1132533737 M * daniel_hozac Cru: are the vps-* packages in a yum'able repo? (assuming you are that cru :)) 1132533757 M * Cru heh, I am that Cru ;) 1132533772 A * Cru is unique ;) 1132533784 M * Cru no, sorry, I am providing only apt repos 1132533817 M * daniel_hozac any particular reason for the multiple packages rather than a single one? 1132533845 M * Cru thought about yum, but I dont know how to create a yum repo and due to there is no need for yum, I do not feel like reading about ;) 1132533849 M * daniel_hozac i've got one with a similar purpose, but i haven't really finished it yet. 1132533858 M * daniel_hozac createrepo directory ;) 1132533889 M * Cru okay, if thats all, it is resonable to provide also yum ;) 1132533899 M * Cru will have a look into this later 1132533907 M * Cru well, there are some reasons 1132533927 M * Cru 1. the fake kernel is also interesting for other systems 1132533978 M * Cru 2. vps-dev is no fake package but provides a "real" dev with just the device nodes for vps inside - also it has to be installed with mknod capability set 1132533988 M * Cru 3. the other package does the whole rest 1132534069 M * Cru I also thought about merging to a single package, as well as splitting it into a bunch of fake packages so everyone can determine what he wants to fake and what should be real 1132534084 M * Cru but this solution was the best, I think 1132534148 M * Cru maybe I will merge both fake packages into a single one and providing a fake kernel package for other situations than vservers separately 1132534388 M * PerlOffice does vserver support CPU burstability? 1132534392 M * PerlOffice and RAM burstability 1132534397 M * PerlOffice with guarentee levels? 1132534534 M * daniel_hozac burstability being? 1132534540 M * PerlOffice meaning 1132534547 M * PerlOffice we have a Dual Xeon system 1132534550 M * PerlOffice ie. 2 x 2.8Ghz 1132534551 M * Doener cpu burst: yes, ram burst: no, cpu guarantee: as long as you don't overcommit (probably qualifies as 'no')... (all just AFAIK) 1132534569 M * PerlOffice we want to obviously split that between users 1132534582 M * PerlOffice we want to provide users a guarentee of 500Mhz but burst to 2.5 1132534593 M * PerlOffice and a ram guarentee of 128MB but burst to 512 1132534611 M * PerlOffice ie. the user WILL DEFINITELY get 500Mhz/128MB 1132534629 M * PerlOffice but, provided it's available, they can get 2.5Ghz with 512MB RAM 1132534833 M * Cru well, with RAM that is quiet impossible to take away memory processes are actively using... ;) 1132534866 M * Doener cpu bursts are not available on a "how idle is the system" level, but on a "how idle was this vserver lately" level... 1132534938 M * Doener i.e. a vserver that was idle for quite some time, might burst and use increased cpu time for some time. but one that is busy all the time is limited. 1132535082 M * Doener http://linux-vserver.org/Linux-VServer-Paper-06 -- see 06.3. 1132535593 M * Cru hmm, was cap RLIMIT_NPROC allowed in vs1.2 but is not in vs2.0? 1132536008 M * Cru seems to be a vserver-legacy problem - claims about that disappeared after converting the config 1132536836 M * Cru but I experienced another irregularity: 1132536841 M * Cru http://ircnet.de/paste/22 1132536947 M * Cru This happened when booting the system with some legacy vservers - after converting them, it did not happen again (until now), neigther it did on my test server, using the same kernel image (2.6.14.2 with a 2.6.14-vs2.0.1rc2 rediff) 1132537061 M * dlippolt any debian heads on? 1132537842 Q * Doener Quit: Leaving 1132540840 Q * click Ping timeout: 480 seconds 1132542863 J * sebi_ ~sebi@Fd437.f.strato-dslnet.de 1132542971 Q * sebi Ping timeout: 480 seconds 1132547033 Q * dlippolt Quit: Leaving 1132549209 Q * Cru Quit: use Unices; $live->free() || die; 1132558877 J * Boyd ~Pirch@203.188.42.216 1132559035 N * Boyd Passion 1132559042 P * Passion 1132559482 J * Passion ~Pirch@203.188.42.216 1132559937 J * click click@ti511110a080-3640.bb.online.no 1132560444 P * Passion 1132561005 Q * Aiken Ping timeout: 480 seconds 1132563965 J * shedi ~siggi@tolvudeild-197.lhi.is 1132564803 Q * Hollow Remote host closed the connection 1132566401 J * yungyuc ~yungyuc@220-135-53-220.HINET-IP.hinet.net 1132567765 Q * michal_ Ping timeout: 480 seconds 1132567863 J * michal_ ~michal@mprivacy-update.de 1132568489 J * Hollow ~hollow@home.xnull.de 1132568518 M * sizo moin 1132568609 M * Hollow Bertl_zZ: http://home.xnull.de/misc/delta-setxid-fix01.patch 1132570168 Q * yungyuc Quit: leaving 1132570543 Q * monrad Quit: Leaving 1132571506 M * ag- a security question: basically, if a program do a chdir("/foo"); before a chroot("/foo"); is there a possibility to escape the chroot? 1132571573 M * ag- s/do/does/ 1132571675 J * DavidS ~david@chello062178045213.16.11.tuwien.teleweb.at 1132571740 M * DavidS hi again :) I found hashify - and screwed up a bit :) 1132571754 M * DavidS ls -l: -rw-rw---- 2 www-data www-data 36609 Nov 16 15:57 event-log 1132571757 M * DavidS lsattr: ----i------------ event-log 1132571796 M * DavidS and I can't write into it anymore: "bash: event-log: Permission denied" 1132571798 M * DavidS :( 1132571807 M * DavidS kinda expected :) 1132571850 Q * Johnnie Quit: G'bye! 1132571937 M * DavidS i have found out, that I can use rsync-style exclude lists in /etc/vservers/VSERVER/apps/vunify/exclude to exclude the directory where my data resides 1132571945 M * DavidS but how can I undo the damage done? 1132572467 M * daniel_hozac setattr --iunlink event-log 1132572479 M * daniel_hozac uh, i mean, setattr --~iunlink event-log 1132572492 J * Johnnie ~john@24.154.53.217 1132572889 M * DavidS daniel_hozac: yeah, now i have to break the link too "mv foo old; cp -a old foo; rm -Rf old" ? 1132572945 M * daniel_hozac sure, but it's not really necessary, unless you think one day that a file just like that will reappear in one of the hashified directories ;) 1132573142 A * DavidS is just some inode-counter ;) "and then again, perhaps one day I'll need it for something important" 1132573191 M * DavidS "find /var/lib/vservers/.hash -links 1" seems to find orphans in the hash directory .. 1132573338 M * daniel_hozac indeed. 1132573449 M * DavidS Funny, I was under the impression, that unification brings some kind of automated copy-on-write protection 1132573518 M * daniel_hozac it does in the devel versions. 1132573535 A * DavidS sobs 1132573567 M * daniel_hozac heh. 1132573578 A * DavidS goes and does some manual linkbreaking on /srv and /www ... 1132573624 J * yungyuc ~yungyuc@220-135-53-220.HINET-IP.hinet.net 1132574275 M * DavidS thanks, daniel_hozac! 1132574277 P * DavidS 1132574429 J * arok ~thorsten@p549593DF.dip0.t-ipconnect.de 1132574770 Q * Johnnie Remote host closed the connection 1132574901 M * daniel_hozac Bertl_zZ: re nr_running problem... seems it's as simple as chcontext --xid 42 sh -c 'echo `ls`'. the main process (sh -c ...) seems to be getting deactivated twice without having been activated first. 1132576654 J * Johnnie ~john@acs-24-154-53-217.zoominternet.net 1132576660 Q * Johnnie Quit: 1132577526 M * Hollow ag-: you can break out of every chroot (at least as root) 1132577747 Q * arok Quit: leaving 1132577826 M * harry Hollow: not always 1132577866 M * Hollow probably... do you have an example? 1132577870 M * harry you can however escape from a normal chroot 1132577881 M * harry but iirc it's not possible in a vserver 1132577899 M * Hollow well, vserver uses namespaces for that 1132577919 M * Hollow but namespaces are not vserver specific, they're in vanilla too 1132577943 M * harry http://www.bpfh.net/simes/computing/chroot-break.html 1132577947 J * ntrs_ ~ntrs@68-188-50-87.dhcp.stls.mo.charter.com 1132577961 M * Hollow yup, read that already 1132577964 Q * ntrs__ Read error: Connection reset by peer 1132577966 M * harry it was something like: chroot ../ or something :) 1132577978 M * Hollow the evil things are file descriptors ;) 1132578028 M * Hollow harry: look at http://home.xnull.de/work/vserver/util-vserver/src/vmount.c it chroots in secure_chdir and breaks out after tat with restore_root 1132578339 M * harry so i see 1132578403 M * ag- Hollow: yes, there's the need to be root first, then for instance make a blockdev with mknod or without :P 1132578422 M * Hollow yeah, device nodes are pretty evil too ;) 1132578431 M * ag- so basically, every root chroots are vulnerable 1132578443 M * Hollow except these with namespaces ;) 1132578461 M * ag- of course, i wasn't talking about specific kernel features :) 1132578504 M * Hollow even if you drop CAP_MKNOD the fd trick would still work 1132579681 Q * ntrs_ Read error: Connection reset by peer 1132579687 J * ntrs_ ~ntrs@68-188-50-87.dhcp.stls.mo.charter.com 1132579723 J * Cru ~mindwarp@instructor.e.de.wahlich.com 1132579735 M * Cru moin 1132579744 J * xep ~xep@office.intelcom.su 1132579971 J * harry_ ~harry@d515321D1.access.telenet.be 1132580090 Q * harry Ping timeout: 480 seconds 1132580265 Q * Pazzo Ping timeout: 480 seconds 1132580277 J * Pazzo ~Pazzo@host130-250.pool8172.interbusiness.it 1132580614 M * ag- Hollow: you mean file descriptors of already opened files? well, you can only access to those files, not more? 1132580736 M * ag- except maybe if that file is a directory... 1132581108 Q * bwana Read error: Connection reset by peer 1132581122 M * Hollow fchdir(oldfd); chroot("."); 1132581241 M * ag- you can also ptrace() another process :P 1132581258 M * ag- hopefuly, we have vserver... 1132581348 M * xep Running vserver @ gentoo linux - when i want emerge any soft i get this error - configure: error: installation or configuration problem: C compiler cannot create executables - i think problem in access to folder ... 1132582498 M * baggins Hollow: do you have any documentation for your new util-vserver? 1132582885 J * Johnnie ~john@acs-24-154-53-217.zoominternet.net 1132582900 J * Psy0rz ~psy0rz@lounge.datux.nl 1132582924 M * Psy0rz how to change caps so that i can mount inside a vserver? 1132582931 M * Psy0rz i use the new config style 1132583646 M * Hollow baggins: no 1132583682 M * ag- VC_VXC_SECURE_MOUNT in /etc/vservers/foo/ccapabilities, i suppose 1132583764 M * Psy0rz ash 1132583764 M * Psy0rz ah 1132583767 M * Psy0rz i figured SYS_ADMIN 1132583774 M * Psy0rz i'll try thx 1132583856 M * Psy0rz Unknown ccap 'VC_VXC_SECURE_MOUNT' 1132583874 M * daniel_hozac s/VC_// 1132583900 M * Hollow just SECURE_MOUNT 1132583932 M * Psy0rz k 1132583934 M * daniel_hozac VXC_ isn't stripped as with caps? 1132583967 M * Hollow sure? 1132583985 M * daniel_hozac i was asking ;) 1132584002 M * Hollow iirc VC_VX{F,C} is stripped.. 1132584027 M * ag- sorry :P too much code in mind... 1132584042 M * Psy0rz sys_admin works too 1132584051 M * Psy0rz but then other stuff is possible as well i asume 1132584057 M * Hollow indeed 1132584062 M * Psy0rz i'm using that vserver as build environment 1132584065 M * Psy0rz to compile our stuff 1132584069 N * Bertl_zZ Bertl 1132584074 M * Psy0rz wb Bertl 1132584074 M * Bertl morning folks! 1132584077 M * Hollow heya! 1132584079 M * Psy0rz morning 1132584081 M * sizo hi Bertl 1132584116 M * Bertl daniel_hozac: great! a nice test case .. so it will be fixed pretty soon, I guess ... 1132584129 M * Psy0rz so where are things like SECURE_MOUNT documented now adays Hollow ? 1132584133 M * Psy0rz somewhere on the wiki? 1132584136 M * ag- though SYS_ADMIN is a bcap, not a ccap 1132584142 M * Psy0rz ah ok 1132584152 M * Psy0rz whats the difference? 1132584191 M * ag- bcaps are system caps and ccaps are context caps 1132584192 M * Hollow Psy0rz: on the flower page 1132584255 M * Psy0rz yes but the weedpage only points to the sourcecode 1132584262 M * baggins Hollow: so it's "use the source, Luke" if I want to use it? ;) 1132584263 M * Psy0rz with contains a struct with definitions 1132584269 M * baggins Bertl: hi 1132584275 M * Hollow baggins: exactly :) 1132584292 M * baggins Bertl: looks like I was right about vroot devices :) 1132584304 M * Psy0rz rtf sourcecode :) 1132584315 M * Bertl baggins: ah, you are the one who reported the issue, right? 1132584327 M * Psy0rz mknod: `/tmp/pkgtmp/dev/zap/ctl': Operation not permitted 1132584333 M * Hollow baggins: but it isn't too hard, there are not that many config options supported (yet) 1132584344 M * baggins Bertl: right, I'll test the patch ASAP 1132584351 M * Psy0rz /dev/root / xfs rw,noatime 0 0 1132584355 M * Bertl Psy0rz: and that is good so :) 1132584362 M * Psy0rz i know it is secure :) 1132584366 M * Psy0rz but i'm not using it for security 1132584371 M * Psy0rz but to compile stuff 1132584381 M * Psy0rz so that a bad buildscript cant screwup my system :) 1132584384 M * Bertl Psy0rz: you either need CAP_MKNOD or create the devices on the host 1132584385 M * Psy0rz so i wanna create devices 1132584394 M * mef bertl: things going well with the test machine? 1132584396 M * Psy0rz the scripts want to mknod 1132584400 M * Psy0rz ugly scripts 1132584403 M * Bertl mef: yes and no ... 1132584407 M * Psy0rz thx 1132584413 M * mef bertl: what's the no part. 1132584433 M * Bertl mef: I managed to repartition and fix everything 1132584436 M * Psy0rz hmm now that i think of it 1132584444 M * Psy0rz i also could just run a chroot with sshd 1132584448 M * Bertl mef: but I locked myself out :/ 1132584450 M * Psy0rz to compile stuff 1132584454 M * mef ? 1132584461 M * Bertl mef: details in /msg ... 1132584467 M * Hollow Bertl: did you see the link? i fixed the xid stuff in vattr, and also beautified the output a bit 1132584619 M * Bertl okay, simply apply that patch? 1132584634 M * Hollow yep 1132584804 M * Hollow i'm not quite sure about the /proc stuff when skipping ENOENT for the exe links in /proc/pid/exe, but readlink fails on these.. 1132585047 M * Hollow (but only for pids of kernerl threads.. ) 1132585293 Q * xep Quit: 1132585321 M * Bertl baggins: yes, the whole story is more complicated :) 1132585367 M * baggins Bertl: I saw the patch and I think I know what's going on 1132585369 M * Bertl baggins: first, I did not plan to make the vroot modularized on 2.6 1132585406 M * Bertl baggins: then I added module support, but forgot to handle the mapping as in 2.4 1132585503 M * Bertl baggins: aiken was so kind to test it yesterday, and it seems to work quite fine ... 1132585529 M * Bertl baggins: if you encounter any issues, try to enable the (now working) debug system and please contact me again 1132585556 M * baggins Bertl: ok, if I find anything I'll let you know 1132585723 Q * yungyuc Quit: leaving 1132585853 M * Bertl PerlOffice: ping? 1132586193 M * Bertl Hollow: hmm, new tools do not crash, but it seems that the xid set is not working 1132586200 M * Bertl verifying now ... 1132586252 M * Bertl Hollow: yup, here is what I did: 1132586264 M * Bertl vattr -S -x 123 /mnt/part1/ZZZZ 1132586272 M * Bertl vattr /mnt/part1/ 1132586273 M * Bertl .. 1132586277 M * Bertl dX----bui 00000 /mnt/part1/ZZZZ 1132586284 M * Hollow hm 1132586292 M * Bertl chxid -c 123 /mnt/part1/ZZZZ 1132586299 M * Bertl vattr /mnt/part1/ 1132586305 M * Bertl .. 1132586306 M * Bertl dX----bui 00123 /mnt/part1/ZZZZ 1132586321 M * Bertl btw, I consider the 00123 confusing ... 1132586352 M * Bertl it is neither an octal number nor a hex flag 1132586358 M * Bertl (so I'd remove the leading zeros 1132586375 M * Hollow ok.. 1132586409 M * Bertl what are the 4 flags between X and b? 1132586428 M * Hollow in order: xawhfbui 1132586444 M * Bertl ah, the procfs flags, good 1132586485 M * Hollow hm, could you look if the xid is passed to the iattr struct? 1132586508 M * Bertl kernel side? 1132586517 M * Hollow yep 1132586672 M * Bertl hmm, why does vattr call VCMD_38_2[1] so often? 1132586694 M * Bertl vattr -S -x 123 /mnt/part1/ZZZZ calls that 15 times! 1132586710 M * Hollow what is 38_2? 1132586730 M * Bertl which is accidentially the number of files in that dir! :) 1132586741 M * Bertl let me verify that ... 1132586765 M * Hollow hm.. set_iattr it seems 1132586784 M * Hollow ah, yeah.. i know what happend 1132586786 M * Bertl yup, works, but the difference between chxid and vattr 1132586792 M * Bertl is that it doesn't ahndle dirs 1132586801 M * Hollow add -d, it's on my todo.. 1132586838 M * Hollow -d should only be honoured for get_iattr 1132586917 M * Bertl works fine with -d 1132586929 M * Hollow good 1132586956 M * Bertl well, I guess the semantic of '-d' is ambigous ... so you can pretty much leave it as is 1132587014 M * Hollow ok, i'd prefer it anyway 1132587123 M * Hollow Bertl: time to test a whole guest startup? 1132587173 M * Bertl if you walk me through, we an do so ... 1132587191 M * Hollow ok, you'll need a guest which supports plain init 1132587205 M * Hollow (or add support for the init method you want to use ;) 1132587230 M * Bertl no problem, guests support both here 1132587249 M * Hollow good, create /etc/vservers/name/context with VX_XID="123" and VX_INIT="plain" 1132587254 M * Hollow context.conf 1132587284 M * Hollow and give it a try with: vserver start name 1132587286 M * Bertl hmm? /etc/vservers/name/context is a dir or what? 1132587296 M * Hollow no, it's /etc/vservers/name/context.conf 1132587314 M * Hollow (file) 1132587322 M * Bertl and name is what? 1132587330 M * Hollow your guests name :) 1132587340 M * Bertl okay, please use for that := 1132587346 M * Hollow oki :P 1132587356 M * Bertl I assume context is _not_ the context, right? 1132587371 M * Hollow no, it tells you it's the config file for the context ;) 1132587378 M * Hollow you specif the xid with VX_XID 1132587383 M * Bertl so it is /etc/vservers//context.conf 1132587385 M * Hollow it's bash sytax in that file 1132587389 M * Hollow yep 1132587413 M * Hollow some config options are strings, and some are arrays (mostly the caps, sched and uname stuff) 1132587443 M * Hollow but only VX_XID and VX_INIT are mandatory atm 1132587452 M * Bertl what about network? 1132587463 M * Hollow no support yet 1132587466 M * Bertl oki 1132587483 M * Bertl done 1132587488 M * Hollow i still miss the implementation of vc_net_{add,rem} 1132587499 M * Bertl hmm, should be there ... 1132587508 M * Hollow i mean it's missing in the utils 1132587517 M * Bertl ah, okay, good, np 1132587527 M * Bertl so, what now? 1132587531 M * Hollow ok, so "vserver start " 1132587552 M * Bertl error: vps.loadconfig: cannot find configuration for 'XXXX' 1132587581 M * Bertl cat /etc/vservers/XXXX/context.conf 1132587581 M * Bertl VX_XID="123" 1132587581 M * Bertl VX_INIT="plain" 1132587606 M * Hollow try: grep PKGCONFDIR /usr/share/util-vserver/pathconfig 1132587617 M * Bertl __PKGCONFDIR='/usr/etc/vservers' 1132587624 M * Bertl ah, bad defaults ... so be it 1132587668 M * Hollow hm, yeah... some paths set by autotools confuse me anyway 1132587675 M * Bertl mv /etc/vservers/XXXX /usr/etc/vservers/ 1132587679 M * Bertl vserver start XXXX 1132587679 M * Bertl error: vps.loadconfig: cannot find installation for 'XXXX' 1132587683 M * Hollow ok, before trying again.. 1132587686 M * Hollow ok.. :P 1132587698 M * Bertl it's /usr/vservers? 1132587717 M * Hollow cd /usr/etc/vserver/XXXX && ln -s ../.default/vdirbase/XXXX vdir 1132587741 M * Hollow .defaults 1132587759 M * Bertl hmm, no, was a missing mount on my side 1132587762 M * Bertl now I get: 1132587763 M * Hollow ok 1132587766 M * Bertl /usr/sbin/vserver: /usr/var/lock/vservers/XXXX: No such file or directory 1132587790 M * Bertl mkdir -p /sr/var/lock/vservers 1132587796 M * Hollow hm.. 1132587797 M * Hollow $(mkinstalldirs) -m 755 $(DESTDIR)$(pkglockdir) 1132587813 M * Bertl no, that doesn't help, it still says: 1132587817 M * Bertl /usr/sbin/vserver: /usr/var/lock/vservers/XXXX: No such file or directory 1132587827 M * Bertl should I create a dir there or a file? 1132587841 M * Hollow XXXX should be a file 1132587864 M * Hollow if you add UVDEBUG=1 in front of vserver start you'll get bash debug output 1132587871 M * Bertl okay, it finished ... 1132587884 M * Hollow ok, then try: vserver enter XXXX 1132587912 M * Hollow did it works after your created the lockfile? 1132587932 M * Bertl hmm, seems that worked ... 1132587953 M * Bertl no, the lock issue was my fault, created the wrong dir, as you can see (sr not usr) 1132587961 M * Hollow ah, ok :) 1132587972 M * Hollow good, then try stopping it with: vserver stop XXXX 1132587994 M * Bertl question: is it intentional that you exchanged the command with the name? 1132588000 M * Hollow yep 1132588008 M * Hollow because not all commands take a name argument 1132588021 M * Hollow "vserver procfs" e.g. 1132588025 M * Bertl doesn't that lead to strange effects when you have commands with arguments? 1132588045 M * Hollow why should that be? 1132588083 M * Bertl well, just lets consider a hypothetical 'change' command which changes some settings 1132588098 M * Bertl syntax would be: 1132588111 M * Bertl vserver change flags 1132588132 M * Bertl where actually the 'change' would have been a 'change flags' 1132588209 M * Bertl but it's okay for me, just my thoughts ... 1132588227 M * Hollow hm, can't follow.. why would the command be "change flags? the command is change, and probably flags is a subcommand 1132588245 M * Bertl yes, that's what I meant 1132588261 M * Bertl imho the sequence of command, subcommand, sub-subcommand 1132588269 M * Bertl should not be broken by a guest name 1132588283 M * Bertl and parsing something like: 1132588301 M * Bertl vserver change flag is probably horror 1132588303 M * Hollow the implementation is easy: every command has one file in /usr/share/util-vserver/commands, and the vserver script class .main, with shifted argv, so it can pretty much do with the rest of the commandline what it likes to do ;) 1132588337 M * Bertl okay, so the subcommand would be invoked by the command script 1132588352 M * Bertl that explains the argument change 1132588383 M * Hollow yeah, i'd prefer sth like: vserver change --flags FOO anyway 1132588393 M * Hollow so you could parse the command line with opts in each command 1132588399 M * Hollow s/opts/getopt/ 1132588479 M * Bertl okay, for me that is a sufficient explanation, thanks! 1132588574 M * Hollow hope you'll like it anyway :) 1132588649 M * Hollow so, my current todo list for the next week has the net implementation and "vserver build" command on it 1132588661 M * Hollow i.e. this week, it's monday already, i forgot :P 1132588711 M * Hollow if you'd like to have a tool for ngnet, let me know 1132588742 M * Bertl okay, will do so, tx! 1132588953 M * Hollow wtf.. the first libvserver command was nearly half a year ago.. long way for the new utils, and still the todo list is so big ;) 1132588982 M * Hollow s/command/commit/ 1132589084 M * Psy0rz root@builder:/home/psy/syn3/npl/overig/initrd# mount -o loop initrd initrd.tmp 1132589084 M * Psy0rz memlock: Cannot allocate memory 1132589084 M * Psy0rz Couldn't lock into memory, exiting. 1132589090 M * Psy0rz how do i fix that ?:) 1132589104 M * Psy0rz i have mount caps already 1132589111 M * Psy0rz probalby still mis something 1132589118 M * Psy0rz miss 1132589230 M * Psy0rz uname: Linux builder 2.6.14-vs2.0.1-rc1-gentoo #2 SMP 1132589290 M * Bertl you need ...CAP_IPC_LOCK 1132589307 M * Bertl /* Allow mlock and mlockall (which doesn't really have anything to do with IPC) */ 1132589379 M * Bertl Psy0rz: but don't ask me why loopback mounts require memlock, I have absolutely no idea :) 1132589862 Q * shedi Quit: Leaving 1132589977 Q * mountie Quit: LUNCK! 1132590119 Q * lilo_ Quit: leaving 1132590308 J * lilo ~lilo@lilo.usercloak.oftc.net 1132590370 M * Psy0rz ah ok 1132590373 M * Psy0rz thx again :) 1132590389 M * Psy0rz maybe someone should voluntair to update the wiki :) 1132590430 M * Hollow Bertl: ok, i fixed it to better conform with chmod and friends, and updated the xid thing: 1132590433 M * Hollow zeus mnt # vattr 1132590433 M * Psy0rz i will do that sometime 1132590437 M * Hollow d-----bui noxid temp 1132590441 M * Hollow dX----bui 345 xid 1132590441 M * Hollow zeus mnt # vattr -S -x 123 xid 1132590442 M * Hollow zeus mnt # vattr 1132590442 M * Hollow d-----bui noxid temp 1132590442 M * Hollow dX----bui 123 xid 1132590533 M * matti Huh. 1132590550 J * stefani ~stefani@superquan.apl.washington.edu 1132590571 J * mountie ~mountie@CPEdeaddeaddead-CM000a739acaa4.cpe.net.cable.rogers.com 1132590646 M * Bertl welcome stefani! wb mountie! 1132590692 M * Bertl Hollow: yup, looks good 1132590760 M * Psy0rz vmlinuz-2.6.14-vs2.0.1-rc1-gentoo runs notable faster then vmlinuz-2.6.11.7-grsec2.1.5-vs2.0pre1 1132590770 M * Psy0rz especially diskio and stuff 1132590790 M * Hollow ah, another gentoo user :) 1132590850 M * Psy0rz among other distros :) 1132590867 M * Hollow hope you like vserver on gentoo 1132590870 M * Psy0rz i use gentoo to create vservers which run slackware in turn, and those i use to build my own distro :) 1132590876 M * Psy0rz yup i doo 1132590883 M * Psy0rz works fine 1132590891 M * Hollow good to hear! 1132590921 M * Psy0rz altough it would be nice if someone makes things like this work: ROOT=/vserver/bla emerge foobar 1132590932 M * Psy0rz portage doesn't seem to handle that well right now 1132590947 M * Psy0rz so you would still need all the build tools inside the server 1132590958 M * Psy0rz you also use gentoo Hollow ? 1132590967 M * Hollow i maintain vserver on gentoo ;) 1132590980 M * Psy0rz ah even better :D 1132591004 M * Hollow yeah, i'll look into external package management for the new utils.. 1132591009 M * Hollow should be possible.. 1132591037 M * Psy0rz yup 1132591048 M * Psy0rz but it seems portage should support installing in a diffent root natively 1132591061 M * Hollow it does.. 1132591069 M * Hollow the ROOT= thing should work 1132591080 M * Psy0rz oh 1132591087 M * Psy0rz will it's like 6 months ago 1132591106 M * Psy0rz and then the ROOT= of portage conflicted with the ROOT= used in configure and make scripts it seemed 1132591109 M * Hollow hm.. you'd not be able to build a stage1 without ROOT= support 1132591111 M * Psy0rz and weird stuff happened :D 1132591124 M * Psy0rz yup 1132591136 M * Psy0rz but you actually tried installing something with root= 1132591139 M * Psy0rz something like apache 1132591225 M * Hollow but it wont honour the guests portage profile e.g. 1132591251 M * Psy0rz yup, and it would compile against libraries on the host 1132591256 M * Psy0rz but still very usefull 1132591268 M * Hollow yeah, probably some portage patches will be necessary 1132591277 M * Hollow or a wrapper 1132591284 M * Hollow to setup namespaces and context 1132591303 M * Hollow but i'm using binary packages among my guests currently, and it works without any problems 1132591312 M * Psy0rz would it be like the other distros, and have some entry in /etc/vservers/distro 1132591326 M * Psy0rz binary packages for gentoo you mean? 1132591330 M * Hollow yup 1132591343 M * Psy0rz and those you compile in a special build vserver ? 1132591345 M * Psy0rz or just on the host? 1132591371 M * Psy0rz thats a good method indeed 1132591371 M * Hollow the first vserver which compiles the packages will create a binary in a shared pkg dir 1132591383 M * Psy0rz ah 1132591399 M * Psy0rz i like gentoo because development is so quickly 1132591400 M * Hollow following tools on the host might be usefull: vesync, vupdateworld, vdispatch-conf 1132591412 M * Psy0rz and because of the architecture is pretty well designed 1132591417 M * Psy0rz nice init system and stuff 1132591453 M * Psy0rz would those hypotetical tools do the actual compiling on the host? 1132591462 M * Hollow no 1132591471 M * Hollow it enters the guests 1132591477 M * Psy0rz ah ok 1132591487 M * Psy0rz that would be easy to make 1132591498 M * Psy0rz a bash-forloop almost will do i think :) 1132591546 M * Hollow to do what? 1132591624 M * Psy0rz those commands 1132591647 M * Psy0rz for each gentoo vserver enter the vserver and run the appropriate command 1132591649 M * Hollow the three tools above do thta basically ;) 1132591658 M * Psy0rz ah :) 1132591670 M * Psy0rz and exit 1 if something goes wrong? 1132591674 M * Hollow if you specify -a it will enter all running guests and do it 1132591676 Q * lilo Read error: Connection reset by peer 1132591694 M * Hollow dunno if it's consistent everyhwere, but should do so, yes 1132591699 M * Psy0rz nice 1132591709 M * Psy0rz well i never had problems with vservers in gentoo 1132591716 J * lilo ~lilo@lilo.usercloak.oftc.net 1132591724 M * Psy0rz asside from the normal problems that are logical ;) 1132591780 M * Hollow heh 1132591821 Q * sladen Ping timeout: 480 seconds 1132591844 M * Psy0rz i vserver-utils on gentoo unmasked and stable? 1132591847 M * Psy0rz is 1132591878 M * Psy0rz i still have some unmask and keyword thingys there i see 1132591886 M * Hollow you mean util-vserver? 1132591918 M * Hollow 0.30.205 is stable, but we'll put 208-r5 to stable soon 1132591940 M * Psy0rz k 1132591948 M * Psy0rz util-vserver indeed 1132591995 J * sladen paul@starsky.19inch.net 1132592235 M * Bertl Hollow: hmm, what about 209? 1132592266 M * Hollow yeah, i'll put that in too 1132592274 M * Bertl k, great! 1132592414 M * baggins Hollow: please take a look at http://sith.mimuw.edu.pl/~baggins/context.conf.txt and tell me if I got the syntax right 1132592454 M * Bertl okay, off to dinner now ... back alter 1132592462 N * Bertl Bertl_oO 1132592518 M * Hollow baggins: oh, how sweet :) the VX_{LIMIT,SCHED,UNAME,BCAPS,CCAPS,FLAGS} need to be array 1132592536 M * Hollow VX_SCHED=( "key=value" "key=value" ) 1132592653 M * baggins Hollow: done, anything else? 1132592749 M * Hollow your "'s are wrong.. inside the parantheses around every array element 1132592759 M * Hollow but else it looks good 1132592767 M * Hollow will put it in svn 1132592768 J * LKJH ~defcon@0x3e428b73.adsl.cybercity.dk 1132592881 M * baggins moved the "", now it should be correct 1132592892 M * Hollow yeah, thx 1132592903 M * ag- Hollow: why not using the same configuration style as the actual tools? to my mind, that was quite a good idea to be able to touch it "proc-like" with cat/echo only :) 1132593095 M * Hollow well, it may be good for parsing, but you can easily source this file (bash syntax) and i really hate to have thousands of config files 1132593144 M * ag- ok, don't take me wrong, it isn't criticism, just a preference... 1132593283 M * Hollow sure, no problem with that.. i'm also open to change it, if the majority prefers it, one could even write a config backend which supports both methods 1132593308 M * Hollow (prefrable configurable for each guest :P) 1132593803 N * Bertl_oO Bertl 1132593838 M * Bertl IMHO you will not get folks to agree one _one_ specific config format ... 1132593863 M * Bertl but, instead, I'd standartize the 'internal' data formats 1132593888 M * Bertl i.e. define values and lists and arrays or such 1132593922 M * Bertl then provide a 'tool' to read/write/check them from e.g. bash, and use that everywhere 1132593928 M * Hollow well, a config backend wouldn't be too hard imo, it could support various styles, even sql 1132593948 M * Bertl in the first approach, it would simply source the shell scripts and return values 1132593996 M * Hollow btw.. http://dev.croup.de/proj/util-vserver/timeline 1132594398 M * ag- whoo! i got those weird values with a virtualized load: 1132594399 M * ag- 17:32:49 up 0 min, 1 user, load average: 203956.19, 444500.65, -580613.47 1132594449 M * ag- # cat /proc/loadavg 1132594449 M * ag- 51089.06 345369.97 -701334.92 -14/10 5715 1132594455 M * FaUl hrhrhr 1132594580 M * Bertl that's expected :/ :) 1132594596 M * ag- it's a know bug? 1132594597 M * Bertl ag-: no, seriously, there is an accounting bug for nr_running 1132594609 M * ag- s/know/known/ 1132594612 M * Bertl unfortunately, nr_running is used for the load avg too 1132594618 M * ag- ah ok 1132594631 M * Bertl I will dig into that tonight, as we ahve a trivial test case now 1132594635 M * Bertl thanks to daniel_hozac! 1132594905 M * Bertl welcome LKJH! 1132594959 Q * Cru Quit: use Unices; $live->free() || die; 1132596429 M * Hollow baggins: http://dev.croup.de/proj/util-vserver/changeset/2 1132596587 M * baggins :D 1132596643 M * Hollow you're familar with man-pages? ;) 1132596770 M * baggins you won't get me _there_ ;> 1132596778 M * baggins man is a black magic to me 1132596800 M * baggins I can fix incorrect man page bot not write one 1132596804 M * ag- pod2man is your friend ;) 1132598432 M * bragon hello 1132598447 M * bragon i search where are the path to change CAP in a vserver 1132598458 M * bragon s_caps 1132598724 J * shedi ~siggi@inferno.lhi.is 1132601623 J * Aiken ~james@tooax6-174.dialup.optusnet.com.au 1132601770 M * Bertl bragon: which config? 1132601834 M * Bertl morning Aiken! 1132601853 M * Aiken it will be later :) 1132601855 M * Aiken hello 1132601859 M * Hollow Bertl: did you see the example context.conf baggins made? 1132601882 M * bragon hum 1132602308 M * bragon mordor:/etc/vservers# ls 1132602309 M * bragon flagada loulou newvservers-vars newvserver-vars rapetou rapetou.conf riri script-to-create-vserver zaza 1132602312 M * bragon Bertl: 1132602314 M * bragon so 1132602330 M * bragon mordor:/etc/vservers/rapetou# ls 1132602331 M * bragon apps fstab interfaces name rapetou.conf rapetou.conf~ run uts vdir 1132602349 M * bragon i don't know if vserver.conf must be in the dir or outside the dir 1132602365 M * Bertl mordor? 1132602414 M * bragon but when i reload the vserver i can't create ==> /bin/mknod: `/dev/net/tun': Operation not permitted 1132602431 M * bragon because i try to have a openvpn server on this vserver 1132602513 M * Bertl bragon: which tools do you use? 1132602557 M * bragon to create vserver ? 1132602560 M * Bertl with util-vserver 0.30.20x (and the rest looks like) 1132602565 M * bragon vserver-build 1132602570 M * bragon ha 1132602579 M * Bertl sorry, don't know vserver-build 1132602606 M * bragon util-vserver 0.30.208-3 1132602618 M * Bertl okay, so that uses a tree based config 1132602631 M * Bertl now what do you want to accomplish with the rapetou.conf ? 1132602642 M * Bertl (which looks to me like a legacy config :) 1132602685 M * bragon ;) 1132602722 M * bragon Bertl: i want that rapetou's root can create /dev/net/tun in order to make a openvpn server in my vserver 1132602742 M * Bertl well, you ahve to give a few caps for that .. 1132602747 M * bragon yes 1132602762 M * Bertl I'd assume you need at least CAP_MKNOD and CAP_NET_ADMIN 1132602762 M * bragon but my vserver don't want to integrate the new caps 1132602778 M * Bertl you write them to /etc/vservers/rapetou/bcapabilities 1132602787 M * Bertl one at a line 1132602792 M * bragon i had try with CAP_SYS_ADMIN 1132602796 M * Bertl and don't forget to restart the guest 1132602801 M * bragon hum 1132602813 M * bragon just a line in the files ? bcapabilities 1132602844 M * Bertl a separate line for each capability, so 1132602847 M * Bertl CAP_MKNOD 1132602851 M * Bertl CAP_NET_ADMIN 1132602959 M * Bertl daniel_hozac: http://vserver.13thfloor.at/Experimental/FOR-2.0.1/delta-activate-fix01.diff 1132603025 M * bragon Bertl: thx 1132603029 M * bragon i try that 1132603088 M * bragon i restart the guest 1132603117 M * bragon Bertl: \o/ 1132603160 M * Bertl but you should be aware that your guest can now control the host networking 1132603191 M * Aiken Bertl the vroot + module patch is delta-vroot-clean01.diff isn't it? 1132603204 M * Bertl bragon: so do not give such capabilities to untrusted users 1132603212 M * daniel_hozac Bertl: does that fix it? 1132603231 M * Bertl daniel_hozac: at least for your test case :) 1132603237 M * Bertl Aiken: this and another one, sec 1132603251 M * bragon Bertl: i'm loonly on my amd64 server 1132603254 M * daniel_hozac hmm, i think i tested moving vx_activate_task into __activate_task. 1132603255 M * bragon ;) 1132603271 M * Aiken I still get errors when trying to start quota with vroot as a module with that patch 1132603272 M * Bertl Aiken: http://vserver.13thfloor.at/Experimental/delta-vroot-fix01.diff 1132603286 M * daniel_hozac in fact, that's how i still have it. 1132603302 M * Bertl bragon: then it's fine :) 1132603329 M * Bertl daniel_hozac: that's a suboptimal solution, as there is another special case :) 1132603340 M * daniel_hozac yeah, but i was just testing. 1132603358 M * bragon Bertl it's marvelous 1132603381 M * Bertl bragon: in the name of all involved developers: thanks! :) 1132603425 M * bragon i'm crazy about vserver ;) 1132603456 M * Bertl daniel_hozac: in kernel/sched.c line ~1500 1132603470 M * Bertl there is a check unlikely(!current->array) 1132603494 M * Bertl the else branch does also increment the nr_running, but no activate_task there 1132603547 M * daniel_hozac hmm? 1132603556 M * Aiken should fix01 be applied after or instead of the clean01 patch? 1132603560 M * daniel_hozac oh, i get it. yeah. 1132603580 M * Bertl Aiken: actually before .. but after might work too :) 1132603595 M * Aiken I had many a few .rej files :( 1132603599 M * Aiken starting with a clean tree 1132603603 M * Bertl okay, good idea 1132603905 M * Bertl Hollow: hmm, no, seems I missed it ... 1132604245 M * Hollow Bertl: http://dev.croup.de/proj/util-vserver/browser/trunk/etc/examples/context.conf 1132604261 P * LKJH 1132604764 J * monrad ~monrad@213083190130.sonofon.dk 1132605077 M * Aiken (root@hoppy) quotaon /dev/hdv1 1132605078 M * Aiken quotaon: using //aquota.group on /dev/hdv1 [/]: No such device 1132605078 M * Aiken quotaon: using //aquota.user on /dev/hdv1 [/]: No such device 1132605093 M * Aiken vroot as a modules and with the clean01 and fix01 patches 1132605400 M * Bertl ext3? 1132605480 M * Aiken /dev/etherd/e9.0 on /vservers type ext3 (rw,data=ordered,usrquota) 1132605480 M * Bertl could you enable the debug system with 'echo 1 >/proc/sys/vserver/debug_misc' 1132605500 M * Aiken it was working last night with vroot compiled in 1132605510 M * Aiken with the above filesystem 1132605539 M * Bertl okay, please let me know what debug messages the quotaon produces 1132605594 M * Aiken no debug messages 1132605610 M * Bertl that's suspicious, could you unload and reload the module? 1132605666 M * Bertl (should give you some debug messages too) 1132605672 M * Aiken no 1132605689 M * Bertl okay, let me check the debug system here, will take only a few minutes 1132605920 M * Bertl hmm .. debugging doesn't log anything here either ... investigating 1132606085 M * Bertl Aiken: you don't get the vroot: loaded (max 8 devices) ? 1132606209 M * Aiken http://pastebin.ca/30072 1132606375 M * Bertl hmm ... seems unreachable for me ... 1132606392 M * Aiken and I can not get pastebin.com anymore 1132606400 M * Bertl cool 1132606402 M * Aiken Nov 22 06:45:11 localhost kernel: vroot: loaded (max 8 devices) 1132606402 M * Aiken Nov 22 06:45:11 localhost udev[1183]: creating device node '/dev/vroot0' 1132606402 M * Aiken Nov 22 06:45:11 localhost udev[1189]: creating device node '/dev/vroot1' 1132606402 M * Aiken Nov 22 06:45:11 localhost udev[1193]: creating device node '/dev/vroot2' 1132606402 M * Aiken Nov 22 06:45:11 localhost udev[1196]: creating device node '/dev/vroot3' 1132606403 M * Aiken Nov 22 06:45:11 localhost udev[1225]: creating device node '/dev/vroot4' 1132606404 M * Aiken Nov 22 06:45:11 localhost udev[1226]: creating device node '/dev/vroot5' 1132606406 M * Aiken Nov 22 06:45:11 localhost udev[1227]: creating device node '/dev/vroot6' 1132606408 M * Aiken Nov 22 06:45:11 localhost udev[1228]: creating device node '/dev/vroot7' 1132606429 M * Bertl okay, looks fine 1132606445 M * Bertl that basically means that the device (and the callback) was registered 1132606476 M * Aiken /dev/vroot0 is b 4 0 1132606485 J * Megabart Megabart@host6-202.pool80181.interbusiness.it 1132606514 M * Megabart Hello boy! 1132606596 M * Bertl welcome Megabart! 1132606701 M * Bertl Aiken: okay, could you strace -fF the quotaon please? 1132606735 M * Megabart Bertl, you remember me? 1132606737 M * Bertl Aiken: btw, I can reach the pastebin.ca again, seems it was only a temporary issue 1132606754 M * Bertl Megabart: yes, I remember the name, but nothing else :) 1132606762 M * Megabart :D 1132606763 M * Megabart good 1132606890 M * Aiken wonder what is happening with pastebin.com 1132606902 M * Aiken I am getting the same page out of my cache as I was a few days 1132606936 M * Aiken squid is reporting TCP_REF_FAIL_HIT/200 for every pastebin.com url :( 1132606942 M * Megabart I've question 1132606978 M * Bertl Megabart: good, maybe we have an answer :) 1132607010 M * Megabart vserver patch for kernel 2.6 is enough mature and stable for use it in product server? 1132607021 M * Bertl the stable version, yes ... 1132607077 M * Megabart good.........I test it now! 1132607107 M * Megabart Bertl, you stay here everytime? 1132607111 M * Megabart :D 1132607126 M * Bertl well, I'm here very often ... :) 1132607131 M * Megabart :) 1132607175 M * Megabart Bertl, you use grsec kernel patch? 1132607198 M * Bertl nope 1132607216 M * Megabart ok 1132607231 M * matti Heh. 1132607235 M * Megabart what kernel security patch you use? 1132607258 M * Bertl do I need one? 1132607270 M * matti Bertl: :) 1132607302 M * Megabart :D 1132607348 M * Bertl Aiken: do you get debug messages on the vrsetup? 1132607541 M * Aiken just rebooted 1132607546 M * Aiken vxD: new_dqhash: fffffc000b71bbc0 [#0x0bcf8ba0] 1132607546 M * Aiken vxD: new_dqhash: fffffc000bcf87a0 [#0x00a4dd80] 1132607546 M * Aiken vxD: new_dqhash: fffffc000bcf91a0 [#0x0bcf83a0] 1132607546 M * Aiken vroot: loaded (max 8 devices) 1132607547 M * Aiken vxD: vroot[0]_set_dev: dev=fffffc0000864f60[0,152:2304] 1132607552 M * Aiken from the modprobe and vrsetup 1132607555 M * Bertl okay, looks good 1132607562 M * Aiken different 1132607570 M * Aiken because I was not getting any of that before 1132607573 M * Bertl hmm ... sec, looks strange :) 1132607585 M * Bertl but that's probably a bug on my side 1132607594 M * Bertl 0,152:2304 should be the device 1132607610 M * Bertl 152 and 2304 look strange for major/minor :) 1132607624 M * Aiken (root@pebbles) ls /dev/vroot0 -l 1132607625 M * Aiken brw-r----- 1 root disk 4, 0 2005-11-22 07:11 /dev/vroot0 1132607635 M * Bertl here I get something like this: 1132607641 M * Bertl # vrsetup /dev/vroot0 /dev/hdc1 1132607641 M * Bertl [ 295.815718] vxD: vroot[0]_set_dev: dev=8f7fbdb4[22,1] 1132607669 M * Bertl looks like our patches differ again ... 1132607680 M * Bertl let me upload an all-in-one patch ... 1132607695 Q * stefani Ping timeout: 480 seconds 1132607712 M * Bertl Aiken: do you need any alpha specific patches for 2.6.14.2? 1132607730 M * Aiken I have not been using any 1132607894 M * Aiken going to try it with vroot compiled in to see what the debug info is 1132607965 M * Bertl http://vserver.13thfloor.at/Experimental/patch-2.6.14.2-vs2.1.0-rc8.diff 1132607979 T * Bertl Topic: http://linux-vserver.org/ | latest stable 2.0, 2.0.1-rc2, 1.2.10, 1.2.11-rc1, devel 2.1.0-rc8 | util-vserver-0.30.209 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) 1132608287 M * Aiken with vroot compiled in I get vxD: vroot[0]_set_dev: dev=fffffc0000864f60[0,152:2304] 1132608301 M * Aiken and quotaon /dev/hdv1 is fine 1132608361 M * Bertl did you get any compile warnings? 1132608369 J * stefani ~stefani@superquan.apl.washington.edu 1132608377 M * Bertl welcome stefani! 1132608394 M * Aiken no compile warning 1132608401 M * Bertl Aiken: rebuilding kernel here, just to verify 1132608457 M * Aiken http://pastebin.ca/30091 when I changed from vroot as a module to compiled in 1132608542 Q * stefani Quit: 1132608552 J * stefani ~stefani@superquan.apl.washington.edu 1132608581 J * karlmikaze_ ~chatzilla@ip102.67.1311D-CUD12K-04.ish.de 1132608608 M * karlmikaze_ hello everybody! 1132608630 M * Bertl welcome karlmikaze_! 1132608635 M * karlmikaze_ (hopefully) small question... 1132608692 M * karlmikaze_ i run a vserver (2.6.11.5-vs1.9.5) on debian sarge with multiple vservers in production. 1132608706 M * karlmikaze_ works fine - thx for this winderful piece of sw! :) 1132608730 M * derjohn Bertl, whats the differnce in rc8 ? man you relaese faster than I can rollout on my machines ;) 1132608770 M * Bertl derjohn: some fixes we did since rc7 include the nr_running and load stuff 1132608800 M * karlmikaze_ but: i needed to insmod some modules today, for the first time, resulting (of course, due to modutils not recompiled before patching/building the kernel) in missing symbols. 1132608804 M * derjohn baggins, so only cosmentic stuff? 1132608808 M * derjohn baggins, sry 1132608813 M * derjohn Bertl, so only cosmentic stuff? 1132608833 M * Bertl derjohn: yes and no, but no crash fixes, if you mean that ... 1132608855 M * Bertl karlmikaze_: missing symbols are a sign of bad compilation or broken ekrnel soruces 1132608860 M * Bertl *kernel sources 1132608879 M * Bertl karlmikaze_: it might also be broken modutils 1132608891 M * Bertl karlmikaze_: for 2.6 you need module-init-tools 1132608917 M * derjohn Bertl, yes it's fine that you left the crashes in ;) I can live without correct load avg in the guest. More stuff? is there a changelog???? 1132608933 M * Bertl karlmikaze_: and you should use modprobe instead of insmod (as it will auto-resolve dependancies) 1132608945 M * karlmikaze_ well, yeah - broken modutils, if you want. i upgraded the kernel from 2.4 to 2.6 when installing the machine, not upgrading modutils. did this now, works on the host, but not in the vservers (where i need to insmod iptables) 1132608951 M * karlmikaze_ yep 1132608954 M * Bertl derjohn: nope, but I can provide a delta patch for you? 1132608973 M * derjohn Bertl, is in java? 1132608978 M * derjohn Bertl, 1132608988 M * Bertl karlmikaze_: no, you definitely do not need to insmod anything inside a guest :) 1132609024 M * karlmikaze_ bertl: ok, got me there ;) right. 1132609025 M * derjohn I'll have a look at the delta. Any objections if I write a changelog in the wiki? 1132609043 M * Bertl no, definitely not, there is even a page for that 1132609063 M * Bertl http://linux-vserver.org/Changelog26 1132609069 A * karlmikaze_ thinking about where in the office he left his brains, today... 1132609074 M * derjohn Maybe I'll have a look at the delta - i assume in EXPERIMENTAL ... 1132609105 M * Bertl derjohn: well, probably you want to make a new changelog for the devel branch 1132609125 M * Bertl 2.1.x and update the changelog 2.6 with the rc2 1132609202 M * Bertl derjohn: maybe http://linux-vserver.org/Changelog26-Devel 1132609217 M * derjohn Bertl, or create a new page for "2.1"? 1132609247 M * derjohn Bertl, but yes -devil is ok too. 1132609248 M * karlmikaze_ @bertl: hmm, do i need to recompile the kernel/modules after installing the new module-init-tools? 1132609350 M * derjohn Bertl, does the 2.1 release have a nickname? 1132609398 J * ntrs ~ntrs@iits01188.inlink.com 1132609401 M * daniel_hozac devel :) 1132609457 M * derjohn hey, the mainstream kernel hackers are more creative ;) 1132609477 M * derjohn whats the main differnce between 2.0 and 2.1 at all? (to put it in an nutshell) 1132609593 M * Bertl derjohn: no nick name yet .. but it's similar to the mainline numbering scheme (at least as it was) 1132609605 M * Bertl derjohn: 2.1.x is development (focus features) 1132609615 M * derjohn hey have "woozy numbat" 1132609616 M * Bertl derjohn: 2.0.x is stable (focus stability) 1132609647 M * derjohn Bertl, er, yes, that's clear, but what are the new features compared to 2.0 ? 1132609665 M * derjohn Bertl, is there a roadmap? 1132609778 M * Bertl derjohn: no, we had no time for roads yet :) 1132609794 M * derjohn Bertl, so odd numbers can never be considered as stable, I mean will be 2.2 the next release? 1132609857 M * derjohn Bertl, so in rc8 there is a feature freeze to get things released as stable? 1132609928 M * Bertl no, there was no devel release yet 1132609980 M * derjohn 2.1.0 applies to 2.6.14 only? any reports on 2.6.13 or 2.6.15 or others? 1132610008 M * Bertl give me a few minutes, have to config a switch, I will then explain 1132610042 M * derjohn Bertl, no prob. I'll idle here for the next couple of hiur anyway 1132610452 M * Aiken with 2.6.14.2-vs2.1.0-rc8 1132610458 M * daniel_hozac Bertl: whatever happened to the base kernel idea? 1132610459 M * Aiken vxD: new_dqhash: fffffc0000a4d580 [#0x0a8459c0] 1132610459 M * Aiken vxD: new_dqhash: fffffc0000a4d980 [#0x0a8451c0] 1132610459 M * Aiken vxD: new_dqhash: fffffc000be637a0 [#0x0a8453c0] 1132610459 M * Aiken vroot: loaded (max 8 devices) 1132610459 M * Aiken vxD: vroot[0]_set_dev: dev=fffffc0000864f60[0,152:2304] 1132610590 M * Aiken as a module quotaon still fails with no debug messages 1132610950 M * Bertl okay, we are looking for a 'map' message 1132610983 Q * ntrs Quit: Leaving 1132611023 M * karlmikaze_ bertl: thx for the fast clarification on module-init-tools - works all now :-) good night, folks! 1132611042 M * Bertl karlmikaze_: you're welcome! good night! 1132611118 M * matti Hueh. 1132611122 M * Bertl Aiken: vroot[%d]_get_real_bdev: dev= 1132611160 M * Bertl Aiken: but with your 'unusual' major/minor values, I'm not surprised that it doesn't trigger 1132611256 Q * shedi Quit: Leaving 1132611257 M * Bertl derjohn: okay, let me try to explain the releas scheme ... 1132611266 M * Bertl *release 1132611293 M * Bertl (a little history) 1132611326 M * Bertl first, there was one branch, which covered 2.4 and x86 1132611350 M * Bertl when I took over project maintainership, we had a number of releases before we did the initial 1.0 release 1132611357 M * Hollow ok, so i was a little bored, and did a vflags ma page http://home.xnull.de/work/vserver/util-vserver/man/vflags.8.html ;) 1132611415 M * Bertl derjohn: basically at the same time we started a devel branch (called 1.1) to test new features 1132611459 M * Bertl all fixes and 'considered' stable' changes were fed back to the stable branch as 1.0.1 .. 1.0.2 ... 1132611501 M * Bertl after some tome, when we considered the list of features important _and_ stable enough to do a new stable release, 1.2 was released 1132611505 M * Bertl *time 1132611528 M * Bertl with the 1.2 release, a new devel branch 1.3 is started 1132611566 M * Bertl when we started to extend to the 2.6 kernels, we simply created an 1.9.x devel branch 1132611585 M * Bertl and, again, after some time, it became stable enough for a 2.0 release 1132611607 M * Bertl which basically initiated the 2.1 devel branch (which was not released yet) 1132611649 M * Bertl once we fixed the vroot issues (we are working on right now) there should be a 2.1.0 release 1132611693 M * Hollow what about the dyn xid kconfig? 1132611709 M * derjohn Bertl, as soon as 2.1.0rcFoo is stable it is reneamed to 2.2 and 2.3 will be opened? 1132611710 M * Bertl Hollow: ah, yes that is missing too, patches? :) 1132611721 M * Hollow ok, will try :) 1132611726 M * Bertl derjohn: 2.1.x, yes 1132611727 J * shedi ~siggi@inferno.lhi.is 1132611747 M * Bertl derjohn: will probably be 2.1.5 or so :) 1132611815 M * derjohn ah, so it's like _new_ kernel release numbering, with "minors" ? 1132611854 Q * shedi Remote host closed the connection 1132611907 M * Megabart good night all! 1132611914 N * Megabart Mega-zzz 1132611919 M * derjohn Bertl, I put in the roadmap theat 2.1.5 is aimed to be the last devel release before a stabel one ;) 1132611951 M * Bertl derjohn: but please only in _your_ roadmap :) 1132611998 M * derjohn *lol* 1132612003 J * miller7 ~none@213.239.180.101 1132612010 M * Bertl welcome miller7! 1132612016 M * miller7 Heyyyyyy Bert! 1132612020 M * Bertl LTNS! 1132612024 M * miller7 Yep! 1132612032 M * miller7 That's why I thought I'd stop by and say hi 1132612043 M * miller7 How's things going? 1132612047 M * Bertl good idea, appreciate that! 1132612067 M * Bertl fine fine ... thanks! and for you? 1132612082 M * miller7 So so... quite busy.... I'm in Amsterdam too for the last week or so 1132612090 M * miller7 and will be for a month more 1132612184 J * lilo_ tor@lilo.usercloak.oftc.net 1132612242 J * shedi ~siggi@inferno.lhi.is 1132612247 Q * karlmikaze_ Quit: ChatZilla 0.9.61 [Mozilla rv:1.7.3/20040910] 1132612276 M * miller7 what's best to use? 2.6 or 2.4 version? 1132612283 M * Bertl definitely 2.6 1132612299 M * Bertl lot of new features 1132612302 M * miller7 ok, I might as well try it then... never tried it in the past :-) 1132612311 M * miller7 what distro you suggest for the host OS? 1132612344 M * Bertl doesn't matter, as long as you do not use debian packages .. 1132612353 M * miller7 ok then, Gentoo it is! :P 1132612355 M * matti LOL 1132612395 M * Bertl Aiken: okay, was using an older vroot module 1132612400 Q * shedi Quit: 1132612417 M * Bertl Aiken: my debug output now looks similar to yours, except for the minors ... 1132612426 M * Bertl vrsetup /dev/vroot0 /dev/hdc1 1132612426 M * Bertl [ 53.889296] vxD: vroot[0]_set_dev: dev=8ec07db4[0,22:1] 1132612486 M * matti Goodnight all. 1132612493 M * Bertl night matti! 1132612501 M * matti Thanks Bertl. 1132612513 M * miller7 night matti 1132612519 Q * lilo Remote host closed the connection 1132612522 M * matti :) Thanks. 1132612721 M * ag- Bertl: is it possible to attach 2 vroot devices to the same blockdev for managinig separate quotas on 2 vservers which reside on that same blockdev? 1132612744 M * Bertl no need for that, you could use a single one for that 1132612769 M * Bertl but, as long as the context aware usr/grp quota is not implemented, they will share the _same_ quota info 1132612818 M * Bertl Aiken: I'll compile the cq-tools-0.06 now, to simplify quota testing ... (they have a device oriented quota on/off) 1132612864 M * ag- but 2 vroot devices don't share the same quota info, right? 1132612884 M * Bertl yes, they will, as the quota is handled by the real device 1132612971 M * ag- so for now, vroot devices aren't so useful without context aware usr/grp? 1132612993 M * Bertl well, they are required for secure usr/grp quota operation 1132613005 M * Bertl which works quite fine on lvm partitions (for example) 1132613020 M * ag- ah! i got it now, thanks Bertl! 1132613029 M * Bertl there was no real request for context aware usr/grp quota on shared partitions (for 2.6) yet 1132613039 M * Bertl so I did not implement it yet :) 1132613063 M * Bertl the quota patch for 2.4 supports that ... 1132613122 M * Aiken Bertl I have to go out for the day 1132613138 M * Bertl Aiken: okay, thanks for your time! 1132613825 J * marl_mobile ~matt@84.92.193.225 1132613922 M * marl_mobile hi, can anyone tell me if there is a webbased front end yet for vserver? that will allow creation/deletaion/configuration etc of vservers? 1132614020 M * derjohn marl_mobile, no, I don't think so. 1132614093 M * marl_mobile also im trying to find 'vserver-build' and i cant :( im running a debian install as host, with vserver-utils installed, can anyone point me in the rite direction to get the corect info to solve this one? 1132614115 M * derjohn marl_mobile, sarge, etch or sid? 1132614135 M * harry_ marl_mobile: vserver _ build --help 1132614135 M * harry_ ? 1132614158 M * marl_mobile sarge 1132614168 M * marl_mobile is there a way to get the vserver version number? 1132614178 M * derjohn marl_mobile, vserver foo build --force -m debootstrap --hostname foo.vservers --netdev eth0 --interface ip/28 --context 42 -- -d sarge 1132614210 M * derjohn marl_mobile, on sarge the package util-vserver was borken, on etch too. I run hosts as sid 1132614222 M * harry_ vserver1:~# vserver-info 1132614222 M * harry_ Versions: 1132614222 M * harry_ Kernel: 2.6.14.2-vs2.1.0-rc7-harry 1132614222 M * harry_ VS-API: 0x00020001 1132614222 M * harry_ util-vserver: 0.30.209; Nov 18 2005, 14:28:43 1132614234 M * derjohn a debianized kernel is here: linux-vserver.derjohn.de 1132614252 M * marl_mobile ive got hte basic create command, was just looking for more details on it, but in the docs i read (including man vserver) it say to see vserver-build man page 1132614271 M * harry_ marl_mobile: checked out the flowerpage for config/ 1132614272 M * harry_ ? 1132614291 M * marl_mobile harry_, ???? flowerpage? 1132614297 M * Bertl welcome marl_mobile! 1132614307 M * marl_mobile thanks Bertl :) 1132614326 M * Bertl as you can see, my client is lagging :) 1132614331 M * harry_ http://www.nongnu.org/util-vserver/doc/conf/configuration.html 1132614333 M * marl_mobile lol 1132614336 M * harry_ that one 1132614363 M * harry_ to be watched with links/lynx/w3m 1132614373 M * harry_ or a browser that doesn't understand css 1132614454 J * ntrs ~ntrs@iits01188.inlink.com 1132614490 M * marl_mobile harry_, LOL, thats one ugly css, if i knew anything about css id send in a replacement :) 1132614506 M * harry_ marl_mobile: a blank one should do the trick :) 1132614512 M * harry_ but... just read it with links 1132614517 M * marl_mobile thanks for the webpage btw, ill read through it once im at console 1132614615 M * marl_mobile ok, is there any scripts that u can give a set of defaults to and tell it to increase/decrease the ip addy for each vserver, and jsut run with something like : add-vserver name_of_vserver domain_of_vserver (and if the domain bit is left out then to use the vserver_name) 1132614756 M * ag- marl_mobile: it shouldn't be too difficult to write one yourself, because it really depends on your needs 1132614810 M * marl_mobile i know, i was thinking of it, but wanted to check if there was anything out there at the moment, no point in re-inventing the wheel :) 1132614956 M * Bertl marl_mobile: which css stylesheet are you referring to? 1132615018 M * marl_mobile the one on the site recomended by harry_ :) 1132615055 M * ag- the infamous gandja page ;P 1132615057 J * miller none@213.239.180.100 1132615063 M * marl_mobile yup thats the one 1132615080 M * Bertl marl_mobile: yes, but which of the (hmm) 7 stylesheets? 1132615100 M * ag- Bertl: what? there's more? :O 1132615121 M * marl_mobile ooooooooooohhhhhhhhhhhhhhhhhhhh gggggggggggooooooooooooooooodddddddddddddddd not more of them :( 1132615147 M * Hollow sure, more weed is always good 1132615219 M * marl_mobile ok heres another one :) after doing a basic debian vserver install, i installed webmin and webmin-base via apt (1.8 and 2.2 versions) if i try and get webmin to upgrade webmin or install other modules i get an error about 'proc' not found, anyone had this before? 1132615305 M * marl_mobile sorry this is in the vservers them selves NOT the host system, webmin works fine in that 1132615407 J * BreezBl0k squid@host-84-9-191-228.bulldogdsl.com 1132615446 Q * miller7 Ping timeout: 480 seconds 1132615448 M * daniel_hozac marl_mobile: run /etc/init.d/vprocunhide start in the host. 1132615470 M * Hollow Bertl: http://home.xnull.de/misc/delta-legacy-xid-feat01.patch 1132615540 Q * michal_ Ping timeout: 480 seconds 1132615544 P * stefani I'm Parting (the water) 1132615546 M * Bertl welcome BreezBl0k! 1132615588 J * michal_ ~michal@mprivacy-update.de 1132615773 Q * ntrs Quit: Leaving 1132615794 M * Hollow ok, have to leave now.. math test tomorrow, night everyone! 1132615807 M * Bertl Hollow: cya, and good luck! 1132615817 M * Hollow thx, i'll need it ;) 1132615895 Q * PerlOffice helium.oftc.net titan.oftc.net 1132616064 M * marl_mobile night Hollow 1132616078 M * marl_mobile daniel_hozac, nope that didnt work :( 1132616096 M * marl_mobile the excact error displayed on screen from webmin is : module proc does not exist 1132616354 M * BreezBl0k do i need to anything special to be able to ping say google from inside a vserver? 1132616422 M * ag- marl_mobile: it's probably that webadmin wants to access some specific file in /proc which is not made available by vprocunhide by default 1132616479 M * marl_mobile ok thanks, ill go back to the webmin mailing list and ask again then :) 1132616481 M * ag- BreezBl0k: no, you don't, except your resolver 1132616503 M * BreezBl0k hmm how about if the gateway is the host machine 1132616532 J * PerlOffice ~stuart@220-253-85-202.QLD.netspace.net.au 1132616545 M * ag- it doesn't change anything, does it? 1132616566 M * BreezBl0k well i cant ping from inside my vserver 1132616583 M * BreezBl0k or access the internet full stop 1132616587 M * BreezBl0k apart through a proxy 1132616651 M * ag- if the guest has a private IP, did you setup NAT? 1132616680 M * BreezBl0k ive got IPtables setup on the host 1132616690 Q * FireEgl Quit: Bye... 1132616727 M * BreezBl0k and NAT setup so computers on the network can use internet no problem 1132616762 M * ag- the proxy you use is your private proxy or a public one? 1132616773 M * Bertl BreezBl0k: well, you'll need to SNAT/DNAT for guests on the router 1132616799 M * BreezBl0k the proxy is on the host 1132616894 M * ag- Bertl: i don't use that to access internet from a vserver, simple masquerading is sufficient 1132616911 M * ag- vserver on the gateway, i precise 1132616982 M * Bertl ag-: what kernel/patches? 1132617001 M * ag- 2.6.14-vs2.1.0-rc7-k7-smp 1132617020 M * Bertl interesting ... masquerading should not apply here 1132617035 M * ag- 2.6.14.2-vs2.1.0-rc7-k7-smp actually 1132617064 M * ag- Bertl: DNAT is for entering a vserver from outside, right? 1132617091 M * Bertl yep, and SNAT for using the host ip when going outside 1132617096 M * ag- meaning: publicIP:publicPort => privateIP:privatePort 1132617114 M * ag- never used SNAT before :O 1132617138 M * ag- back in 2.6.12, it was also working 1132617191 M * Bertl well, good for you :) 1132617201 M * Bertl btw, could you do a test for me with this setup? 1132617219 M * BreezBl0k MASQUERADE all -- 192.168.0.8 anywhere 1132617221 M * ag- how nice it is to know i have a weird setup :/ 1132617228 M * BreezBl0k dosent do anything for me 1132617245 M * ag- Bertl: sure, no pb 1132617277 M * Bertl please do 'tcpdump -vvnei ethX icmp' with ethX being your outbound interface 1132617299 M * ag- BreezBl0k: you have to use SNAT instead as Bertl was saying 1132617302 M * Bertl then do 'ping -I www.google.com' 1132617319 M * ag- Bertl: on the host, i suppose? 1132617327 M * Bertl with being your host address and your guest address 1132617329 J * miller7 ~none@GigE-1.Office-NL.irismedia.gr 1132617335 M * Bertl ag-: yes on the host 1132617347 M * Bertl I'm interested in differences in the tcpdump 1132617421 M * ag- Bertl: 3 pings follow... 1132617422 M * ag- [00:55:47|9|root@caladan:~]# tcpdump -vvnei eth0 icmp 1132617422 M * ag- tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 1132617422 M * ag- 00:56:27.269762 00:a0:24:cb:79:ef > 00:07:cb:1f:98:7e, ethertype IPv4 (0x0800), length 98: IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], length: 84) 82.238.123.217 > 64.233.187.99: icmp 64: echo request seq 1 1132617427 M * ag- 00:56:27.431395 00:07:cb:1f:98:7e > 00:a0:24:cb:79:ef, ethertype IPv4 (0x0800), length 98: IP (tos 0x0, ttl 239, id 0, offset 0, flags [DF], length: 84) 64.233.187.99 > 82.238.123.217: icmp 64: echo reply seq 1 1132617431 M * ag- 00:56:28.276481 00:a0:24:cb:79:ef > 00:07:cb:1f:98:7e, ethertype IPv4 (0x0800), length 98: IP (tos 0x0, ttl 64, id 1, offset 0, flags [DF], length: 84) 82.238.123.217 > 64.233.187.99: icmp 64: echo request seq 2 1132617435 M * ag- 00:56:28.436852 00:07:cb:1f:98:7e > 00:a0:24:cb:79:ef, ethertype IPv4 (0x0800), length 98: IP (tos 0x0, ttl 239, id 1, offset 0, flags [DF], length: 84) 64.233.187.99 > 82.238.123.217: icmp 64: echo reply seq 2 1132617439 M * ag- 00:56:29.284761 00:a0:24:cb:79:ef > 00:07:cb:1f:98:7e, ethertype IPv4 (0x0800), length 98: IP (tos 0x0, ttl 64, id 2, offset 0, flags [DF], length: 84) 82.238.123.217 > 64.233.187.99: icmp 64: echo request seq 3 1132617443 M * ag- 00:56:29.440349 00:07:cb:1f:98:7e > 00:a0:24:cb:79:ef, ethertype IPv4 (0x0800), length 98: IP (tos 0x0, ttl 239, id 2, offset 0, flags [DF], length: 84) 64.233.187.99 > 82.238.123.217: icmp 64: echo reply seq 3 1132617451 Q * miller Ping timeout: 480 seconds 1132617533 M * Bertl ag-: okay, make it one ping :) 1132617554 M * Bertl ag-: this was with the host IP, I assume? 1132617585 M * ag- Bertl: yep, the public host IP of the interface