that 1128555028 M * jayeola try it 1128555054 M * daniel_hozac i guess he assumes that we are all grown up enough not to mess with it ;) 1128555072 Q * Doener Quit: Leaving 1128556072 M * mnemoc to mount smomething at vserver's / ... should i do it at /etc/vservers/vsname/fstab or pre mounted by host ?