1135987200 M * cehteh well i dont care as long it works like now
1135987232 M * cehteh the main problem was to enforce the root's server to bind to some ip .. thats sovled
1135987319 M * derjohn yeah, but there is not 127.0.0.1 of the root server by now?
1135987356 M * derjohn (many daemon dont start without removing 127.0.0.1 from the config)
1135987484 M * cehteh ah
1135987526 M * cehteh well i come back on that when i see problems
1135987547 M * cehteh how about DNAT 127.0.0.1 to the interface ip?
1135987725 M * derjohn cehteh, are we really talking about the same thing? I just wanted to know if there is 127.0.0.1 on a interface of the root vserver after that chbind recipe.. is it or not? or did I missunderstand?
1135987916 M * cehteh # ifconfig lo
1135987916 M * cehteh lo        Link encap:Local Loopback  
1135987916 M * cehteh           inet addr:127.0.0.1  Mask:255.0.0.0
1135987916 M * cehteh           inet6 addr: ::1/128 Scope:Host
1135987939 M * derjohn cehteh, cool :)
1135988012 M * cehteh # w3m http://127.0.0.1
1135988012 M * cehteh w3m: Can't load http://127.0.0.1.
1135988015 M * cehteh .. not so cool
1135988046 M * derjohn w3m? (dunno) ... but ... cant you add 127.0.0.1 to the chbind command?
1135988080 M * cehteh i'll check that later, wont reboot now
1135988108 M * cehteh eh how many ip's can you add to chbind?
1135988125 M * derjohn cehteh, I never used that .. i just assumed :)
1135988139 M * cehteh still only one :P
1135988193 M * derjohn hm, maybe remove 127.0.0.1 before chbind and add it after with ip addr add ?
1135988204 M * cehteh have to talk with Bertl about that next days .. having one config var which sets how many IP's a vserver can bind .. and add that masking thing i did in 2001 back
1135988235 M * derjohn ah, was that the "immutable" stuff?
1135988242 M * cehteh yeah
1135988284 M * derjohn lol, I assumed that the command you posted here was real, i.e. already possible with the utils :)
1135988303 M * cehteh it *was* real .. in 2001 ... 
1135988313 M * cehteh but never integrated and now lost :(
1135988326 M * derjohn cehteh, so yes, go .. but bertl will take care to have all people to for ngnet ....
1135988352 M * cehteh i didnt followed vserver developement for years .. only used it
1135988366 M * derjohn but: go for it, I will be happy to use it!
1135988373 M * cehteh is there something written for ngnet?
1135988382 M * derjohn I guess kernel code :)
1135988391 M * cehteh i meant specs
1135988406 M * cehteh would be nice to have ipv6 too
1135988420 M * derjohn yes, thats one aspect
1135988427 M * cehteh and i have absolutely no idea whats planned
1135988469 M * derjohn cehteh, http://linux-vserver.org/NGNET-Development and http://linux-vserver.org/NGNET-Testing-HOWTO
1135988534 M * derjohn cehteh, well it's like a complete separation on virtual (guest) interfaces from the host ... so You can have even more than one 127.0.0.1 - if I understood corretly
1135988564 M * cehteh ok
1135988569 M * cehteh looks like more work
1135988591 M * derjohn cehteh, bertl estimaed 6 months until we see something usable
1135988646 M * cehteh i think i can add the masks thing for that and fix the userland tools
1135988658 M * cehteh but i dont want to become a vserver developer
1135988670 M * cehteh unless someone pays me for that
1135988682 M * derjohn cehteh, it ok if you only become a util-vserver developer
1135988684 M * derjohn :)
1135988690 M * cehteh lol
1135988719 M * cehteh actually i am working on a small configuration language .. would be nice if the utils will use them someday
1135988737 M * derjohn cehteh, util-vserver must change to the new kernel-interface. "ensc" seems not to have much time for it anymore.
1135988802 M * cehteh well vserver is a somewhat comercial project means a lot people make much money with it ...
1135988848 M * cehteh i dont see a reason to code for it for fun .. at least some ISP could/should fund that imo
1135988870 M * cehteh or let his own people code that
1135990213 Q * shedi Quit: Leaving
1135991024 M * FaUl btw: somebody here who knows how to enable automagically-vserver-startup-on-host-boot on debian? 
1135991048 M * Loki|muh its everywhere the same
1135991058 M * FaUl ok, how is it done?
1135991066 M * Loki|muh mom
1135991076 M * Loki|muh echo "default" > /etc/vservers/$VSERVERNAME/apps/init/mark
1135991157 M * Loki|muh assuming that /etc/rc.init.d/vservers-default is linked to the init-scripts of your current runlevel
1135991163 M * Loki|muh -rc.
1135991188 M * FaUl ok, so for i in /etc/vservers/*; do echo default >$i/apps/init/mark; done
1135991199 M * FaUl should do
1135991203 M * FaUl i'll try this later
1135991213 M * FaUl everybody hits me if i reboot the mashine again :-)
1135992055 M * Loki|muh hehe
1135992286 M * Loki|muh i like those machines where no one has shell access ^^
1135994680 J * Aiken_ ~james@tooax8-156.dialup.optusnet.com.au
1135995006 Q * Aiken Ping timeout: 480 seconds
1135995539 Q * yang2 Ping timeout: 480 seconds
1135999065 J * comfrey ~comfrey@cpe-69-203-195-46.nyc.res.rr.com
1135999800 Q * comfrey Ping timeout: 480 seconds
1136000480 J * comfrey ~comfrey@cpe-69-203-195-46.nyc.res.rr.com
1136004520 Q * comfrey Ping timeout: 480 seconds
1136005676 M * emp are there any recomendations out there in how i should run a vpn (l2tp/ipsec) in a vserver enviroment?  On the host, in a guest? does it matter?
1136005883 M * cehteh i would say guest ... but depends on the software you use .. it will likely requires some privileges
1136005985 M * cehteh so you need to ensure that this privileges cant be used to escape from a vserver .. 
1136006015 J * tudenbart ~willi@xdsl-213-196-254-204.netcologne.de
1136006027 M * cehteh if it is possible to escape, then jailing it makes no much sense
1136006086 M * cehteh ipsec requires kernel support .. bad thing for vserver ... how about openvpn?
1136006461 Q * dothebart Ping timeout: 480 seconds
1136006804 J * ryker ~ryker@c-67-176-240-74.hsd1.in.comcast.net
1136010132 J * Smutje_ ~Smutje@xdsl-87-78-84-153.netcologne.de
1136010240 Q * Smutje Ping timeout: 480 seconds
1136011390 J * [1]libin_v ~libin_v@59.92.193.175
1136012554 Q * [1]libin_v Quit:  HydraIRC -> http://www.hydrairc.com <- IRC for those that like to be different
1136012943 J * Aiken__ ~james@tooax6-155.dialup.optusnet.com.au
1136013291 Q * Aiken_ Ping timeout: 480 seconds
1136013674 Q * ryker Quit: Leaving
1136016806 J * tso ~tso@rev.193.226.232.31.euroweb.hu
1136016814 M * tso hi all
1136016826 J * dothebart ~willi@xdsl-213-196-243-75.netcologne.de
1136017060 Q * tudenbart Read error: Connection reset by peer
1136017218 J * meandtheshell ~markus@85-124-14-117.dynamic.xdsl-line.inode.at
1136019979 P * meandtheshell 
1136020039 N * are|lunch _are_
1136022798 M * _are_ norning
1136022803 M * _are_ morning, even
1136022832 J * meandtheshell ~markus@85-124-39-56.dynamic.xdsl-line.inode.at
1136023336 M * _are_ for the new network interface I assume it gets passed struct  vcmd_net_create {       uint64_t flagword;};
1136023366 M * _are_ old interface has no flagword passed and flower page has no file denoting flags for vserver interfaces, either
1136023388 M * _are_ is it safe to ignore it for now and just set 0 or is this a really stupid idea?
1136023467 P * meandtheshell 
1136025201 Q * Aiken__ Ping timeout: 480 seconds
1136025236 J * meandtheshell ~markus@85-124-38-175.dynamic.xdsl-line.inode.at
1136026249 J * shedi ~siggi@213-140-22-77.fastres.net
1136026749 M * eyck  woooa, qemu rox, I've got SMP on my Athlon XP now ;)
1136026771 Q * shedi Quit: Leaving
1136036285 N * Bertl_zZ Bertl_oO
1136036317 N * Bertl_oO Bertl
1136036322 M * Bertl hey folks!
1136036332 M * FaUl moin bertl
1136036333 M * Bertl _are_: yes, the flags are not used yet
1136036370 M * Bertl hey FaUl! how is your machine?
1136036383 M * FaUl Bertl: runs fine 
1136036394 M * FaUl  14:39:50 up 1 day, 12:11,  2 users,  load average: 0.09, 0.04, 0.01
1136036409 M * Bertl great, did you run the testme/fs scripts with the new kernel?
1136036431 M * FaUl with 15 vservers running
1136036441 M * FaUl yes, i did, and i posted it on the ml as well :-){
1136036457 M * Bertl excellent!
1136036470 M * FaUl about two days ago, haven't you read? :-)
1136036501 M * Bertl probably I did, but I'm very forgetful ...
1136036517 M * Bertl (and it usually doesn't hurt to ask :)
1136036580 M * Bertl tso: hey! did you finish your port?
1136036618 M * FaUl Bertl: no problem, i've nearly the same problem :-)
1136037161 M * Bertl okay, off again .. back later, in any case, a happy new year to everyone!
1136037186 N * Bertl Bertl_oO
1136037610 M * FaUl yes, you too
1136038581 Q * dothebart Read error: Connection reset by peer
1136039987 Q * marl Read error: Connection reset by peer
1136040050 J * dothebart ~willi@xdsl-213-196-240-128.netcologne.de
1136040073 M * sizo moin
1136040160 J * marl ~matt@84.92.193.226
1136041287 Q * flock Ping timeout: 480 seconds
1136041386 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il
1136043585 J * GNULinux yang@sparc64.be
1136043595 M * GNULinux hello
1136043602 N * GNULinux yang2
1136043618 M * yang2 Happy new year to all !
1136043750 M * yang2 And here comes the question...I applied this delta patch to allow all IPs from root servers on the guest, but now i want the guest to prevent grabbing some IPs from the main...OR maybe just to give vserver a fixed IP that would be default IP to measure traffic on
1136044130 M * derjohn yang2, you have to tell the daemons on the host/root server to only take one IP, e.g. changing /etc/ssh/sshd_config option ListenAdresss etc.
1136044155 M * yang2 yes, the IP is set to 86.110.64.150
1136044160 Q * _are_ Ping timeout: 480 seconds
1136044164 M * yang2 but still they can use the 86.110.64.2 interface
1136044165 M * derjohn yang2, if you are brave-hearted you may try this alternatively: http://linux-vserver.org/Recipes
1136044210 M * derjohn yang2,  86.110.64.150==host 86.110.64.2==guest?
1136044234 M * yang2 no
1136044236 M * yang2 the opposite
1136044246 M * yang2 i want guest to have only ips from 150-200
1136044255 M * yang2 and not be able to grab the others
1136044267 M * derjohn yang2, you have 1st zu set 86.110.64.2's sshd_config to listenadresss only 86.110.64.2 ...
1136044279 M * derjohn yang2, THEN you may start the sshd within the guests
1136044338 M * yang2 i have it that way
1136044421 M * derjohn yang2, then i guess you forget to restart. is you tell the host only to listen to 86.110.64.2, the IP 86.110.64.150 is free for the guest....
1136044441 M * yang2 also if i run identd, it binds to 86.110.64.2 (root) where is allready used, i cannot run separatelly on vserver
1136044509 M * derjohn i dunot knwo how to bind ident to a certain IP, but if ident itself has no "bindthisip" option, you can start it via "chbind" command (this is shipped with util vsrever)
1136044564 M * derjohn yang2, /sbin/chbind --ip  86.110.64.2/32 --bcast  -- /sbin/ident (something like that, untested though)
1136044585 M * yang2 well
1136044591 M * yang2 i have to repeat
1136044608 M * yang2 my root is 86.110.64.2 and vserver is 86.110.64.150-200
1136044617 M * yang2 but i have now different config
1136044638 M * yang2 i have ip 0.0.0.0 ; nodev ; prefix 0
1136044646 M * yang2 for the vserver
1136044693 M * derjohn yang2, yes, if you start ident on rootserver it will bind by default ALL ip, no matter ip rootserver's or all the guest's IP. to you have to tell the ident  of the rootserver ONLY to take his own IP intead of all ...
1136044708 M * derjohn if it takes all .... the guests cannot bind that port anymore
1136044772 M * yang2 but why doesnt the root ident also work for vserver then
1136044776 M * yang2 if it binds to all ips
1136044786 M * yang2 if i start irc on vserver it comes without ident
1136044816 M * FaUl because the host don't see the connections of the guest
1136044817 M * derjohn yang2, well, did you start the vservers before ident?
1136044824 M * FaUl and can therefore not answer proberly 
1136044848 M * yang2 derjohn: no ident is started from inetd
1136044849 M * derjohn yang2, listen  to FaUl -> i never used ident (I dont run bouncers :))
1136044897 M * FaUl yang2: identd looks in /proc/net/tcp (IIRC) to the connections and the refering username
1136044920 M * FaUl but in /proc/net/tcp of the host are no connections of the vservers
1136044957 M * FaUl so if you want to use identd for the guest it has to run on the guest
1136044987 M * yang2 ok
1136045005 M * derjohn yang2, what FaUl says sounds true. be sure that you give th eguest proper rights to access /proc/net/tcp .. (hint: vprocunhide)
1136045011 M * derjohn FaUl, or?
1136045021 M * FaUl derjohn: it should be unhided anyway
1136045049 M * derjohn yang2, and if you manage to make it work, _please_ write some short lines about it on the wiki (e.g. /Recipes)
1136045055 M * FaUl faul:/proc/net# ls
1136045055 M * FaUl arp  dev_mcast  netlink  packet     raw    rt_cache  sockstat      stat  udp
1136045055 M * FaUl dev  netfilter  netstat  protocols  route  snmp      softnet_stat  tcp   unix
1136045065 M * FaUl without any special magic :-)
1136045113 M * derjohn FaUl, hm, the guest only see it's own tcp connects? (i.e. those with it own context?) Sure that you dont have a special capability set?
1136045287 M * FaUl derjohn: yes, the tcp-connection-table is fully virtualized
1136045316 M * FaUl i have only two entrys in /proc/net/tcp
1136045335 M * FaUl which would be lot to less for the whole server (about 18vservers now)
1136045377 M * derjohn FaUl, hm that's so easy! We should make it more complicated to have a 'marktvorteil' *fg*
1136045590 M * FaUl yes, to increase the shareholdervalue
1136045613 M * FaUl .oO( are we on bullshitbingo again? who has said bingo? )
1136045623 M * Loki|muh lol
1136045644 M * FaUl afk for now
1136045647 M * FaUl cya
1136045654 M * derjohn bye and HNY ....
1136045739 J * Marinus Marinus@ip503cfa01.speed.planet.nl
1136045839 M * Marinus whee! got plesk running in a vserver :-)
1136046087 J * _are_ ~are@p54A0AD45.dip0.t-ipconnect.de
1136046446 M * derjohn Marinus, should we help you to remove that 'plesk'? apt-get remove plesk?
1136046575 M * Marinus hehe nooo, it just finished installing it :P
1136046600 M * tso rm -rf /usr/lib/plesk or something like that...should be fine too
1136046608 M * tso re folks ;-)
1136046770 Q * emp Ping timeout: 480 seconds
1136046841 J * emp ~emp@70.57.239.35
1136047599 J * shedi ~siggi@213-140-22-77.fastres.net
1136048026 M * Marinus how can i allow the CAP_SYS_RESOURCE for a guest?
1136048026 Q * Doener Ping timeout: 480 seconds
1136048054 J * Doener doener@i5387E129.versanet.de
1136049073 Q * cehteh Quit: Client exiting
1136049184 Q * Doener Quit: Leaving
1136049556 M * eyck Happy New Year!
1136050992 J * menomc ~amery@200.75.27.10
1136051097 Q * mnemoc Ping timeout: 480 seconds
1136051097 N * menomc mnemoc
1136052591 Q * lilo_ Quit: leaving
1136053116 J * lilo ~lilo@lilo.usercloak.oftc.net
1136054089 M * derjohn Marinus, create a bcapabilities file and add SYS_RESOURCE to it. See "flower page" on the wiki.
1136054101 M * derjohn HNY to all 'ere! !
1136055265 M * Marinus derjohn, thanks!
1136055439 M * yang2 derjohn: HNY to you too
1136055534 Q * shedi Quit: Leaving
1136055615 M * yang2 derjohn: /usr/src/linux-source-2.6.12/include/linux/vserver/network.h  is this the only file that needs to be modified to IPV4ROOT 64 to support more vhosts?
1136055663 J * Smutje ~Smutje@xdsl-84-44-243-203.netcologne.de
1136055692 M * tso Happy New Year folks
1136055724 M * tso but few hours missing now, but it doesn't matter :)
1136055770 Q * Smutje_ Ping timeout: 480 seconds
1136055780 M * tso yang2 you talked with Bertl yesterday, did you try the vanilla kernel?
1136055797 M * tso (with vserver patches of course)
1136055807 M * yang2 no no, i patched debian kernel
1136055819 M * yang2 it all works now, but
1136055832 M * yang2 I dont want them to use interfaces that are on the main server
1136055842 M * yang2 and i cannot limit that with current config
1136055876 M * tso hm, that was the 'ssh problem'?
1136055898 M * yang2 no
1136055906 M * yang2 it works now ssh
1136055936 M * tso ok, i thought that the same thing..
1136055965 M * tso but you said that it works now, why do you want to patch again?
1136055997 M * yang2 becouse i dont want them to use the interfaces that are on main
1136056020 M * yang2 their processes bind to interface, that should be reserver just for main
1136056025 M * tso aha, and Bertl gave you a patch as i remember...
1136056049 M * yang2 yes, the patch works fine
1136056091 M * yang2 do i have to make-kpkg clean ? or can i remove just some other files, to have a faster build
1136056095 M * tso so you want to apply another? i see... :)
1136056102 M * yang2 i changed just the line in network.h
1136056401 M * tso i haven't use make-kpkg ever, but i think you should clean it 
1136059170 N * Bertl_oO Bertl
1136059174 M * Bertl evening folks
1136059182 M * tso hi Bertl 
1136059210 M * tso Bertl i'm not finished yet the port, but tomorrow it will be done i think
1136059234 M * Hollow hey folks, i'm off now, happy new year to you all!
1136059247 M * Hollow (for those who still are in 2005 ;)
1136059283 M * tso Hollow thx :) and to you too !
1136059420 M * Bertl tso: no problem, when you're done, we'll compare
1136059425 M * tso Bertl i have some problems about ptraces, and i'm thinking about the sched.h changes also, did you try out your version with your changes in linux/sched.h ?
1136059494 M * Bertl all test seem to work fine, what kind of issue do you see?
1136059686 Q * emp Ping timeout: 480 seconds
1136059737 M * tso in sched.h with new atomic64 init 
1136059771 J * emp ~emp@70.57.239.35
1136059902 M * tso or, i don't know, i must drink another beer to discuss it with me :)
1136059940 M * Bertl tso: well, if you need help there, have a look at my patches ...
1136060004 M * Bertl okay, off again, back later ... have fun!
1136060010 N * Bertl Bertl_oO
1136060016 M * tso hm, no i think i'll finish it, and comment it if it will has some questions ..
1136060129 M * tso but the functions about ptraces...really funny that almost all arch has some own routine to the same, 1 with the old routine, 2 with new conception and 2 with the mixed version :)
1136061248 J * jsaw ~jsaw@p54AD393B.dip0.t-ipconnect.de
1136062228 Q * ntrs_ Quit: Leaving
1136064128 Q * Marinus Quit: 
1136065289 N * meandtheshell meandtheshell_zzZZ
1136065409 N * meandtheshell_zzZZ meandtheshell_oO
1136066069 Q * yang2 Remote host closed the connection
1136067079 J * jkl eric@c-67-173-248-142.hsd1.co.comcast.net
1136067446 J * FaU1 ~immo@mobilFaUl.raum.chaostreff-dortmund.de
1136067450 M * FaU1 huhu
1136070004 M * eyck HNY
1136071941 Q * emp Quit: Leaving
1136072696 M * tso Happy New Year for everyone ;)
1136072707 N * tso tso|sleep
1136072715 M * eyck Happy New Year Leap Second;)
1136072759 M * tso|sleep oh not sleep, suspend
1136072764 N * tso|sleep tso|suspend
1136073413 Q * tso|suspend Quit: BitchX-1.1-final -- just do it.
1136073534 M * FaU1 happy new year
1136073545 M * FaU1 from germany