1142208095 M * mugwump tokkee: can you announce that to the linux-vserver mailing list? 1142208135 M * tokkee mugwump: Jup... I'll do it in a minute, after having it announced to the collectd mailing list ;-) 1142208398 J * lilalinux_ ~plasma@dslb-084-058-192-032.pools.arcor-ip.net 1142208492 M * phycho ugh.. whats teh easiest way of making an image 1142208498 M * phycho or a vserver guest 1142208502 M * phycho this shit looks complicted 1142208502 M * phycho ;/ 1142208512 M * phycho is there any template vserver config i can use? 1142208515 M * phycho i dont see one anywhere 1142208520 M * phycho i need to make an image by hand. 1142208612 M * mugwump vserver build makes the process a lot easier. 1142208640 M * phycho i tried to use that 1142208643 M * phycho looks confusing as hell 1142208650 M * phycho besides, im using slack as the host system 1142208661 M * phycho so i dont have apt/rpm/yum/etc all 1142208691 M * phycho and i want a slack guest.. 1142208719 M * phycho heh, i didnt even find UML as difficult as this 1142208743 M * phycho google just throws up peoples scripts they have used, i want to do it by hand. 1142208808 M * mugwump ok, so your difficulty is really just in doing the /etc/vservers/ config ? 1142208819 M * phycho yep 1142208823 M * phycho dont know where to start 1142208827 M * phycho i dont see any templates anywhere 1142208828 M * mugwump have a fish: http://vserver.utsl.gen.nz/etc-vservers.tar.gz 1142208841 Q * lilalinux Ping timeout: 480 seconds 1142208940 M * mugwump if you like, please log a fault against util-vserver on savannah (http://savannah.nongnu.org/projects/util-vserver) that there are no methods for slack host / slack guest builds 1142208969 M * phycho heh k 1142208974 M * phycho doing it manually is part of the fun :P 1142208985 M * phycho if i manage to do it easily, ill write a script to do it 1142208986 M * mugwump of course the flower page (http://www.nongnu.org/util-vserver/doc/conf/configuration.html) is the reference for the config dirs, but not having templates sucks, I agree 1142208989 M * phycho so others can follow. 1142208998 M * mugwump yes, feel free to include a patch in your bug report :) 1142209001 M * phycho ouch my eyes 1142209003 M * phycho lol 1142209008 M * mugwump select an alternate stylesheet :)) 1142209029 A * phycho pastes it into notepad 1142209077 A * mugwump finds it funny that 3 of the 5 stylesheets on the flower page incorporate cannabis 1142209107 M * phycho lol 1142209393 M * tokkee Does anybody in here have (root-)access to the machine that runs the mailing list? 1142209435 M * mugwump tokkee: er, why? :) 1142209448 A * mugwump doesn't 1142209469 M * tokkee I just need someone to flush the mail-queue ;-) 1142209519 J * Greek0 ~greek0@85.255.145.201 1142209558 M * tokkee Just to speed up my sign-up process - vserver-bounces has been graylisted on the first attempt ;-) 1142209573 M * phycho lol 1142209587 M * phycho can the folder names be long? 1142209591 M * phycho like mail.darktech.org.uk 1142209593 M * phycho in /vservers 1142209599 M * phycho instead of just 'mail' 1142209635 M * tokkee phycho: I guess you can simply name your vserver like that... 1142209638 M * mugwump phycho: sure. they're just administrative labels for the vserver commands. the actual hostname, filesystem location, etc can be controlled 1142209716 M * phycho k 1142209718 M * phycho cool 1142209728 M * phycho haha i cant choose a distro 1142209734 A * phycho is tempted to try gentoo 1142209737 M * phycho ive never tried it b4 1142209756 J * DoM_ ~DoM@151.56.212.182 1142209765 N * DoM_ `DoM`` 1142209767 M * `DoM`` lo all 1142209816 Q * `DoM`` Quit: 1142209822 M * phycho lol 1142209843 J * `DoM`` ~DoM@151.56.212.182 1142209894 M * `DoM`` need an info about virtual-server .. it's possible to run sysklogd on a virtual-server without any performance problem ? 1142209950 M * mugwump `DoM``: syslogd must be running inside each guest, due to hardcoded assumptions in glibc. 1142209987 N * Bertl_oO Bertl 1142209994 M * Bertl evening folks! 1142210003 M * mugwump `DoM``: you can always setup a logserver guest if you want to avoid so many extra logfiles, but the performance is usually fine on that front :) 1142210006 M * mugwump hey Bertl 1142210012 M * `DoM`` must be running on each virtual guest server ? mm i tried times ago about few weeks ago but each vserver goes up load average 1142210013 M * phycho hey Bertl 1142210051 M * Bertl `DoM``: a) you do not need klogd inside, nothing to log there b) you want to set a flag if you insist on running it :) 1142210095 M * `DoM`` mm i dont need sysklogd ? but if a user for example want check his apps logs ? 1142210121 M * Bertl `DoM``: there is syslog and klog 1142210144 M * Bertl syslog is where daemons and stuff send log messages, this is perfectly fine inside 1142210152 M * `DoM`` no i am talking only about syslog 1142210153 M * Bertl klog is where the kernel send messages 1142210186 M * Bertl as the kernel only sends messages related to hardware and stuff, there are none for the guests 1142210199 M * Bertl all klog messages are handled/collected on the host machine 1142210199 M * `DoM`` Bertl, sysklogd is only for apps or something like klgo ? 1142210227 M * Bertl I don't know what your sysklogd is, but is sounds like the kernel logger to me 1142210239 M * `DoM`` sysklogd debian package 1142210251 M * `DoM`` sysklogd - Linux system logging utilities. 1142210254 M * Bertl on many distros (including debian) the log service is broken up into two loggers 1142210266 M * `DoM`` this what says man sysklogd 1142210271 M * Bertl one part is for the userspace, the other one for the kernel part 1142210276 M * `DoM`` Sysklogd provides two system utilities which provide support for system logging and kernel message trapping 1142210284 M * Bertl precisely 1142210298 M * Bertl keep the system logging, and remove the kernel trapping 1142210314 M * `DoM`` so i assume that if sysklogd want klgod to be installed too sysklgod works for apps and klogd only for kern messages 1142210318 M * Bertl the other option is to use a devel release and set the syslog capability 1142210359 M * Bertl the result is: you have an additional process running (the kernel logger) which will not receive any messages :) 1142210391 M * Bertl but it will not show the broken behaviour the debian kernel logger has inside guests :) 1142210796 M * mugwump one day perhaps kernel messages will be virtualised per-guest, though 1142210827 M * mugwump for kernel messages that came from something a guest did, that is 1142210853 M * Bertl well, that would not be the problem, but what kind of kernel messages would you like to have per guest? 1142210873 M * Bertl e.g. hard disk failing for all guests which use that partition? 1142210908 M * Bertl 99% of the kernel messages are hardware related 1142210929 M * mugwump sure. so, the 1% might get cleaned up some time :) 1142210935 M * Bertl the remaining 1% is something like OOM kill and evil activity 1142211109 M * Bertl but the mechanisms are there ... a 'virtual' log could be already realized ... 1142211153 M * `DoM`` Berti i read on http://linux-vserver.org/Resource+Limits that if i have to limit memory usage i need to create 2 files inside dir rlimits on my guest: rss and as .. well i created them but only virtual memory looklike worked fine and not real memory 1142211364 M * Bertl what does your /proc/virtual//limit show? (please upload somewhere) 1142211429 Q * DaCa Quit: Terminated with extreme prejudice - dircproxy 1.0.5 1142211707 M * `DoM`` http://www.pescaralug.org/vs.htm 1142211916 M * Bertl so currently no limits are set (and it seems to be an older kernel, right?) 1142211948 M * `DoM`` 2.6.15.4-vs2.0.2-rc9 1142211988 M * Bertl ok, so you probably want to set the limits for the guest and restart it 1142212017 M * Bertl (or you can use the tools to set it on the fly) 1142212021 M * `DoM`` www.pescaralug.org/vs1.htm 1142212028 M * `DoM`` not should be right i think 1142212031 M * `DoM`` ehm now 1142212053 M * Bertl ah, yes, two limits 1142212054 M * `DoM`` 200MB limit right ? 1142212062 M * `DoM`` for virtual and real 1142212070 M * Bertl this is on x86, I presume? 1142212082 M * `DoM`` 686 anyway x86 1142212093 M * phycho does vserver have to have a .config file before it will attempt to start a vps? 1142212095 M * Bertl roughly 800MB 1142212116 M * `DoM`` 800MB each guest O_O ? 1142212135 M * Bertl `DoM``: how much 'real' memory do you have? 1142212140 M * `DoM`` i think i dont understand you 1142212142 M * `DoM`` 2GB 1142212190 M * Bertl okay, the guest currently uses the equivalent of roughly 500MB virtual address space 1142212216 M * Bertl and 40MB of 'real' memory 1142212245 M * Bertl phycho: do you mean on bootup or what? 1142212275 M * `DoM`` Bertl, 500MB virtual address space from where is taken ? i mean real swap fs .. where ? 1142212278 M * phycho i mean to do vserver mail start 1142212286 M * phycho where mail is the name of the vps 1142212290 M * phycho i have 'mail' in /vservers 1142212292 M * phycho but thats all 1142212302 M * Bertl `DoM``: the VM has no representation in RAM or SWAP ... 1142212316 M * `DoM`` so from linux partition ? 1142212339 M * Bertl `DoM``: no, as the name implies, it's Virtual (VM = VIrtual Memory) 1142212376 M * `DoM`` Berti sorry but i dont understand where is located virtual memory :\ now i am googling .. 1142212377 M * Bertl phycho: ah, you have a 'template' or guest 'image' but no config yet, right? 1142212391 M * Bertl `DoM``: it's like this: 1142212399 M * phycho bertl - exactly 1142212408 M * Bertl `DoM``: app A says, give me 2GB address space 1142212410 M * phycho ive just created the filesystem inside /vserver 1142212413 M * phycho and im wondering what to do next 1142212426 M * Bertl `DoM``: and the kernel hands it out, no ram no disk space used 1142212430 M * phycho ive got /vservers/mail atm 1142212438 M * Bertl phycho: easiest way is to do the following: 1142212449 M * Bertl phycho: move it to mail.img 1142212453 M * phycho k 1142212465 M * Bertl phycho: use vserver mail build -m skeleton .... 1142212474 M * Bertl phycho: make sure .... makes sense :) 1142212486 M * Bertl (i.e. have a look at the example page or help) 1142212487 M * phycho i dont know how to use that.. 1142212495 M * phycho looks awful complicated 1142212519 M * Bertl phycho: then once that finished, move back the mail.img contents to the new mail dir 1142212534 M * phycho k 1142212535 M * Bertl phycho: that's because this isn't the default way to create guests 1142212548 M * phycho i mean.. vserver build script looks awful complicated 1142212556 M * phycho theres no easy way to do it with slackware 1142212560 M * Bertl nah, it really isn't 1142212562 M * `DoM`` Bertl, that's ok but why from guest system i can see by top 2GB real RAM and not only 200MB as i set ? 1142212583 M * Bertl phycho: you probably want to assing an ip or two 1142212601 M * Bertl phycho: which is done by --interface eth0:192.168.0.2/24 (for example) 1142212624 M * Bertl phycho: you also want to assing a hostname with --hostname mail.some.org 1142212642 M * Bertl phycho: and of course you want to give it a static context id with --context 42 1142212656 M * phycho k 1142212665 M * Bertl I don't think you need more to get it started 1142212680 M * phycho i think i understand what you meant by the skelenton thing now 1142212680 M * phycho sec 1142212699 M * Bertl `DoM``: probably because some of the 'virtualization' flags are not set 1142212706 M * `DoM`` ah ok 1142212710 M * phycho bertl - '/proc/uptime cannot be accessed' 1142212711 M * Bertl http://linux-vserver.org/Caps+and+Flags 1142212712 M * `DoM`` thanks Bertl 1142212713 M * phycho ive had this problem before 1142212715 A * phycho forgets 1142212722 M * phycho brb till i read faq 1142212724 M * Bertl vprocunhide :) 1142212732 M * phycho thats teh one 1142212768 M * phycho wheres it located? 1142212771 M * phycho ive got no find etc on here ;) 1142212774 M * phycho its bare minimum haha 1142212794 M * Bertl usually in /etc/init.d unless you are on debian or used the default 'local' install 1142212795 M * phycho nm 1142212796 M * phycho i found it 1142212809 M * phycho its put all my stuff in /usr/local/etc/init.d lol 1142212916 M * phycho wtf 1142212922 M * phycho root@vps:/etc/rc.d# vserver start mail 1142212922 M * phycho Can not find a vserver-setup at '/usr/local/etc/vservers/start/'. 1142212925 M * phycho what have i done wrong here 1142212930 M * phycho i try vserver mail start 1142212934 M * phycho as well 1142212958 M * phycho ;/ 1142212970 M * phycho it doesnt give you a proper reason why it failed either 1142212971 M * phycho grrr 1142212976 M * phycho how am i supposed to debug that ;/ 1142212981 M * Bertl ahem 1142212994 M * phycho root@vps:/etc/rc.d# vserver mail start 1142212994 M * phycho No command given; use '--help' for more information. 1142212995 M * phycho :X 1142212997 M * phycho wtf 1142213001 M * Bertl you asked it to do 'mail' on the guest 'start' 1142213015 M * Bertl what is it supposed to give you as answer? 1142213025 M * phycho i tried both ways 1142213027 M * phycho and neither worekd 1142213033 M * Bertl 'problem between monitor and chair?' 1142213036 M * phycho lol 1142213042 M * phycho no.. problem is this is so damned complicated 1142213045 M * phycho compaired with openvz 1142213057 M * phycho and im half asleep ;) 1142213057 M * Bertl ah, well, then use openvz. period. 1142213065 M * phycho nah, i want to try vserver instead 1142213074 M * Bertl then read the manual 1142213077 M * phycho i managed it ok using pre-compiled templates 1142213085 M * phycho but its a _LOT_ more difficult making your own 1142213095 M * phycho (there is no decent slackware ones) 1142213111 M * Bertl well, install slackware somewhere, and be done, that's difficult? 1142213119 M * phycho .. slackware is installed 1142213124 M * phycho ive got it in /vserver/mail 1142213156 M * Bertl so you already got your 'template'? 1142213160 M * phycho yep 1142213185 M * phycho according to this, i should use 'vserver mail start' 1142213185 M * phycho yeah? 1142213204 M * Bertl if you did the skeleton config I explained before, yes 1142213208 M * phycho i did. 1142213216 M * phycho well, when i run it 1142213222 M * phycho root@vps:/etc/rc.d# vserver mail start 1142213222 M * phycho No command given; use '--help' for more information. 1142213224 M * phycho thats what i get 1142213249 M * phycho any ideas? 1142213259 M * phycho the output isnt exactly helpful.. ive got no idea where to start 1142213262 M * Bertl try 'vserver-info - SYSINFO' and upload that somehere 1142213270 M * phycho k 1142213286 M * phycho 2secs 1142213312 M * phycho http://pastebin.com/598915 1142213367 M * Bertl well, you didn't install dietlibc, although you ahve been warned (for one point) 1142213383 M * phycho yea 1142213391 M * phycho i tried to but it wouldnt compile properly on slack 1142213397 M * Bertl you are using a grsec patched kernel, so I hope your grsec setup doesn't interfere 1142213398 M * phycho does it really make _that much_ difference? 1142213406 M * phycho my grsec setup is disabled right now 1142213426 M * Bertl okay, ad diet, yes it makes _that_ much difference, for several reasons 1142213431 M * phycho k 1142213438 M * phycho will give it a go 1142213443 M * Bertl but it should not give you strange messages 1142213456 M * phycho heh 1142213465 M * phycho i havent patched the startup scripts 1142213473 M * Bertl what does your /vservers/mail contain? 1142213473 M * phycho namely because theres no god damned tutorial for slackware to do it 1142213485 M * phycho bin boot dev etc home lib mnt proc root sbin sys tmp usr var 1142213495 M * Bertl okay, all from your isntallation? 1142213498 M * phycho yep 1142213500 M * phycho other than dev 1142213508 M * phycho which is from the skel 1142213509 M * Bertl okay, that's from the skeleton? 1142213511 M * Bertl fine 1142213512 M * phycho yep 1142213549 M * phycho it really is a weird one to debug ;/ 1142213560 M * Bertl what do you get from: 1142213565 M * Bertl vserver test start 1142213581 M * phycho root@vps:/vservers/mail# vserver test start 1142213581 M * phycho Can not find a vserver-setup at '/usr/local/etc/vservers/test/'. 1142213607 M * Bertl okay, and 1142213614 M * Bertl vserver mail start 1142213640 M * phycho sec ill put that on pastebin 1142213645 M * Bertl okay 1142213657 M * phycho http://pastebin.com/598924 1142213658 M * phycho there 1142213699 M * Bertl did you specify an init style? 1142213714 M * phycho nope 1142213729 M * Bertl okay, slackware is sysv based? 1142213769 M * phycho nope 1142213774 M * phycho BSD-style apparently 1142213774 M * Bertl okay, then please do: 1142213807 M * Bertl mkdir -p /usr/local/etc/vservers/mail/apps/init && echo plain >/usr/local/etc/vservers/mail/apps/init/style 1142213819 M * phycho k 1142213831 M * Bertl (next time you can simply add --initstyle plain to your skeleton build) 1142213840 M * phycho k 1142213844 M * phycho done 1142213852 M * Bertl okay, try to start it again 1142213864 M * phycho different error :P 1142213870 M * phycho vcontext: vc_set_cflags(): Operation not permitted 1142213892 M * Bertl you are not root or inside a context? 1142213900 M * phycho iam root and not inside one 1142213914 M * Bertl could you upload /proc/self/status please? 1142213942 M * phycho sure 1142213943 M * phycho sec 1142213977 M * phycho http://pastebin.com/598934 1142214005 M * phycho http://list.linux-vserver.org/archive/vserver/msg11839.html 1142214006 M * phycho found that tho 1142214015 M * phycho so im going to make sure ive got that disabled 1142214015 M * phycho sec 1142214054 M * Bertl ah, so much about grsec disabled :) 1142214085 M * phycho it is.. or at least.. no grsec policy was enabled :P 1142214093 M * phycho so i assume that means its disabled.. 1142214114 M * Bertl but hey, it's good that google knows :) 1142214125 M * phycho but heh.. it was compiled into the kernel. just found it 1142214129 M * phycho time to rebuild the host system kernel 1142214130 M * phycho hehe yeah 1142214137 A * phycho points at harry.. thanks 1142214145 M * phycho :P 1142214152 M * Bertl btw, how is openvz doing with grsec? 1142214156 M * phycho it wasnt 1142214159 M * phycho which is why i changed =) 1142214184 M * phycho (or one of the reasons) 1142214196 M * Bertl i.c. 1142214214 M * phycho tbh grsec is more of a pain than anything else :P 1142214221 M * phycho i tried to build grsec with skas3 for UML support 1142214225 M * phycho and that was a right pain to get working lol 1142214277 M * Bertl well, I don't understand why folks always want it .. don't get me wrong, I'm completely pro security, and I'm constantly trying to work with security folks to get _some_ of the basic security enhancements in sync with vserver 1142214300 M * phycho yea 1142214301 M * Bertl but IMHO, out of the box, grsec doesn't increase security at all 1142214312 M * phycho yeh.. i dont use an out of the box configuration 1142214313 M * Bertl it just conplicates administration :) 1142214319 M * phycho i build my own policy files ;)_ 1142214330 M * Bertl okay, that makes sense to me ... 1142214337 M * phycho its quite funny when you see it on shell boxes though 1142214341 M * phycho that tehy have compiled grsec 1142214343 M * phycho then not enabled it 1142214344 M * phycho lol 1142214354 M * phycho its like.. whats the point lol 1142214373 M * phycho although grsec does add some nice security functions to chroot() by default (as long as they are compiled into the kernel of course) 1142214448 M * phycho once ive got this working i need to get suspend2 working with it also :) 1142215429 M * phycho k bertl.. it appears to start now 1142215433 M * phycho has other problems though 1142215464 M * phycho vcontext: execvp("/bin/bash"): No such file or directory 1142215466 M * phycho :/ 1142215477 M * phycho the /bin/bash exists in /vservers/mail/bin/bash 1142215808 M * Bertl when do you get that? 1142215847 M * phycho when i try to enter it 1142215860 M * phycho vserver mail start returns no errors 1142215864 M * Bertl well, you didn't use dietlibc, so that can happen 1142215872 M * Bertl try to enter it via ssh 1142215875 M * phycho heh 1142215883 M * phycho whats weird though.. is that vserver mail status 1142215886 M * phycho shows 1 process 1142215891 M * phycho shouldnt it show more than that? 1142215894 M * phycho Number of processes: 1 1142215904 M * Bertl usually, let's check with vps 1142215949 M * phycho i get a feeling its to do with the init scripts 1142215954 M * phycho as shutting it down does the same 1142215967 M * phycho it hangs.. then the init process gets killed 1142215984 M * Bertl probably nothing _except_ init can be run inside the guest 1142215999 M * Bertl could have many reasons: missing libs, grsec, bad executables 1142216005 M * phycho k 1142216027 M * Bertl try doing chroot /vservers/mail /bin/bash 1142216032 M * phycho its a shame it doesnt give you much in the way of debug 1142216044 M * phycho that errors.. sec i got an idea 1142216051 M * Bertl well, you can add --debug, you get a lot of debug info 1142216054 A * phycho runs ldconfig 1142216060 M * phycho that worked.. 1142216060 M * phycho sec 1142216063 M * Bertl but those issues are not really vserver related 1142216070 M * phycho 2mins 1142216112 M * phycho root@vps:~# vserver mail enter 1142216112 M * phycho /dev/pts/0: Operation not permitted 1142216116 M * phycho any ideas? 1142216133 M * phycho im in it tho 1142216133 M * phycho heh 1142216155 M * Bertl that's normal, you are bringing you pts from the host with you 1142216165 M * phycho Vserver 'mail' is running at context '49154' 1142216165 M * phycho Number of processes: 10 1142216166 M * phycho =) 1142216170 M * Bertl so what was the resason for the faling bash/stuff? 1142216176 M * Bertl *failing 1142216179 M * phycho the ld.conf file 1142216189 M * phycho that tells the system where all the /libs etc are 1142216193 M * phycho so i just used chroot on ldconfig 1142216205 M * phycho and appears to have booted 1142216206 M * phycho =( 1142216208 M * phycho * =) 1142216219 M * phycho just gotta get networking up now 1142216220 M * phycho hehe 1142216237 M * Bertl if you did add the --interfaces stuff I mentioned above 1142216246 M * Bertl then networking is already up and running 1142216264 M * phycho i didnt (yet) 1142216290 A * phycho scrolls up 1142216310 M * Bertl you can also just do something like this: 1142216341 M * phycho im just chuffed to get this far haha 1142216351 M * phycho its been a while for me, and im half asleep ;) 1142216384 M * Bertl mkdir -p /usr/local/etc/vservers/mail/interfaces/0 && echo 192.168.0.2 >/usr/local/etc/vservers/mail/interfaces/0/ip && echo 24 >/usr/local/etc/vservers/mail/interfaces/0/prefix && echo eth0 >/usr/local/etc/vservers/mail/interfaces/0/dev 1142216407 M * phycho would i add eth0.2 if it was on a vlan? 1142216411 M * phycho (eth0.2 is my main interface) 1142216423 M * Bertl you could do that but be careful 1142216446 M * phycho k 1142216449 M * Bertl the tools _assume_ that the vlan has to be created, unless you specify nocreate or so 1142216455 M * phycho k 1142216476 M * phycho so technically i could just echo eth0.3 and use vlan tag 3 for the vps yes? 1142216489 M * Bertl yup, that should work fine 1142216491 M * phycho (do i need eth0.3 on the host system, and does the ips have to be assigned to the host system also? no?) 1142216508 M * Bertl no, it will create the vlan and assign the ip for you 1142216513 M * phycho k cool 1142216518 M * phycho ty 1142216521 A * phycho goes to give it a shot 1142216522 M * Bertl np 1142216546 M * phycho i take it the 0 is the vlan id in this case? 1142216550 M * phycho e.g. usr/local/etc/vservers/mail/interfaces/0 1142216566 M * Bertl no, it's just a directory name 1142216570 M * phycho ah k 1142216581 M * Bertl inside the '0' you want 'dev', 'ip' and 'prefix' 1142216584 M * phycho k 1142216584 M * phycho np 1142216607 M * Bertl dev should contain eth0.3 in your case 1142216610 M * phycho k 1142216618 M * phycho thats what i thought. 1142216680 M * phycho was right.. it does assign it to the host system as well 1142216684 M * phycho eth0.3 Link encap:Ethernet HWaddr 00:40:F4:74:54:89 1142216684 M * phycho inet addr:192.168.2.3 Bcast:192.168.2.255 Mask:255.255.255.0 1142216704 M * Bertl well, no, it _only_ assigns it on the host system 1142216723 M * phycho ah 1142216727 M * phycho k. 1142216791 M * phycho there no filesystem mounts? 1142216810 M * Bertl hmm? 1142216819 M * phycho df -h shows nothing inside the vps 1142216840 M * Bertl df looks at /etc/mtab 1142216842 M * phycho k 1142216849 M * Bertl probably nothing there to show ... 1142216852 M * phycho yeh 1142216881 M * phycho just need to work on getting ssh to work.. the damned sshd on the host system assigned itself to the other interfaces haha 1142216888 M * phycho need to bind it to the host system only 1142216892 J * Aiken_ ~james@tooax7-176.dialup.optusnet.com.au 1142216897 M * Bertl yep, magic word is Listen 1142216926 M * phycho yep 1142216972 M * Bertl welcome Aiken_! 1142216974 M * phycho Message from syslogd@vps at Mon Mar 13 02:31:01 2006 ... 1142216974 M * phycho vps last message repeated 4 times 1142216975 M * phycho wtf 1142216975 M * phycho lol 1142216992 M * phycho the load average is going up and up 1142216994 M * phycho and its not doing anything 1142217010 M * Bertl probably you have a 'broken' klogd inside your guest too 1142217017 M * phycho unregister_netdevice: waiting for eth0.3 to become free. Usage count = 1 1142217089 M * phycho running 'ifconfig' causes ifconfig to hang 1142217096 M * phycho and syslogd to go apeshit :P 1142217105 M * phycho but yeah i guess your right 1142217161 M * Bertl is it a recent devel kernel? if so, you can enable the syslog context capability 1142217167 M * phycho yep 1142217178 M * phycho its actually stuck in a loop at the moment 1142217181 M * phycho its trying to put down eth0.3 1142217185 M * phycho but its just looping 1142217192 M * phycho root@vps:/home/admin# uptime 1142217192 M * phycho 02:34:49 up 31 min, 2 users, load average: 3.37, 1.65, 0.66 1142217200 M * Bertl hmm, strange, sure that isn't grsec related somehow? 1142217208 M * phycho ill reboot it.. 1142217219 M * phycho nah, nothing in grsec.. ive got that setup to log everything 1142217227 M * phycho unregister_netdevice: waiting for eth0.3 to become free. Usage count = 1 1142217227 M * phycho unregister_netdevice: waiting for eth0.3 to become free. Usage count = 1 1142217228 M * phycho its that. 1142217239 Q * Aiken Ping timeout: 480 seconds 1142217241 M * Bertl who is using it` 1142217246 M * phycho nobody 1142217255 M * Bertl then it's a kernel bug 1142217258 M * phycho damn 1142217270 M * phycho the vps was using it 1142217273 M * phycho but i told the vps to go down 1142217276 M * phycho then it started doing that 1142217282 M * phycho weird huh? 1142217302 M * Bertl the guest itself cannot touch the interfaces 1142217310 M * phycho k 1142217316 M * Bertl so the unregister must have happened on the host 1142217340 M * Bertl but that seems to have failed, because something still used the device 1142217344 M * phycho hehe yeh 1142217350 M * Bertl (which looks to me like a kernel issue) 1142217356 M * Bertl which kernel version is that? 1142217359 M * phycho it tried to do vconfig eth0 destroy (or something similar) 1142217365 M * Bertl I remember something like that around 2.6.14 1142217365 M * phycho but it just hung there 1142217376 M * phycho any anytime i tried vconfig or ifconfig on its own, it did the same 1142217376 M * phycho yep 1142217376 J * matta ~matta@c-68-81-35-243.hsd1.pa.comcast.net 1142217384 M * phycho its 2.6.14-7 1142217398 M * Bertl so it should be fixed in 2.6.15 or later ... 1142217408 M * phycho 2.6.15 has no grsec ;) 1142217421 M * Bertl well, you can dig out the fix and apply it to 2.6.14 1142217431 M * phycho could see if i could find it 1142217437 M * phycho you remmeber the name of it? 1142217447 A * phycho goes to read changelogs 1142217500 M * Bertl I remember something regarding bonding 1142217508 M * Bertl not sure this is the same issue here 1142217596 M * phycho k 1142217600 M * phycho sec 1142217629 M * phycho damned linux ;) nothin ever works first time haha 1142218111 Q * VxJasonxV Quit: +++ OK ATH OK 1142218672 M * phycho you still here Bertl 1142218673 M * phycho http://www.forum.psoft.net/archive/index.php/t-14065.html 1142218677 M * phycho this appears to be it 1142218762 A * Bertl looking ... 1142218786 M * phycho im going to test that workaround in a sec 1142218789 M * phycho and see if that works for me 1142218839 M * phycho it appears the freevps people have fixed that bug 1142218855 M * Bertl hmm, interesting ... 1142218867 M * phycho yep 1142218873 M * phycho so it looks like its something to do with vserver 1142218892 M * phycho since (i assume) freevps is a fork of vserver or something similar (or at least, looks that way from google) 1142218903 M * Bertl yep, it is 1142218908 M * phycho ill try the workaround and let you know what happens 1142218917 M * Bertl yes please, I'd appreciate it 1142218920 M * phycho if that works, i guess you guys have a bug to add to the list :P 1142218934 M * phycho if you need access to my box to reproduce it or whatever, im more than happy to help 1142218945 M * Bertl well, they _should_ have submitted that to mainline by now 1142218959 M * Bertl (as it seems it isn't a FreeVPS issue either) 1142218961 M * phycho yea was back in 95.. 1142218967 M * phycho *05 1142219064 M * phycho k, according to netstat on the vps, im just running sshd. 1142219066 A * phycho goes to test 1142219090 J * VxJasonxV ~jason@ip68-110-115-17.ph.ph.cox.net 1142219160 M * phycho cant really test it that well, i dont have that file its referring to 1142219172 M * phycho then an /./etc/rc.d/init.d/killall start (for shutting down all inside an vps 1142219175 M * phycho that. 1142219180 M * phycho i dont have killall start 1142219189 M * phycho i did killall inside it and killed the daemons, but it still does it 1142219196 M * Bertl try killall5 1142219206 M * phycho k 1142219214 M * phycho ill reboot it and start it up again 1142219219 M * Bertl killall5 -9 or so 1142219237 M * phycho k 1142219246 M * Bertl do you by any chance use ext3? 1142219274 M * phycho yep 1142219276 M * phycho why? 1142219293 M * Bertl because you might want to _add_ a few patches form recent versions 1142219313 M * phycho from ext3? doesnt the kernel already include them? 1142219321 M * Bertl 2.6.14.7 with what vserver patch? 1142219334 M * phycho Linux vps 2.6.14.7-vs2.1.0-grsec-2.1.9 #2 PREEMPT Mon Mar 13 02:01:29 GMT 2006 i686 athlon i386 GNU/Linux 1142219342 M * phycho (ive got PREEMPT turned off) 1142219360 M * Bertl preempt doesn't matter 1142219363 M * phycho k 1142219375 M * Bertl http://vserver.13thfloor.at/Devel/PAT-2.1.1/ 1142219382 M * Bertl try to apply the following deltas 1142219388 M * Bertl http://vserver.13thfloor.at/Devel/PAT-2.1.1/delta-indev-fix01.diff 1142219398 M * Bertl http://vserver.13thfloor.at/Devel/PAT-2.1.1/delta-usock-fix01.diff 1142219434 M * phycho killall5 -9 didnt work btw 1142219440 M * phycho it still hangs 1142219458 M * phycho k np 1142219487 M * Bertl of course you might want to apply others from there too, but I think those two could be related 1142219498 M * phycho k 1142219522 M * phycho whats PAT-* btw? 1142219540 M * Bertl short for patches 1142219544 M * phycho ah 1142219561 M * Bertl i.e. the deltas in PAT-2.1.1 compose the difference between 2.1.0 and 2.1.1 1142219569 M * phycho k 1142219644 M * phycho k ive applied them both, just going to recompile 1142219654 M * phycho ill let you know how i get on 1142219665 A * phycho goes to look at the others 1142221123 M * phycho bertl - that appears to have fixed it 1142221177 M * Bertl good :) 1142221182 M * phycho thanks :) 1142221221 M * phycho iis there somewhere i can get a list of commands? 1142221221 M * Bertl you're welcome! 1142221251 M * Bertl for vserver? use vserver --help 1142221252 M * phycho need to somehow to get a list of running vservers :-) 1142221253 M * phycho k 1142221268 M * Bertl or vserver - --help 1142221276 M * Bertl vserver-stat 1142221279 M * phycho vserver command doesnt appear to get a list of all running ones 1142221279 M * phycho k 1142221281 M * Bertl will give you an overview 1142221286 M * phycho aah 1142221297 M * phycho any way to get an overview of all processes inside all vservers? 1142221303 M * Bertl vps 1142221340 M * Bertl which is basically an enhanced wrapper of chcontext --xid 1 -- ps 1142221346 M * phycho k 1142221366 M * Bertl context 1 is the spectator context 1142221370 M * phycho how do i know if my vserver has a static context btw? 1142221381 M * Bertl numbers 2-49151 are static 1142221406 M * phycho its got a context of 1 1142221413 A * phycho needs to find out how to assign a static one 1142221414 M * Bertl unlikely 1142221461 M * Bertl with the --context command on creation or 1142221467 M * phycho k 1142221488 M * phycho 49156 10 16M 5.3M 0m00s32 0m00s40 0m17s87 mail 1142221491 M * Bertl with echo >/usr/local/etc/vservers/mail/context 1142221492 M * phycho its dynamic 1142221496 M * Bertl yup 1142221533 M * Bertl i.e. you didn't use the --context command I suggested above :) 1142221540 M * phycho yeh 1142221553 M * phycho im going to need to write a script to make this easier for me to use ;) 1142221557 M * phycho at least untill i get used to it 1142221607 M * Bertl well, if you come up with a script which _simplifies_ creation, folks will love you 1142221614 M * phycho hehe 1142221624 M * phycho yeah it is pretty complicated for a first timer 1142221630 M * phycho probably write something in perl or bash. 1142221635 M * Bertl all I've seen so far are scripts which rearrange the options or make false assumptions 1142221649 M * phycho hehe 1142221653 M * mugwump I heard an interesting comment the other day. 1142221658 M * phycho what was it? 1142221662 M * mugwump Shell scripts are the Excel Spreadsheets of the Unix world. 1142221672 M * phycho lol 1142221705 M * phycho love the way grsec can interact with the processes running inside the vps's btw =) 1142221707 M * phycho uml cant do that 1142221709 A * Bertl refuses to compare unix with a microsoft product :) 1142221714 M * phycho hehe 1142221871 M * phycho i assume now that ive set this up for the first time, the next ones are gonna be a lot easier =) 1142221883 M * phycho can always look back on the /etc/* files created on the 1st one 1142221918 M * phycho =) 1142222359 J * mugwump_ ~samv@leibniz.catalyst.net.nz 1142222367 Q * mugwump_ Quit: 1142223151 Q * lilalinux_ Remote host closed the connection 1142223344 J * Breaker_uk ~Breaker@host86-137-5-36.range86-137.btcentralplus.com 1142223389 Q * Breaker_uk Quit: 1142224203 M * phycho cant you have the setuid bit on inside a vps? 1142224241 M * Bertl sure 1142224264 M * phycho k 1142224306 M * phycho weir 1142224308 M * phycho *weird 1142224312 M * phycho the setuid bit had came off of 'su' 1142224313 M * phycho lol 1142224345 M * phycho i assume vservers can talk to each other via networking yeh? 1142224353 M * Bertl but that didn't happen when you copied it, right? :) 1142224361 M * Bertl yes, they can 1142224362 M * phycho nope.. it worked when i copied it 1142224363 M * phycho k cool 1142224378 M * phycho i copied the one on the host system over its place 1142224381 M * phycho with cp -Rp :P 1142224384 M * phycho and its working 1142224424 M * phycho now to find out how to setup qmail :-) 1142224441 J * matt1 ~matta@c-68-81-35-243.hsd1.pa.comcast.net 1142224764 Q * matta Ping timeout: 480 seconds 1142229636 M * Bertl okay, I'm off for today ... have a good whatever everyone ... cya tomorrow! 1142229641 N * Bertl Bertl_zZ 1142229815 M * phycho does iptables not work in vserver? 1142229828 M * phycho later bertl 1142229855 M * matti phycho: Should be. 1142229891 M * phycho root@www:/chroot/apache/etc/apache# iptables -L 1142229891 M * phycho iptables v1.3.3: can't initialize iptables table `filter': Table does not exist (do you need to insmod?) 1142229921 J * coocoon ~coocoon@p54A064D2.dip.t-dialin.net 1142229928 M * coocoon morning 1142229941 M * phycho ive discovered something really weird 1142229947 M * phycho how to hide processes in vserver 1142229953 M * phycho kinda discovered it by mistake 1142229956 M * cehteh phycho: you need additional capabilities 1142229960 M * phycho ah 1142229963 M * phycho which ones 1142229980 A * phycho has apache running but ps -aux doesnt show it up.. but netstat -an does 1142229980 M * cehteh loading kernel modules and netzwerk admin 1142229987 M * cehteh better dont do that 1142229990 M * phycho it shows up as "-" 1142230002 M * cehteh (the iptables thing 1142230002 M * phycho tcp 0 0 192.168.2.4:8080 0.0.0.0:* LISTEN - 1142230004 M * phycho thats apache 1142230009 M * phycho but it doesnt show up as a process 1142230011 M * phycho or in process list 1142230012 M * phycho lol 1142230015 M * phycho .. and it works 1142230035 M * phycho weird huh? 1142230061 M * cehteh mhm 1142230085 M * phycho thats what happens when you do a chroot inside a chroot 1142230095 M * cehteh did you do the ps aux in ctx 1? 1142230100 M * phycho ctx? 1142230103 M * cehteh context 1142230110 M * phycho yeh 1142230116 M * phycho i did it in the context that im running in 1142230120 M * cehteh chcontext --ctx 1 ps -aux 1142230122 M * phycho tried it on the root one as well 1142230123 M * phycho sec 1142230141 M * cehteh no proc inside the chroot 1142230144 M * phycho it shows up there 1142230162 M * cehteh or maybe it really influences with the hidding stuff when you chroot 1142230169 M * phycho lol yea 1142230175 M * phycho pretty major flaw i would say 1142230180 M * phycho allows attackers to hide shit easily 1142230186 M * cehteh no 1142230240 M * cehteh well who can see the process ... the nested chroot cant see its own processes right? 1142230250 M * cehteh but the vserver shows it or not? 1142230257 M * phycho it doesnt 1142230260 M * phycho nowhere shows it 1142230264 M * Hollow a chroot does not hide any processes 1142230265 M * phycho unless you do that chcontext thing 1142230272 M * phycho Hollow - in this case it is 1142230278 M * Hollow i doubt that 1142230282 M * phycho well it has 1142230285 M * cehteh Hollow: no but there might be no proc mounted in chroot 1142230295 M * Hollow yeah.. 1142230301 M * cehteh thats prolly just the cause 1142230304 M * Hollow but then the chroot has not hided it.. ;) 1142230319 M * cehteh yeah thats what i am trying to tell 1142230323 M * phycho the /proc is mounted in the vps 1142230326 M * phycho root@www:/chroot/apache/etc/apache# mount 1142230326 M * phycho proc on /proc type proc (rw) 1142230331 M * phycho yet ps -aux doesnt show httpd 1142230348 M * cehteh the httpd is inside a nested chroot? 1142230352 M * phycho yep 1142230355 M * phycho httpd is in a chroot in the vps 1142230392 M * phycho the only way it shows up at all, is if you do that chcontext thing 1142230398 M * phycho on the host system 1142230456 M * phycho it could be something to do with grsecurity 1142230462 M * cehteh ah yes 1142230463 M * phycho so ill turn off hide process thingy 1142230466 M * phycho and see what happens 1142230480 M * phycho still weird and something people should be aware of :-) 1142230495 A * cehteh doesnt like grsecurity 1142230502 M * phycho why? 1142230506 M * Hollow well... vserver and grsec is not supported 1142230513 M * phycho well.. it works :p 1142230519 M * cehteh we see :) 1142230519 M * Hollow seemingly nt 1142230520 M * phycho whether its supported or not =) 1142230539 M * phycho grsecurity is handy if you know how to do the policies 1142230541 M * cehteh Hollow: do you know if SELinux works with vserver? 1142230554 A * phycho thinks SElinux looks hell of a complicated 1142230559 M * Hollow never tried those 1142230562 M * cehteh yeah 1142230568 M * phycho i took a look at it 1142230571 M * phycho then decided no chance 1142230572 M * phycho haha 1142230573 M * cehteh thats are the bad sides 1142230575 M * Hollow security by obscurity 1142230598 M * matti Indeed. 1142230630 M * matti Hollow: But, sometimes this can do script-kiddie work a little bit harded. 1142230648 M * Hollow yeah, but in general you don't need it imo 1142230667 M * phycho security by obscurity doesnt work 1142230678 M * Hollow but you seem to try it :) 1142230680 M * phycho grsec has some nice functions to prevent killing processes etc tho =) 1142230681 M * phycho no.. 1142230684 M * phycho grsecurity is not that. 1142230701 M * matti Well, depends. Ya can disable unnessesery /proc entries from host, and so on... 1142230714 M * Hollow you can do that with vserver too :) 1142230720 M * matti phycho: Well, the power in grSecurity lie in RBAC. 1142230720 M * phycho grsecurity has functions that prevents certain processes from accessing other parts of the system 1142230729 M * phycho matti - thats what im talking about :) 1142230741 M * matti phycho: But, ya're not so crazy, to implement full host/guest policy. 1142230749 M * matti phycho: In so, well - have a life to spare? :] 1142230750 M * phycho lol 1142230759 M * phycho paranoia works :P 1142230768 M * matti s/In/If/ 1142230773 M * matti phycho: This is my second name ;] 1142230774 M * matti ;p 1142230790 M * phycho :P 1142230793 M * phycho hehe 1142230804 M * matti Trully. 1142230806 A * phycho goes to turn off hidden process thingy to see if this helps 1142230810 M * phycho i really need iptables in vserver though 1142230816 M * phycho because my www cant bind to port 80 =) 1142230819 M * matti grSecurity have nice random-something feature. 1142230823 M * phycho it runs as "Www" and doesnt even start as root :p 1142230825 M * matti Nice loggin feature. 1142230835 M * matti And couple other nice feature... 1142230839 M * matti Even nice name ;- 1142230839 M * phycho so i need to redirect all 80 requests to 8080 1142230840 M * phycho =) 1142230854 M * matti And I love spender ;p 1142230857 M * matti Sicretly. 1142230857 M * matti ;p 1142230858 M * phycho lol 1142230877 M * matti ;D 1142230885 M * matti s/Sicretly/Secretly/ 1142230902 M * phycho the users on this box are going to be so pissed :D 1142230908 M * phycho its going to be locked down so damned tight hahaha 1142230913 M * phycho its going to annoy the hell out of them 1142230914 M * matti Spender is on top of my idol list. 1142230927 M * phycho lol, certainly isnt the top of mine =) 1142230928 M * matti Near Theo and G. W. Bush. 1142230931 M * phycho omg 1142230932 M * phycho lol 1142230933 M * matti And Evis of course. 1142230933 M * matti ;] 1142230940 A * phycho thinks you have to be joking now ;) 1142230944 M * phycho bush and theo? lol 1142230952 M * matti I am joking ;-p 1142230956 M * phycho haha figured 1142230960 M * phycho =) had to be when you said bush 1142230960 M * matti Yeah... 1142230964 M * matti Hehehehe. 1142230970 M * matti I goes to far, I know. 1142230973 M * phycho lol 1142230974 M * matti Too simple to guess. 1142230975 M * matti ;] 1142230982 M * phycho :P 1142230996 M * phycho i guess your from poland 1142230998 A * phycho does whois 1142231001 M * phycho yep 1142231002 M * phycho =] 1142231003 M * matti Welll... 1142231008 M * phycho i can tell just by talking to you 1142231008 M * phycho lol 1142231009 M * matti Another briliat discovery. 1142231013 M * matti How ya doing this? 1142231015 M * matti :] 1142231015 M * phycho without checking /whois 1142231016 M * phycho :P 1142231019 M * matti Hehehe. 1142231021 J * lost_eps ~lost_eps@216.235.146.165 1142231023 M * phycho ive spoken to that many people from .pl on shelltrade 1142231036 M * phycho i can tell by what they say and how they say it 1142231037 M * phycho =) 1142231055 M * matti And what so polish I said? ;] 1142231060 M * matti I know. 1142231067 M * matti G. W. Bush thing. 1142231068 M * matti ;-p 1142231071 M * phycho lol 1142231085 M * phycho nah, its because of your grammar :) 1142231090 M * matti Oh. 1142231105 M * phycho and you said ; 1142231109 M * phycho ;] 1142231110 M * matti phycho: That because I use one hand for that - I've cup off coffee in second ;] 1142231112 M * phycho all PL do that :D 1142231127 M * phycho hehe 1142231133 M * matti phycho: And I cannot write correctly when laughing. 1142231136 M * matti ;-p 1142231137 M * phycho :P 1142231149 M * matti Give me a break ;-p 1142231161 M * phycho hehe k :) 1142231164 M * matti Oh, you're the .uk guy. 1142231168 M * matti Nice accent. 1142231170 M * matti And so on... 1142231175 M * matti Girls should love that ;] 1142231176 M * matti ;p 1142231204 M * phycho hehe 1142231207 M * matti But all .uk people have such... God save the Queen issue ;-p 1142231208 M * matti ;p 1142231211 M * phycho pfft 1142231214 M * matti Hehehe. 1142231216 A * phycho spits on her 1142231221 M * matti Oh really? 1142231226 M * phycho i dont like the UK government 1142231229 M * phycho they are all corrupt 1142231244 A * matti is sending this log to the UK Secret Service now... 1142231246 M * phycho and the queen is just really a figurehead 1142231249 M * phycho haha matti 1142231250 M * matti We'll see how long ;p 1142231258 M * phycho they are probably already on it =) lol 1142231264 M * matti Problably. 1142231273 M * phycho oh well.. 1142231279 A * phycho doesnt like the FEDS much either 1142231295 M * phycho :P 1142231309 A * matti blinks and sends kisses to all of the .uk angents reading this now ;] 1142231317 M * phycho haha 1142231325 M * matti I want to be in good realtion with them. 1142231328 M * matti Ya know. 1142231338 M * matti Maybe I'll visit .uk someday. 1142231339 M * matti ;p 1142231348 M * matti Who knows... 1142231349 M * matti ;p 1142231367 M * matti But, y're doomed... 1142231369 M * matti ;p 1142231372 M * matti ;] 1142231392 M * matti phycho: Y're from exactly? 1142231395 M * matti phycho: London? 1142231509 M * phycho no 1142231514 M * phycho im in scotland 1142231518 M * matti Oh. 1142231527 M * matti That's sweet. 1142231531 M * phycho and i want out of here =) hahaha 1142231540 M * phycho ill swap you 1142231540 M * matti LOL 1142231547 M * matti Why? 1142231551 M * phycho you can have scotland, with all the whores and druggies and lack of employment 1142231552 M * matti I do something bad? :/ 1142231555 M * phycho and ill take poland with the hot chicks 1142231556 M * phycho =) 1142231557 M * phycho lol 1142231562 M * matti LOL 1142231567 M * matti Ya like polish girls? 1142231568 M * matti Damn. 1142231570 M * phycho yea 1142231570 M * matti Me too. 1142231577 M * phycho dude.. you should see what we have to put up with in the uk 1142231578 M * matti So, we've little problem. 1142231582 M * phycho chicks here have kids at 14 1142231583 M * phycho :/ 1142231588 M * matti What? 1142231590 M * phycho its disgusting 1142231597 M * matti Ya kiddin' me? 1142231599 M * phycho no 1142231604 M * matti Jesus Christ. 1142231606 M * phycho hahaha 1142231609 M * phycho yeah ;/ 1142231609 M * matti How it is even possible. 1142231613 M * phycho it is. 1142231646 M * phycho im telling you, most of them have had sex at like 12 ;/ 1142231646 M * phycho especially in my area 1142231646 M * phycho its _VERY_ hard to find a reliable chick these days! 1142231708 M * matti :P 1142231713 M * matti This is a bit sick. 1142231723 M * matti 14 yo girl with little baby. 1142231793 M * phycho lol yeah 1142231795 M * phycho tell me about it 1142231798 M * phycho usually they have no father too 1142231804 M * phycho the father gets them pregnant then runs off 1142231805 M * phycho ;/ 1142231816 M * matti What about low then? 1142231827 M * matti But... If father have 14 yo too... 1142231828 M * matti Damn... 1142231828 M * matti ;p 1142231839 M * phycho haha nah dude 1142231841 M * matti s/low/law/ 1142231845 M * phycho girls here are pretty slutty 1142231853 M * phycho ill give an example 1142231856 M * phycho a girl in my art class at school 1142231863 M * phycho has had a kid to my 42yr old art teacher 1142231865 M * phycho (seriously) 1142231865 M * phycho ;/ 1142231876 M * matti Em? 1142231877 M * matti ?! 1142231887 M * matti Sad a bie. 1142231890 M * matti s/bie/bit/ 1142231895 M * phycho that was a few years ago 1142231895 M * phycho but its true. 1142231902 M * phycho needless to say he got fired lol 1142231902 M * phycho but still.. 1142231911 M * phycho lol yeah its sad 1142231927 M * phycho scotland is the place to be if you want a one night stand :p 1142231935 M * matti Heh. 1142231937 M * matti I don't ;] 1142231941 M * matti I am a geek ;p 1142231945 M * phycho hehe same 1142231951 M * matti Geek do not have one night stand ;p 1142231954 M * phycho yep 1142231957 M * matti ;] 1142231967 A * Hollow vetos 1142231968 M * Hollow :) 1142231971 M * matti Pf. 1142231973 M * matti Hehehee. 1142231975 M * phycho lo Hollow 1142231983 M * matti Ok. 1142232002 M * matti Geek do not have one night stand (but we'll not include Hollow here). 1142232003 M * matti ;-p 1142232015 M * matti Oh. 1142232022 M * matti I just remember something ;] 1142232034 M * matti http://graffias.estrefa.pl/~matti/tmp/other/ 1142232041 M * matti Download and watch the IT Crowds. 1142232041 M * phycho i dont think my new kernel worked lol 1142232045 M * phycho ive seen it 1142232057 M * matti I cannot wait for ep 7. 1142232057 M * phycho its airs in the UK :P 1142232058 M * matti ;] 1142232061 M * matti I know ;p 1142232062 M * Hollow hm, is it in english? 1142232065 M * matti Yes. 1142232076 M * phycho lol @ piracy =) 1142232083 M * matti phycho: Go away ;-p 1142232085 M * phycho hahaha 1142232087 M * matti :D 1142232091 A * Hollow goes loading 1142232100 A * phycho knows someone in RiVER *grins* 1142232104 M * phycho :D 1142232106 M * matti phycho: Or I'll call 811 999 ...3 ;p 1142232109 M * phycho lol 1142232116 M * matti ;d 1142232147 M * phycho a guy i know from a uni does that :p 1142232158 M * matti phycho: If ya know, ask when ep 7 will be available. 1142232160 M * Hollow my mule is busy with simpsons ep 11-15 atm 1142232168 M * phycho hehe 1142232174 M * Hollow s/ep/season/ 1142232182 M * phycho http://www.channel4.com/entertainment/tv/microsites/I/itcrowd/ 1142232190 M * matti phycho: I must know, what happen after party ;] 1142232199 M * phycho i would guess a few days 1142232205 M * matti Great! 1142232206 M * matti ;] 1142232220 M * phycho i can watch it legit tho ;) 1142232224 M * phycho i watch it direct from their website :) 1142232230 M * matti :-P 1142232245 M * phycho but then again, i watch The.OC. etc from states :D lol 1142232245 M * matti I can watch it not so long after ya ;p 1142232252 M * phycho hehe 1142232256 M * matti Thanks to lovelly pirate guy ;] 1142232261 M * phycho lol 1142232265 M * matti ;-p 1142232276 M * phycho if i had a faster uplink i could have restreamed it to you 1142232290 M * matti And ya have? 1142232294 M * matti 9600 bps. 1142232295 M * matti I know ;] 1142232298 M * phycho lol may as well be 1142232302 M * phycho its 2mbit/256kbps :( 1142232306 M * matti Hm. 1142232310 M * phycho but erlier on i was only getting 15kb/sec max on it 1142232311 M * phycho ;/ 1142232313 M * phycho how lame 1142232315 M * matti There's another plus for Poland ;p 1142232318 M * phycho the UK internet sucks 1142232320 M * phycho haha yeah 1142232320 M * matti I've 10 Mbps FDX ;p 1142232324 M * phycho lol damnit 1142232328 M * phycho gimmie some :p 1142232338 M * matti I can send you some by snail mail ;] 1142232341 M * phycho hehe 1142232346 M * matti Want packet to be printed with verdana ?] 1142232347 M * matti ;p 1142232404 M * matti Oh, cheer up. 1142232440 A * phycho turns off pax and grsecurity to test 1142232718 M * matti ... and phycho turn off the PaX and evil hacker own his poor machine in a blink of and eye... life of phycho was not easy after that... He almost turn himself to the ocean.. But... 1142232722 M * matti ;p 1142232886 M * phycho lol 1142232921 M * matti ;D 1142232922 M * cehteh pax works with vserver 1142232923 M * matti OK, sorry. 1142232928 M * matti I am cool now. 1142232961 M * phycho hehe 1142233268 J * matta ~matta@68.81.35.243 1142233461 Q * lost_eps Quit: Leaving 1142233485 M * tokkee Your mail to vserver@list.linux-vserver.org with the subject "vserver plugin for 1142233488 M * tokkee +collectd 1142233491 M * tokkee " was intercepted, since your eMail address not is verified. 1142233494 M * tokkee 1142233497 M * tokkee To verify your eMail address, please reply to this eMail. 1142233499 M * tokkee WTF is that supposed to be? 1142233548 M * phycho lol 1142233632 Q * matt1 Ping timeout: 480 seconds 1142233789 J * Smutje_ ~Smutje@xdsl-87-78-87-235.netcologne.de 1142233814 M * phycho k once i turn grsecurity off 1142233816 M * phycho httpd etc shows up 1142233816 M * phycho lol 1142233899 Q * Smutje Ping timeout: 480 seconds 1142233899 N * Smutje_ Smutje 1142234208 M * Hollow lol.. i like the it crowd 1142234243 M * phycho :P 1142234559 Q * `DoM`` Ping timeout: 480 seconds 1142234565 J * `DoM`` ~DoM@151.56.212.182 1142234917 J * lost_eps ~lost_eps@216.235.146.165 1142235120 M * tokkee Hmmm... this mailing list seems to be quite strange imho - I did reply to the above message, but my message still won't show up... 1142235248 J * Aiken__ ~james@tooax6-159.dialup.optusnet.com.au 1142235398 M * tokkee *d'oh* ... postfix is too smart and did notice that I already got that message ;-) 1142235564 Q * Aiken_ Ping timeout: 480 seconds 1142235566 M * coocoon does anyone know what this means "Create a default skeleton for your vserver's config (skel.conf)..." and how to create it 1142236389 M * SiD3WiNDR sounds like it's meant for legacy tools 1142236650 M * coocoon SiD3WiNDR: hm I create a skel.conf in /etc/vservers, it doesn't need but for creating the slackware guest maybe the script wanted it 1142236739 M * coocoon SiD3WiNDR: u have knowledge about slackware 1142237653 M * phycho coocoon - ive just done what your trying to do 1142237668 M * phycho with slackware 1142237682 M * phycho have you already created /vservers/thevpsname? 1142237691 M * phycho (where vpsname is where all your slack files are stored) 1142237777 M * coocoon no I haven't done this there I created a folder for slackfiles in another folder 1142237791 M * phycho k 1142237816 M * coocoon but it doesn't work 1142237825 M * coocoon :-( 1142237866 J * undefined ~undefined@adsl-68-93-109-94.dsl.rcsntx.swbell.net 1142237879 M * coocoon phycho: u know this side http://linux-vserver.org/SlackwareVserverHowto 1142237987 P * undefined 1142238031 M * phycho yep looked at it 1142238034 M * phycho didnt use it tho 1142238062 M * coocoon but i think i have found the error i must assign in the script the right path to the stored files 1142238102 M * phycho k 1142238114 M * coocoon directls 1142238119 M * coocoon -s +y 1142238568 M * coocoon phycho: get this error ./mkjail: line 28: installpkg: command not found, my host is Debian Sarge 1142238648 M * phycho i didnt use makejail 1142238665 M * phycho i did the whole thing manually 1142238738 M * coocoon oh ok u say I must put all files there /vservers/thevpsname, what does thev mean 1142238751 M * coocoon or the 1142238770 M * phycho it means you must create the base slackware system 1142238773 M * phycho then put it in the vservers folder 1142238811 M * coocoon ok I install makejail ;-) and have a look if it works after this 1142238872 M * coocoon shall I get zipslack things and extract it in the guest folder 1142238919 M * phycho i used makeinstall 1142238923 M * phycho with the chroot option 1142238980 Q * shedi Quit: Leaving 1142239033 M * coocoon ok I put all slackfiles into the vserver/guest/vpsname folder 1142239135 M * coocoon then I mounted mount -t proc proc /vservers/slackware/proc 1142239136 M * coocoon right 1142239160 M * coocoon but chroot /vservers/slackware doesn't work beacuse of there are no bash 1142239169 M * cehteh the vserver utils mount proc for you 1142239181 M * coocoon oh ok 1142239208 M * coocoon but i must mount into the vserver guest 1142239226 M * coocoon vserver guest start can't work 1142239235 M * cehteh huh 1142239280 M * phycho coocoon - have you tried chroot? 1142239285 M * coocoon yes 1142239287 M * coocoon it failled 1142239292 M * phycho chroot /vserver/slackware /sbin/ldconfig 1142239293 M * phycho do that 1142239297 M * phycho then try run bash 1142239330 M * coocoon chroot: cannot run command `/sbin/ldconfig': No such file or directory 1142239345 M * phycho go into /vserver/slackware 1142239348 M * phycho and show us whats there 1142239356 A * cehteh would like a chroot/strace wraper which does copy-on-read from the orginal FS :) 1142239364 M * phycho heh 1142239378 M * coocoon it is the same 1142239385 M * phycho is there anything in it? 1142239403 M * coocoon dev etc root proc vpsname 1142239424 A * phycho doesnt think that tutorial is any good 1142239431 M * coocoon i think so 1142239434 M * phycho i took one look at it and rolled my own 1142239438 M * phycho which works fine 1142239451 M * phycho i can tar it up and you can use that if you like 1142239455 M * phycho its based on slack 10.2 1142239470 M * coocoon ok u r very nice 1142239479 M * phycho its np 1142239532 M * coocoon but what happens when i extract zipslack in to the guest 1142239550 M * phycho 2secs 1142239552 M * phycho i dunno, i didnt do it that way 1142239553 M * coocoon is there anything i need 1142239564 M * phycho like i said, i did it my way 1142239570 M * coocoon ok 1142239581 M * coocoon new york new york 1142239592 M * phycho lol 1142239651 M * phycho sec 1142239751 M * phycho this version of slack is bare minimal 1142239755 M * phycho no compiling tools etc 1142239760 M * phycho you will need to install those yourself 1142239765 M * phycho with installpkg 1142239832 M * phycho 48megs.. need somewhere to put it now =) 1142239906 M * coocoon hm ok, but where I have no ftp directly 1142239913 M * coocoon at this moment 1142239937 M * phycho ill put one up 1142239975 M * coocoon ok thanx 1142240134 M * phycho k i got somewhere, it will take a while to upload 1142240138 M * phycho only got 256kbps upstream 1142240140 M * phycho and its 40ish megs 1142240144 M * phycho ill let u know when its done 1142240175 M * coocoon phycho: hm I got slackware vserver running but have no access to the bash 1142240188 M * coocoon vcontext: execvp("/bin/bash"): No such file or directory 1142240220 M * phycho 26mins to upload it 1142240223 M * phycho hmmm 1142240227 M * phycho what does vserver-list show? 1142240234 M * phycho vserver-stat evne 1142240236 M * phycho *even 1142240277 M * coocoon http://pastebin.com/599353 1142240334 M * coocoon chroot /vservers/slackware sbin/ldconfig shows this errors http://pastebin.com/599355 1142240500 M * phycho tried copying ld.conf or w/e in the /etc folder? 1142240506 M * coocoon i must renam the files right 1142240512 M * phycho k 1142240544 M * coocoon i have renamed the conf and now I rename the other needed files, but why haven't they the right name 1142240581 M * phycho dunno 1142240890 M * phycho 15mins left of the upload 1142240968 Q * nox Remote host closed the connection 1142241058 M * coocoon ok phycho really nice I extracted now bash from the a folder restarted the vserver 1142241077 M * phycho k 1142241081 J * pzYsTorM schak@dslb-082-083-032-191.pools.arcor-ip.net 1142241410 M * coocoon zipslack is for dos partitions 1142241412 M * coocoon ;-) 1142241453 M * phycho hehe 1142241493 M * coocoon u don't want to tell whats ur way 1142241563 M * coocoon i think i must extract all files from the folders into the directory of my guest 1142241633 M * phycho well im about to give you my .tgz 1142241636 M * phycho to install from 1142241640 M * phycho i use installpkg on the host system 1142241643 M * phycho and chroot it 1142241646 M * phycho to make it install to my slack dir 1142241688 M * coocoon but how to use installpkg on debian 1142241718 M * coocoon ok i will have a look if i can install it 1142241780 M * phycho k 1142241788 M * phycho my host system is slack :P 1142241808 M * phycho k its up 1142241816 M * phycho http://vcna.demonweb.co.uk/default.tgz 1142241820 M * phycho extract that in /vservers 1142241826 M * phycho then you can use it 1142241841 M * coocoon ok thanx a lot will have a look 1142241864 M * coocoon but I am right I can extract all files manually intot my folder right 1142241886 M * coocoon i mean a ap n l ... into the guest folder 1142241937 M * phycho yeh 1142241947 M * phycho thats what i did 1142241950 M * phycho except used installpkg to do it 1142241978 M * coocoon thanx I got it 1142241987 M * phycho np 1142242158 J * nox ~nox@noxlux.de 1142243163 J * shedi ~siggi@tolvudeild-200.lhi.is 1142243228 J * pagano ~pagano@lappagano.cnaf.infn.it 1142243939 Q * Aiken__ Ping timeout: 480 seconds 1142244344 Q * pagano Ping timeout: 480 seconds 1142247130 J * meandtheshell ~markus@85-124-36-135.dynamic.xdsl-line.inode.at 1142247290 J * doener ~doener@i5387DB4A.versanet.de 1142247576 J * teukka ~tmatilai@193.65.190.29 1142248981 J * milestones ~buddy@p54A79880.dip0.t-ipconnect.de 1142248988 N * milestones buddy 1142248994 M * buddy hi all 1142249008 M * buddy reading the faq f->5 1142249071 M * buddy in which script do i have to set this? 1142249080 M * buddy i have setup the interface (eth3 1142249082 M * buddy ) 1142249114 M * buddy in /etc/vservers/contractor/interfaces/0? 1142249123 M * buddy ip? 1142249136 A * buddy is a complete newbie 1142249202 J * lilalinux ~plasma@dslb-084-058-223-109.pools.arcor-ip.net 1142249317 M * teukka buddy: yes, just put the IP address to a file called ip and then "touch nodev" in the same directory (i.e. 0) 1142249336 M * coocoon look here http://deb.riseup.net/vserver/configuration/ it is not only for debian 1142249404 Q * pzYsTorM Ping timeout: 480 seconds 1142249527 Q * Greek0 Remote host closed the connection 1142249636 J * peter_ ~peter@c211-30-81-68.blktn4.nsw.optusnet.com.au 1142249843 J * Greek0 ~greek0@85.255.145.201 1142249940 Q * buddy xenon.oftc.net helium.oftc.net 1142249940 Q * nox xenon.oftc.net helium.oftc.net 1142249940 Q * coocoon xenon.oftc.net helium.oftc.net 1142249940 Q * VxJasonxV xenon.oftc.net helium.oftc.net 1142249940 Q * jkl xenon.oftc.net helium.oftc.net 1142249940 Q * yang xenon.oftc.net helium.oftc.net 1142249940 Q * Medivh xenon.oftc.net helium.oftc.net 1142249940 Q * gerrit_ xenon.oftc.net helium.oftc.net 1142249940 Q * harry xenon.oftc.net helium.oftc.net 1142249940 Q * click xenon.oftc.net helium.oftc.net 1142249940 Q * derjohn xenon.oftc.net helium.oftc.net 1142249940 Q * lilo xenon.oftc.net helium.oftc.net 1142249940 Q * Snow-Man xenon.oftc.net helium.oftc.net 1142249940 Q * romke xenon.oftc.net helium.oftc.net 1142249940 Q * blackfire xenon.oftc.net helium.oftc.net 1142249940 Q * eyck xenon.oftc.net helium.oftc.net 1142249940 Q * mire xenon.oftc.net helium.oftc.net 1142249940 Q * tam xenon.oftc.net helium.oftc.net 1142249940 Q * tokkee xenon.oftc.net helium.oftc.net 1142249940 Q * Wonka xenon.oftc.net helium.oftc.net 1142249940 Q * SiD3WiNDR xenon.oftc.net helium.oftc.net 1142249940 Q * micah xenon.oftc.net helium.oftc.net 1142249940 Q * waldi xenon.oftc.net helium.oftc.net 1142249940 Q * Hunger xenon.oftc.net helium.oftc.net 1142249940 Q * lilalinux xenon.oftc.net helium.oftc.net 1142249940 Q * shedi xenon.oftc.net helium.oftc.net 1142249947 Q * lost_eps xenon.oftc.net helium.oftc.net 1142249947 Q * FireEgl xenon.oftc.net helium.oftc.net 1142249947 Q * teukka xenon.oftc.net helium.oftc.net 1142249947 Q * doener xenon.oftc.net helium.oftc.net 1142249947 Q * phycho xenon.oftc.net helium.oftc.net 1142249947 Q * dev_ xenon.oftc.net helium.oftc.net 1142249947 Q * entroposcope xenon.oftc.net helium.oftc.net 1142249947 Q * Bertl_zZ xenon.oftc.net helium.oftc.net 1142249947 Q * brc xenon.oftc.net helium.oftc.net 1142249947 Q * cehteh xenon.oftc.net helium.oftc.net 1142249947 Q * sannes xenon.oftc.net helium.oftc.net 1142249947 Q * mountie xenon.oftc.net helium.oftc.net 1142249947 Q * Cru xenon.oftc.net helium.oftc.net 1142249947 Q * SNy xenon.oftc.net helium.oftc.net 1142249947 Q * meandtheshell xenon.oftc.net helium.oftc.net 1142249947 Q * michal` xenon.oftc.net helium.oftc.net 1142249947 Q * sladen xenon.oftc.net helium.oftc.net 1142249947 Q * lonewolff xenon.oftc.net helium.oftc.net 1142249956 Q * Loki|muh xenon.oftc.net helium.oftc.net 1142249956 Q * phedny xenon.oftc.net helium.oftc.net 1142249956 Q * Geert xenon.oftc.net helium.oftc.net 1142249956 Q * meebey xenon.oftc.net helium.oftc.net 1142249956 Q * peter_ xenon.oftc.net helium.oftc.net 1142249956 Q * Wenix xenon.oftc.net helium.oftc.net 1142249956 Q * `DoM` xenon.oftc.net helium.oftc.net 1142249956 Q * wibble xenon.oftc.net helium.oftc.net 1142249956 Q * Duckx xenon.oftc.net helium.oftc.net 1142249956 Q * neofutur xenon.oftc.net helium.oftc.net 1142249956 Q * cohan xenon.oftc.net helium.oftc.net 1142249956 Q * kilian xenon.oftc.net helium.oftc.net 1142249956 Q * Psy0rz_ xenon.oftc.net helium.oftc.net 1142249956 Q * Adrinael xenon.oftc.net helium.oftc.net 1142249956 Q * weasel xenon.oftc.net helium.oftc.net 1142249976 J * peter_ ~peter@c211-30-81-68.blktn4.nsw.optusnet.com.au 1142249976 J * teukka ~tmatilai@193.65.190.29 1142249976 J * doener ~doener@i5387DB4A.versanet.de 1142249976 J * meandtheshell ~markus@85-124-36-135.dynamic.xdsl-line.inode.at 1142249976 J * michal` ~michal@www.rsbac.org 1142249976 J * phycho ~phycho@ext-gw.darktech.org.uk 1142249976 J * phedny ~mark@volcano.p-bierman.nl 1142249976 J * sladen paul@starsky.19inch.net 1142249976 J * lonewolff lonewolff@adleman.lonewolff.info 1142249976 J * Wenix ~wenix@81.7.189.11 1142249976 J * Loki|muh loki@satanix.de 1142249976 J * weasel weasel@weasel.noc.oftc.net 1142249976 J * Adrinael adrinael@hoasb-ff09dd00-79.dhcp.inet.fi 1142249976 J * Psy0rz_ ~psy0rz@lounge.datux.nl 1142249976 J * SNy fbe82c609c@bmx-chemnitz.de 1142249976 J * Cru ~mindwarp@turbodiesel.e.de.wahlich.com 1142249976 J * kilian kk@projects.verfaction.de 1142249976 J * mountie ~mountie@CPEdeaddeaddead-CM000a739acaa4.cpe.net.cable.rogers.com 1142249976 J * sannes ~ace@simula-084.simula.no 1142249976 J * cohan ~cohan@koniczek.de 1142249976 J * cehteh foobar@cehteh.homeunix.org 1142249976 J * neofutur ~neofutur@neofutur.net 1142249976 J * brc bruce@20151181056.user.veloxzone.com.br 1142249976 J * Bertl_zZ herbert@212.16.62.52 1142249976 J * Duckx ~duckx@195.75.27.158 1142249976 J * entroposcope ~entroposc@user-0c992og.cable.mindspring.com 1142249976 J * wibble wibble@vortex.ukshells.co.uk 1142249976 J * dev_ ~dev@swsoft-mipt-nat.sw.ru 1142249976 J * `DoM` ~dom@195.32.84.44 1142249976 J * meebey meebey@booster.qnetp.net 1142249976 J * Geert geert@geert.irssi.be 1142249976 T * xenon.oftc.net http://linux-vserver.org/ | latest stable 2.01, 1.2.10, 1.2.11-rc1, devel 2.1.0, exp 2.{0.2,1.1}-rc12 | util-vserver-0.30.210 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) 1142250011 J * Medivh ck@paradise.by.the.dashboardlight.de 1142250021 J * harry ~harry@d515321D1.access.telenet.be 1142250021 J * lilalinux ~plasma@dslb-084-058-223-109.pools.arcor-ip.net 1142250021 J * shedi ~siggi@tolvudeild-200.lhi.is 1142250021 J * lost_eps ~lost_eps@216.235.146.165 1142250021 J * eyck eyck@81.219.64.71 1142250021 J * mire ~mire@79-166-222-85.COOL.ADSL.VLine.Verat.NET 1142250021 J * micah ~micah@69.90.134.205 1142250021 J * waldi ~waldi@bblank.thinkmo.de 1142250021 J * tam ~tam@nettam.com 1142250021 J * SiD3WiNDR luser@bastard-operator.from-hell.be 1142250021 J * tokkee tokkee@casella.verplant.org 1142250021 J * Wonka debian-tor@chaos.in-kiel.de 1142250021 J * FireEgl Atlantica@Atlantica.Tcldrop.Com 1142250021 J * Hunger Hunger.hu@Hunger.hu 1142250037 J * romke ~romke@procyon.romke.net 1142250038 J * blackfire blackfire@dp70.internetdsl.tpnet.pl 1142250042 J * click click@ti511110a080-3151.bb.online.no 1142250055 J * nox ~nox@noxlux.de 1142250057 J * lilo ~lilo@cpe-24-167-94-255.houston.res.rr.com 1142250062 J * Snow-Man ~sfrost@kenobi.snowman.net 1142250071 J * pagano ~pagano@lappagano.cnaf.infn.it 1142250554 Q * pagano Ping timeout: 480 seconds 1142250691 J * gerrit_ ~gerrit@c-67-160-146-170.hsd1.or.comcast.net 1142250707 J * VxJasonxV ~jason@ip68-110-115-17.ph.ph.cox.net 1142250745 J * buddy ~buddy@p54A79880.dip0.t-ipconnect.de 1142250755 J * yang ~yang@cpe-213-157-253-172.dynamic.amis.net 1142250807 J * coocoon ~coocoon@p54A064D2.dip.t-dialin.net 1142251570 M * buddy no my problem is that i have another default gw with the second interface. rathern than with the default interface eth0. Is it possible to bind a default gw only for one vserver? 1142251696 M * doener network virtualisation is based only on ip addresses. routing should be setup on the host and will then also affect the vservers. 1142251760 M * doener so you should create a rule for routing that sends traffic from the vserver's ip address(es) to that other gateway 1142251766 M * doener (on the host) 1142252062 Q * Hollow Read error: Connection reset by peer 1142252197 J * Hollow ~hollow@home.xnull.de 1142252920 J * matt1 ~matta@c-68-81-35-243.hsd1.pa.comcast.net 1142253131 J * tso ~tso@249-158.adsl.pool.ew.hu 1142253155 M * tso hi 1142253309 M * tso i think i have a newbie question: is it possible to run a chroot within a vserver guest with procfs? 1142253334 Q * matta Ping timeout: 480 seconds 1142253820 J * pagano ~pagano@lappagano.cnaf.infn.it 1142254160 J * pzYsTorM schak@dslb-082-083-059-226.pools.arcor-ip.net 1142254282 M * pzYsTorM morning. short question: can i rule with iptables the traffic from/to the guests? or only from/to the host? 1142254486 M * brc pzYsTorM: you can run iptables inside a guest but you can create the rules for the guests on the host. 1142254489 M * brc oops can't 1142254499 M * brc pzYsTorM: you can't run iptables inside a guest but you can create the rules for the guests on the host. 1142254606 Q * pagano Read error: Connection reset by peer 1142255365 P * meandtheshell 1142255684 Q * `DoM`` Ping timeout: 480 seconds 1142255691 J * `DoM`` ~DoM@151.56.212.182 1142255799 M * buddy doener, here is what i have done. http://pastebin.com/599606 1142255823 M * buddy somehow i cannot the same network from one vserver to the subnet anopther vserv is able to communicate with 1142255830 M * buddy the pastebin makes this more clear 1142255985 M * buddy here the same with routing information added http://pastebin.com/599610 1142256102 M * buddy any help is highly appreciated 1142256122 M * doener does 217.195.4.243 know how to reach 192.168.0.157? 1142256195 M * buddy aehm no 1142256202 M * buddy that is my problem? 1142256231 M * buddy hang on 1142256240 M * doener unless you have some iptables rule to rewrite 192.168.0.157, i'd say so 1142256285 M * doener if there's no host that knows how to reach 192.168.0.157, where should the ping reply go to? ;) 1142256295 M * buddy why is it not using the 4.242 as its source though? 1142256320 M * buddy this is the direct link to the subnet, isn't it? 1142256334 M * buddy because it is in its own vserver? 1142256346 M * doener vserver1? doesn't have access to that ip address, AFAICT 1142256381 M * buddy doener, can i give it access to it or shold i rewrite this with iptables inside the main server? 1142256411 M * buddy this is network monitoring machine, so i have to give it access on all nets anyway 1142256469 M * doener what is it that you actually want to achieve? i didn't follow the whole discussion... 1142256548 T * services.oftc.net http://linux-vserver.org/ | latest stable 2.01, 1.2.10, 1.2.11-rc1, devel 2.1.0, exp 2.{0.2,1.1}-rc12 | util-vserver-0.30.210 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) 1142256684 M * buddy what i am trying to do is that i have had several servers which are now consolidated into one. Those servers were on different subnets. Now the nagios server (vserver1) 168.0.x and the vserver2 contractor .4.242 was on a subnet along with other servers. While the vserver2 can be reached without a problem fro the world, the nagios server (vserver1) can no longer access the subnet that the vserver2 was on 1142256741 M * buddy now i am trying to find a way to make nagios be able to access the subnet again 1142256834 M * buddy doener, a little SNAT fixed my problem 1142256841 J * jkl eric@c-67-172-156-116.hsd1.co.comcast.net 1142256857 M * doener ok 1142256861 M * buddy i am now rewriting 192.168.0.157 to 217.195.4.242 if it is leaving through this interface 1142256870 M * buddy does this make sense? 1142256882 M * doener uhm, i don't think so... 1142256949 M * buddy why not? 1142256949 Q * matt1 Ping timeout: 480 seconds 1142257130 M * doener collides with vserver2, doesn't it? AFAIK you would want a SNAT and a DNAT rule, both limited to some ports in your case... I'm not sure about it though... 1142257306 M * buddy doener, no this works just fine 1142257321 M * buddy on eth2 is only the subnet configured 1142257351 M * buddy so vserver1 just sends packets out of vserver2 interface if it really needs access to the net 1142257362 M * buddy everything is fine 1142257367 M * buddy and i just need one rule 1142257544 J * Smutje_ ~Smutje@xdsl-87-78-18-146.netcologne.de 1142257590 M * buddy doener, thanks anyway 1142257597 M * coocoon u need a rule 1142257601 M * coocoon buddy 1142257616 M * buddy coocoon, but it works 1142257624 M * buddy coocoon, ok which one 1142257671 M * coocoon buddy: maybe u have it but I have got these one 1142257674 M * coocoon s 1142257717 M * coocoon mom 1142257759 Q * Smutje Ping timeout: 480 seconds 1142257759 N * Smutje_ Smutje 1142257767 M * coocoon NAT: iptables -t nat -A POSTROUTING -s 1.2.3.0 -d ! 1.2.3.0 -j SNAT --to-source "hostIP" 1142257793 M * coocoon DNAT: iptables -t nat -A PREROUTING -p tcp --destination-port 2220 -j DNAT --to-destination 1.2.3.0:22 1142257826 M * coocoon maybe this will help or prevent u for spending too much time, maybe u have them 1142257872 M * coocoon I ' ve started them in /etc/vservers/scripts/pre-start.d 1142257877 M * coocoon and it works 1142257907 M * buddy coocoon, ok thx 1142257913 M * buddy i will add my rules there to 1142257971 M * coocoon .../pre-start/port or something else 1142258014 M * buddy coocoon, ok so this don't matter. good to know 1142258468 J * restill ~restill@c-24-11-171-10.hsd1.mi.comcast.net 1142258510 M * coocoon is there someone who knows how to extract multiple tgz files at once 1142258518 M * coocoon which command must I use 1142258566 M * buddy for FILE in `ls *.tgz`; do tar zxvf $FILE; done; ? 1142258689 M * coocoon very cool thanx 1142258839 J * matta ~matta@c-68-32-239-173.hsd1.pa.comcast.net 1142260045 M * coocoon is there some slackware freak 1142260081 M * brc coocoon: 1142260086 M * brc for OPA in * 1142260086 M * brc do 1142260089 M * brc 1142260098 M * brc tar xfvz $OPA 1142260100 M * brc done 1142260101 M * brc ----- 1142260128 M * coocoon brc: I it works fine with the command from buddy 1142260128 M * brc just noticed someone has already answered, sorry :) 1142260134 M * coocoon no prob 1142260152 M * coocoon u know something about slackware 1142260156 M * coocoon brc 1142260202 M * brc i use slackware, what is your doubt ? 1142260208 A * buddy just loves debian and ubuntu 1142260217 A * buddy is happy to help coocoon 1142260312 M * coocoon brc: hm ok i have extracted all needed files from slackware server my guest is running, when i wanted to enter vserver or try a chroot i get messages that there is no /bin/bash 1142260326 M * coocoon or vcontext: execvp("/bin/bash"): No such file or directory 1142260344 M * brc maybe you have missing libraries 1142260359 M * coocoon hm from where can i got them 1142260363 M * coocoon get 1142260370 M * brc i think that you can't just extract all the tgz's, on the instlalation process slackware runs several scripts 1142260389 M * brc What i did: install slackware on vmware, create a tarball from /, extract the tarball into /vserver/name and run it. 1142260394 M * coocoon the scripts are there maybe i must confogure them manually 1142260409 M * brc do this 1142260420 M * brc vserver name exec ldd /bin/bash 1142260427 M * brc name = replace with the name of oyur vserver 1142260436 M * coocoon they have all the extension new, so if I renamed them maybe it will work 1142260461 M * brc btw, on that FOR you have just used, why not running the package script after extracting the file ? 1142260476 M * brc i think that the name is doinst.sh 1142260480 M * coocoon vcontext: execvp("ldd"): No such file or directory 1142260482 M * brc maybe that would work. 1142260490 M * brc vserver name exec /usr/bin/ldd /bin/bash 1142260496 M * coocoon yes I have tried but there happemns nothing 1142260527 M * brc what have you tried ? running all the doint's ? 1142260547 M * coocoon no 1142260559 M * coocoon so I must run all of them 1142260697 M * coocoon but know there are no doinst.sh 1142260722 M * coocoon or where to find them 1142260796 M * brc slackware installpkg do not just extract the tarball, it also runs the doinst script 1142260804 M * brc try this 1142260810 M * brc for files in * 1142260811 M * brc do 1142260814 M * brc tar xfvz $opa 1142260820 M * brc sh ./doinst.sh 1142260820 M * brc done 1142260821 M * brc ------ 1142260833 M * brc hmm, that won't work since bash is not working, forget it hehehe 1142260850 M * coocoon ah ok i c 1142261030 M * coocoon linux could be so easy 1142261174 M * brc i have a slackware tarball, but not here 1142261244 M * coocoon I have two, but I wanted to configure it by myself 1142261256 M * coocoon something wents wrong 1142261259 M * brc you want to make your own tarball 1142261266 M * brc i mean, your own install 1142261273 M * coocoon yes 1142261274 M * brc if you have time, go on.. 1142261278 M * coocoon i have 1142261285 M * brc as i said before, the easiest way is instlaling into vmware 1142261315 M * coocoon yes but installing vmware i hated it 1142261469 M * coocoon I got messages that the sh scripts not in the archive files 1142262202 Q * mire Ping timeout: 480 seconds 1142262762 J * mire ~mire@96-166-222-85.COOL.ADSL.VLine.Verat.NET 1142262974 M * phycho coocoon - i gave you mine 1142262976 M * phycho just untar it 1142262991 M * phycho brc - the easiest way is makepkg 1142262993 M * phycho with chroot function 1142263103 M * brc never used makepkg 1142263110 M * brc Is it a slackware util ? 1142263221 M * coocoon phycho: thanx i have ur tarball and it works but i will have a look if i can make it in my way ;-), need only the right script for doinst.sh after untar 1142263297 M * coocoon phycho: do not misunderstand but I wanted to make tarball of older distros too 1142263317 M * phycho brc - yes 1142263326 M * phycho hehe yea 1142263595 M * phycho # cd /path/to/slackware/ 1142263595 M * phycho # installpkg -root /path/to/uml/mnt -ask -menu \ 1142263595 M * phycho a/*.tgz ap/*.tgz d/*.tgz e/*.tgz n/*.tgz 1142263598 M * phycho thats how i did it 1142264760 Q * restill xenon.oftc.net oxygen.oftc.net 1142264760 Q * jkl xenon.oftc.net oxygen.oftc.net 1142264760 Q * tso xenon.oftc.net oxygen.oftc.net 1142264760 Q * coocoon xenon.oftc.net oxygen.oftc.net 1142264760 Q * yang xenon.oftc.net oxygen.oftc.net 1142264760 Q * buddy xenon.oftc.net oxygen.oftc.net 1142264760 Q * VxJasonxV xenon.oftc.net oxygen.oftc.net 1142264760 Q * gerrit_ xenon.oftc.net oxygen.oftc.net 1142264760 Q * dev_ xenon.oftc.net oxygen.oftc.net 1142264760 Q * entroposcope xenon.oftc.net oxygen.oftc.net 1142264760 Q * brc xenon.oftc.net oxygen.oftc.net 1142264760 Q * cehteh xenon.oftc.net oxygen.oftc.net 1142264760 Q * mountie xenon.oftc.net oxygen.oftc.net 1142264760 Q * Cru xenon.oftc.net oxygen.oftc.net 1142264760 Q * phycho xenon.oftc.net oxygen.oftc.net 1142264760 Q * doener xenon.oftc.net oxygen.oftc.net 1142264760 Q * teukka xenon.oftc.net oxygen.oftc.net 1142264760 Q * sannes xenon.oftc.net oxygen.oftc.net 1142264760 Q * Bertl_zZ xenon.oftc.net oxygen.oftc.net 1142264760 Q * SNy xenon.oftc.net oxygen.oftc.net 1142264760 Q * Wonka xenon.oftc.net oxygen.oftc.net 1142264760 Q * tokkee xenon.oftc.net oxygen.oftc.net 1142264760 Q * tam xenon.oftc.net oxygen.oftc.net 1142264760 Q * eyck xenon.oftc.net oxygen.oftc.net 1142264760 Q * SiD3WiNDR xenon.oftc.net oxygen.oftc.net 1142264764 Q * waldi xenon.oftc.net oxygen.oftc.net 1142264764 Q * micah xenon.oftc.net oxygen.oftc.net 1142264764 Q * Hunger xenon.oftc.net oxygen.oftc.net 1142264764 Q * nox xenon.oftc.net oxygen.oftc.net 1142264764 Q * click xenon.oftc.net oxygen.oftc.net 1142264764 Q * lost_eps xenon.oftc.net oxygen.oftc.net 1142264764 Q * shedi xenon.oftc.net oxygen.oftc.net 1142264764 Q * lilalinux xenon.oftc.net oxygen.oftc.net 1142264764 Q * harry xenon.oftc.net oxygen.oftc.net 1142264764 Q * FireEgl xenon.oftc.net oxygen.oftc.net 1142264764 Q * matta xenon.oftc.net oxygen.oftc.net 1142264764 Q * romke xenon.oftc.net oxygen.oftc.net 1142264764 Q * `DoM` xenon.oftc.net oxygen.oftc.net 1142264764 Q * wibble xenon.oftc.net oxygen.oftc.net 1142264764 Q * Duckx xenon.oftc.net oxygen.oftc.net 1142264764 Q * cohan xenon.oftc.net oxygen.oftc.net 1142264764 Q * Psy0rz_ xenon.oftc.net oxygen.oftc.net 1142264764 Q * Adrinael xenon.oftc.net oxygen.oftc.net 1142264764 Q * Wenix xenon.oftc.net oxygen.oftc.net 1142264764 Q * peter_ xenon.oftc.net oxygen.oftc.net 1142264765 Q * kilian xenon.oftc.net oxygen.oftc.net 1142264765 Q * neofutur xenon.oftc.net oxygen.oftc.net 1142264765 Q * weasel xenon.oftc.net oxygen.oftc.net 1142264765 Q * mire xenon.oftc.net oxygen.oftc.net 1142264765 Q * Geert xenon.oftc.net oxygen.oftc.net 1142264765 Q * meebey xenon.oftc.net oxygen.oftc.net 1142264765 Q * Loki|muh xenon.oftc.net oxygen.oftc.net 1142264765 Q * phedny xenon.oftc.net oxygen.oftc.net 1142264765 Q * michal` xenon.oftc.net oxygen.oftc.net 1142264765 Q * lonewolff xenon.oftc.net oxygen.oftc.net 1142264765 Q * sladen xenon.oftc.net oxygen.oftc.net 1142264817 J * Loki_muh loki@satanix.de 1142264817 J * milestones ~buddy@p54A790FA.dip0.t-ipconnect.de 1142264817 J * matta ~matta@c-68-32-239-173.hsd1.pa.comcast.net 1142264817 J * restill ~restill@c-24-11-171-10.hsd1.mi.comcast.net 1142264817 J * jkl eric@c-67-172-156-116.hsd1.co.comcast.net 1142264817 J * tso ~tso@249-158.adsl.pool.ew.hu 1142264817 J * coocoon ~coocoon@p54A064D2.dip.t-dialin.net 1142264817 J * yang ~yang@cpe-213-157-253-172.dynamic.amis.net 1142264817 J * buddy ~buddy@p54A79880.dip0.t-ipconnect.de 1142264817 J * VxJasonxV ~jason@ip68-110-115-17.ph.ph.cox.net 1142264817 J * gerrit_ ~gerrit@c-67-160-146-170.hsd1.or.comcast.net 1142264817 J * nox ~nox@nox.user.oftc.net 1142264817 J * click click@ti511110a080-3151.bb.online.no 1142264817 J * romke ~romke@procyon.romke.net 1142264817 J * Hunger Hunger.hu@Hunger.hu 1142264817 J * FireEgl Atlantica@Atlantica.Tcldrop.Com 1142264817 J * Wonka debian-tor@chaos.in-kiel.de 1142264820 J * tokkee tokkee@casella.verplant.org 1142264820 J * SiD3WiNDR luser@bastard-operator.from-hell.be 1142264820 J * tam ~tam@nettam.com 1142264820 J * waldi ~waldi@bblank.thinkmo.de 1142264820 J * micah ~micah@69.90.134.205 1142264820 J * eyck eyck@81.219.64.71 1142264820 J * lost_eps ~lost_eps@216.235.146.165 1142264820 J * shedi ~siggi@tolvudeild-200.lhi.is 1142264820 J * lilalinux ~plasma@dslb-084-058-223-109.pools.arcor-ip.net 1142264820 J * harry ~harry@d515321D1.access.telenet.be 1142264820 J * peter_ ~peter@c211-30-81-68.blktn4.nsw.optusnet.com.au 1142264820 J * teukka ~tmatilai@193.65.190.29 1142264820 J * doener ~doener@i5387DB4A.versanet.de 1142264820 J * phycho ~phycho@ext-gw.darktech.org.uk 1142264820 J * Wenix ~wenix@81.7.189.11 1142264820 J * `DoM` ~dom@195.32.84.44 1142264820 J * dev_ ~dev@swsoft-mipt-nat.sw.ru 1142264820 J * wibble wibble@vortex.ukshells.co.uk 1142264820 J * entroposcope ~entroposc@user-0c992og.cable.mindspring.com 1142264820 J * Duckx ~duckx@195.75.27.158 1142264820 J * Bertl_zZ herbert@212.16.62.52 1142264820 J * brc bruce@20151181056.user.veloxzone.com.br 1142264820 J * neofutur ~neofutur@neofutur.net 1142264820 J * cehteh foobar@cehteh.homeunix.org 1142264820 J * cohan ~cohan@koniczek.de 1142264820 J * sannes ~ace@simula-084.simula.no 1142264820 J * mountie ~mountie@CPEdeaddeaddead-CM000a739acaa4.cpe.net.cable.rogers.com 1142264820 J * kilian kk@projects.verfaction.de 1142264820 J * Cru ~mindwarp@turbodiesel.e.de.wahlich.com 1142264820 J * SNy fbe82c609c@bmx-chemnitz.de 1142264820 J * Psy0rz_ ~psy0rz@lounge.datux.nl 1142264820 J * Adrinael adrinael@hoasb-ff09dd00-79.dhcp.inet.fi 1142264820 J * weasel weasel@weasel.noc.oftc.net 1142264826 T * services.oftc.net http://linux-vserver.org/ | latest stable 2.01, 1.2.10, 1.2.11-rc1, devel 2.1.0, exp 2.{0.2,1.1}-rc12 | util-vserver-0.30.210 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) 1142264853 J * lonewolff lonewolff@adleman.lonewolff.info 1142264854 J * sladen paul@starsky.19inch.net 1142264881 J * Geert geert@geert.irssi.be 1142264884 J * meebey meebey@booster.qnetp.net 1142264885 J * phedny ~mark@volcano.p-bierman.nl 1142264950 M * phycho anyone able to tell me how i use --interface cmd? 1142264995 J * michal` ~michal@www.rsbac.org 1142264995 J * mire ~mire@96-166-222-85.COOL.ADSL.VLine.Verat.NET 1142264995 T * xenon.oftc.net http://linux-vserver.org/ | latest stable 2.01, 1.2.10, 1.2.11-rc1, devel 2.1.0, exp 2.{0.2,1.1}-rc12 | util-vserver-0.30.210 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) 1142265006 M * lost_eps --interface servername=eth0:192.168.0.1/24 1142265030 Q * buddy Ping timeout: 480 seconds 1142265075 M * phycho i got it 1142265112 M * daniel_hozac servername= is not required. 1142265118 M * daniel_hozac restill: ping 1142265177 A * phycho is building some images for vserver 1142265591 Q * milestones Quit: Leaving 1142266084 M * restill hey there daniel. Sorry. I was playing with a label printer. darn thing. 1142266085 M * restill sup? 1142266351 M * daniel_hozac restill: i saw you had compiled the latest. could i have it? :) 1142266492 M * restill same place 1142266537 M * restill crap, Sorry. Had to start the ftp server 1142266569 M * lost_eps Hey guys. I did something stupid that I can't figure out. I have a vserver that I was playing with hashify'ing and now I can't delete certain files even as root. lsattr is clear and showattr has -ui in it 1142266579 M * lost_eps but gives permission denied when trying to delete 1142266598 M * daniel_hozac lost_eps: what about the directory? 1142266617 M * lost_eps I also tried removing all of the hash files from the /vservers/.hash directory just to see, but no go 1142266653 M * lost_eps the directory has buI <-- Capitol i 1142266665 N * Bertl_zZ Bertl 1142266669 M * Bertl morning folks! 1142266675 M * daniel_hozac lost_eps: that's the problem. 1142266684 M * daniel_hozac lost_eps: your directory is immutable. 1142266708 M * lost_eps what's the setattr command to make it not anymore? 1142266715 M * lost_eps lsattr shows it's clear 1142266728 M * daniel_hozac setattr --~immutable 1142266763 M * daniel_hozac restill: connection refused. 1142266857 M * lost_eps daniel, that option does not work 1142266860 M * lost_eps setattr [-Rx] [--[~](iunlink|admin|watch|hide|barrier|iunlink-but-not-immutable)]* [--] + 1142266891 M * daniel_hozac lost_eps: whoops :) chattr -i then. 1142267006 M * restill let me restart my router 1142267057 M * lost_eps ahh, that did it. I knew to chattr -i the actual files, but didn't think about the directory the files were in 1142267059 M * lost_eps thank you 1142267110 M * Bertl lost_eps: btw, if you want to have the same fun on a non linux-vserver system just use chattr on a dir there :) 1142267233 M * lost_eps gotcha, I've used it in the past for certain files and even directories. but never realised having +i to just the directory will prevent all files in that directory from being removed as well 1142267284 M * Bertl yep, it's one of the not so obvious unix facts, the directory permissions 'control' file creation and removal 1142267314 M * Bertl (also applies to the normal permission system) 1142267362 A * lost_eps notes to himself 1142267366 M * lost_eps :) 1142267444 M * phycho Bertl - should /vserver have the chroot barrier set/ 1142267446 M * phycho Bertl - should /vserver have the chroot barrier set? 1142267523 M * restill daniel_hozac: I am having problems with vsftp. I am working on it. 1142267543 M * Bertl phycho: /vservers yes, the vserver dirs, no 1142267546 M * daniel_hozac restill: let me know when you're ready. 1142267610 M * phycho i dont think its set 1142267614 A * phycho checks 1142267658 M * phycho theres none set 1142267702 M * phycho where abouts is it in the faq 1142267706 M * phycho i know its there somewhere 1142267714 M * Bertl when you isntall the toos with 'make isntall' 1142267729 M * Bertl they tell you that you want to do a distro-isntall too 1142267739 M * restill daniel_hozac: Interesting. I cannot run vsftpd in a vserver and the host at the same time. Anyway. Go ahead. Ready 1142267745 M * Bertl phycho: when you do that, the barrier is created 1142267752 M * phycho chattr +t 1142267760 M * phycho that right? 1142267763 M * Bertl nope 1142267767 M * daniel_hozac restill: if you bind the host's, it should work ;) 1142267768 M * phycho Bertl - yes, but i changed /vserver after that 1142267772 M * phycho how do i do it manually? 1142267775 M * Bertl setattr --barrier 1142267777 M * phycho k 1142267782 J * dearaujo ~dan@pixpat.austin.ibm.com 1142267787 M * Bertl welcome dearaujo! 1142267794 M * restill How? 1142267810 M * phycho how do i check it now bertl? 1142267815 M * phycho lsattr doesnt show it 1142267825 M * phycho done setattr --barrier /vserver 1142267871 M * Bertl usually it's advised to do 'setattr --barrier /path/to/guest/.. 1142267886 M * phycho path to guest? you mean like on the guest vservers as well? 1142267936 M * Bertl like in your case: setattr --barrier /vservers/mail/.. 1142267943 M * phycho k 1142267945 M * Bertl _NOTE_ the '..' 1142267949 M * phycho ah k 1142267971 M * phycho do you really need the barrier? (is the host system still protected without it ?) 1142267971 M * daniel_hozac restill: hmm, no idea. never used it. 1142267976 J * stefani ~stefani@superquan.apl.washington.edu 1142267985 M * lost_eps that is something I dont think I've seen on any of the howto/walk throughs 1142268016 M * lost_eps other than the /vserver dir itself 1142268026 M * Bertl morning stefani! 1142268051 M * stefani morning. 1142268088 M * Bertl phycho: the reports really vary, fact is with the barrier intact, no chroot/namespace escape could be proven yet (so IMHO, better save than sorry :) 1142268098 M * phycho k 1142268099 M * phycho lol 1142268118 M * phycho my kernel has grsec with chroot break prevention as well 1142268127 M * Bertl lost_eps: folks keep simplifying my commands ... 1142268145 M * dearaujo is there currently a way to limit vserver to use a percentage of 1 cpu in a dual precessor system - like cpu affinity...? 1142268153 M * dearaujo *processor 1142268169 M * Bertl dearaujo: yep, first you _have_ cpuaffinity and cpusets 1142268185 M * Bertl dearaujo: second, the devel scheduler is SMP and has buckets per CPU 1142268218 M * dearaujo hmm - ill have to look those up 1142268236 M * dearaujo so the devel version of vserver supports SMP 1142268237 M * phycho is there any intrest in a pre-compiled slackware image for vserver? 1142268249 M * phycho ive built one and was wondering if anyone would be intrested in it 1142268252 M * phycho or intrested in hosting it 1142268269 M * daniel_hozac phycho: i guess there'd be more interest in a build method to build them ;) 1142268274 M * phycho haha 1142268276 M * phycho its easy 1142268276 M * phycho =) 1142268283 M * phycho ive got it down to a "T" now 1142268286 M * Bertl dearaujo: no, all vsersion since 1.0 support SMP, but the devel scheduler allows per CPU token buckets :) 1142268287 M * daniel_hozac so, write it and submit to savannah. 1142268290 M * phycho hehe k 1142268452 M * phycho -rw-r--r-- 1 root wheel 155671696 2006-03-13 16:47 slackware-devel-10.2.tgz 1142268452 M * phycho -rw-r--r-- 1 root wheel 61371725 2006-03-13 16:48 slackware-slim-10.2.tgz 1142268453 M * phycho :) 1142268523 M * daniel_hozac that sounds awfully large. 1142268558 M * daniel_hozac http://debian.marlow.dk/vserver/guest/ 's image is just 22.4 MiB. 1142268573 M * phycho isnt that an older version? 1142268585 M * daniel_hozac slackware 10. 1142268590 M * phycho 10.2? 1142268602 M * phycho hes probably stripped the binaries 1142268604 M * daniel_hozac 2005-01-25 1142268606 M * phycho and i have swaret in this one as well 1142268615 M * phycho which has downloaded packages 1142268617 M * phycho i could get it down a bit 1142268620 M * phycho probably 20megs or so 1142268636 M * phycho brb 1142268918 M * dearaujo Bertl: my apologies, but I dont quite understand. The current "schedule" that I know of is simply using the flags and schedule files... 1142268928 M * dearaujo there's something else? 1142268995 M * Bertl dearaujo: yes, there is the kernel API for the controlling the scheduler 1142269064 M * Bertl dearaujo: http://vserver.13thfloor.at/Experimental/split-2.6.16-rc4-vs2.1.1-rcX/34_cmdef.diff 1142269078 M * Bertl dearaujo: search for vcmd_set_sched_v4 1142269120 Q * phycho Ping timeout: 480 seconds 1142269187 M * dearaujo ah ok - next question - I assume this means I need to modify the schedule file to include cpu id, etc? 1142269211 M * Bertl that would be nice and I guess enrico would accept some changes there 1142269243 M * Bertl dearaujo: in general I'd suggest to have one general setup and a dir per cpu to overried that 1142269248 M * Bertl *override 1142269267 M * dearaujo Bertl: not quite sure what you mean 1142269290 M * Bertl the new scheduler has the following attributes: 1142269340 M * Bertl tokens, tokens_min, tokens_max, fill_rate, interval, fill_rate2, interval2, prio_bias (per cpu) 1142269368 M * Bertl the bucket_id is currently unused and you have to set a flag to enable fill_rate2 and interval2 1142269386 M * daniel_hozac dearaujo: he's saying util-vserver doesn't support it. you need vserver-utils, or to write a patch. 1142269399 M * Hollow vserver-utils does not support v4 1142269406 M * daniel_hozac you sure? 1142269410 M * Hollow yep 1142269417 M * daniel_hozac http://dev.croup.de/proj/vserver-utils/browser/branches/1.0.4/src/tools/vsched.c 1142269425 M * Hollow except bonbons wrote a patch 1142269436 M * daniel_hozac what's CPU_ID and BUCKET_ID doing there then? :) 1142269461 M * Bertl hehe, cool 1142269484 M * Hollow yeah, seems he included it 1142269488 M * Hollow but it's not in trunk 1142269546 M * Hollow but http://dev.croup.de/proj/vserver-utils/browser/branches/1.0.4/src/libinternal/sched-list.c has to be updated as well 1142269568 M * Hollow i hate this list implementation.. 1142269587 M * Bertl http://vserver.13thfloor.at/Experimental/TOOLS/vsched-0.02.tar.bz2 supports the new API (for testing purposes) 1142269599 M * dearaujo vserver-utils is the old implementation no? 1142269605 M * daniel_hozac no. 1142269605 M * Hollow no 1142269607 M * daniel_hozac vserver is the old. 1142269611 M * daniel_hozac util-vserver is the newer. 1142269618 M * daniel_hozac vserver-utils is the brand spanking new. 1142269634 M * dearaujo ah - that I did not know 1142269647 M * dearaujo perhaps I should play with that 1142269867 M * dearaujo so if I decide to use vserver-util do I need to rebuild my guests? 1142269874 M * dearaujo hopefully not 1142269916 J * phycho ~phycho@ext-gw.darktech.org.uk 1142269918 M * phycho hey guys 1142269928 M * phycho am i supposed to chmod the /vservers directory and the vservers inside it also? 1142269939 M * daniel_hozac chmod to...? 1142269963 M * phycho am i supposed to do it to secure the host system / the vservers from each other 1142269980 M * daniel_hozac no. 1142269987 M * daniel_hozac that's what the barrier is for... 1142269990 M * phycho k. 1142269998 M * phycho how do i check to make sure the barrier is working/there? 1142270002 M * phycho ive done setattr -barrier 1142270006 M * phycho on it 1142270023 M * Bertl that is probably wrong as you are at least missing a dash :) 1142270036 M * phycho eh? 1142270043 M * phycho setattr --barrier /vservers/devel.darktech.org.uk/.. 1142270044 M * phycho i did that 1142270048 M * Bertl --barrier not -barrier :) 1142270053 M * phycho i did -- 1142270061 M * Bertl phycho> ive done setattr -barrier 1142270063 M * phycho how do i check to make sure its set? 1142270089 Q * matti Ping timeout: 480 seconds 1142270106 M * Bertl showattr 1142270109 M * phycho k 1142270118 M * phycho ---bui- ./devel.darktech.org.uk 1142270120 M * phycho that right? 1142270124 M * Bertl nope 1142270131 M * phycho :x 1142270137 M * coocoon phycho: have alook here i have pasted it from step-by-step guidehttp://pastebin.com/599964 1142270138 M * phycho i did exactly what you said 1142270140 M * Bertl but you want to check the vservers dir 1142270166 M * phycho k 1142270166 M * phycho ---Bui- ./vservers 1142270166 M * Bertl so do showattr -d /vservers 1142270168 M * phycho its the same 1142270184 M * phycho root@vps:/# showattr -d /vservers 1142270184 M * phycho ---Bui- /vservers 1142270195 M * daniel_hozac then it is set. 1142270215 M * phycho why isnt it set on devel.darktech.org.uk dir? 1142270236 M * Bertl phycho: because a) you didn't set it there, and b) that would be totally wrong :) 1142270251 M * phycho so your not supposed to set it on the guests/ 1142270252 M * phycho ? 1142270256 M * Bertl bingo! 1142270260 M * phycho k 1142270267 Q * eyck jupiter.oftc.net keid.oftc.net 1142270267 Q * tam jupiter.oftc.net keid.oftc.net 1142270267 Q * tokkee jupiter.oftc.net keid.oftc.net 1142270267 Q * Wonka jupiter.oftc.net keid.oftc.net 1142270267 Q * SiD3WiNDR jupiter.oftc.net keid.oftc.net 1142270267 Q * waldi jupiter.oftc.net keid.oftc.net 1142270267 Q * micah jupiter.oftc.net keid.oftc.net 1142270286 M * phycho how do i remove it now? :P ive set it before u said that lol (oops) 1142270291 M * Bertl you set it on the dir right _above_ the guest, that's what the '..' is for (in my command example) 1142270296 M * phycho aah 1142270304 J * Wonka debian-tor@chaos.in-kiel.de 1142270304 J * tokkee tokkee@casella.verplant.org 1142270304 J * SiD3WiNDR luser@bastard-operator.from-hell.be 1142270304 J * tam ~tam@nettam.com 1142270304 J * waldi ~waldi@bblank.thinkmo.de 1142270304 J * micah ~micah@69.90.134.205 1142270304 J * eyck eyck@81.219.64.71 1142270321 J * spd1snd ~spd1snd@68-232-131-226.chvlva.adelphia.net 1142270324 Q * `DoM`` Ping timeout: 480 seconds 1142270330 J * `DoM`` ~DoM@151.56.240.237 1142270334 M * phycho i tried to remove it with chattr -B 1142270335 M * phycho didnt work 1142270336 M * phycho :X 1142270336 M * Bertl welcome spd1snd! 1142270369 M * Bertl phycho: why should it work? echo "please remove barrier" >/dev/null doesn't work either ... 1142270376 M * spd1snd anyone get vlans with vservers running yet? a quick google search didnt really pull up good information for me. 1142270383 M * phycho spd1snd - i have 1142270385 M * Bertl yep, works fine 1142270404 M * phycho Bertl - i would have throught you could remove it with chattr 1142270409 M * phycho if not, how do you remove it 1142270417 M * spd1snd phycho: did you find any instructions online or how did you figure out the steps? 1142270428 M * phycho figured it out with help from Bertl :) 1142270430 M * Bertl phycho: with the same tool you set it with, setattr 1142270433 M * dearaujo what's the latest vserver-utils release - 1.0.4? 1142270447 J * Viper0482 ~Viper0482@p54974D73.dip.t-dialin.net 1142270448 M * Bertl phycho: just use --~barrier 1142270450 M * phycho aah 1142270472 M * daniel_hozac spd1snd: just set dev to the vlan interface. 1142270475 M * Bertl spd1snd: it's quite trivial, just use eth0.99 for example 1142270486 M * daniel_hozac spd1snd: and if you don't want util-vserver to be adding/removing it, touch novlandev. 1142270493 M * spd1snd Bertl: ah ok, so id create the vlan interface in the host machine and then proceed from there? 1142270502 M * Hollow dearaujo: no, 1.0.3 but we'll release 1.0.4 soon 1142270505 M * phycho no 1142270509 M * Bertl spd1snd: you can do that too as daniel_hozac mentioned 1142270512 M * phycho spd1snd - vserver does it all for you 1142270518 M * phycho unless you do it the other way 1142270524 J * bonbons ~bonbons@83.222.39.180 1142270526 M * phycho can do either 1142270531 M * Bertl welcome bonbons! 1142270543 M * spd1snd ah ok, let me give that a shot... thanks 1142270544 M * bonbons Hello Bertl 1142270546 M * dearaujo Hollow: where can I find 1.0.3? I only see 1.0.1 on 13thfloor.. 1142270559 M * Hollow http://dev.gentoo.org/proj/vserver-utils 1142270562 M * phycho Bertl - after setting that bit on, vserver-stat no longer works... 1142270567 M * Hollow ar 1142270568 M * Hollow wrong 1142270571 M * dearaujo :) 1142270571 M * phycho chdir(): Permission denied 1142270576 M * Hollow http://dev.croup.de/proj/vserver-utils 1142270586 M * Bertl phycho: setting it where? 1142270591 M * phycho on vservers dir 1142270606 M * dearaujo Bertl, Hollow - thanks for the help 1142270610 M * Bertl phycho: no, that works fine, but if you have it set on a guest dir, it will break 1142270615 M * phycho k 1142270622 M * phycho it was on a guest dir and i removed it 1142270674 M * phycho vserver-stat doesnt work even if theres no guests 1142270695 M * phycho its still denied 1142270727 M * phycho weird. i removed all the barriers and its still denied :X 1142270734 M * daniel_hozac grsec, i guess. 1142270734 M * phycho :@ 1142270740 M * phycho it wasnt before though.. thats just weird 1142270742 M * Bertl trust me it works fine, but use strace -fF on it to figure where you did remove permissions and/or hit grsec or whatever 1142270743 M * phycho it was working erlier 1142270750 M * phycho im going to 1142270758 M * daniel_hozac the only chdir vserver-stat does is to /proc. 1142270785 M * phycho ah. 1142270803 M * phycho well its not logging anything. which is weird 1142270810 M * phycho if grsec was denying it , it would be logged 1142270830 M * phycho any other way to get a list of vservers? 1142270851 A * phycho reboots it 1142270854 M * daniel_hozac ls -l /proc/virtual 1142270862 A * Hollow loughs 1142270868 M * Hollow who reboots linux boxes 1142270869 M * Hollow ? 1142270871 M * phycho grsec is a pain in the arse 1142270877 M * phycho i do.. to see if it clears it up 1142270902 M * daniel_hozac i do to upgrade the kernel :) 1142270909 M * phycho daniel_hozac - that works 1142270912 M * Hollow yeah, except these reboots of course.. 1142270914 M * Hollow :) 1142270937 M * phycho root@vps:/home/admin# vserver-stat 1142270937 M * phycho chdir(): Permission denied 1142270938 M * phycho :s 1142270991 Q * shedi Quit: Leaving 1142271005 M * phycho weird and annoying 1142271014 M * harry phycho: grsec stuff... you need to disable some more chroot restrictions in grsecurity submenu 1142271034 M * phycho if it is, its not logging it 1142271037 M * Hollow did anyone update our paypal account? *giggle* 1142271049 M * phycho harry - grsec is a right pain in the arse :) 1142271061 M * harry no it's not 1142271067 M * harry you just have to know what you're doing 1142271077 M * phycho what should i turn off? 1142271102 M * harry if you don't want to search... all chroot restrictions 1142271120 M * phycho http://pastebin.com/599999 1142271124 M * phycho all of them? 1142271136 M * phycho then whats the point in grsec :P (other than rbac) 1142271158 M * harry pax? 1142271163 M * phycho yep 1142271177 M * phycho as far as im concerned, couldnt care less about pax 1142271196 M * phycho only use grsec for RBAC and chroot restrictions 1142271209 M * Hollow phycho: well, there is the barrier and rbind already, so chroots for vservers are hardened already.. 1142271215 M * phycho k 1142271227 M * harry brr.... too much lag 1142271234 M * harry sry, phycho, can't seem to switch to pm ;) 1142271238 M * phycho hollow - its handy for those chroots running inside the chroot :P 1142271244 M * harry lol 1142271250 M * harry pax is the most interesting part of grsec... 1142271255 M * phycho i think rbac is 1142271271 M * Hollow i think you don't need it at all :) 1142271278 M * phycho hehe 1142271290 M * phycho its another layer of protection :P 1142271298 M * harry Hollow: you do need it if you are planning to give others access to vps'es 1142271313 A * phycho turns off chroot jail restrictions just to see what happens 1142271323 M * Hollow harry: so? 1142271324 M * daniel_hozac harry: so vserver isn't secure? 1142271369 M * harry nope 1142271381 M * harry at least... not secure enough :) 1142271383 M * phycho considering that i run giving vps's to the general public 1142271387 M * phycho the more secure it is, the better 1142271388 M * daniel_hozac care to elaborate? 1142271390 M * phycho which is why im using grsec 1142271396 M * daniel_hozac where is vserver not secure enough? 1142271406 A * Hollow giggles again 1142271422 M * daniel_hozac i find it amusing that the people who apparently care about security the most, are running the oldest kernels... 1142271425 M * harry phycho: std vserver doesn't have randomised libc loading, randomized pids 1142271432 M * Hollow daniel_hozac: indeed. 1142271434 M * harry so it's easier to break into a vps than normally 1142271454 M * harry Linux lucifer.homelinux.com 2.4.31-grsec #2 Thu Aug 11 22:35:32 CEST 2005 i586 i586 i386 GNU/Linux 1142271468 M * phycho newest kernel doesnt automatically mean most secure 1142271469 Q * Loki_muh Ping timeout: 480 seconds 1142271471 M * phycho infact far from it 1142271473 M * harry it's not that vserver isn't secure enough 1142271476 M * phycho the newer it is, the more chances it has bugs 1142271484 M * phycho that havent yet been discovered 1142271492 M * harry but linux kernel just isn't secure enough 1142271499 M * phycho yea 1142271502 M * daniel_hozac phycho: so the older kernel with known vulnerabilities is better than the newer one with those fixed? 1142271511 M * phycho no 1142271523 M * phycho old patched kernels are better than 'newer' ones that havent been tested in the wild 1142271533 M * harry best part of pax is , it makes remote exploitation really hard 1142271546 M * daniel_hozac yeah, all kernel hackers are crackpots who don't really know what they're doing when accepting patches... 1142271550 M * harry best thing about pax (and vserver) it makes local root (REAL root) allmost impossible 1142271557 M * phycho daniel_hozac - not quite 1142271599 M * harry phycho: not to be rude, but... if you don't know C, it's kinda hard to do a discussion on security of linux kernels with developers of vserver 1142271624 M * phycho eer.. why? 1142271641 M * phycho you dont need to know c to know that if you have a brand new system out in the wild 1142271646 A * harry merges those patches for increased security and making it harder to exploit stuff remote/local 1142271647 M * phycho its less secure than an old and tried/tested method 1142271665 M * harry but you do need to know what the linux kernel is all about, what features it offers etc... 1142271675 M * phycho why? the newer it is, the more chances it has bugs in it 1142271682 M * phycho since a lot of people arnt using it yet. 1142271683 M * harry and the more bugs are fixed 1142271685 M * phycho its as simple as that 1142271708 M * harry so you're saying that the good ol' 2.4.0 is a good kernel to run 1142271710 M * phycho the more people that use a system, the more chance you have of finding holes. 1142271717 M * phycho it is if its all patched upp 1142271722 M * harry although there are numerous root exploits for it in the wild 1142271731 M * phycho not if its patched.. 1142271752 M * phycho look at it another way, microsoft is the target because 95% of pcs run windows 1142271756 M * phycho so a lot of windows exploits come out 1142271763 M * phycho why do you think there is significantly less in linux? 1142271775 M * daniel_hozac phycho: what do you mean by patched? 1142271776 M * harry because every linux is different 1142271776 M * phycho its not because theres less security holes, its because its less of a market share so its less of a target. 1142271787 M * daniel_hozac 2.6.14 patched to 2.6.15? 1142271789 M * harry all windows kernel32.dll and ntldr.dll are exactly the same 1142271799 M * harry all return addresses are easy to find 1142271802 M * phycho im sure if 95% of pcs ran linux, linux would have more holes found than windows. 1142271806 M * harry since there is no randomisation 1142271815 M * phycho well yeah, but thats beside the point.. 1142271827 M * harry not that that's the only reason 1142271832 M * harry but it is one of them :) 1142271839 M * daniel_hozac phycho: you realize that of course, a patched kernel is equivalent to a newer kernel? 1142271840 M * phycho daniel_hozac - why run 2.6.15 if you could run 2.6.14-patched to cover the security holes? 1142271847 M * harry daniel_hozac: not quite :) 1142271849 M * phycho daniel_hozac - it depends on the release 1142271856 M * eyck hehe, 1142271867 M * eyck who let kiddies in here? 1142271870 M * harry phycho: not quite! ;) 1142271880 M * eyck daniel_hozac: let them be 1142271921 M * harry my last 2 cents on this: it's not that vserver isn't secure enough, linux kernel isn't secure enough, so i enhance security by adding grsec to it 1142271929 M * phycho yea 1142271942 M * harry BUT.... grsec might have errors too (4 local roots that i know of) 1142271942 A * phycho wishes there was a port of vserver to freebsd :D 1142271945 M * phycho that would rock 1142271959 M * phycho harry - nothings 100% foolproof 1142271965 M * eyck you did heard of BSD jails? 1142271966 M * phycho you can just do your best with it 1142271966 M * harry but luckily they are all in rbac :) 1142271967 M * phycho yeah 1142271970 M * phycho i use bsd jails 1142271970 M * harry so i don't use that :) 1142271975 M * phycho but they aint good enough for this application =) 1142271989 M * eyck and, adding grsec on top is like encrypting with ROT13 ...TWICE! 1142271992 M * phycho lol 1142271993 M * harry anyway... just some basic security enhancments that i use, to make it all just a tiny bit harder to hack 1142271994 M * eyck only worse 1142272002 M * harry eyck: lol 1142272035 M * harry eyck: you don't believe restricting mprotect/nonexec pages etc... enhance security? 1142272044 M * harry nonexec stack/heap 1142272057 M * harry randomized library loading, etc..? 1142272099 M * eyck harry: I don't believe people stating things like conversation above are capable of cleanly merging vserver and grsec 1142272105 M * harry in that case, i would advise you to read up on http://phrack.org/show.php?p=58&a=4 1142272123 M * eyck not to mention the holes that grsec has 1142272130 M * eyck you just added a bunch of new ones. 1142272132 M * harry http://blacksun.labs.pulltheplug.org/papers/p59-0x09.txt 1142272134 M * eyck congratulations. 1142272142 M * phycho haha 1142272162 M * harry eyck: so you don't think i can make a decent merge of grsec + vserver? 1142272199 M * eyck I don't 1142272206 M * eyck in fact... I don't believe in many things.. 1142272215 M * eyck including Santa Claus 1142272218 M * harry mkay, good to know 1142272236 M * harry do you actually know anything about kernel programming yourself? 1142272250 M * eyck prove me wrong though.. 1142272274 M * harry eyck: my patches are online, so... 1142272275 M * eyck nope, I'm a complete newbie 1142272287 M * eyck so...? 1142272292 M * phycho lol 1142272293 M * harry check them out 1142272295 M * harry try them 1142272310 M * harry lots of people have tried them, never had any complaints about stuff not working 1142272324 M * harry (except when they don't know what they are doing off coursse) 1142272327 M * eyck harry: OK, I will, in 6 months, 1142272337 M * eyck and you keep up the good work of maintaining them. 1142272344 A * harry will try 1142272348 M * harry if i have enough time :s 1142272348 M * phycho harry - there is one break in it 1142272354 M * phycho of which i pmed you about 1142272357 M * phycho and its more to do with vserver 1142272359 M * phycho than grsec 1142272362 M * harry phycho: that's a vserver error, not mine ;) 1142272367 M * phycho yeh i knw 1142272376 M * phycho just thought you might want to add the patch to your patchset :) 1142272466 M * harry i might 1142272472 M * harry but first see what it does, why it does that 1142272489 A * harry does not just blindly patch stuff, because it's new 1142272500 M * harry because then, eyck is right... you make more holes than you fix 1142272649 A * harry home now 1142272723 M * phycho heh 1142274121 J * mnemoc ~amery@user4-2.tutopia-dialup.ifxnw.cl 1142274310 J * comfrey ~comfrey@h-64-105-87-234.sttnwaho.covad.net 1142274454 M * phycho btw 1142274459 M * phycho vserver-stat appears to be a vserver issue 1142274465 M * phycho ive turned off grsec 1142274466 M * phycho same issue 1142274489 J * FaU1 ~immo@sun.do.bundessicherheitsministerium.de 1142274491 M * FaU1 ree 1142274495 M * Bertl welcome FaU1! 1142274509 M * daniel_hozac phycho: did you unpatch grsec? 1142274517 P * FaUl 1142274533 M * phycho no.. but i removed it 1142274537 Q * comfrey Quit: 1142274541 M * phycho disabled it in kernel 1142274566 M * phycho its certainly a vserver issue 1142274569 M * phycho disabled selinux + grsec 1142274574 M * phycho strace doesnt help any 1142274578 M * Bertl what do you _think_ is an issue? 1142274590 M * phycho because it doesnt work with grsec/selinux off 1142274603 M * phycho and only started happening after adding that thing to /vserver 1142274614 M * phycho even when removing it from /vserver, it still does it 1142274618 P * dearaujo 1142274635 M * harry selinux + grsec? 1142274646 M * harry i want to see how you did that ;) 1142274649 M * phycho yep.. disabled it all tho 1142274654 M * Bertl showattr -d /vservers/ 1142274655 M * Bertl ---Bui- /vservers/ 1142274658 M * phycho vserver(0xb010000, 0x1, 0, 0x20001, 0xbfee45ecupeek: ptrace(PTRACE_PEEKUSER,961,44,0): No such process 1142274658 M * phycho root@vps:/# chdir(): Permission denied 1142274661 M * phycho thats the strace 1142274678 M * Bertl and vserver-stat works just fine 1142274682 M * phycho ---Bui- /vservers/ 1142274689 M * daniel_hozac most likely user-error. 1142274700 M * phycho i have no idea whats causing it.. but it certainly only started when i added B to /vservers 1142274710 M * daniel_hozac showattr -d / 1142274712 M * phycho it worked fine with grsec on 1142274717 M * Bertl phycho: in the backlog I see something about hiding processes, what's up with that? 1142274731 M * phycho root@vps:/# showattr -d / 1142274731 M * phycho ---Bui- / 1142274755 M * phycho Bertl - grsec + vserver with proc hiding causes an issue where if you start software in a vps such as httpd in a chroot, it hides it from everywhere 1142274779 M * Bertl ah, a grsec issue ... 1142274781 M * phycho yeh 1142274784 M * phycho grsec+vserver related 1142274802 M * Bertl well, as we do not do process hiding within a context 1142274808 M * phycho yea i know 1142274818 M * phycho brb 1142274821 M * daniel_hozac phycho: that's just wrong. setattr --~barrier / 1142274842 A * phycho wonders how the hell he managed to put a barrier on / 1142274849 M * phycho probably did it when i was half asleep :X 1142274870 M * phycho someone shoot me now ;/ haha 1142274875 M * phycho sorry guys 1142275494 P * tam 1142275698 J * soczol soc@home.soclatez.com 1142275966 J * shedi ~siggi@inferno.lhi.is 1142276090 Q * phycho Ping timeout: 480 seconds 1142276460 J * comfrey ~comfrey@h-64-105-87-234.sttnwaho.covad.net 1142276731 P * click [IRSSI] 1142276787 J * phycho ~phycho@ext-gw.darktech.org.uk 1142276819 J * rs ~rs@office.dailymotion.com 1142276857 M * rs hi 1142277065 Q * tso Ping timeout: 480 seconds 1142277216 J * click click@ti511110a080-3151.bb.online.no 1142277476 J * tuxmania ~bonbons@83.222.39.180 1142277477 Q * tuxmania Quit: 1142277626 M * restill Soo --- sooo, --- sloowww, slow. daniel killed my cable. 1142277635 M * daniel_hozac sorry :) 1142277826 M * phycho lol 1142278186 Q * Viper0482 Remote host closed the connection 1142278502 J * doener_ ~doener@i5387DAD9.versanet.de 1142278665 Q * comfrey Ping timeout: 480 seconds 1142278895 Q * doener Ping timeout: 480 seconds 1142278998 M * daniel_hozac restill: thanks again! 1142279260 J * wasser ~wasser@ip86.ipax.at 1142279370 M * mugwump hey, seen the VMWare paravisor stuff? 1142279570 M * Bertl welcome wasser! 1142279583 M * Bertl mugwump: paravisor? url? 1142279612 M * mugwump lkml, [RFC, PATCH 0/24] VMI i386 Linux virtualization interface proposal 1142279634 M * mugwump This is VMWare making an offering to the community I guess 1142279651 M * mugwump It sounds nice. Like Xen except much cooler. 1142279665 M * phycho sweet 1142279701 M * eyck why cooler? 1142279729 M * eyck all they have behind them is stability... 1142279734 M * eyck stability is not cool. 1142279850 M * mugwump I'd say maturity of design rather than "stability" 1142279994 Q * soczol Quit: 1142279999 M * phycho why is stability not cool? 1142280037 M * mugwump I think he meant, stability _alone_ is not cool 1142280055 M * mugwump or, it takes more than stability to be cool 1142280076 M * phycho heh 1142280645 M * eyck nope, maturity is not cool either. 1142280676 M * lost_eps I think your wrong mugwump 1142280691 M * Bertl mugwump: hmm, I do not see much difference to xen 1142280692 M * lost_eps take windows for example, you can't get any more stable than that 1142280701 M * lost_eps and that is the COOLEST os out there 1142280724 M * Bertl lost_eps: pardon? 1142280729 M * lost_eps sorry 1142280733 M * mugwump cool as in HLAGHAGHAGHAGHAG!! 1142280738 M * lost_eps ROFL 1142280745 M * lost_eps that was a joke......for the record 1142280763 M * Bertl do not drink and chat :) 1142280772 M * lost_eps haha 1142280874 M * restill mmmm drink? I would like a drink. I will stop chatting to drink. 1142281172 M * spd1snd anyone know how to setup vservers with vlans? it seems like i can just create a vlan on the host machine and then bind the guest to it... id like to set it up in such a way that i can easily move vserver guests to other machines without any major network reconfiguration on the host machines... is that even possible? 1142281232 M * Bertl yep, just configure it 1142281245 M * Bertl by default, the vserver tools will create the vlan for you 1142281245 M * daniel_hozac Hollow: happy birthday! 1142281253 M * restill daniel_hozak: How do you take the src.rpm patch it, then rpm it again? 1142281265 M * restill I would like to learn and try it. 1142281271 M * Hollow daniel_hozac: thanks! :) 1142281272 M * daniel_hozac restill: which one? the kernel? 1142281277 M * spd1snd the vserver command will create the vlan for me? i dont see the syntax in the vserver build --help page, am i looking in the wrong place? 1142281282 M * restill yea 1142281303 M * daniel_hozac restill: i have a CVS checkout of the kernel from core. 1142281385 M * daniel_hozac i have my spec changes and configuration changes in that checkout. 1142281394 M * daniel_hozac so when i update it, cvs handles the merging. 1142281419 M * daniel_hozac then i merge it into my own CVS tree. 1142281437 M * daniel_hozac (the Makefile in CVS has a merge target) 1142281454 M * restill Oh the CVS monster. So then once it is in your tree, you have a config file for RPM to repackage it? 1142281480 M * daniel_hozac well, once i have committed it to CVS, i tell the build server to build a specific tag. 1142281501 M * daniel_hozac the specfile is what tells RPM how to package things. 1142281506 M * Bertl spd1snd: if you use eth0 as 'dev' it will 'olny' create the ip 1142281555 M * Bertl spd1snd: if you use eth0.10 for example, it will create the vlan _and_ the ip, unless you specify novlandev (or something like that) in which case the vlan itself will not be created 1142281593 M * spd1snd Bertl: so the '.10' coresponds to the vlan tag that this particular vserver should use? 1142281611 M * restill When an RPM is installed, does a specfile get put somewhere? 1142281622 M * Bertl spd1snd: precisely, the very same way it is used in linux all the time 1142281629 M * daniel_hozac restill: only if it's a source RPM. 1142281668 M * spd1snd Bertl: ah ok, so in terms of syntax, there's really nothing different except for that vlan tag, the vserver command just knows to do everything else... sweet, let me give that a shot, thanks :) 1142281722 M * restill daniel_hozac: When I installed the kernel, it didn't put the files in /usr/src/kernel. Where did they get put? 1142281731 M * Bertl spd1snd: you're welcome! 1142281737 M * daniel_hozac restill: the source RPM? 1142281803 M * restill d_h: yea. 1142281812 Q * monrad Quit: leaving 1142281832 M * daniel_hozac restill: no arguments other than rpm -i? 1142281851 J * monrad ~mikkel@213083190131.sonofon.dk 1142281877 M * daniel_hozac restill: it'll end up in /usr/src/redhat/{SPECS,SOURCES} in a default configuration. 1142281918 M * restill d_h: I use -ivvh 1142281995 M * daniel_hozac check /usr/src/redhat then. 1142282007 M * restill I just did. I found the spec file 1142282130 M * daniel_hozac SOURCES should have the tarball and all the patches. 1142282158 M * restill yup 1142282183 M * daniel_hozac so, to get a kernel tree from that, just rpmbuild -bp /usr/src/redhat/SPECS/kernel-2.6.spec 1142282196 M * daniel_hozac will put kernel-2.6.15 in /usr/src/redhat/BUILD 1142282244 Q * mnemoc Ping timeout: 480 seconds 1142282276 M * restill do you have to update the spec file everytime there is something to add to the rpm? 1142282301 M * daniel_hozac yes. 1142282309 M * daniel_hozac the spec file lists all sources and patches. 1142282338 M * daniel_hozac in addition to all the commands required to build the binary RPMs. 1142282409 M * daniel_hozac for things like new vserver patches, i just replace the patch and bump the version number though. 1142282440 J * matti matti@linux.gentoo.pl 1142282456 M * restill IC 1142282734 M * daniel_hozac (http://cvs.hozac.com/viewcvs/kernel/fedora-4/?root=rpms is the CVS, btw) 1142283057 M * restill when I get the src.rpm, I am not getting ALL of the kernel source? 1142283764 J * tso ~tso@249-158.adsl.pool.ew.hu 1142284088 M * daniel_hozac well, yeah. 1142284100 M * daniel_hozac it's just not as nice to work with :) 1142284318 M * daniel_hozac (some scripts aren't needed to build the kernel from source RPM, but to build the source RPM, and those aren't included) 1142284328 M * Bertl welcome tso! 1142284411 J * dearaujo ~dan@pixpat.austin.ibm.com 1142284425 M * dearaujo hi guys, I'm getting vc_set_rlimit(): No such file or directory.... 1142284438 M * dearaujo yet it's all compiled and installed 1142284442 M * Bertl bad too config or kernel mismatch 1142284459 M * Bertl unless you have it combined with grsec 1142284464 M * dearaujo no grsec 1142284484 M * dearaujo too config? 1142284489 M * Bertl upload the out put of testme.sh and 'vserver-info - SYSINFO' 1142284492 M * daniel_hozac tool config ;) 1142284497 M * dearaujo :) 1142284503 M * daniel_hozac what rlimits have you set? 1142284510 M * dearaujo just cpu 1142284512 M * dearaujo to 10 1142284523 M * dearaujo cat cpu 1142284523 M * dearaujo 10 1142284526 M * Bertl ah, lol, cool 1142284546 M * daniel_hozac CPU is invalid. 1142284548 M * Bertl so you want your guest to self destruct after 10 seconds, nice :) 1142284557 M * dearaujo was just testing :) 1142284567 M * Bertl dearaujo: you are not the first one trying that actually ... 1142284585 M * dearaujo cpu is invalid? 1142284589 M * Bertl dearaujo: if you provide a good reason for such a limit, I'll add it :) 1142284595 M * dearaujo lol 1142284601 M * dearaujo i dont have one :) 1142284626 M * Bertl gee, be creative, what about 'prepaied guests' for example? 1142284664 M * Bertl (just kidding :) 1142284671 M * dearaujo hehe 1142284697 M * dearaujo http://pastebin.com/600442 1142284752 M * Bertl looks fine 1142284773 M * dearaujo all tests succeeded as well 1142284795 M * Bertl though so, well in your case it's the unsupported rlimit 1142284824 M * dearaujo yes but if I put a large limit 1142284834 M * dearaujo still can't find the call 1142284845 M * daniel_hozac ENOENT is a rather odd error though, no? 1142284857 M * Bertl let me check the source, sec 1142285139 M * Bertl yup, ENOENT is indeed very strange 1142285182 M * Bertl have to dig out the 2.6.14.3 source, because recent 2.0.x sources do not even return ENOENT 1142285237 M * dearaujo should i upgrade to 2.6.16? 1142285255 M * Bertl nah, first let me check where this comes from 1142285259 M * dearaujo ok 1142285300 M * Bertl okay, it seems not to originate from vserver code at all 1142285315 M * Bertl the only places in 2.6.14.3-vs2.0.1 which return that 1142285321 M * Bertl are proc visibility checks 1142285348 M * Bertl dearaujo: could you strace the startup? 1142285356 M * dearaujo sure - 1 sec 1142285372 M * Bertl strace -fF -o start.trace or so ... 1142285457 M * daniel_hozac vlimit --cpu 10000000 -c 101 1142285457 M * daniel_hozac vc_set_rlimit(): Success 1142285461 M * daniel_hozac hmm, should i be worried? 1142285481 M * daniel_hozac it is quite possible that the errno just isn't reset. 1142285497 M * daniel_hozac (i.e. that the ENOENT is from previous open's of .soft, .hard, etc.) 1142285558 M * Bertl interesting idea ... 1142285602 M * Bertl + if (!is_valid_rlimit(vc_data.id)) + return -ENOTSUPP; 1142285657 M * Bertl cpu is not a valid rlimit in 2.1.x 1142285693 M * daniel_hozac yeah, but ENOTSUPP isn't a valid errno for userspace, is it? 1142285705 M * Bertl that's what I'm checking right now 1142285714 M * daniel_hozac (i can't find it in glibc nor dietlibc headers) 1142285758 M * dearaujo Bertl: strace - http://pastebin.com/600473 1142285758 Q * lost_eps Ping timeout: 480 seconds 1142285758 M * Bertl well, that doesn't matter, important is whether the return code check handles it as error 1142285803 M * Bertl daniel_hozac: and it doesn't ... 1142285808 M * daniel_hozac hmm? 1142285811 M * Bertl daniel_hozac: well, not on x86 1142285822 M * daniel_hozac alternative syscall implementation? 1142285827 M * matti Hi Bertl. 1142285829 M * Bertl maxerror is 129 on x86 1142285851 M * daniel_hozac ah. 1142285862 M * Bertl so I guess dearaujo just stumbled over a real bug :) 1142285867 M * dearaujo sweet! 1142285871 M * daniel_hozac well, vc_set_rlimit does return -1, so it's detected as an error. 1142285877 M * daniel_hozac it just doesn't set errno. 1142285924 M * Bertl that is even stranger, but maybe explainable ... 1142285947 M * doener_ the weapon specific offset goes into the weapon xml, the position of the 'attachment point' (eg. the right hand) will be in the player xml, right... 1142285950 M * doener_ sorry... 1142285965 M * daniel_hozac how much is in the jar? :) 1142286077 M * Bertl hmm, okay, any suggestions for a replacement errno? 1142286125 M * daniel_hozac ENOSYS? 1142286282 M * Bertl ECHRNG? 1142286290 J * lost_eps ~lost_eps@216.235.146.165 1142286322 M * daniel_hozac EBADR? 1142286350 M * Bertl why not .. any objections? 1142286376 M * daniel_hozac or why not just EINVAL? 1142286392 M * FaU1 SUCCESS *duck&cover* 1142286412 M * Bertl EINVAL would be correct 1142286448 M * Bertl and it would be possible too, I'd say ... 1142286454 M * daniel_hozac would probably be the most obvious error message. 1142286488 M * Bertl okay, care to prepare a patch for that? 1142286590 M * daniel_hozac http://daniel.hozac.com/vserver/delta-ENOTSUPP-fix01.diff 1142286714 Q * Duckx Quit: Leaving 1142286751 M * Bertl excellent, dearaujo could you give that a try? 1142286784 M * dearaujo sure - give me a few minutes 1142286803 M * Bertl np, I have to leave now anyway ... will be back later though ... 1142286816 M * Bertl just leave me a message if it worked for you ... 1142286825 M * dearaujo ok 1142286833 M * Bertl daniel_hozac: thanks for the quick patch 1142286839 N * Bertl Bertl_oO 1142286851 M * daniel_hozac np 1142286899 Q * bonbons Quit: Leaving 1142287206 P * lost_eps Leaving 1142287207 J * lost_eps ~lost_eps@216.235.146.165 1142287691 P * stefani I'm Parting (the water) 1142287701 Q * coocoon Quit: KVIrc 3.2.0 'Realia' 1142287885 M * dearaujo daniel_hozac: Bertl_oO: vserver ftpserv start 1142287885 M * dearaujo vc_set_rlimit(): Invalid argument 1142287927 M * dearaujo daniel_hozac: that look better? 1142288090 M * daniel_hozac dearaujo: yep. 1142288112 M * dearaujo even though I still can't get it to work (with good values actually) 1142288124 M * daniel_hozac for CPU? 1142288128 M * dearaujo yes 1142288140 M * daniel_hozac well, the CPU rlimit isn't implemented. 1142288145 M * dearaujo i changed it to 10000000 1142288149 M * dearaujo oh? 1142288162 M * dearaujo im confused now 1142288164 M * daniel_hozac or it might be implemented, but it's not registered as valid. 1142288200 M * daniel_hozac dearaujo: if you provide a good reason for such a limit, I'll add it :) 1142288211 M * daniel_hozac meaning, it's not there. 1142288259 M * dearaujo ah i mistook that to mean the actual limit of "10" 1142288263 M * dearaujo ok 1142288431 M * dearaujo so daniel_hozac, is it implemented for 2.4 kernels (ulimits)? 1142288444 M * dearaujo but _not_ 2.6 1142288450 M * daniel_hozac i doubt it. 1142288456 M * daniel_hozac the limit just doesn't make much sense. 1142288490 M * dearaujo so http://linux-vserver.org/Resource+Limits is incorrect 1142288647 M * daniel_hozac well, i guess ulimit does support it. 1142288674 M * dearaujo so i understand - ulimit is for 2.4 and rlimit is for 2.6? 1142288695 M * daniel_hozac ulimit is for 2.6 too. 1142288703 M * dearaujo oh 1142288730 M * dearaujo so I _should_ be able to put a cpu limit.... 1142288744 M * daniel_hozac i don't think it's per-vserver though. 1142288749 M * daniel_hozac _why_ do you want it though? 1142288782 M * dearaujo i have no specific reason :( - just for testing and knowledge 1142288800 M * dearaujo trying to find out as much as I can,,, 1142288823 M * daniel_hozac heh, ok. 1142289091 Q * lilalinux Remote host closed the connection 1142289277 A * mugwump makes really spastic movements to emulate the nature of VMWare not supporting LVM partitions for physical disks 1142289402 M * waldi /usr/lib/util-vserver/functions: line 206: -n: command not found 1142289404 M * waldi hihi 1142289421 M * daniel_hozac waldi: that's what you get for using old utils :) 1142289732 Q * gerrit Remote host closed the connection 1142289734 Q * gerrit_ Read error: Connection reset by peer 1142289862 P * dearaujo 1142290079 J * gerrit ~gerrit@c-67-160-146-170.hsd1.or.comcast.net 1142290593 N * Bertl_oO Bertl 1142290596 M * Bertl back now ... 1142290749 M * Bertl folks, we have a problem on NUMA as it seems 1142290852 M * daniel_hozac ? 1142290876 M * Bertl for whatever reason, a complete kernel compile is roughly 6% slower inside a guest than on the host context 1142290895 M * daniel_hozac just on NUMA? 1142290927 M * Bertl well, I have no compareable results on x86 atm, but last time I checked (quite some time ago) it was below the noise 1142290951 M * Bertl the check is trivial, so I can upload it in a few mins 1142290983 M * Bertl the good news is, history tracing and the upcoming scheduler tracing adds no measurable overhead 1142291014 M * daniel_hozac cool! 1142291058 M * Bertl my first idea was that the memory/resource accounting adds this overhead, as the structures cannot be per cpu 1142291101 M * Bertl well, accounting can, limit can't 1142291268 M * Bertl so I did a small trick/patch to disable them completely 1142291287 M * Bertl which gave another good result, as it changed nothing :) 1142291334 M * daniel_hozac that is indeed good. 1142291343 J * Aiken ~james@tooax6-153.dialup.optusnet.com.au 1142291392 M * Bertl welcome Aiken! 1142291398 M * Aiken hello 1142291426 M * Bertl http://vserver.13thfloor.at/Stuff/PERF/ 1142291464 M * Bertl the test.sh needs some adjustments, arch and kernel version 1142291482 M * Bertl it need space for a kernel build and the kernel source as .tar.bz2 1142291539 M * Bertl another good result was that the fork test performs better inside a guest/context than on the host system, and even better than on an unpatched kernel :) 1142291610 M * Bertl Aiken: do you think you could give those tests a try on an older alpha kernel? 1142291623 M * daniel_hozac haha, that's great! 1142291671 M * Aiken I can do that 1142291680 M * Aiken it will be 2.6.15.something 1142291765 Q * spd1snd Quit: spd1snd 1142291782 M * Aiken host or guest? 1142291787 M * Aiken ccache or no ccache? 1142291821 M * Bertl I run it like this: 1142291831 M * Bertl time ./test_fork.sh 1142291836 M * Bertl time vcontext --create --xid 2 -- ./test_fork.sh 1142291848 M * Bertl ./test.sh 1142291855 M * Bertl vcontext --create --xid 2 -- ./test.sh 1142291859 M * Bertl on the host 1142291885 M * Bertl (you might want to adjust the number of runs for the test.sh on alpha) 1142291929 M * Aiken with out ccache I would expect test.sh to take maybe 3 hours 1142291958 M * Bertl yes, maybe adjust something like allnoconfig or so 1142292451 J * matt1 ~matta@c-68-32-239-173.hsd1.pa.comcast.net 1142292894 Q * matta Ping timeout: 480 seconds 1142292903 A * peter_ yawns and waits for this slow hunk of computer to finish.. 1142292933 M * Aiken looks like test_fork.sh is going to take about 16 minutes for 1 run 1142293053 M * harry Bertl: pm!!!!! :0 1142293054 M * harry ;) 1142293055 Q * matt1 Ping timeout: 480 seconds 1142293110 Q * tso Quit: BitchX-1.1-final -- just do it. 1142293445 M * Bertl Aiken: feel free to reduce the number of processes, it was tuned for a dual amd64 1142293481 M * Bertl and I do not expect the results to be compareable across archs/cpus anyway 1142293794 M * Aiken 13 min a run 1142293833 M * Bertl to make it useable for testing, it should be roughly 1 minute or two 1142293841 M * Bertl so you can have 3 runs to average 1142293871 M * Bertl Aiken: so I'd suggest to reduce the inner loop to 100 1142294004 M * Bertl btw, what's new in 2.6.16-rc6? 1142294088 M * Aiken was going to try that today, think there was something in the changelog about alpha IRQ and crashing 1142294306 M * Bertl [PATCH] alpha: fix IRQ handling lockup 1142294382 M * Aiken yes 1142294395 M * Aiken I can hope