1133222419 J * MsCrimson JavaUser@2224-se501-2.cm.utexas.edu
1133222442 P * MsCrimson 
1133223246 J * iprone ~iprone@adsl-065-012-167-027.sip.asm.bellsouth.net
1133224704 J * Aiken_ ~james@tooax7-223.dialup.optusnet.com.au
1133224889 P * stefani I'm Parting (the water)
1133225061 Q * Aiken Ping timeout: 480 seconds
1133228383 Q * iprone Ping timeout: 480 seconds
1133228585 M * micah what is the procedure for building a legacy config vserver?
1133228655 M * micah is it the same vserver bluebird build -m debootstrap --context 42 -- -d sarge -- --hostname bluebird  --interface eth0:xx.xx.xxx.xx
1133228662 M * micah i guess I'll find out :)
1133228866 Q * click Ping timeout: 480 seconds
1133229167 J * miller7 none@83.149.70.2
1133229266 M * miller7 anyone here?
1133229315 Q * roeb[] Ping timeout: 480 seconds
1133229585 M * ag- micah: what would you wanna do such a thing?
1133229717 M * micah ag-: :)
1133229976 M * micah ag-: I am testing out a fix to the debian kernel-patch and I want to make sure it works
1133229987 M * micah turns out that vserver ... build makes new style
1133230213 M * ag- micah: ok :) something such as "vserver foo build -m legacy ...", i think
1133230551 M * micah ahhh I didn't see that in the help
1133232006 M * micah hmm, if I build one that way it doesn't quite work
1133232267 P * miller7 
1133232600 M * mnemoc hi, how can i forbid binding to 0.0.0.0?
1133232623 M * micah mnemoc: a particular service?
1133232669 M * mnemoc not really... but in this case taiclockd
1133232959 J * stefani ~stefani@c-24-19-46-211.hsd1.wa.comcast.net
1133232961 M * micah usually you just have to configure each service to bind to the particular IP
1133232992 M * stefani micah:  i just learned how to employ xinetd to do just that today. 
1133233108 M * mnemoc micah: yes, but i'm thinking in hosting :)
1133233145 M * mnemoc micah: where i can't be sure all services are properly instructed
1133233640 M * micah mnemoc: oh, inside a vserver if a service binds to 0.0.0.0 it will only bind to the IP that the vserver has
1133233678 M * mnemoc i see that when binding to 127.0.0.1 but not to 0
1133233801 M * micah mnemoc: it will appear to be binding to 0.0.0.0 inside the vserver, but 0.0.0.0 inside the vserver means all the IPs that the vserver itself can see, not the host
1133233811 M * mnemoc aha
1133233847 M * mnemoc thanks
1133233963 M * micah stefani: is it easy?
1133233992 M * stefani micah:  easier than i had thought
1133234039 M * stefani it had to do with uw-imapd  needing to use inetd/xinetd.   
1133234089 M * mnemoc if 0.0.0.0 binding only to assigned ip, what's the problem having all uw-imapd-s binding to 0?
1133234146 J * sebi ~sebi@Fd18b.f.strato-dslnet.de
1133234256 Q * sebi_ Ping timeout: 480 seconds
1133234893 N * Bertl_oO Bertl
1133234898 M * Bertl evening folks!
1133234956 M * mnemoc wb Bertl
1133235048 M * micah wb Bertl!
1133235156 M * micah Bertl: I've been testing the 2.4 debian delta, I seem to be able to do the rootesc using the debian sarge util-vserver tools (but not the more recent .208 tools)
1133235204 M * Bertl micah: hmm?
1133235216 M * micah I'm wondering if the full patch got messed up somehow, or if it is possible that the tools could cause that
1133235250 M * micah or, I did the test wrong
1133235256 M * Bertl 2.4 debian + delta + debian util-vserver -> rootesc?
1133235277 M * micah yes
1133235277 M * Bertl could be, but only if the barrier is not set properly
1133235294 M * Bertl once the barrier is in place, the tools do not matter
1133235294 M * micah it could be, my familiarity with the 2.4 legacy things is very small
1133235316 M * micah eg. the vserver I built was not using the legacy config, i dont know if that matters
1133235569 M * micah I suspect the full patch that I made from your delta might have something wrong as there was one case where IS_IMMUTABLE_FILE returned that I had to fix
1133235673 M * Bertl hmm, really?
1133236114 M * micah this is how it was done: cat patch-2.4.27-9-vs1.2.10-2.diff delta-2.4.27-9-vs1.2.10-fix01.diff >patch-2.4.27-9-vs1.2.10-3.diff
1133236365 M * micah no, thats how I first tried it, then I got the one hunk failure
1133236371 M * micah then you had me do the shallow copy method:
1133236393 M * micah 1132522243 M * Bertl   cp -la linux-2.4.27-9 linux-2.4.27-9-vs1.2.10-new
1133236393 M * micah 1132522262 M * Bertl - apply the 'old' vserver patch like this:
1133236393 M * micah 1132522288 M * Bertl   (cd linux-2.4.27-9-vs1.2.10-new; patch -p1 -l <../patch-2.4.27-9-vs1.2.10-2.diff )
1133236397 M * micah 1132522300 M * Bertl - apply the 'delta' like this:
1133236399 M * micah 1132522320 M * Bertl   (cd linux-2.4.27-9-vs1.2.10-new; patch -p1 -l <../delta-2.4.27-9-vs1.2.10-fix01.diff)
1133236402 M * micah 1132522336 M * Bertl - create a new patch like this:
1133236405 M * micah 1132522347 M * Bertl   diff -NurpP --minimal linux-2.4.27-9 linux-2.4.27-9-vs1.2.10-new
1133236468 M * micah which if I do that...
1133236618 M * micah a moment while my slow machine chews
1133236669 J * iprone ~iprone@adsl-065-012-167-027.sip.asm.bellsouth.net
1133236750 M * micah i end up with ext2/acl.c and ext3/acl.c having:
1133236763 M * micah -     if ((mask & MAY_WRITE) && IS_IMMUTABLE(inode))
1133236767 M * micah +     if ((mask & MAY_WRITE) && IS_IMMUTABLE_FILE(inode))
1133236776 M * micah when it should not be doing that
1133236891 M * micah and ext[2-3]/xattr.c also doing:
1133236897 M * micah -     if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
1133236902 M * micah +     if (IS_IMMUTABLE_FILE(inode) || IS_APPEND(inode))
1133237496 M * Bertl hmm, yes, seems as if there are quite a few IS_IMMUTABLE_FILE() left ...
1133237539 M * Bertl and further seems as if you did not compile-check the kernel before ...
1133237592 M * micah well, i did, thats how I found them, I got unresolved symbols and a failure to boot, so i fixed them and then could boot
1133237672 M * Bertl k,
1133237674 M * Bertl fs/ext2/acl.c:	if ((mask & MAY_WRITE) && IS_IMMUTABLE_FILE(inode))
1133237674 M * Bertl fs/ext2/xattr.c:	if (IS_IMMUTABLE_FILE(inode) || IS_APPEND(inode))
1133237674 M * Bertl fs/ext3/acl.c:	if ((mask & MAY_WRITE) && IS_IMMUTABLE_FILE(inode))
1133237674 M * Bertl fs/ext3/xattr.c:	if (IS_IMMUTABLE_FILE(inode) || IS_APPEND(inode))
1133237682 M * Bertl those need to be changed
1133237726 M * Bertl an
1133237728 M * Bertl +d
1133237735 M * Bertl include/linux/fs.h:#define ATTR_FLAG_IMMUTABLE_FILE	8	/* Immutable file */
1133237741 M * Bertl include/linux/fs.h:#define ATTR_FLAG_IMMUTABLE_LINK32/* Immutable file */
1133237765 M * micah yep, I those should be:
1133237768 M * micah +#define IS_IUNLINK(inode)       ((inode)->i_flags & S_IUNLINK)
1133237768 M * micah +#define IS_IXORUNLINK(inode)   ((IS_IUNLINK(inode) ? S_IMMUTABLE : 0) ^ IS_IMMUTABLE(inode))
1133237771 M * micah right?
1133237777 M * micah no, sorry
1133237822 M * micah they should be:
1133237832 M * micah #define ATTR_FLAG_IMMUTABLE_FILE       8       /* Immutable file */
1133237836 M * micah #define ATTR_FLAG_IMMUTABLE_LINK       32      /* Immutable file */
1133237838 M * micah right?
1133237855 M * Bertl well, that's what they are, but they should be
1133237895 M * Bertl #define ATTR_FLAG_IMMUTABLE 8
1133237904 M * Bertl #define ATTR_FLAG_IUNLINK 32
1133237915 M * Bertl (but that doesn't really matter)
1133238094 A * Bertl is preparing an updated patch
1133238152 M * Bertl micah: do you prefer an all-in-one aptch or a delta to the debian base kernel, or a delta to fix01?
1133238211 M * micah ah, I believe I have made those changes already
1133238226 M * micah but, we can compare
1133238255 M * Bertl okay
1133238256 M * micah make a patch against the debian kernel source (apt-get install kernel-source-2.4.27 on sarge)
1133238341 M * micah my version is at http://crow.riseup.net/~micah/patch-2.4.27-9-vs1.2.10-4.diff
1133239562 M * Bertl hmm, as usual, the tree I have already contains debian specific entries (don't know where they come from)
1133239588 M * Bertl so I'll do the delta to the fix01 (which is quite straight forward)
1133239616 M * micah "the tree" meaning the uncompressed .tar that you get after installing the kernel-source package?
1133239865 M * Bertl http://vserver.13thfloor.at/Stuff/Debian/delta-2.4.27-9-vs1.2.10.micah-fix01-fix01b.diff
1133239885 M * Bertl here agains _your_ kernel/patch 
1133239887 M * Bertl http://vserver.13thfloor.at/Stuff/Debian/delta-2.4.27-9-vs1.2.10.micah-fix01b.diff
1133239902 M * Bertl and what I get against the 2.4.27-9
1133239909 M * Bertl http://vserver.13thfloor.at/Stuff/Debian/patch-2.4.27-9-vs1.2.10-fix01b.diff
1133239947 M * Bertl (which IMHO contains useless debian stuff)
1133239977 M * micah Bertl: hmm
1133240004 M * Bertl anyway the delta between fix01 and fix01b should be fine
1133240028 M * micah Bertl: your delta-2.4.27-9-vs1.2.10.micah-fix01b.diff shows that I had acl.c if ((mask & MAY_WRITE) && IS_IMMUTABLE_FILE(inode))
1133240074 M * micah but if you do a simple grep on http://crow.riseup.net/~micah/patch-2.4.27-9-vs1.2.10-4.diff you will see that I did not
1133240111 M * Bertl I have no idea what vs1.2.10-4 is/was, but it's against the fix01 here:
1133240131 M * Bertl http://vserver.13thfloor.at/Stuff/Debian/delta-2.4.27-9-vs1.2.10-fix01.diff
1133240136 M * micah ahh
1133240148 M * micah ok, I thought you were comparing against the changes I made
1133240170 M * Bertl no, just the branches sitting here ...
1133240202 M * Bertl okay, I'm off to bed now ... more tomorrow ...
1133240213 N * Bertl Bertl_zZ
1133242173 Q * Aiken_ Ping timeout: 480 seconds
1133245894 P * stefani parting (is such sweet sorrow)
1133250069 Q * PerlOffice Ping timeout: 480 seconds
1133250684 J * infowolfe ~infowolfe@209-112-215-110-cdsl-rb1.nwc.acsalaska.net
1133252590 J * NikDaPhreak ~NikDaPhre@217.75.141.95
1133255240 J * oliwel ~mail-at-o@host-62-245-151-178.customer.m-online.net
1133256338 J * duke\ ~HST@node48.worldweb2000.com
1133256437 M * duke\ ai folks
1133256441 M * duke\ ag-, ?
1133256444 M * duke\ up?
1133257857 J * DaVinci ~DaVinci@p54AF5EB1.dip.t-dialin.net
1133257862 M * DaVinci Hy ho
1133257905 M * DaVinci Anyone here who got bind running in a guest without giving the vserver the caps?
1133258307 M * oliwel DaVinci: whats the probem with bind ?
1133258510 M * DaVinci I always get this error:
1133258522 M * DaVinci  Operation not permitted: please ensure that the capset kernel module is loaded.
1133258525 M * TheSeer you have to compile it yourself
1133258534 M * DaVinci Even when I compile with --disable-linux-caps
1133258536 M * TheSeer there's an faq about it
1133258540 M * TheSeer oh ;)
1133258552 M * DaVinci I updatet the ebuild-file from gentoo
1133258587 M * DaVinci Thought this would be better if I want to remove it sometimes somehow
1133258963 M * DaVinci Anyone ideas?
1133259301 J * roeb[] ~roeb@dslb-084-059-205-036.pools.arcor-ip.net
1133260311 Q * Hunger Remote host closed the connection
1133260430 M * DaVinci Ah...damn...k
1133260432 M * DaVinci I'm dumb
1133260439 M * DaVinci Modified the wrong ebuild-file
1133261145 J * Hunger Hunger.hu@Hunger.hu
1133261551 J * Duckx ~duckx@195.75.27.158
1133261599 J * DuckMaster ~duckx@195.75.27.158
1133262002 J * shedi ~siggi@tolvudeild-197.lhi.is
1133262265 J * Wolfwood nicholasd@d60-65-199-228.col.wideopenwest.com
1133262605 Q * iprone Ping timeout: 480 seconds
1133263291 Q * DuckMaster Ping timeout: 480 seconds
1133263291 Q * Duckx Ping timeout: 480 seconds
1133263406 J * DuckMaster ~duckx@195.75.27.158
1133263426 J * Duckx ~duckx@195.75.27.158
1133264072 M * DaVinci Ah, another prob
1133264090 M * DaVinci Anyone knows how to get 127.0.0.1 lo-Device in a guest really working?
1133264106 M * DaVinci It exists...but no service seems to bind to it
1133264388 M * DaVinci Or isn't that possible at all?
1133265394 M * BWare DaVinci: skip bind and run powerdns :)
1133265446 M * BWare DaVinci: you can create a named alias for lo (eg: lo:vserver) and assign it 127.0.0.1, but as stated here and on the ML it has some security implications
1133265921 J * Viper0482 ~Viper0482@p54976906.dip.t-dialin.net
1133265981 Q * Viper0482 Quit: 
1133267246 Q * monrad Quit: Leaving
1133267380 J * iprone ~iprone@65.83.231.99
1133267511 M * DaVinci Hmm
1133267514 M * DaVinci thx BWare
1133267529 M * BWare yw ;)
1133268348 M * Psy0rz Hollow you updated the gentoo package?
1133268364 M * Psy0rz i now seem to have a nice vserver-new command :)
1133269216 M * duke\ BWare, if you wanna skip bind.. then run djbdns..
1133269236 M * BWare everyone has its preferences ;)
1133269361 M * duke\ jap :)
1133269382 M * duke\ i prefer djbdns over every other dns implementation
1133269990 J * ircuser ~ircuser@p54A7CBD6.dip.t-dialin.net
1133270061 M * ircuser Hi, may I ask one question? I'm a bit lost in vserver-documentation :/
1133270112 M * ircuser Is it possible to add a loopback interface to a vserver? I'm using patch 2.6.12-4
1133270150 M * duke\ lol.. ircuser, they were just talkin bout that in here..
1133270157 M * TheSeer you don't want to have a loopback interface 
1133270161 M * duke\ :)
1133270172 M * duke\ -> security implications...
1133270193 M * ircuser *g* I'm always too late :)
1133270228 M * ircuser So I have to bind any service to my ip-address instead of using a loopback device?
1133270229 M * TheSeer ircuser: to wrap it up: you can, but it's highly discouraged and not recommended at all
1133270248 M * TheSeer if you have * within the binding address, it will work
1133270254 M * TheSeer it will use the ones available within the ctx
1133270268 M * duke\ ircuser, for what do you intend to use a lo if?
1133270315 M * ircuser One example: Postfix is using a directive inside main.cf which binds it to the lookback-device (loopback-only)
1133270474 M * BWare add a dummy interface and use that instead of lo
1133270485 M * duke\ maybe you should assign to aliases to your vhost.. one a substitution for the lo device which is accordingly firewalled..
1133270491 M * duke\ two aliases..
1133270503 M * TheSeer just use dummy0
1133270507 M * TheSeer or dummyX 
1133270517 M * duke\ or yeh.. that would be neat as well
1133270554 M * BWare if you really have to use lo (for a closed source app that depends on lo) then use it or consider changing apps ;)
1133270623 M * ircuser There're no closed source apps :) Fine, thank you very much for this information. I don't _really_ need a lo-device, I was just wondering if I made a/some mistake(s) ;)
1133270939 Q * ircuser Remote host closed the connection
1133271780 M * DaVinci *lol*
1133272363 Q * Wolfwood Read error: Connection reset by peer
1133273351 N * Bertl_zZ Bertl_oO
1133275166 J * darkie ~info@212-127-137-128.cable.quicknet.nl
1133275180 M * darkie hey.i was wondering how i can access a cdrom inside a vserver
1133275188 N * Bertl_oO Bertl
1133275192 M * Bertl hey darkie!
1133275203 M * Bertl basically 3 methods:
1133275224 M * Bertl a) mount it into the guest (from the host)
1133275247 M * Bertl b) use automounter or similar to do that for you
1133275258 M * darkie problem with method a: i have to write to it from within the vserver :P
1133275268 M * darkie with cdrtools
1133275285 M * Bertl c) add the real device to the guest (will reduce security)
1133275315 M * Bertl in your case you probably want c and a bunch of caps too
1133275322 M * darkie so c is the only option :P that perticular vserver doesn't matter if it has less security :P :-)
1133275341 M * darkie its only for myself to write bootable cd's with (development Vserver)
1133275352 M * Bertl okay, then it should be fine
1133275369 M * darkie quite handy :P fuck something up? system broke? just delete the vserver and start again:D
1133275388 M * darkie so how can i go about and add the real device to the guest?
1133275523 M * Bertl simple, just copy it over from the host
1133275541 M * Bertl (or of you prefer, create it (on the host) for the guest
1133275563 M * darkie cp /dev/cdrom /vservers/vserver/dev/ ?
1133275573 M * Bertl 'cp -va /dev/... /vservers/<name>/dev/
1133275583 M * Bertl yes, but cdrom usually is just a symlink
1133275589 M * darkie how do you create it? on the host for the guest?
1133275616 M * Bertl 'mknod /vservers/<name>/dev/<device> b <major> <minor>
1133275646 M * Bertl again the <device>, <major> and <minor> might vary ..
1133275650 M * darkie *feels silly* how do you know the major and minor numbers?
1133275661 M * Bertl I'll give you an example:
1133275680 M * Bertl /dev/cdrom -> cdroms/cdrom0
1133275696 M * Bertl /dev/cdroms/cdrom0 -> ../ide/host1/bus0/target0/lun0/cd
1133275716 M * Bertl ls -la /dev/ide/host1/bus0/target0/lun0/cd
1133275717 M * Bertl brw-------    1 bertl    cdrom     22,   0 Jan  1  1970 /dev/ide/host1/bus0/target0/lun0/cd
1133275739 M * Bertl now that says, it's a 'block' device (b) with major 22 and minor 0
1133275760 M * Bertl you now can create it like this:
1133275779 M * Bertl 'mknod /vservers/<name>/dev/cdrom b 22 0
1133275780 M * darkie nice :-) only problem is cdrom links to /dev/hdc and /dev/hdc links to.. nothing basically :P
1133275808 M * Bertl well, it should lik to something, otherwise there is no cdrom on your system (or udev is broken)
1133275811 M * Bertl *link
1133275851 M * darkie i'll put in a cd and mount it to check
1133275884 M * darkie mount /dev/cdrom /mnt/cdrom works and also shows the files..
1133275923 M * Bertl 'ls -la /dev/cdrom' gives?
1133275937 M * darkie cdrom -> hdc and /dev/hdc shows .. hdc :P
1133275946 M * darkie ls -lsa | grep hdc*
1133275950 M * darkie shows hdc
1133275975 M * Bertl 'ls -la /dev/hdc' gives?
1133275999 M * darkie brw-rw----  1 root root 22, 0 Nov 29 15:34 /dev/hdc
1133276001 M * darkie 22, 0  :P
1133276002 M * darkie lol
1133276007 M * Bertl see, there you go :)
1133276017 M * darkie ahh :-) thnx :D
1133276025 M * Bertl you're welcome!
1133276081 M * darkie mount: permission denied
1133276123 M * Bertl yep, that's the capabilities I was talking about
1133276123 M * SiD3WiNDR is there a way to run an nfs server from a vserver?
1133276140 M * Bertl SiD3WiNDR: yes, of course, any _userspace_ nfsd should do
1133276146 M * SiD3WiNDR aha
1133276151 A * SiD3WiNDR shall investigate
1133276153 M * darkie how do you set up the capabilities then?
1133276177 M * Bertl you have a file called bcapabilities and another one called ccapabilities in your config tree
1133276180 M * darkie why doesn't vserver give access to cdroms by default?
1133276190 M * SiD3WiNDR oh oh :(
1133276196 M * SiD3WiNDR ltsp-server depends on nfs-kernel-server :(
1133276204 M * Bertl darkie: because it is an inherent security issue
1133276226 M * darkie ok. :-) well. i don't have those files yet but i can just create them i assume?
1133276259 M * Bertl yes, one capability per line
1133276298 M * Bertl for a test you can add 'CAP_SYS_ADMIN' to bcapabilities
1133276310 M * Bertl restart the guest, and it should work fine
1133276380 M * darkie where can i found a doc. about what capabilities there are? :P
1133276395 J * ntrs ~ntrs@68-188-50-87.dhcp.stls.mo.charter.com
1133276411 M * darkie it worked :-)
1133276555 M * mef bertl: your crash box is registered.
1133276584 M * Bertl mef: excellent, will be there shortly
1133276598 M * Bertl (i.e. leaving in a few minutes)
1133276745 J * Viper0482 ~Viper0482@p54976906.dip.t-dialin.net
1133276989 J * baggins ~baggins@kenny.mimuw.edu.pl
1133277023 M * oliwel Bertl: ping ?
1133277037 M * Bertl welcome Viper0482, baggins!
1133277040 M * Bertl oliwel: pong!
1133277060 M * oliwel bertl: I did the (ogn ) promised Wiki article on drbd and mount issues....
1133277075 M * oliwel would be great if you can have a look on it...
1133277085 M * Bertl yeah, saw that, will do that soon ...
1133277095 M * Bertl thanks!
1133277106 M * oliwel I alreday published and linked it - but I am not that familiar with your "rules" on the wiki and the stuff might not be 100% accurate...
1133277133 M * oliwel ok great - do me a favour and note me about changes...if you do any...
1133277229 M * Bertl will do so, but you can subscribe to the wiki ML, then you will get _all_ changes 
1133277274 M * oliwel Bertl: thats too much for me....vserver is only one of my side interessts and I already get tons of MLs a day....
1133277277 Q * marl_mobile Quit: Leaving
1133277302 M * oliwel I just want to see if there is anything severely wrong that can affect my setup
1133277323 M * Bertl okay, leaving now .. back later
1133277333 N * Bertl Bertl_oO
1133277340 M * oliwel bye
1133278248 M * Hollow Psy0rz: yeah, we did that.. thx :)
1133279634 Q * shedi Quit: Leaving
1133280197 M * DaVinci bye
1133280201 M * DaVinci and thx 4 help :)
1133280213 Q * DaVinci Quit: 
1133280272 Q * oliwel Quit: Chatzilla 0.9.68.5 [SUSE 1.0.6-16/20050715]
1133280386 Q * duke\ Quit: duke\ has no reason
1133280443 M * Psy0rz hehe ok
1133280497 M * Psy0rz -m copy still isnt implemented, right?
1133280505 M * Psy0rz or am i missing a script
1133281535 N * Bertl_oO Bertl
1133281543 M * Bertl k, back now ...
1133281863 M * micah Bertl: did a compile and boot test of the modified patch
1133281884 M * Bertl good, status?
1133281895 J * stefani ~stefani@superquan.apl.washington.edu
1133281904 M * micah Bertl: both worked fine, but I can still do the chroot escape using the older tools
1133281923 M * micah so maybe the tools are also a problem?
1133281987 M * Bertl welcome stefani!
1133282018 M * Bertl micah: did you verify/set the barrier with the new tools before?
1133282054 M * Bertl micah: i.e. the tools should not be of any relevance if the barrier is intact ...
1133282146 M * micah Bertl: the barrier was set with the new tools, and looks like:
1133282170 Q * NikDaPhreak Ping timeout: 480 seconds
1133282301 M * micah (sorry had to boot up that machine)
1133282321 M * micah # showattr /var/lib/vservers/
1133282329 M * micah ---Bu-- /var/lib/vservers/
1133282337 M * micah ---bu-- /var/lib/vservers/bluebird
1133282350 M * Bertl is this with non-debian tools?
1133282375 M * micah no, with the debian tools
1133282409 M * Bertl please use mainline 0.30.208/9 to verify the barrier
1133282414 M * micah 0.30.204-5sarge2 allows me to escape, while 0.30.208-4 does not
1133282433 M * micah ok, i will remove the debian tools and install mainline to verify
1133282443 M * Bertl once the barrier is intact, there should be no tool tependancy
1133282468 M * Bertl so maybe compile the mainline tools, and save the setattr/showattr somewhere
1133282501 M * Bertl then set/verify the barrier _before_ you test, and make sure to test from ssh logon not enter
1133283492 M * micah ok, I compiled upstream 0.30.208/9
1133283529 M * micah I used upstream showattr:
1133283535 M * micah # ./showattr /var/lib/vservers/
1133283540 M * micah ---bu-- /var/lib/vservers
1133283548 M * micah ---bu-- /var/lib/vservers/bluebird
1133283557 M * micah I then use upstream setattr to set the barrier:
1133283558 M * Bertl see, now use upstream setattr like this
1133283575 M * Bertl setattr --barrier /var/lib/vservers/bluebird/..
1133283605 M * micah ok, did that, now showattr gives:
1133283611 M * micah # ./showattr /var/lib/vservers/
1133283614 M * Bertl (btw, what fileszstem?)
1133283618 M * micah ---BU-- /var/lib/vservers
1133283625 M * micah ---bu-- /var/lib/vservers/bluebird
1133283637 M * micah (ext3)
1133283640 M * Bertl okay
1133283703 M * micah now, ssh'ing in to the vserver, the rootesc does not work
1133283727 M * Bertl okay, so the debian tools are just not setting the barrier right ...
1133283739 M * micah using the debian toos: # /usr/sbin/showattr /var/lib/vservers/
1133283744 M * micah ---BU-- /var/lib/vservers/
1133283751 M * micah ---bu-- /var/lib/vservers/bluebird
1133283755 M * Bertl (which actually doesn't surprise me much)
1133283762 M * micah so the debian tools at least can see the correct barrier :)
1133283783 M * Bertl yeah! :)
1133283811 M * micah ok, this is good, because it means that we can update the util-vserver tools in sarge :)
1133283821 M * Bertl btw, the 204 tools are fine (upstream) so you might compare them 
1133283840 M * Bertl but if possible, update to 0.30.209 as it fixes a lot of things
1133283854 M * micah how can I unset the barrier? I want to see what the debian tools do incorrectly
1133283865 M * Bertl --~barrier
1133283955 M * micah yeah if I unset it and then set it with the debian tools - the chroot escape works
1133284020 M * micah I'll try with the more current debian tools
1133284072 M * micah it appears the newer tools do not allow it
1133285639 J * Wolfwood nicholasd@d60-65-199-228.col.wideopenwest.com
1133286373 J * shedi ~siggi@inferno.lhi.is
1133287431 Q * michal_ Ping timeout: 480 seconds
1133287753 Q * mef Remote host closed the connection
1133288047 J * michal_ ~michal@mprivacy-update.de
1133288199 J * JonB ~NoSuchUse@cpe.atm2-0-1031198.0x50a4ad0e.bynxx13.customer.tele.dk
1133288518 M * Bertl micah: what tools do not allow what?
1133288640 M * Bertl welcome JonB! LTNS!
1133288676 M * darkie Hey. could you maybe help me out a little again? i need to mount a blank cd but i keep getting error messages
1133288677 M * darkie mount: block device /dev/cdrom is write-protected, mounting read-only
1133288677 M * darkie mount: /dev/cdrom: can't read superblock
1133288701 M * JonB hey Bertl 
1133288706 M * JonB Bertl: LTNS ?
1133288710 M * Bertl mount a blank cd?
1133288710 M * micah Bertl: sorry, I was ambigous... I meant to say that the debian testing/unstable util-vserver tools (which are version: 0.30.208-4) set the barrier properly, and do not allow the escape
1133288720 M * Bertl Long Time No See :)
1133288736 M * darkie yeah. i'm following a tutorial on how to make a bootable CD :P
1133288737 M * JonB Bertl: ahhh
1133288741 M * JonB yes it has been
1133289024 M * Bertl darkie: you usually do not 'mount' blanks, you write to them with something like cdrecord
1133289045 M * darkie yeah i know. but it says '
1133289045 M * darkie     * NOTE: If you haven't already mounted your CD system, do so now:
1133289045 M * darkie     * mount $CDDEV $LIVECD
1133289045 M * darkie     * thanks Bernard, for pointing this out ;)
1133289045 M * darkie     mkdir -p $LIVECD/fake/{needwrite,ramdisk}
1133289055 M * darkie that i should mount it.
1133289087 M * Bertl well, requires that you actually _have_ something on that CD :)
1133289139 M * Bertl darkie: mount only works for filesystems
1133289156 M * darkie lol. when i try to do cdrecord -format i get cdrecord: Format option not implemented in this version.
1133289163 M * darkie no matter what i do
1133289213 M * Bertl I'd say, your 'howto' is probably outdated
1133289231 M * darkie lol. probably yeah
1133289312 M * Bertl try: cdrecord dev=ATAPI: -checkdrive
1133289387 M * JonB http://www.howtoforge.com/linux_vserver_debian
1133289598 M * darkie Bertl: http://pastebin.linuxfromscratch.org/?show=1785
1133289676 M * Bertl darkie: kind of hard atm, I'm @ 80x25 text here :)
1133289693 A * Bertl is installing a few machines ...
1133289700 M * darkie lol
1133289712 M * darkie what do you need to know? :P
1133289737 M * Bertl did it work/output something? e.g. the device number?
1133289893 M * darkie well. not when i do dev=ATAPI but with the normal one it works normally
1133289913 M * Bertl ATAPI: I hope ....
1133290023 M * darkie yeah i do mean that :P
1133290054 M * darkie i get these errors: cdrecord: No such file or directory. Cannot open SCSI driver.
1133290064 M * darkie but /dev/cdrom works
1133290482 J * popo ~k@196.207.45.254
1133290509 M * Bertl darkie: yeah, that's where the ATAPI comes in
1133290520 M * darkie what do you meean?
1133290521 M * Bertl welcome popo!
1133290535 M * Bertl darkie: usually cdrecord uses the SCSI interfaces
1133290544 M * popo thanks
1133290554 M * Bertl darkie: but, in your case, 22:0 is IDE/ATAPI
1133290572 M * darkie yeah 
1133290573 M * Bertl darkie: might try ATAPI:0,0,0
1133290581 P * popo 
1133290671 M * darkie no doesn't work either
1133290786 M * Bertl well, not really vserver related, I'd say .. you have to figure out how to point cdrecord to your cdrom/writer
1133290814 M * mnemoc dev=/dev/cdrom ?
1133290832 M * darkie yeah. it does work that way but it says it can't format :S
1133290841 M * mnemoc sudo ?
1133290868 M * mnemoc i got some issues due to IPC locking
1133290887 M * darkie i am root :P
1133290894 M * mnemoc :)
1133290903 J * monrad ~monrad@213083190130.sonofon.dk
1133290924 M * Bertl welcome monrad!
1133290935 M * monrad hi
1133290958 M * Bertl darkie, mnemoc: hmm, maybe they require some special caps for cd writing?
1133291006 M * mnemoc add them all and try :)
1133291039 M * darkie i've litteraly given all caps i found in http://savannah.nongnu.org/cgi-bin/viewcvs/util-vserver/util-vserver/lib/bcaps-v13.c?rev=HEAD
1133291055 M * darkie so unless there are any more..?
1133291109 M * mnemoc grep Caps: /proc/virtual/xid/status    agrees?
1133291143 M * darkie BCaps:  000000007ffffeff
1133291143 M * darkie CCaps:  0000000000000101
1133291144 M * darkie ??
1133291234 M * mnemoc looks very capable..... Bertl ?
1133291244 M * Bertl yup
1133291254 M * darkie lol
1133291272 M * Bertl darkie: you are trying to erase a rewriteable or what?
1133291335 M * darkie i'm trying just getting cdrecord to work :P
1133291347 M * Bertl well, I never used 'format' before ...
1133291368 M * mnemoc blank=fast ?
1133291373 M * darkie i think its about the same as mkisofs
1133291377 M * Bertl usually you do: cdrecord driveropts=burnfree -v some.iso
1133291410 M * Bertl and you get the iso by calling 'mkisofs ...'
1133291437 M * Bertl darkie: you can not create a writeable isofs on a cdrom
1133291461 M * darkie burnfree?
1133291493 M * Bertl well, that (if supported) ensures that buffer overruns will not render your cd useless
1133291620 M * darkie ahhh
1133291627 M * darkie well. i'm just gonna go try a bit
1133291680 M * Bertl make that, btw, there is a cd writing howto somewhere :)
1133291732 M * darkie k :-)
1133292337 Q * cryo Ping timeout: 480 seconds
1133292603 J * cryo ~say@212.86.233.146
1133292971 M * Bertl wb say!
1133293068 J * Aiken ~james@tooax6-158.dialup.optusnet.com.au
1133293457 M * Bertl morning Aiken!
1133293620 M * Aiken hello
1133293875 M * Aiken still just lurking, no problems at the moment with 2.1.0-pre8
1133294065 M * Bertl good to hear ...
1133295689 Q * Viper0482 Quit: bin raus, 
1133297214 Q * darkie Quit: 
1133297238 Q * JonB Quit: Leaving
1133297253 Q * iprone Ping timeout: 480 seconds
1133297254 J * JonB ~NoSuchUse@cpe.atm2-0-1031198.0x50a4ad0e.bynxx13.customer.tele.dk
1133297274 M * JonB bertl: any idea why my linux "hangs" in "BIOS data check" right after lilo loads linux ?
1133297281 M * JonB if i just wait it does pass it
1133297287 M * JonB but usually it is very fast
1133297448 M * Bertl hmm, unusual ...
1133297496 M * JonB yes
1133297504 M * JonB i do have other trouble with the machine
1133297510 M * JonB lilo stays in LIL
1133297513 M * JonB for a long time
1133297516 M * JonB then moves on
1133297523 M * Bertl hmm, maybe it's just broken?
1133297531 M * JonB yes, but which part?
1133297690 M * Bertl maye ide, or the apic (if it has any?)
1133297841 M * JonB could be
1133297854 M * JonB i fought with this server repeadiately
1133297878 M * JonB i'll go change yet another disk
1133297892 M * JonB i run most disks through a 3ware controller
1133297904 M * JonB i've used them for years, i did expect them to be more stable
1133297967 M * Aiken JonB any use? https://www.redhat.com/archives/guinness-list/2001-June/msg00157.html
1133297986 M * Aiken there are a few hits google -> LIL lilo
1133298169 M * JonB Aiken: well, i'll change the disk
1133298186 M * JonB sdj: Current: sense key: Medium Error
1133298187 M * JonB     Additional sense: Unrecovered read error - auto reallocate failed
1133298187 M * JonB end_request: I/O error, dev sdj, sector 344762088
1133298187 M * JonB ata2: status=0x51 { DriveReady SeekComplete Error }
1133298187 M * JonB ata2: error=0x40 { UncorrectableError }
1133298188 M * JonB ata2: status=0x51 { DriveReady SeekComplete Error }
1133298190 M * JonB ata2: error=0x40 { UncorrectableError }
1133298194 M * JonB ata2: status=0x51 { DriveReady SeekComplete Error }
1133298196 M * JonB ata2: error=0x40 { UncorrectableError }
1133298198 M * JonB ata2: status=0x51 { DriveReady SeekComplete Error }
1133298200 M * JonB ata2: error=0x40 { UncorrectableError }
1133298203 M * JonB ata2: status=0x51 { DriveReady SeekComplete Error }
1133298204 M * JonB ata2: error=0x40 { UncorrectableError }
1133298208 M * JonB sd 2:0:0:0: SCSI error: return code = 0x8000002
1133298210 M * JonB sdj: Current: sense key: Medium Error
1133298212 M * JonB     Additional sense: Unrecovered read error - auto reallocate failed
1133298214 M * JonB end_request: I/O error, dev sdj, sector 344762096
1133298219 M * JonB ata2: status=0x51 { DriveReady SeekComplete Error }
1133298221 M * JonB ata2: error=0x40 { UncorrectableError }
1133298225 M * JonB ata2: status=0x51 { DriveReady SeekComplete Error }
1133298227 M * JonB ata2: error=0x40 { UncorrectableError }
1133298227 M * Bertl JonB: are  you spamming again?
1133298229 M * JonB ata2: status=0x51 { DriveReady SeekComplete Error }
1133298231 M * JonB ata2: error=0x40 { UncorrectableError }
1133298233 M * JonB ata2: status=0x51 { DriveReady SeekComplete Error }
1133298235 M * JonB ata2: error=0x40 { UncorrectableError }
1133298239 M * JonB ata2: status=0x51 { DriveReady SeekComplete Error }
1133298241 M * JonB ata2: error=0x40 { UncorrectableError }
1133298243 M * JonB sd 2:0:0:0: SCSI error: return code = 0x8000002
1133298245 M * JonB sdj: Current: sense key: Medium Error
1133298249 M * JonB i did have stuff like that
1133298251 M * JonB if changing does not help
1133298255 M * JonB Bertl: sorry
1133298257 M * JonB irc should be build for pasting stuff
1133298263 M * JonB how come NOONE uses the assigned port numbers for irc?
1133298271 M * Bertl JonB: folk will love you for pasting 30+ lines of unrelated info
1133298302 M * JonB yes, you're right
1133298317 M * Bertl probably a cable or controller issue
1133298328 M * JonB i tried changing the cable
1133298360 M * Aiken cool, looks like pastebin.com is working again
1133298454 M * JonB Aiken: how smart is that site :)
1133298491 M * Aiken would have been great for the above errors :)
1133298510 M * Aiken except I had not been able to use it for the last week or so
1133298532 M * JonB i'll be sure to use it next time
1133299139 J * iprone ~iprone@lawn-199-77-213-137.lawn.gatech.edu
1133299288 Q * JonB Quit: Leaving
1133299677 M * Bertl welcome iprone!
1133300281 Q * iprone Ping timeout: 480 seconds
1133302664 J * capt ~asdf@adsl-2-47-31.mia.bellsouth.net
1133302715 J * yarihm ~yarihm@84-73-119-83.dclient.hispeed.ch
1133302913 M * Bertl welcome capt! yarihm!
1133302968 M * capt thanks
1133303260 M * yarihm yo Bertl 
1133303348 M * yarihm brb
1133303351 P * yarihm Leaving
1133303530 J * yarihm ~yarihm@84-73-119-83.dclient.hispeed.ch
1133304044 P * stefani I'm Parting (the water)
1133304180 M * Bertl back in 30mins I hope
1133306215 Q * roeb[] Ping timeout: 480 seconds
1133306941 J * Wolfwood^DC nicholasd@d60-65-199-228.col.wideopenwest.com
1133307285 Q * [MUPPETS]Gonzo Read error: Connection reset by peer
1133307390 Q * Wolfwood Ping timeout: 480 seconds
1133307589 J * [MUPPETS]Gonzo gonzo@langweiligneutral.deswahnsinns.de
1133307623 Q * capt Ping timeout: 480 seconds
1133307699 P * yarihm Leaving