1135036888 Q * dos000 Quit: Leaving 1135037587 J * ryker ~ryker@c-67-176-240-74.hsd1.in.comcast.net 1135037708 J * jayeola ~jayeola@host-87-74-46-211.bulldogdsl.com 1135037759 M * Bertl welcome ryker! jayeola! 1135037865 M * jayeola hello chaps 1135038062 J * shedi ~siggi@inferno.lhi.is 1135038207 M * Bertl wb shedi! 1135038219 Q * jayeola Read error: Connection reset by peer 1135038232 M * shedi hello Bertl 1135038243 J * jayeola ~jayeola@host-87-74-46-211.bulldogdsl.com 1135038826 M * ryker hello 1135040065 Q * Johnnie Remote host closed the connection 1135040520 J * lilo_ ~lilo@lilo.usercloak.oftc.net 1135040676 Q * lilo Ping timeout: 480 seconds 1135041123 J * sebi_ ~sebi@Fd3ad.f.strato-dslnet.de 1135041226 Q * sebi Ping timeout: 480 seconds 1135042319 Q * comfrey Ping timeout: 480 seconds 1135042561 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il 1135042867 Q * ryker Quit: Leaving 1135044809 J * mep_ mep@p5091B8E4.dip0.t-ipconnect.de 1135045250 Q * mep__ Ping timeout: 480 seconds 1135045697 M * Bertl k, I'm off to bed now .. back tomorrow! 1135045707 N * Bertl Bertl_zZ 1135046303 J * dos000 ~dos000@i216-58-27-21.cybersurf.com 1135050918 J * Johnnie ~jdlewis@acs-24-154-53-16.zoominternet.net 1135053557 J * stefani ~stefani@c-24-19-46-211.hsd1.wa.comcast.net 1135054434 Q * dos000 Quit: Leaving 1135057142 P * stefani parting (is such sweet sorrow) 1135057481 J * balbir ~balbir@59.145.136.1 1135062083 Q * flock Quit: Expert, n.: Someone who comes from out of town and shows slides. 1135062538 J * danieldlp ~danieldlp@shell2.sea5.speakeasy.net 1135062550 N * danieldlp ddlp 1135062692 Q * Johnnie Remote host closed the connection 1135062695 Q * jayeola Read error: No route to host 1135062722 J * jayeola ~jayeola@host-87-74-46-211.bulldogdsl.com 1135065271 N * Smutje_ Smutje 1135068097 J * FEN_HIN ~JFOC@us.tcompressor.com 1135073449 Q * SiD3WiNDR Ping timeout: 480 seconds 1135073487 J * SiD3WiNDR luser@bastard-operator.from-hell.be 1135073798 N * Bertl_zZ Bertl 1135073810 M * Bertl morning folks! 1135073919 M * matti Hi Bertl. 1135073948 M * Bertl hey matti! how ru? 1135074010 M * matti Depends :) 1135074340 J * Duckx ~duckx@195.75.27.158 1135074434 J * DuckMaster ~duckx@195.75.27.158 1135074466 M * Bertl welcome DuckMaster! 1135074536 M * DuckMaster Hy bertl :) 1135074573 M * DuckMaster Just arrived from my ski weekend !!! 1135074596 M * DuckMaster I am full of power today ;) 1135074706 M * Bertl good to hear! so what about compiling and testing the 2.01 release? 1135074752 Q * shedi Quit: Leaving 1135074761 M * Duckx lol :) 1135074793 M * Duckx Well, I can't right now ... 1135074812 M * Duckx But tonight I got a bunch of admin stuff to do ... 1135074821 M * Duckx Ip migration and such ... 1135074838 M * Duckx So, well, one kernel could compile in background :) 1135074883 M * Duckx In a way .... 1135074887 M * Duckx I got to compile it .. 1135074907 M * Duckx We gonna put our vserver box on the backbone in one week or so ... 1135074917 M * Duckx 2.01 is the latest stable right ? 1135074921 P * DuckMaster Leaving 1135074924 M * Bertl yup 1135074954 M * Duckx Well, we are going to do some cleanup on the box before sending it ... 1135074966 M * Duckx So be shure it will be tested really soon :) 1135074976 M * Bertl excellent! 1135076277 J * Smutje_ ~Smutje@xdsl-87-78-63-202.netcologne.de 1135076385 Q * Smutje Ping timeout: 480 seconds 1135076529 N * Smutje_ Smutje 1135076654 T * Bertl http://linux-vserver.org/ | latest stable 2.01, 1.2.10, 1.2.11-rc1, devel 2.1.0 | util-vserver-0.30.209 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) 1135076663 M * Bertl 2.1.0 devel released! 1135076686 M * harry wiiiiiiiiiiiiii 1135076690 M * harry congratz Bertl ! 1135076704 M * Bertl thanx! 1135077228 M * Eyck yuppi 1135077245 M * Eyck I think we're very close to 1.2.12 now... 1135077322 M * Bertl yes, definitely! 1135077368 M * Eyck congratz! 1135077375 M * Bertl Eyck: everything is relative ... but maybe we should aim for 1.2.11 first :) 1135077394 M * Eyck good point, 1135077402 M * Eyck I had off-by-one error in memory 1135077412 M * Bertl np, I got what you meant ... 1135077503 M * Bertl .o( hmm, doesn't sound like an english sentence ...) 1135077849 M * Eyck sounds like one to me 1135077896 M * Bertl yes, really? well, something like "np, I did get what you mean" sounds better to me 1135077926 M * Bertl maybe the time stuff is wrong there too ... 1135078206 M * Eyck I like 'I got what you meant' better. 1135078261 M * Bertl okay, great! 1135078767 M * gdm "i got what you meant..." is good english, "I did get what you mean" is not 1135078777 M * Eyck gdm: :) 1135078846 Q * Duckx Ping timeout: 480 seconds 1135078867 J * Duckx ~duckx@195.75.27.158 1135078970 M * Bertl gdm: okay :) 1135079331 M * gdm :-) 1135079525 M * Bertl Hollow: still need some pointers to the devel tools ... 1135079552 M * Bertl btw, did anybody look at porting the patches to 2.6.15 yet? 1135079622 M * click how is the patch evolving with regards to grsecurity btw? 1135079643 M * Bertl not at all, as far as I know ... 1135079679 M * Bertl was hoping to get some rsbac/pax joined venture but nothing happened there either 1135079710 M * click hm, 2.6.15 out? 1135079713 M * click damn 1135079715 M * Bertl not yet 1135079725 M * click *phew* 1135079729 M * Bertl :) 1135079931 M * click hm, cleared out tons of channels i'm more or less totally inactive in, went from 36 channels down to 29 1135080006 M * Bertl and #vserver is still among them? 1135080027 M * Bertl (as soon to be cleared out or as active one? :) 1135080039 M * click active 1135080048 M * Bertl good! 1135080054 M * click removed channels that i felt is of no use for me 1135080107 M * Hollow Bertl: pointers? 1135080141 M * Bertl Hollow: well, if you like, then I'd put a version of your tools on the devel release page, no? 1135080153 M * Hollow ah, ic.. sure 1135080171 M * Hollow will do some release cleanup and upload a new tar, ok? 1135080188 M * Bertl that's fine, just let me know what and where (when you did that) 1135080194 M * Hollow oki 1135080203 M * Hollow ah.. 2.1.0 1135080215 M * Hollow changes since rc10? 1135080613 M * Bertl a few cleanups 1135080753 M * Bertl I will start to do changelogs for the sub-releases too 1135080769 M * Bertl (as it seems that lately are more folks interested in them) 1135081379 A * Hollow nods 1135082170 M * TheSeer * Bind Mount Extensions (for ro --bind mounts) 1135082186 M * TheSeer Bertl: does that mean i can do an read-only bind into a guest? 1135082191 M * TheSeer :-)) 1135082306 Q * balbir Quit: Leaving 1135082399 M * Bertl TheSeer: yes, that's one application 1135082493 M * TheSeer kewl :) 1135082498 M * TheSeer that'll be a reason to upgrade *g* 1135082516 M * Bertl keep in mind, 2.1.x is devel branch 1135082528 M * TheSeer hmm.. 1135082538 M * TheSeer darn ;) 1135082555 M * Bertl but the BME patches are also available for stable (as addon) 1135082556 M * TheSeer well.. can't be any worse then 2.6.11.5-vs1.9.5 1135082565 M * TheSeer ;) 1135082572 M * Bertl 1.9.x is also devel branch :) 1135082580 M * TheSeer that's why i said it *g* 1135082614 M * TheSeer and that version is running for .. uhm.. 63 days, 4:36 hours by now 1135082638 M * TheSeer looks like a good chance to upgrade 1135082646 M * Bertl :) 1135082661 M * TheSeer what's the latest kernel anyway? 1135082689 M * TheSeer hmm 1135082691 M * TheSeer 2.6.14.4 1135082697 M * jayeola yep 1135082711 M * TheSeer any important changes for the upcoming 2.6.15? 1135082715 M * jayeola i've got *.3 here but i'm happy with that 1135082736 M * TheSeer if i upgrade it would be kind of stupid if the 2.6.15 comes out next day ;); 1135082913 J * balbir ~balbir@59.145.136.1 1135082920 M * TheSeer hmm.. did they finially include a fix for the sata wakeup? 1135082921 M * Hollow Bertl: the patch on 13thfloor says rc11 ;) 1135082945 M * Bertl ah, really .. okay, tx 1135083163 N * lilo_ lilo 1135083275 M * Bertl Hollow: okay, fixed that ... 1135083309 M * Hollow ok, thanks, i added 2.1.0 to gentoo meanwhile 1135083309 M * Bertl Hollow: btw, as you probably read on the ML, folks are interested in doing (and testing) advanced monitoring 1135083324 M * Hollow yeah, i followed that thread 1135083343 M * Bertl IIRC, we were talking about something like entlink or relayfs some time ago 1135083348 M * Bertl *netlink 1135083376 M * Hollow yup, i remember 1135083388 M * Bertl so .. if you are interested in working on the userspace part here, we should arrange something with the folks willing to test ... 1135083422 M * Bertl (i.e. try to figure what kind of tools they attach and how to interface them) 1135083466 M * Hollow sure, but as i told some time ago, school is keeping me quite busy atm, though i'll spend some time on the userspace tools during christmas holidays i guess 1135083506 M * Bertl ah, well, no problem there, I don't expect it to happen this year 1135083543 M * Bertl nevertheless we should keep the topic hot ... 1135083570 M * Hollow yeah, sure, but i won't be busy from january till june so.. 1135083578 M * Hollow s/won't/will/ 1135084084 M * Loki|muh hi 1135084097 M * Loki|muh are there known problems with /dev/random and kernel-image-2.6.14.3-vs2.0.1-rc5.131205 1135084108 M * Loki|muh s/kernel-image-// 1135084139 M * Loki|muh urandom works but random not 1135084287 M * Bertl define 'does not work' 1135084306 M * Bertl my first guess would be that you depleted your entropy pool 1135084476 M * Loki|muh does not work = no output --> ssl not working 1135084503 M * Bertl -> entropy pool empty 1135084509 M * Loki|muh okay 1135084555 M * Bertl get some monkey to jump up and down on the keyboard ... 1135084588 M * Bertl or if you prefer a proper solution, add some plugin card which provides entropy 1135084613 M * Loki|muh lol 1135084629 M * Loki|muh hmmmm, is there another way? 1135084663 M * Loki|muh there is no keyboard at the machine 1135084681 M * Bertl that's probably one reason for the missing entropy 1135084714 M * Loki|muh thats funny 1135084814 M * Loki|muh so the only solution is: drive to the machine, plug in a keyboard, hammer the keyboard until the entropy pool is filled? 1135084839 M * Bertl well, no 1135084854 M * Bertl you get also some entropy from the (probably non attached) mouse 1135084862 M * Bertl and the network and disk interrupts 1135084889 M * Bertl so starting a ping on the server and to the server might also refill the pool, though usually slower 1135084928 M * Loki|muh . o O ( ping -f ) 1135084930 M * Loki|muh *g* 1135085091 M * Bertl btw, a sound card (for recording) in a data center (with a mic) is a good entropy source :) 1135085112 M * Bertl (unfortunately there is no direct linux-kernel support for that) 1135085508 M * Loki|muh http://pastebot.nd.edu/1153 <-- is this also explained by an empty entropy pool? 1135085546 M * Loki|muh the processes are running since the server is booted 2h 45mins ago 1135085562 M * Bertl could be ... 1135085571 M * Bertl if, for example, you created 10 guests 1135085580 M * Bertl and each of them is now 'generating' a host key 1135085595 M * Bertl (something which some distros do after installation) 1135085633 M * Loki|muh and I am wondering why the entropy pool is not filled because one of the vservers is a mail-satellit and has always > 50 connections at a time 1135085656 M * Loki|muh so the pool should be filled quickly i guess 1135085679 M * Bertl it's relative ... usually networking is considered a weak entropy source 1135085733 M * Bertl and, for example, to satisfy a key generation with strong keys, you have to type about a minute or so to get the required entropy 1135085755 M * Bertl I wonder if there is some kind of proc info on the pools by now 1135085825 M * Bertl cat /proc/sys/kernel/random/entropy_avail 1135085836 M * Bertl when it is full, then that will show 4096 1135085852 M * Loki|muh |>root@mx1:/etc/init.d # cat /proc/sys/kernel/random/entropy_avail 1135085852 M * Loki|muh |>39 1135085854 M * Loki|muh ;) 1135085868 M * Loki|muh oaky 1135085872 M * Bertl The file read_wakeup_threshold contains the number of bits of entropy required for waking up processes that sleep waiting for entropy from /dev/random. 1135085903 M * Bertl The file poolsize gives the size of the entropy pool. Normally, this will be 512 (bytes). It can be changed to any value for which an algorithm is available. Currently the choices are 32, 64, 128, 256, 512, 1024, 2048. 1135086048 M * Loki|muh so a machine with a lot of encryption done and nearly without disk-access and without mouse and keyboard is likely to run out of entropy? 1135086056 M * aba Loki|muh: yes 1135086083 M * aba Loki|muh: but there are ways to get more entropy into the system ... 1135086185 A * Bertl is listening ... 1135086249 M * aba hey, I'm not an entropy specialist. I know who might have some ideas ... 1135086374 M * aba well, you could e.g. add a webcam to the system :P 1135086516 M * aba and I was hinted to this patch: http://lwn.net/2001/0823/a/network-entropy.php3 1135086770 M * aba and another patch would be http://www.kernel.org/pub/linux/kernel/people/rml/netdev-random/ 1135086778 M * aba ok, is this enough now? :) 1135086814 M * Bertl ahem, well, the network entropy is in the kernel since ages 1135086826 M * Bertl (so nothing new there :) 1135086839 M * aba hey, I said "hinted to" :P 1135086982 M * Loki|muh i will take a look 1135087018 M * aba Loki|muh: please give feedback if something worked for you ... 1135087035 M * Loki|muh the only thing I'm wondering is, that there are 4 identically machines with the same services in the vservers with round-robin dns. And this is the only machine that has problems with /dev/random 1135087252 M * Bertl consider yourself lucky :) 1135087420 M * Loki|muh I think I will buy some hamster and connect the wheels to a mouse :D 1135087506 M * Bertl excellent approach, as long as you feed it well 1135088103 M * jayeola any centos users here? 1135088123 J * jeeves ~jeeves@c-24-11-171-10.hsd1.mi.comcast.net 1135088132 M * jeeves lo 1135088139 M * jayeola i say jeeves, old chap ;) 1135088158 M * Bertl welcome jeeves! 1135088202 M * jeeves Doh, my monocle fell out. 1135088333 M * Bertl how could that happen?! 1135088460 M * Bertl it seems that kernel folks try to define a new language ... now it's been the 6th or 7th time I read about 'propogation' and I still consider it wrong :) 1135088554 M * jeeves My monocle fell out when I was stuffing my pipe. 1135088580 M * jayeola right, i've got some errors:- http://pastebin.com/471611 1135088612 M * jayeola i'd like to think that it's a simple case of telling the vserver(?) where to grab the packages... 1135088619 M * jayeola have a look at line... 1135088642 M * Bertl hmm, wasn't the centos support added in 0.30.209? 1135088650 M * jayeola line 43 1135088689 M * jayeola um, i dunno. i'm such a noob with this that i'd thought it would be better to (try to) learn from first principles 1135088712 M * jayeola not sure that learning like this is such a good idea now :/ 1135088727 M * Bertl may I cite you? 1135088729 M * Bertl # 1135088729 M * Bertl # waaaaahhhhh! nothing's working! 1135088738 M * jayeola uh-huh :/ 1135088743 M * jeeves lol, thats a good sign. 1135088750 M * jayeola why? 1135088765 M * jayeola not working is *not* a good sign 1135088781 M * Bertl okay, centos folks will have a look at your issues I hope ... 1135088787 M * jayeola aha... 1135088803 M * Bertl (not sure there are any, though) 1135088853 M * jayeola yah, i -think- that it's a simple question of telling the (vserver?) where the mirror is. is the error saying ".... 1135088868 M * jayeola ... look buddy, tell me where to grab the packages from" 1135088871 M * Bertl you are using yum, right? 1135088896 M * jayeola yah 1135088911 M * Bertl did you make sure that you added the patches and such? 1135088931 M * jayeola yep. thetestme.sh script ran with no errors 1135088942 M * Bertl ahem, the patches for yum :) 1135088956 M * jayeola ah. was not aware that i required that... 1135088972 M * Bertl IIRC, yum is so broken that you cannot use it in a chroot or so 1135088984 M * Bertl and the maintainer is not willing to fix it 1135088998 M * jayeola right.... i was working from this guide.... http://linux-vserver.org/CentOS_HowTo 1135089010 M * jayeola which has not mentioned a patch for yum 1135089025 M * Bertl didn't the tools tell you that? 1135089036 M * Bertl IIRC, they contain a warning or so 1135089045 M * Bertl what tools do you use? 1135089063 M * jayeola hold up.... pasting.. 1135089114 M * jayeola http://pastebin.com/471618 1135089130 M * Loki|muh Bertl: what vserver-version would you recommend? still 2.0.1-rc5? 1135089142 M * jayeola yah 1135089150 M * Bertl Loki|muh: nope, 2.01 of course 1135089162 M * jayeola oh, sorry. ignore my last statement 1135089175 M * mnemoc oh, i missed the release 1135089189 M * Loki|muh mnemoc: same here ;) 1135089195 M * Bertl mnemoc: sorry that I didn't msg you in private .) 1135089203 M * mnemoc :) 1135089210 M * mnemoc Bertl: i forgive you, this time :) 1135089217 M * Bertl I know that ML subscriptions are for losers ... 1135089230 M * jayeola http://www.13thfloor.at/vserver/s_rel26/v2.01/patch-2.6.14.3-vs2.01.diff.bz2 and patch-2.6.14.3-vs2.01.diff.bz2 1135089243 M * mnemoc Bertl: i'm subscripted, but my mailbox is out of control :( 1135089253 M * jayeola also http://www.13thfloor.at/~ensc/util-vserver/files/alpha/util-vserver-0.30.209.tar.bz2 1135089280 M * jayeola like i said, the testme.sh script was run and all was well 1135089328 M * Bertl okay, just wondering, usually a vserver build -m yum ... spits out a warning if the yum is not patched 1135089330 M * jayeola output of ./testme.sh http://pastebin.com/471622 1135089463 M * jayeola i've not pacthed yum but replaced yum.conf with other packages as suggested by a centos_howto 1135089536 M * Bertl did you try first without modifying/changing anything? 1135089546 M * jayeola um no.... 1135089565 M * jayeola followed the guide blindly. will try that 1135089575 M * Bertl would suggest to do so ... 1135089588 M * jayeola yep - thanks for your time 1135089590 M * Bertl once that fails, you can always look into the workarounds 1135089612 M * jayeola roger that! 1135089987 J * comdata ~mertins@mx01.scheller.de 1135089995 M * comdata moin 1135090003 M * Bertl good morning comdata! 1135090035 M * comdata Bertl: morning is good, it's getting dark here again ;-) 1135090048 M * Bertl you did say moin :) 1135090085 M * comdata Bertl: you can always say moin here (where I am from) 1135090104 M * Bertl k, Netherlands? 1135090127 M * Bertl or more 'Werner' style 1135090147 M * comdata Bertl: http://de.wikipedia.org/wiki/Moin 1135090162 Q * balbir Quit: Leaving 1135090164 M * Bertl ah, East Frisia! 1135090164 M * comdata Bertl: northern germany 1135090174 M * comdata Bertl: mecklenburg 1135091469 Q * comdata Remote host closed the connection 1135091735 M * jeeves Do yum and yumex use the same cache directory? 1135091798 M * Bertl what's yumex? 1135091978 M * jeeves yum extender 1135091984 M * jeeves yum GUI 1135092023 M * Bertl aha, tx 1135092032 M * Eyck ha! I know how to build 2.4.9-e.27smp kernel! 1135092040 M * Eyck isn't it great? 1135092057 M * jeeves http://linux.rasmil.dk/cms/modules/dokuwiki/doku.php?id=yumex:yumex 1135092063 M * Bertl Eyck: excellent! 1135092076 M * jeeves Good job Eyck 1135092081 M * Bertl Eyck: I know we were missing that! 1135092665 M * Bertl Eyck: when will you have the 1.2.11 backport ready? 1135092816 A * mnemoc wonders about 2.4's quota patch 1135092830 Q * jayeola Quit: leaving 1135093041 M * Eyck Bertl: backport of what? 1135093046 M * Bertl mnemoc: why do you wonder about it? 1135093078 A * harry starting on a merge of vserver2.1 and grsec ... don't know what version yet :) 1135093088 M * Bertl Eyck: 1.2.11 to 2.4.9-e27 :) 1135093106 M * mnemoc Bertl: just to know what's it's future with 1.2 tree 1135093106 M * Bertl harry: good, keep me updated 1135093111 M * harry will do 1135093169 M * harry what will be the best approach 1135093177 M * harry first vserver patch, then grsec? or the other way around? 1135093187 M * Bertl we had both, hard to tell 1135093198 M * mnemoc harry: yes, first per-context. 1135093211 M * mnemoc harry: at least that how others merges were done 1135093245 M * harry per-context first? 1135093247 M * harry why's that? 1135093273 M * mnemoc to have per-ghost grsec 1135093278 M * mnemoc guest* 1135093306 M * harry 17:01:37 (11.32 MB/s) - `linux-2.6.14.4.tar.gz' saved [49072393] 1135093309 M * harry kinky :) 1135093350 M * harry mnemoc: /me will first try to port the latest grsec to 2.6.14.4 1135093364 M * harry then apply vserver patches and try to solve the errors 1135093380 A * harry never done it before... but there is a first time for everything 1135093417 M * mnemoc harry: it easier to start from a common version with an already available merge 1135093432 M * mnemoc harry: and apply the interdiffs later 1135093448 J * Smutje_ ~Smutje@xdsl-87-78-60-39.netcologne.de 1135093470 M * mnemoc harry: i did it once, but i loose the work on a former-employer server :\ 1135093477 M * Bertl harry: hmm, isn't grsec available for 2.6.14 by now? 1135093480 M * harry too bad... 1135093483 M * harry Bertl: yes 1135093486 M * harry for 2.6.14.3 1135093493 M * harry but the diff on that is minimal it seems 1135093499 M * Bertl so what 'porting do you have to do there for 2.6.14.4? 1135093511 M * harry only a small diff in Makefile 1135093512 M * mnemoc micro-version updates are always minimal 1135093517 M * harry uhu 1135093544 M * harry and... i'm not even gonna patch that! 1135093556 M * harry moehaha! since it will only confuse the vserver patch :) 1135093635 M * harry mnemoc: it doesn't seem all that much work at first sight... 1135093665 Q * Smutje Ping timeout: 480 seconds 1135093707 M * mnemoc harry: the problem is to keep them consistent, but the can coexist without trobules 1135093710 M * mnemoc they 1135093736 M * harry mnemoc: hmm... 1135093746 A * harry needs to learn a lot from this, it seems... 1135093783 M * harry vserver1:/devel/linux-2.6.14.4# find . -name "*.rej"|wc -l 1135093783 M * harry 27 1135093816 J * doctorzoidberg ~doctorzoi@adsl-ull-210-237.42-151.net24.it 1135093827 M * Bertl welcome doctorzoidberg! 1135093842 Q * jeeves Quit: dept. potluck mmmmmm 1135093868 M * doctorzoidberg hi, i have a problem with a vserver 1135093876 M * doctorzoidberg i installed gentoo with vserver sources 1135093890 M * doctorzoidberg and tried some exploit to check the security 1135093921 Q * ComplexHo Ping timeout: 480 seconds 1135093946 M * doctorzoidberg now, after trying the chroot exploit, i can't run _anything_ inside the vserver 1135093951 M * doctorzoidberg everything segfaults 1135093969 M * Bertl well, this means two things actually 1135093983 M * Bertl a) your guest was (for whatever reason) not protected 1135094006 M * Bertl b) the exploit did change the permissions of your root dir (inside the guest) 1135094030 M * Bertl where I'm not 100% sure on a) 1135094033 M * doctorzoidberg uhm 1135094051 M * doctorzoidberg i tried the exploit before and after setattr --barrier 1135094067 M * Bertl debian host? 1135094070 M * doctorzoidberg gentoo 1135094080 M * doctorzoidberg with vserver-sources 1135094085 M * Bertl just checking ... 1135094098 M * doctorzoidberg drwxr-xr-x 17 root root 408 Oct 19 18:12 doctorzoidberg 1135094109 M * doctorzoidberg and this are the permissions of /vserver/doctorzoidberg 1135094201 M * Bertl let's do: ls -lda /{,vserver} /vserver/doctorzoidberg 1135094224 M * Bertl and showattr -d /{,vserver} /vserver/doctorzoidberg 1135094240 M * doctorzoidberg matrioska vservers # ls -lda /{,vservers} /vservers/doctorzoidberg 1135094241 M * doctorzoidberg drwxr-xr-x 20 root root 464 Dec 19 18:45 / 1135094241 M * doctorzoidberg drwxr-xr-x 6 root root 128 Dec 20 11:28 /vservers 1135094241 M * doctorzoidberg drwxr-xr-x 17 root root 408 Oct 19 18:12 /vservers/doctorzoidberg 1135094262 M * doctorzoidberg ---bui- / 1135094262 M * doctorzoidberg ---Bui- /vservers 1135094262 M * doctorzoidberg ---bui- /vservers/doctorzoidber 1135094310 M * doctorzoidberg ah, and after about 30 secs that the vserver is started, it is killed by something 1135094409 M * doctorzoidberg matrioska vservers # vserver doctorzoidberg start 1135094409 M * doctorzoidberg matrioska vservers # vserver doctorzoidberg enter 1135094409 M * doctorzoidberg tribolus / # Killed 1135094409 M * doctorzoidberg matrioska vservers # 1135094413 M * Bertl interesting ... 1135094502 M * _Roey HI 1135094505 M * _Roey hey Bertl 1135094509 M * _Roey zoidberg 1135094511 M * Bertl doctorzoidberg: which exploit was it? 1135094519 M * Bertl welcome _Roey! 1135094523 M * _Roey Bertl: hey!!! 1135094524 M * doctorzoidberg Bertl, wait, i put the source on nopaste 1135094561 M * _Roey Bertl: hey listen, I can't get this networking thing working -- I did vserver mail enter; ok, fine, it that worked; next, I tried pinging something. That didn't work. I have set this vserver's IP to be different from the master's IP, btw. 1135094570 M * doctorzoidberg http://rafb.net/paste/results/h6ALH341.html 1135094602 M * Bertl _Roey: care to share some details about versions? 1135094605 M * _Roey oh, sure! 1135094613 M * _Roey Bertl: well first off I've ifenslaved eth0 and eth1 into bond0 1135094639 M * _Roey Bertl: I'm using vserver 0.30.204 1135094652 M * _Roey katzr@sink2:/etc/vservers/mail$ uname -a 1135094652 M * _Roey Linux sink2 2.6.14.3-vs2.0.1-rc5 #1 SMP PREEMPT Tue Dec 13 12:22:10 EST 2005 i686 GNU/Linux 1135094664 M * Bertl doctorzoidberg: that can not harm anything IMHO 1135094676 M * harry Bertl: a sucky situation... 1135094681 M * doctorzoidberg Bertl, I know, it's just a small exploit to break chroot 1135094682 M * harry - static int chown_common(struct dentry * dentry, uid_t user, gid_t group) 1135094687 M * harry + static int chown_common(struct dentry *dentry, struct vfsmount *mnt, 1135094687 M * harry + uid_t user, gid_t group) 1135094688 M * doctorzoidberg but......segfaults everything 1135094690 M * _Roey katzr@sink2:/etc/vservers/mail$ sudo ifenslave --version 1135094690 M * _Roey ifenslave.c:v1.1.0 (December 1, 2003) 1135094695 M * harry that's what your patch says... 1135094700 M * harry static int chown_common(struct dentry * dentry, uid_t user, gid_t group, struct vfsmount *mnt) 1135094706 M * harry that's what grsec allready did 1135094716 M * Bertl _Roey: you should update the tools (and 2.01 is released too) 1135094719 M * harry which makes it sucky for all calls to that function 1135094743 M * Bertl _Roey: nevertheless, I assume your 'issues' reside somewhere else ... let's try 1135094759 M * Bertl _Roey: 'ping -c 2 -I www.google.com' 1135094772 M * Bertl _Roey: if that fails, then your guest cannot reach the outside 1135094806 M * Bertl harry: well, some patches do similar, you have to satisfy both worlds ... 1135094813 M * _Roey Bertl: wellll I can't ping outside of the vserver. 1135094827 M * _Roey Bertl: for example, I can't reach any IP outside of the vserver. 1135094834 M * _Roey (iP on my local net that is) 1135094835 M * Bertl _Roey: that ping is supposed to be executed on the host 1135094843 M * _Roey ok one sec. 1135094854 M * harry Bertl: it makes more sense to add your own stuff at the end of a function definition 1135094865 M * doctorzoidberg Bertl, any idea for my problem ? 1135094879 M * Bertl harry: as long as it works, do whatever sounds good ... 1135094885 M * _Roey katzr@sink2:/etc/vservers/mail$ sudo ping -c 2 -I bond0 192.168.5.141 1135094885 M * _Roey bad interface address 'bond0' 1135094894 M * Bertl doctorzoidberg: no, I assume that something different failed ... 1135094897 M * doctorzoidberg um 1135094911 M * Bertl _Roey: I said nothing about bond0 1135094913 M * doctorzoidberg i'll try doing another vserver and relaunching the exploit 1135094918 M * _Roey Bertl: but -I takes an interface. 1135094928 M * Bertl _Roey: sudo ping -c 2 -I 192.168.5.141 www.google.com 1135094941 M * Bertl (if 192.168.5.141 is the guest ip) 1135094956 M * _Roey katzr@sink2:/etc/vservers/mail$ sudo ping -c 2 -I 192.168.5.141 www.google.com 1135094956 M * _Roey can't set multicast source interface: Cannot assign requested address 1135094966 M * _Roey 141 is the guest; 140 is the host 1135094975 M * Bertl then try with 140 1135095029 M * Bertl doctorzoidberg: is there a possibility that something else did happen and you just see a coincidence? 1135095042 M * doctorzoidberg Bertl, a coincidence on TWO vservers ? 1135095048 M * doctorzoidberg i'll try on a 3rd one 1135095061 M * _Roey katzr@sink2:/etc/vservers/mail$ sudo ping -c 2 -I 192.168.5.140 www.google.com 1135095061 M * _Roey PING www.l.google.com (64.233.161.147): 56 data bytes 1135095061 M * _Roey 64 bytes from 64.233.161.147: icmp_seq=0 ttl=245 time=9.3 ms 1135095061 M * _Roey 64 bytes from 64.233.161.147: icmp_seq=1 ttl=246 time=9.0 ms 1135095078 M * Bertl doctorzoidberg: well, I can compile and run it here (inside a guest) but I doubt that it will do any harm 1135095098 M * Bertl _Roey: so, here is your issue, it works for the host ip, but fails for the guest ip 1135095119 M * doctorzoidberg i'm building the new vserver 1135095126 M * Bertl _Roey: if you want the guest to reach the internet, you ahve to make it work for the guest ip too 1135095251 M * _Roey ok 1135095253 M * _Roey one sec 1135095344 M * _Roey Bertl: ok. 1135095352 M * _Roey Bertl: gotta run for a sec; I'll be back, ok? 1135095361 M * Bertl sure, cya! 1135095365 M * _Roey =) 1135095367 M * _Roey this is great. 1135095370 M * _Roey finally I got bonding to work! 1135095373 M * _Roey arggghgh :) 1135095387 M * _Roey I've been trying with the wrong package by accident (ifenslave-2.4 vs. ifenslave-2.6) 1135096025 M * Bertl okay, off for dinner, back shortly ... 1135096034 N * Bertl Bertl_oO 1135096172 J * stefani ~stefani@superquan.apl.washington.edu 1135096887 N * Bertl_oO Bertl 1135096892 M * Bertl hey stefani! 1135096935 M * harry halfway there!!! 1135096954 N * Smutje_ smutje 1135097215 M * stefani Bertl: hello. 1135097287 J * ComplexHo ~ComplexHo@cpc1-brig3-6-0-cust194.brig.cable.ntl.com 1135097373 M * harry vserver1:/devel/linux-2.6.14.4# find . -name "*.rej"|wc -l 1135097375 M * harry 11 1135097376 M * harry wiiiiiiiiiii :) 1135097421 M * doctorzoidberg Bertl, it seems that it was a strange coincidence 1135097883 Q * Doener Read error: Connection reset by peer 1135097909 M * Bertl welcome ComplexHo! 1135097918 M * Bertl doctorzoidberg: good! 1135097921 J * Doener doener@i5387F3DE.versanet.de 1135097929 M * doctorzoidberg Bertl, but it's fscking ODD 1135098787 M * Loki|muh Bertl: is 2.01 incompatible with some util-vserver releases? (eg 208?) 1135098799 M * Bertl not that I know of 1135098799 M * Loki|muh chbind: vc_set_ipv4root(): Invalid argument 1135098807 M * Loki|muh when I try to start a vserver 1135098808 M * harry KERN_VSHELPER=71, /* string: path to vshelper policy agent */ 1135098809 M * harry KERN_GRSECURITY=71, /* grsecurity */ 1135098814 M * harry hmmm... that's not gonna work... ;) 1135098839 M * harry what does that number do exactly? 1135098840 M * Bertl you did not set certain kernel configs either 1135098858 M * Bertl harry: this is an unique number, so just increment it 1135098879 M * harry thought so :) 1135098967 M * Loki|muh oh, found some messages on the mailinglist 1135098968 M * harry ./include/asm-i386/elf.h... need to think about that one.. 1135099049 M * Bertl Loki|muh: the following was for you: you did not set certain kernel configs 1135099075 M * Loki|muh yeah, I figured it out 1135099082 J * shedi ~siggi@inferno.lhi.is 1135099095 M * Loki|muh I misunterstood the dynamic contexts kernel option 1135099102 M * Loki|muh I think 1135099116 M * harry #define ELF_ET_DYN_BASE ((current->mm->pax_flags & MF_PAX_SEGMEXEC) ? SEGMEXEC_TASK_SIZE/3*2 : (TASK_UNMAPPED_BASE) * 2) 1135099137 A * harry will need a SEGMEXEC_TASK_UNMAPPED_BASE too i guess 1135099165 M * harry but... where... and what 1135099418 M * harry Bertl: need your help on this one... 1135099437 M * Bertl what does the SEGMEXEC_TASK_UNMAPPED_BASE do? 1135099471 M * harry nothing yet 1135099480 M * Bertl aha ... 1135099486 M * Bertl how can I help then? 1135099492 M * harry well... 1135099495 M * harry what does it have to be 1135099519 M * harry #ifdef CONFIG_PAX_SEGMEXEC 1135099520 M * harry #define ELF_ET_DYN_BASE ((current->mm->pax_flags & MF_PAX_SEGMEXEC) ? SEGMEXEC_TASK_SIZE/3*2 : (TASK_UNMAPPED_BASE) * 2) 1135099522 M * harry #else 1135099525 M * harry #define ELF_ET_DYN_BASE ((TASK_UNMAPPED_BASE) * 2) 1135099526 M * harry that's what grsec made... 1135099528 M * harry #endif 1135099530 M * harry - #define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2) 1135099534 M * harry + #define ELF_ET_DYN_BASE ((TASK_UNMAPPED_BASE) * 2) 1135099537 M * harry that's the vserver patch 1135099565 M * harry i allready changed the TASK_SIZE / 3 with (TASK_UNMAPPED_BASE) 1135099571 M * harry but SEGMEXEC_TASK_SIZE/3*2 ==> ??? 1135099589 M * Bertl okay, what does SEGMEXEC_TASK_SIZE do? 1135099599 M * Bertl (i.e. what is it?) 1135099624 M * harry #define SEGMEXEC_TASK_SIZE ((PAGE_OFFSET) / 2) 1135099665 M * Bertl no, not the define, what is it's purpose? 1135099684 M * harry don't know yet 1135099831 A * harry will try page.h now... 1135100137 J * comfrey ~comfrey@peoples.coop 1135100311 M * Bertl welcome comfrey! 1135100324 M * comfrey sup Bertl ? 1135100333 M * comfrey hows it hangin'? 1135100401 M * mnemoc o.o 1135100480 M * Bertl comfrey: 2.01 and 2.1.0, everything hangin' fine :) 1135100536 M * comfrey sweet 1135100544 M * harry hmmmmmm... 1135100547 M * harry this is weird!!!!! 1135100560 M * harry processor.h says: 1135100563 M * harry #ifdef CONFIG_PAX_SEGMEXEC 1135100563 M * harry #define ELF_ET_DYN_BASE ((current->mm->pax_flags & MF_PAX_SEGMEXEC) ? SEGMEXEC_TASK_SIZE/3*2 : (TASK_UNMAPPED_BASE) * 2) 1135100566 M * harry #else 1135100568 M * harry #define ELF_ET_DYN_BASE ((TASK_UNMAPPED_BASE) * 2) 1135100571 M * harry #endif 1135100584 M * harry sry... elf.h says that 1135100588 M * harry processor.h says: 1135100589 M * harry #ifdef CONFIG_PAX_SEGMEXEC 1135100590 M * harry #define ELF_ET_DYN_BASE ((current->mm->pax_flags & MF_PAX_SEGMEXEC) ? SEGMEXEC_TASK_SIZE/3*2 : (TASK_UNMAPPED_BASE) * 2) 1135100593 M * harry #else 1135100595 M * harry #define ELF_ET_DYN_BASE ((TASK_UNMAPPED_BASE) * 2) 1135100598 M * harry #endif 1135100598 M * harry hmmmm... /me not gooooooooooo 1135100600 M * harry damn! 1135100624 M * harry processor.h: 1135100626 M * harry #ifdef CONFIG_PAX_SEGMEXEC 1135100626 M * harry #define TASK_UNMAPPED_BASE (PAGE_ALIGN((current->mm->pax_flags & MF_PAX_SEGMEXEC) ? SEGMEXEC_TASK_SIZE/3 : TASK_SIZE/3)) 1135100629 M * harry #else 1135100632 M * harry #define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3)) 1135100634 M * harry #endif 1135100637 M * harry elf.h: 1135100642 M * harry #ifdef CONFIG_PAX_SEGMEXEC 1135100643 M * harry #define ELF_ET_DYN_BASE ((current->mm->pax_flags & MF_PAX_SEGMEXEC) ? SEGMEXEC_TASK_SIZE/3*2 : (TASK_UNMAPPED_BASE) * 2) 1135100646 M * harry #else 1135100647 M * harry that's correct now :) 1135100649 M * harry #define ELF_ET_DYN_BASE ((TASK_UNMAPPED_BASE) * 2) 1135100652 M * harry #endif 1135100658 M * Bertl ahem, harry, you know there is pastebin? 1135100678 M * harry hmm.. yeah, sry 1135100681 M * matti ;-p 1135100711 M * Bertl some of them even let you edit the entry :) 1135100785 M * Bertl well, I don't want to be in your shoes (regarding the addresses), you ahve to figure what they precisely mean, and then you can 'adjust' them properly 1135101034 M * Kara_ evenin' all 1135101046 M * Bertl evening Kara_! 1135101051 J * menomc ~amery@200.75.27.120 1135101058 M * Bertl wb menomc! 1135101096 M * menomc thanks Bertl 1135101097 M * menomc :) 1135101111 M * Kara_ Bertl - i have a couple of vservers running and inside of them gameservers. they all show up as a user from my hostsystem at vtop. am i doing something wrong? 1135101139 M * Bertl why do you think so? 1135101155 M * Kara_ it looks kinda wrong to me, though they are all running fine 1135101159 Q * mnemoc Ping timeout: 480 seconds 1135101159 N * menomc mnemoc 1135101172 M * Bertl Kara_: check with vps (which also lists the context) 1135101189 M * Bertl Kara_: vtop is not really aware of contexts 1135101222 M * Kara_ vps looks fine. thanks :) you saved my night ^^ 1135101232 M * Bertl excellent! have fun! 1135101237 M * Kara_ same to you :) 1135101239 M * Bertl off for now .. back later ... 1135101245 N * Bertl Bertl_oO 1135101247 M * Kara_ byebye 1135101252 M * harry http://pastebin.com/471906 1135101256 M * harry for those who are interested 1135101956 Q * doctorzoidberg Quit: Leaving 1135102354 M * harry okaaaaaaay 1135102355 M * harry done! 1135102364 M * harry now..w 1135102372 M * harry tester volunteers? 1135102379 M * harry i'm gonna build/run it tomorrow 1135102752 M * harry for those interested: http://harry.ulyssis.org/patch-2.6.14.4-vs2.1.0-grsec2.1.7.diff.gz 1135104230 Q * emp Quit: This computer has gone to sleep 1135104262 J * emp ~emp@70.57.239.35 1135104307 Q * emp Quit: 1135104477 M * michal_ http://www.securityfocus.com/columnists/375 1135104481 M * michal_ interesting article 1135105161 N * smutje Smutje 1135105794 P * matti 8-X 1135106081 M * harry patch fixed... 1135107066 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il 1135107628 J * matti matti@linux.gentoo.pl 1135107668 Q * shedi Quit: Leaving 1135109087 J * Johnnie ~jdlewis@acs-24-154-53-16.zoominternet.net 1135110179 J * steinpt ~steinpt@17.84-48-64.nextgentel.com 1135110309 M * steinpt It is possible to build RHEL4 guests, isn't it...? 1135110508 M * mnemoc you can make guests of any linux distribution available.... with more or less pain 1135110537 M * steinpt Any howtos on this? 1135110585 M * steinpt Especially the build command? 1135110665 M * Kara_ do you have a place to install your RHEL4 to have a base system to use inside your vserver? 1135110665 J * meandtheshell ~itsmethem@85-124-9-174.dynamic.xdsl-line.inode.at 1135110751 P * stefani I'm Parting (the water) 1135110752 M * steinpt Hmmm... Can I use a vmware session? 1135110769 Q * comfrey Ping timeout: 480 seconds 1135110806 M * Kara_ never tried that one, but i guess it would do 1135110890 M * steinpt I'll set up samba so that I can mount the RHEL vmware root system... 1135110957 M * Kara_ I use something like that to build a plain skeleton. after building it, I copy the desired data into it and chixd it. Maybe it works for you. 1135110961 M * Kara_ vserver test build -m skeleton --hostname test --interface eth0:192.168.1.25 --context 20 --initstyle plain 1135111064 M * steinpt Brilliant. Thx Kara, I'll give it a shot! 1135111089 M * Kara_ gl 1135111093 M * daniel_hozac steinpt: if you copy the RPMs and create a repo for it, using the CentOS 4.2 files should do. 1135111217 M * steinpt daniel_hozac: I have the ISO's here. OK. I'll look up the repo and CeonOS bit. As you probably understand, Im a newbie... :) 1135111421 N * Bertl_oO Bertl 1135111424 M * Bertl evening folks! 1135111435 M * meandtheshell Bertl: hi 1135111444 M * daniel_hozac evening! 1135111450 M * Kara_ hi Bertl 1135111617 M * Bertl steinpt: hmm, migrating vmware to linux-vserver? 1135111876 M * steinpt Bertl: Yeah, for some reason i dislike running Linux under vmware on _linux_... Personal dislike and probably a bit stupid, but... :) 1135111904 M * mnemoc i dislike vmware anywhere 1135112016 M * steinpt I work as a tech presale, and for demonstration purposes I need to show off windows SW, and for that VMWare is perfect... 1135112074 M * steinpt But for running our Linux SW, I would like to show it running unmodified on my Ubuntu box, so ... vservers, I though Id give it a shot. 1135112181 M * Bertl steinpt: good idea ... 1135112201 M * Bertl steinpt: what filesystem do you use inside vmware? 1135112244 M * steinpt ext3 I think 1135112260 M * Bertl might be actually very simple to copy that 1135112274 M * steinpt OK? 1135112276 M * Bertl (if you have a vmware on the machine) 1135112288 M * Bertl ext2/3 supports dump/restore 1135112301 M * Bertl it is quite easy to setup networking to the vmware machine 1135112306 M * steinpt I do, but I just scrapped my RHEL installation... So I have to reinstall it. 1135112319 M * Bertl so you basically would do something like: 1135112340 M * Bertl ssh root@vmware "dump 0zf - / " | restore rf - 1135112365 M * Bertl (given that you are in the directory where you want the guest contents to go) 1135112377 M * steinpt yep 1135112398 M * Bertl and it will copy the entire installation (assumed that it was on a single partition) 1135112403 M * steinpt Yes 1135112440 M * steinpt can i do a plain scp? 1135112454 M * Bertl will probably break a lot of things 1135112460 M * steinpt k 1135112485 M * Bertl hard links and symbolic links are not handled properly by scp 1135112503 M * steinpt Yeah, true 1135112602 M * steinpt So if I'm able to copy the files out of the vmware session, how to I get from there to a vserver? Short version...? Ill do some googling from here. :) 1135112621 M * Bertl it's quite easy, we have even a howto for that, IIRC 1135112623 M * Kara_ g'night everybody 1135112631 M * Bertl good night Kara_! 1135112638 M * steinpt night Kara 1135112652 M * steinpt You wouldn't have a link... 1135112653 M * Bertl steinpt: basically you remove the /dev and replace it by a reduced version 1135112676 M * Bertl (you get one by doing 'vserver build -m skeleton ...' 1135112698 M * Bertl which you should do anyway, because it also happens to create the guest config) 1135112704 M * steinpt Ah, ok. The skeleton part. Thx Bertl, I'll look it up. 1135112781 M * Bertl http://linux-vserver.org/VirtualizeHowto 1135112827 M * Bertl and here for the tools: 1135112832 M * Bertl http://linux-vserver.org/alpha+util-vserver 1135112895 J * comfrey ~comfrey@h-64-105-87-234.sttnwaho.covad.net 1135112938 M * steinpt Excellent. Thx again! 1135113452 M * Bertl you're welcome! 1135113544 Q * comfrey Ping timeout: 480 seconds 1135115734 M * steinpt Bertl? that dump restore command you gave me fails with "root directory is not on tape" and some expected "next file 442369, got 13" stuff... 1135115740 M * steinpt Any ideas? 1135115779 M * Bertl you sure your filesystem (in the vmware) is okay? 1135115803 M * Bertl because this usually happens when the filesystem is inconsistant 1135115816 M * steinpt should be, it is newly installed... In LVM,tho 1135115869 M * Bertl what does df show inside the vmware? 1135115915 J * comfrey ~comfrey@h-64-105-87-234.sttnwaho.covad.net 1135115927 M * steinpt Filesystem 1K-blocks Used Available Use% Mounted on 1135115927 M * steinpt /dev/mapper/VolGroup00-LogVol00 1135115927 M * steinpt 3451040 906020 2369712 28% / 1135115927 M * steinpt /dev/sda1 101086 9207 86660 10% /boot 1135115927 M * steinpt none 127988 0 127988 0% /dev/shm 1135115969 M * Bertl looks fine 1135116007 M * Bertl what dump versions? 1135116007 M * steinpt I 'dump'ed to a file, scp'd it over and tried a restore... Same error... 1135116041 M * steinpt I know, shouldnt be different, but... 1135116115 M * steinpt restore 0.4b37 on host, and dump 0.4b39 in vmware... OK 1135116127 M * steinpt Lemme see if I can correct that. Thx 1135116147 M * Bertl well, I do this kind of 'transport'/backup almost every day, and the only few cases where I saw something like this were: 1135116165 M * Bertl - once there was a broken restore (vers 1.32 IIRC) 1135116192 M * Bertl - when the filesystem which is dumped is inconsistant (i.e. e2fsck would fix it) 1135116209 M * Bertl - when the disk space in /var is smaller than the largest file in the dump 1135116282 M * steinpt ok. I'll try the obvious first, get same version on both. 1135116817 M * Eyck xfsdump/xfsrestore works flawlesly... btw ( but you can't shrink you filesystem:( - just a metter of priorities) 1135116902 M * steinpt OK, got the filesystem over from vmware to my skeleton created vserver. and swapped out the dev directory... Should I just try to start the vserver 1135116906 M * steinpt ? 1135116931 M * Bertl yeah, will probably give a few error messages, but should work 1135116967 M * Bertl (any hardware access attempt will fail) 1135117060 M * _Roey Speaker: "And the winner is ... Number 3, in a quantum finish." 1135117060 M * _Roey Farnsworth: "No fair! You changed the outcome by measuring it!" 1135117088 M * Bertl lol 1135117112 M * steinpt OK. I used "vserver test build -m skeleton --hostname test --interface eth0:192.168.2.10" 1135117134 M * steinpt and a "vserver test start" gives me: 1135117180 M * steinpt vserver test start 1135117180 M * steinpt No command given; use '--help' for more information. 1135117180 M * steinpt An error occured while executing the vserver startup sequence; when 1135117180 M * steinpt there are no other messages, it is very likely that the init-script 1135117180 M * steinpt () failed. 1135117181 M * steinpt Common causes are: 1135117183 M * steinpt * /etc/rc.d/rc on Fedora Core 1 and RH9 fails always; the 'apt-rpm' build 1135117185 M * steinpt method knows how to deal with this, but on existing installations, 1135117187 M * steinpt appending 'true' to this file will help. 1135117189 M * steinpt Failed to start vserver 'test' 1135117197 M * daniel_hozac is /vservers/test populated? 1135117197 M * steinpt it is "vserver test start" isnt it? 1135117207 M * _Roey When we hit that bullseye, all the dominoes will fall like a house of cards. Checkmate. 1135117236 M * Bertl steinpt: let's check a few things here first 1135117256 M * Bertl steinpt: a) where did you restore the guest to? 1135117285 M * Bertl b) what kernel/tool version do you use? 1135117298 M * steinpt /var/lib/vservers/test/ 1135117317 M * Bertl nice, why do the tools look in /vservers/test ? 1135117354 M * Bertl (check pathes with vserver-info - SYSINFO ) 1135117362 M * steinpt ubuntu 2.6.12.11 from uniklu 1135117390 M * Bertl well, if it is as broken as debian, I'm not really surprised :) 1135117396 M * steinpt vserver-info - SYSINFO 1135117396 M * steinpt Versions: 1135117396 M * steinpt Kernel: 2.6.12-11-686 1135117396 M * steinpt VS-API: 0x00020001 1135117396 M * steinpt util-vserver: 0.30.208; Nov 29 2005, 07:15:31 1135117397 M * steinpt Features: 1135117398 M * steinpt CC: gcc, gcc (GCC) 4.0.2 20050808 (prerelease) (Ubuntu 4.0.1-4ubuntu9) 1135117400 M * steinpt CXX: g++, g++ (GCC) 4.0.2 20050808 (prerelease) (Ubuntu 4.0.1-4ubuntu9) 1135117402 M * steinpt CPPFLAGS: '' 1135117404 M * steinpt CFLAGS: '-Wall -g -O2 -std=c99 -Wall -pedantic -W -funit-at-a-time' 1135117406 M * steinpt CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W -fmessage-length=0 -funit-at-a-time' 1135117408 M * steinpt build/host: i486-pc-linux-gnu/i486-pc-linux-gnu 1135117410 M * steinpt Use dietlibc: yes 1135117414 M * steinpt Build C++ programs: yes 1135117416 M * steinpt Build C99 programs: yes 1135117418 M * steinpt Available APIs: compat,v11,v13,fscompat,net,oldproc,olduts 1135117420 M * steinpt ext2fs Source: e2fsprogs 1135117422 M * steinpt syscall(2) invocation: alternative 1135117424 M * steinpt vserver(2) syscall#: 273/alternative 1135117426 M * steinpt Paths: 1135117428 M * steinpt prefix: /usr 1135117430 M * steinpt sysconf-Directory: /etc 1135117432 M * steinpt cfg-Directory: /etc/vservers 1135117434 M * steinpt initrd-Directory: $(sysconfdir)/init.d 1135117435 M * Bertl I said, check, not paste :) 1135117436 M * steinpt pkgstate-Directory: /var/run/vservers 1135117438 M * steinpt Kernelheaders: /usr/src/linux/include 1135117440 M * steinpt vserver-Rootdir: /var/lib/vservers 1135117446 M * steinpt lol 1135117463 M * Hunger again pleeeease 1135117465 M * Hunger :P 1135117466 M * steinpt Oh, rushed a bit there, I guess.. :) 1135117468 M * Bertl and one of the basic rules here is: everything above 3 lines goes to pastebin 1135117469 M * steinpt Sorry all 1135117526 M * Doener phew, glad i had no audible alert on #vserver action :) 1135117542 M * Bertl lucky you! 1135117556 A * steinpt blushes and hides in a corner 1135117618 M * Bertl okay, so probably the script is right, and the rc script is broken 1135117640 M * Bertl steinpt: move the guest dir to something like test_backup 1135117653 M * Bertl steinpt: then create a new 'test' guest like this: 1135117702 M * Bertl vserver test build -m skeleton --force --hostname test --context 42 --interface hansi=eth0:192.168.2.10/24 1135117730 M * Bertl oops forgot an option 1135117753 M * Bertl vserver test build -m skeleton --force --hostname test --initstyle plain --context 42 --interface hansi=eth0:192.168.2.10/24 1135117766 M * Bertl (you can repeat that as often as you like) 1135117776 M * steinpt ok 1135117778 M * steinpt done 1135117787 M * Bertl now swap the directories 1135117803 M * Bertl mv /var/lib/vservers/test /var/lib/vservers/test.new 1135117811 M * Bertl mv /var/lib/vservers/test.backup /var/lib/vservers/test 1135117823 M * steinpt done 1135117832 M * Bertl now try to start the guest 1135117848 M * steinpt Wahey! 1135117855 M * steinpt no errors at least! 1135117865 M * Bertl check if it is running with vserver-stat 1135117878 M * Bertl (very likely it is) 1135117879 M * steinpt 42 1 1.6M 600K 0m07s77 0m17s42 0m29s52 test 1135117886 M * steinpt looks that way 1135117889 M * Bertl now enter it with 'vserver test enter' 1135117899 M * Bertl and look around, if everything is fine 1135117908 M * steinpt so cool! 1135117911 M * steinpt Looks good 1135117986 M * Bertl okay, now use chkconfig (you said redhat, right?) to remove all services you do not need 1135118023 M * Bertl (you do not need any hardware related services, like hwclock, partition stuff and random) 1135118074 M * steinpt Hmmm, looks like the dump/restore didn't properly do my links... /etc/init.d is missing... 1135118130 M * Bertl check, maybe it's missing in the original too :) 1135118154 M * steinpt It's there... 1135118186 M * steinpt OK, Lemme fiddle aout a bit... Thx, I really appreciate this! 1135118208 M * Bertl you're welcome! 1135118475 M * steinpt Quick question, should /proc be empty? 1135118490 M * Bertl when the guest is stopped, yes 1135118500 M * steinpt k 1135118502 M * Bertl when it is running, then the procfs will be mounted there 1135118532 M * steinpt so basically, i should copy over the /proc directory from vmware 1135118534 J * jayeola ~jayeola@host-87-74-46-211.bulldogdsl.com 1135118539 M * jayeola hello chaps 1135118543 M * steinpt shouldnt 1135118549 M * Bertl steinpt: the directory, but not the contents 1135118563 M * steinpt k 1135118688 M * Loki|muh aba: http://www.mail-archive.com/hints@linuxfromscratch.org/msg00057.html <-- is a little bit outdated but seems to be a nice conclusion on how to generate random without mouse/keyboard 1135118838 M * Bertl as I said, an audio card is probably the best choice :) 1135118864 M * Bertl but I didn't know that there is a daemon for sampling that 1135118898 M * Loki|muh I didn't know neither 1135118965 M * Loki|muh but it's very interesting, the machines with 2.6.11-rc5-vs1.9.4.8 are stable around 3627 and the machines with jerk around 257 1135118990 M * Loki|muh with 2.6.14.4-vs2.1.0 for the second 1135119034 M * Bertl maybe somebody is doing cryptography there? 1135119071 M * Bertl (could even be some ip randomizations) 1135119308 M * steinpt absolutely beautiful! Thx Bertl and others. This is just what I needed! 1135119323 M * Bertl great! 1135119341 M * Bertl steinpt: feel free to hang around and/or add yourself to the page of happy users ... 1135119390 M * steinpt I will definitely do that! Where is the happy user page? 1135119407 M * Bertl http://linux-vserver.org/VServer+Users 1135119447 M * Bertl most users are providers, but they have their own page 1135119552 M * steinpt OK, off to bed! Thx again all. Seeya 1135119561 M * Bertl cya! good night! 1135119576 Q * steinpt Quit: Leaving 1135119743 M * Loki|muh never thought that reading mailingslists about kernel-development could be so entertaining :) 1135119900 M * michal_ yeah, it is 1135119929 M * michal_ hm, i was maitaning some randomisation patch too 1135119939 M * michal_ mayby i will make it alive once again 1135119992 M * michal_ Bertl: what kind of ip randomisation are you talking about ? 1135120052 M * Bertl michal_: just remembered that the networking folks did discuss this recently (i.e. a few month ago) so it might be in mainstream by now 1135120067 M * Loki|muh interesting is that there were some issues on ia64 with /dev/random at 2.6.12-rc1 1135120088 M * michal_ Bertl: have some more information ? a link mayby 1135120122 M * Bertl michal_: no, sorry, but google should find it, I'd say 1135120136 M * michal_ i was doing a patch that was derriving entropy from irq calls of network cards 1135120149 M * michal_ maintaining at after robert love 1135120152 M * Bertl that should be in mainline by now 1135120160 M * michal_ that's great news 1135120183 M * michal_ i have lost a chance to be mentioned but ok 1135120211 M * Bertl well, no idea _what_ implementation and if it is really there 1135120228 M * michal_ lookng now... 1135120256 M * michal_ ip randomization ? sounds like one of grsec features 1135120367 M * michal_ i know that man who was trying to get it into.. discusion has ended very quick with no conclusion 1135120425 M * Bertl maybe I just read the discussion and missed the ignorance :) 1135120473 M * michal_ mayby i do not know all the story and there were more people ;] 1135120479 M * michal_ trying to submit it 1135120619 M * michal_ Bertl: http://www.securityfocus.com/columnists/375/2 have you been reading this interview with openssh developer ? 1135120624 M * michal_ interesting article 1135120716 M * Loki|muh hmmm here on the system if i produce lots of disc-activity, the goes up until ~1600 and then goes down to ~200 within one second. How could that be that this much entropy is used? seems to be very much 1135120821 M * michal_ depends on applications you are using but indeed, linux has a great appetite for randomnes 1135120862 M * michal_ you can see what is using /dev/(u)random with lsof 1135120871 M * michal_ anyway, i'm gone.cya. 1135121071 J * basse-s ~basse@0x3e42a8ee.adsl.cybercity.dk 1135121161 M * Bertl welcome basse-s! 1135121287 P * basse-s 1135121309 M * harry anyone here? 1135121324 M * daniel_hozac nope, everyone died the second you asked ;) 1135121327 M * harry Bertl: i have compiled the kernel 1135121345 M * harry now... i want to make a diff from the current tree with the original 1135121357 M * harry but... doing a diff now, isn't the way to go i think 1135121358 M * Bertl harry: great! (ad compiling) 1135121364 M * harry so... make clean? 1135121367 M * harry make dist-clean? 1135121369 M * harry ??? 1135121375 M * Bertl make it like this: 1135121387 M * Bertl cp -la patched-kernel patched-kernel-clean 1135121398 M * Doener Bertl: just found the new sendfile fix in my inbox :) note that this one does not include the accounting fix (just in case that you missed it ;) 1135121399 M * Bertl (cd patched-kernel-clean; make mrproper) 1135121428 M * Bertl (cd original-kernel; make mrproper) 1135121445 M * Bertl diff -NurpP original-kernel patched-kernel-clean >my-new-patch.diff 1135121465 M * Bertl Doener: ah, right, but your does, right? 1135121468 M * Doener yep 1135121499 M * Bertl please remind me in a few hours (or tomorrow) when I start a FOR-* dir 1135121504 M * Doener ok 1135121516 M * Bertl we do not want to miss it again :) 1135121633 M * harry -rw-r--r-- 1 root root 230077676 2005-12-21 00:53 patch-2.6.14.4-vs2.1.0-grsec2.1.7.diff 1135121636 M * harry hmmmm... 1135121642 M * harry that's... a lot 1135121742 M * Bertl use diffstat and upload the output somewhere 1135121770 M * harry diffstat? 1135121814 M * Bertl or lsdiff for a start :) 1135121862 A * harry has diffstat 1135121896 M * harry how do i use it? 1135121945 M * Bertl diffstat patch-2.6.14.4-vs2.1.0-grsec2.1.7.diff 1135122036 M * harry takes a while.. 1135122039 M * derjohn Bertl, devil 2.1.0 .. did I miss the release? 1135122054 M * Bertl obviously (nice typo, btw) 1135122074 M * derjohn (this typo was done by intention ;) 1135122088 M * Bertl (nice explanation *G*) 1135122151 M * derjohn hm, what will the next devel version be called? 2.1.1-rc1 ? 1135122184 M * Bertl guess we'll continue like this: 1135122189 M * harry 20455 files changed, 7271289 insertions(+), 2053 deletions(-) 1135122201 M * harry what do i do now??? 1135122211 M * Bertl 2.1.0.1, 2.1.0.2 ... 2.1.0.99, 2.1.1-rc1 ... 2.1.1-rc8, 2.1.1 1135122241 M * Bertl harry: the number of changed files suggests a mistake 1135122249 M * harry i hope so ;) 1135122256 M * harry but.. where 1135122257 M * harry how? 1135122268 M * Bertl show me the first 3 lines of the patch 1135122269 M * derjohn hm, let me think about it shortly .. 10ms ... this must be a joke! ;) 1135122318 M * harry diff -NurpP linux-2.6.14.4/arch/alpha/Kconfig linux-2.6.14.4-vs2.1.0-grsec2.1.7.clean/arch/alpha/Kconfig 1135122321 M * harry --- linux-2.6.14.4/arch/alpha/Kconfig 2005-12-15 00:50:41.000000000 +0100 1135122324 M * harry +++ linux-2.6.14.4-vs2.1.0-grsec2.1.7.clean/arch/alpha/Kconfig 2005-12-20 17:09:12.000000000 +0100 1135122380 M * Bertl what does diffstat tell about the grsec patch? 1135122386 M * harry something is definately wrong imho 1135122389 M * harry a looooooooooot :) 1135122413 M * harry my shell backlog isn't even that far... :s 1135122417 M * harry but... i have an idea... 1135122418 M * harry sec... 1135122441 M * Bertl probably copied a tree into the tree 1135122460 M * Bertl derjohn: hmm, why? 1135122467 M * derjohn Bertl, ah 2.1.0.1 <- bugfix? 2.1.1-rc with next feature? When will we have a new stable? with 2.2 (even numbers) ? 1135122500 M * Bertl 2.0.x releases and 2.1.x releases will go side by side for some time now 1135122508 M * derjohn Bertl, is was worried about .99 .. i thought it as development first, but I think you mean bugfixes for a devel? 1135122525 M * Bertl bug fixes and features ... 1135122526 M * derjohn (IMVHO there should be no bugfix in devel) 1135122541 M * Bertl well, we will fix bugs even in devel :) 1135122568 M * Bertl but there will be no bug fix releases for devel 1135122584 M * Bertl (only feature releases) 1135122620 M * Bertl while there will be no feature releases for stable until the next release (2.0.2) 1135122625 M * derjohn Bertl, don't confuse the users ... linux--vservers is one of the most confusing projects i ever had contact with (1.2 ctx vs. 1.9 vs. 2.0 vs. 2.1.0.x vs 2.1.1-rc .. fooo ) 1135122657 M * derjohn Bertl, why then 2.1.0.X ? features after release? 1135122664 M * Bertl you are right, we shall immediately change to verbose names like 'Affluent Albatross' :) 1135122684 M * derjohn ok, could you change the topic please? 1135122687 M * derjohn :) 1135122720 M * harry -rw-r--r-- 1 root root 1501183 2005-12-21 01:11 patch-2.6.14.4-vs2.1.0-grsec2.1.7.diff 1135122724 M * harry much better 1135122745 T * Bertl http://linux-vserver.org/ | latest stable hansi, karli, 1.2.11-rc1, devel otto | util-vserver-0.30.209 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) 1135122783 T * Bertl http://linux-vserver.org/ | latest stable 2.01, 1.2.10, 1.2.11-rc1, devel 2.1.0 | util-vserver-0.30.209 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) 1135122788 M * Bertl okay, just kidding ... 1135122798 M * derjohn *lol* 1135122839 P * meandtheshell 1135122841 M * derjohn but to get seroius: isnt the granularity of versionen too fine at the time? 1135122861 M * derjohn it could go firther with 2.2-rc1 1135122862 M * harry Bertl: it's done 1135122880 M * Bertl derjohn: well, honestly I'm not sure ... 1135122895 M * harry http://harry.ulyssis.org/patch-2.6.14.4-vs2.1.0-grsec2.1.7.diff.gz 1135122900 M * harry compiling kernel as we speak 1135122902 M * Bertl derjohn: previously I avoided the 4th number ... 1135122906 M * Bertl harry: great! 1135122941 M * Bertl derjohn: but it might be a simple marker to tell folks that it is not a release candidate (or ridiculous count as linus says) 1135122952 M * derjohn Bertl, I am not a dev(i)loper as you know, but from the point of a users view, I would say: leave it be. 1135122970 M * harry fs/ext3/super.c: In function `ext3_show_options': 1135122971 M * harry fs/ext3/super.c:516: warning: unused variable `sbi' 1135122981 M * harry that 's got nothing to do with any of the patches, does it? 1135122990 M * Bertl derjohn: so this brings the question, how to mark rc vs. non-rc 1135122991 M * jayeola hey chaps. what's the safest way to remove an unsucessful build of a vserver? `rm -rfv /vservers/foo && rm -rfv /etc/vservers/foo`, where foo is the name of a vserver? 1135123014 M * derjohn Bertl, devel 2.1.0-nonrc :) 1135123015 M * Bertl derjohn: I could live with -preX vs -rcX (already did that some time) 1135123033 M * derjohn what will the next stabel be called? 1135123036 M * derjohn stable 1135123047 M * Bertl minor stable 2.02 1135123055 M * harry it doesn't ;) 1135123060 M * Bertl major (ala ngnet working) 2.2 1135123073 M * derjohn this is minor stable .. lol 1135123078 M * derjohn ah 1135123091 M * Bertl harry: no, there are certain errors in vanilla 1135123125 M * Bertl derjohn: I expect 2.04-2.06 before ngnet is stable 1135123144 M * harry waiting for compile to finish.. 1135123154 M * harry still no compiler warnings/errors 1135123170 M * Bertl that's very suspicious 1135123181 M * harry why?