1143072245 M * daniel_hozac Bertl: lol, both branches affected? 1143072416 J * lilalinux_ ~plasma@dslb-084-058-202-040.pools.arcor-ip.net 1143072460 M * Bertl daniel_hozac: seems so ... 1143072490 M * Bertl (it has been there for quite some while now :) 1143072854 Q * lilalinux Ping timeout: 480 seconds 1143073029 J * TANATHOS ~pionner@88.158.130.2 1143073147 M * daniel_hozac hmm, interesting. 1143073347 M * daniel_hozac http://phpfi.com/108913 1143073385 M * daniel_hozac caused by: strace -fF -o rpm-fake.strace env LD_PRELOAD=/usr/lib/util-vserver/rpm-fake.so ls -l 1143073694 M * Bertl nice 1143073709 M * Bertl can you reproduce it? 1143073750 M * daniel_hozac i'll try. 1143073885 M * daniel_hozac yep. 1143073897 M * daniel_hozac freezes the system solid for about a minute. 1143073957 M * Bertl not bad, what about vanilla (i.e. without patch) 1143074206 M * daniel_hozac without vserver? rpm-fake won't work then, i guess the strace issue is because of the vc_ctx_create. 1143074331 M * derjohn i just read 'ioprio' in the filename ... does that mean I can limit harddisk access ? that would be pr0n, because TPS of the harddisk is the bottleneck on all my vserver hosts 1143074379 M * Bertl derjohn: you can set different I/O priorities, and with devel, you get a priority queue per guest 1143074386 M * daniel_hozac i don't quite follow how rpm-fake works. 1143074409 M * derjohn EHLO Bertl! 1143074416 M * derjohn EHLO Daniel! 1143074431 M * daniel_hozac hi 1143074452 M * Bertl daniel_hozac: okay, how different is the kernel from 2.6.16? 1143074465 M * derjohn hm, one queue per guest, and I can set a prio to that queue. how is it scheduled? token bucket, too? 1143074474 M * Bertl daniel_hozac: (except for the vserver patch) 1143074496 M * Bertl derjohn: normal I/O scheduling, you need to activate CFQ 1143074545 M * daniel_hozac 4.5 MiB in one patch. 1143074568 Q * TANATHOS Quit: 1143074584 Q * dos000 Ping timeout: 480 seconds 1143074635 M * Bertl daniel_hozac: okay, could you give vanilla+patch a try? 1143074691 M * daniel_hozac sure. 1143074735 J * mkhl ~mkhl@200-148-40-59.dsl.telesp.net.br 1143074753 M * Bertl welcome mkhl! 1143074763 M * Bertl back in a minute, have to reboot 1143075161 J * dos000 ~dos000@wsp05974758wss.cr.net.cable.rogers.com 1143075295 M * Bertl back 1143075448 M * derjohn is there a userland tool to change the io scheduler behaviour? (i.e. not with append line), If yes, what's it name? 1143075507 M * Bertl hmm? 1143075509 A * derjohn wonders what scheduler for SATA drives is best suited ... I mean I have NCQ on the disk .. at least with a very small queue length ;) 1143075536 M * derjohn how can I switch from CFQ to AS to Dealline to whatever ? 1143075543 M * derjohn reboot ? 1143075558 M * Bertl proc/sysctl 1143075572 M * derjohn ah, k. 1143075693 M * daniel_hozac hmm, wow. the clock even stops when i try to reproduce that bug. 1143075793 J * doener ~doener@i5387DC60.versanet.de 1143075942 M * blizz "das leben der anderen"- nice movie ;) 1143075947 M * blizz fyi :) 1143076000 M * doener i've just returned from the cinema. "v for vendetta". also quite good (IMHO). 1143076011 M * blizz saw it last week 1143076020 M * blizz liked the movie, too 1143076049 M * blizz doener, which city? 1143076056 M * doener bielefeld 1143076078 M * blizz ahh well.. munich here.. would have been a funny coincidence ;) 1143076088 M * Bertl yeah, I've seen a traler ... 1143076121 M * Bertl *trailer 1143076146 J * matta ~matta@71.224.125.126 1143076201 M * mugwump Bertl: in particular, the one where ebiederm says that the whole approach is flawed... 1143076212 M * mugwump the "top down" comment 1143076289 M * Bertl well, that's probably correct from his POV 1143077030 M * doener ok, now let's see how fast i can crash this box with configfs experiments ;) (I hope that works with modules...) 1143077086 M * doener hm, seems to work, as the example is a module :) 1143078067 M * blizz how can i get a list of the current capabilities on a system? 1143078075 M * blizz s/system/running vserver/ 1143078181 M * daniel_hozac cat /usr/include/linux/capability.h | perl -nle 'm/^#define\s+CAP_(\w+)\s+(\d+)/&&($b{$2}=$1);BEGIN{$x=hex(shift@ARGV)}END{for($i=0;exists$b{$i};$i++){print "$b{$i} is ".($x&(2**$i)?"":"NOT ")."set"}}' `awk '/CapPrm/ { print $2 }' /proc/self/status` 1143078188 M * daniel_hozac from inside the vserver. 1143078204 M * blizz hell ofa command 1143078215 M * Bertl hmm, what did I miss? 1143078255 Q * gerrit Read error: Operation timed out 1143078343 M * blizz thanks daniel 1143081508 J * sdw ~chatzilla@master.lig.net 1143081587 M * sdw Is there a yum-2.6.0 patched for chroot? I worked on it, but it's taking me too long. 1143081652 M * sdw I already have FC5, 2.6.16, and the newest vserver patch running. Now I'm trying to get yum working, or find another way to build environments quickly. 1143082124 M * Bertl hey sdw! 1143082137 M * Bertl good question, let me check ... 1143082248 M * Bertl nope, doesn't seem so, at least not public as it seems 1143082264 M * sdw Ok, I'll come up with something. 1143082289 M * sdw I suppose it shouldn't be too hard to build a base system tree, even if I have to install it somewhere else first and copy. 1143082399 Q * coocoon Ping timeout: 480 seconds 1143082575 M * daniel_hozac sdw: you do of course realize that you don't need a patch to do installs into chroots? 1143082623 M * sdw I was wondering about that. You only need it when the host level is managing the packages? 1143082625 M * daniel_hozac the patches are just to make vyum secure against symlink attacks and such. 1143082634 M * sdw I was following the Fedora Core 4 howto. 1143082652 M * sdw Ahh. 1143082660 M * daniel_hozac does rpm-fake.so work for you? 1143082671 M * sdw Don't know yet. 1143082675 M * sdw How do I test it? 1143082692 M * daniel_hozac LD_PRELOAD=/usr/lib/util-vserver/rpm-fake.so ls -l fails here. 1143082746 M * sdw No chroot specified; aborting... 1143082748 M * sdw rpm-fake.so: failed to initialize communication with resolver 1143082766 M * daniel_hozac interesting... 1143082769 M * sdw Looks like it might work in the right circumstance. 1143082802 M * sdw I've now installed yum-2.6.0 from source which has broken the config. "releasever" is not being replaced... 1143083001 J * coocoon ~coocoon@p54A05E08.dip.t-dialin.net 1143083140 M * daniel_hozac where? in the installs? 1143083141 M * daniel_hozac and why would you install it from source? 1143083207 M * sdw Well, I was testing out the older version and instinctively installed it. Then I needed the new one again. 1143083231 M * sdw I often update systems by installing from source, but those are usually older ones that I'm not ready to reinstall. 1143083241 M * jkl whats the story with util-vserver vulnerability? 1143083252 M * daniel_hozac huh? 1143083410 M * sdw Wacky, the Makefile for yum 2.6.0 uses a variable called DESTDIR which defaults to /root/! 1143083517 M * sdw So, fixed that. Just doing yum --installroot=/v/ta install of some key packages to see how far that gets me. 1143083519 M * sdw Cool. 1143083683 M * daniel_hozac if rpm-fake.so is working for you, vserver ... build -m yum -- -d fc5 should work too. 1143083690 M * daniel_hozac assuming you've set it up. 1143083953 J * lilo_ ~lilo@lilo.usercloak.oftc.net 1143083953 Q * lilo Read error: Connection reset by peer 1143083968 N * lilo_ lilo 1143084315 Q * lilo Quit: brb 1143084333 J * lilo ~lilo@lilo.usercloak.oftc.net 1143084452 Q * doener Quit: leaving 1143085359 J * gerrit ~gerrit@c-67-160-146-170.hsd1.or.comcast.net 1143086600 Q * neofutur Ping timeout: 480 seconds 1143086679 Q * coocoon Quit: KVIrc 3.2.0 'Realia' 1143087093 Q * Hollow Remote host closed the connection 1143087099 J * Hollow ~hollow@home.xnull.de 1143090860 Q * cehteh Remote host closed the connection 1143091007 J * cehteh foobar@cehteh.homeunix.org 1143093446 M * Bertl okay, off to bed now ... have a good one everyone! 1143093452 N * Bertl Bertl_zZ 1143094458 J * Prashanth ~Prashanth@59.145.136.1 1143096893 Q * Prashanth Remote host closed the connection 1143097540 J * Aiken_ ~james@tooax8-212.dialup.optusnet.com.au 1143097858 Q * Aiken Ping timeout: 480 seconds 1143098329 Q * alexx Ping timeout: 480 seconds 1143098537 J * alexx ~alexx@proxy.ikse.net 1143098641 Q * _are_ Ping timeout: 480 seconds 1143099599 Q * brc Ping timeout: 480 seconds 1143099719 J * brc bruce@20151168080.user.veloxzone.com.br 1143101586 J * ||Cobra|| ~cob@pc-csa01.science.uva.nl 1143101663 A * ||Cobra|| hi 1143101755 M * Soekris hello 1143103653 Q * shedi Quit: Leaving 1143104241 M * Soekris ls 1143104255 M * Soekris Verry Good morning. 1143104263 J * pagano ~pagano@lappagano.cnaf.infn.it 1143104666 Q * FireEgl Quit: Bye... 1143104823 Q * serving Ping timeout: 480 seconds 1143105762 J * hijacker ~hijacker@cable-84-43-140-185.mnet.bg 1143105766 M * hijacker hi guys 1143105769 M * hijacker anyone around ? 1143105809 M * hijacker wanted to ask, is there a custom script or a way using the vserver utilities to delete a previously created server? 1143106195 M * Soekris vserver is the big util 1143106226 M * Soekris oh to remove :D 1143107233 J * FireEgl Atlantica@Atlantica.US.TO 1143107403 M * hijacker yes 1143107975 M * cehteh rm :) 1143108263 J * coocoon ~coocoon@p54A0773A.dip.t-dialin.net 1143108269 M * coocoon morning to all 1143109159 Q * mire Ping timeout: 480 seconds 1143109184 J * mire ~mire@129-166-222-85.COOL.ADSL.VLine.Verat.NET 1143110478 J * meandtheshell ~markus@85-124-8-196.dynamic.xdsl-line.inode.at 1143111548 Q * gerrit Ping timeout: 480 seconds 1143113657 Q * coocoon Quit: KVIrc 3.2.0 'Realia' 1143113854 J * coocoon ~coocoon@p54A0773A.dip.t-dialin.net 1143114508 Q * Aiken_ Ping timeout: 480 seconds 1143114778 J * f_ ~f_@83-215-237-2.seek.stat.salzburg-online.at 1143114785 Q * f_ Quit: 1143115121 J * Dr4g ~Dr4g@82-40-44-47.cable.ubr06.uddi.blueyonder.co.uk 1143115548 Q * coocoon Quit: KVIrc 3.2.0 'Realia' 1143115796 Q * Dr4g Quit: Leaving 1143116127 J * Dr4g ~Dr4g@82-40-44-47.cable.ubr06.uddi.blueyonder.co.uk 1143116193 J * Smutje_ ~Smutje@xdsl-84-44-242-181.netcologne.de 1143116298 Q * Smutje Ping timeout: 480 seconds 1143116298 N * Smutje_ Smutje 1143118004 J * shedi ~siggi@tolvudeild-199.lhi.is 1143118274 J * coocoon ~coocoon@p54A076D9.dip.t-dialin.net 1143120278 J * Pazz0 ~rol1@80.190.227.239 1143120305 M * Pazz0 hola :) 1143120382 P * hijacker Leaving 1143120405 M * Dr4g Hello :) 1143120488 M * Pazz0 I wanted to try out 2.1.0-rc13 today... 1143120503 M * Pazz0 ...cleanly compiled with 2.6.16 1143120530 M * Pazz0 but testme.sh (14) fails issuing chbind 1143120585 M * Pazz0 I first thought that y 0.30.207-x would be too old, so I compiled 0.3.210 - same result 1143120599 M * Pazz0 now I'm in doubt about my kernel config 1143120600 M * Pazz0 : 1143120614 M * Pazz0 CONFIG_VSERVER_LEGACY=y 1143120622 M * Pazz0 # CONFIG_VSERVER_NGNET is not set 1143120628 M * Pazz0 CONFIG_VSERVER_LEGACYNET=y 1143120642 M * Pazz0 are these settings ok for 2.1.0? 1143120747 M * Pazz0 btw: # CONFIG_VSERVER_DYNAMIC_IDS is not set 1143120899 M * daniel_hozac that's why. 1143120901 M * daniel_hozac which testme? 1143120913 M * daniel_hozac you'll need 0.30.210, and the latest testme. 1143121033 M * Pazz0 daniel_hozac: testme 14 fails, testme 15 succeeds 1143121046 M * Pazz0 so I have to re-enable CONFIG_VSERVER_DYNAMIC_IDS? 1143121058 Q * dev_ Read error: Operation timed out 1143121065 M * Pazz0 quti 1143121111 M * daniel_hozac if you want to use dynamic ids, yes. 1143121119 M * daniel_hozac (older utils require them) 1143121130 M * Pazz0 I don't need them 1143121148 M * Pazz0 hey - it seems to be ok right now 1143121167 M * Pazz0 testme 14 fails running chbind 1143121176 M * daniel_hozac yes, as it should. 1143121185 M * Pazz0 but testme15 is ok, and my vservers seems to be up and running :) 1143121190 M * Pazz0 s/seems/seem/ 1143121201 M * Pazz0 daniel_hozac: thnx 1143121256 M * coocoon daniel_hozac: hello 1143121264 M * Pazz0 is there any good reason to leave CONFIG_VSERVER_DYNAMIC_IDS enabled? 1143121276 M * daniel_hozac well, older utils. 1143121295 M * coocoon daniel_hozac: i think u r involved with fedora very much right? 1143121304 M * daniel_hozac not really, i'm mostly a lurker. 1143121307 M * Pazz0 so I could also run 2.1.0 with 0.30.207-x? 1143121322 M * Pazz0 (if CONFIG_VSERVER_DYNAMIC_IDS would be enabled?) 1143121322 M * daniel_hozac Pazz0: yes, if you enable that. 1143121336 M * Pazz0 daniel_hozac: thanks a lot! 1143121346 M * daniel_hozac i don't see why you would want to though, as a lot of bugs and features have been added since. 1143121348 M * daniel_hozac :) 1143121364 M * coocoon daniel_hozac: u have updated u r system to fc5? 1143121366 M * daniel_hozac umm, bugs have been fixed. 1143121370 M * daniel_hozac coocoon: one of them, yes. 1143121460 M * coocoon hm thats why i am asking get alltimes the message that the kudzu initscripts and mkinitrd'd have dependencies problems with kernel 2.6.12, 2.6.11 and 2.6.13, but i have removed them befor, upgraded a fc3 to 4 and then tried to upgrade to fc5 1143121480 M * coocoon have u heard of it 1143121504 M * daniel_hozac http://fedoraproject.org/wiki/YumUpgradeFaq 1143121514 M * daniel_hozac not sure if they have added FC5 yet though. 1143121541 M * coocoon have tried it also from there, no chance everytime the same 1143121543 M * coocoon hm ok 1143121551 M * coocoon i am working on sid now 1143121572 M * coocoon works better upgradeing no problems 1143121602 M * daniel_hozac upgrades are meant to be handled by Anaconda. 1143121608 M * coocoon daniel_hozac: but the pronblem is yum and apt-rpm for building vservers 1143121990 Q * pagano Read error: Connection reset by peer 1143122656 Q * matta Ping timeout: 480 seconds 1143123101 Q * Pazz0 Quit: [BX] Reserve your copy of BitchX-1.1-final for the Nintendo Gameboy today! 1143123379 Q * daniel_hozac Quit: reboot 1143123541 J * daniel_hozac ~daniel@c-2d1472d5.010-230-73746f22.cust.bredbandsbolaget.se 1143124257 J * matta ~matta@c-68-32-239-173.hsd1.pa.comcast.net 1143125128 M * ntrs__ Hi Erevyone 1143125137 M * ntrs__ everyone I mean. 1143125158 M * ntrs__ I just started getting this whenever I try to restart apache in a vserver 1143125160 M * ntrs__ *** glibc detected *** double free or corruption (fasttop): 0x0811a108 *** 1143125169 M * ntrs__ Anyone has a solution to this problem? 1143125185 M * ntrs__ Latest version of kernel/patch/util-vserver 1143125277 M * ntrs__ If I do an strace -fF httpd it produces a kernel panic 1143125297 M * Hollow daniel_hozac: http://home.xnull.de/work/vserver/vcd.spec.html 1143125859 M * daniel_hozac ntrs__: doesn't really sound vserver related, except perhaps the kernel panic. 1143125948 M * daniel_hozac Hollow: cool. 1143125966 M * Hollow to be extended ;) 1143125971 M * daniel_hozac of course ;) 1143126033 M * ntrs__ daniel_hozac, this started happening after I compiled and installed php5 1143126418 M * waldi ntrs__: does php5 use glib? 1143126427 M * ntrs__ I have no idea 1143127912 J * |coocoon| ~coocoon@p54A076D9.dip.t-dialin.net 1143128123 Q * coocoon Ping timeout: 480 seconds 1143128354 J * Roey ~katz@h-69-3-4-130.mclnva23.covad.net 1143128355 M * Roey hi! 1143128357 M * Roey Bertl_zZ: 1143128359 M * Roey aww 1143128363 M * Roey daniel_hozac: ok, you're here! 1143128366 M * Roey harry: as are you 1143128479 M * daniel_hozac uh huh... 1143128501 M * Roey making the possibility for running OpenVPN? www.openvpn.net inside a vserver and/or giving the vserver user the option of creating virtual network interfaces 1143128507 M * Roey that's from the TODO list 1143128510 M * Roey under 'generic' 1143128512 M * Roey er.. 1143128517 M * Roey how close are you guys to this? 1143128540 M * daniel_hozac it's already possible, but not in a secure way. 1143128545 M * Roey oh. ok. 1143128551 M * Roey er, when will it be secure? 1143128570 M * Roey and do you have to jump through many hoops to get it to work? 1143128572 M * daniel_hozac maybe sometime after ngnet is here. 1143128611 M * daniel_hozac copy the device, set a flag, bind to 0.0.0.0, add a few caps. 1143128615 M * daniel_hozac IIRC. 1143129093 Q * shedi Quit: Leaving 1143129215 M * Roey hmm ok 1143129288 M * Roey daniel_hozac: i had wanted to say that I've seen that before, and (1) to ask if that's a newer feature than what I am using now (Kernel: 2.6.14.4-vs2.1.0) 1143129294 M * Roey 2.1.0 is the current dev version... 1143129303 M * Roey also, how is it not secure? 1143129325 M * harry i'm here too, yes 1143129378 M * daniel_hozac the capabilities you have to grant the guest will effectively let it control the entire network stack. 1143129433 M * Roey eek 1143129434 M * Roey ok. 1143129442 M * Roey so you guys are working on ways to constrain this? 1143129453 M * Roey there isn't some sort of virtual interface available? 1143129471 M * daniel_hozac i think ngnet is on hold until all the mainline virtualization wars are done. 1143129472 M * Roey that can be predefined for that vserver guest by the administrator 1143129475 M * Roey ok 1143129483 M * daniel_hozac hopefully ebiederm's patches will get in, and ngnet will be based on that. 1143129485 M * Roey wars? what, there's debate? 1143129490 M * Roey ok 1143129508 M * Roey daniel_hozac: how many devs does vserver have? like, 6-12 I thought. 1143129513 M * daniel_hozac (i think that's the plan anyway, i'm sure Bertl_zZ will correct me if i'm wrong :)) 1143129528 M * daniel_hozac what do you mean by developers? 1143129532 N * Bertl_zZ Bertl 1143129536 M * Bertl morning folks! 1143129540 M * daniel_hozac morning Bertl! 1143129578 M * Roey Bertl! 1143129579 M * Roey hey hey 1143129609 M * Roey daniel_hozac: how many patch submitters/mailing list contributors particpiate in VServer's development? 1143129656 M * daniel_hozac that's still really vague. are you asking how many people have ever submitted a kernel patch to vserver? 1143129684 M * daniel_hozac or do you also include util-vserver in "VServer"? 1143129684 M * Roey how many people /regularly/ contribute 1143129690 M * Roey yeah I do 1143129693 M * Roey util-vserver, too. 1143129699 M * Roey documentation people too 1143129719 M * daniel_hozac i'm not even sure how we'd get any sort of stats of that. 1143129785 M * Roey oh 1143129789 M * Bertl Roey: the community is large, and many folks contribute 1143129791 M * Roey maybe from cvs/svn stuff 1143129800 M * Roey Bertl: oh ok I thought you were only half a dozen in all 1143129808 M * Roey so a lot of people have interest in vserver 1143129810 M * Roey awesome 1143129816 M * Bertl Roey: the core team is probably 3-4 people 1143129819 M * Roey ok 1143129834 M * Bertl but it's not coding which is the important part 1143129838 M * Roey who's that? You (Herbert), Dan, Eric, 1143129839 M * Roey ? 1143129897 M * Bertl I'd say Enrico (doing util-vserver), Hollow+bonbons doing vserver-utils, Daniel,Doener,Sam and myself working on the kernel 1143129923 M * Bertl daniel_hozac is also working on userspace stuff 1143129932 M * Roey ok 1143129936 M * Bertl then there are many folks testing stuff, which is _very_ improtant 1143129940 M * Roey ebeiderman is eric or enrico? 1143129944 M * Roey eric I thought 1143129948 M * daniel_hozac eric. 1143129951 M * Roey and he submits patches too 1143129953 M * daniel_hozac Enrico is ensc. 1143129955 M * Roey ohhh ok 1143129962 M * Bertl yep, Eric is not developing Linux-VServer 1143129968 M * Roey ok didn't know that... thanks 1143129974 M * Roey do you guys need a gui for vserver 1143129974 M * Roey ? 1143129978 M * Bertl but we are working together on getting mainline virtualization done 1143129988 M * Roey like, a web module for webadmin 1143129990 M * Bertl always ... 1143129992 M * Roey or a web server interface 1143129993 M * daniel_hozac Hollow mentioned a project yesterday. 1143130000 M * Roey or an interface in KDE's kcontrol 1143130000 M * Roey ? 1143130002 M * daniel_hozac or the day before that. 1143130004 M * Hollow http://home.xnull.de/work/vserver/vcd.spec.html 1143130010 M * Roey cool 1143130025 M * Bertl if you think you can contribute something, go ahead ... 1143130027 M * Hollow this is somewhat related to webinterface.. 1143130078 M * Roey Hollow: it looks big 1143130084 M * Hollow what? 1143130087 M * Hollow the spec? 1143130090 M * Hollow *giggle* 1143130090 M * Roey like.. you *really* break it down 1143130091 M * Roey yeah 1143130112 M * Hollow well, i wrote this spec today morning... it's just some random thoughts 1143130114 M * Hollow :) 1143130144 M * Hollow but it should be extended while being implemented 1143130154 M * Roey HA 1143130155 M * Roey ok 1143130155 M * Roey :) 1143130162 M * Roey Hollow: interesting that you chose xml-rpc. 1143130166 M * Roey are yo uinterested in doing a 1143130170 M * Roey actually.. 1143130173 M * Roey let me guess: 1143130183 M * Roey so this one part is a user-space daemon, right? 1143130203 M * daniel_hozac yes. 1143130203 M * Hollow exactly 1143130206 M * Roey and it talks xmlrpc to any client, wether it be a web frontend or a KDE or a command-line one. 1143130212 M * Hollow righty 1143130214 M * Roey ok 1143130215 M * Hollow :) 1143130230 M * Roey do you have a list of possible message types you need to describe vserver's actions? 1143130232 M * Roey such as 1143130247 M * Roey system messages (SHUTTING_DOWN, etc.) 1143130249 M * Roey or others 1143130253 M * Roey (GAINED_CAPABILITY) 1143130255 M * Roey er 1143130258 M * Roey yeah. 1143130263 M * Hollow that would be the state change helper i guess 1143130266 M * Roey or maybe even (GAINED_DEVICE) 1143130273 M * Roey ko. 1143130274 M * Roey *ok 1143130286 M * Roey and then you need to make a grammar for all this? 1143130299 M * Roey or does xmlrpc define that for you 1143130299 M * Roey ? 1143130312 M * Hollow xmlrpc is an open standard 1143130316 M * Roey :) 1143130317 M * Roey brb 1143130323 M * Roey tha'ts very interesting 1143130327 M * Roey keeping in mind 1143130329 M * Hollow the protocol is plain text i.e. easily debuggable 1143130331 M * daniel_hozac Hollow: any thoughts on authentication and authorization? 1143130349 M * Hollow daniel_hozac: yeah, easiest thing is via xmlrpc values added to each call 1143130382 M * Hollow but you could also use http basic auth 1143130384 M * daniel_hozac in a plain text protocol? :) 1143130405 M * daniel_hozac plague does it based on certificates. 1143130417 M * Hollow pague? 1143130425 M * daniel_hozac Fedora buildsystem. 1143130447 M * Hollow eh? 1143130448 M * daniel_hozac it's a bit of a pain to set up at first, but i think it's a pretty good idea. 1143130462 M * matta Bertl: i'm going to meet with your princeton friends on the 4th 1143130468 M * Roey eeeeeeeek 1143130469 M * Roey fedora. 1143130470 M * matta xen vs vserver talk, should be fun 1143130470 M * Bertl matta: great! 1143130480 M * Roey matta: there isn't any... overlap 1143130487 M * Roey they're for different purposes... 1143130493 M * matta yeah, i know. 1143130496 M * Roey oh 1143130506 M * matta I actually run vserver under xen 1143130508 M * daniel_hozac Hollow: basically looks at the cn for the cert and uses that as the key in its capability database. 1143130512 M * Roey and who the hell put xen on a pedestal in the past few months? there are so many virtualizer systems out there 1143130512 M * Hollow daniel_hozac: what has build system to do with xmlrpc? 1143130518 M * matta I don't know my purpose except perhaps extensive knowledge of both 1143130519 M * daniel_hozac Hollow: it's all XMLRPC ;) 1143130520 M * Roey red hat probably :) 1143130526 M * Hollow mhm 1143130539 M * matta Roey: hp, ibm, redhat, suse, los alamos.... 1143130591 M * matta a point was brought up using a shared kernel, memory could technically be read if a maliscious program was loaded into space that another containers process previously used 1143130611 M * daniel_hozac Hollow: would keep the transfers secret too, although it gets a bit harder to debug. 1143130615 M * matta we know data can stay in memory even after a soft reboot 1143130625 M * matta (ie. where power remains to the ram) 1143130646 M * Hollow daniel_hozac: i.e. sth like ssl? 1143130649 M * matta i'm all for both technologies, seeing that they are complementary to each other 1143130657 M * daniel_hozac Hollow: yeah, it's SSL (or maybe TLS). 1143130689 M * daniel_hozac matta: does the hypervisor zero all RAM before letting a guest use it? or do guests have file-based RAMs? 1143130741 M * Bertl daniel_hozac: interesting question 1143130781 M * Bertl daniel_hozac: but I assume as the ram is 'assigned' to the guests, it comes _as_is_ 1143130785 J * Viper0482 ~Viper0482@p54976E41.dip.t-dialin.net 1143130828 M * Roey hey how about this: Does the Xen hypervisor free up memory back to the OS (itself in this case) after a guest closes? 1143130831 M * daniel_hozac Bertl: so those pages are locked into RAM? (i've never used Xen... i tried yesterday but failed) 1143130832 M * Roey er 1143130837 M * Roey sorry, that didn't come out like I wanted 1143130856 M * Roey normally with *nix systems, malloc() calls sbrk() to allocate memory 1143130863 M * Bertl matta: how would userspace exploit that? 1143130865 M * matta daniel_hozac: it scrubs the ram on boot 1143130874 M * Roey and free() doesn't call anything to return memory back to the OS... 1143130897 M * matta Bertl: i don't know, i'm not a hacker... but we see how they manage to do crazy stuff like that all the time :) 1143130907 M * matta like read process data from swap, etc 1143130921 M * Bertl matta: yeah, but that would be a security issue on normal linux systems too, no? 1143130935 Q * Viper0482 Remote host closed the connection 1143130947 M * Bertl if process A could read data from process B that easily 1143131017 M * daniel_hozac it sounds like A will need some serious luck to get B's pages at all, and then finding the one you're interested in and interpreting it correctly... 1143131145 M * Bertl hmm, no, the problem is more that you just cannot get a previously used page 1143131168 M * Bertl you can get a copy of an existing page if you are priviledged, or an empty one 1143131270 J * Viper0482 ~Viper0482@p54976E41.dip.t-dialin.net 1143131288 M * Hollow daniel_hozac: well, one possibility would be to do vcd as a cgi and let some http server do the rest.. 1143131328 M * Hollow but.. with a cgi we can't do a daemon.. 1143131331 M * Hollow not a good idea 1143131331 M * daniel_hozac Hollow: or write it in some interpreted language and inherit from the HTTP server class ;) 1143131803 J * shedi ~siggi@inferno.lhi.is 1143132373 J * srounet ~srounet@socks.epitech.net 1143132425 M * srounet http://sk4ry.free.fr/yoshi-power.htm [not a trojan] [it's about yoshi in alaska] 1143132438 M * srounet http://sk4ry.free.fr/yoshi-power.htm [not a trojan] [it's about yoshi in alaska] 1143132456 M * Wonka nobody's interested 1143132473 Q * srounet autokilled: A user from this host has violated network policy. Mail support@oftc.net if you feel this ban to be in err 1143132486 M * Wonka *g* 1143133543 Q * |coocoon| Quit: KVIrc 3.2.0 'Realia' 1143133604 J * coocoon ~coocoon@p54A076D9.dip.t-dialin.net 1143133624 M * Bertl wb coocoon! 1143133711 J * bonbons ~bonbons@83.222.39.180 1143133733 M * phreak`` heya Bertl :) 1143133812 M * Bertl hey phreak``! 1143133817 M * Bertl hey bonbons! 1143133826 Q * ||Cobra|| Remote host closed the connection 1143133851 M * Hollow Bertl: could you please change VCI_VERSION in 2.1.*? currently it is the same as in 2.0.* 1143133917 M * Bertl Hollow: yes, thanks for reminding me 1143134311 J * hmpf_ dsadsa@88.154.1.105 1143134316 M * hmpf_ hi bertl!!!!! 1143134330 A * hmpf_ kisses Bertl 1143134423 M * hmpf_ does anyone know where to set the nice for a vserver when using util-vserver 0.30.209 1143134425 M * Bertl hey hmpf_! 1143134441 M * hmpf_ whats up Bertl 1143134462 M * bonbons Hi Bertl, Hollow, everybody 1143134474 M * Bertl working on the final fixes for the release 1143134486 M * hmpf_ Bertl can you please help me with this one ? 1143134489 M * coocoon hello bertl 1143134508 M * Bertl hmpf_: have you checked the flower page? 1143134511 M * hmpf_ lololoolol 1143134516 M * hmpf_ nope breti but i will 1143134527 M * hmpf_ can you spot me to that page 1143134559 M * Bertl http://www.nongnu.org/util-vserver/doc/conf/configuration.html 1143134563 M * hmpf_ found :P 1143134566 M * hmpf_ thx :) 1143134579 M * hmpf_ (god damm my production db is laggggggin!!!!) 1143134583 Q * jufo Read error: Operation timed out 1143134675 M * daniel_hozac Bertl: release of 2.0.2 and 2.1.1? 1143134715 Q * coocoon Quit: KVIrc 3.2.0 'Realia' 1143134733 M * Bertl daniel_hozac: at least one of them :) 1143134756 M * Bertl daniel_hozac: preferable 2.0.2 first, now that 2.6.16 is out 1143134793 M * daniel_hozac ok :) 1143134861 M * Bertl okay, off for dinner now, back shortly 1143134887 N * Bertl Bertl_oO 1143135369 J * gerrit ~gerrit@c-67-160-146-170.hsd1.or.comcast.net 1143135678 J * liquid3649_ ~Viper0482@p54977A4C.dip.t-dialin.net 1143135746 Q * liquid3649_ Quit: 1143135922 Q * gerrit Quit: Client exiting 1143135957 J * doener ~doener@i5387CFC9.versanet.de 1143136055 M * daniel_hozac i can reproduce the sendfile issues reported on the list. 1143136063 Q * Viper0482 Ping timeout: 480 seconds 1143136069 M * daniel_hozac EnableSendfile off makes httpd work again. 1143136114 M * doener j/k 1143136117 M * doener damn... 1143136134 M * doener i'll never master input focus in irssi... 1143136147 M * daniel_hozac hehe. 1143136215 M * doener and sendfile is becoming a running gag... 1143136265 J * Viper0482 ~Viper0482@p54977A4C.dip.t-dialin.net 1143136334 M * doener daniel_hozac: 2.0.2 or 2.1.1? 1143136339 M * daniel_hozac 2.0.2 1143136347 Q * Viper0482 Quit: 1143136348 M * daniel_hozac just has the retval changes for rw_verify_area. 1143136365 J * Viper0482 ~Viper0482@p54977A4C.dip.t-dialin.net 1143136390 M * doener daniel_hozac: actually, it undoes the changes from 2.6.15 -> 2.6.16 in do_sendfile 1143136413 M * daniel_hozac oh. 1143136428 M * doener reverting fs/read_write.c to the vanilla 2.6.16 version should fix it, could you try that? 1143136600 N * Bertl_oO Bertl 1143136602 M * Bertl back now 1143136611 J * restill ~restill@c-24-11-171-10.hsd1.mi.comcast.net 1143136630 Q * mkhl Ping timeout: 481 seconds 1143136688 M * doener wb Bertl 1143136774 M * daniel_hozac http://daniel.hozac.com/vserver/sendfile-test.c 1143136784 M * daniel_hozac output file will be 0 bytes. 1143136800 M * daniel_hozac (i'm still rebuilding the kernel with the patch reverted) 1143136921 M * daniel_hozac ok, rebooting. 1143136923 Q * daniel_hozac Quit: reboot 1143137084 J * daniel_hozac ~daniel@c-2d1472d5.010-230-73746f22.cust.bredbandsbolaget.se 1143137184 M * daniel_hozac now the test case is giving me EINVAL. 1143137218 M * Bertl daniel_hozac: what are 'we' investigating here? 1143137223 M * daniel_hozac but httpd is working. 1143137261 M * daniel_hozac httpd/sendfile issues. 1143137274 M * Bertl with 2.6.16-vs2.0.2-rc13? 1143137279 M * daniel_hozac yes. 1143137289 M * Bertl do we have sendfile changes there? 1143137303 M * Bertl if yes, then they are accidential, I'd say 1143137353 M * daniel_hozac - if (retval < 0) 1143137353 M * daniel_hozac + if (retval) 1143137353 M * daniel_hozac goto fput_in; 1143137353 M * daniel_hozac - count = retval; 1143137386 M * Bertl interesting, where does that come from? 1143137456 M * daniel_hozac what do you mean? it's in do_sendfile. 1143137512 M * doener daniel_hozac: your testcase gives me EINVAL on vanilla, too 1143137543 M * Bertl this 'fragment' seems to have been introduced in rc9 1143137548 M * daniel_hozac doener: guess i messed that up then... but it returned 0 on the previous kernel. 1143137564 M * Bertl daniel_hozac: yeah, mainline sendfile behaviour changed 1143137586 M * Bertl okay, that pretty much explains the issues which were reported on 2.0.2 1143137646 M * doener daniel_hozac: according to the manpage 2.6 does not support anything but sockets as out fd (based on 2.6.9 though) 1143137654 M * Snow-Man sendfile is still busted? :( 1143137696 M * Snow-Man ===# uname -a 1143137696 M * Snow-Man Linux bombur 2.6.16-rc4-vs2.0.2-rc9ntwx.1 #1 SMP Thu Feb 23 15:42:18 EST 2006 i686 GNU/Linux 1143137703 M * Snow-Man That seems to be working for me... 1143137717 M * Snow-Man Or at least, I havn't had any problems with sendfile stuff yet. 1143137722 M * doener probably the mainline change was introduced in rc5 1143137730 M * Snow-Man :( 1143137760 M * Snow-Man I was really hoping to move to stock 2.6.16 early next week... 1143137761 M * doener or maybe the 2.0.2 for the rc's just wasn't broken earlier 1143137775 M * Bertl Snow-Man: it will be fixed tonight :) 1143137793 M * doener Snow-Man: it's just the vserver patch accidently reverting changes, no big deal 1143137795 M * Snow-Man Bertl: oh? Cool.. 1143137826 M * doener 2.0.2-rcX wasn't broken before 2.6.16 (AFAIK) and 2.1.1 as fixed since 2.1.1-rc13 1143137900 M * Bertl yeah, the issue is partially self made and got complicated by the mainline changes 1143137929 J * wolf ~wolf@85.233.97.254 1143137937 M * Bertl we would have figured it earlier when folks had tested _both_ branches (when they had issues) 1143137942 M * Bertl welcome wolf! 1143137958 M * wolf hi; this is wogri - the guy with 2.6.16 apache problem. 1143137968 M * Bertl ah, great, 2.0.2, yes? 1143137975 M * wolf richtig. 1143137986 M * wolf are we allowed to talk german? you are german, aren't you? 1143137991 M * Bertl yep, give me a minute for a patch, when can you test it? 1143137994 M * daniel_hozac wolf: filterdiff -i '*/fs/read_write.c' ../patch-2.6.16-vs2.0.2-rc13.patch | patch -Rp1 1143138009 M * daniel_hozac WORKSFORME, at least ;) 1143138018 M * wolf well, the thing is: this is a production system (at least my private one). 1143138047 M * doener wolf: should WORKFORYOU, too. the bug was that the vserver patch accidently reverted mainline changes. 1143138051 M * daniel_hozac umm, s/patch/diff/2 in the above command. 1143138109 M * wolf sorry, I am not a kernel programmer. what are mainline changes? 1143138113 M * doener daniel_hozac: is that regular regex syntax? 1143138131 M * daniel_hozac doener: i don't know, i think sed supports it. 1143138133 M * doener wolf: changes from 2.6.15 to 2.6.16... mainline == vanilla == the stuff from kernel.org 1143138137 M * Bertl wolf: don't worry with the details, you get a new release in maybe 20 minutes 1143138149 M * wolf heh :) 1143138151 M * wolf allright. 1143138152 M * Bertl wolf: and a patch in probably 5 1143138163 M * Bertl you can then choose what you prefer :) 1143138173 M * wolf I'll go with the new release. 1143138186 M * wolf test it for you on my production system.. 1143138194 M * Bertl excellent! 1143138293 M * wolf doener: thanks for clarifying. 1143138310 M * wolf help users 1143138317 M * wolf wooops :) sorry. 1143138382 M * Bertl new @ irc :) 1143138458 M * Bertl http://vserver.13thfloor.at/Experimental/delta-sendfile-fix04.diff 1143138470 M * Bertl (this is the revert for 2.0.2) 1143138496 M * wolf yeah, pretty new @ irc... 1143138520 M * Bertl wolf: no problem, ask if you need something ... 1143138591 M * wolf so I will patch vanilla 2.6.16 with 2.0.2-rc13, after that patch with the diff you just applied, right? 1143138654 M * Bertl yep, that should fix the issues you see 1143138667 M * Bertl what kernel do you use right now? 1143138693 M * wolf 2.4.30-grsec2.1.5-vs1.2.10-dm 1143138726 M * wolf switched back to that one, I switched to 2.6 just 2 days ago with some weird problems. 1143138746 M * Bertl ah, well, I meant the 2.6 kernel :) 1143138799 M * wolf I used 2.6.14.7 before. 1143138809 M * wolf also grsec+vs 1143138813 M * Bertl and you had issues with that version? 1143138817 M * wolf yes. 1143138822 M * Bertl what kind of issues? 1143138829 M * wolf daemons inside vservers were dieing. 1143138838 M * wolf for example: mysqld would just stop working. 1143138851 M * wolf but it might also have to do with the merge wit grsecurity. 1143138856 M * Bertl interesting, using memory limits? 1143138867 M * wolf none that I knew of. 1143138872 M * wolf nothing in the logs. 1143138885 M * Bertl thought so, sounds like an issue with the merge to me 1143138885 M * wolf named and mysqld were dieing. no other daemons. 1143138899 M * wolf well. 1143138906 M * Bertl at least I havent heard of something like that on vanilla+vserver 1143138910 M * wolf 2.6.16 is getting prepared.... 1143138939 M * wolf yeah, and I was using vs 2.1.1-r13, don't know if that's supposed to work on production systems :) 1143138958 M * Bertl yep, that should work, but it is devel 1143138976 M * Bertl did you see issues with that one too? 1143138981 M * wolf oh, btw: what happened to iptables in 2.6? do I need a new userland utility? 1143139013 M * wolf no, I never used 2.1.1-rc13 without grsec, so I can't really give an opinion on that. 1143139020 M * Bertl hmm, aybe, depends on how old your iptables stuff is ... 1143139061 M * Bertl wolf: i.c. well, it is always advised to revert back towards mainline if soemthing doesn't work 1143139074 M * Bertl i.e. vserver+grsec -> vserver -> mainline 1143139095 M * wolf yeah, I agree. without a testsystem this isn't too funny to try... :) 1143139114 M * Bertl that's right :) 1143139145 M * Bertl but IMHO the currently available grsec + vserver patches are not for production anyway 1143139204 J * soltesz ~soltesz@targe.CS.Princeton.EDU 1143139236 M * wolf well, my production system is only used by ~30 users. 1143139247 M * Bertl welcome soltesz! 1143139247 M * wolf still I like to have it up and running. 1143139256 M * wolf kernel is compiling, btw. 1143139264 M * soltesz :-) 1143139264 M * Bertl wolf: I completely understand that ... 1143139689 M * wolf ok, ready for reboot. 1143139697 Q * hmpf_ Quit: 1143139741 Q * wolf Remote host closed the connection 1143140103 J * wolf ~wolf@85.233.97.254 1143140117 M * wolf welcome back, my irc client is in a vserver :) 1143140120 M * wolf same issue as before: 1143140123 M * wolf http://www.wogri.at 1143140128 M * wolf compared to https://www.wogri.at 1143140204 M * Bertl okay, stupid question, you are sure that: 1143140211 M * Bertl - you did apply the patch 1143140222 M * wolf yes. 1143140225 M * Bertl - the issue is vserver related (at least somehow :) 1143140236 M * wolf well, yeah, with 2.6.14 it works. 1143140248 M * Bertl okay, that is a _very_ good point 1143140257 M * wolf how can I verfy the appliance of the patch? 1143140265 M * wolf give me some kind of grep command 1143140289 M * Bertl well, you did apply and build the kernel from the sources, right 1143140291 M * daniel_hozac wolf: question: does adding EnableSendfile off to httpd.conf fix it? 1143140300 M * Bertl ah, good idea! 1143140325 M * micah hmm, start-vservers --stop --all seems to not stop vservers that have a 'mark' 1143140341 M * wolf yes, it des. 1143140347 M * wolf it does. 1143140355 M * wolf after EnableSendfile off it seems to work! 1143140377 M * Bertl okay, now let's check if your patching did work out 1143140390 M * wolf allright. 1143140398 M * Bertl 'uname -a' does show you what? 1143140424 M * wolf 20:00:12 root@mainframe:/boot/grub# uname -a 1143140424 M * Bertl I assume you have built the kernel somewhere, and the build dir is still there 1143140425 M * wolf Linux mainframe 2.6.16-vs2.0.2-rc13-wogrikernel #1 SMP Thu Mar 23 19:47:48 CET 2006 i686 GNU/Linux 1143140431 M * wolf yes of course. 1143140681 M * Bertl okay, try 1143140685 M * Bertl grep -B 3 'count = retval' fs/read_write.c 1143140691 M * Bertl inside the kernel source 1143140753 M * wolf 20:03:14 root@mainframe:/usr/src/linux-2.6.16# grep -B 3 'count = retval' fs/read_write.c 1143140753 M * wolf retval = rw_verify_area(READ, in_file, ppos, count); 1143140753 M * wolf if (retval < 0) 1143140753 M * wolf goto fput_in; 1143140754 M * wolf count = retval; 1143140806 M * Bertl okay, that looks good ... now how hard would it be to start the apache with just chroot? 1143140847 M * Bertl i.e. would it be possible to verify that with a 2.6.16 (no vserver) kernel? 1143140855 M * wolf nope. 1143140891 M * wolf the webserver sits directly in a vserver, there's no real possibility to move it to a vanilla kernel OS. 1143140912 M * wolf at least no uncomplicated one. 1143140934 M * Bertl hmm, chroot /vservers/webguest ; /etc/init.d/httpd start ? 1143140959 M * Bertl you won't get the isolation and it will use all host ips, but it should work for a test ... 1143140973 M * Bertl of course, on a production system, that is not really desired 1143140984 M * wolf oh. 1143140988 M * wolf well, I can try that. 1143140990 M * Bertl thing is, I do not see that we change mainline behaviour 1143141002 M * wolf fortunatley the IP is shared with the mainserver. 1143141003 M * Bertl but!! mainline behaviour change recently 1143141009 M * wolf heh :) 1143141009 M * Bertl *changed 1143141126 M * wolf doesn't seem to work out easily... 1143141362 M * Bertl hmm? 1143141421 M * wolf nope. 1143141429 M * wolf apache wouldn't want to start. 1143141441 M * wolf complained about not being able to bind on ports. 1143141444 M * wolf well. hm... :) 1143141461 M * wolf I should bind it directly to the ip. 1143141638 M * wolf sorry folks, I'm running out of time. 1143141673 M * Bertl you might want to stop the apache on the host 1143141692 M * wolf I probabl can continue helping tomorrow. please keep me up to date on the mailinglist! thanks 1143141702 M * wolf sorry, got to go (girlfriend-duties... :)) 1143141704 M * Bertl okay, thanks for your time! 1143141728 M * wolf no, thanks for yours, Herbert! 1143141730 M * wolf bye 1143141732 Q * wolf Quit: Leaving 1143142226 M * Bertl daniel_hozac: could you test if your sendfile check differs between 2.6.15.x and 2.6.16 (no vserver involved)? 1143142431 J * ddlp ~ddlp@sarayi.kariva.org 1143142438 M * Bertl welcome ddlp! 1143142628 M * micah so it appears that the mtd mailing list doesn't want to pay attention to my patch either 1143142652 M * micah nor does dietlibc people want to fix the hppa problems! 1143142668 M * Bertl micah: well, let's do a patch for mainline and send it to akpm, shall I? 1143142723 M * micah akpm is the mtd mainline person? 1143142738 M * Bertl nope, akpm is Andrew Morton :) 1143142750 M * micah ah :) 1143142771 M * Bertl where is your patch, for reference? 1143142775 M * micah one moment 1143142852 M * micah here it is: http://lists.infradead.org/pipermail/linux-mtd/2006-March/015042.html 1143142874 M * micah such a simple fix requiring so much effort! :) 1143142905 M * Bertl if you think that is _much_ efford then you haven't submitted anything for inclusion yet :) 1143143004 M * brc is there any vpn that work inside linux-vserver? Without changing caps 1143143046 M * micah brc: openvpn might, although I haven't tried 1143143101 M * brc won't openvpn try to create a interface ? 1143143104 M * brc tun or ppp ? 1143143153 M * Bertl brc: I don't think so, as it would require to inject arbitrary packets into the network stack 1143143174 M * Bertl which cannot be allowed inside a guest (by default) 1143143186 M * micah brc: right, I forgot about that... however the newer openssh is supposed to have VPN support built in 1143143200 M * Bertl OTOH, vpn itself doesn't require interfaces and such 1143143237 M * Bertl for example ssh with port forwarding can be considered a poor man's vpn, which does not require any interfaces/ips 1143143290 M * brc ok 1143143438 Q * FireEgl Ping timeout: 480 seconds 1143143441 M * daniel_hozac micah: i got the same response on their IRC channel... seems they aren't very interested. 1143143774 M * Bertl micah: I can assume that you Sign-off the patch, right? 1143143803 M * Bertl nah, I sign it off, and add you as ack, okay? 1143143835 M * micah Bertl: sure, i dont really even know what "Sign-off" means, but I'm happy for you to do it :) 1143143849 M * daniel_hozac you can add me as ack too, if you want. 1143143869 M * Bertl micah: it means that you've read the stuff and whatnot and acknowledge the license 1143143880 M * Bertl daniel_hozac: okay, will do so ... 1143144158 M * Bertl okay, let's see how that goes 1143144332 M * daniel_hozac Bertl: hmm, i may have screwed up the testcase code again, but it's hanging now. 1143144335 Q * ntrs__ Ping timeout: 480 seconds 1143144401 M * daniel_hozac which i guess would be consistent with the hangs people are experiencing. 1143144431 M * daniel_hozac http://daniel.hozac.com/vserver/sendfile-test.c 1143144436 M * daniel_hozac any obvious mistakes like the socket one? 1143144465 M * daniel_hozac htons on the port... sorry. 1143144646 A * daniel_hozac sighs. 1143144685 M * daniel_hozac ok, with proper test case code, it succeeds. 1143144742 M * daniel_hozac but i don't have problems with httpd either, after reverting those hunks. 1143144770 M * Bertl what makes me wonder is the https vs http case 1143144792 M * daniel_hozac HTTPS disables sendfile. 1143144801 M * daniel_hozac it needs to encrypt the data before sending it. 1143144802 M * Bertl ah, hmm .. 1143144838 J * FireEgl Atlantica@2001:5c0:84dc:: 1143145217 M * Bertl welcome FireEgl! 1143145238 M * FireEgl =) 1143145397 Q * Viper0482 Quit: bin raus, 1143145499 M * Bertl daniel_hozac, doener: http://vserver.13thfloor.at/Experimental/delta-sched-fix01.diff 1143145513 M * Bertl (a bug with interesting results :) 1143145619 M * daniel_hozac hmm? 1143145656 M * Bertl well, it causes scheduler havoc when the hard and priority scheduling is _not_ enabled but compiled in :) 1143145680 M * Bertl i.e. processes get rescheduled after roughly one tick ... 1143145752 M * daniel_hozac oh, ok, that sounds really bad. 1143145805 M * Bertl but this gave me the idea to use it for prio scheduling too 1143145832 M * Bertl this might actually make prio scheduling penalize 'evil' contexts 1143145859 M * Bertl will have to do more testing on that though ... 1143145890 M * Bertl in any case, it probably fixes the strange differences Aiken did observe 1143146580 Q * Dr4g Ping timeout: 480 seconds 1143146980 J * mkhl ~mkhl@200-148-41-210.dsl.telesp.net.br 1143147155 M * Bertl welcome mkhl! 1143148570 M * micah so I am guessing that it is still the case that dietlibc on hppa/parisc will cause problems building util-vserver, correct? 1143148583 M * micah I'm trying to decide if I should disable hppa builds for this upload 1143148647 M * Bertl hmm, are you reading the dietlibc ml? 1143148674 M * micah no, has there been activity there? 1143148676 M * Bertl btw, we have a few bugfixes for 2.0.2 and 2.1.1 1143148698 M * Bertl yes, somebody reported similar issues with other syscalls on hppa 1143148708 M * Bertl and submitted a few patches 1143148717 A * micah goes to read 1143148729 M * Bertl let me see if I can find it ... 1143148729 M * micah the 2.0.2/2.1.1 fixes aren't for util-vserver are they? 1143148742 M * Bertl nope, jsut kernel fixes 1143148765 M * micah I should get those in too 1143148768 M * Bertl micah: but you should talk to daniel_hozac regarding tool fixes 1143148856 M * Bertl from Gerrit Pape, subject: Re: dietlibc on hppa/parisc 1143148861 M * micah I only see Joel Soete's messages to the dietlibc list re: parisc/hppa 1143148878 M * micah daniel_hozac: Bertl says I should talk to you :) 1143148900 M * Bertl micah: hmm, 351875@bugs.debian.org got cc-ed 1143148966 M * micah Bertl: I see Gerrit's half-patches 1143149048 M * Bertl something like that might work for the util-vserver issues too 1143149068 M * Bertl of course, a redesign of dietlibc would be better :) 1143149197 M * daniel_hozac hmm, i guess i should setup one of my hppa boxes. 1143149207 M * micah I'm a little nervous to add that to the package without the ability to try it 1143149238 M * Bertl micah: you can get a logon to my hppa for testing 1143149416 M * micah Bertl: what I can do is to build a new dietlibc package with that patch of Gerrit's, and then build the new util-vserver package against it, and then I'd need your help in figuring out if it works or causes regressions 1143149464 M * Bertl you can get access tomorrow evening and the weekend without problems 1143149490 M * Bertl (the only issue is, it's dialup, so I have to be there and online :) 1143149501 M * micah hehe :) 1143149543 M * micah ok, let me know... I have a *very* limited understanding of this issue, but i can do some of the lifting if you can guide me 1143149583 M * Bertl okay, I'll contact you tomorrow around 10pm CET 1143149681 M * micah sounds good 1143150026 J * ntrs ~ntrs@68-188-37-15.dhcp.stls.mo.charter.com 1143150436 M * Bertl welcome ntrs! 1143150450 M * ntrs Hi Bertl 1143150496 T * Bertl http://linux-vserver.org/ | latest stable 2.01, 1.2.10, 1.2.11-rc1, devel 2.1.0, exp 2.{0.2,1.1}-rc14 | util-vserver-0.30.210 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) 1143150507 M * Bertl *rc14 is there for 2.6.16 1143150863 M * Bertl bonbons: are you around? 1143150880 M * bonbons yep 1143150905 M * Bertl could you point me to the changes you did for ipv6 (i.e. latest kernel patches regarding that)? 1143150929 M * bonbons sec. 1143151013 Q * shedi Read error: Connection reset by peer 1143151037 M * Bertl np, take your time 1143151091 M * bonbons Here is the patch I uploaded last time: http://homepage.internet.lu/brunop/vserver/net_ipv6.diff, some other additions (started patching on IPv6 stack) are on another box that's currently offline 1143151143 M * Bertl okay, but that one should cover the API part, right? 1143151207 M * daniel_hozac Bertl: didn't you miss one of the do_sendfile changes in 2.0.2? 1143151221 M * Bertl did I? 1143151229 M * daniel_hozac rc14 still has one hunk. 1143151241 M * daniel_hozac @@ -689,9 +689,8 @@ static ssize_t do_sendfile(int out_fd, i 1143151261 M * daniel_hozac i didn't think about it when i saw the delta, that must be why it works for me and not for the others. 1143151346 M * Bertl yup, indeed 1143151366 M * Bertl okay, I'll fix that up in place 1143151417 M * Bertl okay, done 1143151438 M * Bertl daniel_hozac: thanks for spotting it! 1143151456 M * Bertl (read: we had enough fun with sendfile for now :) 1143151465 M * daniel_hozac agreed. 1143151477 M * daniel_hozac did you fix the potential system_utsname leaks yet? 1143151521 M * Bertl nope, going to address this and some config cleanups now 1143151532 M * Bertl do you already have some patches? 1143151537 M * daniel_hozac no, sorry. 1143151868 J * Aiken ~james@tooax6-177.dialup.optusnet.com.au 1143151877 M * bonbons Bertl: the other additions will most probably be for sunday/monday as on saturday I'm on trip and fridays are very busy 1143151878 M * Bertl ah, great! welcome Aiken! 1143151913 M * Bertl bonbons: no problem, I will work myself through it and have a version on saturday or sunday ... 1143151923 M * Aiken good morning 1143151931 M * bonbons well it's really time to get to bed, good night everybody! 1143151932 M * Bertl bonbons: did you spend some more thoughts on the bcaps masking stuff? 1143152017 M * bonbons not so many, my thoughts went into the direction of applying the context-caps-mask on processed in capable() check <- that way any adjustment is always applied instantly 1143152067 M * Bertl hmm, so you mean having the full cap-mask inside a guest, but 'mask' it for checks? 1143152072 M * Bertl that could actually work 1143152094 M * bonbons changing context BCAPs would work as changing it's CCAPs or flags add value/mask, just changing the value in the context descriptor 1143152129 M * daniel_hozac that would also alleviate the BIND problems, wouldn't it? assuming processes inside are allowed to set caps that the context doesn't have, which shouldn't be a problem. 1143152143 M * Bertl it ahs probably some security implications, but it sounds like a good way to go 1143152180 M * Bertl will think about it and extend the API in this direction 1143152183 M * bonbons yep, each check would test against (process-bcaps & ctx-bcaps) instead of just process-bcaps 1143152211 J * shedi ~siggi@inferno.lhi.is 1143152260 M * bonbons the only decision to take is how to show a process it's current bcaps when it checks them <- with or without context mask applied 1143152295 M * Bertl Aiken: my aplogies for buging you (in advance), but could you give the rc14 a try and see if that fixes the guest vs host issues? 1143152354 M * bonbons off for today 1143152358 M * Bertl good night! 1143152390 M * bonbons thanks! 1143152392 Q * bonbons Quit: Leaving 1143152394 M * Aiken downloading now 1143152426 M * Bertl alternatively you can use this patch: http://vserver.13thfloor.at/Experimental/delta-sched-fix01.diff 1143152433 M * Aiken is it just alpha or are other arch seeing that kind of slow down in guests? 1143152448 M * Bertl most archs, but not _that_ excessive 1143152507 M * Aiken I reinstalled the packages that were showning 'no symbols' in the profile so profiles are more meaning full now 1143152524 M * Aiken those files had previous been stripped of all debugging info 1143152615 M * Aiken at least 2.6.16 seems stable now, that machine has been building kde for the last 38 hours and still going strong 1143152645 M * daniel_hozac ouch, and i thought my kernel builds were bad. 1143152762 M * Bertl Aiken: we observed ~6% on amd64 and even less on x86 1143152961 M * daniel_hozac are xen0 kernels with vserver useful? 1143152980 M * Bertl I tell you, I have no idea :) 1143152987 M * daniel_hozac xenU are the guests, right? 1143152996 M * Bertl yep 1143152998 A * daniel_hozac doesn't want to disable the wrong kernels. 1143153078 Q * soltesz Quit: using sirc version 2.211+KSIRC/1.3.11 1143153288 M * daniel_hozac disabling two kernels should take a few hours off the build time. 1143153312 M * Bertl hmm, can't you keep the build tree? 1143153349 M * daniel_hozac does that work when the config is changed? 1143153393 M * Bertl well, a) you can build outside the kernel, and b) you could have cp -la trees too :) 1143153427 M * daniel_hozac it uses the same source tree. 1143153436 M * daniel_hozac it just make -s mrproper's it before each build. 1143153453 M * Bertl which should not be required 1143153469 M * Bertl but I was thinking of having two or three branches 1143153486 M * Bertl one built for xenU, one for vserver, one for both 1143153507 M * Bertl and whenever you get a new patch, apply that to the branch, and rebuild 1143153535 M * daniel_hozac well, i don't patch in Xen. Fedora does that. 1143153539 M * Bertl then do make rpm (or whatever is required to get your kernel packages) 1143153561 M * daniel_hozac and they'll also build the "vanilla" xenU kernels. 1143153579 M * Bertl so _what_ are you actually building then? :) 1143153581 M * daniel_hozac i just build the plain UP, SMP and xenU vserver kernels. 1143153607 M * daniel_hozac (previous run also had xen0 and kdump enabled) 1143153623 M * Bertl okay, so then either do that for them, or, if you insist on 'rebuilding' the entire stuff, you can make good use of ccache 1143153662 M * daniel_hozac but won't the header tracking get in the way? 1143153687 M * Bertl hmm? 1143153691 M * daniel_hozac i mean, notice that linux/config.h has changed, and then rebuild everything including it (which should be just about everything). 1143153723 M * Bertl ah, good that you remind me, config.h can be removed now :) 1143153754 M * daniel_hozac hmm? 1143153789 M * Bertl let me double check that, but IIRC config.h is obsolete 1143153800 M * Aiken used the delta, just started the test 1143153803 M * daniel_hozac oh, so what are you supposed to use? 1143153818 M * Bertl the config stuff is magically auto-included 1143153831 M * daniel_hozac oh, ok. 1143153915 M * daniel_hozac so the header tracking wouldn't interfere? how would it then know which files to recompile because their define's changed? 1143154001 M * Bertl yup, just tried with vci_config.h 1143154020 M * Bertl added a big #error inside #ifndef CONFIG_VSERVER 1143154032 M * Bertl then removed the config.h include 1143154049 M * Bertl works fine *G* 1143154503 J * coocoon GrTB0T@p54A07024.dip.t-dialin.net 1143154510 P * meandtheshell 1143154512 M * coocoon evening to all 1143154519 M * Bertl evening coocoon! 1143155317 M * Aiken much better http://pastebin.com/618976 1143155401 M * Bertl excellent! 1143155458 M * Bertl so that shows roughly 0.3% difference 1143155466 M * Bertl which is probably way below the noise 1143155582 M * Aiken doing a 2nd run after rm -rf the old profile data 1143155613 M * Bertl Aiken: do you have some values for 2.6.16 (without the vserver patch) too? (jsut asking) 1143155620 J * frz ~frz@86.59.25.121 1143155625 M * Bertl welcome frz! 1143155637 M * frz hi 1143155665 M * Aiken once the current run is finished I can, there is a std 2.6.16 kernel ready to go 1143155685 M * Bertl okay, just make sure that the config is as similar as possible 1143155719 M * Aiken the only difference in config the vserver vs no vserver 1143155731 M * Bertl excellent! 1143155796 M * doener Bertl: hm, sendfile not fixed? (didn't completely read up, just the ml) 1143155811 M * daniel_hozac doener: missing hunk. 1143155816 M * Bertl well, yes and no, I missed a hunk 1143155822 M * daniel_hozac -rc14 should be fixed. 1143155823 M * doener ah, i c 1143155845 M * Bertl so maybe we should ask folks to retry with rc14 1143156039 Q * dos000 Quit: Leaving 1143156245 Q * coocoon Remote host closed the connection 1143156766 J * coocoon GrTB0T@p54A07024.dip.t-dialin.net 1143157595 J * Dr4g ~Dr4g@82-40-203-70.stb.ubr06.uddi.blueyonder.co.uk