1137542440 M * Bertl hey michal`! any progress or findings regarding kthread? 1137542472 M * michal` not today/tonight, sorry - i have test tommorow so i am... believe or not.. learning ;p 1137542479 M * michal` tommorow i will do it 1137542498 M * Bertl ah, no problem, just thought I missed something yesterday 1137542526 M * michal` somehow i still canot get how module creates kthread, with our flags both in kernel_thread and in module code and it does not get counte 1137542531 M * Bertl what kind of test, if I may ask? 1137542580 M * michal` since i am studing (automatic control and robotics, on technical university) i have test from, gues what - automatic control. 1137542595 M * michal` very borring thing, just math and nothing more 1137542611 M * michal` but a strange one ;] 1137542632 M * Bertl math is never boring :) 1137542653 M * michal` i love pure math, but not used for something like this 1137542663 M * michal` it is automatic control beeing borring 1137542725 M * michal` hm, is there any way to know flags process was cloned with ? not printk because it will fill dmesg buffer in a second. 1137542915 P * undefined 1137543106 M * Bertl michal`: well, you could save them in the task struct somewhere 1137543139 M * Bertl but I guess printk would be fine, how many forks do you expect per second? 1137543193 M * michal` rsbac statistic shows that CLONE request is beeing called 80 000 times for full system start + applications (not too many, basic without x) 1137543201 J * locksy ~locksy@mrtg.sisgroup.com.au 1137543212 M * michal` it includes all processes 1137543216 M * Bertl welcome locksy! 1137543243 M * Bertl michal`: well, 80k entries is not that much ... but I wonder what you actually start there :) 1137543251 M * locksy Hi Bertl. 1137543325 M * michal` believe me, less than you would expect... basic system, fcron,syslog-ng, few bluetooth daemons... 1137543345 M * michal` gentoo startup scripts are calling a whole lot of things thought 1137543352 M * michal` still, 80k is much 1137543399 M * locksy A quick check at vserver/Experimental suggests to me that patch-2.6.15-vs2.0.1.2.diff is the latest and best to apply to 2.6.15.1, is that right? 1137543539 M * Bertl officially yes ... 1137543601 M * locksy and is BME/delta-2.6.14.2-vs2.0.1-rc2-bme0.06.1.diff still necessary? I noticed in passing some commits to mainline about mount flags that suggested this (or equivalent) was going in - but I think it might have been post 2.6.15... 1137543638 M * locksy mainline linux that is, not mainline vserver :) 1137543655 M * Bertl well, last time I checked the bme patches applied quite fine ... which suggests that it is a post 2.6.15 thing 1137543685 M * locksy OK, thanks. I'll give it a whirl... 1137546217 J * ag- ag@caladan.roxor.cx 1137546280 M * Bertl welcome ag-! 1137546868 M * locksy Well it loooks like the BME reads respinning for 2.6.15 (interference from the shared subtrees patches) I don't really know the code well enough to be sure of my merge attempt... 1137546897 M * Bertl it is in 2.1.x, so that should not be too hard 1137546935 M * locksy Aaah! Ta. Will check that out... 1137547006 M * locksy Is there any known serious issues with 2.1.x (i.e. why shouldn't I just use it instead of the 2.0.1.2 patch) 1137547026 M * Bertl no 'known' serious issues, but it's the devel branch 1137547048 M * Bertl more features, more things which can break there :) 1137547055 M * locksy *grin* 1137547162 M * michal` Bertl: question: why are you checking and denying creating kthreads from guests - they are not allowed to perform all priviledged operations that would lead to creating them, right ? they cannot say, load kernel module. 1137547197 M * Bertl yes, which is a GoodThing (tm)to do :) 1137547265 M * michal` i agree, about beeing unable to load moduules, but how they could create kthread than ? 1137547283 M * michal` that's ring 0 level, so only possible from the kernel 1137547293 M * Bertl by accident ... and it would be tagged with the context 1137547310 M * Bertl just think binary file calls for kernel helper 1137547337 M * michal` ok, i see 1137547374 J * Aiken_ ~james@tooax6-062.dialup.optusnet.com.au 1137547426 M * michal` hm, will code separate restriction about creating kthreads in rsbac jail mayby... or even all rsbac. as scd type, so very configurable (per role,jail for example). 1137547465 M * michal` scd - system control data access, priviledged operations, like changing system date'n'time, setting hostname, loading kernel modules... lots of it 1137547483 M * Bertl i.c. 1137547524 M * michal` won't harm, might help, extra check is quite cheap (Amon is lists/hash guru ;) 1137547568 M * Bertl I'm glad if the code/idea finds good use ... 1137547607 M * Bertl and even happier if you identify/fix bugs there :) 1137547662 M * michal` same with me :) 1137547697 M * michal` pccardd has to start listening to me, no questions asked, same with firewire drivers daemon and some not yet identified ;] 1137547710 M * michal` ThreeGhosts 1137547719 Q * Aiken Ping timeout: 480 seconds 1137547753 M * michal` k... have a good whatever 1137547756 A * michal` vanished 1137547760 M * locksy Bertl, Trying to get BME for 2.6.15.1-vs2.0.1.2 the existing patch is close enough I can manually fix it except for fs/namespace.c; Can you think of any other changes to the 2.1.x branch which would stop me simply stealing the fs/namespace.c from there? 1137547808 M * Bertl hmm, let me check ... 1137547810 M * locksy I understand the code well enough to read it, but not write it... :( 1137547917 M * Bertl hmm, yes, the quota hashes 1137547932 M * Bertl and the xid propagation 1137547964 M * Bertl but maybe getting both trees and doing something lie: 1137547966 M * Bertl *like 1137547988 M * Bertl diff -NurpP --minimal linux-2.6.15-vs2.{1.x,0.1.2}/fs/namespace.c 1137548001 M * Bertl might give you a patch you can trim down easily :) 1137548063 M * locksy VXC_SECURE_MOUNT is a new feature? 1137548092 J * mef_ ~mef@pcp09872021pcs.ewndsr01.nj.comcast.net 1137548099 M * Bertl hmm, no? 1137548104 M * Bertl welcome mef_! 1137548139 M * locksy sorry, found it :) 1137548180 M * locksy hmmm, gotta find a good diff3 viewer... 1137548348 M * Bertl anybody using autofs4 with 2.6.15? 1137550656 J * lonewolf1 ~lonewolff@host-84-9-143-159.bulldogdsl.com 1137550656 Q * lonewolff Read error: Connection reset by peer 1137550807 M * Bertl does anybody know a boot floppy with ssh and disk access? (raid and scsi) 1137551074 J * _Roey ~abc@pcp04370251pcs.nrockv01.md.comcast.net 1137551075 M * _Roey hi 1137551076 M * _Roey HI 1137551077 M * _Roey Bertl: hi 1137551084 M * _Roey did you guys see this: http://news.com.com/Companies+push+Linux+partitioning+effort/2100-1016_3-6027219.html 1137551095 M * _Roey so Red Hat is leaning towards using this OpenVZ thing 1137551168 M * Bertl well, did you read the entire article (hmm, at least twice)? 1137551231 M * _Roey Bertl: vserver is mentioned in the end I saw. 1137551243 M * _Roey and this OpenVZ is tied to a company 1137551247 M * _Roey which I don't like really 1137551249 M * _Roey for some reason 1137551251 M * _Roey even though it's GPL. 1137551285 M * Bertl it's only partially GPL ... 1137551291 M * _Roey Bertl: LPGL??? 1137551292 Q * Johnsie Quit: G'bye! 1137551293 M * _Roey eerg 1137551395 M * _Roey " "There were some ideas about competitors, such as Vserver. We didn't want them to access our code easily," Korotaev said. "Sure, they could get (source code) if they bought Virtuozzo. But when our technology was only started, it was important that our ideas wouldn't appear in another project." " 1137551396 M * _Roey eh? 1137551398 M * _Roey screw them. 1137551428 M * Bertl well, I didn't know that they was that afraid back then :) 1137551441 M * _Roey heehehehe 1137551449 M * Bertl *were 1137551463 M * _Roey " The approach meant SWsoft staff "basically were violating the GPL by not providing the source to their kernel modifications to their customers," said Vserver project leader Herbert Poetzl." 1137551476 M * _Roey Bertl: this is a new era, man. 1137551488 M * _Roey This is the era of Open proprietary components. 1137551493 M * _Roey like Red Hat 1137551494 M * _Roey and Suse. 1137551528 M * _Roey open proprietary meaning that even though it's GPL, the software only really fits on a specific vendor's distribution. 1137551532 M * _Roey like Xen, say. 1137551538 M * _Roey Fedora is getting Xen. 1137551542 M * _Roey Xen is a Fedora and Suse thing. 1137551545 M * _Roey Debian users can go to hell. 1137551553 M * _Roey that's what I read from all of this. 1137551589 M * Bertl well, xen is for everybody ... but I agree that the 'marketing kung-fu' seems strong nowadays ... 1137551645 M * _Roey and proprietary vendors end up coding for Red Hat or for Suse. 1137551647 M * _Roey not for Debian. 1137551654 M * _Roey because there's no 'corporate face' to it 1137551660 M * _Roey it makes me sick. 1137551664 M * Bertl http://www.illuminata.com/perspectives/ (scroll down to OpenVZ :) 1137551672 M * _Roey I mean I understand their position 1137551674 M * _Roey I just don't like it. 1137551928 J * tgunkel_ ~Thorsten@dslb-084-058-138-122.pools.arcor-ip.net 1137551940 M * Bertl welcome tgunkel_! 1137551950 N * tgunkel_ ThorstenG 1137551952 M * ThorstenG Hi Bertl 1137551963 M * Bertl sounds more like rapper now :) 1137551984 M * ThorstenG Remember when I asked yesterday what kernel I should upgrade to? ;-) 1137552010 M * Bertl yup 1137552044 M * ThorstenG I don't like 2.6.14.6 too much :) 1137552071 M * Bertl hmm ... may I offer 2.6.15.1 then? 1137552087 M * ThorstenG When I shutdown I get unfinit unregister_netdevice: waiting for XXX to become free 1137552103 M * ThorstenG I common bug as it seems with patches 1137552143 M * Bertl with what patches? 1137552157 M * ThorstenG Patches for this problem 1137552180 M * Bertl ah, well, shouldn't they be in 2.6.14.7 then? 1137552196 M * ThorstenG So I can choose between a newer kernel and patching the problem in 2.6.14.6 1137552322 M * ThorstenG Mmm, don't know where it's fixed. Where there any reasons why I should go for 2.6.15.1? 1137552334 M * ThorstenG should not 1137552354 M * ThorstenG Known problems, patch not yet ready, ...? 1137552430 M * Bertl not that well tested, but should work, will make a new deployment tonight (sub-release) 1137552467 M * ThorstenG ok, I wait until the weekend. If shutdown is the only problem :-) 1137552487 M * ThorstenG But I have another small glitch: 1137552495 M * ThorstenG rm -rf user_passwd 1137552495 M * ThorstenG rm: cannot remove `user_passwd': Operation not permitted 1137552501 M * ThorstenG -rwxrwxrwx 2 root www-data 190 2005-10-17 20:37 user_passwd 1137552510 M * ThorstenG # lsattr user_passwd 1137552510 M * ThorstenG ----------------- user_passwd 1137552516 M * ThorstenG drwxrwxrwx 5 root staff 4096 2005-10-24 03:20 . 1137552570 M * ThorstenG I moved or copyed this file from a vserver to the hosts /tmp folder. I use vhasify inside the vserver. 1137552612 M * ThorstenG I forgot: # whoami 1137552612 M * ThorstenG root 1137552681 M * Bertl host or guest root? 1137552684 M * ThorstenG Host 1137552720 M * Bertl what are the directory permissions? 1137552734 M * ThorstenG # ls -adl . 1137552735 M * ThorstenG drwxrwxrwx 5 root staff 4096 2005-10-24 03:20 . 1137552749 M * Bertl lsattr -d . 1137552758 M * ThorstenG # lsattr -d . 1137552759 M * ThorstenG ----------------- . 1137552783 M * Bertl that's at least unusual ... 1137552799 M * Bertl what does 'grep Cap /proc/self/status' say? 1137552817 M * ThorstenG # grep Cap /proc/self/status 1137552817 M * ThorstenG CapInh: 0000000000000000 1137552817 M * ThorstenG CapPrm: 00000000fffffeff 1137552817 M * ThorstenG CapEff: 00000000fffffeff 1137552853 M * ThorstenG I used tune2fs to force a fsck at reboot, didn't help 1137552890 M * ThorstenG Do you think this is verser / vashify related? 1137552905 M * Bertl not really ... but you never know ... 1137552927 M * ThorstenG The file seems to be a hard link, right? 1137552928 M * Bertl do you get any strange debug messages in dmesg? 1137552963 M * ThorstenG I fear it is full of iptables messages 1137552966 M * Bertl what does showattr user_passwd report? 1137552978 M * ThorstenG ----Ui- user_passwd 1137552979 M * ThorstenG i? 1137552984 M * Bertl ah, there it is 1137553001 M * Bertl it is tagged with the iunlink 1137553017 M * Bertl iunlink iverts the meaning of unlink 1137553035 M * Bertl it is very suspicious that this flag is set, but immutable is not 1137553054 M * Bertl nevertheless, it's easy to remove, just use setattr 1137553166 M * ThorstenG ok, that worked 1137553172 M * ThorstenG Thanks :) 1137553197 M * ThorstenG Mmm, silly question: Was that vserver related? showattr is from the vserver utils, right? 1137553216 M * ThorstenG That flag is that vserver specific or standard ext2/3? 1137553279 M * Bertl yes, it is a vserver flag, but the tools should never set it without the immutable flag 1137553318 M * Bertl so, if you didn't remove the immutable flag by hand, I would verify your toolset and/or scripts 1137553328 M * ThorstenG So I can't fool friend to create files they can't delete ;-) 1137553372 M * ThorstenG Maybe the scripts that try to clean /tmp did? 1137553409 M * Bertl well, you can fool them, because the tools also allow to set the flag :) 1137553424 M * ThorstenG But they would need a vserver patched kernel? 1137553439 M * Bertl (well, immutable flag would be sufficient) funny thing is, they can be deleted anyway 1137553672 M * ThorstenG I fear I don't fully understand setattr. I have this file: showattr user_authorisation 1137553673 M * ThorstenG ----ui- user_authorisation 1137553692 M * ThorstenG How do I get rid of u and i? 1137553710 M * ThorstenG setattr --~iunlink-but-not-immutable user_authorisation 1137553716 M * ThorstenG does not change anything 1137553731 M * Bertl the lower-case version shows that the flags are available 1137553744 M * Bertl the upper-case version shows that they are set 1137553770 M * ThorstenG So I should be able to delete it? 1137553793 M * Bertl at least regarding those flags, yes 1137553820 J * stefani ~stefani@c-24-19-46-211.hsd1.wa.comcast.net 1137553834 M * Bertl welcome stefani! 1137553835 Q * stefani Quit: 1137553840 M * ThorstenG :-) 1137553940 M * ThorstenG But I can't. 1137553970 M * ThorstenG # showattr svn/user_authorisation 1137553970 M * ThorstenG ----ui- svn/user_authorisation 1137553980 M * ThorstenG # rm -rf svn/user_authorisation 1137553980 M * ThorstenG rm: cannot remove `svn/user_authorisation': Permission denied 1137554018 M * ThorstenG Maybe the folder is the problem? ---buI- svn 1137554020 M * Bertl let's do the usual checks for the file and dir 1137554032 M * Bertl yep, I on dir will not allow removal 1137554074 M * ThorstenG ah, ok 1137554075 M * ThorstenG :-) 1137554102 M * ThorstenG It's gone 1137554158 M * ThorstenG Thanks Bertl :-) 1137554515 Q * ThorstenG Quit: Leaving 1137554646 Q * wibble Remote host closed the connection 1137554662 J * wibble wibble@vortex.ukshells.co.uk 1137555369 M * Bertl wb wibble! 1137555816 Q * flock Ping timeout: 480 seconds 1137556282 Q * mkhl Quit: 1137560871 M * jpacheco anyone here? 1137560878 M * Bertl yes, what's up? 1137560885 M * jpacheco hey bertl 1137560907 M * jpacheco i get this error when i try to start syslog-ng inside of a gentoo vserver 1137560915 M * jpacheco Error opening file /proc/kmsg for reading (Operation not permitted) 1137560930 M * jpacheco how can i get that vserver to have access to that file? 1137560947 M * Bertl try to disable the entry (for kmsg) in the syslog-ng config 1137560975 M * jpacheco syslog-ng doesn't need kmsg? 1137560976 M * Bertl or, alternatively, you could enable the syslog virtualization 1137560997 M * Bertl which would give you an empty file there (i.e. no benefit) 1137561022 M * jpacheco it looks like /proc/kmsg is where the logger gets all of its information 1137561027 M * Bertl the thing is, this file is used for logging kernel messages 1137561030 M * jpacheco is there no way to open that file to the vserver? 1137561042 M * Bertl it doesn't make much sense to log the kernel messages inside a guest 1137561050 M * Bertl as they do not really belong there 1137561074 M * jpacheco what about services that get log info from kmsg 1137561087 M * jpacheco like mail 1137561088 M * Bertl should happen on the host 1137561097 M * Bertl mail will never log via kmesg 1137561103 M * jpacheco ah, gotcha 1137561118 M * Bertl you know dmesg? 1137561120 M * jpacheco then i guess i should just disable syslog altogether then 1137561130 M * jpacheco all together 1137561141 M * jpacheco altogether 1137561145 M * jpacheco lol, im so tired 1137561153 M * Bertl dmesg will show you the most recent kernel log messages 1137561169 M * Bertl those are the messages which get logged via kmsg 1137561227 M * Bertl (they usually end up in /var/log/dmesg) 1137561242 M * jpacheco right 1137561247 M * jpacheco cool, thanks man 1137561252 M * Bertl you're welcome! 1137561373 M * jpacheco hey bertl 1137561395 M * jpacheco is there a way to monitor all traffic going in/out of vservers 1137561404 M * Bertl you mean network traffic? 1137561409 M * jpacheco yeah 1137561417 M * jpacheco bandwidth monitoring 1137561430 M * Bertl you have two options there, one is to use iptables to do 'per guest' accounting 1137561445 M * jpacheco and i can do that on shared ip's? 1137561460 M * Bertl the other is to use the socket accounting in the /proc/virtual/*/cacct 1137561472 M * jpacheco basicly 1137561503 M * jpacheco i just want to ticket everying that is read from a particular location 1137561536 M * jpacheco so i can keep apache on a global vserver 1137561551 M * jpacheco but because its looking in location X, the meter starts going up 1137561554 M * jpacheco u know what i mean 1137561584 M * Bertl yes, but if you have a single apache for that, you have to use the logging feature of apache to account it 1137561601 M * Bertl (which works quite well, btw) 1137561613 M * jpacheco so there isn't something that i can have in the background 1137561629 M * jpacheco kind of like a gate keeper at the doors of my vserver 1137561637 M * jpacheco watching everything go by 1137561644 M * Bertl doesn't work, because how would you decide which URL was requested, if they have the same IP 1137561657 M * jpacheco that's what i mean 1137561670 M * jpacheco something that isn't really network based 1137561672 M * Bertl requires that something 'understands' the protocol 1137561682 M * jpacheco more like, it monitors disk reads 1137561704 M * jpacheco that way, its blind to everything else 1137561715 M * Bertl well, you could get notifications for disk access 1137561736 M * jpacheco i dunno, im just thinking off hand 1137561742 M * jpacheco just trying to see what's out there 1137561744 M * Bertl (not sure it's worth the trouble though) 1137561771 M * jpacheco basicly i want to watch for apache, ftp, ssh, and mysql 1137561812 M * jpacheco and lump all of that data into one meter 1137561866 M * Bertl why not put them into separate guests and use the socket accounting then (for network stuff) and the disk limits/accounting (for disk space) 1137561915 M * jpacheco i have all my services in sep vservers 1137561935 M * jpacheco is that what you mean? 1137561946 M * jpacheco if so, how can socket accounting help? 1137562193 M * Bertl you have a separate guest for each service 1137562200 M * jpacheco yeah 1137562205 M * Bertl what about your clients/customers 1137562212 M * jpacheco sep too 1137562221 M * jpacheco shared ip's 1137562232 M * Bertl so one guest per customer and service, yes? 1137562244 M * jpacheco actually, the services use one ip also 1137562251 M * jpacheco except apache, which needs more 1137562255 M * jpacheco but yes, that is correct 1137562274 M * Bertl okay, great, I guess linux-vserver should already account everything then :) 1137562294 M * Bertl (well, you probably don't have tagxid enabled yet) 1137562304 M * jpacheco just read about that today 1137562309 M * Bertl but let's look at the sockets for example ... 1137562311 M * jpacheco for quota stuff 1137562319 M * jpacheco sounds really interesting 1137562339 M * Bertl figure the xid for a guest which does sshd for one customer 1137562357 M * Bertl then do: cat /proc/virtual//cacct 1137562375 M * jpacheco how do i enbale tagxid? 1137562382 M * jpacheco better yet 1137562386 M * jpacheco where's the docs for this 1137562386 M * jpacheco lol 1137562401 M * Bertl tagxid is a mount option for your filesystem 1137562431 M * Bertl so, assumed that the guests reside on a partition, you just mount that partition with 'tagxid' 1137562553 M * jpacheco do i add that under the options tab? 1137562555 M * jpacheco in fstab 1137562580 M * Bertl yes, for example, be careful not to tag the root partition 1137562609 M * Bertl (well, that's actually not that easy, so it should not happen accidentially) 1137562816 M * jpacheco im trying to remount 1137562819 M * jpacheco that partition 1137562822 M * jpacheco but it won't let me 1137562834 M * jpacheco mount -o remount /dev/hdb1 1137562864 J * infowolfe infowolfe@66-230-116-7-cdsl-rb1.nwc.acsalaska.net 1137562865 P * infowolfe 1137562877 M * jpacheco bah 1137562878 M * jpacheco nm 1137562881 M * Bertl jpacheco: yes, that's a security measure 1137562888 M * jpacheco ok, so i have tagxid turned on 1137562906 M * jpacheco ah, very nice 1137562930 M * Bertl now if you add an entry (with vdlimit) for your guest (you do not need to limit the guest, just create the entry) 1137562979 M * Bertl the kernel will account the data on disk for that context (i.e. update blocks and inodes relative to your initial values) 1137562993 M * Bertl there is a detailed wiki page for that, let me dig it out ... 1137563004 M * jpacheco ok 1137563016 M * jpacheco so lets say i tag that guest 1137563018 M * jpacheco then what 1137563027 M * jpacheco how is stuff accounted for? 1137563045 M * Bertl all files and inodes created by that guest will get a 'tag' that this data belongs to this context 1137563057 M * jpacheco ok 1137563059 M * Bertl the tagxid is 'just' for disk space 1137563078 M * jpacheco so its used for setting disk limits 1137563079 M * Bertl as I said, sockets are already accounted per context 1137563095 M * Bertl jpacheco: yes, usually it is used to limit disk space 1137563130 M * Bertl http://linux-vserver.org/Disk+Limits 1137563138 M * jpacheco reading that page right now 1137563239 M * daniel_hozac hmm. 1137563243 M * jpacheco so how does this help with bandwidth monitoring? 1137563244 M * daniel_hozac i thought i updated that page yesterday. 1137563311 M * Bertl jpacheco: not at all, as I said, for networking you want to look at the socket accounting, but you mentioned something about the disk before ... 1137563329 M * jpacheco oh, lol 1137563342 M * jpacheco so, back to socket accounting then 1137563352 M * jpacheco but that disk stuff was very cool 1137563356 M * jpacheco thanks for the update 1137563357 M * Aiken_ Bertl you have a pr battle alright 1137563372 M * Bertl Aiken_: good :) 1137563373 M * Aiken_ 2 hours ago I had an IT person tell me "http://openvz.org/ -open linux virtualisation... more isolated than vserver" 1137563391 M * Aiken_ I have spent some of the time arguing with him 1137563402 M * jpacheco i hear ppl saying xen is more secure 1137563432 M * Bertl jpacheco: that might even be true .. but might not be true as well 1137563452 M * Bertl jpacheco: it's hard to tell, because it depends on the situation ... 1137563463 M * jpacheco yeah 1137563464 M * Bertl let me give a simple example ... 1137563472 M * jpacheco so is there a mem limit also for vserver? 1137563475 M * jpacheco or cpu limit 1137563481 M * Bertl yes, both is there 1137563485 M * jpacheco niiiice 1137563504 M * Bertl consider two physical machines running linux 1137563505 M * jpacheco i've been working so hard at getting the services inside to work 1137563511 M * jpacheco haven't had time to play with the cool stuff 1137563515 M * jpacheco ok 1137563525 M * Bertl now somebody uses a loadable module as kernel exploit 1137563551 M * Bertl would that work on linux-vserver? no 1137563570 M * Bertl would it work on xen? probably yes ... 1137563584 M * Bertl would it work on vmware or the real machines, definitely 1137563613 M * Bertl does that make linux-vserver more secure than xen? not really ... well in this case yes 1137563617 M * jpacheco any reason why it would work on xen? 1137563623 M * Aiken_ to me the advantage of xen would be able to run different OS at the same time, it linux + netbsd and someone has done work on booting solaris in xen 1137563639 M * Bertl jpacheco: because xen has a guest kernel the module can be loaded into 1137563646 M * jpacheco so what are the benifits of running xen over linux-vserver? 1137563665 M * jpacheco besides the fact that you can run different oses 1137563667 M * jpacheco os's 1137563673 M * jpacheco cause that's not something i need 1137563688 M * Bertl the very same things you have as disadvantages can be listed as advantages in certain cases 1137563708 M * Aiken_ with xen guests could run different kernels 1137563717 M * Bertl for example, if you want to have access to phyiscal disks (not filesystems) you're probably better off with xen 1137563757 M * Aiken_ with vserver is there any reason why you could not set /dev/sdX and hdX for a guest to play with? 1137563767 M * Bertl security 1137563793 M * Bertl if you give away a raw device to a guest, malicious programs could create arbitrary devices on that 1137563809 M * Bertl in turn, wiping out your host system 1137563814 M * jpacheco ah 1137563821 M * Aiken_ I was thinking I have a 2gig partition (hda4) with windows sitting on it 1137563823 M * jpacheco so /dev/whatever does nothing in a vserver 1137563828 M * Aiken_ let a vserver have hda4 for disk 1137563848 M * jpacheco question 1137563861 M * jpacheco can you tag files outside of a vserver 1137563872 M * jpacheco which belong to another vserver 1137563879 M * jpacheco but are stored somewhere else 1137563894 M * Bertl yes, all accesses to files will be tagged according to the context they happen in (when the tagging is enabled) 1137563917 M * Bertl but be careful, if your contexts overlap, the tagging might result in permission issues 1137563925 M * jpacheco come again? 1137563936 M * Bertl let's assume context 101 writes a file 1137563955 M * Bertl (it get's tagged properly, but resides in a shared space with context 102) 1137563975 M * Bertl now context 102 tries to write or read that file, and gets permission denied 1137563981 M * jpacheco ahhh 1137563985 M * jpacheco gotcha 1137563993 M * Bertl that's part of the isolation concept 1137563999 M * jpacheco im trying to get around my mysql problem 1137564006 M * jpacheco and monitoring db sizes 1137564025 M * jpacheco i want the disk limit to apply to the db files as well 1137564032 M * jpacheco but they exist on a different guest 1137564113 M * Bertl probably not that easy .. but, if you want to test something (in the near future) I have something planned which would allow this and more ... 1137564130 M * jpacheco yeah? how does it work? 1137564150 M * Bertl I plan to make the xid tagging for files independant from the context ids 1137564173 M * Bertl so basically you could assign the same tagging id to different contexts 1137564177 M * jpacheco an acl tagging system would be cool 1137564215 M * jpacheco like file system perms but for tagged files 1137564216 M * Bertl that would be an alternative solution, not sure it's worth the efford though ... 1137564219 M * jpacheco or directories 1137564234 M * daniel_hozac didn't someone say they were going to look in to that on the mailing list? 1137564249 M * Bertl yes, I remember something too 1137564311 M * daniel_hozac http://www.paul.sladen.org/vserver/archives/200601/0124.html 1137564386 M * jpacheco cool 1137564400 M * jpacheco so disk limiting is out for me 1137564419 M * jpacheco i expect to have multiple services writing to guest directories 1137564441 M * Bertl yes, for now, I'd say it's not what you want 1137564448 M * jpacheco what if 1137564461 M * jpacheco an untagged context is doing the writing 1137564473 M * jpacheco would it still mess up? 1137564482 M * daniel_hozac only the host is "untagged". 1137564490 M * Bertl very likely, files will get tagged when they are created 1137564490 M * daniel_hozac in the sense that all guests can still read the files. 1137564551 M * jpacheco so if my apache guest (untagged) writes to a dir in my guest (tagged) it won't work ? 1137564661 M * daniel_hozac what exactly do you mean by untagged/tagged? 1137564675 M * Bertl problem is, even if you have not created the accounting entry, the files will be tagged with the xid 1137564690 M * jpacheco before i use chxid? 1137564889 M * Bertl yes, basically when you use the tagxid option 1137564905 M * jpacheco ah, ic 1137564958 M * Bertl that's something I want to change in the future 1137564971 M * Bertl i.e. let the user decide 'what' tagging will be used 1137565385 M * Hollow morning 1137565387 M * _Roey gnight all 1137565392 M * Hollow heh 1137565407 M * Bertl night _Roey! 1137565415 M * Bertl good morning Hollow! 1137565418 M * _Roey thanks Bertl 1137565430 M * _Roey 20 goto SLEEP 1137565437 M * Hollow hey Bertl, any idea what happens if a cloned process gets SIGSEGV before doing anything else? 1137565470 M * Bertl no idea, I just can guess ... 1137565511 M * Bertl - maybe some 'essential' pages are protected 1137565535 M * Bertl - maybe the stack is pointing into nowhere 1137565582 M * Bertl - maybe execution starts at the 'wrong' location? 1137565624 M * Hollow hm.. first the stack thing... how do i know how much stack to allocate before clone? 1137565648 M * Bertl the rule is simple, it should be sufficient :) 1137565662 M * Hollow :) 1137565670 M * Bertl no, seriously, reserve a few pages 1137565687 M * Hollow so 16384 should be enough? 1137565705 M * Bertl and be careful, as the stack counts downwards, IIRC 1137565729 M * Bertl (so you do not want to pass the start address of that memory) 1137565745 M * Hollow ah, that may be the problem 1137565760 J * Aiken__ ~james@tooax8-080.dialup.optusnet.com.au 1137565769 M * Bertl wb Aiken__! 1137565800 M * Aiken__ the computer reconnected to the net just in time for to go and play with the ride on mower :) 1137565805 M * Hollow so if have alloced 16384 bytes i'll have to tell clone stack+16384? 1137565831 M * Bertl IIRC, yes, please double check 1137565836 M * Hollow ok, will try 1137566003 J * balbir ~balbir@59.145.136.1 1137566074 Q * Aiken_ Ping timeout: 480 seconds 1137566275 M * Bertl welcome balbir! 1137566383 M * Hollow oh, you need even more of my precious time, Bertl? ;) 1137566403 M * Bertl Hollow: well, not too much ... I guess ... 1137566412 M * Hollow just reading your mail 1137566421 M * Bertl thought so ... 1137566549 M * Hollow well, as i spread all this in gentoo land, i think i do a quite good PR job ;) 1137566564 M * Bertl excellent, yes indeed ... 1137566592 M * Bertl Hollow: so consider it FYI :) 1137566666 M * Hollow but imo we really, _really_ need a better organization for linux-vserver... also that the releases appear still on 13thfloor, and the util at savannah (or dev.croup.de ;) i think we should set up a global repositorie for all our software and manage it through one site 1137566674 M * Hollow (we can also publish news there) 1137566684 M * Hollow s/linux-vserver/linux-vserver.org/ 1137566698 M * Bertl we will soon attack the wiki (i.e. switch to mediawiki ro something like that) 1137566729 M * Bertl and I guess this will go hand in hand with some svn/git repositories 1137566741 M * Hollow sounds great 1137566753 M * Hollow i'm a big fan of trac, do you know it? 1137566757 M * Bertl but will need time and efford ... 1137566791 M * Bertl trac? hmm .. heard that, but don't remember 1137566816 M * Hollow quite nice, and perfect svn integration 1137566832 M * Hollow look e.g. at http://dev.croup.de/proj/vserver-utils 1137566835 M * Hollow that's trac 1137566840 M * Bertl well, problem is, for kernel svn is inadequate 1137566848 M * Hollow yeah 1137566860 M * Bertl but for tools and such, it's really great 1137567011 M * Hollow anyways, if you need help with the website setup, i'm really willing to help ;) 1137567221 M * Bertl I'll definitely come back to that, but I guess your time is currently better spent on the userspace tools, unless you prefer something different ... 1137567230 J * Smutje_ ~Smutje@xdsl-84-44-185-14.netcologne.de 1137567316 M * Hollow well, i certainly don't have the time to transfer all the content, since the wiki is open anyone can do that after it is setup 1137567344 Q * Smutje Ping timeout: 480 seconds 1137567369 M * Bertl well, will need a lot of reviewing and double checking, but I'm sure some folks will do that (with a little help from 'us') 1137567438 M * Hollow yeah, how do you plan on the legacy content? should we just skip it and probably leave the old wiki around for some time? 1137567483 M * Bertl I will figure something, we did that with the 'old' pages too, they are still around somewhere :) 1137567496 M * Hollow heh, ok 1137567512 M * Hollow legacy-bin.l-v.org :P 1137567514 M * Bertl we will try to keep the transition as smooth as possible, especially regarding google hits 1137567540 M * Bertl because that's my main resource when I have to answer questions :) 1137567549 M * Hollow hehehe 1137567639 M * Bertl okay, I'm off to bed now ... so have fun! 1137567643 M * Hollow night! 1137567662 M * Bertl tx, good luck with the clone() 1137567669 N * Bertl Bertl_zZ 1137567675 M * Bertl_zZ night everyone, cya! 1137567677 M * Hollow thanks, will need it, the whole yesterday was just about clone 1137568459 J * Pazzo ~Pazzo@host130-250.pool8172.interbusiness.it 1137568616 J * kongsted ~ak@0x5551697e.adsl.cybercity.dk 1137568773 M * Aiken__ Hollow should /usr/share/vserver-utils/pathconfig define VNFLAGS? 1137568906 M * Hollow guess not, since none of the scripts uses it, but in general all commands should be there in the end ;) 1137568921 Q * kongsted Quit: 1137569083 M * Aiken__ doing a strace on 'vserver start slate' I get a lot of lines like stat64("/usr/bin/-S", 0x7fcd4640) = -1 ENOENT (No such file or directory) 1137569089 M * Aiken__ with it defined I don't 1137569113 M * Aiken__ still stumped by Failed to create networkcontext: Function not implemented 1137569151 M * Hollow hm 1137569158 A * Hollow takes a look 1137569184 M * Hollow indeed. 1137569191 M * Hollow one call to vnflags 1137569219 M * Aiken__ vps.sh 1137569223 M * Hollow yup 1137569230 N * Aiken__ Aiken 1137569291 M * Hollow wh000t! 1137569297 M * Hollow Bertl_zZ: i love you :) 1137570249 Q * mef Ping timeout: 480 seconds 1137570406 Q * dlippolt Ping timeout: 480 seconds 1137570631 J * Johnnie ~jdlewis@acs-24-154-53-16.zoominternet.net 1137570631 Q * shedi Read error: Connection reset by peer 1137570779 J * tudenbart ~willi@xdsl-213-196-220-172.netcologne.de 1137570874 J * prae ~prae@ezoffice.mandriva.com 1137571240 Q * dothebart Ping timeout: 480 seconds 1137571664 J * shedi ~siggi@inferno.lhi.is 1137572642 N * lonewolf1 lonewolff 1137572771 Q * _Roey Ping timeout: 480 seconds 1137573370 Q * cattivik Quit: Client exiting 1137573552 Q * shedi Quit: Leaving 1137574646 J * klap ~mikmak@iflap2.ujf-grenoble.fr 1137574648 M * klap hello 1137574691 M * klap any idea what could prevent apt-get from working inside a vserver ? (apparently some /var/lib/dpkg/ files are hidden in the vserver) 1137574874 M * schellh maybe you aint root ? *fg sorry but there is no reason for that 1137574894 M * klap well, I enter it with "vserver myserv enter", so I should be root ;) 1137574908 M * schellh was more of a joke.. 1137574927 M * schellh try apt-get update ? 1137574932 M * klap sure ;) 1137574936 M * klap malherbe:/var/lib/dpkg# ls -l status 1137574936 M * klap ls: status: Aucun fichier ou répertoire de ce type 1137574936 M * klap malherbe:/var/lib/dpkg# LANG=C touch status 1137574936 M * klap touch: cannot touch `status': Permission denied 1137574984 M * klap i've tried lsattr/showattr on these files but it looks the same as other files 1137575006 M * klap i also checked the filesystem (reiser), it was ok 1137575021 M * klap i ran the testfs.sh script to be sure my kernel was ok, and it is 1137575030 M * klap (2.6.14.6 with vs2.01) 1137575044 M * schellh maybe a strace touch status can tell more 1137575053 M * schellh or move the old status and then touch a new 1137575071 M * lonewolff hey all 1137575137 M * klap open("status", O_WRONLY|O_NONBLOCK|O_CREAT|O_NOCTTY, 0666) = -1 EACCES (Permission denied) 1137575155 M * klap and the next line is : 1137575158 M * klap utime("status", NULL) = -1 ENOENT (No such file or directory) 1137575179 M * schellh maybe you need to run a reiserfs check program ? 1137575251 M * klap i already did many times, and the fs is fine 1137575285 M * schellh what does mv tell ? 1137575290 M * klap hmm 1137575297 M * klap I fixed it apparently 1137575305 M * klap from the host, I moved the status files on another fs 1137575313 M * klap then moved them back to their original place 1137575319 M * schellh weird 1137575321 M * klap re-enterred the vserver, and then it works again 1137575325 M * klap definitely ... 1137575415 M * klap arf, apt is complaining about another files in that directory :) 1137575420 M * klap let's move them all ... 1137575512 M * klap hmm, I must have severily broken something, dpkg complains about unexisting files in /usr/bin now 1137575521 M * klap let's scratch this vserver and start again 1137575546 M * schellh yep 1137576521 Q * schellh Ping timeout: 480 seconds 1137577036 J * lilalinux ~plasma@h1-gw.of.net-lab.net 1137577596 Q * Greek0 Ping timeout: 480 seconds 1137578191 J * lilalinux_ ~plasma@dslb-084-058-194-057.pools.arcor-ip.net 1137578632 Q * lilalinux Ping timeout: 480 seconds 1137579084 M * klap well, even a new vserver has the same problems :/ 1137579195 M * klap rebooting the host ... 1137579483 Q * balbir Quit: Leaving 1137580031 M * yang2 I got some memory trouble, since I installed vserver patch, my kernel recognises only 256mb memory, even with 2x 256mb sticks inside...I might try to boot to an older kernel to see if this problem still exists 1137580105 M * yang2 or maybe its a hardware failure, one stick falled out or such, I cannot check since its in co-location 1137580600 Q * lilalinux_ Remote host closed the connection 1137580852 J * lilalinux ~plasma@80.69.35.186 1137581075 J * id23 ~id@p54A0472A.dip0.t-ipconnect.de 1137581082 M * id23 moin #vserver 1137581202 J * Greek0 ~greek0@85.255.145.201 1137581372 Q * lilalinux Remote host closed the connection 1137581585 J * lilalinux ~plasma@h1-gw.of.net-lab.net 1137581993 Q * mef_ Remote host closed the connection 1137582132 M * jpacheco quit 1137582134 Q * jpacheco Quit: [BX] Gary Coleman uses BitchX. Whatchoo talkin bout foo? 1137582829 Q * Aiken Ping timeout: 480 seconds 1137583033 J * Milf ~Miranda@ipsio56.ipsi.fraunhofer.de 1137583176 Q * yang2 Remote host closed the connection 1137583322 J * yang ~boni@cpe-212-18-59-124.dynamic.amis.net 1137583944 M * yang Could anyone tell me why my server has only 248MB LOWMEM available. ? There are 2x 256mb sticks in 1137583993 M * FaUl maybe bx-chipset and one unsupport 256mb-chip? 1137584033 M * yang but then it should at least recognise 1x 248 and 1x 256 right? 1137584046 M * FaUl nope 1137584054 M * FaUl just one 256 and nothing else 1137584076 J * undefined ~undefined@adsl-68-93-109-94.dsl.rcsntx.swbell.net 1137584080 M * yang well I called NOC lets see if they can solve it 1137584089 M * yang or i must purchase new RAM 1137584120 J * shedi ~siggi@tolvudeild-204.lhi.is 1137584253 M * yang FaUl: i think there are two identical sticks 1137584276 M * yang and at first there was 512mb recognised i think, but i am not 100% 1137584294 M * yang becouse the default installation also made a big swap 1.5Gb 1137584326 Q * lilalinux Remote host closed the connection 1137584354 M * yang BIOS-provided physical RAM map: 1137584354 M * yang BIOS-e820: 0000000000000000 - 00000000000a0000 (usable) 1137584354 M * yang BIOS-e820: 00000000000f0000 - 0000000000100000 (reserved) 1137584354 M * yang BIOS-e820: 0000000000100000 - 000000000f800000 (usable) 1137584356 M * yang BIOS-e820: 00000000ffff0000 - 0000000100000000 (reserved) 1137584359 M * yang 248MB LOWMEM available. 1137584359 M * FaUl yang: arethey registered ecc-ram? 1137584361 M * yang On node 0 totalpages: 63488 1137584364 M * yang DMA zone: 4096 pages, LIFO batch:1 1137584364 J * lilalinux ~plasma@h1-gw.of.net-lab.net 1137584366 M * yang Normal zone: 59392 pages, LIFO batch:31 1137584369 M * yang HighMem zone: 0 pages, LIFO batch:1 1137584372 M * yang They are OLD SD RAMs 1137584389 Q * lilalinux Remote host closed the connection 1137585092 J * lilalinux ~plasma@h1-gw.of.net-lab.net 1137586006 J * meandtheshell ~markus@85-124-14-182.dynamic.xdsl-line.inode.at 1137586209 J * schellh ~bla@ipsio19.ipsi.fraunhofer.de 1137586954 M * klap seems I have a vserver properly working now, but I am not sure what I changed to fix it 1137586986 M * klap I have changed the vserver_root entry in the vars file to point to the real mount point instead of a symlink that debian installs, maybe that's it ... 1137587344 Q * lilalinux Remote host closed the connection 1137587369 M * schellh should not be it.. anyways 1137587396 M * schellh i have debian hostserver and debian guests under old and new vserver releases. also i have debian guests on a gentoo sparc host 1137587569 J * lilalinux ~plasma@h1-gw.of.net-lab.net 1137587601 J * wam ~wigwam@proxy2.msh.de 1137587607 M * klap arg, wtf 1137587623 M * klap I stopped it and started it again and files are one more time unaccessible 1137587641 M * schellh maybe you didnt start that vprocunhide startup script ? dont know 1137587705 M * klap i started it and checked it, but it just manages /proc entries 1137587719 M * klap so that should not hide init.d startup files for example ;) 1137587725 M * schellh hehe 1137587800 M * schellh well i dont really know, i only know that i dont want reiferfs and always take ext3. well i think vserver people used extended filesystem flags for the unification thing. maybe reiser has something to do with that ? some developer should know 1137587858 M * klap well, the testfs.sh was happy about it 1137587865 M * schellh ;) 1137587880 M * klap hmm that reminds me that I added the attr option to reiserfs mount a few days ago, i'll remove it and see if it's better 1137587950 M * schellh whats that ? 1137587973 M * klap well, I found on some vserver tutorial that it could be usefull (for quotas iirc) 1137587989 M * schellh anyways reiser is for many small files because of dir indexes. if you need it its ok, otherwise i would recommend ext3 for your next installs *fg 1137588006 M * schellh ah ok 1137588006 M * klap well,i admint that I hate ext3 :) 1137588024 M * schellh why that ? did too much benchmarking ? 1137588031 M * klap reiser saved my life a lot of time, whereas ext3 just got my servers crashing too often ;) 1137588052 M * schellh strange 1137588089 M * klap I even use reiser4 on some servers (but it's hard to find _the_ patch that works fine ;) 1137588116 M * klap but it's working just really really fine (copying hundreds of Gb of datas daily on top of raid6) 1137588167 M * klap maybe I should try reiser4 for the vservers :o) 1137588170 M * schellh well ok you know what you want :) 1137588755 M * klap well, still happens 1137588771 M * klap the funny things is that I have the exact same setup on another box, and it just works there ... 1137588785 A * klap takes a gun and shoot himself 1137588914 M * undefined klap: is this old or new style vserver (ie what vserver version) 1137588978 M * klap new style, vserver 2.0.1 1137589003 M * klap maybe it's a tagxid related stuff, let's remove that option too ... 1137589049 M * klap yes ! 1137589052 M * klap that was it 1137589087 M * klap i removed the tagxid mount option and it seems to work a lot better 1137589462 Q * lilalinux Remote host closed the connection 1137589635 J * lilalinux ~plasma@h1-gw.of.net-lab.net 1137590377 M * daniel_hozac klap: use static contexts. 1137590389 M * daniel_hozac _especially_ if you want to use tagxid. 1137590575 M * schellh the normal utils wont work then ? even testme.sh fails with static contexts 1137590697 M * daniel_hozac using static contexts doesn't mean that you should disable support for dynamic contexts. 1137590713 M * schellh ok 1137590718 M * daniel_hozac unless you patch util-vserver, you'll need dynamic contexts for the network stuff. 1137590875 M * klap well I can live without tagxids, if I read correctly , it is used for quotas 1137590939 M * klap but now I understand why it failed at least :) 1137590952 M * klap actually I was wondering what was the point of dynamic contexts at all 1137590975 M * klap why not keep the same context for a given vserver during its entire life ? 1137591038 M * daniel_hozac it's for disk limits, and isolation on disk too. 1137591052 M * daniel_hozac that's the point of static contexts. 1137591117 M * daniel_hozac the dynamic ones are a legacy from very early vserver versions, since before Bertl_zZ took over from what i understand. they're going away soonish, hopefully ;) (you can disable them in the devel series) 1137591135 M * klap ha ok, that makes sense :) 1137591145 M * klap so it's good habit to use static now :) 1137591154 M * daniel_hozac yes. 1137591168 M * klap thanks for your help :) 1137591183 M * daniel_hozac you're welcome! 1137591183 M * klap it's clear as water now ;) 1137591338 J * Doener doener@i5387D471.versanet.de 1137591520 J * frz ~frzzzz100@jaim.at 1137591532 M * frz hallo allerseits 1137591632 M * Doener welcome frz (channel language is english ;) 1137591637 M * frz wo kann ich den vserver patch fPRIVMSG #vserver :oops 1137591639 M * frz sorry 1137591665 M * frz i looking for vserver patch against 2.6.15.1 1137591666 M * Doener no problem 1137591694 M * Doener the 2.6.15 ones don't apply cleanly? 1137591756 M * frz hum - bad thing 1137591814 M * frz thx 1137591831 M * Doener so it works, right? 1137591842 M * frz i dont find the patch 1137591859 M * Doener the 2.6.15 one? http://vserver.13thfloor.at/Experimental/ 1137591876 M * frz :D 1137591876 M * Doener to be exact: http://vserver.13thfloor.at/Experimental/patch-2.6.15-vs2.1.0.4.diff 1137591886 M * frz jup - will try and tell you 1137591897 M * Doener erhm, the last one was wrong 1137591908 M * Doener http://vserver.13thfloor.at/Experimental/patch-2.6.15-vs2.0.1.2.diff 1137591920 M * Doener that's the stable one, the first one was devel 1137591943 M * frz oki - will try the stable one - sounds more stable ;) 1137592078 M * frz thx for help 1137592092 M * Doener frz: i just checked, it's just the Makefile that failes to be patched, not a problem 1137592107 M * Doener (with 2.6.15 patch on 2.6.15.1) 1137592111 M * Doener you're welcome 1137592119 M * frz :) fine 1137592251 J * marl ~matt@albacom.plus.com 1137592261 J * mkhl ~mkhl@200-153-153-132.dsl.telesp.net.br 1137592669 J * terrorgrl ~terrorgrl@jaim.at 1137592680 P * terrorgrl 1137593483 Q * shedi Quit: Leaving 1137593716 J * jpacheco ~justin@CPE00146c1608af-CM0f0099806976.cpe.net.cable.rogers.com 1137593720 M * jpacheco hey guys 1137593723 M * jpacheco i need help 1137593725 M * jpacheco baaaaaaad 1137593734 M * jpacheco i set the barrier on a vserver 1137593738 M * jpacheco and now i can't get into it 1137593753 M * jpacheco i checked the setting on the dir 1137593757 M * jpacheco and it reads 1137593764 M * jpacheco ---BUI- 1137593774 M * jpacheco how do i turn it off? 1137593854 M * Doener jpacheco: you set that on the vserver's directory? 1137593867 M * Doener it should be on the directory right above 1137593878 M * Doener like: setattr --barrier /vservers/foo/.. 1137593907 M * Doener (the .. trick assures that you get the parent directory even if you're dealing with symlinks or such) 1137593916 M * Hollow hm.. btw.. is the barrier still needed when using namespaces and rbind? 1137593922 M * Doener to remove the barrier to: setattr --~barrier /path/to/dir 1137593950 M * Doener Hollow: it's supposed not to be needed... but i couldn't find out how that actually works, so i just keep it set 1137593989 M * Hollow we should really investigate the nameasapce thing for vserver-utils some day imo 1137594006 M * Doener i know that /foo/bar is bound to /, but you're actually still below the old /, not the new one, and thus i'm confused ;) 1137594007 M * jpacheco i set it on the guest dir 1137594009 M * Hollow it seems like many problems / solutions are currently intermixe 1137594010 M * Hollow d 1137594035 M * Hollow Doener: why are you still below the old root? 1137594042 M * Hollow after closing all FDs and such..? 1137594050 M * Hollow change cwd etc pp 1137594070 M * jpacheco can anyone tell me why setting the barrier would blow up in my face like that ? 1137594093 M * Hollow because you're suposed to set the barrier on /vservers not /vservers/ 1137594093 M * Doener jpacheco: because the barrier forbids access to that directory IIRC 1137594135 M * jpacheco IIRC? 1137594155 M * jpacheco so how does --barrier help anyone if they can't get into the vserver? 1137594177 M * daniel_hozac if you set it on the right directory, it will stop people from getting out. 1137594203 M * jpacheco what about going in? 1137594215 M * jpacheco i couldn't even vserver guest enter 1137594237 M * Hollow well, if you set the barrier on /vservers/foo the guest is not allowed to cwd to it's root.. 1137594246 M * Hollow s/it's/its/ 1137594271 M * jpacheco ic 1137594288 M * jpacheco now im getting this message when i try to start my vservers 1137594298 M * jpacheco make: *** [.httpd_stb.stamp] Error 255 1137594475 Q * wibble Remote host closed the connection 1137594479 J * wibble wibble@vortex.ukshells.co.uk 1137594491 M * Hollow no idea, seems like the crappy start-vservers script.. does a normal vserver foo enter work? 1137594496 M * Hollow eh.. vservre foo start 1137594636 M * Doener Hollow: do the scripts really use make? 1137594653 M * Doener seeing a make error is kinda weird to me 1137594669 P * undefined 1137594707 M * Hollow yep 1137594712 M * Hollow it really uses make 1137594721 M * Hollow to track dependencies 1137594866 M * Hollow that's also a reason why i called it crappy :P 1137595256 M * Hollow ok, off for now, cu later 1137595416 J * mef ~mef@targe.CS.Princeton.EDU 1137595491 Q * jpacheco Quit: BitchX-1.1-final -- just do it. 1137595792 M * Roey hey all 1137595802 M * Roey Hollow, Doener 1137595806 M * Roey daniel_hozac 1137596038 Q * lilalinux arion.oftc.net quasar.oftc.net 1137596038 Q * id23 arion.oftc.net quasar.oftc.net 1137596038 Q * emp arion.oftc.net quasar.oftc.net 1137596038 Q * hue arion.oftc.net quasar.oftc.net 1137596038 Q * Vudumen arion.oftc.net quasar.oftc.net 1137596038 Q * mountie arion.oftc.net quasar.oftc.net 1137596038 Q * alexx arion.oftc.net quasar.oftc.net 1137596038 Q * sannes arion.oftc.net quasar.oftc.net 1137596038 Q * meebey arion.oftc.net quasar.oftc.net 1137596038 Q * DaCa arion.oftc.net quasar.oftc.net 1137596038 Q * derjohn arion.oftc.net quasar.oftc.net 1137596038 Q * daniel_hozac arion.oftc.net quasar.oftc.net 1137596038 Q * FaUl arion.oftc.net quasar.oftc.net 1137596038 Q * sladen arion.oftc.net quasar.oftc.net 1137596038 Q * nox arion.oftc.net quasar.oftc.net 1137596038 Q * harry arion.oftc.net quasar.oftc.net 1137596038 Q * kilian arion.oftc.net quasar.oftc.net 1137596038 Q * pusling arion.oftc.net quasar.oftc.net 1137596038 Q * Skram arion.oftc.net quasar.oftc.net 1137596123 J * lilalinux ~plasma@h1-gw.of.net-lab.net 1137596123 J * id23 ~id@p54A0472A.dip0.t-ipconnect.de 1137596123 J * emp ~emp@70.57.239.35 1137596123 J * hue ~hue@218.20.51.109 1137596123 J * Vudumen vudumen@perverz.hu 1137596123 J * mountie ~mountie@CPEdeaddeaddead-CM000a739acaa4.cpe.net.cable.rogers.com 1137596123 J * derjohn ~derjohn@80.69.37.19 1137596123 J * alexx ~alexx@proxy.ikse.net 1137596123 J * sannes ~ace@simula-084.simula.no 1137596123 J * meebey meebey@booster.qnetp.net 1137596123 J * DaCa ~danny@mail.limehouse.org 1137596123 J * daniel_hozac ~daniel@c-6f1472d5.010-230-73746f22.cust.bredbandsbolaget.se 1137596123 J * FaUl cTsojkzRlu@verbrennung.org 1137596123 J * sladen paul@starsky.19inch.net 1137596123 J * nox ~nox@nox.user.oftc.net 1137596123 J * kilian kk@projects.verfaction.de 1137596123 J * pusling pusling@195.215.29.124 1137596123 J * harry ~harry@d515321D1.access.telenet.be 1137596123 J * Skram ~skramy@vistech.org 1137596524 M * Milf Hello people. 1137596563 M * Milf can anyone assist me with a Server I've moved from a designated machine to Vserver? It's slapd refuses to run, citing problems with the BDB backend. 1137596610 J * shedi ~siggi@tolvudeild-204.lhi.is 1137597366 J * MakMoer ~makmoer@195.230.166.90 1137597395 M * MakMoer guys..I have installed FC4 now and vserver using the rpms.. 1137597413 M * MakMoer oh..hi by the way..he he 1137597428 Q * mkhl Quit: 1137597462 M * MakMoer I am a bit confused as how everything works.. 1137597504 M * MakMoer I thought that building a new vserver will just copy files from the host..but mine is downloading about 80MB.. 1137597518 M * MakMoer am I missing something ? 1137597638 M * schellh well you can build the vserver by copying the stuff, old vserver utils did this. maybe its the build method 1137597676 M * MakMoer I am using this : vserver vs001 build -m yum --hostname=vs001 --interface vs001=eth0:192.168.1.20/24 -- -d fc4 1137597683 M * MakMoer my host IP is 192.168.1.7 1137597688 M * MakMoer is that correct ? 1137597721 M * schellh i dont know the switches of the util pack sorry. -m could be method ? what does yum mean 1137597770 M * MakMoer yum is the Fedora Core update manager 1137597822 M * schellh well sorry you haveto wait until some util developer is around 1137597832 M * schellh or some one who knows the utils *G* 1137597841 M * schellh dont they have a manpage 1137597841 M * MakMoer ok.no problem.. 1137597855 M * MakMoer well..I am following a tutorial..but I am having problems.. 1137597860 M * MakMoer I will just play arounf.. 1137597863 M * MakMoer around 1137597905 M * MakMoer how do you use the build command to create a new vserver from a template vserver ? 1137597979 M * schellh well i make one working vserver basic install and copy it myself.. dont know about those features 1137598008 M * MakMoer ok..you copy the /vservers/?? folder and what else ? 1137598009 M * Doener MakMoer: basically just use the skeleton method to create a config, then copy the template server into the new directory 1137598013 M * Milf You'll have to read the source until someone gets around to documenting those features :( 1137598033 M * schellh the config within /etc/vservers/?? 1137598037 M * Doener (in that order, the tools don't like the vserver already being there when you create the skeleton) 1137598039 M * MakMoer I see.. 1137598102 M * Doener and about your downloads, the (almost?) all build methods that actually create a vserver do that by downloading stuff from distro mirrors and build the vserver from scratch 1137598128 M * MakMoer ok..so it is normal to just build one server and then manually copying it.. 1137598192 M * Milf Yep, works for me, though I have some custom made scripts to copy an configure the templates 1137598224 M * Doener Milf: about the slapd, what's the exact error message? 1137598292 M * Milf " Berkeley DB library configured to support only DB_PRIVATE environments 1137598293 M * MakMoer how do you delete a vserver..just delete /vservers/serverToDelete and /etc/vservers/serverToDelete ? 1137598301 M * schellh yes 1137598308 M * Milf MakMoer: Yep, works for me every time. 1137598312 M * Doener MakMoer: yes, but don't forget to stop it first ;) 1137598313 M * MakMoer great..thanks.. 1137598317 M * MakMoer ok 1137598334 M * Milf Yeah stopping it is vital. Might also check that tmp and proc are unmounted 1137598385 M * Doener Milf: hm, with namespace support enabled the host context shouldn't see those anyway (and they get unmounted when the namespace is destroyed) 1137598434 M * Milf Hmmm, I'm still using some older versions, I confess. 1137598449 M * wam Is there already a version of util-vserver out, that supports cloning again? 1137598543 M * Milf Doener: The error message is: "Berkeley DB library configured to support only DB_PRIVATE environments" 1137598563 M * Doener Milf: yeah saw that, trying to figure out what that means ;) 1137598568 M * Milf Doener: Then I get "bdb_db_open: dbenv_open failed: Invalid argument (22)" 1137598581 M * Doener ah, that sounds better... 1137598592 M * Doener could you paste a strace for that? 1137598596 M * Milf Yeah that's what I'm doing right now. 1137598600 M * Doener great 1137598628 M * Milf strace? Hmmmm, probably better with the debug turned off. lemme see. 1137598670 M * MakMoer I now have one vserver vs001 (192.168.1.20) running on the host (192.168.1.7). When I ssh to 192.168.1.20 (vs001) then I get to the host server..please point me in the right direction.. 1137598689 M * schellh config hostserver ssh only to listen to its own adress 1137598691 M * Doener MakMoer: make your host listen only on a limited set of ip addresses 1137598784 M * MakMoer ahh.is this the file : sshd_config ? where I just set : ListenAddress 192.168.1.7 1137598792 M * Milf Exactly 1137598799 M * MakMoer thanks..you guys are the best !! 1137598815 M * Milf Doener: Hmmm, i've now got 3691 lines of strace, what am I looking for? 1137598835 M * Doener Milf: probably somewhere at the end, EINVAL 1137598942 M * Doener MakMoer: you need to restart the host's sshd and the vserver (or start sshd in the vserver, but IMHO a quick restart is more convenient) 1137599182 Q * id23 Quit: Leaving 1137599286 N * nokoya nokoyaz 1137599304 N * nokoyaz nokoya 1137599402 M * MakMoer ok..I changed my vserver also to only listen to its own address..if I try to ssh to it I get the password prompt..but then it just stops..and in my messages I see : set_loginuid failed opening loginuid..any ideas ? 1137599503 M * Doener google says: http://list.linux-vserver.org/archive/vserver/msg11036.html 1137599506 M * Doener scnr 1137599537 J * gerrit gerrit@163.181.254.36 1137599706 M * MakMoer Doener> : Thanks..youre a better googler than me !! 1137599803 M * Doener hm, i just searched for "set_loginuid failed opening loginuid" (including the quotes) 1137599893 J * undefined ~undefined@adsl-68-93-109-94.dsl.rcsntx.swbell.net 1137599937 M * MakMoer duh..I just found that on my tutorial..I should read more..he he 1137600345 M * MakMoer When I stop my vserver I get: Shutting down kernel logger: [FAILED] ..is that a problem ? 1137600504 M * MakMoer : do you mind sharing your scripts for copying and config a vserver? It would save me time figuring out what needs to be changed.. 1137600790 J * chroot ~tgs@oldschool.antisec.net 1137600887 M * Milf Hmmm, if you can read german, they might help you. 1137600922 M * Milf Doener: I posted the strace to http://www.ipsi.fraunhofer.de/~mikeschneider/ldapstart.strace if you wanna have a look. I'm stymied. 1137600962 M * Milf The most impoartant thing is how to create the templates. 1137600999 M * Milf If I have one of those, basically, my scripts only create the configfile (in my case, it's a file) and copy the template 1137601023 Q * chroot Quit: leaving 1137601024 M * Milf then another script changes the etc/hosts and etc/postfix/main.cf for the vserver 1137601127 M * MakMoer ok..thanks.. 1137601131 J * Viper0482 ~Viper0482@p54976F3F.dip.t-dialin.net 1137601180 M * Milf to create a template, I tar everything but /dev /proc and slam it somewhere onto my host server 1137601213 M * Milf Then I create a vserver config and enter that vserver to remove rc-scripts and such 1137601253 M * Milf then shave the etc/shadow, etc/ssh/sshd_config and prepare etc/hosts and etc/postfix/main.cf for the scripts 1137601286 M * Milf might also be a good idea to empty the mailqueue and reset some logfiles 1137601450 M * MakMoer I am now just copying everything that is vs001 to vs002 and changing all that looks like it needs to be changed.. 1137601486 M * Milf Yes, that is also a way to do it. You'll get the hang of it after creating a few vservers. 1137601512 M * Doener Milf: did you use -fF ? 1137601524 M * Milf yes I did 1137601537 M * Doener ah right... 1137601559 M * Milf MakMoer: Then, after a few of those you'' find out what you can always do and which parts you need to do specifically for each vserver. 1137601576 P * wam 1137601583 M * Milf MakeMoer: then you can do all the former things to do on a template, all the latter things you put in a script. 1137601614 M * MakMoer ok..I am a bit confused.. 1137601618 M * Milf Doener: Kind of confusing with process 21584 always interrupting to do whatever it is doing. 1137601621 J * mkhl ~mkhl@200-148-40-219.dsl.telesp.net.br 1137601630 M * Milf MakMoer: That'll pass. 1137601652 M * MakMoer ok..I copied all I could see..I did a vserver vs002 start and got : Starting sm-client: can not chdir(/var/spool/clientmqueue/): Permission denied 1137601669 J * attila ~attila@62.79.123.79.adsl.hvi.tiscali.dk 1137601692 M * klap and that directory exists in the vserver ? 1137601729 M * attila hello :0 1137601749 M * Doener Milf: are you using memory limits? 1137601797 M * Milf Doener: How would I know if I did? 1137601905 J * stefani ~stefani@superquan.apl.washington.edu 1137601935 M * MakMoer ok..I see on my other vserver it is owned by smmsp and on my copied one by root obviously..I need to cp -R and keep owner and permissions.. 1137601955 J * NetAsh ~NetAsh@195.12.185.128 1137601964 M * Milf That would be cp -aR 1137601975 M * MakMoer thanks !! 1137601980 M * Milf -a is to keep all information such as user, modtime ... 1137601981 M * NetAsh hello 1137601996 M * Doener -a implies -R ;) 1137602004 M * Milf ok 1137602011 M * MakMoer I will start again.. 1137602052 M * Doener Milf: cat /proc/virtual//limit 1137602056 M * attila are there any fc4 guest images available? :) 1137602064 M * Doener if the third column is all -1, you don't use limits 1137602101 M * Milf Doener: on the host you mean with being the context ID? 1137602108 M * Doener exactly 1137602135 M * Milf Hmmm, I haven't got /proc/virtual on that host. 1137602144 M * Doener 2.4 kernel? 1137602152 M * Milf It;s running 2.4.26-vs1.28 i686/0.30/0.30 1137602153 M * Milf Yep 1137602168 M * Doener uhm, ok... guess I have little knowledge bout that 1137602184 M * attila thats an old ass kernel :/ 1137602274 Q * shedi Quit: Leaving 1137602380 M * Milf Hmmm, I think i've narrowed it down to calling up db_stat from the db-utils package. That will run in the original server, but bail out in the vserver. But an strace of that still doesn't tell me anything. 1137602428 M * Milf Same URL, but the filename is db_stat.strace 1137602482 J * dlippolt ~dlippolt@cpe-70-112-77-129.austin.res.rr.com 1137602534 M * attila maybe this is not vserver related, but when i try to build an fc* vserver, i get this error: 1137602535 M * attila Public key for basesystem-8.0-5.noarch.rpm is not installed 1137602555 M * attila i followed the fc4 vserver guide on the wiki but still doesnt work 1137602795 Q * NetAsh Quit: 1137602964 J * Vudumen_ vudumen@perverz.hu 1137602967 Q * Vudumen Read error: Connection reset by peer 1137603151 M * michal` Bertl_zZ: piiiiiiiiiiiiiiiiiing ! :) 1137603345 J * Ben81 ~Ben81@tipi0e.lri.fr 1137603360 M * Ben81 hi 1137603374 M * Ben81 i've got a little problem with the last version : 1137603381 P * attila Leaving 1137603397 M * Ben81 vserver build -m debootstrap test_base 1137603397 M * Ben81 Can not find a vserver-setup at '/usr/local/etc/vservers/build/'. 1137603417 N * Bertl_zZ Bertl 1137603423 M * Bertl morning folks! 1137603432 M * Bertl michal`: pong! :) 1137603442 M * michal` morning Bertl :) 1137603462 M * Milf Good morning Bertl, how's the weather in Austr[al]ia? 1137603477 M * michal` after digging half a day, writing many dirsty code and even quick kernel module, after hackiing into task_struct i now know ;p 1137603485 M * Doener Ben81: you got to provide a name for the vserver and add options for debootstrap (options for the vserver config should also be added) 1137603504 M * Bertl michal`: yes, really? 1137603508 M * Doener Ben81: sth. like: vserver foo build -m debootstrap -- -d sarge 1137603509 M * michal` hope so 1137603513 M * Bertl Milf: it's cold and snowy ... 1137603523 M * Bertl hey Doener! 1137603529 M * Doener hi Bertl 1137603530 M * Ben81 ok 1137603584 M * Milf Hmmm, we've got better luck here with 4 positive degrees centigrade I can almost leave off my scarf when bicycling 1137603585 M * michal` Bertl: khelper is the thread beeing called to care about modules loading (runnig usermode helper and so on). it creates new thread which is properly marked with CLONE_KTHREAD 1137603618 M * michal` i know that everything is marked like it should because i have put clone flags into task_struct and read out with a module... ;p 1137603661 M * michal` now i am not sure if you have to put check into kernel/kmod.c +197 or around, into __call_usermodehelper 1137603672 M * michal` i know that i should put my own there 1137603692 M * michal` because other way do_fork gets wrong pid 1137603696 M * michal` i think so ;p 1137603719 M * Bertl aha .. hmm ... so probably the usermode helper forks again, yes? 1137603725 M * michal` exactly 1137603750 M * Bertl and this creates a 'pure' userspace process which then will load the module 1137603769 M * michal` modprobe 1137603863 M * Bertl k, so we have to investigate whether this is possible from inside the guest and if, how we should handle it ... 1137603903 M * michal` exactly 1137603912 M * Bertl it's probably not that critical as I think the forked process will be in context 0 1137603958 M * Bertl (so if a guest did make it that far, it was propably intentional) 1137603996 M * Bertl nevertheless, please let me know when you've finished your patch (for rsbac/pax/grsec) 1137604032 M * Bertl michal`: and if possible, try to keep it somewhat broken out (will also simplify combining the patches) 1137604121 M * michal` rsbac... i do not care about grsec ;] 1137604140 M * michal` i'll do my best to have it easy to merge later 1137604256 J * bonbons ~bonbons@83.222.39.249 1137604261 Q * MakMoer Quit: 1137604335 Q * Ben81 Quit: Leaving 1137604354 Q * mkhl Quit: 1137604573 M * michal` ok, so one process more marked ... three are still not :/ 1137604579 M * michal` pcmciad among them 1137604627 M * Milf Bertl: Do you have an idea what I might try to find out why my bdb backend for slapd refuses service? 1137604794 M * Bertl strace -fF or enable debugging (if possible) 1137604876 M * Milf http://www.ipsi.fraunhofer.de/~mikeschneider/db_stat.strace or http://www.ipsi.fraunhofer.de/~mikeschneider/ldapstart.strace respectively 1137604905 M * Milf I also tried comparing with an strace on the original server, but it's all bohemian villages to me; there's no pattern I could interpret. 1137605031 Q * nokoya Read error: Connection reset by peer 1137605035 J * matta ~matta@pcp05315572pcs.norstn01.pa.comcast.net 1137605155 J * nokoya young@hi-230-82.tm.net.org.my 1137605168 M * Milf Thing is: I can enable lots of debugging in slapd, but I don't know how to turn any of it on for the dbd libs 1137605278 M * Bertl welcome matta! 1137605287 M * Bertl wb nokoya! 1137605323 M * Bertl Milf: was just an idea ... I do not even know what dbd is (I think)? 1137605385 M * Milf berkeley db 1137605405 M * Bertl ah, okay, then I know what it is :) 1137605411 M * Bertl db3 db4 and so 1137605421 M * Milf it works in the original server. I tared that and made a vserver out of it to have for testing migration. And in the vserver it doesn't *cries bitterly* 1137605433 M * Milf Yep 1137605463 M * Milf Thing is: what's wrong seems to be in the libs and they refuse to be straced/debugged or so it seems 1137605556 M * Bertl really? maybe they are just broken? 1137605575 M * Milf broken by copying them you mean? 1137605619 M * Milf I have found out that using db_stat from the db-utils package, I can just about recreate the error: db_stat -e will run in the original, but will produce an error in the vserver 1137605716 M * Bertl okay, try to strace -fF that for me please 1137605728 M * Milf But what the hell: uninstalling and reinstalling won't hurt. 1137605883 M * Milf See the two links above 1137605957 M * Bertl ah, missed those ... 1137606120 P * undefined 1137606371 J * shedi ~siggi@inferno.lhi.is 1137606499 J * romke ~romke@acrux.romke.net 1137606517 M * romke hi Bertl 1137606544 M * Bertl welcome romke! shedi! 1137606548 P * matta 1137606573 M * shedi hello Bertl 1137606814 M * romke Bertl: logo with Linux over _erver was already published by Joep (http://www.virtualinfrastructure.nl/downloads/design.pdf) 1137606897 M * romke Bertl: (page 1 in the middle) 1137606923 M * Bertl ah, well, I probably missed that one, there are quite a lot of logos :) 1137606966 M * Bertl Milf: it's quite interesting what the db_stat does, but the output is in no relation to the strace ... 1137607003 M * Bertl Milf: could you try to 'just' chroot() into the guest (without the context stuff) and execute that? maybe with strace if it works? 1137607052 M * Milf Nope, when I just chroot I still get "db_stat: DB_ENV->open: No such file or directory" 1137607068 M * Milf I did try uninstalling and reinstalling the db-libs. 1137607089 M * Bertl so, in this case, we can conclude that something inside the guest is missing 1137607095 M * Milf That eliminated the message about them beind configured only for DB_PRIVATE but I still have the env Problems 1137607106 M * Bertl otherwise the chroot would work quite fine, no? 1137607132 Q * emp Ping timeout: 480 seconds 1137607138 M * Bertl what does 'ldd db_stat' say inside the chroot? 1137607143 M * Bertl (maybe compared to outside) 1137607145 M * Milf The chroot works, only the db_stat command does the same ting as when I also change context and IP-bind and ... 1137607171 M * Milf # ldd /usr/bin/db_stat 1137607171 M * Milf libdb-4.2.so => /usr/lib/libdb-4.2.so (0x40025000) 1137607171 M * Milf libc.so.6 => /lib/i686/libc.so.6 (0x400f9000) 1137607187 M * Milf last line is /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) 1137607200 M * Bertl okay, and outside? 1137607204 J * emp ~emp@70.57.239.35 1137607213 M * Bertl wb emp! 1137607226 M * Milf wnat me to do an ldd /vservers/vservername/usr/bin/db_stat ? 1137607278 M * Milf If I do that, it's the same only the first line sais: libdb-4.2.so => not found 1137607294 M * Milf That's because the host server does not have those libs installed. 1137607352 M * michal` Bertl: better yet - there is no single place for catching all kthreads creating... 1137607363 M * michal` does not matter for your code i think, but that's a mess ;] 1137607481 M * Bertl michal`: what about 'inheriting' the kthread flag on clone/fork? 1137607507 M * Bertl michal`: so how does it work there? 1137607514 M * Bertl s/michal/Milf 1137607551 M * michal` Bertl: i cannot see how it would be done... 1137607566 M * michal` or mayby i do... 1137607570 M * michal` i do ;p 1137607574 M * Bertl lol 1137607601 M * michal` that's the good idea ! 1137607613 M * Bertl Milf: please correct me if I'm wrong, but you said that the dbd stuff works quite fine on the host, but not in the guest? 1137607618 M * michal` well, in fact we do inherit role, depending on settings... 1137607637 M * Milf Bertl: It doesn't work in the host server. The original machine is on a different hardware 1137607653 M * Bertl aha, maybe with a completely different kernel too, yes? 1137607663 M * Milf yes, that too. 1137607673 M * Bertl okay, what hardware and distro is there? 1137607697 M * Milf 2.6.5-7.97-default i686 1137607702 M * Milf distro is SLES9 1137607713 M * Bertl and your current system is? 1137607754 M * Milf The hostsystem is a SuSE 9.0 I think 1137607757 M * Milf with 2.4.26 Kernel 1137607771 M * Bertl okay, that is very likely your problem 1137607785 M * Bertl you need a 2.6 kernel to support some of the libraries 1137607795 M * Milf Hmmm gnarf. 1137607813 M * romke Bertl: take a look: http://romke.net/tmp/vservers.png 1137607819 M * Bertl Milf: was already wondering about the ldt modifications and such 1137607845 M * Milf so I'll can the idea of doing migration testing with vserver :( if I don't find another machine to setup up a newer version host server 1137607912 M * Bertl romke: close, but no banana .. the second one looks quite nice to me, checkmark could be larger, the S probably too .. 1137607938 M * Bertl the slanted writing looks strange ... 1137607946 M * romke lets try 1137607953 M * michal` YAMVH. 1137607962 M * michal` Yet Another Verid Michal's Hack ;p 1137607976 M * Bertl romke: maybe really try with small caps for the ERVER but leave the Linux as is 1137608026 M * Bertl okay, have to leave now .. will be back in a few hours ... 1137608045 N * Bertl Bertl_oO 1137608179 M * romke Bertl: take a look: http://romke.net/tmp/vservers2.png 1137608214 M * Milf by all 1137608469 Q * nox arion.oftc.net quasar.oftc.net 1137608469 Q * FaUl arion.oftc.net quasar.oftc.net 1137608469 Q * daniel_hozac arion.oftc.net quasar.oftc.net 1137608469 Q * meebey arion.oftc.net quasar.oftc.net 1137608469 Q * alexx arion.oftc.net quasar.oftc.net 1137608469 Q * derjohn arion.oftc.net quasar.oftc.net 1137608469 Q * mountie arion.oftc.net quasar.oftc.net 1137608469 Q * hue arion.oftc.net quasar.oftc.net 1137608469 Q * lilalinux arion.oftc.net quasar.oftc.net 1137608469 Q * harry arion.oftc.net quasar.oftc.net 1137608469 Q * DaCa arion.oftc.net quasar.oftc.net 1137608469 Q * kilian arion.oftc.net quasar.oftc.net 1137608469 Q * sladen arion.oftc.net quasar.oftc.net 1137608469 Q * pusling arion.oftc.net quasar.oftc.net 1137608469 Q * Skram arion.oftc.net quasar.oftc.net 1137608469 Q * sannes arion.oftc.net quasar.oftc.net 1137608540 J * lilalinux ~plasma@h1-gw.of.net-lab.net 1137608540 J * hue ~hue@218.20.51.109 1137608540 J * mountie ~mountie@CPEdeaddeaddead-CM000a739acaa4.cpe.net.cable.rogers.com 1137608540 J * derjohn ~derjohn@80.69.37.19 1137608540 J * alexx ~alexx@proxy.ikse.net 1137608540 J * sannes ~ace@simula-084.simula.no 1137608540 J * meebey meebey@booster.qnetp.net 1137608540 J * DaCa ~danny@mail.limehouse.org 1137608540 J * daniel_hozac ~daniel@c-6f1472d5.010-230-73746f22.cust.bredbandsbolaget.se 1137608540 J * FaUl cTsojkzRlu@verbrennung.org 1137608540 J * sladen paul@starsky.19inch.net 1137608540 J * nox ~nox@nox.user.oftc.net 1137608540 J * kilian kk@projects.verfaction.de 1137608540 J * pusling pusling@195.215.29.124 1137608540 J * harry ~harry@d515321D1.access.telenet.be 1137608540 J * Skram ~skramy@vistech.org 1137608717 Q * prae Quit: Execute Order 69 ! 1137608809 M * shedi do you happen to have some reading material on cow links? 1137608908 Q * Milf Quit: Miranda IM! Smaller, Faster, Easier. http://miranda-im.org 1137609702 J * undefined ~undefined@adsl-68-93-109-94.dsl.rcsntx.swbell.net 1137609796 Q * Doener Ping timeout: 480 seconds 1137609810 J * Doener doener@i5387E698.versanet.de 1137610488 M * Roey shedi: your nick in Hebrew means "My Demon" 1137610512 M * Roey shedi: actually coming from Yidish /shed/, like English /shade/ for "shadow" or "ghost" 1137610796 M * shedi yes or ghoulish 1137610851 M * shedi shedi is from the mezuzah 1137610875 M * shedi shin and yodh 1137610933 M * shedi shin daleth and yodh 1137612190 P * undefined 1137613131 Q * Viper0482 Remote host closed the connection 1137613334 M * SiD3WiNDR shady :) 1137613392 M * Roey http://interviews.slashdot.org/comments.pl?sid=174307&cid=14501010 1137613400 M * Roey shedi: whoah 1137613403 M * Roey shedi: you nkow your stuff 1137613413 M * Roey shadai is one of the Names 1137613425 M * Roey that's how it's pronounced at least. 1137613427 M * Roey Shadai. 1137613975 J * Smutje ~Smutje@xdsl-84-44-186-177.netcologne.de 1137614005 M * stefani ruah - spirit 1137614031 J * undefined ~undefined@adsl-68-93-109-94.dsl.rcsntx.swbell.net 1137614084 Q * Smutje_ Ping timeout: 480 seconds 1137614941 J * prae ~benjamin@sherpadown.net 1137616994 Q * eyck Quit: leaving 1137617427 J * dothebart ~willi@xdsl-213-196-254-83.netcologne.de 1137617857 Q * tudenbart Ping timeout: 480 seconds 1137617930 M * Roey stefani: chaim - life 1137617939 M * Roey stefani: neshama - soul 1137617960 M * stefani i prefer ruah 1137617967 M * Roey ruah is just wind though 1137617968 M * stefani the wind 1137617978 M * Roey I mean 1137617979 M * stefani the wind is the spriti. 1137617982 M * stefani to me. 1137617984 M * Roey chaim is a name, as is neshama 1137617990 M * Roey I haven't heard ruah as a name though 1137617993 M * Roey stefani: ahh 1137618008 M * Roey stefani: neshama means literally 'a breath' 1137618043 M * Roey stefani: you know hebrew at all? 1137618044 M * stefani not like in neshama ra' 1137618051 M * stefani :P 1137618057 M * Roey neshama ra'a? bad soul? 1137618058 M * Roey heh 1137618070 M * Roey neshama tehora 1137618072 M * Roey a pure soul. 1137618074 M * Roey like m 1137618075 M * Roey "Microsoft as a whole has been working on interoperability across all our products. From an interoperability perspective we look into a variety of areas," Hilf said. 1137618075 M * Roey "First we look at things we know are problematic or difficult to get to work together and attempt to solve those problems. Secondly, we look at areas where we can improve existing interoperability scenarios. 1137618075 M * Roey "Lastly, we look at potential new opportunities where we can bring technologies together," he said. 1137618076 M * Roey The Linux lab focuses specifically on the interoperability of open-source software with Microsoft software. dog 1137618078 M * Roey ack 1137618080 M * Roey what the heck 1137618082 M * Roey sorry about that. 1137618088 M * Roey arg xchat, damn you!!!!!!!!!1 1137618095 M * Roey stefani: neshama tehora -- a pure soul 1137618100 M * Roey stefani: like my dog 1137618106 M * Roey stefani: who passed away on sunday. 1137618130 M * stefani sorry to hear that. 1137618146 M * Roey I haven't seen creatures as pure and innocent and full of boundless joy as dogs who've been brought with lots of love 1137618835 J * eyck eyck@81.219.64.71 1137619357 Q * alexx Read error: Connection reset by peer 1137619625 Q * bonbons Quit: Leaving 1137619992 P * meandtheshell 1137620800 J * cpage ~chr@217.164.252.67 1137620920 J * Aiken ~james@tooax7-229.dialup.optusnet.com.au 1137621068 M * cpage anyone using Virtuozzo 1137621130 M * cpage ok anyone awake 1137621291 M * Roey hey anyone here using OpenVZ? 1137621313 M * Roey Is their technology a complete substitute for vserver? 1137621315 M * Roey I liek vserver. 1137621316 M * Roey A lot. 1137621327 M * cpage are you making a point? 1137621478 M * Roey yes. 1137621482 M * Roey oh 1137621498 M * Roey cpage: oh I hadn't realized you just mentioned Virtuozzo 1137621505 M * Roey cpage: that was completely coincidental 1137621506 M * cpage k 1137621509 M * Roey cpage: hehe 1137621513 M * cpage heh 1137621520 M * Roey cpage: er... are you coming here from that article on linuxtoday 1137621525 M * cpage nope 1137621528 M * Roey about red hat's love affair with openvz? 1137621537 M * cpage nope 1137621546 M * cpage im wondering if using VPS one can change kernel of the host from within 1137621552 M * cpage most say you cant 1137621562 M * daniel_hozac no. 1137621565 M * cpage but using this Virtuozzo its possible it seems so asking if anyone's used it 1137621572 M * cpage daniel_hozac using Virtuozzo you cant? 1137621607 M * daniel_hozac cpage: you'd be better off asking about Virtuozzo in #openvz on freenode. 1137621616 M * cpage ok 1137621622 M * daniel_hozac but i doubt it, as the point of virtualization is just one kernel. 1137621706 M * cpage right 1137621801 M * Hollow cpage: they even state in on ovz.org.. 1137621817 M * cpage that its not possible? 1137621834 Q * prae Quit: Pwet 1137621875 M * Hollow not directly, but it states that the os virtualization is done on OS level, i.e. one kernel with isolated processes 1137621880 M * Hollow -> http://openvz.org/documentation/tech/virtualization 1137621939 M * cpage thanks Hollow 1137622049 Q * yang Ping timeout: 480 seconds 1137622091 Q * gerrit Ping timeout: 480 seconds 1137622341 J * yang ~boni@cpe-212-18-59-124.dynamic.amis.net 1137622694 J * oliwel ~mail-at-o@host-62-245-151-178.customer.m-online.net 1137622701 M * oliwel Hollow: ping :) 1137622707 M * Hollow oliwel: pong 1137622748 M * oliwel Hollow: I updated an old vserver form baselyout with use-flag to new vserver-bayelayout 1137622762 M * oliwel now I get an error when booting the vserver 1137622794 M * oliwel the guets runs hostname, net.lo and serial 1137622811 M * oliwel e.g. /etc/init.d/net.lo: line 11: is_vserver_guest: command not found 1137622837 M * oliwel any ideas 1137622851 M * Hollow sec, tel 1137622856 M * oliwel ok 1137623015 J * mkhl ~mkhl@200-148-40-91.dsl.telesp.net.br 1137623443 M * Hollow so, back 1137623469 M * oliwel ok, so any idea 1137623486 M * Hollow oliwel: did you follow the conversion instructions on http://linux-vserver.org/GentooGuestHowto ? 1137623495 M * oliwel No :) 1137623498 M * Hollow :) 1137623539 M * Hollow the essential thing here is CONFIG_PROTECT_MASK 1137623545 M * oliwel isnt this done by the vserver-bayelayout 1137623555 M * Hollow what? 1137623578 M * oliwel ok... 1137623588 M * Hollow only the blue box on top 1137623591 M * Hollow ignore the rest 1137623603 M * oliwel Yes - I will re.emerge the baselayout with teh CONFIG_PROTECT_MASK="/etc/init.d /etc/inittab" emerge sys-apps/baselayout-vserver 1137623726 M * oliwel I cant link to /usr/portage/profiles/default-linux/x86/vserver 1137623731 M * oliwel doesnt exists 1137623815 M * oliwel fuck...the emerge crashed the whole guest :( 1137623877 M * Hollow hu? 1137623935 M * oliwel forget - should cd to the right dir... 1137623971 M * oliwel BTW: Tomorrow is our Semesterfest... www.galeriefest.de - if you want to have a beer with me 1137624038 M * oliwel hmm, same problems... 1137624048 M * oliwel /etc/init.d/net.lo: line 11: is_vserver_guest: command not found 1137624061 M * oliwel must I change the init style ? 1137624205 M * oliwel ahhhh . changing the init-style from gentoo to plain does the job... 1137624219 M * oliwel but now I have a wrong "hostname" set..... 1137624237 Q * frz Read error: Connection reset by peer 1137624258 M * oliwel Hollow: .... 1137624369 M * Hollow yeah.. gentoo init style is obsolete.. 1137624382 M * Hollow you should update /etc/conf.d/hostname 1137624402 M * Hollow and probably /etc/hosts (if you want to have a working hostname -f) 1137624455 M * oliwel so - hostname is set now from "inside" ? 1137624463 M * oliwel not by uts/nodename ? 1137624485 M * Hollow well, it is still set initially from outside, but the guest is allowed to change it (unless you forbid it) and defaults to localhost in gentoo 1137624488 M * oliwel This is not good.....I use one tree for multiple servers... 1137624507 M * oliwel hmm, ok - so what must I chanfge to disallow it 1137624519 M * Hollow what's the problem with one tree? 1137624525 M * Hollow do you use unification? 1137624536 M * oliwel no 1137624554 M * oliwel I symlink the root-fs and bind mount var and data 1137624565 M * Hollow ic 1137624581 M * Hollow VXC_SET_UTSNAME 1137624603 M * Hollow i.e. echo ~set_utsname >> ccapabilities 1137624606 M * Hollow should do it 1137624614 M * daniel_hozac ~utsname, i think. 1137624637 M * daniel_hozac (that's a bit inconsitent...) 1137624638 M * Hollow probably.. i don't know the mappings of kernel<->userspace names in util-vserver 1137624650 M * Hollow yeah, vserver-utils are consistent here *ahem* 1137624651 M * Hollow ;) 1137624654 M * oliwel where is the file ccapabilites 1137624661 M * Hollow in /etc/vservers/ 1137624664 M * oliwel ok 1137624700 M * Hollow oliwel: sorry, it's capabilities, not ccapabilities 1137624715 M * Hollow wrong again 1137624718 M * Hollow that was for 2.4 1137624726 M * oliwel it works even with cc 1137624729 M * Hollow jee.. damn flower page 1137624777 M * oliwel it wiorks ONLY with cc 1137624781 M * oliwel NOT with cap... 1137624867 M * daniel_hozac yep. 1137624914 Q * mef Quit: using sirc version 2.211+KSIRC/1.3.12 1137624949 M * oliwel so - will go to sleep... 1137624986 M * Hollow me too 1137624988 M * Hollow night all 1137625026 Q * oliwel Quit: Chatzilla 0.9.69.1 [Firefox 1.5/2005111116] 1137625977 Q * cpage Read error: Connection reset by peer 1137626904 M * gdm hi, got a question... 1137626982 M * gdm am gonna reboot host server, currently running patched kernel 2.6.12 (on debian) 1137627012 M * gdm is there a more uptodate, "stable" kernel that i should install? - this is for a production environment 1137627227 M * undefined gdm: define "stable"... 1137627282 M * undefined gdm: for example, i'm running debian, but using (more up-to-date) 2.6.12 ubuntu kernel so i don't have to hassle with kernel security updates 1137627428 M * Doener undefined: hm, ubuntu just released a security update for their 2.6.12 kernel ;) 1137627445 M * undefined Doener: i know 1137627455 M * undefined Doener: got the email overnight 1137627512 M * Doener hm, where's the difference then? security updates happen with about all kernels... (maybe i just didn't understand you) 1137627543 M * undefined Doener: ubuntu security mailing list is much lower traffic than lkml :D 1137627559 M * Doener heh 1137627729 M * undefined Doener: plus i don't have to track the latest kernel versions just to get security updates 1137627755 M * Doener so that was ubuntu vs. vanilla, not ubuntu vs. debian, right? 1137627764 M * undefined Doener: but it does make it a bit harder to test newer vserver releases 1137627772 M * undefined Doener: yes, ubuntu vs vanilla 1137627782 M * Doener ah ok, then i understand :) 1137627791 M * undefined Doener: debian is too "stable" ;) 1137627882 M * undefined Doener: with ubuntu i get a new kernel every 6 months, which is a nice upgrade pace 1137627915 M * undefined Doener: and should i want to stick with the same kernel version (need or laziness) i'm currently guaranteed updates for 18 months 1137628196 Q * Doener Quit: Leaving 1137628515 Q * michal` Ping timeout: 480 seconds 1137628595 M * gdm undefined: sorry, had to run and do something (am at work) 1137628715 M * gdm undefined: well, i am running debian stable, but the kernel was 2.6.8 at the time 1137628759 M * gdm undefined: and micah advised me to use the unstable kernel of 2.6.12 - see http://deb.riseup.net/vserver/preparing/