1139530365 J * fwl ~fwl@83.215.237.1 1139530587 Q * fwl Quit: 1139530782 J * grant mep@p5091B1EF.dip0.t-ipconnect.de 1139531185 Q * grant_ Ping timeout: 480 seconds 1139531375 M * Skram what is VSV? 1139531380 M * Skram VSZ i mean 1139531409 M * daniel_hozac virtual size. 1139531431 M * Skram so... 1139531437 M * Skram what exactly 1139531442 M * Skram like disk space? ram? what 1139531497 M * daniel_hozac virtual ;) 1139531502 M * Skram ?? 1139531538 M * daniel_hozac IIRC it's the sum of all memory mappings. 1139532107 M * derjohn is it possible to use ipsec from inside a guest? 1139532136 M * daniel_hozac well, probably, but you'll need to set it up on the host. 1139532155 M * daniel_hozac probably possible by giving the guest lots of caps as well. 1139532166 M * derjohn hm, somehow I expected this answer :) 1139533694 Q * Aiken Ping timeout: 480 seconds 1139534505 M * daniel_hozac Bertl_zZ: in 2.6.16-rc2-vs2.1.0.10, fs/hfsplus/inode.c is missing #include 1139534554 M * derjohn hfs? :) OK, fix it anyway ... 1139534580 M * daniel_hozac i doubt anyone would ever notice ;) 1139534616 M * daniel_hozac but yeah, depmod outputs a warning about it if hfsplus is built as a module. 1139539074 J * Aiken ~james@tooax6-136.dialup.optusnet.com.au 1139539272 J * jstubbs ~jason@gw.work-at.jp 1139542895 J * stefani ~stefani@c-24-19-46-211.hsd1.wa.comcast.net 1139546988 P * stefani parting (is such sweet sorrow) 1139548079 Q * Loki|muh Remote host closed the connection 1139548082 J * Loki|muh loki@satanix.de 1139548988 M * SuperLag Bertl_zZ: still asleep, eh? :) 1139549085 J * fwl ~fwl@83.215.237.1 1139549286 Q * Loki|muh Remote host closed the connection 1139549593 J * Viper0482 ~Viper0482@p549767B2.dip.t-dialin.net 1139549679 J * Smutje_ ~Smutje@xdsl-84-44-185-109.netcologne.de 1139549730 Q * SuperLag Ping timeout: 480 seconds 1139549809 Q * Smutje Ping timeout: 480 seconds 1139549809 N * Smutje_ Smutje 1139549908 J * SuperLag ~aaron@38.99.66.175 1139550216 Q * SuperLag Read error: Connection reset by peer 1139550269 J * Loki|muh loki@satanix.de 1139550347 Q * fwl Quit: This computer has gone to sleep 1139550777 J * fwl ~fwl@83.215.237.1 1139550908 J * SuperLag ~aaron@38.99.66.175 1139551100 M * SuperLag Is netmount required on vserver guests? 1139551263 Q * fwl Quit: This computer has gone to sleep 1139551672 Q * Viper0482 Quit: bin raus, 1139551707 J * Viper0482 ~Viper0482@p549767B2.dip.t-dialin.net 1139551802 Q * Viper0482 Quit: 1139551829 J * Viper0482 ~Viper0482@p549767B2.dip.t-dialin.net 1139551912 Q * Viper0482 Quit: 1139554453 J * fwl ~fwl@83.215.237.1 1139554799 Q * fwl Quit: This computer has gone to sleep 1139554885 M * Hollow SuperLag: no 1139554897 M * SuperLag Hollow: good evening. 1139554904 M * Hollow morning even 1139554905 M * Hollow ;) 1139554910 M * SuperLag heh 1139554996 M * Hollow SuperLag: btw.. what's your task in gentoo land? 1139555030 M * SuperLag AMD64 arch team, dev-perl, WordPress, Openbox 1139555101 M * Hollow ic.. i started with the apache herd, but now i'm all into vservers .. ;) 1139555227 M * SuperLag Hollow: Xen allows you to dedicate a fixed amount of RAM to the domU's. Can you do something similar with vserver? 1139555248 J * fwl ~fwl@83.215.237.1 1139555330 M * Hollow http://linux-vserver.org/Resource+Limits (RSS, VM, SHMEM iirc) 1139555397 A * jstubbs jumps in on the activity 1139555442 M * Hollow hey jstubbs 1139555459 M * jstubbs another xen vs vserver question.. xen does networking via creating a bridge allowing things like ucarp to be used. is there any standard ip failover solution for vserver? 1139555491 N * Bertl_zZ Bertl 1139555495 M * Hollow morning Bertl 1139555497 M * Bertl morning folks! 1139555521 M * Hollow i even don't knwo ucarp.. 1139555532 M * Bertl jstubbs: yes, heartbeat on bonding devices for example? 1139555560 M * Bertl jstubbs: usually the physical machine will fail, no? 1139555598 M * jstubbs yeah, pretty much 1139555603 M * Bertl (i.e. it would be strange if one guest on the same machine does the failover for the other, not that this would be an issue at all) 1139555643 M * Bertl if you do a 'failover' on the same physical machine, just start the other guest :) 1139555693 M * Bertl a good failover setup for Linux-VServer is to put one half of the guests on machine A, and the rest on the other (B) 1139555720 M * Bertl keep a synced version on the counterpart, and when one machine goes down, start the 'missing' guests on the other 1139555742 M * Bertl (this is something heartbeat can do easily) 1139555785 M * jstubbs heartbeat runs in the host installation with passive->active being done by a custom script? 1139555810 M * Bertl form example 1139555824 M * Bertl *for 1139555862 M * Bertl it's not really an issue at all, consider a setup with only two guests 1139555872 M * jstubbs what i am planning is to have several hosts with 2 vservers set up for each ip address, one active and one passive. 1139555876 M * Bertl one guest has 192.168.0.2 the other 192.168.0.3 1139555907 M * jstubbs what i'm trying to figure out is if the service running inside of the active vserver goes down but keeps the ip, what to do? 1139555913 M * Bertl you put each of them on a machine (physical) 1139555945 M * Bertl jstubbs: if a service _instide_ the guest goes down, you have either to restart it (inside) or to restart the guest (usually on the _same_ machine) 1139556107 M * jstubbs just setting my first test machine now so i should probably have a play before asking more questions ;) 1139556203 M * Bertl np, but yes, get a feeling 1139556587 M * SuperLag Bertl: you were right. 1139556603 M * SuperLag Bertl: they gave me incorrect info for the networking 1139556622 M * SuperLag Bertl: that and they had eth0 plugged into port 24 on teh switch and eth1 wasn't even plugged in 1139556638 M * Bertl SuperLag: good to hear! 1139556654 M * SuperLag Bertl: still can't ssh to guest 1 though 1139556658 M * SuperLag I gave up. 1139556675 M * Bertl well, it's propably easy to fix 1139556721 J * rene- ~rene@201.144.61.92 1139556757 M * Bertl welcome rene-! 1139556787 M * Bertl SuperLag: I doubt it is vserver related at all (like the other issues) 1139556794 M * rene- Thanks Bertl! 1139556871 M * SuperLag Bertl: I've racked my brain trying to figure out what it is... and turned over (I think) every stone. :/ 1139556884 M * Bertl well, shall we try? 1139557267 P * anonc adios 1139557315 Q * fwl Ping timeout: 480 seconds 1139557551 M * jstubbs what's vserver-utils? a rewrite of util-vserver? 1139557571 M * Bertl well, yes, Hollow started his own set of tools 1139557647 M * Bertl he is following development more closely, so I guess they will soon be able to replace util-vserver 1139557648 M * jstubbs which have a higher version available in gentoo's portage than on the 13thfloor site (which is essentially why i'm choosing vserver over xen ;) 1139557672 M * Bertl yes, I'm lazy with updating :) 1139557679 M * Hollow :) 1139557701 M * Bertl but now that you mention it, Hollow, where are the latest and greatest of them? 1139557719 M * Hollow http://dev.gentoo.org/~hollow/vserver-utils for the tars 1139557725 M * Bertl tx 1139557747 M * Hollow and http://dev.croup.de/proj/vserver-utils for info + svn trunk 1139557780 M * Bertl jstubbs: you should be aware that Xen and Linux-VServer are not competitive products per se ... they are more complemental 1139557843 M * Bertl jstubbs: if you have a 'need' for a custom kernel, then a Xen domain will do nicely, if you want to get the most out of your resources, then Linux-VServer is your choice, and of course, you can run Linux-VServer inside a Xen domain too 1139557847 M * jstubbs yep.. but for my objective, it's an either/or. i was considering vserver for the back end and xen for the front end, but each has its own set of issues. 1139557849 M * Hollow Bertl: i'd like to discuss something like a startup/shutdown policy for guests, so we get this all-time bug fixed better 1139557856 M * jstubbs i figured i'd minimize the set of issues i have to deal with. 1139557875 M * Hollow and also what we'll do with vshelper in vserver-utils 1139557891 M * Bertl Hollow: okay, I'm still hunting, but that leaves me a lot of time to talk meanwhile ... 1139557904 M * Hollow still the umount bug? 1139557922 M * Bertl yup, narrowed it down to 34k patch 1139557934 M * Hollow wth.. 1139557959 M * Bertl did take 35 guest installs and 62 kernel builds 1139557965 M * Bertl but was mainly my fault 1139557980 M * Bertl I 'forgot' to configure vi to break hardlinks 1139558012 M * Hollow ah, your 1000+ kernel dir got fcked up? ;) 1139558023 M * Bertl yeah, give it to me! 1139558042 M * Hollow sorry :) 1139558043 M * Bertl but not on my devel machine, on the test machine, as I did do the mods there 1139558059 M * Bertl and it was newly installed, vim not configured ... 1139558064 M * Hollow ic .. 1139558083 M * Bertl unfortunately I have to do a complete guest install to check for the issue 1139558095 M * Bertl we still do not know what exactly causes it 1139558100 M * Hollow so, what do you think about vshelper? should we keep it? should it be replaced by the mysterious dameon..? 1139558120 M * Bertl I think we should keep the vshelper for now 1139558133 M * Hollow ok, gues sso too 1139558135 M * Bertl but, if you followed our mainline discussions 1139558151 M * Bertl (if not, you can read up on that on lkml or the irc log) 1139558163 M * Hollow ok, approx timespan? 1139558168 M * Hollow in the irc logs 1139558171 M * Bertl 36 hours 1139558187 M * Bertl last 2 days roughly 1139558190 M * Hollow and with whom did you discuss? 1139558206 M * Bertl mainly ebiederm and hallyn 1139558212 M * Hollow ok, will look at it 1139558224 M * Bertl the conclusions are basically: 1139558241 M * Bertl - we will have so called 'spaces' for each virtualization area 1139558253 M * Bertl - those spaces will be primarily tied to the tasks 1139558270 M * Bertl - a 'parent' task will be the reference for the guest 1139558276 M * SuperLag hmm 1139558288 M * Hollow and parent lives on the host? 1139558294 M * Bertl yep 1139558305 M * Bertl so that one is predestined to become the daemon 1139558333 M * Hollow ic, and every space has its own parent, or one parent for all? 1139558360 M * Bertl one parent, but it doesn't have to be a full process, only a task struct 1139558378 M * Bertl so it could probably be a thread of the daemon 1139558401 M * Hollow mhm, so these spaces will replace contexts, right? 1139558426 M * Bertl yes and no, they will work similar like the current 'name space' 1139558447 M * Bertl i.e. you decide at clone() time if you want a new one or keep the old one 1139558454 M * Hollow so, it's a 'pid space' more or less 1139558460 M * Bertl and you can later decide to 'break' with the others 1139558487 M * Bertl the 'pid space' is one aspect, utsname, shm, user, limit, permission are others 1139558528 M * Hollow what does "break later on" mean? 1139558546 M * Bertl the so called 'unshare()' syscall will do that 1139558576 M * Bertl i.e. it does not necessarily have to be decided at clone() time 1139558584 M * Hollow but what does it do? 1139558600 M * Bertl it replaces a specific 'shared' space with a new one 1139558624 M * Bertl for our purpose we will also require syscalls (or commands) to move between those spaces 1139558655 M * Hollow so, the shared space is the counterpart for context=0 more or less 1139558673 M * Bertl no, the 'initial' space would be that 1139558686 M * Hollow ok, then i still didn't get the shared one ;) 1139558686 M * cehteh morning 1139558713 M * Bertl hmm, I guess I know what you think ... 1139558713 J * fwl ~fwl@83.215.237.2 1139558740 M * Hollow that's why i appreciate your explanations so much ;) 1139558740 M * Bertl Hollow: forget the 'shared' part, two processes 'share' a space if they _are_ in the same space 1139558763 M * Bertl so, if you have 10 processes on the host 1139558763 M * Hollow *kling* 1139558770 M * Bertl they all share the initial spaces 1139558787 M * Bertl now if you create a new guest, it will get a custom space set 1139558800 M * Hollow so, the unshare syscall, is just what clone does with CLONE_NEWSAPCE or so 1139558812 M * Bertl precisely, just at a later time 1139558865 M * Hollow does the parent concept also permit hierarchical contexts? 1139558874 M * Hollow *spaces 1139558875 M * Hollow :) 1139558877 M * Bertl yep 1139558899 M * Bertl when you 'create' a new pid space, the parent becomes the handle 1139558900 M * Hollow sounds nice 1139558922 M * Hollow does the namespaces have such a parent design as well? 1139558935 M * Hollow or are they completely independent 1139558945 M * Bertl all spaces are somewhat independant 1139558961 M * Hollow i mean the fs namesapces.. 1139558961 M * Bertl but only the pid space carries this explicit structure 1139558978 M * Hollow like they are in vanilla atm 1139558980 Q * fwl Quit: 1139558991 M * Bertl of course, you can address a name space via some 'example' task 1139559003 M * Bertl but it doesn't need/have the parent/child structure 1139559048 J * meandtheshell ~markus@85-125-228-113.dynamic.xdsl-line.inode.at 1139559056 M * Hollow wouldn't that easy looking for still existant mounts like in your current bug hunting? 1139559065 M * Hollow if you can walk the tree of namespaces 1139559073 M * Bertl yes, probably 1139559116 N * ebiederm_oO ebiederm 1139559125 M * Hollow morning ebiederm 1139559145 M * Bertl good morning ebiederm! 1139559163 M * ebiederm morning Hollow, I'm actually on my way to bed.... It's 1am here... 1139559174 M * ebiederm But I figured I would poke my nose in. 1139559196 M * Hollow ic.. :D 1139559216 M * ebiederm I was trying to test my patches on x86_64 and I got a OOM during boot! 1139559226 M * Bertl cool! 1139559236 Q * rene- Ping timeout: 480 seconds 1139559274 M * ebiederm I'm not certain what is going on but at the moment I suspect something has tickled a bug in my old compiler. 1139559318 M * Bertl how old? 1139559337 M * ebiederm 3.2.3 1139559357 M * Bertl could be, get a 33.6 1139559361 M * Bertl *3.3.6 1139559393 M * ebiederm The reason I suspect that is there was a sequence that ac->entries[ac->avail++] And I printed ac->avail both before and after that statement and got 0.! 1139559408 M * ebiederm Yes. Upgrading my compiler looks like the next sensible step. 1139559416 M * ebiederm But not tonight. 1139559496 J * fwl ~fwl@83.215.237.2 1139559665 M * ebiederm Well Darn. It was a compiler bug. 1139559695 M * ebiederm After moving the increment to the next line the kernel boots! 1139560051 M * ebiederm Definitely time to upgrade my compiler. 1139560495 Q * fwl Ping timeout: 480 seconds 1139560807 Q * shedi Quit: Leaving 1139561071 J * fwl ~fwl@83.215.237.2 1139562805 N * ebiederm ebiederm_zZzZzZzZ 1139562812 M * Bertl night ebiederm_zZzZzZzZ! 1139562911 M * ebiederm_zZzZzZzZ Hopefully. 1139563156 Q * lilalinux Remote host closed the connection 1139563190 J * prae ~prae@ezoffice.mandriva.com 1139563203 J * lilalinux ~plasma@80.69.35.186 1139563459 M * Bertl welcome prae! lilalinux! 1139563503 M * prae :) 1139563517 M * Bertl received both your emails yesterday :) 1139563549 J * shedi ~siggi@tolvudeild-204.lhi.is 1139563553 M * prae oh ? :) 1139563566 M * prae I modify the resolv ipaddr yesterday ;) 1139563669 J * rah33|a Marhabba@202.123.250.65 1139563675 M * Bertl welcome rah33|a! 1139563687 M * rah33|a any pakistani here? 1139563695 M * Bertl could be, why? 1139563751 M * Bertl channel language is english, topic is linux-vserver, I don't see a relation :) 1139563760 M * jstubbs Hollow: the gentoo vserver howto has a mistake.. vserver-new is missing at the very end 1139563995 M * jstubbs other than that, everything's working ok :) 1139564085 M * jstubbs bind mounts don't work? 1139564203 M * jstubbs ahh.. they do but only as at the time when the vserver is started 1139564333 M * Bertl hmm, when would you expect them to happen? 1139564372 M * jstubbs when the mount is done.. but that's just my ignorance as to how the kernel works 1139564488 M * Bertl huh? now you confused me ... 1139564535 M * Bertl could it be that you are confused by the namespaces? 1139564554 M * Bertl i.e. you did the mount int he wrong name space (on the host) and expected it to work int he guest? 1139564569 M * jstubbs dunno if "vserver" is a gentoo specific script or not but... `vserver myguest start; mount -o bind /usr/portage /vservers/myguest/usr/portage; vserver myguest enter; ls /usr/portage` didn't work 1139564573 M * Bertl then, after guest restart, it 'suddenly' works? 1139564587 M * jstubbs heh.. not surprisingly, but yes. 1139564588 M * Bertl ah, yes, what I expected ... 1139564609 M * Bertl what you 'actually' want is to add that bind mount to the fstab for the guest 1139564618 M * Bertl (in the config) 1139564630 M * Bertl which will not show it on the host (name space) but in the guest 1139564659 M * Bertl daniel_hozac: ping? 1139564672 M * jstubbs and will make management of vservers easier too.. cool :) 1139564900 M * ebiederm_zZzZzZzZ Bertl: sys_share(unsigned long share_flags, pid_t pid) (to implement enter?) 1139564972 M * Bertl have to think about it, but I'm not conviced it is a good idea to tie it to a task 1139565014 M * Bertl thing is, how would you enter the namespace of a process inside a guest? 1139565131 M * Bertl also, share() sounds somewhat wrong to me, but that's just a feeling 1139565185 M * Bertl if we want to allow deeper access, we probably need push/pop 1139565225 M * jstubbs sshd with the default config on the host has 'listen 0.0.0.0'; ssh'ing to my guest connected me to the host as the guest sshd had actually failed to start. 'listen ' fixed it so i take it services running on the host should be locked down to specific ip addresses? 1139565240 M * Bertl yup 1139565574 M * jstubbs ok. so processes on the host are essentially free to use resources as they wish? hence the "run as little on the host as possible" wiki recommendation? 1139565603 M * Bertl yes, but you can always put 'host' services into lightweight guests 1139565622 M * jstubbs yep, gotcha 1139565625 M * Bertl i.e. you can use chbind (don't use it for sshd though) to restrict services to host ips and so on 1139565644 M * Bertl (this is what the v_* wrappers do) 1139565830 Q * brc_ Ping timeout: 480 seconds 1139566191 Q * MartinZd2 Remote host closed the connection 1139566417 Q * Dr4g_ Read error: Connection reset by peer 1139566605 Q * rah33|a Quit: 1139567311 Q * fwl Quit: This computer has gone to sleep 1139567745 J * brc_ bruce@20151200006.user.veloxzone.com.br 1139567899 J * fwl ~fwl@83.215.237.2 1139568882 Q * mire Ping timeout: 480 seconds 1139570082 Q * brc_ Quit: [BX] PARTYTIME! 5 seconds to the millenium! 4...3...2...1...EOF From client 1139570106 J * brc_ bruce@20151200006.user.veloxzone.com.br 1139570110 N * brc_ brc 1139570642 M * Bertl argl! 1139571079 M * Bertl RoadRunnR: ping! 1139571144 M * RoadRunnR Bertl: pong! 1139571153 M * Bertl I guess I found it 1139571171 M * Bertl interested in trying a patch? 1139571196 M * nox i have problem running samba in a vserver i guess it is related to the broadcast problem 1139571211 M * RoadRunnR Bertl: very 1139571213 M * nox http://linux-vserver.org/ProblematicPrograms <- doesn't say anything about broadcast 1139571218 M * Bertl nox: could be, what is the problem? 1139571237 M * Bertl RoadRunnR: okay, give me a few minutes, what kernel do you use? 1139571254 M * RoadRunnR 2.6.16-rc2 1139571264 M * RoadRunnR or 2.6.15.3 1139571268 M * RoadRunnR whatever you prefer 1139571275 M * nox querying DMZ3 on 10.6.6.255 1139571275 M * nox querying DMZ3 on 10.2.2.255 1139571275 M * nox name_query failed to find name DMZ3 1139571279 M * Bertl RoadRunnR: okay, then 2.6.16-rc2 it is 1139571311 M * Bertl nox: and, is 10.6.6.255 or 10.2.2.255 assigned to the guest? 1139571329 M * nox no it his the broadcast of the subnet 1139571343 M * Bertl so how is the guest samba supposed to bind to it? 1139571471 M * nox well is all broadcast than directed to it or will the rootserver also get it? 1139571493 M * Bertl depends who binds to the broadcast address 1139571511 M * Bertl you will not be able to have two samba servers on the same broadcast 1139571521 M * Bertl (which should be obvious) 1139571528 M * nox yes it is 1139571565 M * nox there is no other samba, so it should be save 1139571573 M * nox thx again Bertl 1139571591 M * Bertl you're welcome! 1139571607 Q * fwl Quit: This computer has gone to sleep 1139571631 M * nox Bertl: one more thing, do you have a bme patch for 2.6.15.2-vs2.0.1.2 1139571968 M * Bertl an untested one, yes 1139571996 M * nox i gonna test it if you like 1139572002 M * Bertl how? 1139572027 M * nox well mainly the ro feature 1139572036 M * nox or what di you mean? 1139572048 M * nox s/di/do/ 1139572067 M * Bertl yeah, well, you can have it if you like, but if it blows your kernel, it's your problem 1139572086 M * nox yes then i will tell you that as well 1139572095 M * nox it is not a production server 1139572174 M * Bertl okay, give me a few minutes 1139572200 M * nox thx! 1139572665 M * nox samba works btw 1139572692 M * Bertl RoadRunnR: http://vserver.13thfloor.at/Experimental/delta-proc-fix02.diff 1139572702 M * Bertl nox: excellent! 1139572784 M * Bertl nox: will take a few more minutes, I'm out of disk space and have to cleanup first 1139572850 M * nox Bertl: take your time! no need to hurry 1139572963 Q * meebey Read error: Connection reset by peer 1139573185 J * meebey meebey@booster.qnetp.net 1139573643 M * Hollow jstubbs: btw.. the util-vserver ebuild has a patched fstab with commented portage entries already.. 1139573687 M * Bertl ah, good idea ... 1139573889 M * Hollow Bertl: is proc-fix02 for the umount bug? 1139573914 M * jstubbs Hollow: yep, i noticed. thanks. 1139573934 M * Bertl Hollow: yes 1139573954 M * Bertl Hollow: required for all kernels which have the proc-fix01 1139573969 M * Hollow jstubbs: for gentoo guests you should also take a look at vdispatch-conf, vupdateworld and vemerge 1139574190 J * fwl ~fwl@83.215.237.2 1139576933 Q * Aiken Quit: Leaving 1139578487 M * RoadRunnR Bertl: juhu, it works! 1139578503 Q * fwl Quit: This computer has gone to sleep 1139578506 M * Bertl good :) 1139578766 J * fwl ~fwl@83.215.237.2 1139579297 Q * fwl Quit: Leaving 1139580275 Q * jstubbs Quit: leaving 1139580408 M * SuperLag Hollow: I think that the stageball for the current stable is messed up 1139580428 J * mire ~mire@183-166-222-85.COOL.ADSL.VLine.verat.net 1139580442 M * Bertl welcome mire! 1139580817 J * fwl ~fwl@83.215.237.2 1139580853 M * Hollow SuperLag: yep, and unfortunately i'm already aware of it ;) 1139580881 M * SuperLag Hollow: what do you see as being broken in it? 1139580891 M * Hollow will be cleaned up with 2006.0 but will have to do some investigations first with the new virtual system 1139580926 M * Hollow well, mostly the profile is fucked up, and i built the stages manually and a bit help of catalyst, so i guess there are many nasty little bugs in it 1139580942 M * SuperLag heh :) 1139580945 M * SuperLag the profile 1139580948 M * SuperLag we're on the same page 1139580951 M * Hollow (fkced up only wrt catalyst and stage building) 1139580963 Q * fwl Quit: 1139580969 M * Hollow the thing is.. baselayout is hardcoded everyhwere in the profiles 1139580983 M * Hollow because of versions, so i guess we have to create a new-style virtual for baselayout to fix that 1139580993 M * SuperLag I've got mcummings trying to do an emerge -eD world in one of the guests, and sandbox won't builg 1139580997 M * SuperLag build 1139581046 M * Hollow error? 1139581075 M * SuperLag I'm not sure. He hasn't responded yet 1139581087 M * SuperLag he linked to the correct profile 1139581094 M * SuperLag and started the rebuild 1139581104 M * Hollow well, it can be totally profile independant.. 1139581112 M * Hollow but the profile is a big mes snevertheless 1139581148 M * SuperLag 07:32 sys-apps/sandbox just will not build - i think this is going to have to be rebuilt from scratch :/ 1139581149 M * Hollow maybe i'll work out a proposal for virtual/baselayout during the weekend and send it to -dev 1139581195 M * Hollow well, without any error message it's kinda hard ;) 1139581215 M * Bertl your crystal ball is in service too? 1139581240 M * SuperLag Hollow: of course, I was just posting what he had said 1139581245 M * Hollow no, it's out of order atm ;) 1139581572 Q * shedi Quit: Leaving 1139581714 M * daniel_hozac Bertl: pong 1139581729 M * Bertl hey daniel_hozac! problem solved! 1139581738 M * daniel_hozac hehe, ok, good. 1139581752 M * daniel_hozac did you see my message about the missing #include ? 1139581762 M * Bertl nope, where? 1139581774 M * daniel_hozac fs/hfsplus/inode.c 1139581786 M * daniel_hozac (in 2.6.16-rc2-vs2.1.0.10) 1139581795 M * Bertl ah, hmm .. k 1139581878 J * ntrs_ ~ntrs@68-188-50-87.dhcp.stls.mo.charter.com 1139582190 Q * ntrs Ping timeout: 480 seconds 1139586097 J * frankeh ~frankeh@yktgi01e0-s4.watson.ibm.com 1139586144 P * frankeh 1139588600 J * telepatrik ~telepatri@r4c252.chello.upc.cz 1139588641 M * telepatrik :-) 1139588653 M * Bertl welcome telepatrik! 1139588810 Q * telepatrik Quit: 1139588832 J * Viper0482 ~Viper0482@p54976A03.dip.t-dialin.net 1139589059 J * stefani ~stefani@superquan.apl.washington.edu 1139589445 Q * sladen Ping timeout: 480 seconds 1139589473 N * ebiederm_zZzZzZzZ ebiederm 1139589486 M * ebiederm Morning Bertl. 1139589569 J * sladen paul@starsky.19inch.net 1139589767 M * Bertl hey ebiederm! 1139589806 M * ebiederm It really is morning here now. :) 1139589818 M * Bertl ebiederm: :) 1139589981 M * ebiederm Bertl: Do you know how autofs works? Does the kernel do the mouting or does it invoke a user mode helper? 1139590216 M * Bertl hmm, probably depends on the version 1139590329 M * ebiederm I'm brainstorming and if there is someplace the kernel does a mount for userspace then I cane fix some of my /proc bugs :) 1139590683 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il 1139590748 M * dhansen ebiederm: has Al Viro seen any of your /proc patches? 1139590770 M * ebiederm dhansen: I mentioned them to him a little bit. But I don't think he has seen them. 1139590818 M * ebiederm I need to split up my /proc patches anyway. 1139590838 M * dhansen ebiederm: Just wanted to make sure you weren't spending too much time on something that you might have to re-code to Viroify :) 1139590859 M * ebiederm dhansen: How is your understanding coming. 1139590863 M * gerrit dhansen, ebiederm: did we want a mailing list as yet or are we sticking with LKML ? 1139590885 M * dhansen ebiederm: I haven't pulled down your git tree 1139590912 M * ebiederm dhansen: Ok. I thought you were going to read through the patches you had. 1139590914 M * dhansen gerrit: I think we're OK with LKML for now. At least I am 1139590941 M * dhansen ebiederm: well, I think too many of my concerns were just because the patches were stale. I'd be happy to restart, though 1139590973 M * ebiederm ok. 1139591041 M * ebiederm As for maillists now that we seem to have consensus. This is when taking thigs of lkml could happen. 1139591056 M * ebiederm But we probably want to start getting some patches merged first. 1139591078 J * shedi ~siggi@inferno.lhi.is 1139591100 M * ebiederm I think I am going to look at SYSVIPC as one of the first canidates. It is simple enough not to have real issues. 1139591108 M * ebiederm UTSNAME is another good one to start with. 1139591345 M * Bertl ebiederm: why not start with something new :) 1139591362 M * ebiederm Bertl: Such as? 1139591388 M * Bertl networking *G* 1139591416 M * ebiederm Currently in my tree I have SYSVIPC, UTSNAME, NETWORKING. 1139591435 M * ebiederm SYSVIPC and USTNAME each should take about an hour, maybe a day. 1139591443 M * ebiederm Then I can grab networking. 1139591453 M * ebiederm I need to update it so the code doesn't bitrot. 1139591490 M * ebiederm But I think I can merge SYSVIPC and if I do that the momentum has started. 1139593021 M * dhansen ebiederm: we have an implementation of that for the Meiosys product. Would you be interested if I can get you a copy? 1139593055 M * Bertl of UTS or IPC? 1139593099 J * Pulsar ~40122698@AMarseille-153-1-2-91.w86-194.abo.wanadoo.fr 1139593139 Q * Pulsar Quit: 1139593159 M * dhansen IPC 1139593171 M * dhansen ipc/mqueue.c | 59 +++++ 1139593171 M * dhansen ipc/msg.c | 48 +++- 1139593171 M * dhansen ipc/sem.c | 52 ++++- 1139593171 M * dhansen ipc/shm.c | 100 +++++++-- 1139593188 M * dhansen those are just some simple hooks out into a module, but would probably give you a place to start 1139593457 M * SiD3WiNDR is it possible to add an IP to a running vserver on 2.6? 1139593489 M * Bertl yes, at least in theory, but it doesn't buy you much 1139593573 J * Anon1428 ~Anon1428@p5489FC68.dip.t-dialin.net 1139593578 M * Anon1428 hello 1139593591 M * Anon1428 jemand deutsch ???? 1139593613 Q * Anon1428 Quit: 1139593737 M * SiD3WiNDR Bertl: heh, ok :) 1139594378 Q * mef Remote host closed the connection 1139594412 J * mef ~mef@targe.CS.Princeton.EDU 1139594663 M * SuperLag Hollow: ping 1139595002 J * Smutje_ ~Smutje@xdsl-84-44-247-56.netcologne.de 1139595109 Q * Smutje Ping timeout: 480 seconds 1139595109 N * Smutje_ Smutje 1139595398 Q * prae Quit: Execute Order 69 ! 1139595724 Q * ntrs_ Ping timeout: 480 seconds 1139596068 M * Hollow SuperLag: pong 1139596117 M * SuperLag Hollow: were you saying that the profile issues weren't going to be fixed until the release of 2006.0? 1139596170 M * Hollow well, they should be fixed before, but the stages will be updated for 2006.0, and not earlier 1139596181 M * Hollow well.. 1139596212 M * Hollow at least they should be bug free because it can be built completely with catalyst then 1139596240 M * Hollow any details on the sandbox issue? 1139597192 M * SuperLag I'm getting mcummings to come over here, so we can discuss it here. 1139597265 J * mcummings ~mcummings@134.68.220.30 1139597284 M * SuperLag hah 1139597287 M * Bertl hey mcummings! 1139597295 J * tts ~tiny@85.98.114.191 1139597299 M * SuperLag mcummings: so what kind of errors were you getting with sandbox? 1139597299 M * mcummings hey! Bertl(?) 1139597320 Q * tts Quit: 1139597337 M * mcummings SuperLag: bah, i closed the session :/ cross compiler errors, but that was because the profile and what not were pointing to x86 and i was trying to rebuild the live system as amd64 1139597360 M * SuperLag so open the session, and start over 1139597399 M * SuperLag that vserver is still going, so you should be able to connect 1139597410 M * mcummings checking whether the C compiler works... configure: error: cannot run C compiled programs. 1139597431 M * mcummings which is probably because i didn't treat it like a stage 1 and start with the initial build scripts.... 1139597436 M * mcummings so gcc etc are foobarred 1139597451 A * mcummings checks for language restrictions...and whether foobar would be part of that.... 1139597642 J * ntrs ~ntrs@68-188-50-87.dhcp.stls.mo.charter.com 1139597677 M * SuperLag mcummings: if it gets to be too far gone, let me know, and I'll recreate that guest. The only changes I made were updating Perl to 5.8.8 and portage to the latest version. 1139597690 M * SuperLag mcummings: and you can just as easily do that as I can :) 1139597738 M * SuperLag oh yeah.... there are 18 other packages that get updated as well, when I update world, but that takes all of 5-7 minutes 1139597816 J * Doener doener@i5387D2E2.versanet.de 1139597827 M * Bertl evening Doener! 1139597835 M * Doener evening 1139597862 M * mcummings yeah, i was trying an emerge -eD world (failed), so i went down to system, same failure, but its really because of the stage1 stuff still thinking its x86 even though the profile is amd64 1139597954 Q * Doener Quit: 1139597979 M * SuperLag mcummings: I'm going to go ahead and recreate that guest. 1139598159 M * mcummings SuperLag: yeah....not even seeing the docs on stage1 builds naymore, and its been years since i did that 1139598380 M * Hollow hm, strange... but it even did not work for i386/i686 once.. 1139598483 M * SuperLag Hollow: what was that? 1139598489 M * SuperLag Hollow: trying to rebuild? 1139598529 M * Hollow no, if you used x86 stage1 and built i686 system with it, it sometimes failed to build due to still seeking for i386-gcc-linux-gnu or so 1139598562 M * SuperLag Hollow: how long would it take you to build a new stage for amd64? :) 1139598620 M * Hollow well, 2.8G celeron with 3G ram.. 1139598627 M * Hollow would be the build machine 1139598661 M * SuperLag Hollow: do you need an AMD64 to do the build on? 1139598685 M * SuperLag mine only has 2GB of RAM though :) 1139598690 M * SuperLag at least right now 1139598699 M * SuperLag it will be upgraded to 4GB very soon 1139598705 M * Hollow guess not, but i never did cross compile, and i don't want to paralyze my main system 1139598733 M * SuperLag Hollow: you're free to use mine, if you like 1139598741 M * mcummings Hollow: how complicated is the build process? is it completely scripted? (yeah, i'm volunteering SuperLag's machine, don't worry ;) 1139598753 M * Hollow well, as i said.. a 2.8GHz/3G ram would be the build machine for amd64 1139598754 A * SuperLag kicks mcummings 1139598757 M * Hollow i donÄt have amd64 here at home 1139598791 M * SuperLag I'm confused as to how you can properly build for amd64 on a non-amd64 machine?? 1139598804 M * Hollow but if we can sort out the profile mess, i can start building new stages over night 1139598834 M * Hollow any of you familar with the new virtual system? 1139598871 M * SuperLag no sir 1139598873 M * Hollow mcummings: well, it's catalyst 1139598885 M * SuperLag Hollow: should I be using one of the keyworded versions instead? 1139598906 M * Hollow you mean baselayout-vserver? 1139598906 M * SuperLag Hollow: judging from the conversations in here, you guys were still having problems with the 2.1.x.x stuff? 1139598918 M * Hollow well, it's the devel branch 1139598924 M * Hollow like 2.5.x kernels 1139598939 M * SuperLag Okay. wait. I'm going to shut up and let you talk because I'm not sure what you're asking about. 1139598958 M * Hollow no, i just guessed which keyworded verision you mean 1139598960 M * Hollow ;) 1139598979 M * Hollow you see... my crystal ball is really out of order 1139599027 M * Hollow i'll try to figure the profile changes later on, but i'm busy with preparing dinner atm, so cu later! 1139599050 M * SuperLag ciao 1139599070 M * mcummings ciao ciao 1139599234 J * menomc ~amery@200.75.27.25 1139599341 Q * mnemoc Ping timeout: 480 seconds 1139599341 N * menomc mnemoc 1139599405 M * mire hello, I experienced a linux lockdown few hours ago, I think this could be because of vserver since I never had those problems before 1139599463 J * liquid3649_ ~Viper0482@p54976A03.dip.t-dialin.net 1139599591 Q * Viper0482 Ping timeout: 480 seconds 1139599628 M * daniel_hozac mire: did it oops? did you get the trace? 1139599669 M * Bertl mire: lockdown? 1139599832 M * mire yeah, I could type whatever I wanted but box was non responsive 1139599851 M * mire no kernel trace 1139599880 M * mire it might be related to vserver... I'm not sure 1139599893 M * Bertl hmm, how did it 'come back'? 1139599908 M * mire restat 1139599911 M * mire restart 1139599932 M * mire when I pressed ctrl+alt+del it displayed the restart message but the restart process didn't work 1139599941 M * mire I had to press the restart button to restart it 1139599951 M * Bertl hmm, what kernel version? 1139599964 M * derjohn How can I get the "next free" context on a host? I dont want the next free _running_ but more the 'latent' ones, i.e. max(`cat /etc/vservers/**/context`)? No script there? 1139599968 M * mire Linux zwer 2.6.14.3-vs2.0.1-vserver-1 #2 PREEMPT Sun Jan 22 05:08:13 CET 2006 i686 GNU/Linux 1139600006 M * mire I checked syslog files but I couldn't find anything unusual 1139600025 M * mire actually, I don't know how to debug this... 1139600061 M * Bertl hmm, a preempt kernel? 1139600068 M * mire yes, desktop 1139600082 M * Bertl hmm, so with x11 and such? 1139600085 M * mire yes 1139600103 M * Bertl okay, most likely an x11 process got stuck 1139600111 M * mire I went to text console 1139600115 M * mire but it didn't work 1139600115 M * Bertl that can pretty much mess up any linux machine 1139600123 M * Hollow derjohn: xid=$(let x=0; for i in /etc/vservers/*/context; do if [[ $(<$i) -gt $x ]]; then let x=$(<$i); fi; done; echo $x) 1139600165 M * derjohn Hollow (mindreader) yes, I was just about to create that. :) thx 1139600173 M * Hollow you're welcome ;) 1139600216 M * Bertl mire: I doubt it is vserver realted, but I'd suggest to update to 2.6.14.7 at least 1139600266 M * derjohn Hollow, "let" in bash? U thought 'let' is before your time :) (C64 ...) 1139600313 M * Hollow hm, no.. and you're right, here it is not necessary 1139600331 M * Hollow i'm just used to use let if i'm playing with math ;) 1139600335 Q * Pazzo Quit: ... 1139600600 M * FaUl which caps do i need for running bind? 1139600610 M * Bertl none 1139600615 M * derjohn Hollow, he he besides 'useless use of cat' twe could start a useless bash commands at all. But my feeling says it better readable mit a let. I didnt know that 'let' exists in bash :) 1139600642 M * Hollow well, if you want to do math, you need it 1139600645 M * Hollow afaik 1139600666 M * FaUl Bertl: it says i don't have the required caps 1139600678 M * derjohn FaUl, I use: CAP_SYS_RESOURCE 1139600678 M * derjohn NET_BIND_SERVICE 1139600678 M * derjohn NET_RAW 1139600678 M * derjohn CAP_NET_RAW 1139600678 M * derjohn (If I dont compile bind myself) 1139600717 M * Bertl Hollow: try $[] and $(( )) 1139600734 M * Bertl FaUl: rebuild it with --disable-linuxcaps 1139600788 M * FaUl Bertl: yes, I personally would but it's not for me 1139600802 M * derjohn Bertl, FaUl, yes but then you always have to care about security updates (i.e. cant use debian security) because you have to "echo bind9 hold | dpkg --set-selections" 1139600838 M * Bertl derjohn: instead you lower security because of a broken app? 1139600869 M * arnaud is it possible to remove a (b)capability from a running vserver "on the fly"? 1139600876 M * derjohn Bertl, I thought Hollow 'let' was nothing about bash, more a state of mind at the time (math in english use let a lot) 1139600887 M * Bertl arnaud: nope, caps are per task 1139600904 M * arnaud Bertl, what is a task? a process? 1139600914 M * derjohn Bertl, why is linux-vserver broken? *fg* 1139600920 M * Bertl arnaud: process or thread 1139600926 M * arnaud Bertl, ok :) 1139600937 M * Bertl derjohn: no, but bind is 1139600965 M * derjohn Bertl, well, I wouldn't give the capa to a 'foreign' guest, but to my own one. 1139600987 M * derjohn Bertl, it's evene better then running bind on the host, or? 1139601007 M * Bertl yes 1139601016 M * derjohn Bertl, besides that, what could a attacker with the capa if he get on the host? sniffing? 1139601029 M * Bertl spoofing 1139601198 M * derjohn Bertl, hm, well, hm, yes. The Q is if that is sooo dangerous. Ok, he could DoS services (IP) of this particular net. He could use as DoS platform. But he would be detected soon (I have the from 'above' by entering the host). 1139601286 M * derjohn Bertl, would there be a way like arnaud just proposed to give a certain app in the context a capa? i.e. vcapability -xid 123 '/usr/sbin/foo' or so ? 1139601318 M * Bertl in theory yes 1139601339 M * Bertl regarding bind, it's useless, it just requires the cap to drop it :) 1139601359 M * derjohn in practice its not worth implementing for borken apps? 1139601379 M * Bertl in practice we have already better solutions for that 1139601412 M * derjohn Bertl, er, why the hell do the DDs compile it without the "--disable-linuxcaps"? Is there a reason we would need that? 1139601436 M * derjohn If no, I would file a wish on packages.debian.org 1139601446 M * Bertl on a 'normal' linux system, bind is _more_ secure with the caps enabled 1139601459 M * Bertl on a linux-vserver guest it is less secure 1139601487 M * Bertl that's because the security a guest has by default is higher than the one reached by bind 1139601490 M * Hollow but isn't it a bug anyway, and bind should say "heya, it is already dropped, i don't care"? 1139601506 M * Bertl yup, that's why I say it is broken 1139601514 M * Hollow ah, ok.. :) 1139601524 M * Bertl (it's a little more complicated, but nevertheless broken) 1139601527 M * Hollow must haved missed that 1139601541 M * derjohn so, the right place would be the bind people ... ISC ... to file wish/bug? 1139601551 M * daniel_hozac i've got a patch for it. 1139601569 M * derjohn daniel_hozac, really? submitted to somewhere? 1139601572 M * daniel_hozac http://daniel.hozac.com/stuff/bind-9.2.3-CAP_SYS_RESOURCE-when-available.patch 1139601573 M * daniel_hozac no. 1139601592 M * derjohn daniel_hozac, does fedora include that already? 1139601595 M * daniel_hozac no. 1139601607 M * derjohn daniel_hozac, for any particular reason? 1139601615 M * daniel_hozac i haven't submitted it anywhere. 1139601622 M * daniel_hozac been too lazy. 1139601634 M * daniel_hozac (it's been on my todo list for over a year now..) 1139601635 M * derjohn daniel_hozac, THAT reason ! :) 1139601657 M * derjohn daniel_hozac, may I link it on the wiki? 1139601842 M * daniel_hozac sure. 1139601923 M * derjohn daniel_hozac, I hate secret knowledge :) 1139601946 M * derjohn daniel_hozac, at least if it is not my secret knowledge :) 1139602025 M * daniel_hozac IIRC i already have a link to it somehwere... 1139602076 M * daniel_hozac ah, i don't mention the BIND patch in the link. 1139602578 M * derjohn daniel_hozac, it's not an eyecatcher place but here it is: http://linux-vserver.org/ProblematicPrograms 1139602615 Q * shedi Ping timeout: 480 seconds 1139602690 Q * lilalinux Quit: Leaving 1139602705 J * shedi ~siggi@inferno.lhi.is 1139603010 M * daniel_hozac does the patch apply cleanly to the latest versions? 1139603087 M * SuperLag out of curiousity... how involved is it to install Ubuntu as a guest? 1139603104 M * daniel_hozac Debian based distributions are probably the easiest. 1139603240 M * SuperLag From the wiki, I see how to install vserver on Ubuntu, but not how to do it as a guest 1139603257 M * SuperLag this is a Gentoo box, so I'm assuming I need debootstrap at a very minimum 1139603332 M * daniel_hozac the vserver script will download it automatically if it's not present. 1139603354 Q * shedi Quit: Leaving 1139603360 M * daniel_hozac it might work with -d breezy/hoary/whatever, but i'm not sure. 1139603448 M * derjohn SuperLag, you dont read my docs! 1139603454 M * derjohn SuperLag, shame on you :) 1139603476 M * derjohn SuperLag, http://linux-vserver.org/some_hints_from_john -> ubuntu as guest ! 1139603499 M * derjohn (did you use search funtion of the wiki ?) 1139603885 M * SuperLag hmm 1139603895 M * SuperLag no Ubuntu scripts for the Gentoo version of deboot strap 1139603925 M * daniel_hozac uninstall debootstrap and use the automatically downloaded version then. 1139604159 M * daniel_hozac it works for me on FC3 ;) 1139604171 M * SuperLag I give up. 1139604178 A * SuperLag kicks his machine 1139604203 M * SuperLag first it can't find the .dev file for debootstrap. Okay, so I fixed that. 1139604226 M * SuperLag I: Retrieving Release 1139604226 M * SuperLag E: Invalid Release file, no entry for main/binary-AuthenticAMD/Packages 1139604269 M * daniel_hozac heh, guess you'll want --arch too ;) 1139604535 M * SuperLag where would that go? in teh vserver command along with the other options? 1139604592 M * daniel_hozac at the very end, along with -d and -m. 1139604601 M * daniel_hozac (or even after that? i can't remember) 1139605956 J * bonbons ~bonbons@83.222.39.180 1139605981 M * bonbons Hi Bertl 1139606113 M * bonbons How does the kernel handle "kill-on-reboot" flag for guests? Does not seem to work for me 1139606130 M * daniel_hozac hmm? 1139606274 M * daniel_hozac oh, VXF_REBOOT_KILL in devel? 1139606288 M * bonbons yep, should be that one 1139606394 M * daniel_hozac it SIGKILL's all processes. 1139606462 M * bonbons should, but somehow does not, at least the way I think it should 1139606489 M * daniel_hozac how doesn't it do it? 1139606530 M * bonbons I have the flag set for a guest, fron shell inside the guest I call the shutdown (halt,reboot,poweroff) binary of initng and nothing happens. 1139606569 M * Hollow well, they not necessarily call the syscall 1139606590 M * bonbons Just for info, I'm running vserver-utils on that box. I'm experiencing the issue that the guests keep around no matter if they are shutdown from inside or outside 1139606615 M * Hollow call reboot -f, or halt -f 1139606630 M * bonbons calls this: reboot(RB_AUTOBOOT), probably from sys/reboot.h 1139606630 M * daniel_hozac bonbons: what processes are left over? 1139606660 M * bonbons when I just called the binary, all processes remained 1139606681 M * daniel_hozac sounds like misconfiguration in the guest. 1139606838 M * bonbons "reboot -f" killed everything (but did not release the context <- probably due to persisten state) 1139606933 M * Hollow well, the persistant flag should be cleaned when the guest is up (in theory) 1139606996 M * bonbons then it's theory only, as it's still there once I called vserver stop guest 1139607138 M * Hollow bonbons: did you look at the trunk recently? 1139607172 M * bonbons no, got too few time recently 1139607185 M * Hollow i started to implement things in C... and, for the overview: http://home.xnull.de/misc/vudesign.jpg 1139607185 J * Doener doener@i5387DFF1.versanet.de 1139607597 M * bonbons looking at it... 1139607731 M * Doener evening again (longer visit this time ;) 1139608223 M * Bertl wb Doener! 1139608420 Q * Doener Ping timeout: 480 seconds 1139608565 J * Doener doener@i5387D4B0.versanet.de 1139609464 Q * liquid3649_ Quit: bin raus, 1139609483 J * Viper0482 ~Viper0482@p54976A03.dip.t-dialin.net 1139609788 M * Hollow off for today, night everyone! 1139609812 M * Bertl night Hollow! 1139609839 M * bonbons night Hollow 1139609883 M * Doener night Hollow 1139609913 A * Hollow bows 1139609914 M * Hollow :) 1139610488 P * stefani I'm Parting (the water) 1139610680 Q * bonbons Quit: Leaving 1139611815 M * derjohn SuperLag, like this: buildcmd="vserver $1 build $forceme -m debootstrap --hostname $1.vservers.net-lab.net --netdev $netdev \ 1139611815 M * derjohn --interface $2 --context $3 -- -d sarge -- --arch i386" 1139612875 J * shedi ~siggi@inferno.lhi.is