1135901114 Q * Marinus Quit: 
1135901183 Q * Doener Quit: Leaving
1135901240 M * tso bye
1135901241 Q * tso Quit: BitchX: the fresh-maker!
1135902748 J * Aiken ~james@tooax8-065.dialup.optusnet.com.au
1135903353 J * _are_ ~are@dslb-084-056-143-087.pools.arcor-ip.net
1135903361 M * _are_ hi
1135903474 M * _are_ when starting a vserver i get 'Too many IP numbers, max 16', checked a bit and found this to come from chbind. Is this a real limit or just a random restriction of chbind?
1135903640 M * derjohn _are_ please send complaints to bertl :) I had the same problem and no one agreed :)
1135903652 M * _are_ hmm, ok, as soon as you ask in irc, google gives a result, there is a define to fix this
1135903660 M * derjohn _are_, take linux-vserver.derjohn.de
1135903664 M * _are_ http://www.paul.sladen.org/vserver/archives/200304/0332.html
1135903696 M * mnemoc having 16 IPs con the same vserver is stupid
1135903697 M * derjohn there are .debs for util-vserver (prepatches) and a 2.6.14 kernel. all for SID
1135903712 M * derjohn mnemoc, hehe ;) I know
1135903752 M * _are_ mnemoc: not in the way I use vservers, I use them as containers on drbd disks to do failover setups.
1135903753 M * mnemoc but the limit is hardcoded on vserver patch ... and utils, so patch them
1135903814 M * derjohn _are_ are you on debian? then switch to my .deb or patch yourself. hints are at the bottom of this file: http://linux-vserver.org/some_hints_from_john
1135903832 M * _are_ yes, debian, sarge in this case
1135903866 M * derjohn _are_, we setup rsync servers on rsync into 192er vserver. If the real one fails we start the backup ones ... 
1135903892 M * derjohn _are_, so we never know if the real has more than 16 (e.g. bouncers ...)
1135903954 M * derjohn _are_, may deb are build for sid. but you can take the src and modify the build-deps of dietlibc and dpkg-buildpackage
1135903997 M * derjohn but basically you have to change the define of "IPV4ROOT" from 16 to 64
1135904003 M * _are_ well, i am not very sure about usining yours or patching myself. both are no big deal for the moment, but i would have to do it for every new kernel/util-vserver. might turn into a hassle.
1135904040 Q * Johnnie Read error: Connection reset by peer
1135904050 M * _are_ what actually is IPV4ROOT meant to be for?
1135904061 M * derjohn kernel/network.h:#define NB_IPV4ROOT    64
1135904099 M * derjohn _are_, this is some kind of define for the internel management of the guests's ip in it's context.
1135904131 M * _are_ so only in the vserver patch?
1135904135 M * derjohn _are_, the lookup is in linear time "O(n) ?" and people here assume 256 to slow ...
1135904162 M * derjohn _are_, yes I think so. But I am in no way a kernel_hax0r ... :)
1135904180 M * _are_ well, can't find it in the native no-vserver source here.
1135904201 M * derjohn _are_, and dont forget to patch the utils 
1135904239 M * _are_ have now the choice between patching kernel/utils eahc time there is a new version or mount --bind-ing the data to 2 vservers and use it that way
1135904245 M * derjohn BTW: the new networking code wich is called ngnet will be able to handle more IPs. This code is expected to be finished in 6 or 12 monaths
1135904309 M * _are_ yesyes, ngnet will fix all troubles i ever had with networking and when i first encountered vservers 1 year ago it had been in discussion / alpha test already
1135904312 M * derjohn _are_, yes. but: you have to compile and patch the kernel any. the change is only 1 line.
1135904348 M * _are_ that's definitly a point
1135904395 M * derjohn _are_, bertl went to usa and worked pretty hard on the new code. it run with 127.0.0.1 already ... completely separated. so the host doesnt even knoe about the guest ip when it comes to routing.
1135904466 M * derjohn _are_, yes. And I try to sweettalk all responsibles to make IPV4ROOT some kinde of compiletime/make option (to get at least rid of the patching stress)
1135904469 M * derjohn a
1135904471 M * _are_ hehe, well, uhm, sort of an emergency here as it has to be fixed today. I am afraid I can't wait for ngnet and have to patch it.
1135904508 M * derjohn _are_, no I say things like "_are and maaaany others need that, too and it wont cause much trouble.
1135904524 M * _are_ compile time option is only useful for the kernel, the tools would have to check out the kernel and use the appropriate limit
1135904541 M * derjohn (indeed I think it would be pretty easy for a coder to make the utils ask the kernel whats it's define ...)
1135904566 M * derjohn _are_, hr, yes, zwo dumme ein gedanke.
1135904571 M * _are_ if it is an exported symbol or in a .h that is always there: yes
1135904631 M * derjohn _are_, /me is not fluent in c .... I always wanted to file a wish on savannah .. i cannot remeber if i did....
1135904679 M * _are_ well, not fluent either, but my passive c is present to some extend
1135904693 M * derjohn _are_, ist hier 2h. I'll have to do some energy saving in oder to get a spinup early tomorrow.
1135904725 M * _are_ exactly same time here :->
1135904739 M * derjohn _are_, but im the meantime you could trust my debs... (at least they are signed be be and some trust of DDs)
1135904757 M * derjohn _are_, I saw it in your reverse lookup ...
1135904760 M * derjohn :)
1135904803 M * _are_ will check your debs and see if i get a clue on kernel config stuff to add this option as a config to the krnel
1135904844 M * derjohn _are_, so I really would like to discuss longer, but I have to walk home now. BTW: which city are you from?
1135904928 M * _are_ stuttgart
1135904946 M * derjohn _are_, i took original debian sources oh 2.6.14-4 from experimental
1135904952 M * derjohn (not vanilla)
1135904978 M * derjohn ah, greetz to the city of engineering ;)
1135904978 M * _are_ will have a look
1135905037 M * derjohn but: there are deps on libc of sid .... to you have to recompile. in case of the utils: debian/control -> change depency of dietlibc ... every else is said to be fine.
1135905042 M * derjohn off now
1135905049 M * derjohn by(t)e ....
1135905077 M * _are_ will do
1135905214 J * sebi ~sebi@Fcdbf.f.strato-dslnet.de
1135905316 Q * sebi_ Ping timeout: 480 seconds
1135905675 M * _are_ anyone with a little more plan on C than me in here who can tell me if in #define NB_IPV4ROOT     16 I replace the 16 by another define it works or is the preprocessor not reentrant?
1135905740 M * Adrinael It works.
1135905751 M * Adrinael Taken that the thing you put there is defined above it
1135905856 M * _are_ well, it will be in the kernels .config.
1135905894 M * _are_ i have not checked the make process, but seems autoconf.h is generated form .config and does a #define on the .config variables
1135905962 M * Adrinael You will surely get a compile error containing the thingie there if it doesn't work right
1135905987 M * _are_ sounds acceptable
1135906526 J * Johnnie ~jdlewis@jdlewis.whizwire.org
1135907585 N * nokoya nokoyaz
1135907611 N * nokoyaz nokoya
1135907647 J * Aiken_ ~james@tooax6-222.dialup.optusnet.com.au
1135907880 M * _are_ compile worked
1135908002 Q * Aiken Ping timeout: 481 seconds
1135911030 J * Guest329 JavaUser@ACC68273.ipt.aol.com
1135911037 M * Guest329 Hi
1135911052 N * Guest329 A_Train_Is_Exciting
1135911070 M * A_Train_Is_Exciting Hello
1135911071 M * A_Train_Is_Exciting everyone
1135911086 P * A_Train_Is_Exciting 
1135912627 J * cehteh foobar@cehteh.homeunix.org
1135912719 M * cehteh hi
1135912724 M * cehteh # vserver test2 build -m debootstrap -- -d sarge --arch i386          
1135912724 M * cehteh /usr/local/lib/util-vserver/vserver-build: unrecognized option `--arch'
1135912730 M * cehteh .. is that a bug?
1135912761 M * cehteh (I want to bootstrap a i386 userland on x86_64)
1135915642 Q * lilalinux Remote host closed the connection
1135916327 Q * ryker Quit: Leaving
1135916648 J * balbir ~balbir@59.92.138.85
1135918503 Q * balbir Quit: Leaving
1135918994 Q * jayeola Quit: quit
1135919539 J * mordur ~mordur@dsl-201-4.hive.is
1135922072 J * Smutje_ ~Smutje@xdsl-87-78-61-86.netcologne.de
1135922180 Q * Smutje Ping timeout: 480 seconds
1135923845 Q * mordur Quit: Leaving
1135924730 J * stefani ~stefani@c-24-19-46-211.hsd1.wa.comcast.net
1135924735 P * stefani 
1135926011 J * Aiken__ ~james@tooax8-008.dialup.optusnet.com.au
1135926030 Q * Aiken__ Quit: 
1135926327 Q * Aiken_ Ping timeout: 480 seconds
1135926855 M * eyck did anyone tried running vmware as a vserver guest?
1135927652 M * eyck it seems that non-graphics things work fien (NetBSD install for example), but anything more colorfull results in black screen
1135927778 J * ichigo ~m@203.81.233.61
1135927814 M * ichigo hello everybody. can somebody tell me how i use my printer in the vserver. 
1135927957 M * eyck what do you mean? 
1135927972 M * eyck you've got local usb printer? network printer? what?
1135929975 M * ichigo eyck : usb hp laser jet 1010. setup on the host
1135930826 M * eyck can you see /dev/usb on guest?
1135931019 M * ichigo nope. not /dev/usb or even /proc/bus/usb
1135931134 M * _are_ vprocunhide you already used?
1135931246 J * Milf ~Miranda@ipsio271.ipsi.fraunhofer.de
1135931420 M * Milf morning folks
1135931426 M * ichigo yes i used vproccpuunhid. the vserver refuses to start without it.
1135931547 J * comfrey ~comfrey@cpe-69-203-195-46.nyc.res.rr.com
1135932383 J * tso ~tso@rev.193.226.232.31.euroweb.hu
1135932390 M * tso hi all
1135934298 Q * _are_ Quit: bbl
1135934698 M * ichigo soory had to leave for a while...i did do /etc/init.d/vprocunhide start. before starting the vserver.
1135935197 M * Milf Can anyone give me a hint on how to find which of my host servers is hosting a specific IP?
1135935228 M * Milf The IP is pingable, I want to use it for a test server. But I can't find it on any of my hosts using 'ip addr'
1135935601 N * Bertl_zZ Bertl
1135935606 M * Bertl morning folks!
1135935609 M * Milf Good morning Bertl
1135935754 M * Bertl Milf: if 'ip addr ls' doesn't show it, then it's not used/assigned ... in general ping is not _such_ a good test, as a switch might answer that one .. try tracepath instead
1135935811 M * Bertl ichigo: you have to _copy_ the required devices (from the host's /dev) into the guest
1135935843 M * Milf tracepath? What's tracepath? If you mean traceroute, that doesn't tell me anything I don't already know :)
1135935878 M * Bertl tracepath is part of iputils
1135935975 M * Bertl eyck: where would/does 'more colorful' stuff output?
1135936033 M * Milf Hmmm, found it, but that still doesn't tell me anything new, as I'm not being told which real interface the virtual one resides on.
1135936055 M * Bertl cehteh: try -d sarge ARCH=i386
1135936090 M * Bertl Milf: ahem, you use it from where?
1135936128 M * Bertl Milf: (maybe I got your question wrong)
1135936154 M * Milf I used tracepath from a server in a different network.
1135936161 M * Milf I'll try it from the same network.
1135936191 M * Milf Zip. Nothing.
1135936250 M * Milf Meaning: Yes I get some output, but nothing that will help me find the machine that the address is being used on.
1135936286 M * Bertl okay, what does 'server' and 'same network' mean to you?
1135936306 M * Bertl and could you /msg me the tracepath output?
1135936313 M * Milf 'server' means which machine, which NIC the IP address is being used on
1135936355 M * Milf 'same network' means same network segment, same netmask, same broadcast address.
1135936373 M * Bertl ah, the ip can only be reached on some host, yes?
1135936391 M * Bertl and there you reach it via lo (in your trace)
1135936404 M * Milf It can be reached from anywhere, so I suspect I've already got a guest server somewhere using it.
1135936416 M * Milf So I want to shut down that guest server to free up my test-IP
1135936458 M * Bertl okay, what does 'arp' show on the host, right after you 'pinged' the IP?
1135936472 M * Bertl (/msg me again)
1135936517 M * Milf Yeah, that's something new, it gives me a MAC address. 
1135936565 M * Bertl :) now go and look with 'ip link ls'
1135936573 M * Milf That one I might find. Thanks Bertl.
1135936585 M * Bertl you're welcome!
1135936610 M * eyck Bertl: uh? what do you mean? vmplayer is an X app
1135936632 M * Bertl eyck: so it does use X forwarding in your setup?
1135936644 M * eyck actually, I've got X in guest,
1135936660 M * Bertl try with x forwarding, and see if it stays black
1135936666 M * eyck ok, thnx,
1135936683 M * Bertl if so, then it tries to access xv or sdl or whatever
1135936701 M * Bertl (and probably requires some -x11 switch or so)
1135936722 M * eyck I've got xv working OK
1135936756 M * Milf Bingo, found the culprit.
1135936888 M * Milf Hmmm, a vserver seems to have stopped uncleanly. Now the address is still in use, although the vserver is stopped. On startup, I get RTNETLINK answers: File exists
1135936925 M * Bertl usually the result of changes to the config files (e.g. prefix/netmask) while the guest is running
1135936940 M * Bertl (folks always do that :)
1135937001 M * Milf Hmmm, I'll have a look into that. I think it might be my ghastly hack-fix to the problem of vservers not stopping: inserting a reboot -f into the last init phase.
1135937030 M * Bertl inside the guest, I hope?
1135937042 M * Milf inside the guest, yes
1135937062 M * Bertl well, that should not stop the tools from working properly (at least not vanilla 0.30.209)
1135937078 M * Milf yep, that may be it. on stopping I get  RTNETLINK answers: Cannot assign requested address
1135937093 M * Milf Hmmm, this server has got vanilla 0.30.208 I think
1135937096 M * Bertl that just means that the prefix/netmask is wrong
1135937103 J * prae ~prae@ezoffice.mandriva.com
1135937130 M * Bertl (or maybe the interface for the ip)
1135937142 M * Milf Yeah but the server keeps the IP occupied.
1135937166 M * Milf Ok, solved on problem, now I go create another :)
1135937174 M * Bertl and, what was it?
1135937193 M * Milf The problem of finding which of my hosts was using the IP
1135937213 M * Bertl ah, okay, please /msg me the 'ip addr ls' output of the host
1135937237 M * Milf Ahem I found the server. Thank you.
1135937257 M * Milf As to the new problem to create: I don't know what that is, I haven't created it yet :)
1135937304 M * Bertl I was talking about the RTNETLINK issue
1135937946 M * Bertl Milf: okay, so it was an incorrectly assigned prefix :)
1135937978 M * Milf we can only hope :)
1135937994 M * Milf As it was a testing server, I will not overrate the problem.
1135938038 M * Bertl if you get 'Cannot assign requested address' this means that the address is already taken (or, on shutdown, that the address could not be found)
1135938085 M * Bertl as the entire address consists of the ip _and_ the netmask, different prefixes/netmasks give different addresses, if if the ip matches
1135938116 M * Bertl (which is often confusing for the administrator)
1135938279 M * Milf I solved the problem by deleting the test server :)
1135938346 Q * jkl Ping timeout: 480 seconds
1135939161 M * yang I am trying to setup many IP addresses for vserver, but this command doesnt work - for e in `seq 1 49`; do mkdir $i && pushd $i && echo eth0 >dev && echo 86.110.64.$(($i+150)) >ip && popd;done
1135939183 M * yang Try `mkdir --help' for more information.
1135939183 M * yang mkdir: too few arguments
1135939199 M * Bertl $i vs 'e' ?
1135939264 M * Bertl btw, you also want to write a prefix or netmask there
1135939287 M * yang could you tell me the right line?
1135939303 M * Bertl change the 'e' in the 'for' to 'i'
1135939323 M * Bertl and add something like echo 24 >prefix
1135939325 M * yang ok
1135939333 M * yang to i or to $i
1135939355 M * Bertl ahem, you got that line from somewhere, I suppose?
1135939365 M * yang yes, someone on this channel wrote me this line
1135939380 M * Bertl ah, i.c. well, you should look into bash a little ...
1135939384 M * yang its a lot of work to setup 50 ips by hand
1135939392 M * Bertl yes, it would be i not $i
1135939423 M * Bertl btw, I'd do something like:
1135939448 M * yang it created well now...but as you said, its missing the prefix line
1135939491 M * Bertl for d in `seq 1 49`; do mkdir $d && echo eth0 >$d/ip && .... ; done
1135939510 M * Bertl IMHO the pushd/popd is fun but just confusing if something goes wrong
1135939564 M * yang so i can make it like this for d in `seq 1 49`; do mkdir $d && echo eth0 >$d/ip && .... && echo 24 >prefix ; done
1135939615 M * Bertl echo 24 >$d/prefix but yes 
1135939641 M * Bertl the pushd basically puts the current directory on a stack and changes the directory
1135939665 M * Bertl the problem is, that commands connected with && will only be executed, if the previous command succeeded
1135939703 M * Bertl which in turn means, that if any of those commands in the && sequence fails, the last popd (which changes back to the push-ed dir) will not get executed
1135939768 M * yang well assuming that i have allready created previously the files...with for e...now trying this for d in `seq 1 49`; do mkdir $d && echo eth0 >$d/ip && .... && echo 24 >$d/prefix ; done  it doesn't add the prefix file
1135939835 M * Bertl because the mkdir already fails ...
1135939846 M * Bertl first remove the old dirs 
1135939862 M * aba oder make mkdir -p if you don't care for the old dirs contents
1135939876 M * yang ok
1135939932 M * yang bash: ....: command not found
1135939959 M * Bertl *sigh* :) the .... was a placeholder for your 'other' commands :)
1135939968 M * Bertl yang: try:
1135940020 M * Bertl for d in `seq 1 49`; do mkdir $d && echo eth0 >$d/ip && echo 86.110.64.$d >$d/ip && echo 24 >$d/prefix ; done
1135940034 M * Bertl make the 1 and 49 match your start and stop digit
1135940048 M * Bertl i.e. if your IPs start at 86.110.64.150
1135940070 M * Bertl use `seq 150 200` instead
1135940119 M * Bertl still I don't see why somebody would need 50 ips inside a guest
1135940209 M * yang it's used for IRC vhosts
1135940211 M * Bertl aside from the fact that there is a good reason why the current limit is 16 ips per guest 
1135940222 M * yang why a good reason?
1135940244 M * Bertl because it slows down performance if you set it higher
1135940286 M * yang I have promised to my friend that he will be able to use 50 ips
1135940298 M * Milf what for?
1135940312 M * yang he wants to do irc vhosts
1135940383 M * Milf Waht are irc vhosts?
1135940397 M * Bertl why not have 4 guests with 15 ips each?
1135940405 M * yang somehow i thought, before i was installing the vserver, that it can grab the interfaces from the main server
1135940452 M * yang Bertl: would 4 guests with 15 IPs work faster than 1 with 60 ?
1135940458 M * Bertl definitely
1135940501 M * Bertl but you can allow your guest to access all host IPs too
1135940527 M * yang yes
1135940535 M * yang that would be the best
1135940548 M * Bertl (at least it should work) by using just an entry like this:
1135940567 M * Bertl '0/ip' contains 0.0.0.0
1135940583 M * Bertl '0/prefix' contains 0
1135940589 M * Bertl '0/nodev'
1135940611 M * Bertl (no other dirs or entries)
1135940633 M * Bertl btw, this is unverified, so it might just _not_ work
1135940680 M * yang this is an excellent solution, i will try
1135940701 M * Bertl if that doesn't work, let me know, we can work around that too
1135940748 M * yang Milf: irc vhosts like "domain.tld" in your host
1135940840 M * Bertl Milf: just check http://www.sh3lls.net or similar ...
1135941117 M * yang well now
1135941120 M * yang I have on main server
1135941122 M * yang eth0:3    Link encap:Ethernet  HWaddr 00:10:DC:29:8B:61
1135941122 M * yang           inet addr:86.110.64.4  Bcast:86.110.64.255  Mask:255.255.255.0
1135941130 M * yang but i cannot use this IP in my vserver
1135941145 M * yang looks like that hack doesnt work
1135941177 M * Bertl enter the vserver and do 'cat /proc/self/ninfo'
1135941212 M * yang vserver1:/# cat /proc/self/ninfo
1135941212 M * yang NID:    49174
1135941212 M * yang V4Root[0]:      0.0.0.0/0.0.0.0
1135941212 M * yang V4Root[bcast]:  255.255.255.255
1135941246 M * Bertl and how did you try to 'use' it?
1135941260 M * yang i added it as hostname in my irc client
1135941271 M * yang usually should work, then ip is assigned
1135941279 M * yang when
1135941296 M * Bertl i.e. the guest is running some ircd?
1135941304 M * yang no
1135941328 M * Bertl so how is the guest IP and your irc client related?
1135941333 M * yang i did restart on vserver after cahnging config
1135941346 M * Bertl yeah, that's fine ...
1135941369 M * yang also ifconfig doesnt appear
1135941375 M * Bertl that's fine too
1135941385 M * Bertl (i.e. needs another small change)
1135941403 M * yang previously when i added 0 and 1 in interface, it used to grab the ip
1135941428 M * Bertl try to start a daemon, e.g. sshd  on the guest and bind to ip 0
1135941460 M * Bertl for example, you could do sshd -d -p 2222
1135941467 M * Bertl (inside the guest)
1135941479 M * Bertl and then try to conenct to port 2222 on 86.110.64.4
1135941488 M * yang 1:17 -!- Irssi: Unable to connect server efnet.xs4all.nl port 6667 [Cannot assign requested address: 86.110.64.150]
1135941520 M * yang ok i ll try
1135941540 M * Bertl I'd assume the 86.110.64.150 is not assigned anywhere on the host, right?
1135941588 M * yang yes i added it with command ifconfig eth0 add 86.110.64.150
1135941615 M * yang but on the root server
1135941696 M * yang debug1: rexec_argv[0]='/usr/sbin/sshd'
1135941696 M * yang debug1: rexec_argv[1]='-d'
1135941696 M * yang debug1: rexec_argv[2]='-p'
1135941696 M * yang debug1: rexec_argv[3]='2222'
1135941696 M * yang debug1: Bind to port 2222 on 86.110.64.150.
1135941699 M * yang Bind to port 2222 on 86.110.64.150 failed: Cannot assign requested address.
1135941701 M * yang Cannot bind any address.
1135941804 M * Bertl why does it try to bind 86.110.64.150?
1135941819 M * yang becouse its the last interface added i think
1135941820 M * Bertl it should instead try to bind 0.0.0.0
1135941856 M * yang irssi always connects on the ip which was added the last
1135941863 M * yang on default
1135941877 M * Bertl how is irssi related to the sshd?
1135941884 M * yang well its not
1135941902 M * Bertl so, why does the sshd try to bind to 86.110.64.150?
1135942015 M * yang hehe, its becosue
1135942023 M * yang my etc/ssh/sshd config on host is
1135942025 M * yang ListenAddress 86.110.64.150
1135942036 M * Bertl okay, change that to 0.0.0.0 or comment it out
1135942187 M * yang there is another thing
1135942193 M * yang i have on my root server also this line
1135942200 M * yang ListenAddress 86.110.64.2
1135942207 M * yang in sshd config
1135942215 M * yang now i get this
1135942217 M * yang debug1: private host key: #1 type 2 DSA
1135942217 M * yang debug1: rexec_argv[0]='/usr/sbin/sshd'
1135942217 M * yang debug1: rexec_argv[1]='-d'
1135942217 M * yang debug1: rexec_argv[2]='-p'
1135942219 M * yang debug1: rexec_argv[3]='2222'
1135942222 M * yang debug1: Bind to port 2222 on 0.0.0.0.
1135942224 M * yang Server listening on 0.0.0.0 port 2222.
1135942227 M * yang socket: Address family not supported by protocol
1135942258 M * Bertl looks fine, try with ssh -p 2222 86.110.64.4
1135942264 M * Bertl or 86.110.64.2
1135942283 M * yang yang@zeus:~$ ssh -p 2222 86.110.64.4
1135942283 M * yang ssh: connect to host 86.110.64.4 port 2222: Connection refused
1135942283 M * yang yang@zeus:~$ ssh -p 2222 86.110.64.150
1135942283 M * yang ssh: connect to host 86.110.64.150 port 2222: Connection refused
1135942283 M * yang yang@zeus:~$ ssh -p 2222 86.110.64.2
1135942285 M * yang ssh: connect to host 86.110.64.2 port 2222: Connection refused
1135942306 M * sladen telnet 86.110.64.2 22
1135942308 M * sladen telnet 86.110.64.2 2222
1135942327 M * yang not even that
1135942515 M * Bertl /etc/hosts.allow?
1135942539 M * Bertl does the guest's sshd log something?
1135942550 M * Bertl or did it already terminate?
1135942564 M * yang its empty
1135942574 M * yang no it logs
1135942577 M * yang but no other
1135942591 M * Bertl okay, what did the sshd say?
1135942624 M * yang nothing else
1135942642 M * Bertl you pasted the ssh (not the sshd) messages
1135942666 M * Bertl ah, I get it, you use rexec orsoemthing like that
1135942674 M * yang vserver1:/# /usr/sbin/sshd -d -p 2222
1135942674 M * yang debug1: sshd version OpenSSH_4.2p1 Debian-5
1135942674 M * yang debug1: read PEM private key done: type RSA
1135942674 M * yang debug1: private host key: #0 type 1 RSA
1135942674 M * yang debug1: read PEM private key done: type DSA
1135942677 M * yang debug1: private host key: #1 type 2 DSA
1135942679 M * yang debug1: rexec_argv[0]='/usr/sbin/sshd'
1135942682 M * yang debug1: rexec_argv[1]='-d'
1135942684 M * yang debug1: rexec_argv[2]='-p'
1135942687 M * yang debug1: rexec_argv[3]='2222'
1135942689 M * Bertl and the -d was interpreted by your remote execution thingy
1135942689 M * yang debug1: Bind to port 2222 on 0.0.0.0.
1135942692 M * yang Server listening on 0.0.0.0 port 2222.
1135942694 M * yang socket: Address family not supported by protocol
1135942731 M * Bertl connect to the host (via ssh), then do 'vserver <name> enter'
1135942739 M * Bertl (replace <name> by your guest name)
1135942763 M * yang yes i am connected
1135942773 M * Bertl then execute 'sshd -d -p 2223'
1135942789 M * Bertl should not return, but instead keep running
1135942824 M * yang vserver1:/# sshd -d -p 2222
1135942824 M * yang sshd re-exec requires execution with an absolute path
1135942838 M * Bertl ts,ts must be debian :)
1135942852 M * Bertl okay, try again with /sbin/sshd or wherever your sshd is
1135942883 M * yang i get hte same message as i pasted those 10 lines
1135942903 M * Bertl the debug1 lines?
1135942909 M * yang right
1135942926 M * Bertl okay, and it is still 'running?
1135942930 J * shedi ~siggi@213-140-22-77.fastres.net
1135942951 M * Bertl welcome shedi!
1135942963 M * yang yes, root     11031  0.0  0.6  4600 1732 pts/6    S+   11:41   0:00 /usr/sbin/sshd -d -p 2222
1135942984 M * Bertl okay, except that we are looking for -p 2223 now :)
1135943007 M * Bertl but so be it .. try now to connect via ssh -p 2223 86.110.64.4
1135943007 M * yang so i kill this and start for 2223
1135943047 M * yang i am doing all this on host
1135943071 M * Bertl (well, after the 'enter' you are on the guest)
1135943075 J * jso ~jso@ip-62-235-233-120.dial.scarlet.be
1135943082 M * Bertl welcome jso!
1135943109 M * yang i mean guest yes
1135943115 M * jso Bertl, hello ;-)
1135943137 M * Bertl yang: okay, when you 'ssh' to it, the sshd should log something
1135943162 M * yang its not logging
1135943172 M * Bertl (if it doesn't say anything, you might have a firewall running?)
1135943176 M * yang no
1135943221 M * jso yang, Bertl, did you already tried to launch sshd in debug mode?
1135943221 M * Bertl I'll test it .. give me a few minutes
1135943233 M * Bertl jso: it's running in debug mode
1135943294 M * jso mmm, so what client said in verbose mode?
1135943352 M * yang hmm
1135943356 M * yang this is strange
1135943367 M * yang yang@jason:~$ ssh 86.110.64.2 2223
1135943367 M * yang Password:                        
1135943461 M * yang http://pastebin.com/484014
1135943467 M * yang its not letting me in with password
1135943477 M * yang but sshd doesnt log a thing
1135943504 M * yang ahhh
1135943508 M * yang i didnt do -p
1135943512 M * harry hehe
1135943522 M * harry it's not telnet, yhou know :p
1135943544 M * yang debug1: Connecting to 86.110.64.2 [86.110.64.2] port 2223.
1135943544 M * yang debug1: connect to address 86.110.64.2 port 2223: Connection refused
1135943544 M * yang ssh: connect to host 86.110.64.2 port 2223: Connection refused
1135943579 M * harry nc 86.110.64.2 2223
1135943583 M * harry what does that tell you?
1135943613 M * harry telnet
1135943613 M * harry sry
1135943640 M * yang yang@jason:~$ telnet 86.110.64.2 2223
1135943640 M * yang Trying 86.110.64.2...
1135943640 M * yang telnet: Unable to connect to remote host: Connection refused
1135943648 M * harry no sshd running there
1135943674 M * harry so it's quite normal that you can't login on that port
1135943675 M * harry :)
1135943685 M * jso yang, in sshd_config: Port 2223 ?
1135943697 M * harry jso: not necessarity
1135943699 M * Bertl jso: the -p 2223 should override that
1135943700 M * yang no becouse sshd runs on guest and i am ssh-ing from root
1135943716 M * harry iptables -t nat -A PREROUTING -i $EXTERNAL_IF -p tcp --destination-port 2222 -j REDIRECT --to-ports 22
1135943720 M * harry that's possible too :)
1135943736 M * harry Bertl: no
1135943773 M * harry Bertl: if you ssh daemon doesn't run on port 2223, it makes no sense that your client tries to connect to it
1135943842 M * jso harry, what I mean ;-)
1135943880 M * Bertl harry: what does sshd -d -p 2223 do in your opinion?
1135943901 M * harry Bertl: 12:49 < yang> yang@jason:~$ ssh 86.110.64.2 2223
1135943902 M * harry 12:51 < yang> i didnt do -p
1135943913 M * harry that... connects to a ssh server running at port 2223
1135943916 M * harry 12:54 < jso> yang, in sshd_config: Port 2223 ?
1135943923 M * Bertl spot the difference ssh vs sshd
1135943924 M * harry that is needed to start the sshd on port 2223 :)
1135943940 M * Bertl harry: no, that's bullshit!
1135943960 M * harry you can also start it with /usr/sbin/sshd -p 2223
1135943967 M * harry true... but that wasn't the problem afaik
1135943973 M * Bertl what he did, pls read the lines
1135943998 M * yang is this value correct V4Root[bcast]:  255.255.255.255
1135943999 M * Bertl yang: I can confirm that it doesn't work this way, will investigate
1135944021 M * harry Bertl: i never seen him say sshd -p
1135944025 M * Bertl yang: what kernel/patches do you use right now?
1135944039 M * harry what he tried in the patch looked like the sshd was running on port 22
1135944044 M * yang Bertl: the ones from debian etch
1135944045 M * Bertl harry: 
1135944046 M * Bertl 12:37 < yang> debug1: rexec_argv[0]='/usr/sbin/sshd'
1135944046 M * Bertl 12:38 < yang> debug1: rexec_argv[1]='-d'
1135944046 M * Bertl 12:38 < yang> debug1: rexec_argv[2]='-p'
1135944046 M * Bertl 12:38 < yang> debug1: rexec_argv[3]='2222'
1135944053 M * harry true...
1135944056 M * harry 2222
1135944059 M * harry mind the last 2
1135944063 M * harry that's not 2223
1135944068 M * Bertl he redid that with 2223
1135944083 M * Bertl maybe you want to read the irc logs _again_?
1135944089 M * harry ah, whatever... we all know what the problem is :)
1135944093 M * harry we know the sollution :)
1135944098 A * harry continues his beer
1135944098 M * harry :)
1135944123 A * tso needs coffee ... or beer too
1135944139 M * harry tso: get your ass over at 22c3
1135944142 M * harry i still have some
1135944143 M * harry :)
1135944168 M * tso harry too far away from here ;-)
1135944256 M * harry pfoeh! :)
1135944380 M * Bertl yang: try to make yourself comfortable with compiling a mainline kernel (and installing booting it on your machine)
1135944492 M * harry and try to masturbate with your hand after you've been sitting on it for 30 minutes (that's called: the stranger)
1135944500 M * harry ;)
1135944516 M * tso harry is that help? did you try it? :)
1135944569 M * harry tso: no idea...
1135944581 M * harry as long as i don't have to do it myself, i don't really care
1135944591 M * harry i have a girl that does that kind of stuff for me :)
1135944626 F * ChanServ +o Bertl
1135944639 M * yang Bertl: i like to keep debian organised kernels
1135944642 K harry Bertl come back when you're sober ...
1135944642 M * tso harry just one (girl)? ;-)
1135944652 J * harry ~harry@d515321D1.access.telenet.be
1135944654 M * harry i'm sober!
1135944665 M * Bertl then act like that ...
1135944674 M * harry naaaah... not today :)
1135944684 A * harry doing some xbox stuff now
1135944687 M * harry so cya'll
1135944740 M * Bertl yang: well, that's your decision, but if you want this to work, you'll have to add patches ...
1135944743 M * yang Bertl: i have this installed if it helps you with version revision - ii  kernel-patch-vserver          2.01
1135944766 M * Bertl yang: and the patches will be against mainline+vserver ...
1135944773 M * FaUl Bertl: i had some issues with debian-installation on an ultra-1 workstation with sparc64 - i will try this tomorrow again, and then i'll test the kernel again
1135944786 M * Bertl FaUl: okay, tx!
1135944803 M * yang FaUl: managed to boot your ultra-1 ? 
1135944834 M * yang nice
1135944963 M * FaUl yang: yes, but the serial terminal don't like that ncurses-interfaceu
1135944970 M * FaUl i'll try this tomorrow or so
1135944973 M * yang Bertl: so if i had the newest 2.6.14 kernel with new patches you think it would work?
1135944998 A * jso have some lunch, bbl ;-)
1135945003 M * yang FaUl: i had problems on sparc4 with menu installation, didnt want to show me colors
1135945053 M * Bertl yang: no, it won't, but I can tell you how to fix that (by changing two lines in the code)
1135945084 F * Bertl -o Bertl
1135945096 M * Bertl yang: testing that now ...
1135945156 M * yang well i hope we have the interface added correctly
1135945157 M * yang -rw-r--r--  1 root root    8 2005-12-30 12:08 ip
1135945157 M * yang -rw-r--r--  1 root root    0 2005-12-30 12:08 nodev
1135945157 M * yang -rw-r--r--  1 root root    2 2005-12-30 12:08 prefix
1135945247 M * Bertl yes, I guess you have, as I said, I can reproduce it here
1135945412 J * menomc ~amery@200.75.27.106
1135945520 Q * mnemoc Ping timeout: 480 seconds
1135945520 N * menomc mnemoc
1135945538 M * yang does it work for you with such config which i have?
1135945557 M * yang you can read network from root server?
1135945650 M * Bertl yang: you need this patch: http://vserver.13thfloor.at/Devel/PAT-2.1.1/delta-anyip-feat01.diff
1135945710 M * Bertl yang: you can apply it to almost any vserver kernel, should work fine for recent debian kernels too
1135945749 M * yang aha, does it require a new kernel-compilation?
1135945755 M * Bertl yes
1135946028 M * yang patch -p1 -i delta-anyip-feat01.diff --dry-run
1135946028 M * yang can't find file to patch at input line 3
1135946028 M * yang Perhaps you used the wrong -p or --strip option?
1135946028 M * yang The text leading up to this was:
1135946028 M * yang --------------------------
1135946030 M * yang |--- ./include/linux/vs_network.h.orig  2005-12-21 19:04:06 +0100
1135946033 M * yang |+++ ./include/linux/vs_network.h       2005-12-30 13:24:56 +0100
1135946035 M * yang --------------------------
1135946038 M * yang File to patch:                                                             
1135946068 M * Bertl what is your current dir?
1135946083 M * yang jason:/usr/src/linux-source-2.6.12#
1135946106 M * Bertl vanilla kernel?
1135946109 M * yang yes
1135946119 M * Bertl okay, you have to apply the vserver patch first
1135946128 M * yang no, i allready have the
1135946136 M * yang kernel-patch-vserver from debian
1135946143 M * yang i got debian-source kernel
1135946155 M * Bertl okay, then check for the include/linux/vs_network.h file
1135946168 M * Bertl if it isn't there, then the patch (vserver) was not applied yet
1135946206 M * yang hmmm
1135946225 M * yang strange
1135946234 M * Bertl IIRC, then debian puts the patches in a separate dir
1135946247 M * Bertl (and does only apply them on build at some point)
1135946249 M * yang yes in /usr/src/kernel-patches
1135946269 M * Bertl you could 'simply' add the patch there (after the vserver patch)
1135946280 M * Bertl but don't ask me for details, never built a debian kernel
1135946480 M * yang i think it wont work
1135946496 M * Bertl what?
1135946500 M * yang becouse as you said, the vserver-patch comes when compileing kernel
1135946509 M * yang so i cannot add this diff before?
1135946526 M * Bertl no, you can't but you can 'append' it to the vserver patch
1135946557 M * yang shall i move it inside /usr/src/kernel-patches/diffs
1135946563 M * yang or?
1135946564 M * Bertl or just get a vanilla kernel, patch it with the vserver patch and then use the delta
1135946592 M * Bertl yang: as I said, you have to ask aba, micah or some debian folks regarding debian kernels
1135946627 M * aba yang: you can apply all patches by hand IIRC. But kernel building is still some black magic to me.
1135946629 M * yang ok, i will ask in the evening
1135946654 M * yang well i never added any patches before in my life, so i really dont know the procedure
1135946675 M * Bertl your patch line is quite fine for _adding_ patches
1135946695 M * Bertl (well, make that _applying_ patches)
1135946724 M * Bertl i.e. if you apply the vserver patch before you try with the delta, that will work
1135946746 M * yang what if i get this file vs_network.h from the CVS kernel tree, add it there and apply the diff?
1135946769 M * Bertl debian vserver cvs kernel tree?
1135946804 M * yang no, the kernel.org CVS ?
1135946825 M * yang well i am just guessing
1135946827 M * Bertl ah, well, then you can get a vanilla kernel and patch that with vserver and then the delta
1135946840 M * Bertl works quite fine (that's what I do)
1135946865 M * Bertl http://www.kernel.org/
1135946886 M * Bertl get the 2.6.14.5 kernel from there (probably the 'F'ull version)
1135946889 M * yang so, you tested this vserver which we worked on, and it works on you without problem? reading interfaces from main server?
1135946907 M * Bertl yes, after applying the delta
1135946920 M * yang ok then i ll do that
1135946955 M * Bertl http://www.13thfloor.at/vserver/s_rel26/v2.01/
1135946969 M * Bertl here are the stable patches (they will work fine for 2.6.14.5)
1135947009 M * Bertl but you should first try with a vanilla kernel (i.e. no patches at all) as debian might need some modifications to boot a vanilla kernel
1135947022 M * Bertl some things come to my mind here:
1135947025 M * Bertl  - udev
1135947033 M * Bertl  - no cramfs
1135947050 M * yang i will just use the debian kernel config, without modifications...
1135947068 M * Bertl which might give you issues and is not the best choice
1135947097 M * ichigo yang: do you want to compile kernel in deiban..or for any other distro even you can use the "make oldconfig" method after applying the patch. 
1135947103 M * Bertl yang: instead you should try to figure what hardware your host really has, and configure a minimal monolithic kernel
1135947105 M * yang well if the kernel doesnt boot, i am in trouble since the server is in colocation
1135947139 M * Bertl yang: if you do not have (some kind of remote) console access, I would be _very_ careful
1135947152 M * yang that is what i am saying
1135947160 M * ichigo Bertl: a small kernel is usefull but few know what to include and what to discard. best to use the orignal kernel as a guideline and work from there.
1135947163 M * yang debian default kernels boot fine...
1135947203 M * Bertl yang: then wait for micah, and/or find some debian folks who can tell you how to _add_ the delta to the debian vserver-kernel source package
1135947215 M * yang yes, better
1135947273 M * Bertl ichigo: well, the 'original' (debian) kernel also includes the kitchen-sink, which is seldom present on servers :)
1135947288 M * tso yang yes, but debian def. kernel loads most of device drivers from module, and has an initrd...so if you don't know exactly what drivers are needed, you should compile with debian kernel config and make initrd before booting it up
1135947293 M * ichigo yang. then all you need to do is patch a vannilla kernel. copy the configuration into .config and do make oldconfig. then answer some questions.  and you'll have a kernel that work well on your distro and computer.
1135947354 M * Bertl ichigo: unlikely
1135947386 M * ichigo bertl: hahahahah very funny. but seropisly. few ppl can claim to master kernel compiling ..... even i who has compiled about 50 kernels cannot. and its always better to use oldconfig cuz then you end up with a kernel that is well supported on your distro
1135947429 M * Bertl ichigo: I would be _very_ surprised if using the debian default config on a recent 2.6.14.5 kernel would give anything bootable (on debian)
1135947443 M * ichigo i did. but it was 2.6.14.4
1135947458 M * Bertl really? scsi hardware?
1135947464 M * ichigo see the config it does not find in the default. it just asks??
1135947476 M * ichigo no no scsi hardware??
1135947503 M * ichigo ofcoase mkinitramfs is also needed.
1135947514 M * Bertl from what 'kernel' was the old .config? (debian)
1135947527 M * ichigo i think it wa 2.6.8.
1135947560 M * ichigo i also did the same for ubuntu..that was 2.6.12
1135947580 M * Bertl well, I have to trust you on that, but IIRC the IDE config changed significantly and a 2.6.8 .config would not lead to a proper kernel when used on 2.6.14
1135947601 M * Bertl (instead it would miss the IDE disk support)
1135947606 M * yang i am scared on booting a vanilla kernel, if the machine would fail...
1135947609 M * tso and for sata too
1135947652 M * tso yang do you use grub?
1135947668 M * yang lilo
1135947670 M * Bertl yang: well, that is caused by your provider/colocator who does not provide some remote access
1135947671 M * ichigo i agree with what you say too. BUT for ppl who don't know what the 100000s of options mean it better to use make oldconfig. if you wat some chages then after oldconfig do make menuconfig
1135947719 M * Bertl ichigo: usually the 'make defconfig' gives a sane default
1135947726 M * tso ichigo yes of course, except if he uses special sata or scsi controllers, and it depends on old kernel version as Bertl said before
1135947763 M * Bertl you then walk the options (with make menuconfig) and read the help ... hardware you don't have get deselected, hardware you know you have can be added/configured
1135947824 M * ichigo yang lang. i just thought up a good solution for you. do uname -r. you'll get the kernel you use. get the vannilla source for that kernel. try compiling that a few time to get experinance then move on to the latest kernels...
1135947848 M * Bertl ichigo: I agree with you that 'make oldconfig' is the way to go, but not with a kernel with everything selected :)
1135947882 M * tso i didn't use lilo for a long time, is there any feature like grub-reboot?
1135947888 M * Bertl ichigo: how would that help?
1135947899 M * ichigo Bertl: to select everything i think you use make allconfig. no that scary but even that has few disadvatages except one mothership of a kernel.
1135947905 M * Bertl tso: yes, actually it came from there, it's the lilo -R option
1135947928 M * Bertl ichigo: the debian kernels are like 'allmodconfig'
1135947940 M * ichigo Bertl. it would help cuz he could easiily use make oldconfig without anyworries.
1135947968 M * ichigo Bertl:yeah i am not sure about the exact command i just red about it in the doc once
1135947971 M * Bertl ichigo: wrong again, because even if the kernel says 2.6.8-something, it's really more a 2.6.10 or 11
1135947976 M * tso Bertl thx, then yang can reboot the machine with the new kernel and ask for colocation provider to reboot the machine if something goes wrong..
1135948023 M * ichigo Bertl. now that not my fault is it.. i tend to belive the output of uname -r
1135948050 M * Bertl ichigo: well, but debian does not update the release numbers, only the -XX
1135948072 M * Bertl so 2.6.8-1 was a 2.6.8 kernel (plus some changes)=
1135948097 M * Bertl but 2.6.8-42 might be a 2.6.14 kernel (minus some changes)
1135948119 M * ichigo really?? ohh who'd have thought. but i suppose there must be some way to know the exact kernel number.  maybe ask on the debian irc
1135948164 M * Bertl the thing is, they do not update to the newer kernels, they just add patches (between the kernels) which they consider 'useful' or 'necessary'
1135948186 M * Bertl only after some time, they do update ...
1135948221 M * Bertl but, nevertheless there might be a proper config for 2.6.14 too, because IIRC, micah uploaded some vserver kernel with 2.6.14 to unstable or so
1135948243 M * Bertl that might even have the proper defaults for linux-vserver
1135948308 M * ichigo why not try to install the 2.6.14 kernel form the sid repos. than see the config for that and use that. there is a 2.6.14 kernel in the sid repos. i know since i run sid inside my vserver and alteast know whats in the repos.
1135948341 M * Bertl well, that should do too
1135948352 M * ichigo he where did yang go???? my entire page is without a single post from him....
1135948657 M * ichigo 
1135948679 M * ichigo ......where is everybody. 
1135948706 A * tso drinking a coffee
1135948715 N * ichigo ichigo___food
1135948791 N * ichigo___food hollow_ichigo
1135948840 A * jso bb ;-)
1135949152 M * jso Bertl, btw iirc, by default, debian disable ssh as root ( PermitRootLogin no), though?
1135949167 M * tso jso yes
1135949223 M * Bertl yes, might be so, nevertheless if you are referring to yang's issues, this does not apply
1135949275 M * tso jso sry, newly installed ssh not disable it, i was wrong
1135949352 M * jso tso, no pb (here my unstable i386 said no ;-) but should be a custum of mine, i don;t remember)
1135949400 M * tso jso some minutes earlier i debootstrap a new sid and sarge with ssh and permitrootlogin yes in both of them
1135949422 M * hollow_ichigo yes sid atleast has it on by default. 
1135949470 M * jso Bertl, here with kernel 2.6.14.4+ vs-2.1.0 (hppa box), I don't reach to reproduce ?
1135949489 M * jso tso, cool (definitely of mine ;-) )
1135949523 Q * shedi Quit: Leaving
1135949852 M * jso Bertl, mmm I have got this: 
1135949854 M * jso # ssh -vvv -p2223 hplvsrvr
1135949854 M * jso OpenSSH_4.2p1 Debian-5, OpenSSL 0.9.8a 11 Oct 2005
1135949854 M * jso debug1: Reading configuration data /root/.ssh/config
1135949854 M * jso debug1: Reading configuration data /etc/ssh/ssh_config
1135949854 M * jso debug1: Applying options for *
1135949855 M * jso debug2: ssh_connect: needpriv 0
1135949857 M * jso debug1: Connecting to hplvsrvr [192.168.248.145] port 2223.
1135949859 M * jso debug1: connect to address 192.168.248.145 port 2223: Connection refused
1135949863 M * jso ssh: connect to host hplvsrvr port 2223: Connection refused
1135950067 M * jso Bertl, just because I launch sshd in my guest with -d (in this case only one attempt is possible and have to re-launch sshd, so all came back ok ;-)
1135950203 J * jrso ~Joel_Soet@ip-62-235-233-120.dial.scarlet.be
1135950242 M * Bertl welcome jrso!
1135950346 M * jrso Bertl,  apologies for noise (I just made a mistake by looking for this irc log) (jrso == jso ;-) )
1135950392 M * Bertl np :)
1135950411 M * Bertl just haven't realized that jso is you :)
1135950468 M * jso Bertl, obviously ;-)
1135950472 M * eyck yeah, that was sneaky..
1135950495 Q * jrso Quit: ChatZilla 0.9.61 [Mozilla rv:1.7.12/20051007]
1135950602 M * hollow_ichigo hey bertl... earlier you mentioned that to get my usb devices to work under the vserver i will have to copy the nods. how exactly. i assume its not simply a cp 
1135950785 M * eyck cp -a
1135950856 M * eyck pokurcz:~# cp -a /dev/ram1 RAM1
1135950856 M * eyck pokurcz:~# ls -l RAM1
1135950856 M * eyck brw-rw----  1 root disk 1, 1 Mar 25  2005 RAM1
1135951211 J * bubulak_ ~bubulak@cicka.wnet.sk
1135951385 Q * bubulak Ping timeout: 480 seconds
1135951415 N * bubulak_ bubulak
1135952275 J * dothebart titan@p5086644C.dip.t-dialin.net
1135952365 Q * bubulak Ping timeout: 480 seconds
1135952404 M * jso Bertl, I just read back what I missed on yang issue; what is missing me is a 'netstat -an' from the guest?
1135952415 Q * dothebar1 Ping timeout: 480 seconds
1135952797 J * MostlyHa1mless ~mh@melbourne.mostly-harmless.ca
1135952808 Q * MostlyHarmless Read error: Connection reset by peer
1135953092 P * undefined 
1135953138 J * robig ~robig_m@envoppp47.envia-tel.de
1135953143 M * robig hi
1135953176 M * robig is there a patch for 2.6.14.5 kernel?
1135953186 M * robig + available
1135953214 M * Bertl the one for 2.6.14.3/4 should work quite fine
1135953231 M * Bertl if you encounter the slightest issues (when applying) let me know
1135953291 M * robig you mean http://www.13thfloor.at/vserver/s_rel26/v2.01/patch-2.6.14.3-vs2.01.diff ?
1135953360 M * Bertl for example
1135953371 M * hollow_ichigo thanks eyck. i will try that. 
1135953420 M * hollow_ichigo but my scanner nodes are created under /proc/bus/isb and that is reset every time a start the comp. how  can i gt that. 
1135953435 M * hollow_ichigo */proc/bus/usb
1135953471 Q * MostlyHa1mless Ping timeout: 480 seconds
1135953493 M * Bertl hollow_ichigo: mayb do some rm and cp -va on every startup?
1135953518 J * bubulak ~bubulak@cicka.wnet.sk
1135953568 M * jso Bertl, I was on going to forget to put my question: what's about ipv6 support (in develop 2.1.0)?
1135953585 M * Bertl host yes, guest still no, will have to wait for ngnet
1135953621 M * jso Bertl, ah thanks ;-)
1135953768 M * Bertl jso: but ngnet is the next thing on my todo list, a new scheduler is just finished ...
1135953873 M * FireEgl =D
1135953905 M * jso Bertl, cool (mmm, I will certainly try next ... year ;-) well I mean next week)
1135954384 J * Doener doener@i5387DA36.versanet.de
1135954446 M * Bertl welcome Doener!
1135954455 M * Doener hi Bertl!
1135954482 M * Bertl you just missed a very interesting discussion on the OVZ channel
1135954512 M * Doener are there logs?
1135954524 M * Bertl well, I can give you the short version:
1135954557 M * Bertl except for the networ virtualization, OVZ has one important feature which is missing in LVS, the limit on lowmem
1135954701 M * hollow_ichigo whats OVZ???
1135954710 N * hollow_ichigo ichigo
1135954711 M * yang Is there support for IPv6 interface in vserver?
1135954729 M * Adrinael yang, coming up. Don't hold your breath.
1135954734 M * Bertl yang: on the host yes, inside the guest not yet
1135954804 M * Doener ichigo: openvz, FLOSS spin-off of Virtuozzo
1135954814 M * Bertl ichigo: the open soruce releases from a company called SWSoft which usually sells Virtuozzo (which is some kind of 'competing product') to linux-vserver
1135954845 M * Bertl Vortuozzo(tm)(R) that is :)
1135955433 M * ichigo ok then. 
1135955474 M * ichigo thanks fo the nice explanation. 
1135955486 M * Roey hello
1135955487 M * Roey Bertie
1135955492 M * Roey Adrenal
1135955493 M * Roey etc
1135955494 M * Roey whatup
1135955497 M * Roey *Adrinael, sorry
1135955509 M * Roey Adrinael:  why is your nick like a gland
1135955532 M * Roey How can I get vservers to start upon bootup?
1135955541 M * Roey I finally decided to just... use a 100 MB /
1135955545 M * Roey and have everything mounted unert here.
1135955548 M * Roey under there.
1135955560 M * Adrinael Roey, I don't know. I blame my left cortex.
1135955568 M * Roey =)
1135955830 M * Roey ok
1135955849 M * Roey Bertl:  is there some way I can do a netstat -anp on the host and see all of the vserver clients' open ports?
1135955877 M * Roey Bertl:  also, how can I get the clients to start automatically on bootup?
1135956086 M * Doener Roey: there comes a init script with the tools that is nicely commented
1135956105 M * Roey Doener:  I know
1135956113 M * Roey Doener:  I looked at it.  There are two.  legacy and default.
1135956117 M * Roey Doener:  I don't know which does which.
1135956139 M * Doener IIRC you create a file called 'mark', put the 'group' name in, e.g. 'default' and then add the script to your runlevel
1135956173 M * Doener the name of the script determines which vservers are started
1135956189 M * Doener (some part of the script name has to equal the group name in the 'mark' file)
1135956213 M * Roey hmm
1135956214 M * Doener so the default vserver-default script starts all vservers in group 'default'
1135956225 M * Roey there is a group name?
1135956227 M * Roey what group name?
1135956229 M * Roey UNIX group?
1135956232 M * Doener for further details check the comments in that script
1135956236 M * Roey where do you put this mark file?
1135956237 M * Doener 16:22:19 Doener IIRC you create a file called 'mark', put the 'group' name in, e.g. 'default' and then add the script to your runlevel
1135956246 M * Roey ok
1135956253 M * Roey I don't know what the script is though.
1135956259 M * Roey just a file called 'mark' ??
1135956265 M * Doener 16:23:34 Doener so the default vserver-default script starts all vservers in group 'default'
1135956300 M * Doener vservers-default actually... with an 's'
1135956391 Q * ichigo Ping timeout: 480 seconds
1135956476 M * Roey Doener:  ok..
1135956503 M * Roey export MARK NUMPARALLEL LOCKFILE
1135956503 M * Roey exec /usr/lib/util-vserver/vserver-wrapper "$@"
1135956508 M * Roey that's what S90vservers-default says.
1135956533 M * cehteh t# vserver test2 build -m debootstrap -- -d sarge ARCH=i386
1135956533 M * cehteh /usr/local/etc/vservers/.defaults/vdirbase/test2/debootstrap
1135956533 M * cehteh /usr/local/lib/util-vserver/functions: line 206: -n: command not found
1135956534 M * cehteh :(
1135956594 M * Adrinael cehteh, test2 already exists
1135956598 M * Adrinael Put --force in there
1135956630 M * cehteh emp: No such script: /usr/lib/debootstrap/scripts/ARCH=i386
1135956640 M * cehteh .. try'n'error day :P
1135956672 M * Adrinael -d sarge --arch=i386 ain't it?
1135956698 M * cehteh /usr/local/lib/util-vserver/vserver-build: unrecognized option `--arch=i386'
1135956717 M * Roey doh.
1135956724 M * cehteh seems to be an flaw in vservers opt parser
1135956806 M * Roey Doener, Bertl:  I still do not understand how to get vserver clients started automatically upon system bootup.  I have three servers:  mail, web and dns.
1135956820 M * Adrinael cehteh, did you put that after the -- ?
1135956826 M * cehteh Adrinael: yes
1135956836 M * Adrinael Hm, then there's a bug
1135956846 M * cehteh yes
1135956864 M * cehteh thats what i wanted to say :P
1135956955 M * Doener Roey: did you read the comment right above the #MARK=default line in the initscript?
1135956994 M * Doener that tells you where to put the mark file and what to put in there...
1135956998 M * cehteh exec $_VNAMESPACE --new -- $_VSERVER ----nonamespace "${OPTIONS_ORIG[@]}"  .. eh looking at the source, is the ----nonamespace correct anyways?
1135957007 M * Doener for the default script it is 'default'...
1135957044 M * Doener by uncommenting that line and changing the value you can use other 'groups'/'flavours'...
1135957047 M * Roey Doener:  I didn't know what a "flavor" is.
1135957074 M * Roey Doener:  and really it says nothing about 'startup'
1135957078 M * Roey it just says 'selected'
1135957083 M * Roey which I have no idea what it means in this context.
1135957085 M * Roey :(
1135957092 M * Roey can't it just say
1135957112 M * Roey "put the startup order you want in THIS FILE" or something like that ?
1135957116 M * Doener "the 'default' vservers will be started very late ...  other vservers can be selected"
1135957119 Q * yang Quit: reboot
1135957127 M * Doener that'd not be what it does...
1135957131 M * Roey or "servers will be automatically started according to the order specified in ..."
1135957145 M * Roey Doener:  I have no clue what that line says! "the 'default' vservers will be started very late ...  other vservers can be selected"
1135957149 M * Roey Doener:  maybe I am just not smart.
1135957161 M * Roey I read it a buncha times before I even asked this question fifteen minutes ago
1135957167 M * Roey and I stillc annot understand what that line is saying
1135957182 M * Roey Doener:  (I don't mean to be disrespectful in any way btw)
1135957187 M * Roey Doener:  (I am just frustrated)
1135957202 M * Roey http://dictionary.reference.com/wordoftheday/archive/2005/12/29.html
1135957277 M * Doener the script is about starting vservers... then it says 'ok, the default ones get started quite late, if you need some to start earlier, copy this script adjust the MARK value and put according marks into your vserver configuration'... so that copy will then start a different 'flavor'/'group' of vservers, marked with <whatever-you-choose> instead of <default>
1135957296 M * Roey ok
1135957296 M * Roey but
1135957300 M * Roey I don't know what 'quite late' means
1135957309 M * Roey does 'quite late' mean "not started automatically"
1135957310 M * Roey ??
1135957320 M * Doener 16:28:28 Roey that's what S90vservers-default says.
1135957343 M * Doener S90 <-- the 90 means the script is executed almost at the end of the boot process
1135957343 M * Roey I know, I think the wording is convoluted to the point that it is hard to understand.
1135957347 M * Roey right.
1135957350 Q * virtuoso Ping timeout: 480 seconds
1135957367 M * Roey Doener:  then say "started late due to the low init priority (90) of this script"
1135957383 M * Roey Doener:  but that doesn't say anything about auto-starting the clients.
1135957389 M * Roey Doener:  my clients don't start at all autoamtically
1135957394 M * Roey Doener:  I'm trying to figure out why.
1135957411 M * Doener are they marked as belonging to the default 'group'/'flavor'?
1135957479 M * Doener echo default > /etc/vservers/<foo>/apps/init/mark
1135957507 M * Doener (might need to create the last one or two directories first)
1135957672 J * yang ~yang@cpe-212-18-59-124.dynamic.amis.net
1135957685 M * Bertl wb yang!
1135957708 M * yang damn
1135957723 M * yang I booted the server, and it came up well
1135957723 J * virtuoso ~s0t0na@shisha.spb.ru
1135957750 M * yang but after vserver1:/# /usr/sbin/sshd -p 2222 -d  it has frozen
1135957759 M * yang i dont receive any response
1135957889 M * yang i have applied that network patch to it
1135957895 M * yang and recompiled
1135957907 M * Bertl and booted the 'patched' kernel, yes?
1135957926 M * yang yes
1135957961 M * Bertl and you can not reach the server anymore?
1135957967 M * yang no
1135957969 M * cehteh mhm where is the vserver-build scriot normally installed?
1135957983 M * cehteh .. or better i am to lazy, where can i post bugs :P
1135958000 M * Bertl cehteh: best on the ML
1135958036 M * cehteh Bertl: you dont have any other idea how to pass the --arch opt to debootstrap?
1135958050 J * lilalinux ~plasma@h1-gw.of.net-lab.net
1135958057 M * Bertl cehteh: why, doesn't ARCH= work?
1135958075 M * cehteh emp: No such script: /usr/lib/debootstrap/scripts/ARCH=i386
1135958077 M * Bertl cehteh: it worked for me on x86_64 to get an x86 guest installed
1135958099 M * cehteh vserver test2 build --force -m debootstrap -- -d sarge ARCH=i386
1135958119 M * Bertl try ' ARCH=i386 vserver test2 build --force -m debootstrap -- -d sarge
1135958126 M * Bertl welcome lilalinux!
1135958142 M * cehteh ah that worked
1135958150 M * cehteh at least it seems so
1135958153 J * yang2 ~yang@cpe-212-18-59-124.dynamic.amis.net
1135958173 M * cehteh but that --arch doesnt work is still a bug i think ..
1135958176 Q * yang Quit: leaving
1135958177 M * Bertl yang2: sorry, the patch has a bug
1135958189 M * yang2 ...
1135958197 M * Bertl just saw it
1135958270 M * Bertl yang2: fixed the issue right now, so please reload the patch
1135958296 M * Bertl yang2: host should work fine as long as you do not start/run guests inside
1135958354 M * lilalinux hi Bertl 
1135958426 M * yang2 what do you mean "not start guests inside" , how else should i start vserver?
1135958482 M * Bertl yang2: no, what I mean is, the patch you applied was broken (again I'm terribly sorry for that), but if you boot with the patched kernel, you should be able to fix it (i.e. recompile a new kernel)
1135958498 Q * prae Quit: Execute Order 69 !
1135958505 M * Bertl yang2: as long as you do not start guests (which do networking)
1135958537 M * yang2 i gotta wait for the NOC to come back from the new years partys...
1135958562 M * Bertl they are already celebrating?
1135958593 M * Bertl btw, a hint (for next time) add panic=60 or so to your kernel boot options
1135958612 M * Bertl that will automatically reboot your server if something bad happens
1135958852 M * yang2 ok
1135958878 M * Bertl I know, doesn't help you right now ...
1135958899 M * yang2 so i gotta apply a fixed patch
1135958906 M * yang2 and then we hope it works
1135958920 M * Bertl yes, did you apply it yourself or build some debian kernel with it?
1135958928 M * yang2 apply myself
1135958936 M * yang2 and make-kpkg debian kernel
1135958940 M * Bertl okay, keep the old one (once your server is back)
1135958970 M * Bertl the old patch I mean, and download the new one (http://vserver.13thfloor.at/Devel/PAT-2.1.1/delta-anyip-feat01.diff) somewhere else
1135958995 M * Bertl then remove the old one with 'patch -p1 -R'
1135959021 M * Bertl (either patch -p1 -R -i old.patch or patch -p1 -R <old.patch
1135959034 M * Bertl and apply the new one as you did before ...
1135959218 M * Bertl yang2: it might comfort you that you spotted (and reported) a bug which otherwise might have slipped into the next devel release
1135959363 M * yang2 ok, i hope vserver benefits from it :)
1135959374 M * Bertl yes, it definitely does ...
1135959381 Q * robig Read error: Connection reset by peer
1135959902 M * Bertl yang2: future generations will use that feature and say: "thank thou great yang, for that useful feature thou got into linux-vserver" :)
1135959982 M * Bertl yang2: btw, it is really a 'new' feature ...
1135960218 M * cehteh does the fakeinit work reliable now (my old vserver is from 2001 :P)
1135960240 M * Bertl define fakeinit (i.e. what feature do you expect?)
1135960291 M * cehteh that all tools work which expect init to be viewable as pid 1
1135960306 M * cehteh .. and how about telinit things
1135960307 M * Bertl yes, that works in two different ways
1135960324 M * Bertl either you start your own init inside the guest (with pid=1)
1135960338 M * cehteh thats what i want
1135960343 M * Bertl or you let the host's init blend through (that's what we call fakeinit)
1135960366 M * cehteh well on my old vserver that didnt worked
1135960379 M * cehteh how do i make a real init for the vserver?
1135960461 M * cehteh just preparing a desktop system with vserver ideally each vt looks like a diffent computer then
1135960523 M * Bertl you simply use the 'plain' (or 'minit') style instead of 'sysv'
1135960561 M * cehteh ok
1135960577 M * Bertl cehteh: in this case you probably also want to put the vt devices into the guests (as 'console' or vt/0 or whatever)
1135960593 M * cehteh yes
1135960597 M * cehteh well that later
1135960639 M * cehteh whats the difference between minit and plain?
1135960655 M * Roey Doener:  hi
1135960656 M * cehteh .. searching the wiki is damn slow
1135960659 M * Bertl minit is special for the 'minit' init
1135960672 M * Roey Doener:  why is "/etc/vservers/mail/apps/init/" called apps/init?
1135960686 M * Bertl cehteh: so if you don't have minit, forget about it
1135960687 M * Doener i don't know
1135960701 M * cehteh ok
1135960706 M * Roey Doener:  ok
1135960706 M * Doener probably only enrico knows
1135960712 M * Roey enr
1135960712 M * Roey doh
1135960743 M * Roey Doener:  what IS apps/init?  can apps/ contain any other directory than 'init/'?  can init/  contain any other file than just 'mark' ??
1135960746 M * Roey Bertl:  do you know?
1135960778 M * Doener Roey: at least it can also contain 'style'
1135960789 M * Doener check the flower page for details on the configuration
1135960821 M * Bertl Roey: well, I'd say, because it controls the settings/configs of init?
1135960839 M * Roey oh....
1135960844 M * Roey so 'init' refers to UNIX init
1135960845 M * Roey ok
1135960846 M * Roey got it.
1135960854 M * Roey Doener:  what's a flavor?
1135960856 M * Roey what is aflower?
1135960898 M * Doener http://www.nongnu.org/util-vserver/doc/conf/configuration.html
1135960921 M * Roey thank you
1135960928 M * Bertl and you will see there (once you figured that there are more than one stylesheets :) that there are other apps/* entries too
1135960930 M * Roey oh
1135960937 M * Roey that looks mysteriously like marijuana.
1135960968 M * Roey (I find the colors very very difficult to read)
1135960983 M * Bertl just read what I wrote :)
1135961012 M * Roey ok
1135961032 M * Bertl weedpage is pretty nice ...
1135961041 M * Roey heh
1135961045 M * Roey oh so it is cannabis.
1135961074 M * yang2 Bertl: looks like they had one man in the NOC
1135961081 M * Bertl Roey: the style 'weepage' is pretty nice :)
1135961098 M * Bertl yang2: phew, new year's eve can be saved!
1135961108 M * Roey I can't read it though
1135961110 M * Roey ah well :)
1135961126 M * Bertl Roey: select a different css style in your browser
1135961130 M * Roey ok
1135961135 M * yang2 but hehe they booted with a "bugged" kernel, not vmlinuz.old
1135961138 Q * Doener Read error: Connection reset by peer
1135961155 M * Bertl yang2: okay, don't start anything network related inside a guest
1135961165 M * yang2 ok let me do what you wrote me
1135961172 M * yang2 and recompile
1135961186 M * Bertl yang2: if you need further help, just let me know
1135961200 J * Doener doener@i5387C74E.versanet.de
1135961200 M * cehteh mhm years ago i wished a boot option (append=...) to set the context for the initial init someone implemented that?
1135961218 M * cehteh context & ip bindings
1135961222 M * Bertl no, because there is no context at init time ...
1135961243 M * cehteh doesnt init run in context 0?
1135961253 M * Bertl yes, but context 0 is no real context
1135961273 M * Bertl i.e. it does not have the context structures and stuff
1135961275 M * cehteh ah i thought that is a real context but it hasnt the lock flag set
1135961305 M * Bertl we could do that, but that would be unnecessary overhead ...
1135961328 M * cehteh mhm
1135961390 M * cehteh well i want to bind a ip to my root installation thats quite useful for desktop systems where you work in the root server too
1135961394 J * tudenbart ~willi@xdsl-87-78-46-87.netcologne.de
1135961417 M * yang2 jason:/usr/src/linux-source-2.6.12# patch -p1 -R -i delta-anyip-feat01.diff
1135961417 M * yang2 patching file include/linux/vs_network.h
1135961418 M * Bertl cehteh: how do you reach the host/root installation?
1135961418 M * yang2 Hunk #1 succeeded at 197 (offset -27 lines).
1135961440 M * Bertl yang2: okay, now get the new one
1135961447 M * cehteh what do you mean by reach?
1135961452 M * Bertl welcome tudenbart!
1135961468 M * Bertl cehteh: via ssh, or shell logon on vt0?
1135961475 M * cehteh all 3
1135961485 M * yang2 http://vserver.13thfloor.at/Devel/PAT-2.1.1/delta-anyip-feat01.diff is the new
1135961495 M * yang2 it has the same name as old
1135961500 M * cehteh err .. 3rd will be X logon
1135961508 M * Bertl yang2: yes, I fixed it there
1135961511 M * cehteh currently i start X manualy
1135961518 M * tudenbart my box at home is back again :]
1135961529 M * Bertl cehteh: well, you could use pam to do the chbind?
1135961532 M * tudenbart my neighbour resettend the f*kn wrt ;)
1135961547 M * cehteh working on my laptop with my desktop aside .. and sharing laptops keyboard and mouse via synergy currently
1135961548 J * dothebar1 titan@p508674B4.dip.t-dialin.net
1135961589 J * stefani ~stefani@superquan.apl.washington.edu
1135961595 M * Bertl welcome stefani!
1135961600 M * cehteh Bertl: the idea behind was, that i dont need to reconfigure tons of services which are started from init.d when init runs in a full context which binds ip's
1135961634 M * Bertl well, you could also 'warp' init in userspace (i.e. make it a script)
1135961648 M * cehteh yeas i think i am doing that
1135961700 M * Roey derjohn:  hi
1135961707 M * Roey derjohn:  you there? :)
1135961726 M * cehteh well .. how big would the overhead be if 0 is a real context? wont it even save some code since it is likely that some special checks could be removed?
1135961734 M * Bertl cehteh: but you should be aware, that you might have troubles starting guests from limited shells ...
1135961766 M * cehteh Bertl: yes the guest-starter should chcontext 0 first 
1135961779 M * Bertl cehteh: no, it would not simplify anything ...
1135961793 M * cehteh that is the root shall run in its own context but its not locked
1135961817 M * jso Bertl, I am on going to rebuild 2.6.14.4-vs2.1.0 + vanilla patch-2.6.14.4-5 ; should I also test http://vserver.13thfloor.at/Devel/PAT-2.1.1/* stuff?
1135961848 M * Bertl jso: if you are going to 'test' stuff, wait a few more minutes
1135961884 M * jso Bertl, no pb, tx
1135961886 M * yang2 Bertl: the patch is the "same"
1135961896 M * yang2 same in size
1135961901 M * Bertl yang2: do you have the old one too?
1135961906 M * yang2 yes
1135961918 M * Bertl if so, try 'diff -NurpP old.patch new.patch
1135961920 M * yang2 jason:/usr/src/linux-source-2.6.12# cat patch-old-delta-anyip-feat01.diff
1135961920 M * yang2 --- ./include/linux/vs_network.h.orig   2005-12-21 19:04:06 +0100
1135961921 M * yang2 +++ ./include/linux/vs_network.h        2005-12-30 13:24:56 +0100
1135961930 M * yang2 jason:/usr/src/linux-source-2.6.12# cat delta-anyip-feat01.diff
1135961931 M * yang2 --- ./include/linux/vs_network.h.orig   2005-12-21 19:04:06 +0100
1135961931 M * yang2 +++ ./include/linux/vs_network.h        2005-12-30 13:24:56 +0100
1135961935 Q * dothebart Ping timeout: 480 seconds
1135962037 M * yang2 ok seems different
1135962038 Q * dothebar1 Quit: bye.
1135962038 M * yang2 jason:/usr/src/linux-source-2.6.12# diff -NurpP patch-old-delta-anyip-feat01.diff delta-anyip-feat01.diff
1135962041 M * yang2 --- patch-old-delta-anyip-feat01.diff   2005-12-30 13:26:48.000000000 +0100
1135962044 M * yang2 +++ delta-anyip-feat01.diff     2005-12-30 16:57:13.000000000 +0100
1135962046 M * yang2 but my eyes just dont spot the difference
1135962058 M * Bertl it's the [i] which is changed to [0]
1135962081 M * yang2 ah yes ipv4[i]
1135962084 M * yang2 ah yes ipv4[0]
1135962102 N * tudenbart dothebart
1135962203 M * cehteh mhm install doesnt create /etc/vservers and such here?
1135962237 M * Bertl cehteh: what distro?
1135962274 M * cehteh debian/etch x86_64 ... selfbuild kernel/utils
1135962305 M * Bertl when you installed the tools, it told you something about a 'make distro-install' did you do that?
1135962317 M * cehteh yes
1135962343 M * Bertl check with 'vserver-info - SYSINFO' maybe your pathes are wrong?
1135962385 M * cehteh         sysconf-Directory: ${prefix}/etc
1135962388 M * cehteh duh
1135962408 M * cehteh ls /usr/local/etc/
1135962408 M * cehteh init.d/        vservers/      vservers.conf  
1135962412 M * cehteh found it :P
1135962435 M * yang2 btw, a hint (for next time) add panic=60 or so to your kernel boot options - this goes into lilo.conf ?
1135962474 M * cehteh is --prefix=/ the recommended way to install vserver utils?
1135962507 M * Bertl cehteh: it is what I do on debian ...
1135962525 M * Bertl yang2: yes, if you use lilo, then to the append part
1135962531 A * cehteh rebuilds
1135962543 M * Bertl cehteh: first uninstall, no?
1135962572 M * cehteh ah yep
1135962631 M * yang2 Bertl: is it proper to do make-kpkg clean to clean ALL files, or can i keep some which compiled well
1135962679 M * yang2 so many questions, but i am worried that something might go wrong again...
1135962681 M * Bertl I would not clean it at all
1135962824 M * cehteh if you use ccache then clean is nice
1135962842 M * cehteh .. well rather a workaround in dump makefiles
1135962865 M * yang2 make[1]: Entering directory `/usr/src/linux-source-2.6.12'
1135962865 M * yang2 The changelog says we are creating 2.6.12+vserver2, but I thought the version is 2.6.12+vserver3
1135962868 M * yang2 make[1]: *** [real_stamp_image] Error 1
1135962871 M * yang2 make[1]: Leaving directory `/usr/src/linux-source-2.6.12'
1135962873 M * yang2 make: *** [kernel-image-deb] Error 2
1135962893 M * yang2 i have to rebuild all if i need a different version
1135962907 M * cehteh duh
1135962919 M * Roey so is vserver going into mainstream linux  at all?
1135962935 M * Bertl Roey: I don't hope so ...
1135962940 M * cehteh hehe .. 
1135962963 M * cehteh i would like it .. but i dont want to follow any debates on the lkml .. 
1135962985 M * Roey Bertl:  but that means we have to hand-compile every vserver-enabled kernel!
1135962988 M * cehteh anyways its far less intrusive than a lot of other things
1135963014 M * Bertl Roey: which should be default for every sys admin
1135963018 M * Roey *cough*xen*cough
1135963027 M * cehteh Roey: how often do you compile production kernels?
1135963035 M * Roey cehteh:  hopefully not often
1135963035 M * Roey BUT
1135963039 M * Roey if you have fifty machines
1135963042 M * Roey that's a lot.
1135963055 M * Adrinael Not if the same kernel works in all
1135963058 M * Bertl if you ahve 50 identical machines, then you can use the same?
1135963081 M * Roey if they're not identical and a flaw is exposed in the current kernel--and the fix is in an updated kernel....
1135963088 M * Roey you'll have to recompile fifty kernels.
1135963089 M * Bertl if you have 50 different machines, you should not build one kernel for all of them
1135963089 M * cehteh if you would have fifty machine i would care for very similar hardware and build only one kernel which fits all .. and then make something to automatically distribute the kernel
1135963101 M * cehteh maybe even cfengine or such can handle that
1135963164 M * Bertl Roey: do you think it is better to wait for a distro to pick up that fix? (look at debian for example)
1135963199 M * Roey Bertl:  dunno.
1135963203 M * Roey Bertl:  ok
1135963218 M * Roey Bertl, Doener: I did sudo bash -c 'echo default > /etc/vservers/web/apps/init/mark'
1135963226 M * Roey for 'web', 'mail', and 'dns' clients.
1135963232 M * Roey let's see if they start on system bootup now.
1135963276 M * jso Roey, it will only start 'web' vserver ?
1135963333 M * Roey jso:  well I did that statement three times.  One for 'web', one for 'dns' and one for 'mail'.
1135963353 M * jso Roey, ok so it will do the drill ;-)
1135963366 M * cehteh Bertl: if i make a vinit wraper for putting the the root server into its own context are you interested in adding it to the distribution (if you say yes, then i'll likely put bit more generic efforts into the script rather than just a dirty hack)
1135963384 M * Roey Bertl, Doener, jso: hey it worked!!!!
1135963433 M * Roey Bertl, Doener, jso:  ok, is it standard practice to make changes to the clients by chrooting into them, or rather to SSH into them (since they have different IPs)
1135963434 M * Roey ?
1135963446 M * Doener ssh
1135963448 M * Bertl cehteh: that is userspace, so you have to ask enrico ...
1135963489 M * Roey Bertl, Doener, jso: and if I chroot or do 'vserver mail enter' can I make root un-loginable by putting a * for its password in the client's /etc/passwd?
1135963555 Q * Milf Quit: Miranda IM! Smaller, Faster, Easier. http://miranda-im.org
1135963562 M * cehteh mhm is enrico here on irc?
1135963577 M * Bertl cehteh: unfortunately no ...
1135963622 M * cehteh well .. maybe i'll just do it an then send a patch, i need it anyways and it seems not big
1135963640 M * jso Roey, is ssh is your only login entry? (if yes there is the option 'PermitRootLogin no' in sshd_config to do so ;-)
1135963657 Q * soltesz Remote host closed the connection
1135963662 M * cehteh i actually wonder that noone asked for such .. or maybe that because i dont read the ML often
1135963736 M * Roey jso:  I think I'd rather make it so that the only way to administer changes to clients is to do it via 'vserver <blah> enter'
1135963736 M * Roey jso:  and that avoids 'login' completely.
1135963740 M * Roey jso:  so I can set root's password to '*'
1135963836 M * Bertl Roey: you can do that, but be aware that using 'enter' is less secure than using 'ssh'
1135963846 M * Roey Bertl:  oh??? why??
1135963850 M * jso Roey, just stop login services so (sshd, telnetd and so on)
1135963859 M * Roey jso:  ok.
1135963863 M * Roey Bertl:  how is it less secure?
1135963895 M * Bertl Roey: because the 'enter' comes from the host system and 'possibly' brings connections from there into the guest 
1135963920 M * Roey connections??
1135963921 M * Roey like what?
1135963929 M * Roey you mean that it inherits the environment of the host?
1135963939 M * Bertl like ther terminal or open filehandles or such
1135963945 M * Roey ok.
1135963951 M * Roey I don't know what could possibly be wrong with that though
1135963955 M * Roey (what could go bad?)
1135963959 M * Roey s/bad/wrong
1135963964 M * Roey s/wrong/wrongly
1135963967 M * Roey it's an adverb.
1135963998 M * Bertl well, in the worst case scenario, a malicious guest binary could take over your host ...
1135964044 M * Roey ok.
1135964053 M * Roey I thought that the host  can mess with the guest anyway though.
1135964068 M * Roey because host's 'root' user can modify the guests' file tree.
1135964081 M * Bertl yeah, but not the other way round :)
1135964088 M * Roey how can I tell which debian stream I installed to the guest?
1135964108 M * Roey you're saying that the guest may mess the root's file tree???
1135964109 M * Bertl IIRC, there is something like /etc/*release*
1135964109 M * Roey hmm.
1135964112 M * Roey ok
1135964130 M * Roey no...no there si not.
1135964143 M * Adrinael It's /etc/debian_version
1135964155 M * Bertl yep, right ...
1135964176 M * Roey nice 
1135964176 M * Roey thanks
1135964202 M * Roey it just says '3.1'
1135964206 M * Roey is that Sarge then?
1135964208 M * cehteh chbind: vc_set_ipv4root(): Function not implemented
1135964209 M * cehteh   ... bah
1135964231 M * Roey I am asking because they didn't have an /etc/apt/sources.list file defined, and I wanted to know which source lines to feed them.
1135964246 M * cehteh i guess i should turn on the legacy net interface in my kernel?
1135964282 M * Roey what's that?
1135964296 M * cehteh oh it is on
1135964303 M * cehteh err .. diabled
1135964323 M * cehteh Bertl: negated flags in the kernel config are evil :P
1135964332 M * cehteh  [*] Disable Legacy Networking Kernel API  
1135964347 M * Bertl cehteh: defaults are good :)
1135964371 M * cehteh who wants a legacy system nowadays!? :)
1135964389 M * cehteh [ ] Enable Legacy Kernel API   shall i turn that on too?
1135964411 M * Bertl what's the default?
1135964415 A * cehteh thought he could turn that off because he used the most recent utils
1135964438 M * Bertl cehteh: well, you could get hollows tools, they support the non-legacy networking api
1135964548 M * cehteh ... /me rebuild the kernel
1135964708 M * Roey anyone here using apt-proxy?
1135964866 M * jso Bertl, cehteh, afaik we still need 'Enable Legacy Kernel API' (<http://archives.linux-vserver.org/200512/0289.html> but may be do I wrongly unsderstand your followup,though)
1135964937 M * jso Roey, no sorry (still at the bottum of my todo list ;<) )
1135964953 M * Bertl jso: hmm, no, how do you conclude that?
1135965025 M * Roey jso:  ok
1135965031 M * Roey jso:  I mean I mostly got it working on another servr.
1135965036 M * Roey I don't know what I'm doing wrong
1135965037 M * Roey but anyway.
1135965046 T * Bertl http://linux-vserver.org/ | latest stable 2.01, 1.2.10, 1.2.11-rc1, devel 2.1.0, exp 2.1.0.1 | util-vserver-0.30.209 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;)   
1135965067 M * Bertl http://vserver.13thfloor.at/Experimental/patch-2.6.15-rc7-vs2.0.1.diff
1135965073 M * Bertl http://vserver.13thfloor.at/Experimental/patch-2.6.15-rc7-vs2.1.0.diff
1135965078 M * Bertl http://vserver.13thfloor.at/Experimental/patch-2.6.15-rc7-vs2.1.0.1.diff
1135965115 M * jso Bertl, Cool 2.6.15 stuff .
1135965118 M * Bertl I would be especially interested in feedback regarding 2.1.0.1 as it has a completely new hard scheduler
1135965284 M * jso Bertl, back to legacy: if I disable CONFIG_VSERVER_LEGACY it solved the test pb but I could start any more vservers because it disable dynamic context support.
1135965480 M * Bertl hmm, dynamic contexts should not be required for enricos tools, no?
1135965642 M * jso Bertl, oops I missed some link, so sorry, I will try first to find enrico's tools first.
1135965965 M * Roey YEHORAM GAON
1135966037 M * Bertl hmm, musician?
1135966087 A * jso just grab patch-2.6.15-rc7-vs2.1.0.1.diff, just have lunch and come back soon ;-)
1135966391 T * * http://linux-vserver.org/ | latest stable 2.01, 1.2.10, 1.2.11-rc1, devel 2.1.0, exp 2.1.0.1 | util-vserver-0.30.209 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;)   
1135966391 T * Bertl -
1135966437 J * SNy 22b7ab81d9@bmx-chemnitz.de
1135966441 J * Vudumen vudumen@perverz.hu
1135966455 J * soltesz ~soltesz@targe.CS.Princeton.EDU
1135966487 J * mnemoc ~amery@200.75.27.106
1135966491 M * Bertl welcome soltesz!
1135966511 M * soltesz hello :-)
1135966643 M * eyck Bertl: woaa, you were right,, via ssh -X it works...
1135966650 M * Roey Bertl:  ok :)
1135966651 J * emp ~emp@70.57.239.35
1135966652 M * Roey Bertl:  fine
1135966695 M * eyck Bertl: have you got any idea how can I check what's missing from guest's X?
1135966754 J * meandtheshell ~markus@85-124-14-196.dynamic.xdsl-line.inode.at
1135966951 J * pusling pusling@195.215.29.124
1135967056 M * Bertl welcome meandtheshell! 
1135967062 M * Bertl welcome pusling! LTNS!
1135967084 M * meandtheshell Bertl: evening bertl ;-)
1135967086 M * pusling Bertl: shouldn't it just be welcome back ;)
1135967159 J * stefani ~stefani@superquan.apl.washington.edu
1135967221 M * Bertl wb stefani! :)
1135967225 M * Roey hi
1135967226 M * Roey Bertl
1135967234 M * Roey I'm hyaving trouble apt-get updating from within the client.
1135967258 M * Roey I have my name resolver set up OK though.
1135967263 M * Roey in /etc/resolv.conf.
1135967277 J * Psy0rz ~psy0rz@lounge.datux.nl
1135967281 M * Bertl welcome Psy0rz!
1135967304 M * Bertl Roey: do you use externalized or internalized package management?
1135967326 M * stefani hola Bertl 
1135967339 J * dothebart ~willi@xdsl-87-78-46-87.netcologne.de
1135967453 J * sebi ~sebi@Fcdbf.f.strato-dslnet.de
1135967517 M * Roey Bertl:  well the clients have their own little world
1135967521 M * Roey Bertl:  I'm not using unify
1135967581 M * Bertl Roey: that's fine, but IIRC, debootstrap defaults to internalized anyway ...
1135967630 Q * comfrey Ping timeout: 480 seconds
1135967803 M * Bertl Roey: so what do you get when you do 'apt-get update'?
1135967870 M * Roey root@web:/# apt-get update
1135967870 M * Roey Err http://debian.csail.mit.edu testing/main Packages
1135967870 M * Roey   404 Not Found
1135967872 M * Roey things like that.
1135967879 M * Roey it does pick up one source that it can find though
1135967888 M * Roey Get:1 http://ftp.us.debian.org stable/main Packages [3349kB]
1135967890 M * Roey but...
1135967896 M * Roey I don't know if it is doing amd64 or ia32
1135967899 M * Roey the kernel is amd64
1135967909 M * Roey the host's userland uses amd64 libs.
1135967912 M * Roey libc rather.
1135967930 M * Bertl well, the guest will run with ia32 personality I assume
1135967947 M * Bertl nevertheless you might want to make that explicit
1135968013 M * Roey ok.
1135968094 M * Roey root@web:/# apt-get update
1135968094 M * Roey Err http://ftp.de.debian.org testing/main Packages
1135968094 M * Roey   404 Not Found
1135968101 M * Roey Bertl:  I have this source which works fine in the host: 
1135968113 M * Roey deb http://ftp.de.debian.org/debian-amd64/debian/ testing main contrib non-free
1135968118 M * Roey but it gives me the 404 in the client.
1135968120 M * Roey what gives?
1135968288 M * Bertl check the resolv.conf entries, amybe they differ?
1135968307 M * jso Roey, what your dns answers (nslookup ftp.de.debian.org?)
1135968335 M * Roey lemme check.
1135968351 M * Bertl but it could easily be an x86_64 vs x86 issue ...
1135968371 M * Roey root@web:/# ping ftp.de.debian.org
1135968371 M * Roey PING ftp.de.debian.org (141.76.2.4) 56(84) bytes of data.
1135968371 M * Roey 64 bytes from ftp.de.debian.org (141.76.2.4): icmp_seq=1 ttl=47 time=132 ms
1135968376 M * Bertl (if apt-get is trying to be smart and deduces the arch from the uname)
1135968388 M * Roey Bertl:  I don't know.
1135968395 M * Roey I only know that it's not apt-get updating :)
1135968402 M * Bertl try to make some adjustments to the config
1135968409 M * Roey how so?
1135968410 M * Bertl the guest config
1135968415 M * Roey Bertl:  ok.. where in it?
1135968418 M * Bertl first, add the proper architecture ...
1135968503 M * Roey ok.
1135968548 M * Roey deb http://ftp.de.debian.org/debian-amd64/debian/ testing main contrib non-free
1135968557 M * Roey this is what the guest's /etc/apt/sources.list says.
1135968616 M * Roey btw the guest's /etc/debian_version says  3.1
1135968619 M * Roey so that is Stable.
1135968637 M * Roey and since there is no x86_64 version of Stable, then the stream must be Testing.
1135968641 M * Roey (i.e. Etch).
1135968659 M * Bertl #  /etc/vservers/<vserver-name>/uts/machine
1135968664 M * Bertl add i386 there
1135968666 M * Roey what's that?
1135968706 M * Roey Bertl:  there is only 'nodename' in that directory.
1135968744 M * cehteh Roey: http://ftp.de.debian.org/debian-amd64/debian-pure64/dists/stable/
1135968760 M * Bertl Roey: yeah, add a file called 'machine' which contains 'i386'
1135968776 M * Bertl then restart your guest and check (inside the guest) with uname -a
1135968890 M * Roey ok one sec.
1135968902 M * Roey I mean eventually I just want to make it localhost:9999/
1135968908 M * Roey and use the host's apt-proxy
1135968917 M * Roey er, not localhost, but the apt-proxy server's ip, rather.
1135968930 M * Bertl you could do that, but the host is x86_64 no?
1135968951 M * Roey yeah.
1135968954 M * Roey the kernel is.
1135968961 M * Bertl and the guest is i386
1135968970 M * Bertl so they won't share too many packages I guess
1135969013 M * Bertl btw, also add #  /etc/vservers/<vserver-name>/personality
1135969064 M * Bertl with linux_32bit
1135969066 M * Roey what shoud I put in there?
1135969074 M * Roey this seems immature btw :)
1135969089 M * Roey this is not done automatically when the clients are generated??
1135969107 M * Bertl no, because the tool can not possibly know about your intentions
1135969136 M * Bertl you might as well plan to isntall x86_64 stuff or have a 32bit env on x64_64 guests
1135969149 M * Bertl *x86_64 that is ...
1135969214 M * Roey I have an x86_64 host and want x86_64 guests
1135969216 M * Roey if that makes sense.
1135969228 M * Roey rightnow I can't seem to be getting x86_64 deb lines working.
1135969234 M * Roey history | grep /etc
1135969235 M * Roey er
1135969242 M * Bertl ah, well, then you should install a 64bit guest
1135969250 M * Roey how?
1135969252 M * Roey I thoguht I did that.
1135969260 M * Bertl IIRC, you did install a 32bit one, no? maybe I'm just confused
1135969261 M * Roey or that it copies the host's environment by deault.
1135969270 M * Roey I don't know.  I did whatever the default text says to do.
1135969275 M * Bertl what command did you use to create the guest?
1135969370 M * Roey for the firstone,
1135969372 M * Roey vserver.
1135969381 M * Roey for the second & third, I just copied over stuff
1135969387 M * Roey and chnaged the properties in /etc/vserver/...
1135969401 M * Roey btw so I understand that one needs the followign commands on every guest:
1135969403 M * Roey 	      sudo bash -c 'echo default > /etc/vservers/web/apps/init/mark'
1135969403 M * Roey               sudo bash -c "echo i386 > /etc/vservers/web/uts/machine"
1135969403 M * Roey               sudo bash -c 'echo linux_32bit > /etc/vservers/web/personality'
1135969411 M * Roey yes?
1135969442 M * Bertl that is only an _improvement_ for 32bit guests
1135969458 M * Bertl if you are aiming for 64bit guests, then you should forget that
1135969543 M * Roey ok
1135969549 M * Roey then what should I do for 64-bit guests?
1135969562 M * Roey I don't knwo which version I'm running for the guests, actually
1135969564 M * Roey how can I check
1135969565 M * Roey ?
1135969590 M * Bertl first, I asked how you did create the 'first' guest, so could you paste that here?
1135969612 M * cehteh can i undo chbind's with certain capabilities?
1135969640 M * cehteh (NET_ADMIN or so)
1135969684 M * Roey sudo vserver web build --rootdir /vservers/web/  -n web --hostname       web.senet-int.com  --interface bond0:192.168.5.145/24 -m debootstrap -- -d sarge
1135969794 M * Roey Bertl:  like that.
1135969856 M * Bertl looks reasonable to me, let's do a tiny test here:
1135969893 M * Bertl what does 'file /vservers/bin/ls' tell you (adjust /vservers to your dir)
1135969949 M * Roey katzr@sink2:/vservers/web/etc$ file /vservers/web/bin/ls
1135969952 M * Roey doh
1135969961 M * Roey /vservers/web/bin/ls: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.0, dynamically linked (uses shared libs), stripped
1135969996 M * cehteh http://www.pipapo.org/pipawiki/Vserver/vinit
1135970035 M * Roey cehteh:  ok
1135970073 M * Bertl Roey: and 'file /bin/ls' ?
1135970135 M * Roey /vservers/web/bin/ls: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.0, dynamically linked (uses shared libs), stripped
1135970144 M * Roey Bertl:  so it is settled.
1135970152 M * Roey I put in the normal Sarge
1135970182 M * Bertl okay, so no 64bit userspace in sight :)
1135970322 J * _are_ ~are@dslb-084-056-143-087.pools.arcor-ip.net
1135970328 M * _are_ hi
1135970336 M * Bertl welcome _are_!
1135970346 M * _are_ Hi Bertl
1135970420 M * Roey Bertl:  that's fine.
1135970421 M * derjohn ehlo, all
1135970423 M * _are_ Bertl: noticed yesterday the number of interfaces a vserver may have is limited and seen some posts on how to extend it and some others it might be slower. So I enhanced kernel config to make it configurable. Would it be ...
1135970423 M * _are_ possible to include this in the standard patch?
1135970425 M * Roey derjohn:  HI!
1135970435 M * Roey derjohn:  listen I was thinking.... 
1135970444 M * Roey derjohn:  I finally did settle on having a 100 MB /
1135970445 M * _are_ ofc the utils need to be patched, too, or even better get the right numbers on runtime
1135970449 M * Bertl _are_: no, because it would horribly break userspace tools
1135970451 M * derjohn Roey, you know, horses have a larger brain?
1135970454 M * derjohn Roey, :)
1135970455 M * Roey derjohn:  but I suppose you know how to prepare an initrd :)
1135970470 M * Roey derjohn:  ah but elephants' brains are larger than those of horses!
1135970486 M * derjohn Roey, yes . i did it manuall, too (please dont take that sentence out of conext!:))
1135970505 M * Bertl _are_: if you extend util-vserver to use the newer kernel interfaces for networking, I'll spend some time on making it variable (without performance loss) inside the kernel
1135970509 M * _are_ Bertl: well, which userspace tools? util-vserver? only chbind uses this number
1135970557 M * _are_ what exactly is the 'newer' kernel interface for networking? I am not exactly a kernel coder and my C-knowledge is limited
1135970564 M * cehteh looooong time ago i wrote a patch that adds immutable and mutable flags to the ips one can bind
1135970574 M * derjohn Roey, you need to build an initrd by hand?
1135970584 M * cehteh that had almost no performance penalty
1135970591 M * Bertl _are_: well, you do not need to do kernel coding at all
1135970607 M * Bertl cehteh: what's that for?
1135970636 M * Bertl _are_: let me show you the 'new' interfaces (just a second)
1135970637 M * _are_ I know I don't need kernel coding, patch is adding a Kconfig and replacing the 16 by the config define
1135970700 M * Bertl forget about the number, I'm talking about the interface
1135970724 M * cehteh Bertl: chbind --ip 10.20.0.0 --immutable 255.255.0.0 --mutable 0.0.0.255   then the vserver admin gets 10.20.0.0 as default for 0.0.0.0 and can choose to bind 10.20.0.0 to 10.20.0.255 when configuring servers
1135970778 M * _are_ Bertl: sure, give me a hint what you talk about an di will take a look if it is anything within my capabilities
1135970786 M * cehteh idea was that when we get nested vservers this could even be used to constrain further means one can add bits to --immutable but not remove them
1135970840 M * Bertl _are_: http://www.13thfloor.at/vserver/d_rel26/v2.1.0/split-2.6.14.4-vs2.1.0/31_2.6.14.4_cmdef.diff.hl
1135970852 M * Bertl search for network_cmd.h
1135970853 M * cehteh besides it is really lightweight compared to other solutions .. and can be combined with other ideas to support more than one of such masks 
1135970878 M * _are_ ok
1135970887 M * Roey Bertl, derjohn, cehteh:  why do I get this in the clients after I issue some commands liek apt-get:   http://rafb.net/paste/results/Vasc3w74.html
1135970896 M * Bertl cehteh: and that worked?
1135970902 M * Roey derjohn:  well I wanted to use yaird.
1135970906 M * Roey derjohn:  yaird had some issues though.
1135970914 M * cehteh Bertl: sure looooong ago
1135970916 M * Roey derjohn:  so I gave up (for this machine) and will use it for the next server.
1135970922 M * Bertl cehteh: patches?
1135970939 M * cehteh 2000 or 2001 just some time after the project was introduced
1135970942 M * derjohn Bertl, I vote for a nin linear lookup (hash?) and a variable # of IP per guest !!
1135970965 M * Bertl derjohn: same rules apply as for _are_ :)
1135970971 M * cehteh Bertl: if you are interested i can do it again i think even if i find that old source they are horribly out of date
1135970983 M * derjohn Roey, does you machine boot with non modular kernel and 100 MB rootfs now?
1135970995 M * Bertl cehteh: i'd like to have a look at it, definitely 
1135971024 M * derjohn Bertl, rules? The only rules I know is debian/rules :)
1135971024 M * Bertl cehteh: IMHO the 'old' patch should be quite fine (as the network system did not really change)
1135971055 M * cehteh hehe i proposed it serveral times .. but someone always argued thats not the way he wants it and i am programmer not politican who likes endless debates
1135971091 M * Bertl cehteh: well, I can't guarantee that I'll like it, but I'll definitely have a look
1135971116 M * Bertl (and for sure you will get some feedback/reasoning from me)
1135971154 M * cehteh just adding the 2 masks to the context and checking them on some socket calls .. it was really simple .. and fixing the userspace tools to handle that 2 masks
1135971159 M * Bertl derjohn: s/rules/prerequisites/
1135971166 M * cehteh lemme see if i find it on the ML archive
1135971200 M * Roey derjohn:  yeah
1135971204 M * Roey derjohn:  that's how it is now.
1135971212 M * Roey derjohn:  the machine boots with no initrd.
1135971220 M * Roey derjohn:  to a / that is on /dev/sda3, ext3, native.
1135971234 M * Roey derjohn:  and all the other mount points are on the LVM volume group 'main'
1135971263 M * derjohn Roey, I suppose you did a fresh vserver build mit debian (debootstrap) and did not login ... you have not done base-config
1135971329 M * derjohn Roey, do a apt-get install locales or dpkg-reconfigure locales I HTH  :)
1135971366 M * derjohn Roey, fine that the machine can go into production and you have a nice HNY.
1135971496 M * Roey ok
1135971498 M * Roey got it.
1135971499 M * Roey EEEEEEEEK
1135971506 M * Roey why are all three clients sharing the same filesystem?!?!?!?!
1135971518 M * Roey the mountpoints are all different, how it is supposed to be.
1135971541 M * Roey but for some reason all three IPs that I assigned in interfaces/0/ip go to the same client!
1135971542 M * Roey why?
1135971575 M * _are_ Bertl: my knowledge is very limited, the code you gave me replaces/adds some new interface for network interface ading?
1135971603 M * Bertl Roey: maybe because you did some 'evil' copying of the config (which is now pointing to one guest)
1135971603 M * _are_ where is the old interface defined?
1135971612 M * derjohn Roey, on  interfaces/0/ip you can only assign ONE IP
1135971641 M * derjohn Roey, copy  interfaces/0/ip to  interfaces/1/ip and change all necessary files ...
1135971655 M * Bertl _are_: http://www.13thfloor.at/vserver/d_rel26/v2.1.0/split-2.6.14.4-vs2.1.0/30_2.6.14.4_legacy.diff.hl
1135971694 J * G-ShocK ~wanna@85-65-16-7.barak-online.net
1135971699 M * derjohn Bertl, what the heck is 'exp 2.1.0.1 '?
1135971716 M * Roey derjohn:  oh.
1135971721 M * Roey derjohn:  well I have three clients, right?
1135971726 M * Bertl derjohn: experimental release
1135971729 M * G-ShocK how do I make the bird logo @ the main page of my T-bird have It's wings lift up instead of hugging the envelop?
1135971737 M * Roey derjohn:  and I thought I could just have a separate interfaces/0/ip for each one
1135971743 M * Roey derjohn:  is this not good?
1135971748 M * _are_ Bertl: vs_network.h there?
1135971755 M * Bertl G-ShocK: read the source :)
1135971784 M * derjohn Bertl, huh?
1135971795 M * Bertl _are_: no, legacy_net and legacy.h
1135971814 M * derjohn Roey, rule: one interface per IP.
1135971816 M * Bertl derjohn: new features, you know?
1135971834 M * derjohn Bertl, I meant you t-bird comment :)
1135971852 M * derjohn Bertl, features ... foo ... NG ?
1135971860 M * G-ShocK Bertl:It's a picture, you don't need to read the source in order to replace it
1135971870 M * _are_ Bertl: what exactly is the 'new' interface we talkk about? is this ngnet?
1135971907 M * Bertl G-ShocK: sure about that?
1135971980 M * Bertl derjohn: no, first a scheduler upgrade
1135971991 M * G-ShocK well, it can be extracted to an image
1135972025 M * G-ShocK can you please check and see what kind of logo you have in the main page of your thunderbird (assuming you have one)
1135972042 M * Bertl G-ShocK: no sorry, I have none ...
1135972046 M * G-ShocK I think it had it's wings lift at the debian version
1135972050 M * G-ShocK :/
1135972072 M * Bertl G-ShocK: btw, how is that linux-vserver related?
1135972085 M * cehteh duh ... cant find the patch .. i have it certainly offline on some cd 
1135972117 M * Bertl cehteh: did you test it (back then?)
1135972127 M * cehteh i had it in use
1135972130 M * Roey derjohn:  hmm
1135972134 M * Roey derjohn:   so I have two interfaces.
1135972138 M * G-ShocK the version where I saw the bird with the wings lift up was a debian
1135972149 M * Roey derjohn:  and they are ifenslaved to bond0.
1135972159 M * Roey derjohn:  now, I cannot assign multiple IPs to this bond0 ???
1135972212 M * Bertl why not?
1135972234 M * yang2 Bertl: discovered any other bug in that patch or can i reboot?
1135972242 M * Roey Bertl:  that's what I thought!
1135972255 M * Roey Bertl:  so I do not need... three /physical/ ifaces then?
1135972258 M * Roey they can all share
1135972275 M * Roey provided that they use a different number for /etc/interface/<n>/ip ?
1135972278 M * cehteh http://www.paul.sladen.org/vserver/archives/200112/0039.html
1135972405 M * cehteh oh .. had only one mask .. well that describes it good
1135972460 M * Roey I don't get it.
1135972476 M * Bertl yang2: no, should work fine
1135972568 M * Bertl cehteh: well, I got the 'idea' I'm more interested in the patch and how to integrate that with util-vserver
1135972590 M * derjohn Roey, assign one IP -we call A- to bond 0: ip addr addr A/bla dev bond0 (or do it via etc network interfaces). Every vserver guest get lets say two IP. To we need /etc/vservers/foo/interface/0/ip (for B) and /etc/vservers/foo/interface/1/ip (for C).
1135972617 M * derjohn Roey, every guest add its ip to the bond0 itself.
1135972649 M * Roey hmm
1135972654 M * derjohn Roey, A, B and C will appear on bond0 (ip addr show) after foo was started.
1135972661 M * cehteh Bertl: that time i just added a parameter to the chbind syscall .. if you want it compatible .. is it possible to have optional parameters in syscall guess not, then add another syscall for it
1135972669 M * derjohn Roey, remeber: only one kernel to bidn them all ....
1135972683 M * Roey derjohn:  so it is not enough to have a 1/ in the web client and 2/ in the dns client and 3/ in the mail client; they all need 1/ 2/ and 3/
1135972687 M * cehteh and by default old behaviour is like the mask is 0.0.0.0 
1135972708 M * derjohn Roey, what? a "1/"  ??
1135972716 M * Roey derjohn:  interfaces/1/
1135972750 M * Bertl cehteh: the syscall switch is quite flexible for that, but of course, the tools need changes
1135972761 M * Roey katzr@sink2:/etc/vservers/web$ cat /etc/vservers/web/interfaces/2/ip
1135972761 M * Roey 192.168.5.145
1135972761 M * derjohn Roey, i dont know ... if the dns client only need one IP you need only /0 in its config
1135972780 M * derjohn  cat /etc/vservers/web/interfaces/0/ip == ?
1135972781 M * Roey derjohn:  well each client has a /0/ and each has a different numbher in /0/ip
1135972795 M * derjohn Roey, yes, each client has a /0
1135972828 M * cehteh Bertl: yes .. i dont know how the syscall interface for vserver looks nowadays ... but i would vote for a single vserverctl() syscall similat to ioctl
1135972842 M * yang2 Bertl: excellent ! It works !
1135972844 M * Roey derjohn: http://rafb.net/paste/results/tAna5t97.html
1135972849 M * derjohn Roey, and every /0/ip can^W must hold differnt values
1135972850 M * cehteh to add new features and migrate old ones
1135972861 M * Roey derjohn:  OK so that is what I did earlier! and yet they all point to the same client!!
1135972865 M * Roey at least, when I ssh into it.
1135972893 M * Roey derjohn:  now, I just changed it so that each client has a different N for /etc/vservers/.../interfaces/$N/
1135972895 M * derjohn Roey, # cat /etc/vservers/vjohn/interfaces/dev
1135972895 M * derjohn eth0
1135972905 M * Bertl yang2: good, be careful, as the guest might now 'overlap' host services
1135972920 M * Roey katzr@sink2:/etc/vservers/web$ cat /etc/vservers/web/interfaces/2/dev
1135972920 M * Roey bond0
1135972930 M * Roey derjohn:  did you see the above?
1135972937 M * Roey derjohn:  they each have the same bond0.
1135972947 M * cehteh as i did it, it was just a few line patch to chbind .. some optargs and the additional parameters to the chbind syscall
1135972965 M * derjohn Roey, yes you pastebin is ok.
1135972983 M * derjohn Roey, are yoi talking about ssh problems? (ssh was mentioned above)
1135973003 M * Bertl cehteh: well, I won't extend the legacy interface, so that is only an option for the newer interfaces (the ones I pointed _are_ to)
1135973004 M * derjohn keep in mind that ssh will bind to _ALL_ IP is started on the host
1135973018 M * cehteh Bertl: exactly
1135973044 M * derjohn Roey, if ssh bind port 22 to all IPs on the host, the guest can not bind port 22 on its IP.
1135973077 M * cehteh so old interfaces set the mask to 0.0.0.0 and new interfaces start with 255.255.255.255 and let the user constrain it
1135973120 M * cehteh thats all really trivial
1135973173 M * _are_ Bertl: ok, checked these out, atm vc_set_ipv4root gets called, these get replaced by vc_net_{create,migrate,add,remove)
1135973174 M * Roey derjohn:  I don't get it.
1135973175 M * derjohn Bertl, (concerning the #IP per guest  problem)  could you point out what the "new interface" is? Did you change the kernelapi while developing NG ?
1135973179 M * Roey cehteh:  to whom are you talking?
1135973188 M * cehteh bertl
1135973198 M * Roey derjohn:  when I ssh... into the different IPs, I end up logging into the same client!@
1135973202 M * Roey cehteh:  ok.
1135973243 M * derjohn Roey, see private chat
1135973300 M * Roey derjohn:  http://rafb.net/paste/results/8lVkaW88.html
1135973350 M * Roey derjohn:  I don't have the ip command when I use vserver enter.
1135973352 M * derjohn Roey, and inside the giesz
1135973353 M * Roey derjohn:  only when I ssh into the host.
1135973356 M * derjohn guest?
1135973357 M * Roey giesz??
1135973363 M * Roey derjohn:  what I pasted
1135973365 M * Roey er
1135973366 M * derjohn Roey, lol .. coll typo, he?
1135973367 M * derjohn cool
1135973369 M * Roey only when I ssh into the guest
1135973386 M * derjohn Roey, no, thats from the host
1135973402 J * shedi ~siggi@213-140-22-77.fastres.net
1135973408 M * derjohn Roey, I want the guests output
1135973443 M * derjohn Roey, 'vserver yourguest enter'
1135973469 M * derjohn Roey, do not login directly via ssh to the guest - thats not working
1135973485 M * bubulak ls
1135973507 A * michal_ was logging directly to the guests all the time
1135973514 M * michal_ *loging in
1135973521 M * michal_ via ssh
1135973527 M * michal_ it was working ;p
1135973542 M * derjohn michal_, but you bound the hosts sshd to only one IP ... not to * :)
1135973554 M * Bertl bubulak: my_first_file.txt
1135973556 Q * G-ShocK Quit: 
1135973563 M * michal_ how did you know ;) (yes you are right)
1135973652 M * derjohn michal_, after Roey resistance to think about this theme I have to point his nose onto the fact why he has to do it ...
1135973655 M * derjohn michal_, :)
1135973680 M * michal_ i see
1135973693 M * bubulak Bertl: :)))
1135973712 M * michal_ bubulak: ls: no such file or directory
1135973724 M * bubulak hooops :)
1135973729 M * michal_ you have Reconfigured Main -ReadFrom / ? ;p
1135973733 M * derjohn bubulak, read mal really fast == rm -rf /
1135973742 M * derjohn s/mal/mail/
1135973743 M * bubulak passwd
1135973747 M * bubulak don't look
1135973748 M * bubulak :)
1135973760 M * michal_ we do not have to look, we are already there ;p
1135973771 M * bubulak lool
1135973812 M * _are_ Bertl: ok, checked these out, atm vc_set_ipv4root gets called, these get replaced by vc_net_{create,migrate,add,remove), is this correct?
1135973915 M * Bertl _are_: yes, basically
1135973942 M * Bertl _are_: so this interface does not require the legacy stuff
1135973975 M * Bertl _are_: so basically if you make util-vserver work with the legacy networking turned off, your part is done ...
1135973995 M * Roey derjohn:  hi
1135974008 M * Bertl _are_: CONFIG_VSERVER_LEGACYNET (in recent kernel configs)
1135974010 M * Roey derjohn:  you're right.
1135974013 M * Roey derjohn:  are you here?
1135974016 M * Roey derjohn:  I was away for a bit
1135974018 M * Roey now I am back.
1135974025 M * Bertl Roey: we didn't notice :)
1135974044 M * derjohn Roey, yes
1135974069 M * Roey derjohn:  hi!
1135974070 M * Roey Bertl:  hi!
1135974075 M * _are_ Bertl: ufff, from my side it is probably a lot easier to make the kernel export the limit via sysctl interface and the tools read this. Don't kow if i have enough knowledge to do the LEGACY-removal stuff
1135974081 M * Bertl hey Roey! how are you?
1135974081 M * Roey derjohn:  ok, the guests do not have the 'ip' command.
1135974090 M * Roey derjohn:  what is the packagename? lemme download it.
1135974090 M * _are_ (if it was as easy probably it would have been done by now)
1135974094 M * Roey Bertl:  down on my luck
1135974112 M * derjohn Roey, apt-get install iproute 
1135974115 M * Bertl _are_: okay, np with that :)
1135974119 M * derjohn Roey, but ifconfig will do ...
1135974193 M * _are_ Bertl: but as i don't want to give up (yet): it is only the chbind tool that is affected by this legacy stuff?
1135974224 M * Roey http://rafb.net/paste/results/Mxgk9586.html
1135974227 M * Roey derjohn:  see that.
1135974268 M * Roey root@mail:/# ip addr
1135974268 M * Roey 2: bond0: <BROADCAST,MULTICAST,MASTER,UP> mtu 1500 qdisc noqueue
1135974268 M * Roey     link/ether 00:02:b3:48:50:2c brd ff:ff:ff:ff:ff:ff
1135974268 M * Roey     inet 192.168.5.141/24 brd 192.168.5.255 scope global secondary bond0
1135974303 M * derjohn Roey,  ahh ... see? you have this one ip  192.168.5.141 in your guest, right?
1135974305 M * Roey root@web:/# ip addr
1135974305 M * Roey 2: bond0: <BROADCAST,MULTICAST,MASTER,UP> mtu 1500 qdisc noqueue
1135974305 M * Roey     link/ether 00:02:b3:48:50:2c brd ff:ff:ff:ff:ff:ff
1135974305 M * Roey     inet 192.168.5.145/24 brd 192.168.5.255 scope global secondary bond0
1135974323 M * Bertl _are_: yes, AFAIK, everything but chbind works quite fine with legacy net disabled
1135974340 M * derjohn Roey, and now compare with ip addr of the host ...
1135974357 M * Roey root@dns:/# ip addr
1135974357 M * Roey 2: bond0: <BROADCAST,MULTICAST,MASTER,UP> mtu 1500 qdisc noqueue
1135974357 M * Roey     link/ether 00:02:b3:48:50:2c brd ff:ff:ff:ff:ff:ff
1135974357 M * Roey     inet 192.168.5.146/24 brd 192.168.5.255 scope global secondary bond0
1135974358 M * Roey there.
1135974361 M * derjohn Roey, see that the host also shows the IP  192.168.5.145 and 192.168.5.141 ?
1135974382 M * derjohn Roey, no, the host pls !
1135974402 M * Roey http://rafb.net/paste/results/lc4bha76.html
1135974404 M * Roey derjohn:  :)
1135974412 M * Roey derjohn:  yeah it has like... three additional IPs bound to bond0.
1135974414 M * derjohn Roey, .. are those Ip there?
1135974417 M * Roey derjohn:  yes.
1135974419 M * Roey yes they are.
1135974428 M * Roey derjohn:  exaclty as you said
1135974431 M * derjohn Roey, and now .. think what happens if you start sshd on the host ...
1135974447 M * derjohn Roey, on which IPs the sshd will listen on?
1135974457 M * derjohn Roey, Remember: _host_ !
1135974520 M * derjohn Roey, which IPs will it bind port 22 to? I want to continue the quiz!
1135974547 M * Roey the host
1135974559 M * Roey well it appears taht the host is listening on all those IPs.
1135974578 M * derjohn Roey, yes ... did you look which IPs are in /etc/ssh/sshd_config ?
1135974579 M * Roey the host will accept sshd connections on port 22 from any of those addresses.
1135974583 M * Roey hmm
1135974585 M * Roey one second.
1135974604 M * derjohn Roey, and now ... what will happen if the guest starts an sshd to (same IPs on the host too)
1135974613 M * Roey # Use these options to restrict which interfaces/protocols sshd will bind to
1135974614 M * Roey #ListenAddress ::
1135974614 M * Roey #ListenAddress 0.0.0.0
1135974622 M * Roey that is what the host's says.
1135974629 M * Roey derjohn:  so... the host will mask the clients right? :)
1135974636 M * Roey derjohn:  so I should make it listen on only one address.
1135974643 M * Roey derjohn:  and the clients should listen on their own address too.
1135974646 M * Roey does this make sense to you?
1135974656 M * derjohn Roey, yes, you got it :)
1135974678 M * Roey ahhhh ok :) :)
1135974680 M * derjohn btw: the guest can only bind it's own ip. it doenst "see" the others.
1135974706 M * derjohn Roey, but in the host you must ...that counts for all apps that bind von * (apache , bind, etc)
1135974713 M * jso Bertl, patch-2.6.15-rc7-vs2.1.0.1.diff applied cleanly against 2.6.15-rc7-pa0 (parisc linux flavour) and on going to rebuild (just need some time my system is slow ;-) ) 
1135974722 M * Roey derjohn:  von??
1135974730 M * Roey derjohn:  ich versteh nicht
1135974759 M * Bertl jso: if you encounter unusual warnings, (or if your just started) apply this patch http://vserver.13thfloor.at/Experimental/delta-mm64-fix01.diff
1135974768 M * derjohn Roey, and because you posted "dns" .... dns (bind) is very special (see: wiki)
1135974774 M * Roey derjohn:  is there a way I can just say to the host 'dude, don't listen on any port except ssh'
1135974797 M * Roey derjohn:  and 'dude, don't listen on any IP other than <this one>'
1135974805 M * derjohn Roey, yes, this is called ngnet and currently under development by jedimaster^W bertl
1135974825 M * derjohn Roey, verstehst du was ich meine ? :)
1135975010 M * Roey derjohn:  NEIN!
1135975011 M * Roey :)O
1135975036 M * Roey derjohn:  Sprach bitte sehr sehr nicht-schnell... dass meint, slowly.
1135975058 M * Roey weil ich versteh nur ein >>>bischen<<< hehehehe
1135975066 M * Roey ngnet?
1135975068 M * Roey hmm ok.
1135975084 M * Roey derjohn:  so if host has apache running... and guest has apache running... the host is the one that will respond?
1135975099 M * derjohn Roey, forget about ngnet. it's only a proof of concept by now (bertl dont hit me :))
1135975131 M * derjohn Roey, I think the one who was faster to bind port 80 to the IP will respond.
1135975149 M * Bertl derjohn: why should I hit you, when you speak the truth?
1135975184 M * derjohn Bertl, because I thought its more than a proof of concept now....
1135975224 M * jso Bertl, no unsual warning till now, though (but ok, I will apply for the next build, this one is about 80% finished)
1135975233 M * derjohn Bertl, Roey, i wanted to prevent Roey even think about ng by now.
1135975234 M * Roey derjohn:  ok good enough.
1135975238 M * Roey derjohn:  :)
1135975248 M * Roey ok I need to go brush my teeth
1135975251 M * Roey sugar = no good for teeth.
1135975265 M * derjohn Roey, linux = no good for health.
1135975296 M * Bertl jso: yeah, doesn't apply for archs which do not use atomic64
1135975302 M * Roey adminning = no good for sanity :)
1135975329 M * derjohn Roey, adminspotting :) /me not turns towards Java ... enough support for today :)
1135975362 M * derjohn Roey, Now i try ro get support in #java :)
1135975422 M * jso Bertl, tbh I have no clue (will check ;-) )
1135975468 M * jso Bertl, just know that parisc has a lot of artefact ;-)
1135975573 M * dothebart ok, congress is over. sitting in the c-base ;)
1135975594 M * dothebart finaly stable networking ;-)
1135975849 M * _are_ Bertl: is this correct: vc_set_ipv4root gets called with all IPs/BCAST adresses in one go, vc_net_add should replace this and gets called with a structure vcmd_net_addr_v0 as argument once for each aditional IP? does ...
1135975849 M * _are_ something need to be vc_net_create-ed?
1135975894 M * Bertl _are_: yes, you first create the context (basically replaces the set_ipv4root) and then _add_ ip after ip
1135975918 M * Bertl (well, you can add them in bunches of up to 4 IIRC)
1135975969 M * Bertl this also allows to add or remove IPs while the guest is running (but that's a little trickier, actually)
1135976591 M * jso Bertl, goooood news my box boot fine and well the guest vserver:
1135976605 M * _are_ ok, guess I know what generally should be done now, seems i miss some details
1135976606 M * jso # uname -a
1135976606 M * jso Linux hpalin 2.6.15-rc7-vs2.1.0.1-pa0-c110 #1 Fri Dec 30 21:49:12 CET 2005 parisc GNU/Linux
1135976623 M * jso # vserver-stat
1135976623 M * jso CTX   PROC    VSZ    RSS  userTIME   sysTIME    UPTIME NAME
1135976623 M * jso 0       60 116.8M  37.7M   0m32s98   1m25s89   4m26s39 root server
1135976623 M * jso 49152   14  79.5M  22.1M   0m02s33   0m03s91   2m26s10 DebSid
1135976625 M * Roey derjohn:  hey! things work now!
1135976627 M * Roey hehe
1135976647 M * Roey derjohn, Bertl: so eventually vserver WILL be made so that it blocks stuff coming to IPs other than the host's?
1135976658 M * _are_ vnet id in struct nx_info, is this what i know as context id / xid?
1135976693 M * derjohn Roey, in a tired moment Bertl estimated something about "in 6 month".
1135976704 M * Roey :)
1135976705 M * Roey ok
1135976710 M * jso Bertl, and ssh the guest without any pb: $ ssh hplvsrvr
1135976710 M * jso Password:
1135976710 M * jso The programs included with the Debian GNU/Linux system are free software;
1135976710 M * jso the exact distribution terms for each program are described in the
1135976710 M * jso individual files in /usr/share/doc/*/copyright.
1135976711 M * jso Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
1135976712 M * Bertl _are_: yes, but for the network context
1135976713 M * jso permitted by applicable law.
1135976715 M * jso Last login: Fri Dec 30 20:58:07 2005 from sid.debian.home
1135976745 M * Roey derjohn:  like... say someone compromises a host... then they start installing programs that listen on other IPs and make people think that they're logging into those other IPs when in fact they are logging into the compromised host!!!!!!1
1135976748 M * Roey this is bad for security!!!!!!11
1135976787 M * derjohn Roey, if the _host_ in compromise you open like goaste ....
1135976799 M * Roey derjohn:  nono
1135976803 M * derjohn Roey, no matter what's about Ip stuff
1135976803 M * Roey derjohn:  assuming a guest is compromised
1135976811 M * Roey derjohn:  the guest can start listening in on other IPs.
1135976847 M * derjohn Roey, ahhh ... hm ... hehe .... try to add an Ip within the guest : ip addr add x.y.z/b dev bond0 or eth0
1135976882 M * derjohn Roey, same goes for sniffing .. try to sniff within a guest (e.g. tcpdump -X -i eth0 ...)
1135976948 M * jso Bertl, congratulation ;-) (if you thought to some more test/patch to do, please mail me soete.joel@tiscali.be or I am registered to m-l ;-)
1135977018 M * Roey derjohn:  to sniff you need to be able to set the guest to be promiscuous
1135977022 M * Roey don't we love promiscuity?
1135977030 M * Roey derjohn:  ohhhh right right vserver blocks that :)
1135977034 M * Roey awww you 
1135977036 M * Roey hehehe :)
1135977036 M * derjohn Roey, sure we do, but we are the host :)
1135977038 M * jso Bertl, I will now gona spent some time with my wife, thanks again, cyl * and Happy New Year ;-)
1135977048 M * Roey see ya jso!!
1135977049 M * Bertl jso: have a great new year!
1135977140 M * derjohn Roey, would you please do a favor to us?
1135977140 J * Aiken ~james@tooax6-007.dialup.optusnet.com.au
1135977174 Q * jso Quit: cu *, Hapy New Year ... ;^)
1135977226 M * Bertl welcome Aiken! 
1135977249 M * Aiken hello
1135977350 M * Roey derjohn:  sure
1135977356 M * derjohn Roey, I mean all what I just now told you in here ... could please write that down in you own word and out it on the wiki? (or mail it to me and I put it on the wiki) ?
1135977369 M * derjohn Roey, this Q appered more than once ...
1135977384 M * Roey Q?
1135977385 M * Roey quiet?
1135977386 M * Roey ok
1135977415 M * derjohn Roey, even there are some hints about that on the wiki, something with a not so technical approch would be fine |  Q=Question ;=
1135977422 M * dothebart hm. has somebody here experience with the new broadcom wireless drivers?
1135977443 M * dothebart it keeps telling me, my version of the wireless extension is to old...
1135977551 M * derjohn dothebart, maybe your  ersion of the wireless extension is to old :)
1135977605 M * dothebart well, i actualy downloaded the latest wireles* from http://pcmcia-cs.sourceforge.net/ftp/contrib/ and compiled it...
1135977611 M * Doener dothebart: extension or tools too old?
1135977629 M * dothebart extension...
1135977641 M * dothebart the kernel has got 19, the iwconfig 17
1135977652 M * Doener then the tools are too old
1135977675 M * Bertl (but there is compatibility left :)
1135977680 M * dothebart yes, but it was the latest available from the url above, which seems to be the original site?
1135977695 M * dothebart i'm trying to get these http://bcm43xx.berlios.de/ to run...
1135977707 M * cehteh # chcontext --xid 2 --flag private chcontext --xid 0 bash
1135977707 M * cehteh New security context is 2
1135977707 M * cehteh vcontext: vc_ctx_migrate(): Operation not permitted
1135977723 M * cehteh ... so i can not get back to context 0?
1135977733 M * Bertl cehteh: yup, quite expected
1135977741 M * cehteh .. because 0 is not really a context?
1135977753 M * Bertl that, and for security reasons
1135977764 M * cehteh uhm that sux
1135977789 M * Bertl well, you can (somewhat) easily add such a 'feature'
1135977799 M * cehteh how?
1135977806 M * dothebart Doener: where else could i get a newer version?
1135977813 M * Bertl cehteh: first, define a flag for it
1135977829 M * cehteh you mean patching the kernel?
1135977830 M * Bertl cehteh: then, have a look at the 'migrate' functions
1135977835 M * cehteh ok
1135977861 M * Bertl and once you understood how 'entering' a context works, you can also 'leave' it :)
1135977863 M * cehteh well SYS_ADMIN can be used for that .. or would you define a new flag?
1135977878 M * Bertl cehteh: I'd go for a 'context' flag
1135977885 M * cehteh ok
1135977888 M * FaUl *gaehn*
1135977902 M * Bertl cehteh: let's see what is already there ...
1135977934 M * Doener dothebart: did you by chance install the stuff with prefix /usr/local and have your distros wireless tools left in /usr ?
1135977947 M * cehteh Bertl: thats what i dislike .. since we have 2 special contexts (0 and 1) where 0 isnt even really a context you have exceptional behaviour 
1135977972 M * dothebart Doener: yep, they have, i called it with full path.
1135977977 M * Bertl well, you would not be able to do context 1 stuff without that?
1135977992 M * Bertl cehteh: ^-- for you :)
1135977995 M * dothebart or does it take some libs from else what place?
1135978022 M * Bertl cehteh: http://www.13thfloor.at/vserver/d_rel26/v2.1.0/split-2.6.14.4-vs2.1.0/07_2.6.14.4_context.diff.hl (see that one for flags)
1135978039 M * dothebart hm. i'll try the sid package...
1135978104 M * cehteh you can change the design a little .. means from the kernel viewpoint all contexts are the same with some capabilities (posix or vserver) .. and ctx 1 is setup at boot time with the desired flags .. (as well as ctx0 drops some)
1135978112 M * Roey derjohn:  ok... you know... I will write a step-by-step.
1135978117 M * Roey derjohn:  and this is from the beginning
1135978121 M * Roey with compiling the vserver.
1135978135 M * cehteh Bertl: but i have currently no time to hack on the kernel 
1135978168 M * derjohn Roey, hm, the ssh things would be enough in the frist step ... step by step 
1135978170 M * Bertl cehteh: adds unnecessary overhead ...
1135978202 M * cehteh Bertl: what is the overhead exactly .. i mean it is just one and probably the smallest (least processes) context
1135978208 M * Bertl cehteh: I agree that from the 'design' POV it's probably nicer to put xid=0 in a separate context
1135978232 M * Doener dothebart: do you actually experience problems? usually a version mismatch isn't critical
1135978232 M * cehteh i didnt looked at the source since 2001 .. cant remember much
1135978236 M * Bertl cehteh: I'm not worried about the overhead for the processes
1135978253 M * Bertl cehteh: just think about an arbitrary xid=0 check
1135978256 M * dothebart well, the iwconfig call is missing information as the base station.
1135978283 M * cehteh Bertl: why that? 
1135978285 M * Doener did you set essid, channel and stuff?
1135978288 M * Bertl cehteh: now it's a single comparison (i.e. task->xid == 0)
1135978290 M * dothebart that bcm shit won't work with driverloader under amd64 ;-)
1135978307 M * Bertl cehteh: now consider this check for a 'context' property
1135978315 M * dothebart nope, tried to set it by hand, and got the version warning...
1135978340 M * Bertl cehteh: and similar for the spectator context, again, every check would have to look into the context
1135978345 M * cehteh Bertl: yes .. how many times is that done .. and any of them timing critical?
1135978372 M * Bertl cehteh: it is done on almost every syscall and/or file operation
1135978372 M * Doener dothebart: well, you need to set essid etc. before the card can associate with the ap
1135978374 M * cehteh i think not .. but as saied, i didnt looked at the source
1135978379 M * Doener just ignore the version warning
1135978435 M * Bertl cehteh: but feel free to change the design, we can then do some comparisons ...
1135978446 M * cehteh some capabilities (i mean here access tokens not posix caps) can be short-circruited directly into the task struct
1135978460 M * dothebart yep. 
1135978468 M * dothebart ill try with the sid package.
1135978484 M * Bertl cehteh: that would reduce the flexibility, no? you could not change them easily for a context
1135978486 M * cehteh Bertl: i dont have endless time .. unless someone would fund that
1135978499 M * Bertl cehteh: me neither :)
1135978533 M * cehteh Bertl: sure, the few syscalls which mutate context flags just need to care for the ones in the task struct too
1135978562 M * Bertl cehteh: task structs!
1135978585 M * cehteh yes
1135978609 M * stefani sid package not have vhashify ? 
1135978617 M * Bertl cehteh: so, and what was it again, what that would buy you?
1135978632 M * Bertl stefani: IIRC, there is no proper libbeecrypt on sid
1135978660 M * stefani ohoh. 
1135978686 M * cehteh anyways .. how expensive is a additional double dereference and mask operation on each syscall ... compared to  task->xid == 0 ... syscalls are already moderately expensive by themself .. and since they usually do some more stuff i think that wont weight much .. but thats left to be prooven
1135978716 M * Bertl cehteh: depends, on an SMP system it would cause cache issues
1135978726 M * stefani Bertl:   sarge no, sid yes. 
1135978752 M * Bertl stefani: what package did you get/choose?
1135978766 M * stefani Bertl:   mixed version. 
1135978767 M * cehteh Bertl: maybe
1135978782 M * Bertl stefani: try to get the one micah did (0.30.209)
1135978794 M * cehteh well putting some capability flags into the task struct would solve that
1135978828 M * Bertl cehteh: fine, what is the gain over the current design? for the user?
1135978857 M * cehteh exactly what i am trying to do .. making the root-server useable on a desktop system
1135978889 M * Bertl IMHO it is pretty useable on desktop systems
1135978910 M * cehteh another idea ...
1135978929 M * Bertl let's hear!
1135978944 M * cehteh si::sysinit:/etc/init.d/rcS    .. i think i just plug chbind's into my initab
1135978966 M * cehteh si::sysinit:/sbin/chbind --ip ... /etc/init.d/rcS
1135978968 M * cehteh and so on
1135978999 M * Bertl hmm, good, what would that buy you?
1135979036 M * cehteh the desktop starts many servers listening on 0.0.0.0
1135979042 M * cehteh (on the root)
1135979047 M * Bertl IMHO all you really want is a way to escape from a chbind jail ...
1135979071 M * Bertl (and that should be pretty trivial to do)
1135979100 M * cehteh no i want to chbind anything which is started by the init (except the vservers) to some ip 
1135979110 M * cehteh so that it wont block ports for the vservers
1135979113 M * cehteh thats all
1135979132 M * Bertl hmm, why not use the v_* wrappers then?
1135979175 M * Bertl (for those services you want to be restricted, except sshd)
1135979403 M * cehteh because i want to keep my installation in sync with debian package management and dont want to care for configuration issues on updates
1135979470 M * cehteh and i have servers which are not covered by v_* wrapers .. so i just search a generalized way to push a single button to make all work fine
1135979481 M * Roey derjohn:  how do you install the base system again?
1135979493 M * Roey derjohn:  to get rid of the LOCALE errors?
1135979515 M * Bertl cehteh: what about a small modification of the rc script?
1135979537 M * Roey  <derjohn> Roey, do a apt-get install locales or dpkg-reconfigure locales I HTH  :)
1135979539 M * Roey derjohn:  thanks again
1135979547 M * Bertl cehteh: to jail everything 'except' ssh for example?
1135979589 M * cehteh # cat /sbin/vinit 
1135979590 M * cehteh #!/bin/sh
1135979590 M * cehteh /sbin/chbind --ip 10.20.20.10/16 --bcast 10.20.255.255 -- /sbin/init $@
1135979599 M * cehteh .. trying that now
1135979631 M * cehteh chbind works in context 0 i hope :)
1135979658 M * Bertl yes
1135979691 M * cehteh reboots
1135979775 M * Roey Bertl:  why do I get this:
1135979777 M * Roey katzr@web:~$ sudo jed /etc/hosts
1135979777 M * Roey sudo: unable to lookup web.senet-int.com via gethostbyname()
1135979833 M * Bertl I'd say some part of your command tries to lookup your hostname or something similar
1135979834 M * cehteh mhm
1135979876 M * cehteh does chbinf fork before exec?
1135979901 Q * tso Quit: BitchX-1.1-final -- just do it.
1135979905 M * cehteh kernel panic .. init didnt liked that
1135979939 M * Roey Bertl:  it works fine for the two other guests though.
1135979939 M * Bertl I'd say bash becomes ini
1135979944 M * Roey Bertl:  what could be the difference??
1135979960 M * Bertl Roey: entries like /etc/host or /etc/resolv.conf
1135979976 M * Bertl Roey: or just the fact that web.senet-int.com doesn't exist
1135980029 M * Roey it doesn't
1135980036 M * Roey Bertl:  but still.. the other clients do not complain.
1135980087 M * cehteh Bertl: ah have to exec ;:)
1135980088 M * Roey Bertl:  what's the base debian installer after you debootstrap?
1135980174 M * Bertl Roey: what do you mean? dpkg-reconfigure?
1135980202 M * Roey like, I am not sure that I have fully set-up my debian guests.
1135980207 M * Roey for instance, they have no /etc/hosts
1135980220 P * meandtheshell 
1135980243 M * Bertl well, if they have none and work fine, so be it .. (I really don't know how debian guests should look like)
1135980277 M * Roey ok
1135980282 M * Roey well I stuck a /etc/hosts in there.
1135980284 M * Roey and all is quiet now.
1135980285 M * Roey hmm.
1135980286 M * Roey yeah.
1135980395 M * cehteh gotcha .. works
1135981884 A * cehteh dances
1135981894 M * cehteh works all now :)
1135981933 M * Bertl excellent, so no design change required :)
1135981960 M * cehteh yeah 1 line of code :P
1135981979 M * cehteh i should rm the v_* things from init.d ;)
1135981990 M * cehteh and write the vinit tip on the wiki
1135982013 M * Bertl IIRC, the v* wrappers already have been removed from the tools
1135982038 M * Bertl and of course you should add that to the wiki
1135982190 M * FaUl Bertl: is that vhasify-feature stable btw? 
1135982199 M * FaUl seems to rock anyway
1135982200 M * FaUl :-)
1135982223 M * Bertl FaUl: vhashify is very stable, it doesn't use anything new (just plain old hardlinks :)
1135982252 M * Bertl FaUl: the CoW link breaking in the devel release is working but I do not consider it 'stable' yet
1135982364 M * FaUl ok, cow should work automagically if i use vhashify, won't it?
1135982886 M * derjohn Roey, base-config and apt-get install locacles
1135982906 M * Bertl in devel, yes, but it's not strictly required for 'typical' vhashifications (which exclude /etc and /vr by default)
1135983217 M * stefani Bertl:    micah's util-vserver does install and much works on a sarge system, but the vhashify stuff does not happen.  
1135983237 M * stefani no fault of micah's 
1135983522 P * stefani I'm Parting (the water)
1135983526 M * FaUl Bertl: i think it's very importent for securtiy reasons
1135983557 M * FaUl Bertl: it would be to bad if someone get a rootkit and it would change every single sshd on any vserver because they are linked :-)
1135983577 M * mattg is vhashify installed by default when alpha is compiled from source?
1135983581 M * cehteh how about starting a "Recipes" subpage below 'Help' on the wiki?
1135983633 M * mattg nevermind.. I just need to learn to spell right
1135983688 M * Bertl FaUl: no, that's protected by the immutable flag
1135983726 M * Bertl cehteh: why not ...
1135983750 M * Bertl okay, I'm off for today ... have fun!
1135983759 N * Bertl Bertl_zZ
1135983827 M * mattg how about "Can not find file for 'RPMSTATEDIR'" on vhashify
1135983996 M * FaUl Bertl_zZ: so i can't change anything which is hashifyed on any release not 2.1.0?
1135984345 J * are|lunch ~are@dslb-084-056-135-171.pools.arcor-ip.net
1135984560 Q * michal_ Ping timeout: 480 seconds
1135984606 M * cehteh http://linux-vserver.org/Recipes
1135984649 J * michal_ ~michal@mprivacy-update.de
1135984660 M * mattg ok.. fixed RPMSTATEDIR.. /vservers/.pkg/[server] was in the wrong place
1135984750 Q * _are_ Ping timeout: 480 seconds
1135985067 M * derjohn cehteh, running the root server with chbind'ed ip address -> this works? so the guest IPs are not visible to the host then?
1135985233 J * comfrey ~comfrey@cpe-69-203-195-46.nyc.res.rr.com
1135985360 M * cehteh derjohn: they are .. but anything you start on the root which tries to bind 0.0.0.0 gets the configured address
1135985378 M * cehteh means you dont have to reconfigure servers in the root
1135985755 Q * comfrey Ping timeout: 480 seconds
1135985949 M * derjohn cehteh, thats excellent, why didnt anyone point that out till now?
1135985972 M * cehteh because i am smart :P
1135985990 M * derjohn cehteh, drawbacks? 127.0.0.1 works or do I have to bind it explicitly, too?
1135986004 M * cehteh didnt checked yet
1135986011 M * derjohn cehteh, is disabled smart on my machine :)
1135986429 J * comfrey ~comfrey@cpe-69-203-195-46.nyc.res.rr.com
1135986829 M * cehteh so when i ssh 127.0.0.1 from guest .. i connect to the guest .. seems to be ok or?
1135986935 M * derjohn cehteh, eh, no. in guest 127.0.0.1 is mapped to the first IP of the host, i.e. the realserver. So you shouldnt see the guest .... 
1135986936 M * cehteh on old vservers i just put 'external-ip localhost' into /etc/hosts ... worked for some clients
1135986966 M * cehteh huh 
1135986991 M * cehteh if i connect to 127.0.0.1 i expect to connect to myself not to the root server
1135987033 M * cehteh i can tell, it works at least as i expect
1135987046 M * derjohn cehteh, sure? I remeber the 127.0.0.2 trick in guests for simulating a "lookback"
1135987084 M * derjohn cehteh, so I think 127.0.0.1 in a guest is mapped to root server (unitl we have ngnet)
1135987120 M * derjohn so, is 127.0.0.1 there if you do a ip addr on host?
1135987135 Q * comfrey Ping timeout: 480 seconds
1135987177 M * cehteh derjohn: i hope that 127.0.0.2 thing was only a old workaround