1134345602 M * mep_ yes vertl there is the order 1134345620 M * mep_ but thiss eth0:2 top of eth0:1 1134345622 Q * dos000 Quit: 1134345631 M * Bertl see, so if you 'change' that order the tools will probably check taht too 1134345635 M * mep_ i checked /etc/network/interfaces there the order is ok 1134345668 M * Bertl try to change the interfaces/1 to something like 3 1134345720 M * Bertl ah, wait, you use preassigned IPs? 1134345742 M * Bertl i.e. you assign the IPs on host startup, and just 'use' them in the guest? 1134345854 M * mep_ yes 1134345862 M * mep_ but the order is on the host wrong too 1134346040 M * mep_ so i increase the interface id number 1134346043 M * mep_ don't help :/ 1134346051 M * mep_ seems to be a general linux problem 1134346055 M * mep_ not vserver specific 1134346065 M * mep_ but perhaps you know help anyway :) 1134346229 J * shedi ~siggi@inferno.lhi.is 1134346281 M * Doener mep_: are those addresses in the same net? 1134346410 M * mep_ nope 1134346421 M * mep_ diffrent dubnets 1134346424 M * mep_ subnets 1134346436 M * mep_ but i got a second box with a similiar situtation 1134346440 M * mep_ there i got no problems 1134346596 M * Bertl mep_: IIRC, then the scripts will check the interfaces in alphabetical order 1134346652 M * mep_ ? 1134346756 M * Bertl let me put it this way 1134346768 M * Bertl the interfaces are listed in the order they were createt 1134346771 M * Bertl *created 1134346807 M * Bertl so, if you delete them and recreate them with 'ip' for example 1134346821 M * Bertl you can certainly ensure the desired order 1134346842 M * mep_ i think the order they would be created is listed on /etc/network/interfaces 1134346843 M * mep_ right? 1134346881 M * Bertl what distro? 1134346899 M * mep_ debian 1134346961 M * Doener mep_: is "eth0:2" in the same subnet as "eth0"? 1134346970 M * mep_ nope 1134346976 M * mep_ eth0:1 is the same network 1134347082 M * Bertl well, with debian you have to be lucky I guess :) 1134347127 M * mep_ hmpf 1134347179 A * SiD3WiNDR senses more anti-debianism :p 1134347211 A * SiD3WiNDR zz 1134347216 M * derjohn Bertl, why? But anyway usually you simply add an "up ip addr add 10.20.30.40/24 dev eth0" and "down ip addr del 10.20.30.40/24 dev eth0" to the eth0 section 1134347223 M * Bertl nono ... it's probably fixed in unstable :) 1134347261 M * mep_ by the way still no new merged patch(vserver+grsec) ready? 1134347263 M * mep_ ^^ 1134348383 M * Doener Bertl: ok, we got 2 subnet routes in mep_'s setup and 4 default routes. 1134348399 M * Doener the vserver has addresses from 2 subnets A and B 1134348424 M * Bertl which should be fine 1134348429 M * Doener it should use one from subnet B as source. it has no access to the source route assigned to that net. 1134348429 M * mep_ hmm my other got 3 hrhr 1134348435 M * mep_ there it work fine 1134348464 M * Doener and no access to the source address of the first default route, but to the source address of the second default route, which is the one being used by outgoing connections 1134348513 M * Doener so, i guess that's the reason? it skips the subnet's source address, the first default route's address and uses the one of the second default route? 1134348540 M * Doener i just had some glance over the relevant code and couldn't figure out exactly what's being done there... 1134348620 M * Bertl ahem, did I miss an url containing mep_'s route/ip info? 1134348629 M * mep_ ^^ 1134348654 M * mep_ hmm my ip routes look really messy 1134348666 M * mep_ but this are the default values very strange 1134348820 M * Doener Bertl: no, a priv. msg session ;) 1134348830 M * Doener he didn't want to paste it into public 1134348967 M * mep_ hmm where are this route tables defined 1134348977 M * mep_ i don configure this shit anytime 1134349018 M * derjohn mep_, each interface ip has a corresponding route. 1134349035 M * mep_ yes 1134349049 M * mep_ is it nessecary to manipulate this routes? 1134349087 M * derjohn mep_, necessary? well, most times not. 1134349095 M * mep_ hrhr 1134349106 M * mep_ could a missmatch cause speed problems? 1134349186 M * derjohn mismatch? with routes? hm, can not imagine that. either it works or not (well, if you set your default to 14.4 serial ...) 1134349196 M * mep_ hehe kk 1134349224 M * derjohn did I get it right that you have source routes? 1134349251 M * derjohn mep_, you have more than one default it written above? 1134349264 M * mep_ yes 1134349266 M * mep_ seems so 1134349278 M * mep_ i got 4 defaukt entrys 1134349279 M * derjohn mep_, differnt metric? you have you enabled "equal cost multipath" in kernel? 1134349335 M * derjohn mep_, then you could get the gateway keyword more than once in /etc/network/interfaces I guess and you would ahbe 4 default routes, used RR-style. 1134349365 M * mep_ yes i got multiple gateway entrys 1134349372 M * mep_ every ip got one 1134349377 M * mep_ 3 static one dhcp 1134349393 M * derjohn mep_, by intention? 1134349429 M * mep_ hmm use 4 ips? 1134349445 M * mep_ got 4 ips in diffrent subnets 1134349457 M * mep_ so i add all to the interface file 1134349463 M * derjohn "gateway" only sets a default route. normally "last match wins" (unless ECMP) 1134349469 M * Bertl well only one default route will be active anyway 1134349502 M * derjohn Bertl, not if equal cost multipath is enabled by strange .configs? 1134349513 M * Bertl k 1134349517 M * mep_ so now i'm really confuses 1134349527 M * derjohn mep_, homegrown kernel? 1134349530 M * mep_ where i find the ecmp option 1134349537 M * mep_ self build 1134349550 M * Bertl mep_: I doubt you want that 1134349561 M * derjohn mep_, I remember it in "network options" .. only settable by compile time. 1134349585 M * derjohn mep_, you want to get rid of that if it's there. 1134349718 M * mep_ hm hm hm 1134349729 M * mep_ don't find that option 1134349737 M * derjohn mep_, and BTW do a "ip rule list" to check if you have rt tables (and source routing) .. you dont need that 1134349769 M * mep_ i got there 4 default entrys 1134349777 M * mep_ and 3 of them got this src shit 1134349783 M * mep_ this are sthe static ones 1134349792 M * derjohn ip ro sh -> whtich metric do they have? 1134349825 M * derjohn is you dont see a "metric" it probaly not there 1134349844 M * mep_ no metric i think 1134350324 J * Aiken_ ~james@tooax6-237.dialup.optusnet.com.au 1134350683 Q * Aiken Ping timeout: 480 seconds 1134351330 M * locksy Has anyone been working on patches against 2.6.15-rcX ? 1134351718 M * Bertl AFAIK no 1134351727 M * Bertl do you plan to start on that? 1134351866 M * derjohn for the logs: if you use more than one default GW, take care to have IP: advanced router and IP policy routing on in kernel config. Debian seems to set src routes if you specify more than one GW in /etc/network/interfaces regardless of the kernel's features. 1134351919 M * derjohn by mep_ Bertl et al. ;) *afk now* 1134351936 M * mep_ we get the error ;) 1134351939 M * mep_ thx for your help 1134352478 M * Bertl you're welcome! 1134353290 J * mep__ mep@p5091BFCD.dip0.t-ipconnect.de 1134353579 M * locksy If I'm going to be applying patches netfilter's patch-o-matic to 2.6.14.3-vs2.0.1-rc5 what should I be keeping an eye out for which might need manual intervention (I'm not very familiar with the vserver codebase, but I have done a lot of kernel code merging before) 1134353733 Q * mep_ Ping timeout: 480 seconds 1134353977 M * Bertl locksy: I doubt that there are real collisions, at most you have to change a *_get_pid() to *_get_real_pid() call 1134354013 M * Bertl locksy: so I'd say, just patch it and see if you get compile errors (which I doubt) 1134356428 Q * Aiken_ Read error: Connection reset by peer 1134356438 J * Aiken ~james@tooax6-237.dialup.optusnet.com.au 1134356483 M * locksy thx Bertl. 1134356571 J * dos000 ~dos000@i216-58-41-120.cybersurf.com 1134356611 M * Bertl wb dos000! 1134356695 M * dos000 hey man 1134357028 J * lilo ~lilo@lilo.usercloak.oftc.net 1134357354 P * stefani parting (is such sweet sorrow) 1134357513 Q * lilo_ Ping timeout: 480 seconds 1134357916 Q * comfrey Quit: Leaving 1134358748 Q * nox Ping timeout: 480 seconds 1134359271 J * nox ~nox@noxlux.de 1134361534 J * Gerden ~Danger@006-99-174-200.tvsom.com.br 1134361586 Q * sebi Ping timeout: 480 seconds 1134362107 M * Bertl welcome Gerden! 1134362248 M * locksy I don't setup new vservers often enough :) I keep on forgetting the best settings :( 1134362275 J * menomc ~amery@200.75.27.24 1134362286 M * Bertl welcome menomc! 1134362383 Q * mnemoc Ping timeout: 480 seconds 1134362383 N * menomc mnemoc 1134362671 M * Gerden Bertl, ths.. 1134362971 M * locksy Bertl, does BME also include noexec binds or just ro? 1134363081 J * sebi ~sebi@Fd66c.f.strato-dslnet.de 1134363103 M * Bertl locksy: basically all flags not supported by mainline 1134363129 M * locksy WooHoo!!!!! 1134363129 M * Bertl (so yes, noexec and noatime too) 1134363879 J * ddlp ~ddlp@dsl081-142-246.chi1.dsl.speakeasy.net 1134364269 M * Bertl welcome ddlp! 1134364757 Q * dos000 Quit: Leaving 1134366273 M * FaUl which capability is necessary to set the time of the host 1134366282 M * FaUl i'd like to run a ntpd on one of my vserver 1134366336 M * Bertl hmm, good question ... 1134366373 M * Bertl CAP_SYS_TIME? 1134366384 M * FaUl sounds good :-) 1134366620 M * Bertl okay, off to bed now ... back tomorrow! 1134366628 N * Bertl Bertl_zZ 1134366632 M * FaUl bye 1134367197 J * balbir ~balbir@59.145.136.1 1134369492 J * gerrit ~gerrit@c-71-193-197-124.hsd1.or.comcast.net 1134369690 J * Smutje_ ~Smutje@xdsl-84-44-144-57.netcologne.de 1134369810 Q * Smutje Ping timeout: 480 seconds 1134371314 J * infowolfe ~infowolfe@209-112-208-145-cdsl-rb1.nwc.acsalaska.net 1134373140 Q * Aiken Ping timeout: 480 seconds 1134374104 Q * Smutje_ Quit: leaving 1134374506 J * Smutje ~Smutje@xdsl-87-78-2-43.netcologne.de 1134374899 M * eyck_ is anyone still proficient in 1.2.x vserver? I've got multiple partitions mounted inside vserver ( / , /var etc..), and I would like to see usage for them from inside ( df ), I've got something like that in /etc/mtab: "/dev/hdv1 / ext3 defaults 1 1" 1134374912 M * eyck_ is there some way to see the usage for /var for example? 1134376680 J * lilo_ ~lilo@CHERUBIM.MIT.EDU 1134376941 Q * lilo Remote host closed the connection 1134377494 J * comdata ~mertins@mx01.scheller.de 1134377507 M * comdata hello 1134380399 J * infowolfe_ infowolfe@209-112-208-145-cdsl-rb1.nwc.acsalaska.net 1134380825 Q * infowolfe Ping timeout: 480 seconds 1134381248 Q * infowolfe_ Quit: Leaving 1134381256 J * ddlp_ ~ddlp@dsl081-142-246.chi1.dsl.speakeasy.net 1134381675 Q * ddlp Ping timeout: 480 seconds 1134381833 J * jfl ~jfl@p3253-adslbkksp4.C.csloxinfo.net 1134382053 M * jfl I am trying again to install vserver. I have downloaded th 2.6.14.3-vs2.0-rc10 patch, patched and compiled and recompiled the 0.30.209 utilities. Now when I try to create my first guest server I get 1134382054 M * jfl [root@gw ~]# vserver dns build -m apt-rpm --force --hostname=dns.kic.muangchiangrai.net --interface eth1:10.0.0.3/24 -- -d fc3 1134382054 M * jfl /etc/vservers/dns/apps 1134382054 M * jfl Renamed '/etc/vservers/dns' to '/etc/vservers/dns.~1134383870~' 1134382054 M * jfl Reading Package Lists... Done 1134382056 M * jfl Building Dependency Tree... Done 1134382058 M * jfl Reading Package Lists... Done 1134382060 M * jfl Building Dependency Tree... Done 1134382062 M * jfl E: Couldn't find package glibc 1134382064 M * jfl Any suggestions? 1134382326 M * daniel_hozac try using -m yum 1134382682 Q * Gerden Quit: tchau..! 1134382708 M * jfl [root@gw ~]# vserver dns build -m yum --force --hostname=dns.kic.muangchiangrai.net --interface eth1:10.0.0.3/24 -- -d fc3 1134382708 M * jfl You are using a version of yum which is insecure and broken in chroot 1134382708 M * jfl related operations; either apply the patches shipped in the 'contrib/' 1134382708 M * jfl directory of util-vserver, or ask the author of yum to apply them 1134382708 M * jfl (preferred). 1134382710 M * jfl In the meantime, 'vyum' will continue with dirty hacks which might not 1134382712 M * jfl work when the vserver is running and local DOS attacks are possible. 1134382714 M * jfl Execution will continue in 5 seconds... 1134382716 M * jfl You have enabled checking of packages via GPG keys. This is a good thing. 1134382718 M * jfl However, you do not have any GPG public keys installed. You need to download 1134382720 M * jfl the keys for packages you wish to install and install them. 1134382722 M * jfl You can do that by running the command: 1134382724 M * jfl rpm --import public.gpg.key 1134382726 M * jfl Alternatively you can specify the url to the key you would like to use 1134382728 M * jfl for a repository in the 'gpgkey' option in a repository section and yum 1134382734 M * jfl will install it for you. 1134382736 M * jfl For more information contact your distribution or package provider. 1134382738 M * jfl [root@gw ~]# rpm --import public.gpg.key 1134382740 M * jfl error: public.gpg.key: import read failed. 1134383407 Q * sladen Quit: Changing server 1134383665 J * sladen paul@starsky.19inch.net 1134384866 J * ddlp ~ddlp@dsl081-142-246.chi1.dsl.speakeasy.net 1134385178 J * ddlp__ ~ddlp@dsl081-142-246.chi1.dsl.speakeasy.net 1134385285 Q * ddlp_ Ping timeout: 480 seconds 1134385480 J * ddlp_ ~ddlp@dsl081-142-246.chi1.dsl.speakeasy.net 1134385612 Q * ddlp Ping timeout: 480 seconds 1134385674 Q * ddlp__ Ping timeout: 480 seconds 1134385982 J * ddlp ~ddlp@dsl081-142-246.chi1.dsl.speakeasy.net 1134386293 J * ddlp__ ~ddlp@dsl081-142-246.chi1.dsl.speakeasy.net 1134386395 Q * ddlp_ Ping timeout: 480 seconds 1134386491 N * ddlp__ ddlp_ 1134386550 M * ddlp_ .bash_history 1134386714 Q * ddlp Ping timeout: 480 seconds 1134387035 Q * ddlp_ Ping timeout: 480 seconds 1134388089 M * eyck_ is anyone still proficient in 1.2.x vserver? I've got multiple partitions mounted inside vserver ( / , /var etc..), and I would like to see usage for them from inside ( df ), I've got something like that in /etc/mtab: "/dev/hdv1 / ext3 defaults 1 1" 1134388105 M * eyck_ is that at all possible with 1.2? 1134388931 Q * SiD3WiNDR Ping timeout: 480 seconds 1134389280 J * SiD3WiNDR luser@bastard-operator.from-hell.be 1134389296 P * jfl Leaving 1134392998 N * Bertl_zZ Bertl 1134393002 M * Bertl morning folks! 1134393018 M * Bertl eyck_: yup, just add the 'missing' entries into /etc/mtab 1134393038 M * Bertl eyck_: df will check that and report the usage sizes properly 1134393327 Q * Doener Read error: Connection reset by peer 1134393342 M * Bertl okay, off for breakfast! back later ... 1134393348 N * Bertl Bertl_oO 1134393350 J * Doener doener@i5387E849.versanet.de 1134393906 M * eyck_ Bertl: what should I put as missing entry? when I add ANYTHING, it just reports the same data as for / 1134393965 M * eyck_ like that: /dev/hde1 12G 9,3G 2,8G 77% / 1134393965 M * eyck_ /dev/hdv1 12G 9,3G 2,8G 77% /usr 1134393966 M * eyck_ /dev/spool/var 12G 9,3G 2,8G 77% /var 1134394010 M * eyck_ WOA 1134394012 M * eyck_ my mistake 1134394017 M * eyck_ it works! it's a miracle! 1134394157 N * eyck_ Eyck 1134394168 M * Eyck Bertl_oO: thanks. 1134394312 P * tomas 1134394663 Q * balbir Quit: Leaving 1134395858 Q * click Ping timeout: 480 seconds 1134396772 M * Kara_ hiho 1134396824 M * Kara_ might be a noobish question but: if i built a skeleton vserver - just the skeleton shows up with 9GB of data using df at the host? is that correct? 1134397807 J * ||Cobra|| ~cob@pc-csa01.science.uva.nl 1134397815 M * ||Cobra|| hi 1134397887 M * ||Cobra|| has anyone already installed vserver onto a 2.6.14 kernel ? 1134398320 J * click click@ti511110a080-3841.bb.online.no 1134398701 M * harry yup 1134398729 M * harry ||Cobra||: vserver1:~# uname -a 1134398729 M * harry Linux vserver1 2.6.14.2-vs2.1.0-rc7-harry #2 SMP Thu Nov 17 16:15:24 CET 2005 i686 GNU/Linux 1134398793 M * ||Cobra|| i only have this 2.6.14-1.1644_FC4smp 1134398797 M * ||Cobra|| hi harry 1134398807 M * ||Cobra|| i 've installed from the rpm 1134398923 M * ||Cobra|| did u follow the install instruction of this webpage http://linux-vserver.org/VServer+installation+Fedora+Core+4 ? 1134398927 M * harry i installed from source : 1134398928 M * harry :) 1134398935 M * ||Cobra|| oki ^^ 1134398937 M * harry it runs on debian here :) 1134398941 M * harry vanilla kernel 1134398947 M * ||Cobra|| i 've a fedora 1134398949 M * ||Cobra|| core 4 1134398975 M * harry just download kernel sources, patch kernel, compile, run, compile and run userland tools, and you're off 1134398982 M * harry (that's how i should do it ;)) 1134398990 M * ||Cobra|| okay i'll try this 1134398997 M * harry :) 1134399018 M * ||Cobra|| and how do u install a guest server ? 1134399030 M * ||Cobra|| i mean onto a new partition 1134399037 M * ||Cobra|| like a red hat 7.3 1134399257 M * harry well.... 1134399258 M * harry i used the vserver build -m debootstrap a few time 1134399259 M * harry s 1134399279 M * harry and once copied a running machine to my vserver dir 1134399289 M * harry then vserver build -m skeleton 1134399295 M * harry (it was a rh as 3) 1134399317 M * harry then , after copying, remove the unneeded symlinks 1134399367 M * ||Cobra|| but do i have to install the red hat guest system before that ? 1134399386 M * harry you don't have to 1134399389 M * harry it's all in the docs 1134399396 M * harry there are many images on the net too btw:) 1134399439 M * harry starter images... 1134399439 M * harry those are really easy to deploy 1134399493 M * ||Cobra|| really ? 1134399499 M * ||Cobra|| i haven't seen them 1134399515 M * ||Cobra|| anyway thx for your help 1134399525 M * ||Cobra|| :) 1134399529 M * harry http://debian.marlow.dk/vserver/guest/ 1134399542 M * harry e.g. 1134399555 M * harry WITH a deploy-vserver script :) 1134399628 M * ||Cobra|| ok 1134399709 M * ||Cobra|| is it u on the pictures ? 1134399746 M * ||Cobra|| cause i dont find the pictures of the vserver install :P 1134399888 M * harry ? 1134399896 A * harry doesnt have pics ;) 1134399932 A * harry calls himself harry, because not everyone has to know i'm god;) 1134399970 M * ||Cobra|| :P 1134399992 M * ||Cobra|| sacre belge :P 1134400041 M * harry :) 1134400078 M * ||Cobra|| tu parles fr ? 1134400185 M * harry un petit peu 1134400188 M * harry pas beaucoup 1134400192 M * harry vous etes francais? 1134400211 M * ||Cobra|| oui 1134400231 M * harry tu vas a 22c3 aussi? 1134400238 M * ||Cobra|| je connais pas 1134400244 M * harry tu connais ccc? 1134400245 M * ||Cobra|| qu est ce que c est ? 1134400248 M * ||Cobra|| non 1134400255 M * harry sec 1134400296 M * harry http://events.ccc.de/congress/2005/ 1134400379 M * ||Cobra|| ah ok i know that 1134400381 M * ||Cobra|| :) 1134400403 M * ||Cobra|| when is it ? 1134400486 M * harry 27-30/12 1134400491 M * ||Cobra|| ok i just saw the date 1134400499 M * ||Cobra|| no i'll be away 1134400504 M * ||Cobra|| and u ? 1134400545 M * harry yups 1134400548 M * harry just like last year :) 1134400565 M * ||Cobra|| :) 1134401716 N * Bertl_oO Bertl 1134401723 M * Bertl back again! 1134401755 P * kavorka Client exiting 1134402204 M * daniel_hozac ||Cobra||: the vserver kernel RPMs should work fine for 2.6.14. 1134402223 M * daniel_hozac they're slightly more recent than the most recent core update though, as i build from CVS snapshots. 1134402225 M * ||Cobra|| yes daniel thnaks 1134402230 M * ||Cobra|| i just found it 1134402233 M * ||Cobra|| :P 1134402886 Q * ||Cobra|| Remote host closed the connection 1134402935 Q * comdata Quit: using sirc version 2.211+KSIRC/1.3.12 1134403120 J * ||Cobra|| ~cob@pc-csa01.science.uva.nl 1134403976 J * pflanze ~chris@unk-110.ethz.ch 1134403981 M * pflanze Hello 1134403992 M * Bertl welcome pflanze! LTNS! 1134404009 M * pflanze Hi Bertl. What's LTNS ? 1134404049 M * Bertl Long Time No See :) 1134404065 M * Bertl means, we missed you :) 1134404087 M * pflanze ah. yep :) 1134404102 M * pflanze Well, when I'm coming, that means I'm coming with problems.. 1134404144 M * Bertl well, I'm confident we can solve them ... 1134404158 M * pflanze I can't start one of my vservers. vserver foo start just doesn't do anything, except rewrite the file /etc/vservers/foo/run 1134404168 M * pflanze The other vservers run fine. 1134404198 M * pflanze (The machine had a problem (crashed for some probably hardware related reason), so that might have triggered it) 1134404202 M * Bertl what distro on the host and inside the guest? 1134404209 M * pflanze host: debian. guest: gentoo 1134404223 M * pflanze (it's the only gentoo guest. The other guests are debian.) 1134404226 M * Bertl check for the 'running' information inside the guest 1134404238 M * pflanze how? 1134404254 M * Bertl (means, ask some gentoo folks where the runlevel scripts write that information or scan the ML archives) 1134404277 M * Bertl basically on service startup, gentoo writes to file that the service was started 1134404289 M * pflanze ah, you mean it won't boot becaue it thinks it's already running? 1134404295 M * Bertl and when the service is stopped, it removes those files\ 1134404306 M * Bertl now as your server crashed, the files are still there 1134404318 M * pflanze yep, but I did write a script which removes those files. 1134404335 M * pflanze which is run on startup. let me check if it is really run 1134404453 M * Bertl hmm, the race conditions are interresting ... 1134404466 M * Bertl micah: could you elaborate on them please? 1134404473 M * pflanze the script removes all files $vdir/var/run/*.{pid,lock} and does it really 1134404506 M * micah Bertl: unfortunately the only information i have is what is contained in those URLs 1134404534 M * micah Bertl: you are speaking of the 2003-1288 one? 1134404545 M * Bertl pflanze: okay, let's do the guest startup with --debug 1134404548 M * Bertl micah: yes 1134404642 M * Bertl micah: did the debian code base include/contain those releases at all? 1134404668 M * Bertl pflanze: please upload the output somewhere (e.g. pastebin) 1134404791 Q * michal_ Ping timeout: 480 seconds 1134404807 M * micah Bertl: CVE issues are not related to Debian, I highly doubt that these issues were reported by Debian because I know Ola didn't do it 1134404829 M * micah Bertl: but that doesn't answer the question of if debian contained this release 1134404867 M * Bertl ah, okay, sorry then, got the impression they actually _were_ debian related (somehow) 1134404917 M * Bertl and yes, I can confirm both of the issues, although the 2003-1288 one sounds a little strange (mentioning all those syscalls :) 1134404984 M * micah Bertl: yeah, its a really old package version and I can't seem to find that revision in the archives, so it is hard to tell if debian did include a vulnerable version at one point 1134404986 M * daniel_hozac what's the other one? 1134404993 M * micah daniel_hozac: the URLs are here: 1134404997 M * micah http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1288 1134405009 M * micah http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2613 1134405019 M * micah they were just released by mitre today (for ancient issues) 1134405072 M * micah my guess is that some vendor did report these -- as it requires a candidate naming authority to assign them 1134405079 M * pflanze Bertl: http://elvis-jaeger.mine.nu:5080/~chris/scratch/out 1134405162 M * Bertl pflanze: well, it successfully executes /sbin/rc 1134405181 M * Bertl there is not much more the tools can do in this configuration 1134405189 M * pflanze k 1134405201 M * Bertl obviously the guest fails to start any services which stay alive after that 1134405245 M * micah the positive side of thee CVE releases is that any vendor or individual who is using such an old version will be more motivated to finally upgrade ;) 1134405258 M * Bertl indeed :) 1134405440 M * Bertl micah: you have to apologize, but it's early in the morning ... and I'm still trying to get my caffeine level up to normal :) 1134405558 M * micah Bertl: so am I, monday necessary levels of caffeine have not been reached 1134405595 M * micah Bertl: to provide more info about the debian question -- I've just confirmed that no released version of debian had these patches (neither sarge, nor woody) 1134405634 M * Bertl well, previous versions probably had the same issues 1134405708 M * micah yes, but I think the first version of vserver that was included in a debian release are the 2.4.27 and 2.6.8 patches that we've dealt with 1134405719 M * Bertl okay, good 1134405732 M * Bertl (or not that good, actually :) 1134405736 M * micah hehe 1134405762 M * micah at least the vserver patch was not called kernel-patch-ctx in debian (I got a hold of it to fix this before sarge released) 1134405812 M * Bertl great work, we appreciate it! :) 1134406065 J * stefani ~stefani@superquan.apl.washington.edu 1134406077 M * Bertl morning stefani! 1134406269 M * stefani hola 1134406569 M * Hollow pflanze: which version of baselayout is your guest using? 1134406699 M * pflanze Hollow: I don't know. We got the problem solved, by rm -f /var/lib/init.d/started/* 1134406711 M * pflanze seems gentoo is using such files all over the places. 1134406724 M * pflanze But now the machine crashed again. Have to translocate to the server room. 1134406732 M * pflanze see you 1134406735 M * Hollow this is the init script depency cache, which gets confused if you're using gentoo init style e.g. 1134406742 M * pflanze ah 1134406749 M * Hollow you shouldn't do this 1134406760 M * pflanze what should I do? 1134406782 M * Bertl Hollow: do we know _why_ the gentoo init style was introduced in the first place? 1134406806 M * pflanze Currently I do rm /var/run/*.{pid,lock}, now I was going to add rm /var/lib/init.d/started/* as well. 1134406807 M * Bertl Hollow: would a sane 'gentoo' inistyle allow to have something like szsv init style for gentoo? 1134406810 M * Hollow if you're using sys-apps/baselayout look how to convert here: http://linux-vserver.org/GentooGuestHowto otherwise upgrade baselayout-vserver to >=1.11.13 and switch to plain init style 1134406839 Q * romke Quit: leaving 1134406863 M * Hollow Bertl: gentoo init style is a hack for old gentoo installations where you manually hack some init scripts, so the hack work with hacks, and hacks all over the place ;) 1134406869 M * pflanze The reason I was switching to gentoo init style from plain was that with plain, the vserver would restart forever upon startup. 1134406870 M * Hollow no wonder the dep cache gets confused 1134406898 M * Hollow Bertl: what is szsv? 1134406911 M * pflanze The looping occurs with some debian guests as well, though. I still don't know where it comes from. 1134406912 M * Hollow pflanze: try recent baselayouts, they're working quite fine 1134406913 M * Bertl Hollow: yeah, looks like, what I mean is (sorry sysv, us keyboard) 1134406936 M * Bertl the sysv init style has the 'advantage' that you do not have an init running 1134406952 M * Hollow Bertl: well, i tried to implement it, but the dep cache is very fragile... it didn't work out pretty well 1134406957 M * Bertl now I wonder, would similar be possible (in a sane way) for gentoo? 1134406993 M * Bertl shouldn't calling the proper rc scripts be enough? does init do something else? 1134406998 M * Hollow well, there sure is one, but it has to be found :P 1134407024 M * Bertl I think it will get especially interesting with persistent context 1134407026 M * Bertl +s 1134407041 M * Hollow why? 1134407055 M * Bertl (because they should behave exactly the same as with init, except for the init restarts) 1134407095 M * Bertl btw, do your tools support the no-dynamic case yet, or did I promise too much on the ML? 1134407101 M * Hollow mhm 1134407101 M * Hollow sounds interesting indeed 1134407115 M * Hollow my tools don't support dynamic ids at all 1134407140 M * Bertl so they should work fine with that feature disabled, right? 1134407157 J * Smutje_ ~Smutje@xdsl-87-78-7-114.netcologne.de 1134407157 M * Hollow and if they do, it's a bug 1134407157 M * Hollow yep 1134407173 M * Bertl btw, dynamic id support would be good to have, but implemented in userspace ... 1134407233 M * Hollow shouldn't be too hard i guess... though i'm bit low on time atm, just some bug fixing here and there 1134407255 Q * Smutje Ping timeout: 480 seconds 1134407267 M * Bertl Hollow: no need to hurry ... just keep it in mind ... 1134407272 N * Smutje_ Smutje` 1134407341 M * Hollow yeah, btw.. after approx. jun 06 im finished with school, and probably relocate to berlin 1134407607 M * Bertl cool! 1134407611 Q * pflanze Quit: later 1134407638 M * FaUl Hollow: what do you want to do in berlin? study 1134407639 M * FaUl ? 1134407857 M * Hollow yeah, probably ;) 1134407981 A * ||Cobra|| cassos , +++ 1134407986 Q * ||Cobra|| Quit: Leaving 1134409088 N * nokoya nokoya537 1134409106 M * Bertl hmm, wb nokoya537! 1134409117 N * nokoya537 nokoya 1134409119 M * nokoya :D 1134409150 M * nokoya some stupid kiddies sent me a email looks like it's from paypal and ask me to update info on their site 1134409157 M * nokoya looks funny 1134409157 M * nokoya lol 1134409326 M * Bertl yeah, happens now and then ... 1134409426 M * nokoya i fill it with vulgar word asn says Im laughing at their stupiad face :D 1134409451 M * Bertl well, if that makes you happy :) 1134409463 M * nokoya yeah felt more happy :D 1134411564 M * Bertl Doener, Hollow, micah: I'm looking @ 2.0.1-rc5 and the following hunk 1134411597 M * Bertl --- linux-2.6.14.3/fs/ext2/inode.c 2005-10-28 20:49:44 +0200 1134411597 M * Bertl +++ linux-2.6.14.3-vs2.0.1/fs/ext2/inode.c 2005-12-02 16:20:31 +0100 1134411597 M * Bertl @@ -1053,8 +1070,6 @@ ***** 1134411597 M * Bertl inode->i_flags |= S_SYNC; 1134411599 M * Bertl if (flags & EXT2_APPEND_FL) 1134411602 M * Bertl inode->i_flags |= S_APPEND; 1134411604 M * Bertl - if (flags & EXT2_IMMUTABLE_FL) 1134411607 M * Bertl - inode->i_flags |= S_IMMUTABLE; 1134411609 M * Bertl if (flags & EXT2_NOATIME_FL) 1134411612 M * Bertl inode->i_flags |= S_NOATIME; 1134411614 M * Bertl if (flags & EXT2_DIRSYNC_FL) 1134411618 M * Bertl and I'm not sure why we would do that, actually ... 1134411992 M * Bertl ah, nevermind, it's just moved around 1134412073 A * Bertl is still not used to his new hunk splitting script :) 1134412213 M * Hollow haha 1134412218 M * Hollow ;) 1134412453 M * matti Hollow: What is exactly diffrent in vserver baselayout if we compare it to the common one? 1134412509 M * matti Hollow: I want to change my custom embedded hardened gentoo (uClibc based) in to vserver guest. 1134412512 M * matti :) 1134412553 M * Hollow well, it basically removes all stuff that is unnecessary or would need higher privileges 1134412553 M * Hollow e.g. mount, fsck, etc 1134412560 M * Bertl hmm, matti, you're experienced with uClibc and other embedded stuff, right? 1134412566 M * matti Bertl: Yes. 1134412591 M * matti Hollow: I know, that the dev will be different, etc. 1134412601 M * matti Hollow: But, what will happen if I use udev? 1134412614 M * matti Hollow: BTW, there's also the "hardened" factor. 1134412618 M * Bertl would be interesting to get a micro distribution, maybe including a micro guest which can be used for testing (e.g. automated testing with qemu) 1134412623 M * matti Hollow: I mean - PIE/SSP, grSecurity... 1134412640 M * Hollow matti: why should /dev entries be different? 1134412652 M * Hollow haha.. good luck with grsec and vserver ;) 1134412669 M * matti Hollow: In PLD are different - very little entiers, etc. 1134412677 M * matti s/entiers/entries/ 1134412684 M * Hollow pld? 1134412692 M * matti Bertl: If you can fit with ~50 MB :) 1134412709 M * matti Hollow: Well, I compare the Gentoo guest and the PLD one. 1134412792 M * Hollow what is pld? 1134412796 M * Bertl matti: well, I currently have a system around 30MB for the host (including all tools and stuff) 1134412851 M * Bertl matti: http://vserver.13thfloor.at/Stuff/QEMU/TEST_32M_public2.img.bz2 1134412868 M * matti Bertl: This 50 MB is complete WISP router. Not based on busybox, etc - I hate BB :) 1134412877 M * Bertl it's based on a mix of busybox and mandrake libraries 1134412890 M * matti So, that's why is so small :) 1134412892 M * Bertl matti: yes something like that would be nice, I guess 1134412921 M * matti Hollow: Well, some distribution. Forget about it. 1134412936 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il 1134412938 M * Hollow ok.. 1134412944 M * matti Hollow: I'll check the vserver stuff in Gentoo either way :) 1134412946 M * Bertl welcome flock! LTNS! 1134412961 M * Hollow well, vservers generally have few entries in /dev 1134412979 M * Bertl matti: maybe you remember, some time ago we talked about a specifically stripped down 'host' distro 1134412992 M * matti Bertl: Yes. 1134413021 M * Bertl (which ideally would allow to create all kind of guests - rpm, and deb based as well as source compiled) 1134413035 M * matti Hm.. 1134413052 M * matti Bertl: Sounds linke build-host? 1134413063 M * matti Damn, my old freakin keyboard. 1134413068 M * matti s/linke/like/ 1134413076 M * Bertl one thing which should be addressed is support for all kind of archs 1134413084 M * matti Why keys olways stuck... heh. 1134413099 M * matti s/olways/always/ 1134413107 M * matti Sorry for typos. 1134413125 M * Bertl so that you basicall 'compile' the host distro (ala rock linux or T2) and then install the result to a server 1134413154 M * Bertl matti: no need to apologize for typos, if you manage to get more than I, you win a cookie :) 1134413162 M * matti Bertl: Does Rock Linux still alive? 1134413184 Q * flock Remote host closed the connection 1134413189 M * Bertl not sure (but I guess yes), mnemoc might know ... 1134413409 M * daniel_hozac please, no self-compiling distros :) 1134413504 M * daniel_hozac (of course, the possibility of doing so is nice to have, but binary packages are just so much faster) 1134413558 M * Bertl daniel_hozac: nono you got that one wrong ... 1134413576 M * Bertl daniel_hozac: I mean, we should have some kind of linux-vserver 'host' distro 1134413582 M * daniel_hozac well, i've never heard of rock linux or T2 before, so... 1134413598 M * daniel_hozac right. 1134413610 M * Bertl something which does not take up much space, can be easily compiled for 20 distros and made available on ftp/http 1134413635 M * Bertl might be based on something existing though ... no problem with that 1134413680 M * daniel_hozac a distro compiled for distros? hmm? 1134413723 M * Bertl well, IMHO a replacement for the 'typical' distro sitting on the vserver host 1134413751 M * Bertl maybe a simple image on a CD (like knoppix) 1134413766 M * Bertl which you can easily copy over to your server 1134413797 M * Bertl readuce to the necessary stuff for vserver hosting 1134413816 M * Bertl (not sure that would make sense, just brainstorming) 1134413924 M * daniel_hozac so basically a minimalistic distro for vserver hosts? 1134413964 M * Bertl yep, precisely, something you can simply install and start hosting 1134413990 M * Bertl no special tool compiling, no distro fixing, etc ... 1134414051 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il 1134414148 M * daniel_hozac right, i think it makes sense. 1134414320 J * micah_ micah@micha.hampshire.edu 1134414737 Q * micah Ping timeout: 480 seconds 1134414769 J * Uli Uli@Jbcb8.j.pppool.de 1134414926 M * Uli Hello everybody ;) 1134414934 M * FaUl hello uli 1134415784 M * Uli Perhaps anyone can help me, I'm using Kernel2.6.14.3 with vserver-patch 0.30.209 and im trying to change the network interface inside a vserver from eth0:0 to eth0, but when i change the interfacename in /etc/vservers/SERVERNAME/interfaces/0/dev and restart the server, nothing happens, but i also haven't found any other configfile for the networkinterfaces inside a vserver. Hopefully you understand 1134415784 M * Uli what i mean 1134415804 M * Uli sorry for this long desc, but you are my last chance 1134415865 M * Uli i only need a short tip where i have to look 1134415868 Q * micah_ Quit: leaving 1134415955 M * FaUl you simply cant rename a network-interface 1134415962 M * FaUl why do you want to rename one? 1134415983 Q * Bertl Ping timeout: 480 seconds 1134416144 M * Uli i got 4 IP's on my Hostsystem (1 for Host(eth0), rest for the vservers(eth0:0 - eth0:2) so i thought i have to name it the same way in the vservers, but now confixx (sorry its crap but i need it on one vserver) needs the name "eth0" for the license-authentification and as i now know you can name the network interface "eth0" inside the vserver, what is eth0:0 on the Hostsystem 1134416182 M * Uli so i want to put the ip of eth0:0 of hostsystem on eth0 on the vserver 1134416182 M * FaUl hm 1134416198 M * FaUl as far as i know this isn't possible 1134416217 M * FaUl but you may add extra adresses to eth0 with ip addr add dev eth0 1134416227 M * FaUl without this eth0: stuff 1134416293 M * Uli hm 1134416306 M * Uli ill try this 1134416351 M * Uli thanks so long 1134416497 M * Uli hm, i cant do this on the vserversystem (i did it like this: vserver SERVERNAME exec ip addr add XXX.XXX.XXX.XXX dev eth0) and on the hostsystem it wont help i think 1134416514 M * FaUl nope, you cant 1134416544 M * FaUl but you can ifconfig eth0:1 down and ip addr add xxx.xxx.xxx.xxx dev eth0 on the host 1134416549 M * FaUl and your guest will change as well 1134416616 M * Uli i try this 1134416686 M * FaUl good luck 1134416714 M * daniel_hozac FaUl: you can rename interfaces, see nameif. 1134416738 M * daniel_hozac you can't rename aliases though, AFAIK. 1134416811 M * daniel_hozac Uli: ip addr add is the default mode of adding addresses for util-vserver 0.30.209, unless you specify a name in /etc/vservers//interfaces/X/name 1134416852 M * Uli hm 1134416995 J * Bertl herbert@212.16.62.52 1134416997 M * Uli trying this with the /interfaces/X/name 1134417015 M * Bertl ah, great ... was disconnected and didn't even realize it 1134417028 M * Bertl okay, off for a meeting now ... back later 1134417038 N * Bertl Bertl_oO 1134417346 M * Uli alright, restarted this vserver, eth0:0 is gone, but @ifconfig no ip is assigned to eth0 even though there is one in etc/vservers//interfaces/0/ip , @"ip addr" i can see the ip and i can login to the vserver via ssh, but how can i assign the ip@ifconfig (im sorry for my (perhaps dumb) questions) 1134417379 M * daniel_hozac ifconfig is old and broken and shouldn't be used. 1134417448 M * Uli hm, k 1134418276 J * Aiken ~james@tooax6-161.dialup.optusnet.com.au 1134420765 M * Uli is there a possibility to put it into ifconfig? even if that shouldn't be used (confixxcrap uses this) 1134420776 M * Uli makes my version of the vserver-patch 0.30.209 use of .conf files? 1134420864 Q * gdm Quit: leaving 1134422343 M * daniel_hozac umm, there is no 0.30.209 version of the patches. 1134422356 M * daniel_hozac that's the util-vserver version. 1134422587 M * Uli oh sorry 1134422600 M * Uli wrong file 1134422637 M * Uli patch-2.6.14.2-vs2.1.0 <-- this one 1134422676 M * Uli but can i use .conf files? 1134422676 M * daniel_hozac you can, but it's not recommended at all. 1134422681 M * daniel_hozac you won't get any of the new features. 1134422688 M * Uli hm 1134422731 N * Bertl_oO Bertl 1134422750 M * Uli confixx doesn't work if it doesn't detect a ip on eth0 1134422750 M * Bertl ah, back now ... interesting times :) 1134422799 M * Bertl Uli: confixx also uses ifconfig to get that information, right? 1134422799 M * Uli i think so yes 1134422799 M * Bertl Uli: so why not replace that with a script :) 1134422813 M * Uli Bertl if you got one, why not (or you know how to) 1134422835 M * Bertl (IIRC a few folks already did that) 1134422842 M * Bertl Uli: I'm not using Confixx because of the lack of source 1134422846 M * Uli hm, i think i'll try google 1134422857 M * Uli i hate confixx 1134422900 M * Uli :) 1134422904 M * Uli thats why i'm setting up the vservers 1134422913 M * Bertl to contain it properly :) 1134422919 M * Uli right 1134422954 M * Uli 4 IP's for one confixx is not properly :) 1134422998 M * Bertl so, the first approximation would be to take the output of 'ifconfig' on an existing confixx system 1134423017 M * Bertl and just replace the 'IP' with the guest IP 1134423026 M * Uli the IP is still the same 1134423059 M * Bertl wrap that in a few layers of bash, and put where ifconfig usually is 1134423059 M * Bertl +it 1134423068 M * Bertl then see if confixx is happy 1134423117 M * Uli seems so easy^^ 1134423197 M * Uli i think you mentioned a good solution, google trys to make me happy ;) 1134424005 Q * click Ping timeout: 480 seconds 1134424219 M * Uli bertl: http://www.sculpturedlife.com/vserver/irc-logs/index.php?date=2004-09-15 <-- look for "confixx", it was in this channel :) 1134424364 M * Bertl not quite unexpected :) 1134424473 M * Uli Doener: Hav you got this script (ifconfig-fake for fooling confixx) 1134424486 M * Uli i hope he's still the same person :) 1134424653 M * Bertl I hope so too :) 1134424673 M * Bertl just hang around a little, he will answer when he gets back 1134424702 M * Uli i hope i can hang ;) my internet connection is not the best in these days 1134424757 M * Uli thank you for your support 1134424766 M * Bertl well, you can alternatively state that fact here and read up via the realtime irc logs later ... 1134424780 M * Bertl and, you're welcome! 1134424787 M * Uli i'm trying to get a bouncer over here 1134425295 M * Doener Uli: no, don't have that anymore IIRC 1134425326 M * Uli oh noo 1134425337 M * Uli hm 1134425340 M * Doener but you can easily create it yourself, just get some valid ifconfig output and put it into a shell script that outputs it 1134425351 M * Uli hm youre right 1134425367 M * Doener then rename your original ifconfig and put the shell script there 1134425378 M * Uli alright thanks 1134425399 M * Doener for fast copying, replace values like mac and ip addresse with variables that you setup and the top of the script 1134425420 M * Uli good idea 1134425552 M * Doener off to bed now... have a good one! 1134425552 Q * Doener Quit: Leaving 1134425699 M * Bertl okay, leaving now too .. back later ... 1134425705 M * Uli cya 1134425707 N * Bertl Bertl_oO 1134425720 P * Uli 1134426291 P * stefani I'm Parting (the water) 1134427681 Q * lilo_ Remote host closed the connection 1134428043 J * lilo ~lilo@muon.cygnusx-1.org 1134429410 Q * monrad Remote host closed the connection 1134429432 J * monrad ~mikkel@213083190131.sonofon.dk 1134430252 N * Bertl_oO Bertl 1134430422 M * Bertl evening folks! 1134430431 M * daniel_hozac evening! 1134430499 Q * monrad Quit: leaving 1134430517 J * monrad ~mikkel@213083190131.sonofon.dk