1134087083 N * Bertl_oO Bertl 1134087087 M * Bertl back now ... 1134089603 J * shedi ~siggi@inferno.lhi.is 1134089778 Q * gerrit Ping timeout: 480 seconds 1134090818 J * hillct ~H@client200-5.dsl.intrex.net 1134090828 M * Bertl welcome hillct! 1134090832 M * hillct good evening all 1134090835 M * hillct hi Bertl 1134090846 M * hillct you're just the fellow I wanted to consult 1134090862 M * hillct We have several vserver guests 1134090876 M * hillct we want to share an FS between them 1134090883 M * hillct one guest will mount it rw 1134090887 M * hillct the other ro 1134090902 M * daniel_hozac BME ;) 1134090904 M * hillct is that known to work? Are there any gotchas? 1134090944 M * hillct my acronym-foo is not strong tonight :) 1134090972 M * daniel_hozac bind mount extensions. 1134090980 M * hillct ah 1134091164 M * hillct What we're doing is we have Mail (sendmail + amavis +spamassasin + etc) on one guest and web server on another. We want to use mailman. The alternative approach is to do mail routing magic across local IPs to get the mail to pass through the various spam filters etc 1134091438 M * hillct as I debate this with the guy who's doing the actual work, doing internal IP magic using nodev seems to be the more 'correct' and possibly reliable approach 1134091449 M * Bertl hmm ... 1134091459 M * hillct or am I wrong about that? 1134091477 M * Bertl well, still have not much clue about your setup 1134091519 M * Bertl IIRC, mailman is an ML management system 1134091541 M * Bertl while sendmail + stuff is the mailer ... 1134091580 M * hillct 2 guests on one host. One guest doing web services, the other doing mail services. Mailman has both www and mail componants 1134091582 M * hillct yes 1134091605 M * Bertl so mailman will have to write the sendmail configs, no? 1134091615 M * hillct no 1134091621 M * hillct mailman doesn't do that 1134091637 M * Bertl so ... how does a new ML member get 'configured'? 1134091642 M * hillct www guest will need to write mailman berkly DB files 1134091652 M * hillct mail guest will neede to read them 1134091659 A * mnemoc liked ezmlm-idx 1134091662 M * mnemoc likes* 1134091725 M * hillct -idx ? 1134091742 A * hillct remembers ezmlm from way back 1134091759 M * mnemoc an extension patch of djb's ezmlm 1134091772 M * mnemoc the one at ezmlm.org 1134092039 M * hillct ah 1134092047 M * hillct going through the docs 1134092066 M * mnemoc 2 1134092071 M * mnemoc sorry 1134092079 M * hillct is there a more consice list of idx enhancements? 1134092151 M * hillct It'd be really nice if there were a mysql backend for one of these ML products 1134092286 M * hillct anyway, thanks for the pointers. I'll have to read up on BME 1134092316 M * Bertl basically it allows for ro --bind mounts 1134092384 M * hillct looks pretty cool 1134092455 M * hillct but the more we look at this, routing the multiplexed outgoing mail across a private nodev IPs is the way to go 1134092535 M * Bertl k 1134092563 M * hillct Thanks for the pointers and listenin to me ramble 1134092573 M * Bertl you're welcome! 1134092584 P * hillct Kopete 0.10.3 : http://kopete.kde.org 1134093098 Q * shedi Ping timeout: 480 seconds 1134094256 Q * emp Ping timeout: 480 seconds 1134094793 Q * id Ping timeout: 480 seconds 1134095328 J * id ~id@p54A03B16.dip0.t-ipconnect.de 1134095921 Q * entroposcope iridium.oftc.net strange.oftc.net 1134096134 J * entroposcope ~entroposc@user-0c992og.cable.mindspring.com 1134096262 J * mep_ mep@p5091A6C5.dip0.t-ipconnect.de 1134096701 Q * mep__ Ping timeout: 480 seconds 1134096890 J * Aiken_ ~james@tooax6-058.dialup.optusnet.com.au 1134097215 Q * Aiken Ping timeout: 480 seconds 1134097280 J * Smutje_ ~Smutje@xdsl-84-44-242-131.netcologne.de 1134097383 Q * Smutje Ping timeout: 480 seconds 1134098603 Q * comfrey Ping timeout: 480 seconds 1134098725 J * stefani ~stefani@c-24-19-46-211.hsd1.wa.comcast.net 1134100049 P * stefani parting (is such sweet sorrow) 1134101653 Q * eyck Quit: Lost terminal 1134102493 M * Bertl night folks! 1134102498 N * Bertl Bertl_zZ 1134102620 J * comfrey ~comfrey@h-64-105-253-69.sttnwaho.covad.net 1134102838 J * sebi ~sebi@Fd7fe.f.strato-dslnet.de 1134102991 Q * sebi_ Ping timeout: 480 seconds 1134105133 Q * comfrey Ping timeout: 480 seconds 1134105725 J * comfrey ~comfrey@h-64-105-253-69.sttnwaho.covad.net 1134106952 J * balbir ~balbir@59.145.136.1 1134107218 J * SoLaRiS ~R@219.95.63.200 1134109012 M * comfrey micah, that backport did the job. word to your mother! 1134109199 J * lilo ~lilo@lilo.usercloak.oftc.net 1134109326 Q * lilo_ Remote host closed the connection 1134113140 Q * cryo Ping timeout: 480 seconds 1134113189 Q * supastuff Quit: That's it for today 1134115151 J * Aiken__ ~james@tooax8-048.dialup.optusnet.com.au 1134115475 Q * Aiken_ Ping timeout: 480 seconds 1134115805 Q * mugwump Ping timeout: 480 seconds 1134115898 J * cryo ~say@212.86.233.146 1134116739 M * Kara_ mornin 1134117488 J * eyck eyck@81.219.64.71 1134119011 J * mugwump ~samv@watts.utsl.gen.nz 1134119319 Q * comfrey Ping timeout: 480 seconds 1134122485 J * shedi ~siggi@tolvudeild-202.lhi.is 1134124033 J * comfrey ~comfrey@h-64-105-87-234.sttnwaho.covad.net 1134124498 Q * FaUl Remote host closed the connection 1134124508 J * FaUl Em2REBG5Lg@verbrennung.org 1134124920 Q * Aiken__ Quit: Leaving 1134127281 Q * dhansen Ping timeout: 480 seconds 1134127446 Q * matti Ping timeout: 480 seconds 1134127607 M * Kara_ anybody alive who would might help me answering an offtopic question? 1134127773 M * TheSeer try asking ;-P 1134127934 M * Kara_ ;) 1134127941 M * Kara_ i have one server running 1134127959 M * Kara_ top shows 53% but the process seems not to be shown in the list 1134127974 M * Kara_ chkrootkit says " Checking `lkm'... You have 1 process hidden for readdir command 1134127974 M * Kara_ > You have 1 process hidden for ps command 1134127974 M * Kara_ > chkproc: Warning: Possible LKM Trojan installed 1134127983 M * Kara_ .... any suggestion what to do? 1134129151 M * TheSeer shutdown the box, 1134129187 M * Kara_ I can't 1134129190 M * TheSeer boot from an external source and check all files 1134129208 M * Kara_ no other possibility? multiuserbox :/ 1134129249 M * TheSeer do you have tripwire or something installed? 1134129273 M * Kara_ no 1134129305 M * TheSeer hmm.. okay... 1134129323 M * TheSeer do you have a 2nd box with the same version of tools? 1134129333 M * Kara_ yes 1134129348 M * Kara_ i do not get this message there 1134129351 M * TheSeer okay.. compare the md5 sums of ps, ls 1134129377 M * Kara_ k 1134129426 M * TheSeer just to be on the save side: there is *no* 100% secure way other then reinstalling 1134129479 M * TheSeer the most secure way is to reinstall the box and/or recover from backup 1134129494 M * Kara_ ouch. 1134129499 M * TheSeer for the future, install tripwire or something like it 1134129507 M * TheSeer it will inform you on modified system files 1134129519 M * Kara_ the md5 differs - but so does the version i have to notice now. 1134129528 M * TheSeer if the box is r00ted, you're doome dthouigh 1134129566 M * Kara_ goodbye weekend ... 1134129634 M * TheSeer sorry :/ 1134129658 M * Kara_ not fault, but my admins who prays "no firewalls we are behind a cisco-router...." 1134129668 M * TheSeer erm? 1134129678 M * TheSeer what does have a router got to do with that? 1134129688 M * Kara_ nothing -but who am I to tell my boss? 1134129728 M * Kara_ :( 1134129757 M * TheSeer there is nothing better then being paranoid when it comes to security 1134129768 A * Kara_ nods 1134129929 Q * infowolfe Quit: Leaving 1134129975 J * infowolfe ~infowolfe@209-112-219-176-cdsl-rb1.nwc.acsalaska.net 1134130815 Q * shedi Quit: Leaving 1134131434 J * wally ~homebase@86.59.20.226 1134131587 M * locksy what are the major changes between v2.0.x and v2.1.x (besides 2.1 not being stable yet :) ? 1134132699 Q * comfrey Ping timeout: 480 seconds 1134133480 Q * eyck Ping timeout: 480 seconds 1134136029 J * patulo ~asd@host140.201-252-49.telecom.net.ar 1134136099 M * patulo Hello, is there anybody out there ? 1134136197 M * patulo whatever... I'll write anyway... :P 1134136244 M * TheSeer :-P 1134136268 M * patulo I'd like to know your opinion about the FreeVPS project. I don't want to be treated as a "troll", I'm asking seriously... 1134136285 M * patulo Does the FreeVPS project really enhance the linux-vserver ? 1134136308 M * patulo if its true, what are the main diferences ? 1134136445 M * patulo I'm looking for an opinion of linux-vserver's people 1134136472 M * TheSeer you might want to wait until Berl is back from zZ ;) 1134136474 Q * Kara_ Read error: Connection reset by peer 1134136508 M * patulo ok TheSeer, I'll wait for Bertl, thanks anyway 1134136625 M * TheSeer i believe it to be a split off from linux-vserver that basically went of into a different direction 1134136654 M * TheSeer and unless Bertl corrects me here, i believe it to be forked from 1.x 1134136714 M * TheSeer but the freeVPS developer(s) at least used to be here too.. 1134136723 M * TheSeer so it prolly ends up beeing a matter of taste 1134136736 M * patulo ohhh 1134136752 M * TheSeer but for hard facts, please relay on Berl, since he's *the* developer of linux-vserver ;) 1134136763 M * TheSeer so he prolly knows best 1134136764 J * Kara_ ~Kashira@wan11.coolnic.de 1134136771 M * TheSeer wb :) 1134136771 M * patulo Yes, I know Bertl, he's great !!! 1134136774 M * Kara_ thx :) 1134136779 M * TheSeer new ident? ;> 1134136790 M * Kara_ errr .... 1134136802 M * TheSeer your hostname changed *g* 1134136807 M * patulo The FreeVPS site says inside a VPS they can use iptables, do you know something about it ? 1134136812 M * Kara_ lol yes. too many domains for that ip 1134136818 M * TheSeer ah ;) 1134136823 M * Kara_ :) 1134136849 M * TheSeer patulo: i believe that to be a part of the tng networking bertl was working on 1134136854 M * TheSeer not sure if that's already in 2.1 or not 1134136897 M * Hollow no, it isn't 1134136932 M * locksy Hmmm... Now there's a bit more activity I'll try asking again *grin* 1134136934 M * patulo ohhh, excelent ... because I'm using iptables inside vservers in a "virtual" way ... and its not really great actually, I'd like to improve it 1134136939 M * locksy what are the major changes between v2.0.x and v2.1.x (besides 2.1 not being stable yet :) ? 1134136978 M * Hollow patulo: how can your guests access iptables? did you give them speical caps? 1134136991 M * TheSeer Hollow: no it isn't in regards of inclusing in 2.1 or beeing part of tng networking? 1134137010 M * patulo nop, I'm using a simple trick :P 1134137022 M * patulo cron 1134137034 M * patulo and a set of scripts 1134137048 M * Hollow TheSeer: well, i could imagine you can give certain caps to the guest and he could do stuff on his device, but i guess thats hard to implement 1134137056 M * Hollow patulo: ic.. 1134137098 M * patulo so I permit the vserver to write a iptables config file... and every minute the cron process in the MAIN context parses it and executes de iptables command 1134137102 M * patulo did you get the idea ? 1134137121 M * Hollow TheSeer: you'll have to ask Bertl for details about what is possible 1134137126 M * TheSeer ;) 1134137133 M * Hollow patulo: yeah 1134137138 M * TheSeer just curious.. i don't have a need for that anyway 1134137143 M * SiD3WiNDR patulo: so your guests can also run iptables for other hosts? ;) 1134137146 M * Hollow i'd have.. 1134137153 M * SiD3WiNDR or do you check every rule ultracarefully 1134137154 M * Hollow (well, not for iptables in a guest, but for ngnet :P) 1134137155 M * patulo nop ! 1134137171 M * patulo I just permit to drop their own IP addresses 1134137179 M * TheSeer Hollow: i don't know enough of ngnet yet so i cannot even say ;> 1134137222 M * patulo actually its an aproximation to iptables filtering... actually it works just with tcp/udp port filtering 1134137223 M * Hollow TheSeer: in theory the idea would be to create virtual devices for each context (including lo) which can be routed and filtered/mangled like any other device 1134137351 M * TheSeer ah.. that sounds in deed nice :) 1134137395 M * Hollow but for the implementation details i'm as noobish as you might be ;) 1134137671 Q * balbir Quit: Leaving 1134137717 J * joyzl ~joy@www.sophics.cz 1134137754 M * joyzl hi there. Can I ask for a help with weird vserver problem 1134137898 M * daniel_hozac if you explain it first ;) 1134138051 M * daniel_hozac Kara_: that chkrootkit thing is possibly just a vserverism... can you get more verbose output? 1134138118 M * joyzl ok. em64t server running 2.6.14 and debian etch. the vserver is debian woody. There is a java application server (enhydra) that executes a binary of "ln -s /some/path /other/path" 1134138141 M * joyzl and suddenly the java throws an exception that says "ln not found" 1134138152 M * joyzl suddenly = after moving from real server to vserver 1134138264 M * patulo joyzl, did you check de PATH environment variable inside de vserver ? 1134138264 M * daniel_hozac joyzl: can you use ln within the vserver? manually, i mean. 1134138289 M * joyzl yes, manually it works. I didn't check the PATH but since I didn't change anything... 1134138298 M * joyzl well, some /etc/init.d/ stuff was actually removed 1134138302 M * joyzl during the transition to vserver 1134138307 M * Kara_ daniel - no vserver running at this box 1134138325 M * daniel_hozac Kara_: ah, so that's the offtopicness ;) 1134138329 M * Kara_ ;) 1134138342 M * joyzl oki, I'll try to echo the $PATH during the enhydra start 1134138462 M * patulo I think its a good start for the debuging 1134138490 M * joyzl can't do it now, 200 hundred concurrent users are shopping there now. Will do that later and let you know if it didn't help. I was real scared as I thought vserver is totally transparent = everything should have worked without changes. 1134138546 M * patulo but in the real one you had etch, and the vserver is woody ... 1134138557 M * patulo there is a looooot of diference there ! 1134138563 M * joyzl why 1134138575 M * joyzl why the host server affects the vserver? 1134138604 M * patulo oh, the host server was etch ?. sorry I misunderstood 1134138704 M * joyzl yes 1134138719 M * joyzl master server runs etch = latest vserver utilities etc. 1134138723 M * patulo I tought that you were moving from a real etch server to a woody vserver 1134138734 M * joyzl just restarted the enhydra, $PATH is correct (contains /bin) 1134138752 M * joyzl nope, I moved a woody server inside a vserver without any changes (just removed some /etc/init.d links) 1134138964 M * patulo could it be posible that the enhydra app uses some kernel feature that the vserver lacks ? 1134139051 M * patulo I think that the only difference you could have would be the kernel... do you agree ? 1134139107 M * patulo I can offer you a clean sarge vserver if you want to try there 1134139139 M * joyzl well I am wondering whether the java isn't confused by the 64bit host CPU somehow since eventhough docs say 32bit vservers can run on 64bit host the applications might detect it somehow. The kernel is 64bit, BTW. 1134139145 M * daniel_hozac joyzl: what does the exception actually mean? where is it generated from? 1134139175 M * daniel_hozac joyzl: did you set a linux32 personality? 1134139189 M * joyzl personality? I must be missing something. Please advise 1134139197 M * joyzl the exception is: java.io.IOException: ln: not found 1134139223 M * daniel_hozac caused by what sort of code? 1134139246 M * patulo what if you change that command to for example a "ls -l /" ?, does it work ? 1134139264 M * daniel_hozac /etc/vservers//personality 1134139268 M * joyzl String[] cmd = {"ln", "-s", "/path1", "/path2"}; Process p = Runtime.getRuntime().exec(cmd); 1134139276 M * daniel_hozac "Used to set the personality of the vserver. First line in the file is the personality-type followed by flags (one item per line). See /usr/include/linux/personality.h for possible values." 1134139280 M * daniel_hozac (from the flower page) 1134139299 M * joyzl patulo: thanks for the kind offer but this server cannot be run elsewhere 1134139315 M * patulo you're welcome 1134139494 M * joyzl OK guys, the personality might be the fix I am after. According to this URL http://list.linux-vserver.org/archive/vserver/msg10467.html I am in trouble as the test with /bin/true reports "No such file" 1134139748 M * daniel_hozac joyzl: you _do_ have the emulation enabled in the kernel, right? 1134139844 M * joyzl I do 1134140267 Q * monrad Remote host closed the connection 1134140280 M * joyzl thanks guys, I hope it's sorted out by this 1134140283 J * monrad ~mikkel@213083190131.sonofon.dk 1134140516 J * Doener doener@i5387E9FC.versanet.de 1134141112 J * gdm ~gdm@209.51.169.84 1134141117 N * Bertl_zZ Bertl 1134141123 M * Bertl morning folks! 1134141125 M * gdm hola 1134141245 M * daniel_hozac morning! 1134141284 M * locksy Hi Bertl, maybe you can tell me... 1134141286 M * locksy what are the major changes between v2.0.x and v2.1.x (besides 2.1 not being stable yet :) ? 1134141299 Q * kavorka Quit: Client exiting 1134141334 M * mnemoc locksy: 2.1 wont ever be stable :) 1134141352 M * Bertl locksy: first, we have a bunch of 'development features' like CoW, BME, quota hashes and so on 1134141375 M * Bertl locksy: then, there are some more agressive legacy removals 1134141389 M * Bertl locksy: and finally stuff which folks consider useful 1134141409 M * Bertl (like various additions for Hollow's tools) 1134141409 M * locksy quota hashes ? (I've heard of Cow & I LOVE BME) 1134141429 M * Bertl glad to hear ... (BME) 1134141445 M * Bertl the quota hashes are the first step for per context quota on shared partitions 1134141457 M * locksy cool. 1134141570 M * Bertl there will be a full feature list/matrix with the 2.0.1 and 2.1.0 release 1134141611 M * locksy great! 1134141988 M * joyzl Bertl: I've just explained here a weird problem with 32bit vserver running on 64bit host. Are you interested in that? 1134142008 M * Bertl well, I read up on the discussion, was it the personality? 1134142049 M * joyzl yes. I moved a complete woody with apache, enhydra, mysql, postgres and some other things - pretty complex web server to a 64bit host 1134142067 M * joyzl first thing that appeared even in logs was that java couldn't execute "ln" 1134142093 M * joyzl I *hope* I fixed it by adding 32-bit libraries to host and setting the personality to PER_LINUX32 1134142158 M * joyzl but now I've been told that even the java application miscalculated some prices :-O 1134142159 J * dhansen ~dave@sprucegoose.sr71.net 1134142166 M * Bertl yes, without proper personality set, certain apps misbehave 1134142186 M * Bertl morning dhansen! 1134142202 M * joyzl Bertl: argh, the "ln: not found" is back 1134142232 M * daniel_hozac joyzl: have you tried replacing the ln with /bin/ln? 1134142269 M * daniel_hozac (java docs are very scarce on details as to how exec behaves...) 1134142305 M * joyzl daniel_hozac: unfortunately the application cannot be recompiled now. As a workaround I added link from /usr/bin/ln to /bin/ln. Obviously didn't help 1134142329 M * daniel_hozac joyzl: could you test how it behaves? 1134142335 M * daniel_hozac does exec search the path? 1134142349 M * joyzl do I have the personality set correctly by echo "PER_LINUX32 >/etc/vserver/name/personality 1134142372 M * daniel_hozac joyzl: i _think_ LINUX32 is enough. 1134142397 M * joyzl well my test app works correctly. Only the big app misbehaves 1134142397 M * daniel_hozac umm, i mean, LINUX_32BIT 1134142427 M * daniel_hozac (or maybe i did mean LINUX32... i don't know) 1134142493 M * daniel_hozac actually, PER_LINUX32 should work too. 1134142621 M * joyzl so what am I facing here? 1134142688 M * daniel_hozac does the big app ever clean path? 1134142829 M * dhansen Bertl: hello 1134142832 M * joyzl daniel_hozac: no, I don't think it would do that. There is no reason. 1134142859 M * dhansen There's a little discussion going on about openvz. Has anybody been paying attention? Looks kinda neat. 1134142954 J * Smutje ~Smutje@xdsl-87-78-41-179.netcologne.de 1134142998 M * Bertl welcome Smutje! 1134143032 M * Bertl joyzl: no idea, java is strange in many ways ... 1134143064 J * terrorgrl cjm@s2.enemy.org 1134143069 Q * Smutje_ Ping timeout: 480 seconds 1134143070 M * terrorgrl hi 1134143075 M * Bertl joyzl: if you can debug it to the point where syscalls are involved (and going wrong somewhere) we can investigate 1134143079 M * Bertl welcome terrorgrl! 1134143092 M * terrorgrl question: im new to vservers and have a feature-question... 1134143120 M * terrorgrl is it possible to use smbfs within a linux-vserver? 1134143165 M * patulo Hi Bertl ! 1134143254 M * patulo may I ask your opinion about the FreeVPS project ? is it true that they "enhanced" the linux-vserver ? 1134143317 M * Bertl terrorgrl: you might use it within, but not 'from' within 1134143318 J * shedi ~siggi@inferno.lhi.is 1134143341 M * terrorgrl i tried mount -t smbfs -o username=... //server/share /mnt 1134143343 M * terrorgrl doesnt work 1134143368 M * Bertl patulo: well, depends on how you see it .. the common origin of linux-vserver and FreeVPS is the kernel patch from two years ago, where Alexey decided not to work with us but go 'comercial' 1134143370 M * joyzl Bertl: could java escape from the chroot? Or what do you mean by java being strange 1134143375 M * terrorgrl if i mount it from the main machine and directly mount it into the /var/lib/vservers/vs01/mnt i can mount but i cannot see it within the vserver 1134143399 M * Bertl joyzl: no, java cannot escape the chroot, but you never know what it is doing ... 1134143419 M * Bertl terrorgrl: that's because you want to mount it 'inside' the guest namespace 1134143428 M * Bertl terrorgrl: check out vnamespace to do that 1134143437 M * terrorgrl aha, thanks! will have a look at it 1134143509 M * patulo Bertl, They says that the can use iptables under vserver context, do you know if is it really true ? 1134143510 M * Bertl patulo: so, while both have a common origin (linux-vserver) they have developed differently (FreeVPS is more looking at selling their products, and adding 'features' without too much woorying about performance and stability) 1134143550 M * patulo oh, I'm gettin' the idea 1134143556 M * Bertl patulo: I'd say it should work, 'Say' the guy doing the networking stuff had some really good ideas 1134143584 M * Bertl IMHO it is a real pitty that they diid not stay 'free' 1134143602 M * patulo yeah... 1134143622 J * kavorka ~mike@69-161-69-17.bflony.adelphia.net 1134143627 M * patulo and what do you think about openvz ? 1134143644 M * patulo have you tried it ? 1134143653 M * terrorgrl Bertl: thanks! it works when i use vnamespace -e vs01 mount -o smbfs.... 1134143740 M * Bertl welcome kavorka! 1134143762 M * Bertl patulo: I had a look at the code, some stuff looks nice, other code parts are simply ugly ... 1134143809 J * jamal ~jamal@p548CBDC6.dip0.t-ipconnect.de 1134143811 M * Bertl patulo: the idea behind the OVZ stuff is to raise awareness for VZ 1134143826 A * BWare loves linux-vserver ... finally got it running in 15MB ramdisk over pxe 1134143839 A * Kara_ will drive home. byebye 1134143863 M * Bertl patulo: so that they can say, now you've had a look at the 'product', well, the simplified version without interface and tools, if you like it, buy the real thing! 1134143990 M * Bertl patulo: originally SWSoft wanted me to 'maintain' OVZ (and drop/integrate linux-vserver) 1134144002 M * patulo jeje, and the Real thing is virtuozzo, isn't it ? 1134144056 M * patulo and you didn't like the offering because the would use your code for their product ? 1134144146 M * Bertl well, I didn't like to promote a commercial product ... 1134144207 M * Bertl I offered them cooperation (i.e. technical discussions and brainstorming) but they were not interested 1134144256 J * eyck eyck@81.219.64.71 1134144266 M * Bertl well, also FreeVPS seems not interested in kooperation (see ML) 1134144274 M * Bertl *cooperation 1134144275 M * patulo Well, what I can say is that linux-vserver rules !! and its very very stable... that's a lot... 1134144302 M * Bertl we still aim for simplicity, stability and performance 1134144316 M * Bertl features go to the devel releases 1134144364 M * SiD3WiNDR yea that was a bit gay 1134144368 M * Bertl patulo: and as long as there are linux-vserver users left, I will continue to maintain it 1134144369 M * SiD3WiNDR do you want to discuss and talk 1134144381 M * SiD3WiNDR no, I want either to assimilate you, or you just go away right now thanks 1134144385 M * SiD3WiNDR :| 1134144386 M * patulo Bertl, tell me, I'd like to contribute with the project, because I feel that the project gives me a lot, so I'd like to return something 1134144413 M * patulo What can I do for the project ? 1134144415 M * Bertl patulo: you can help in many ways ... there is a lot to do ... 1134144418 M * Doener DOCUMENTATION! *hides* 1134144425 M * Bertl yes, for example Documentation 1134144435 M * Doener hi folks 1134144438 M * patulo anything special ? 1134144439 M * Bertl but also testing and/or automated test scripts (for example) 1134144465 M * Doener hm, testing... that reminds me of the sendfile issue... 1134144540 M * Bertl patulo: if you feel like you can help with coding (userspace/kernelspace) then do that 1134144563 M * jamal I am inside a vserver and I have noticed that I have full access to eth0. Is this something the adminstrator of the host system intentionally enabled or forgot to disable i.e. what's the default setting? 1134144572 M * Bertl patulo: if you think you want to improve documentation or help with PR (which we unfortunately should do) 1134144591 M * Doener jamal: what do you mean with 'full access'? 1134144592 M * patulo well, I think I'll start with documentation... 1134144598 M * Bertl jamal: probably he has given CAP_NET_ADMIN or so, check in /proc/self/status 1134144605 M * patulo sorry, what is PR ? 1134144611 M * Doener public relations 1134144622 M * patulo oh !, thanks Doener 1134144658 M * jamal Doener: I can see traffic that is not directed to the ip address of my vserver 1134144703 M * Doener yes, that's CAP_NET_RAW then... by default it should be off 1134144727 M * Doener usually on 2.4 kernels folks enable it to get ping to work... 1134144744 Q * Doener Quit: Leaving 1134144836 M * Bertl ah, full access = you can sniff 1134144862 M * Bertl for me, full access was you can reconfigure 1134144865 M * jamal that's right 1134144916 M * jamal How do I interpret the output of /proc/self/status? I cannot see anything starting with CAP_ 1134144996 M * Bertl try 'grep Cap /proc/self/status' 1134145001 M * Bertl should list three lines 1134145014 J * Doener doener@i5387E9FC.versanet.de 1134145022 M * Bertl the bits of those values correspond to the caps 1134145034 M * Doener Bertl: ok, finally tested with plain 2.6.14.2. sendfile works fine 1134145053 M * Doener did not work with 2.6.14.2-vs2.1.0-rc7 1134145091 M * daniel_hozac Doener: do you have a simple testcase? 1134145103 M * daniel_hozac (i've been too lazy to install httpd just to test it ;)) 1134145107 M * jamal actually there are four, one containing only zeros and three with 00000000f40c24ff 1134145131 M * Doener no, i've just used apache2 to test it (on the host, no vserver involved) 1134145145 M * daniel_hozac jamal: what's title of the all-zeroes one? 1134145158 M * jamal CapInh 1134145168 M * daniel_hozac jamal: and the other three? 1134145203 M * jamal CapPrm CapEff CapBset 1134145237 M * Bertl so, this means, bits 0-7,10,13,18,19,26,28-31 1134145523 Q * joyzl Quit: joyzl 1134145805 M * jamal I guess it's possible to enable or disable the sniffing feature on a per-vserver-basis? It wouldn't make much sense if I ask them to disable it and they'd disable it only on my vserver while allowing the remaining vservers to be able to sniff my traffic, right? 1134145833 M * Bertl yep, per guest 1134145844 M * Bertl it's basically a debian issue :) 1134146148 M * jamal Ok, thanks. I take it you are referring to debian being installed on the host system? 1134146282 M * jamal And basically there is nothing I can do not even switching providers because I can never be sure whether sniffing is disabled for my vserver butr enabled for other vservers? 1134146308 M * jamal except for using only secure services, of course 1134146309 M * daniel_hozac Doener: so to reproduce: just install httpd, put a large file in documentroot, download and get only part of it? 1134146397 M * Bertl jamal: well, if you 'inform' your provider in a freindly way 1134146397 M * Doener daniel_hozac: yep, jpeg images work fine for that purpose (you only get a part from the upper side) 1134146419 M * Bertl jamal: and tell him/her that there is a secure way to get ping to work ... 1134146452 M * daniel_hozac can't reproduce it here on my vs2.0.1-rc5 based kernel 1134146475 M * Bertl daniel_hozac: that would be a good thing ... 1134146490 M * daniel_hozac (put a 300 MiB file in documentroot, got the whole thing) 1134146507 M * Doener probably a 2.1.0 issue then, as the other guy on the ml also had 2.1.0-rcX running.. 1134146781 M * Bertl yes, 2.1.x has major changes to the sendfile stuff 1134146799 M * Bertl well, after all, there is no proper implementation in mainline 1134146900 J * stefani ~stefani@superquan.apl.washington.edu 1134146960 N * _mountie mountie 1134147016 M * Bertl morning stefani! 1134147179 M * stefani morgen. finishing up converting legacy server config to current. 1134147596 M * Doener Bertl: guess I know what's wrong. 1134147651 M * Doener there's the "max" value, which you now set in vfs_sendfile, but the *ppos > max check is now done twice, in vfs_sendfile and do_sendfile 1134147673 M * Doener so the latter one fails, cause max is never correctly set in do_sendfile, only in vfs_sendfile 1134147804 M * Doener build in progress... 1134148176 Q * Doener Quit: Leaving 1134148421 J * Doener doener@i5387E9FC.versanet.de 1134148814 Q * shedi Quit: Leaving 1134149192 M * Bertl Doener: we should already have a fix for that?! 1134149208 M * Bertl Doener: maybe I did not add it properly? 1134149267 M * Doener well, it's not in rc10 AFAICT 1134149297 M * Bertl let me see where the patch is ... 1134149465 M * Bertl plz check the ML thread with Grzegorz Nosek 1134149483 M * Bertl Message-ID: <121a28810511030838s118be14fv@mail.gmail.com> 1134149512 J * shedi ~siggi@inferno.lhi.is 1134149524 Q * SoLaRiS Read error: Connection reset by peer 1134149915 M * Doener hm, probably missed that cause i didn't experience any crashes ;) 1134149930 Q * BWare Ping timeout: 480 seconds 1134149948 M * Bertl Doener: will add it shortly ... 1134150301 M * Doener Bertl: btw, 2.1.0-rcX's sendfile does not increase the current->[rw]char values anymore if EOVERFLOW is returned. is that intentional 1134150303 M * Doener ? 1134150342 M * Bertl hmm, probably not 1134150658 M * Doener http://www.13thfloor.at/~doener/vserver/patches/diff-2.6.14.3-vs2.1.0-rc10-rc10.1.diff 1134151153 J * menomc ~amery@200.75.27.37 1134151263 Q * mnemoc Ping timeout: 480 seconds 1134151263 N * menomc mnemoc 1134152305 M * Kara_ hey 1134155109 J * Aiken ~james@tooax8-039.dialup.optusnet.com.au 1134155344 Q * kavorka Ping timeout: 480 seconds 1134155447 J * kavorka ~mike@69-161-69-17.bflony.adelphia.net 1134155650 M * Bertl wb kavorka! 1134156211 Q * monrad Remote host closed the connection 1134156226 J * monrad ~mikkel@213083190131.sonofon.dk 1134157069 J * prae ~benjamin@sherpadown.net 1134157232 J * [1]jamal ~jamal@dialin108144.justdsl.de 1134157484 Q * jamal Ping timeout: 480 seconds 1134157716 Q * [1]jamal Ping timeout: 480 seconds 1134158259 Q * kavorka Ping timeout: 480 seconds 1134160926 J * emp ~emp@70.57.239.35 1134161043 M * Bertl welcome emp! 1134161064 Q * patulo Quit: 1134161323 J * comfrey ~comfrey@h-64-105-87-234.sttnwaho.covad.net 1134161686 M * Bertl welcome comfrey! 1134161696 M * Bertl dhansen: did you hijack the virt-ml now? 1134163555 J * matti matti@linux.gentoo.pl 1134163693 M * Bertl hey matti! 1134164161 J * gerrit ~gerrit@adsl-69-226-75-181.dsl.scrm01.pacbell.net 1134164359 M * Bertl welcome gerrit! 1134164590 M * gerrit hi Bertl 1134165645 J * kavorka ~mike@69-161-69-17.bflony.adelphia.net 1134165789 Q * comfrey Ping timeout: 480 seconds 1134166988 M * matti Bertl: :)* 1134167312 P * stefani I'm Parting (the water) 1134168029 Q * entroposcope Remote host closed the connection 1134168191 J * entroposcope ~entroposc@user-0c992og.cable.mindspring.com 1134168263 Q * shedi Quit: Leaving 1134168858 M * Hollow olla 1134168951 M * Doener hi Hollow 1134169044 M * Hollow hey Doener 1134169369 Q * mef Remote host closed the connection 1134169965 Q * Aiken Quit: Leaving 1134171467 J * psg ~psg@70.88.229.182 1134171490 M * psg Bertl --- are you there? 1134171606 M * psg Trying to "vserver ldt build -m yum .... -- -d centos42 , but getting an error where it's not able to set up repos. I googled and found mention of this in the mailing list, 1134171768 M * psg but have found no good fix. Enrico built a util-vserver-build-0.30.209-4 version with a comment that it was patched so vyum would work with yum >= 2.4, but it's for FC5 and won't install in CentOS4.2 1134171785 M * Bertl hmm 1134171818 M * Bertl do you have a proper repository configured? 1134171830 M * psg AHA! The date on the patch was Nov. 3, and the 0.30.209 on the ftp server I got was from October. 1134171841 M * psg I need to find his patch from Nov. 3 1134171907 M * psg From the changelog found on rpmfind.net: * Thu Nov 03 2005 Enrico Scholz - 0.30.209-4 1134171907 M * psg - exclude PPC from build; see 1134171907 M * psg https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172389 1134171907 M * psg - added patch to make 'vyum' work with yum-2.4 1134171994 M * psg Do you know where he keeps his *latest* tarball for util-vserver ??? 1134172005 M * Bertl http://www.13thfloor.at/~ensc/util-vserver/files/alpha/ 1134172139 M * psg It's not 0.30.209-4, from Nov 3rd., it's 0.30.209 from October 30th 1134172152 M * psg That is where I got it from, BTW. 1134172169 J * comfrey ~comfrey@dsl-66-78-68-4.ipns.com 1134172205 M * Bertl 0.30.209-4 does not look like a release from enrico 1134172214 M * Bertl it more looks like a debian release version 1134172228 M * psg http://rpmfind.net/linux/RPM/fedora/devel/x86_64/util-vserver-sysv-0.30.209-4.fc5.x86_64.html 1134172247 M * psg The changelog comments are from Enrico 1134172291 M * Bertl well, check out savannah, that's the main site enrico uses 1134172315 M * Bertl maybe he started to do 'special' fc5 releases too 1134172377 M * psg Yes, I'm looking there now ... the download area goes back to the 13thfloor ! 1134172394 M * Bertl I almost expected that :) 1134172398 M * psg Maybe I can figure this out from the rpm source. 1134172436 M * Bertl you might also consider checking out the cvs source 1134172456 M * psg Where can that be found? 1134172472 M * Bertl on savannah 1134172491 M * psg ok, thank you. I'll poke around some more ... 1134172505 M * psg Get some sleep!!!! 1134172579 M * Bertl hehe 1134172686 M * Bertl okay, off for a while now ... 1134172693 N * Bertl Bertl_oO 1134172766 P * psg