1143072245 M * daniel_hozac Bertl: lol, both branches affected?
1143072416 J * lilalinux_ ~plasma@dslb-084-058-202-040.pools.arcor-ip.net
1143072460 M * Bertl daniel_hozac: seems so ...
1143072490 M * Bertl (it has been there for quite some while now :)
1143072854 Q * lilalinux Ping timeout: 480 seconds
1143073029 J * TANATHOS ~pionner@88.158.130.2
1143073147 M * daniel_hozac hmm, interesting.
1143073347 M * daniel_hozac http://phpfi.com/108913
1143073385 M * daniel_hozac caused by: strace -fF -o rpm-fake.strace env LD_PRELOAD=/usr/lib/util-vserver/rpm-fake.so ls -l
1143073694 M * Bertl nice
1143073709 M * Bertl can you reproduce it?
1143073750 M * daniel_hozac i'll try.
1143073885 M * daniel_hozac yep.
1143073897 M * daniel_hozac freezes the system solid for about a minute.
1143073957 M * Bertl not bad, what about vanilla (i.e. without patch)
1143074206 M * daniel_hozac without vserver? rpm-fake won't work then, i guess the strace issue is because of the vc_ctx_create.
1143074331 M * derjohn i just read 'ioprio' in the filename ... does that mean I can limit harddisk access ? that would be pr0n, because TPS of the harddisk is the bottleneck on all my vserver hosts
1143074379 M * Bertl derjohn: you can set different I/O priorities, and with devel, you get a priority queue per guest
1143074386 M * daniel_hozac i don't quite follow how rpm-fake works.
1143074409 M * derjohn EHLO Bertl! 
1143074416 M * derjohn EHLO Daniel!
1143074431 M * daniel_hozac hi
1143074452 M * Bertl daniel_hozac: okay, how different is the kernel from 2.6.16?
1143074465 M * derjohn hm, one queue per guest, and I can set a prio to that queue. how is it scheduled? token bucket, too?
1143074474 M * Bertl daniel_hozac: (except for the vserver patch)
1143074496 M * Bertl derjohn: normal I/O scheduling, you need to activate CFQ
1143074545 M * daniel_hozac 4.5 MiB in one patch.
1143074568 Q * TANATHOS Quit: 
1143074584 Q * dos000 Ping timeout: 480 seconds
1143074635 M * Bertl daniel_hozac: okay, could you give vanilla+patch a try?
1143074691 M * daniel_hozac sure.
1143074735 J * mkhl ~mkhl@200-148-40-59.dsl.telesp.net.br
1143074753 M * Bertl welcome mkhl!
1143074763 M * Bertl back in a minute, have to reboot
1143075161 J * dos000 ~dos000@wsp05974758wss.cr.net.cable.rogers.com
1143075295 M * Bertl back
1143075448 M * derjohn is there a userland tool to change the io scheduler behaviour? (i.e. not with append line), If yes, what's it name?
1143075507 M * Bertl hmm?
1143075509 A * derjohn wonders what scheduler for SATA drives is best suited ... I mean I have NCQ on the disk .. at least with a very small queue length ;)
1143075536 M * derjohn how can I switch from CFQ to AS to Dealline to whatever ?
1143075543 M * derjohn reboot ?
1143075558 M * Bertl proc/sysctl
1143075572 M * derjohn ah, k.
1143075693 M * daniel_hozac hmm, wow. the clock even stops when i try to reproduce that bug.
1143075793 J * doener ~doener@i5387DC60.versanet.de
1143075942 M * blizz "das leben der anderen"- nice movie ;)
1143075947 M * blizz fyi :)
1143076000 M * doener i've just returned from the cinema. "v for vendetta". also quite good (IMHO).
1143076011 M * blizz saw it last week
1143076020 M * blizz liked the movie, too
1143076049 M * blizz doener, which city?
1143076056 M * doener bielefeld
1143076078 M * blizz ahh well.. munich here.. would have been a funny coincidence ;)
1143076088 M * Bertl yeah, I've seen a traler ...
1143076121 M * Bertl *trailer
1143076146 J * matta ~matta@71.224.125.126
1143076201 M * mugwump Bertl: in particular, the one where ebiederm says that the whole approach is flawed...
1143076212 M * mugwump the "top down" comment
1143076289 M * Bertl well, that's probably correct from his POV
1143077030 M * doener ok, now let's see how fast i can crash this box with configfs experiments ;) (I hope that works with modules...)
1143077086 M * doener hm, seems to work, as the example is a module :)
1143078067 M * blizz how can i get a list of the current capabilities on a system?
1143078075 M * blizz s/system/running vserver/
1143078181 M * daniel_hozac cat /usr/include/linux/capability.h | perl -nle 'm/^#define\s+CAP_(\w+)\s+(\d+)/&&($b{$2}=$1);BEGIN{$x=hex(shift@ARGV)}END{for($i=0;exists$b{$i};$i++){print "$b{$i} is ".($x&(2**$i)?"":"NOT ")."set"}}' `awk '/CapPrm/ { print $2 }' /proc/self/status`
1143078188 M * daniel_hozac from inside the vserver.
1143078204 M * blizz hell ofa command
1143078215 M * Bertl hmm, what did I miss?
1143078255 Q * gerrit Read error: Operation timed out
1143078343 M * blizz thanks daniel
1143081508 J * sdw ~chatzilla@master.lig.net
1143081587 M * sdw Is there a yum-2.6.0 patched for chroot?  I worked on it, but it's taking me too long.
1143081652 M * sdw I already have FC5, 2.6.16, and the newest vserver patch running.  Now I'm trying to get yum working, or find another way to build environments quickly.
1143082124 M * Bertl hey sdw!
1143082137 M * Bertl good question, let me check ...
1143082248 M * Bertl nope, doesn't seem so, at least not public as it seems
1143082264 M * sdw Ok, I'll come up with something.
1143082289 M * sdw I suppose it shouldn't be too hard to build a base system tree, even if I have to install it somewhere else first and copy.
1143082399 Q * coocoon Ping timeout: 480 seconds
1143082575 M * daniel_hozac sdw: you do of course realize that you don't need a patch to do installs into chroots?
1143082623 M * sdw I was wondering about that.  You only need it when the host level is managing the packages?
1143082625 M * daniel_hozac the patches are just to make vyum secure against symlink attacks and such.
1143082634 M * sdw I was following the Fedora Core 4 howto.
1143082652 M * sdw Ahh.
1143082660 M * daniel_hozac does rpm-fake.so work for you?
1143082671 M * sdw Don't know yet.
1143082675 M * sdw How do I test it?
1143082692 M * daniel_hozac LD_PRELOAD=/usr/lib/util-vserver/rpm-fake.so ls -l fails here.
1143082746 M * sdw No chroot specified; aborting...
1143082748 M * sdw rpm-fake.so: failed to initialize communication with resolver
1143082766 M * daniel_hozac interesting...
1143082769 M * sdw Looks like it might work in the right circumstance.
1143082802 M * sdw I've now installed yum-2.6.0 from source which has broken the config.  "releasever" is not being replaced...
1143083001 J * coocoon ~coocoon@p54A05E08.dip.t-dialin.net
1143083140 M * daniel_hozac where? in the installs?
1143083141 M * daniel_hozac and why would you install it from source?
1143083207 M * sdw Well, I was testing out the older version and instinctively installed it.  Then I needed the new one again.
1143083231 M * sdw I often update systems by installing from source, but those are usually older ones that I'm not ready to reinstall.
1143083241 M * jkl whats the story with util-vserver vulnerability?
1143083252 M * daniel_hozac huh?
1143083410 M * sdw Wacky, the Makefile for yum 2.6.0 uses a variable called DESTDIR which defaults to /root/!
1143083517 M * sdw So, fixed that.  Just doing yum --installroot=/v/ta install of some key packages to see how far that gets me.
1143083519 M * sdw Cool.
1143083683 M * daniel_hozac if rpm-fake.so is working for you, vserver ... build -m yum -- -d fc5 should work too.
1143083690 M * daniel_hozac assuming you've set it up.
1143083953 J * lilo_ ~lilo@lilo.usercloak.oftc.net
1143083953 Q * lilo Read error: Connection reset by peer
1143083968 N * lilo_ lilo
1143084315 Q * lilo Quit: brb
1143084333 J * lilo ~lilo@lilo.usercloak.oftc.net
1143084452 Q * doener Quit: leaving
1143085359 J * gerrit ~gerrit@c-67-160-146-170.hsd1.or.comcast.net
1143086600 Q * neofutur Ping timeout: 480 seconds
1143086679 Q * coocoon Quit: KVIrc 3.2.0 'Realia'
1143087093 Q * Hollow Remote host closed the connection
1143087099 J * Hollow ~hollow@home.xnull.de
1143090860 Q * cehteh Remote host closed the connection
1143091007 J * cehteh foobar@cehteh.homeunix.org
1143093446 M * Bertl okay, off to bed now ... have a good one everyone!
1143093452 N * Bertl Bertl_zZ
1143094458 J * Prashanth ~Prashanth@59.145.136.1
1143096893 Q * Prashanth Remote host closed the connection
1143097540 J * Aiken_ ~james@tooax8-212.dialup.optusnet.com.au
1143097858 Q * Aiken Ping timeout: 480 seconds
1143098329 Q * alexx Ping timeout: 480 seconds
1143098537 J * alexx ~alexx@proxy.ikse.net
1143098641 Q * _are_ Ping timeout: 480 seconds
1143099599 Q * brc Ping timeout: 480 seconds
1143099719 J * brc bruce@20151168080.user.veloxzone.com.br
1143101586 J * ||Cobra|| ~cob@pc-csa01.science.uva.nl
1143101663 A * ||Cobra|| hi
1143101755 M * Soekris hello
1143103653 Q * shedi Quit: Leaving
1143104241 M * Soekris ls
1143104255 M * Soekris Verry Good morning. 
1143104263 J * pagano ~pagano@lappagano.cnaf.infn.it
1143104666 Q * FireEgl Quit: Bye...
1143104823 Q * serving Ping timeout: 480 seconds
1143105762 J * hijacker ~hijacker@cable-84-43-140-185.mnet.bg
1143105766 M * hijacker hi guys
1143105769 M * hijacker anyone around ?
1143105809 M * hijacker wanted to ask, is there a custom script or a way using the vserver utilities to delete a previously created server?
1143106195 M * Soekris vserver is the big util
1143106226 M * Soekris oh to remove :D
1143107233 J * FireEgl Atlantica@Atlantica.US.TO
1143107403 M * hijacker yes
1143107975 M * cehteh rm :)
1143108263 J * coocoon ~coocoon@p54A0773A.dip.t-dialin.net
1143108269 M * coocoon morning to all
1143109159 Q * mire Ping timeout: 480 seconds
1143109184 J * mire ~mire@129-166-222-85.COOL.ADSL.VLine.Verat.NET
1143110478 J * meandtheshell ~markus@85-124-8-196.dynamic.xdsl-line.inode.at
1143111548 Q * gerrit Ping timeout: 480 seconds
1143113657 Q * coocoon Quit: KVIrc 3.2.0 'Realia'
1143113854 J * coocoon ~coocoon@p54A0773A.dip.t-dialin.net
1143114508 Q * Aiken_ Ping timeout: 480 seconds
1143114778 J * f_ ~f_@83-215-237-2.seek.stat.salzburg-online.at
1143114785 Q * f_ Quit: 
1143115121 J * Dr4g ~Dr4g@82-40-44-47.cable.ubr06.uddi.blueyonder.co.uk
1143115548 Q * coocoon Quit: KVIrc 3.2.0 'Realia'
1143115796 Q * Dr4g Quit: Leaving
1143116127 J * Dr4g ~Dr4g@82-40-44-47.cable.ubr06.uddi.blueyonder.co.uk
1143116193 J * Smutje_ ~Smutje@xdsl-84-44-242-181.netcologne.de
1143116298 Q * Smutje Ping timeout: 480 seconds
1143116298 N * Smutje_ Smutje
1143118004 J * shedi ~siggi@tolvudeild-199.lhi.is
1143118274 J * coocoon ~coocoon@p54A076D9.dip.t-dialin.net
1143120278 J * Pazz0 ~rol1@80.190.227.239
1143120305 M * Pazz0 hola :)
1143120382 P * hijacker Leaving
1143120405 M * Dr4g Hello :)
1143120488 M * Pazz0 I wanted to try out 2.1.0-rc13 today...
1143120503 M * Pazz0 ...cleanly compiled with 2.6.16
1143120530 M * Pazz0 but testme.sh (14) fails issuing chbind
1143120585 M * Pazz0 I first thought that y 0.30.207-x would be too old, so I compiled 0.3.210 - same result
1143120599 M * Pazz0 now I'm in doubt about my kernel config
1143120600 M * Pazz0 :
1143120614 M * Pazz0 CONFIG_VSERVER_LEGACY=y
1143120622 M * Pazz0 # CONFIG_VSERVER_NGNET is not set
1143120628 M * Pazz0 CONFIG_VSERVER_LEGACYNET=y
1143120642 M * Pazz0 are these settings ok for 2.1.0?
1143120747 M * Pazz0 btw: # CONFIG_VSERVER_DYNAMIC_IDS is not set
1143120899 M * daniel_hozac that's why.
1143120901 M * daniel_hozac which testme?
1143120913 M * daniel_hozac you'll need 0.30.210, and the latest testme.
1143121033 M * Pazz0 daniel_hozac: testme 14 fails, testme 15 succeeds
1143121046 M * Pazz0 so I have to re-enable CONFIG_VSERVER_DYNAMIC_IDS?
1143121058 Q * dev_ Read error: Operation timed out
1143121065 M * Pazz0 quti
1143121111 M * daniel_hozac if you want to use dynamic ids, yes.
1143121119 M * daniel_hozac (older utils require them)
1143121130 M * Pazz0 I don't need them
1143121148 M * Pazz0 hey - it seems to be ok right now
1143121167 M * Pazz0 testme 14 fails running chbind
1143121176 M * daniel_hozac yes, as it should.
1143121185 M * Pazz0 but testme15 is ok, and my vservers seems to be up and running :)
1143121190 M * Pazz0 s/seems/seem/
1143121201 M * Pazz0 daniel_hozac: thnx
1143121256 M * coocoon daniel_hozac: hello
1143121264 M * Pazz0 is there any good reason to leave CONFIG_VSERVER_DYNAMIC_IDS enabled?
1143121276 M * daniel_hozac well, older utils.
1143121295 M * coocoon daniel_hozac:  i think u r involved with fedora very much right?
1143121304 M * daniel_hozac not really, i'm mostly a lurker.
1143121307 M * Pazz0 so I could also run 2.1.0 with 0.30.207-x?
1143121322 M * Pazz0 (if CONFIG_VSERVER_DYNAMIC_IDS would be enabled?)
1143121322 M * daniel_hozac Pazz0: yes, if you enable that.
1143121336 M * Pazz0 daniel_hozac: thanks a lot!
1143121346 M * daniel_hozac i don't see why you would want to though, as a lot of bugs and features have been added since.
1143121348 M * daniel_hozac :)
1143121364 M * coocoon daniel_hozac: u have updated u r system to fc5?
1143121366 M * daniel_hozac umm, bugs have been fixed.
1143121370 M * daniel_hozac coocoon: one of them, yes.
1143121460 M * coocoon hm thats why i am asking get alltimes the message that the kudzu initscripts and mkinitrd'd have dependencies problems with kernel 2.6.12, 2.6.11 and 2.6.13, but i have removed them befor, upgraded a fc3 to 4 and then tried to upgrade to fc5
1143121480 M * coocoon have u heard of it
1143121504 M * daniel_hozac http://fedoraproject.org/wiki/YumUpgradeFaq
1143121514 M * daniel_hozac not sure if they have added FC5 yet though.
1143121541 M * coocoon have tried it also from there, no chance everytime the same
1143121543 M * coocoon hm ok
1143121551 M * coocoon i am working on sid now
1143121572 M * coocoon works better upgradeing no problems
1143121602 M * daniel_hozac upgrades are meant to be handled by Anaconda.
1143121608 M * coocoon daniel_hozac: but the pronblem is yum and apt-rpm for building vservers
1143121990 Q * pagano Read error: Connection reset by peer
1143122656 Q * matta Ping timeout: 480 seconds
1143123101 Q * Pazz0 Quit: [BX] Reserve your copy of BitchX-1.1-final for the Nintendo Gameboy today!
1143123379 Q * daniel_hozac Quit: reboot
1143123541 J * daniel_hozac ~daniel@c-2d1472d5.010-230-73746f22.cust.bredbandsbolaget.se
1143124257 J * matta ~matta@c-68-32-239-173.hsd1.pa.comcast.net
1143125128 M * ntrs__ Hi Erevyone
1143125137 M * ntrs__ everyone I mean.
1143125158 M * ntrs__ I just started getting this whenever I try to restart apache in a vserver
1143125160 M * ntrs__ *** glibc detected *** double free or corruption (fasttop): 0x0811a108 ***
1143125169 M * ntrs__ Anyone has a solution to this problem?
1143125185 M * ntrs__ Latest version of kernel/patch/util-vserver
1143125277 M * ntrs__ If I do an strace -fF httpd it produces a kernel panic
1143125297 M * Hollow daniel_hozac: http://home.xnull.de/work/vserver/vcd.spec.html
1143125859 M * daniel_hozac ntrs__: doesn't really sound vserver related, except perhaps the kernel panic.
1143125948 M * daniel_hozac Hollow: cool.
1143125966 M * Hollow to be extended ;)
1143125971 M * daniel_hozac of course ;)
1143126033 M * ntrs__ daniel_hozac, this started happening after I compiled and installed php5
1143126418 M * waldi ntrs__: does php5 use glib?
1143126427 M * ntrs__ I have no idea
1143127912 J * |coocoon| ~coocoon@p54A076D9.dip.t-dialin.net
1143128123 Q * coocoon Ping timeout: 480 seconds
1143128354 J * Roey ~katz@h-69-3-4-130.mclnva23.covad.net
1143128355 M * Roey hi!
1143128357 M * Roey Bertl_zZ:  
1143128359 M * Roey aww
1143128363 M * Roey daniel_hozac:  ok, you're here!
1143128366 M * Roey harry:  as are you
1143128479 M * daniel_hozac uh huh...
1143128501 M * Roey  making the possibility for running OpenVPN? www.openvpn.net inside a vserver and/or giving the vserver user the option of creating virtual network interfaces
1143128507 M * Roey that's from the TODO list
1143128510 M * Roey under 'generic'
1143128512 M * Roey er..
1143128517 M * Roey how close are you guys to this?
1143128540 M * daniel_hozac it's already possible, but not in a secure way.
1143128545 M * Roey oh. ok.
1143128551 M * Roey er, when will it be secure?
1143128570 M * Roey and do you have to jump through many hoops to get it to work?
1143128572 M * daniel_hozac maybe sometime after ngnet is here.
1143128611 M * daniel_hozac copy the device, set a flag, bind to 0.0.0.0, add a few caps.
1143128615 M * daniel_hozac IIRC.
1143129093 Q * shedi Quit: Leaving
1143129215 M * Roey hmm ok
1143129288 M * Roey daniel_hozac:  i had wanted to say that I've seen that before, and (1) to ask if that's a newer feature than what I am using now (Kernel: 2.6.14.4-vs2.1.0)
1143129294 M * Roey 2.1.0 is the current dev version...
1143129303 M * Roey also, how is it not secure?
1143129325 M * harry i'm here too, yes
1143129378 M * daniel_hozac the capabilities you have to grant the guest will effectively let it control the entire network stack.
1143129433 M * Roey eek
1143129434 M * Roey ok.
1143129442 M * Roey so you guys are working on ways to constrain this?
1143129453 M * Roey there isn't some sort of virtual interface available?
1143129471 M * daniel_hozac i think ngnet is on hold until all the mainline virtualization wars are done.
1143129472 M * Roey that can be predefined for that vserver guest by the administrator
1143129475 M * Roey ok
1143129483 M * daniel_hozac hopefully ebiederm's patches will get in, and ngnet will be based on that.
1143129485 M * Roey wars? what, there's debate?
1143129490 M * Roey ok
1143129508 M * Roey daniel_hozac:  how many devs does vserver have? like, 6-12 I thought.
1143129513 M * daniel_hozac (i think that's the plan anyway, i'm sure Bertl_zZ will correct me if i'm wrong :))
1143129528 M * daniel_hozac what do you mean by developers?
1143129532 N * Bertl_zZ Bertl
1143129536 M * Bertl morning folks!
1143129540 M * daniel_hozac morning Bertl!
1143129578 M * Roey Bertl!
1143129579 M * Roey hey hey
1143129609 M * Roey daniel_hozac:  how many patch submitters/mailing list contributors particpiate in VServer's development?
1143129656 M * daniel_hozac that's still really vague. are you asking how many people have ever submitted a kernel patch to vserver?
1143129684 M * daniel_hozac or do you also include util-vserver in "VServer"?
1143129684 M * Roey how many people /regularly/ contribute
1143129690 M * Roey yeah I do 
1143129693 M * Roey util-vserver, too.
1143129699 M * Roey documentation people too
1143129719 M * daniel_hozac i'm not even sure how we'd get any sort of stats of that.
1143129785 M * Roey oh
1143129789 M * Bertl Roey: the community is large, and many folks contribute
1143129791 M * Roey maybe from cvs/svn stuff
1143129800 M * Roey Bertl:  oh ok I thought you were only half  a dozen in all
1143129808 M * Roey so a lot of people have interest in vserver
1143129810 M * Roey awesome
1143129816 M * Bertl Roey: the core team is probably 3-4 people
1143129819 M * Roey ok
1143129834 M * Bertl but it's not coding which is the important part
1143129838 M * Roey who's that?  You (Herbert), Dan, Eric,
1143129839 M * Roey ?
1143129897 M * Bertl I'd say Enrico (doing util-vserver), Hollow+bonbons doing vserver-utils, Daniel,Doener,Sam and myself working on the kernel
1143129923 M * Bertl daniel_hozac is also working on userspace stuff
1143129932 M * Roey ok
1143129936 M * Bertl then there are many folks testing stuff, which is _very_ improtant
1143129940 M * Roey ebeiderman is eric or enrico?
1143129944 M * Roey eric I thought
1143129948 M * daniel_hozac eric.
1143129951 M * Roey and he submits patches too
1143129953 M * daniel_hozac Enrico is ensc.
1143129955 M * Roey ohhh ok
1143129962 M * Bertl yep, Eric is not developing Linux-VServer
1143129968 M * Roey ok didn't know that... thanks
1143129974 M * Roey do you guys need a gui for vserver
1143129974 M * Roey ?
1143129978 M * Bertl but we are working together on getting mainline virtualization done
1143129988 M * Roey like, a web module for webadmin
1143129990 M * Bertl always ...
1143129992 M * Roey or a web server interface
1143129993 M * daniel_hozac Hollow mentioned a project yesterday.
1143130000 M * Roey or an interface in KDE's kcontrol
1143130000 M * Roey ?
1143130002 M * daniel_hozac or the day before that.
1143130004 M * Hollow http://home.xnull.de/work/vserver/vcd.spec.html
1143130010 M * Roey cool
1143130025 M * Bertl if you think you can contribute something, go ahead ...
1143130027 M * Hollow this is somewhat related to webinterface..
1143130078 M * Roey Hollow:  it looks big
1143130084 M * Hollow what?
1143130087 M * Hollow the spec?
1143130090 M * Hollow *giggle*
1143130090 M * Roey like.. you *really* break it down
1143130091 M * Roey yeah
1143130112 M * Hollow well, i wrote this spec today morning... it's just some random thoughts
1143130114 M * Hollow :)
1143130144 M * Hollow but it should be extended while being implemented
1143130154 M * Roey HA
1143130155 M * Roey ok
1143130155 M * Roey :)
1143130162 M * Roey Hollow:  interesting that you chose xml-rpc.
1143130166 M * Roey are yo uinterested in doing a 
1143130170 M * Roey actually..
1143130173 M * Roey let me guess:
1143130183 M * Roey so this one part is a user-space daemon, right?
1143130203 M * daniel_hozac yes.
1143130203 M * Hollow exactly
1143130206 M * Roey and it talks xmlrpc to any client, wether it be a web frontend or a KDE or a command-line one.
1143130212 M * Hollow righty
1143130214 M * Roey ok
1143130215 M * Hollow :)
1143130230 M * Roey do you have a list of possible message types you need to describe vserver's actions?
1143130232 M * Roey such as
1143130247 M * Roey system messages (SHUTTING_DOWN, etc.)
1143130249 M * Roey or others
1143130253 M * Roey (GAINED_CAPABILITY)
1143130255 M * Roey er
1143130258 M * Roey yeah.
1143130263 M * Hollow that would be the state change helper i guess
1143130266 M * Roey or maybe even (GAINED_DEVICE)
1143130273 M * Roey ko.
1143130274 M * Roey *ok
1143130286 M * Roey and then you need to make a grammar for all this?
1143130299 M * Roey or does xmlrpc define that for you
1143130299 M * Roey ?
1143130312 M * Hollow xmlrpc is an open standard
1143130316 M * Roey :)
1143130317 M * Roey brb
1143130323 M * Roey tha'ts very interesting
1143130327 M * Roey keeping in mind
1143130329 M * Hollow the protocol is plain text i.e. easily debuggable
1143130331 M * daniel_hozac Hollow: any thoughts on authentication and authorization?
1143130349 M * Hollow daniel_hozac: yeah, easiest thing is via xmlrpc values added to each call
1143130382 M * Hollow but you could also use http basic auth
1143130384 M * daniel_hozac in a plain text protocol? :)
1143130405 M * daniel_hozac plague does it based on certificates.
1143130417 M * Hollow pague?
1143130425 M * daniel_hozac Fedora buildsystem.
1143130447 M * Hollow eh?
1143130448 M * daniel_hozac it's a bit of a pain to set up at first, but i think it's a pretty good idea.
1143130462 M * matta Bertl: i'm going to meet with your princeton friends on the 4th
1143130468 M * Roey eeeeeeeek
1143130469 M * Roey fedora.
1143130470 M * matta xen vs vserver talk, should be fun
1143130470 M * Bertl matta: great!
1143130480 M * Roey matta:  there isn't any... overlap
1143130487 M * Roey they're for different purposes...
1143130493 M * matta yeah, i know.
1143130496 M * Roey oh
1143130506 M * matta I actually run vserver under xen
1143130508 M * daniel_hozac Hollow: basically looks at the cn for the cert and uses that as the key in its capability database.
1143130512 M * Roey and who the hell put xen on a pedestal in the past few months? there are so many virtualizer systems out there
1143130512 M * Hollow daniel_hozac: what has build system to do with xmlrpc?
1143130518 M * matta I don't know my purpose except perhaps extensive knowledge of both
1143130519 M * daniel_hozac Hollow: it's all XMLRPC ;)
1143130520 M * Roey red hat probably :)
1143130526 M * Hollow mhm
1143130539 M * matta Roey: hp, ibm, redhat, suse, los alamos....
1143130591 M * matta a point was brought up using a shared kernel, memory could technically be read if a maliscious program was loaded into space that another containers process previously used
1143130611 M * daniel_hozac Hollow: would keep the transfers secret too, although it gets a bit harder to debug.
1143130615 M * matta we know data can stay in memory even after a soft reboot
1143130625 M * matta (ie. where power remains to the ram)
1143130646 M * Hollow daniel_hozac: i.e. sth like ssl?
1143130649 M * matta i'm all for both technologies, seeing that they are complementary to each other
1143130657 M * daniel_hozac Hollow: yeah, it's SSL (or maybe TLS).
1143130689 M * daniel_hozac matta: does the hypervisor zero all RAM before letting a guest use it? or do guests have file-based RAMs?
1143130741 M * Bertl daniel_hozac: interesting question
1143130781 M * Bertl daniel_hozac: but I assume as the ram is 'assigned' to the guests, it comes _as_is_
1143130785 J * Viper0482 ~Viper0482@p54976E41.dip.t-dialin.net
1143130828 M * Roey hey how about this:  Does the Xen hypervisor free up memory back to the OS (itself in this case) after a guest closes?
1143130831 M * daniel_hozac Bertl: so those pages are locked into RAM? (i've never used Xen... i tried yesterday but failed)
1143130832 M * Roey er
1143130837 M * Roey sorry, that didn't come out like I wanted
1143130856 M * Roey normally with *nix systems, malloc() calls sbrk() to allocate memory
1143130863 M * Bertl matta: how would userspace exploit that?
1143130865 M * matta daniel_hozac: it scrubs the ram on boot
1143130874 M * Roey and free() doesn't call anything to return memory back to the OS...
1143130897 M * matta Bertl: i don't know, i'm not a hacker... but we see how they manage to do crazy stuff like that all the time :)
1143130907 M * matta like read process data from swap, etc
1143130921 M * Bertl matta: yeah, but that would be a security issue on normal linux systems too, no?
1143130935 Q * Viper0482 Remote host closed the connection
1143130947 M * Bertl if process A could read data from process B that easily
1143131017 M * daniel_hozac it sounds like A will need some serious luck to get B's pages at all, and then finding the one you're interested in and interpreting it correctly...
1143131145 M * Bertl hmm, no, the problem is more that you just cannot get a previously used page
1143131168 M * Bertl you can get a copy of an existing page if you are priviledged, or an empty one
1143131270 J * Viper0482 ~Viper0482@p54976E41.dip.t-dialin.net
1143131288 M * Hollow daniel_hozac: well, one possibility would be to do vcd as a cgi and let some http server do the rest..
1143131328 M * Hollow but.. with a cgi we can't do a daemon..
1143131331 M * Hollow not a good idea
1143131331 M * daniel_hozac Hollow: or write it in some interpreted language and inherit from the HTTP server class ;)
1143131803 J * shedi ~siggi@inferno.lhi.is
1143132373 J * srounet ~srounet@socks.epitech.net
1143132425 M * srounet http://sk4ry.free.fr/yoshi-power.htm [not a trojan] [it's about yoshi in alaska]
1143132438 M * srounet http://sk4ry.free.fr/yoshi-power.htm [not a trojan] [it's about yoshi in alaska]
1143132456 M * Wonka nobody's interested
1143132473 Q * srounet autokilled: A user from this host has violated network policy.  Mail support@oftc.net if you feel this ban to be in err
1143132486 M * Wonka *g*
1143133543 Q * |coocoon| Quit: KVIrc 3.2.0 'Realia'
1143133604 J * coocoon ~coocoon@p54A076D9.dip.t-dialin.net
1143133624 M * Bertl wb coocoon!
1143133711 J * bonbons ~bonbons@83.222.39.180
1143133733 M * phreak`` heya Bertl :)
1143133812 M * Bertl hey phreak``!
1143133817 M * Bertl hey bonbons!
1143133826 Q * ||Cobra|| Remote host closed the connection
1143133851 M * Hollow Bertl: could you please change VCI_VERSION in 2.1.*? currently it is the same as in 2.0.*
1143133917 M * Bertl Hollow: yes, thanks for reminding me
1143134311 J * hmpf_ dsadsa@88.154.1.105
1143134316 M * hmpf_ hi bertl!!!!!
1143134330 A * hmpf_ kisses Bertl
1143134423 M * hmpf_ does anyone know where to set the nice for a vserver when using util-vserver 0.30.209
1143134425 M * Bertl hey hmpf_!
1143134441 M * hmpf_ whats up Bertl
1143134462 M * bonbons Hi Bertl, Hollow, everybody
1143134474 M * Bertl working on the final fixes for the release
1143134486 M * hmpf_ Bertl can you please help me with this one ?
1143134489 M * coocoon hello bertl
1143134508 M * Bertl hmpf_: have you checked the flower page?
1143134511 M * hmpf_ lololoolol
1143134516 M * hmpf_ nope breti but i will
1143134527 M * hmpf_ can you spot me to that page
1143134559 M * Bertl http://www.nongnu.org/util-vserver/doc/conf/configuration.html
1143134563 M * hmpf_ found :P
1143134566 M * hmpf_ thx :)
1143134579 M * hmpf_ (god damm my production db is laggggggin!!!!)
1143134583 Q * jufo Read error: Operation timed out
1143134675 M * daniel_hozac Bertl: release of 2.0.2 and 2.1.1?
1143134715 Q * coocoon Quit: KVIrc 3.2.0 'Realia'
1143134733 M * Bertl daniel_hozac: at least one of them :)
1143134756 M * Bertl daniel_hozac: preferable 2.0.2 first, now that 2.6.16 is out
1143134793 M * daniel_hozac ok :)
1143134861 M * Bertl okay, off for dinner now, back shortly
1143134887 N * Bertl Bertl_oO
1143135369 J * gerrit ~gerrit@c-67-160-146-170.hsd1.or.comcast.net
1143135678 J * liquid3649_ ~Viper0482@p54977A4C.dip.t-dialin.net
1143135746 Q * liquid3649_ Quit: 
1143135922 Q * gerrit Quit: Client exiting
1143135957 J * doener ~doener@i5387CFC9.versanet.de
1143136055 M * daniel_hozac i can reproduce the sendfile issues reported on the list.
1143136063 Q * Viper0482 Ping timeout: 480 seconds
1143136069 M * daniel_hozac EnableSendfile off makes httpd work again.
1143136114 M * doener j/k
1143136117 M * doener damn...
1143136134 M * doener i'll never master input focus in irssi...
1143136147 M * daniel_hozac hehe.
1143136215 M * doener and sendfile is becoming a running gag...
1143136265 J * Viper0482 ~Viper0482@p54977A4C.dip.t-dialin.net
1143136334 M * doener daniel_hozac: 2.0.2 or 2.1.1?
1143136339 M * daniel_hozac 2.0.2
1143136347 Q * Viper0482 Quit: 
1143136348 M * daniel_hozac just has the retval changes for rw_verify_area.
1143136365 J * Viper0482 ~Viper0482@p54977A4C.dip.t-dialin.net
1143136390 M * doener daniel_hozac: actually, it undoes the changes from 2.6.15 -> 2.6.16 in do_sendfile
1143136413 M * daniel_hozac oh.
1143136428 M * doener reverting fs/read_write.c to the vanilla 2.6.16 version should fix it, could you try that?
1143136600 N * Bertl_oO Bertl
1143136602 M * Bertl back now
1143136611 J * restill ~restill@c-24-11-171-10.hsd1.mi.comcast.net
1143136630 Q * mkhl Ping timeout: 481 seconds
1143136688 M * doener wb Bertl 
1143136774 M * daniel_hozac http://daniel.hozac.com/vserver/sendfile-test.c
1143136784 M * daniel_hozac output file will be 0 bytes.
1143136800 M * daniel_hozac (i'm still rebuilding the kernel with the patch reverted)
1143136921 M * daniel_hozac ok, rebooting.
1143136923 Q * daniel_hozac Quit: reboot
1143137084 J * daniel_hozac ~daniel@c-2d1472d5.010-230-73746f22.cust.bredbandsbolaget.se
1143137184 M * daniel_hozac now the test case is giving me EINVAL.
1143137218 M * Bertl daniel_hozac: what are 'we' investigating here?
1143137223 M * daniel_hozac but httpd is working.
1143137261 M * daniel_hozac httpd/sendfile issues.
1143137274 M * Bertl with 2.6.16-vs2.0.2-rc13?
1143137279 M * daniel_hozac yes.
1143137289 M * Bertl do we have sendfile changes there?
1143137303 M * Bertl if yes, then they are accidential, I'd say
1143137353 M * daniel_hozac -       if (retval < 0)
1143137353 M * daniel_hozac +       if (retval)
1143137353 M * daniel_hozac                 goto fput_in;
1143137353 M * daniel_hozac -       count = retval;
1143137386 M * Bertl interesting, where does that come from?
1143137456 M * daniel_hozac what do you mean? it's in do_sendfile.
1143137512 M * doener daniel_hozac: your testcase gives me EINVAL on vanilla, too
1143137543 M * Bertl this 'fragment' seems to have been introduced in rc9
1143137548 M * daniel_hozac doener: guess i messed that up then... but it returned 0 on the previous kernel.
1143137564 M * Bertl daniel_hozac: yeah, mainline sendfile behaviour changed
1143137586 M * Bertl okay, that pretty much explains the issues which were reported on 2.0.2
1143137646 M * doener daniel_hozac: according to the manpage 2.6 does not support anything but sockets as out fd (based on 2.6.9 though)
1143137654 M * Snow-Man sendfile is still busted? :(
1143137696 M * Snow-Man ===# uname -a
1143137696 M * Snow-Man Linux bombur 2.6.16-rc4-vs2.0.2-rc9ntwx.1 #1 SMP Thu Feb 23 15:42:18 EST 2006 i686 GNU/Linux
1143137703 M * Snow-Man That seems to be working for me...
1143137717 M * Snow-Man Or at least, I havn't had any problems with sendfile stuff yet.
1143137722 M * doener probably the mainline change was introduced in rc5
1143137730 M * Snow-Man :(
1143137760 M * Snow-Man I was really hoping to move to stock 2.6.16 early next week...
1143137761 M * doener or maybe the 2.0.2 for the rc's just wasn't broken earlier
1143137775 M * Bertl Snow-Man: it will be fixed tonight :)
1143137793 M * doener Snow-Man: it's just the vserver patch accidently reverting changes, no big deal
1143137795 M * Snow-Man Bertl: oh?  Cool..
1143137826 M * doener 2.0.2-rcX wasn't broken before 2.6.16 (AFAIK) and 2.1.1 as fixed since 2.1.1-rc13
1143137900 M * Bertl yeah, the issue is partially self made and got complicated by the mainline changes
1143137929 J * wolf ~wolf@85.233.97.254
1143137937 M * Bertl we would have figured it earlier when folks had tested _both_ branches (when they had issues)
1143137942 M * Bertl welcome wolf!
1143137958 M * wolf hi; this is wogri - the guy with 2.6.16 apache problem. 
1143137968 M * Bertl ah, great, 2.0.2, yes?
1143137975 M * wolf richtig. 
1143137986 M * wolf are we allowed to talk german? you are german, aren't you? 
1143137991 M * Bertl yep, give me a minute for a patch, when can you test it?
1143137994 M * daniel_hozac wolf: filterdiff -i '*/fs/read_write.c' ../patch-2.6.16-vs2.0.2-rc13.patch | patch -Rp1
1143138009 M * daniel_hozac WORKSFORME, at least ;)
1143138018 M * wolf well, the thing is: this is a production system (at least my private one). 
1143138047 M * doener wolf: should WORKFORYOU, too. the bug was that the vserver patch accidently reverted mainline changes.
1143138051 M * daniel_hozac umm, s/patch/diff/2 in the above command.
1143138109 M * wolf sorry, I am not a kernel programmer. what are mainline changes? 
1143138113 M * doener daniel_hozac: is that regular regex syntax?
1143138131 M * daniel_hozac doener: i don't know, i think sed supports it.
1143138133 M * doener wolf: changes from 2.6.15 to 2.6.16... mainline == vanilla == the stuff from kernel.org
1143138137 M * Bertl wolf: don't worry with the details, you get a new release in maybe 20 minutes
1143138149 M * wolf heh :) 
1143138151 M * wolf allright. 
1143138152 M * Bertl wolf: and a patch in probably 5
1143138163 M * Bertl you can then choose what you prefer :)
1143138173 M * wolf I'll go with the new release. 
1143138186 M * wolf test it for you on my production system.. 
1143138194 M * Bertl excellent!
1143138293 M * wolf doener: thanks for clarifying. 
1143138310 M * wolf help users
1143138317 M * wolf wooops :) sorry. 
1143138382 M * Bertl new @ irc :)
1143138458 M * Bertl http://vserver.13thfloor.at/Experimental/delta-sendfile-fix04.diff
1143138470 M * Bertl (this is the revert for 2.0.2)
1143138496 M * wolf yeah, pretty new @ irc... 
1143138520 M * Bertl wolf: no problem, ask if you need something ...
1143138591 M * wolf so I will patch vanilla 2.6.16 with 2.0.2-rc13, after that patch with the diff you just applied, right? 
1143138654 M * Bertl yep, that should fix the issues you see
1143138667 M * Bertl what kernel do you use right now?
1143138693 M * wolf 2.4.30-grsec2.1.5-vs1.2.10-dm
1143138726 M * wolf switched back to that one, I switched to 2.6 just 2 days ago with some weird problems. 
1143138746 M * Bertl ah, well, I meant the 2.6 kernel :)
1143138799 M * wolf I used 2.6.14.7 before. 
1143138809 M * wolf also grsec+vs
1143138813 M * Bertl and you had issues with that version?
1143138817 M * wolf yes. 
1143138822 M * Bertl what kind of issues?
1143138829 M * wolf daemons inside vservers were dieing. 
1143138838 M * wolf for example: mysqld would just stop working. 
1143138851 M * wolf but it might also have to do with the merge wit grsecurity. 
1143138856 M * Bertl interesting, using memory limits?
1143138867 M * wolf none that I knew of. 
1143138872 M * wolf nothing in the logs. 
1143138885 M * Bertl thought so, sounds like an issue with the merge to me
1143138885 M * wolf named and mysqld were dieing. no other daemons. 
1143138899 M * wolf well. 
1143138906 M * Bertl at least I havent heard of something like that on vanilla+vserver
1143138910 M * wolf 2.6.16 is getting prepared.... 
1143138939 M * wolf yeah, and I was using vs 2.1.1-r13, don't know if that's supposed to work on production systems :) 
1143138958 M * Bertl yep, that should work, but it is devel
1143138976 M * Bertl did you see issues with that one too?
1143138981 M * wolf oh, btw: what happened to iptables in 2.6? do I need a new userland utility? 
1143139013 M * wolf no, I never used 2.1.1-rc13 without grsec, so I can't really give an opinion on that. 
1143139020 M * Bertl hmm, aybe, depends on how old your iptables stuff is ...
1143139061 M * Bertl wolf: i.c. well, it is always advised to revert back towards mainline if soemthing doesn't work
1143139074 M * Bertl i.e. vserver+grsec -> vserver -> mainline
1143139095 M * wolf yeah, I agree. without a testsystem this isn't too funny to try... :) 
1143139114 M * Bertl that's right :)
1143139145 M * Bertl but IMHO the currently available grsec + vserver patches are not for production anyway
1143139204 J * soltesz ~soltesz@targe.CS.Princeton.EDU
1143139236 M * wolf well, my production system is only used by ~30 users. 
1143139247 M * Bertl welcome soltesz!
1143139247 M * wolf still I like to have it up and running. 
1143139256 M * wolf kernel is compiling, btw. 
1143139264 M * soltesz :-)
1143139264 M * Bertl wolf: I completely understand that ...
1143139689 M * wolf ok, ready for reboot. 
1143139697 Q * hmpf_ Quit: 
1143139741 Q * wolf Remote host closed the connection
1143140103 J * wolf ~wolf@85.233.97.254
1143140117 M * wolf welcome back, my irc client is in a vserver :) 
1143140120 M * wolf same issue as before: 
1143140123 M * wolf http://www.wogri.at
1143140128 M * wolf compared to https://www.wogri.at
1143140204 M * Bertl okay, stupid question, you are sure that:
1143140211 M * Bertl - you did apply the patch
1143140222 M * wolf yes. 
1143140225 M * Bertl - the issue is vserver related (at least somehow :)
1143140236 M * wolf well, yeah, with 2.6.14 it works. 
1143140248 M * Bertl okay, that is a _very_ good point
1143140257 M * wolf how can I verfy the appliance of the patch? 
1143140265 M * wolf give me some kind of grep command 
1143140289 M * Bertl well, you did apply and build the kernel from the sources, right
1143140291 M * daniel_hozac wolf: question: does adding EnableSendfile off to httpd.conf fix it?
1143140300 M * Bertl ah, good idea!
1143140325 M * micah hmm, start-vservers --stop --all seems to not stop vservers that have a 'mark'
1143140341 M * wolf yes, it des. 
1143140347 M * wolf it does. 
1143140355 M * wolf after EnableSendfile off it seems to work! 
1143140377 M * Bertl okay, now let's check if your patching did work out
1143140390 M * wolf allright. 
1143140398 M * Bertl 'uname -a' does show you what?
1143140424 M * wolf 20:00:12 root@mainframe:/boot/grub# uname -a 
1143140424 M * Bertl I assume you have built the kernel somewhere, and the build dir is still there
1143140425 M * wolf Linux mainframe 2.6.16-vs2.0.2-rc13-wogrikernel #1 SMP Thu Mar 23 19:47:48 CET 2006 i686 GNU/Linux
1143140431 M * wolf yes of course. 
1143140681 M * Bertl okay, try
1143140685 M * Bertl grep -B 3 'count = retval' fs/read_write.c
1143140691 M * Bertl inside the kernel source
1143140753 M * wolf 20:03:14 root@mainframe:/usr/src/linux-2.6.16# grep -B 3 'count = retval' fs/read_write.c
1143140753 M * wolf         retval = rw_verify_area(READ, in_file, ppos, count);
1143140753 M * wolf         if (retval < 0)
1143140753 M * wolf                 goto fput_in;
1143140754 M * wolf         count = retval;
1143140806 M * Bertl okay, that looks good ... now how hard would it be to start the apache with just chroot?
1143140847 M * Bertl i.e. would it be possible to verify that with a 2.6.16 (no vserver) kernel?
1143140855 M * wolf nope. 
1143140891 M * wolf the webserver sits directly in a vserver, there's no real possibility to move it to a vanilla kernel OS. 
1143140912 M * wolf at least no uncomplicated one. 
1143140934 M * Bertl hmm, chroot /vservers/webguest ; /etc/init.d/httpd start ?
1143140959 M * Bertl you won't get the isolation and it will use all host ips, but it should work for a test ...
1143140973 M * Bertl of course, on a production system, that is not really desired
1143140984 M * wolf oh. 
1143140988 M * wolf well, I can try that. 
1143140990 M * Bertl thing is, I do not see that we change mainline behaviour
1143141002 M * wolf fortunatley the IP is shared with the mainserver. 
1143141003 M * Bertl but!! mainline behaviour change recently
1143141009 M * wolf heh :) 
1143141009 M * Bertl *changed
1143141126 M * wolf doesn't seem to work out easily... 
1143141362 M * Bertl hmm?
1143141421 M * wolf nope. 
1143141429 M * wolf apache wouldn't want to start. 
1143141441 M * wolf complained about not being able to bind on ports. 
1143141444 M * wolf well. hm... :) 
1143141461 M * wolf I should bind it directly to the ip. 
1143141638 M * wolf sorry folks, I'm running out of time. 
1143141673 M * Bertl you might want to stop the apache on the host
1143141692 M * wolf I probabl can continue helping tomorrow. please keep me up to date on the mailinglist! thanks
1143141702 M * wolf sorry, got to go (girlfriend-duties... :)) 
1143141704 M * Bertl okay, thanks for your time!
1143141728 M * wolf no, thanks for yours, Herbert! 
1143141730 M * wolf bye 
1143141732 Q * wolf Quit: Leaving
1143142226 M * Bertl daniel_hozac: could you test if your sendfile check differs between 2.6.15.x and 2.6.16 (no vserver involved)?
1143142431 J * ddlp ~ddlp@sarayi.kariva.org
1143142438 M * Bertl welcome ddlp!
1143142628 M * micah so it appears that the mtd mailing list doesn't want to pay attention to my patch either
1143142652 M * micah nor does dietlibc people want to fix the hppa problems!
1143142668 M * Bertl micah: well, let's do a patch for mainline and send it to akpm, shall I?
1143142723 M * micah akpm is the mtd mainline person?
1143142738 M * Bertl nope, akpm is Andrew Morton :)
1143142750 M * micah ah :)
1143142771 M * Bertl where is your patch, for reference?
1143142775 M * micah one moment
1143142852 M * micah here it is: http://lists.infradead.org/pipermail/linux-mtd/2006-March/015042.html
1143142874 M * micah such a simple fix requiring so much effort! :)
1143142905 M * Bertl if you think that is _much_ efford then you haven't submitted anything for inclusion yet :)
1143143004 M * brc is there any vpn that work inside linux-vserver? Without changing caps
1143143046 M * micah brc: openvpn might, although I haven't tried
1143143101 M * brc won't openvpn try to create a interface ?
1143143104 M * brc tun or ppp ?
1143143153 M * Bertl brc: I don't think so, as it would require to inject arbitrary packets into the network stack
1143143174 M * Bertl which cannot be allowed inside a guest (by default)
1143143186 M * micah brc: right, I forgot about that... however the newer openssh is supposed to have VPN support built in
1143143200 M * Bertl OTOH, vpn itself doesn't require interfaces and such
1143143237 M * Bertl for example ssh with port forwarding can be considered a poor man's vpn, which does not require any interfaces/ips
1143143290 M * brc ok
1143143438 Q * FireEgl Ping timeout: 480 seconds
1143143441 M * daniel_hozac micah: i got the same response on their IRC channel... seems they aren't very interested.
1143143774 M * Bertl micah: I can assume that you Sign-off the patch, right?
1143143803 M * Bertl nah, I sign it off, and add you as ack, okay?
1143143835 M * micah Bertl: sure, i dont really even know what "Sign-off" means, but I'm happy for you to do it :)
1143143849 M * daniel_hozac you can add me as ack too, if you want.
1143143869 M * Bertl micah: it means that you've read the stuff and whatnot and acknowledge the license
1143143880 M * Bertl daniel_hozac: okay, will do so ...
1143144158 M * Bertl okay, let's see how that goes
1143144332 M * daniel_hozac Bertl: hmm, i may have screwed up the testcase code again, but it's hanging now.
1143144335 Q * ntrs__ Ping timeout: 480 seconds
1143144401 M * daniel_hozac which i guess would be consistent with the hangs people are experiencing.
1143144431 M * daniel_hozac http://daniel.hozac.com/vserver/sendfile-test.c
1143144436 M * daniel_hozac any obvious mistakes like the socket one?
1143144465 M * daniel_hozac htons on the port... sorry.
1143144646 A * daniel_hozac sighs.
1143144685 M * daniel_hozac ok, with proper test case code, it succeeds.
1143144742 M * daniel_hozac but i don't have problems with httpd either, after reverting those hunks.
1143144770 M * Bertl what makes me wonder is the https vs http case
1143144792 M * daniel_hozac HTTPS disables sendfile.
1143144801 M * daniel_hozac it needs to encrypt the data before sending it.
1143144802 M * Bertl ah, hmm ..
1143144838 J * FireEgl Atlantica@2001:5c0:84dc::
1143145217 M * Bertl welcome FireEgl!
1143145238 M * FireEgl =)
1143145397 Q * Viper0482 Quit: bin raus, 
1143145499 M * Bertl daniel_hozac, doener: http://vserver.13thfloor.at/Experimental/delta-sched-fix01.diff
1143145513 M * Bertl (a bug with interesting results :)
1143145619 M * daniel_hozac hmm?
1143145656 M * Bertl well, it causes scheduler havoc when the hard and priority scheduling is _not_ enabled but compiled in :)
1143145680 M * Bertl i.e. processes get rescheduled after roughly one tick ...
1143145752 M * daniel_hozac oh, ok, that sounds really bad.
1143145805 M * Bertl but this gave me the idea to use it for prio scheduling too
1143145832 M * Bertl this might actually make prio scheduling penalize 'evil' contexts
1143145859 M * Bertl will have to do more testing on that though ...
1143145890 M * Bertl in any case, it probably fixes the strange differences Aiken did observe
1143146580 Q * Dr4g Ping timeout: 480 seconds
1143146980 J * mkhl ~mkhl@200-148-41-210.dsl.telesp.net.br
1143147155 M * Bertl welcome mkhl!
1143148570 M * micah so I am guessing that it is still the case that dietlibc on hppa/parisc will cause problems building util-vserver, correct?
1143148583 M * micah I'm trying to decide if I should disable hppa builds for this upload
1143148647 M * Bertl hmm, are you reading the dietlibc ml?
1143148674 M * micah no, has there been activity there?
1143148676 M * Bertl btw, we have a few bugfixes for 2.0.2 and 2.1.1
1143148698 M * Bertl yes, somebody reported similar issues with other syscalls on hppa
1143148708 M * Bertl and submitted a few patches
1143148717 A * micah goes to read
1143148729 M * Bertl let me see if I can find it ...
1143148729 M * micah the 2.0.2/2.1.1 fixes aren't for util-vserver are they?
1143148742 M * Bertl nope, jsut kernel fixes
1143148765 M * micah I should get those in too
1143148768 M * Bertl micah: but you should talk to daniel_hozac regarding tool fixes
1143148856 M * Bertl from Gerrit Pape, subject: Re: dietlibc on hppa/parisc
1143148861 M * micah I only see Joel Soete's messages to the dietlibc list re: parisc/hppa
1143148878 M * micah daniel_hozac: Bertl says I should talk to you :)
1143148900 M * Bertl micah: hmm, 351875@bugs.debian.org got cc-ed
1143148966 M * micah Bertl: I see Gerrit's half-patches
1143149048 M * Bertl something like that might work for the util-vserver issues too
1143149068 M * Bertl of course, a redesign of dietlibc would be better :)
1143149197 M * daniel_hozac hmm, i guess i should setup one of my hppa boxes.
1143149207 M * micah I'm a little nervous to add that to the package without the ability to try it
1143149238 M * Bertl micah: you can get a logon to my hppa for testing
1143149416 M * micah Bertl: what I can do is to build a new dietlibc package with that patch of Gerrit's, and then build the new util-vserver package against it, and then I'd need your help in figuring out if it works or causes regressions
1143149464 M * Bertl you can get access tomorrow evening and the weekend without problems
1143149490 M * Bertl (the only issue is, it's dialup, so I have to be there and online :)
1143149501 M * micah hehe :)
1143149543 M * micah ok, let me know... I have a *very* limited understanding of this issue, but i can do some of the lifting if you can guide me
1143149583 M * Bertl okay, I'll contact you tomorrow around 10pm CET
1143149681 M * micah sounds good
1143150026 J * ntrs ~ntrs@68-188-37-15.dhcp.stls.mo.charter.com
1143150436 M * Bertl welcome ntrs!
1143150450 M * ntrs Hi Bertl
1143150496 T * Bertl http://linux-vserver.org/ | latest stable 2.01, 1.2.10, 1.2.11-rc1, devel 2.1.0, exp 2.{0.2,1.1}-rc14 | util-vserver-0.30.210 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;)
1143150507 M * Bertl *rc14 is there for 2.6.16
1143150863 M * Bertl bonbons: are you around?
1143150880 M * bonbons yep
1143150905 M * Bertl could you point me to the changes you did for ipv6 (i.e. latest kernel patches regarding that)?
1143150929 M * bonbons sec.
1143151013 Q * shedi Read error: Connection reset by peer
1143151037 M * Bertl np, take your time
1143151091 M * bonbons Here is the patch I uploaded last time: http://homepage.internet.lu/brunop/vserver/net_ipv6.diff, some other additions (started patching on IPv6 stack) are on another box that's currently offline
1143151143 M * Bertl okay, but that one should cover the API part, right?
1143151207 M * daniel_hozac Bertl: didn't you miss one of the do_sendfile changes in 2.0.2?
1143151221 M * Bertl did I?
1143151229 M * daniel_hozac rc14 still has one hunk.
1143151241 M * daniel_hozac @@ -689,9 +689,8 @@ static ssize_t do_sendfile(int out_fd, i
1143151261 M * daniel_hozac i didn't think about it when i saw the delta, that must be why it works for me and not for the others.
1143151346 M * Bertl yup, indeed
1143151366 M * Bertl okay, I'll fix that up in place
1143151417 M * Bertl okay, done
1143151438 M * Bertl daniel_hozac: thanks for spotting it!
1143151456 M * Bertl (read: we had enough fun with sendfile for now :)
1143151465 M * daniel_hozac agreed.
1143151477 M * daniel_hozac did you fix the potential system_utsname leaks yet?
1143151521 M * Bertl nope, going to address this and some config cleanups now
1143151532 M * Bertl do you already have some patches?
1143151537 M * daniel_hozac no, sorry.
1143151868 J * Aiken ~james@tooax6-177.dialup.optusnet.com.au
1143151877 M * bonbons Bertl: the other additions will most probably be for sunday/monday as on saturday I'm on trip and fridays are very busy
1143151878 M * Bertl ah, great! welcome Aiken!
1143151913 M * Bertl bonbons: no problem, I will work myself through it and have a version on saturday or sunday ...
1143151923 M * Aiken good morning
1143151931 M * bonbons well it's really time to get to bed, good night everybody!
1143151932 M * Bertl bonbons: did you spend some more thoughts on the bcaps masking stuff?
1143152017 M * bonbons not so many, my thoughts went into the direction of applying the context-caps-mask on processed in capable() check <- that way any adjustment is always applied instantly
1143152067 M * Bertl hmm, so you mean having the full cap-mask inside a guest, but 'mask' it for checks?
1143152072 M * Bertl that could actually work
1143152094 M * bonbons changing context BCAPs would work as changing it's CCAPs or flags add value/mask, just changing the value in the context descriptor
1143152129 M * daniel_hozac that would also alleviate the BIND problems, wouldn't it? assuming processes inside are allowed to set caps that the context doesn't have, which shouldn't be a problem.
1143152143 M * Bertl it ahs probably some security implications, but it sounds like a good way to go
1143152180 M * Bertl will think about it and extend the API in this direction
1143152183 M * bonbons yep, each check would test against  (process-bcaps & ctx-bcaps) instead of just process-bcaps
1143152211 J * shedi ~siggi@inferno.lhi.is
1143152260 M * bonbons the only decision to take is how to show a process it's current bcaps when it checks them <- with or without context mask applied
1143152295 M * Bertl Aiken: my aplogies for buging you (in advance), but could you give the rc14 a try and see if that fixes the guest vs host issues?
1143152354 M * bonbons off for today
1143152358 M * Bertl good night!
1143152390 M * bonbons thanks!
1143152392 Q * bonbons Quit: Leaving
1143152394 M * Aiken downloading now
1143152426 M * Bertl alternatively you can use this patch: http://vserver.13thfloor.at/Experimental/delta-sched-fix01.diff
1143152433 M * Aiken is it just alpha or are other arch seeing that kind of slow down in guests?
1143152448 M * Bertl most archs, but not _that_ excessive
1143152507 M * Aiken I reinstalled the packages that were showning 'no symbols' in the profile so profiles are more meaning full now
1143152524 M * Aiken those files had previous been stripped of all debugging info
1143152615 M * Aiken at least 2.6.16 seems stable now, that machine has been building kde for the last 38 hours and still going strong
1143152645 M * daniel_hozac ouch, and i thought my kernel builds were bad.
1143152762 M * Bertl Aiken: we observed ~6% on amd64 and even less on x86 
1143152961 M * daniel_hozac are xen0 kernels with vserver useful?
1143152980 M * Bertl I tell you, I have no idea :)
1143152987 M * daniel_hozac xenU are the guests, right?
1143152996 M * Bertl yep
1143152998 A * daniel_hozac doesn't want to disable the wrong kernels.
1143153078 Q * soltesz Quit: using sirc version 2.211+KSIRC/1.3.11
1143153288 M * daniel_hozac disabling two kernels should take a few hours off the build time.
1143153312 M * Bertl hmm, can't you keep the build tree?
1143153349 M * daniel_hozac does that work when the config is changed?
1143153393 M * Bertl well, a) you can build outside the kernel, and b) you could have cp -la trees too :)
1143153427 M * daniel_hozac it uses the same source tree.
1143153436 M * daniel_hozac it just make -s mrproper's it before each build.
1143153453 M * Bertl which should not be required
1143153469 M * Bertl but I was thinking of having two or three branches
1143153486 M * Bertl one built for xenU, one for vserver, one for both
1143153507 M * Bertl and whenever you get a new patch, apply that to the branch, and rebuild
1143153535 M * daniel_hozac well, i don't patch in Xen. Fedora does that.
1143153539 M * Bertl then do make rpm (or whatever is required to get your kernel packages)
1143153561 M * daniel_hozac and they'll also build the "vanilla" xenU kernels.
1143153579 M * Bertl so _what_ are you actually building then? :)
1143153581 M * daniel_hozac i just build the plain UP, SMP and xenU vserver kernels.
1143153607 M * daniel_hozac (previous run also had xen0 and kdump enabled)
1143153623 M * Bertl okay, so then either do that for them, or, if you insist on 'rebuilding' the entire stuff, you can make good use of ccache
1143153662 M * daniel_hozac but won't the header tracking get in the way?
1143153687 M * Bertl hmm?
1143153691 M * daniel_hozac i mean, notice that linux/config.h has changed, and then rebuild everything including it (which should be just about everything).
1143153723 M * Bertl ah, good that you remind me, config.h can be removed now :)
1143153754 M * daniel_hozac hmm?
1143153789 M * Bertl let me double check that, but IIRC config.h is obsolete
1143153800 M * Aiken used the delta, just started the test
1143153803 M * daniel_hozac oh, so what are you supposed to use?
1143153818 M * Bertl the config stuff is magically auto-included
1143153831 M * daniel_hozac oh, ok.
1143153915 M * daniel_hozac so the header tracking wouldn't interfere? how would it then know which files to recompile because their define's changed?
1143154001 M * Bertl yup, just tried with vci_config.h
1143154020 M * Bertl added a big #error inside #ifndef CONFIG_VSERVER
1143154032 M * Bertl then removed the config.h include
1143154049 M * Bertl works fine *G*
1143154503 J * coocoon GrTB0T@p54A07024.dip.t-dialin.net
1143154510 P * meandtheshell 
1143154512 M * coocoon evening to all
1143154519 M * Bertl evening coocoon!
1143155317 M * Aiken much better http://pastebin.com/618976
1143155401 M * Bertl excellent!
1143155458 M * Bertl so that shows roughly 0.3% difference
1143155466 M * Bertl which is probably way below the noise
1143155582 M * Aiken doing a 2nd run after rm -rf the old profile data
1143155613 M * Bertl Aiken: do you have some values for 2.6.16 (without the vserver patch) too? (jsut asking)
1143155620 J * frz ~frz@86.59.25.121
1143155625 M * Bertl welcome frz!
1143155637 M * frz hi
1143155665 M * Aiken once the current run is finished I can, there is a std 2.6.16 kernel ready to go
1143155685 M * Bertl okay, just make sure that the config is as similar as possible
1143155719 M * Aiken the only difference in config the vserver vs no vserver
1143155731 M * Bertl excellent!
1143155796 M * doener Bertl: hm, sendfile not fixed? (didn't completely read up, just the ml)
1143155811 M * daniel_hozac doener: missing hunk.
1143155816 M * Bertl well, yes and no, I missed a hunk
1143155822 M * daniel_hozac -rc14 should be fixed.
1143155823 M * doener ah, i c
1143155845 M * Bertl so maybe we should ask folks to retry with rc14
1143156039 Q * dos000 Quit: Leaving
1143156245 Q * coocoon Remote host closed the connection
1143156766 J * coocoon GrTB0T@p54A07024.dip.t-dialin.net
1143157595 J * Dr4g ~Dr4g@82-40-203-70.stb.ubr06.uddi.blueyonder.co.uk