1153180870 M * Karmek it's a pitty that my provider has No list of the used harware for this server 1153180914 M * Bertl lspci will tell you quite some story 1153180998 M * Karmek 90% unknown device 1153181000 M * daniel_hozac dmidecode might tell you quite a bit about the motherboard as well. 1153181040 M * Karmek lol, ATI Rage XL on board 1153181501 M * Karmek finally finished... 1153181588 J * mkhl ~mkhl@200-148-41-123.dsl.telesp.net.br 1153181781 M * Karmek ip_tables still does not work :( 1153181803 M * Bertl did you load the modules? 1153181828 M * Bertl (and more important, did you reboot the kernel?) 1153181832 M * Karmek i told menuconfig to add all belonging to iptables directly into the kernel 1153181851 M * Karmek yes, i did a shutdown -rn now 1153181906 M * daniel_hozac after pointing your boot loader at the new kernel, which you did install, right? 1153181907 M * Bertl so how does iptables fail for syou? i.e. what message do you get? 1153181942 M * Karmek Yes daniel_hozac i corrected the link 1153181969 M * Karmek :/# iptables -t nat -A PREROUTING -p tcp --destination-port 20022 -j DNAT --to-destination 192.168.0.2:22 1153181969 M * Karmek FATAL: Module ip_tables not found. 1153181970 M * Karmek iptables v1.3.3: can't initialize iptables table `nat': iptables who? (do you need to insmod?) 1153181970 M * Karmek Perhaps iptables or your kernel needs to be upgraded. 1153181995 M * Bertl try with iptables -L first 1153182012 M * Karmek same issue 1153182020 M * Bertl you probably forgot to enable masquerading/full nat 1153182030 M * Karmek in my kernel? 1153182066 M * Bertl yep 1153182082 M * Karmek i'll have a look 1153182213 M * Karmek of curse i forgot... *donk* 1153182258 Q * daniel_hozac Remote host closed the connection 1153182270 J * daniel_hozac ~daniel@c-2d1472d5.010-230-73746f22.cust.bredbandsbolaget.se 1153182375 M * Bertl wb daniel_hozac! 1153182386 M * daniel_hozac thanks. 1153183318 M * Karmek yippi /cheer 1153183327 M * Karmek working now 1153183346 M * Karmek i won't thank you now, you know why :o 1153183501 M * locksy No one seems to be alive in #linux-kernel so I'll ask here :) Is there still a size limit for individual swap partitions in 2.6 (specifically 2.6.16+) 1153183579 M * Karmek No clue 1153183687 M * Bertl locksy: very likely, nothing is unlimited :) 1153183863 M * locksy Good point :) 1153183878 M * locksy I guess I'll go use the source... 1153183936 M * Karmek strange, i tried to log into my vserver and am allways getting access denied. So i stopped the sshd from the vserver but it still does respone when i try to connect? Semms as if i still reach the hosts sshd 1153183975 M * Bertl yep, you probably forgot to restrict your host's sshd 1153184004 M * Bertl (so it binds to all ips, and you reach that instead of the guest, which is not even able to start an sshd :) 1153184035 M * Karmek No i did ... at least i though so. I edited ssh_config :/ 1153184046 M * locksy and then restarted it ? 1153184059 M * locksy ummm do you mean sshd_config 1153184067 M * Karmek yes, but what should it change if i edit ssh_config instead of sshd_config? 1153184078 M * Karmek No i actually mean ssh_config... 1153184096 M * locksy the daemon uses sshd_config for it's config. 1153184106 M * Karmek Yep 1153184117 M * Karmek it is to late for me... 1153184448 M * Karmek works great now =) 1153184480 M * Bertl excellent .. I'm off to bed now .. have nice one everyone! cya tomorrow! 1153184496 M * Bertl nick Bertl_zZ 1153184511 M * Karmek gn8 and Thanks a lot! 1153184536 M * romke Bertl: nothing is unlimited? what about universe and human stupidity :P 1153184573 N * Bertl Bertl_zZ 1153184665 M * Skram KERNEL: assertion (!sk->sk_forward_alloc) failed at net/core/stream.c (279) 1153184666 M * Skram KERNEL: assertion (!sk->sk_forward_alloc) failed at net/ipv4/af_inet.c (149) 1153184670 M * Skram make sense to anyone? 1153184764 M * Karmek Nope 1153184877 Q * yarihm Quit: Leaving 1153185119 M * romke Skram: google knows a lot about it ;) http://tinyurl.com/n58hg 1153185186 M * Skram should I be worried 1153185580 M * romke Skram: which kernel you are using? 1153185625 M * Skram 2.6.15 1153185635 M * Skram i mean .14 1153185639 M * Skram Linux hercules 2.6.14-vs2.0.1-gentoo #2 SMP Sat May 6 22:38:15 CDT 2006 i686 Intel(R) Xeon(TM) CPU 3.20GHz GenuineIntel GNU/Linux 1153185769 Q * kir_home Ping timeout: 480 seconds 1153185895 M * romke Hmm, on 2.6.15 got same thing 1153186007 M * romke I see patch for this on 2.6.16 1153186020 M * Skram well 1153186031 M * romke http://tinyurl.com/jnypy 1153186032 M * Skram this is a production server, dont want to reboot after kernel upgrade 1153186034 M * Skram itll wait :P 1153186061 M * romke s/2.6.16/2.6.17/ 1153186818 M * Radiance is there a channel for ssh mysteries ? :) 1153186892 M * Skram Radiance: what do you mean? 1153186898 J * kir_home ~kir@OTWAON23-1178069239.sdsl.bell.ca 1153186905 M * Radiance trying to see why a system all of a sudden doesn't want to continue with the key exchange (using ssh -v for debugging) 1153186916 M * Radiance box A to B, worked just fine until today 1153187295 M * Radiance stops here: debug1: SSH2_MSG_KEXINIT sent 1153187341 M * Radiance 2 exactly the same machines, versions, only difference is that one is located in a different country 1153187959 Q * kir_home Quit: Ухожу я от вас 1153188499 Q * FireEgl Ping timeout: 480 seconds 1153189319 J * FireEgl Atlantica@Atlantica.US.TO 1153189416 Q * Karmek Quit: Da war "Nichts" :D | [14:45] mu die jungfrau gehaun werden? | dd bekomm ich die jungfrau biiiitttteee 1153189920 Q * FireEgl Ping timeout: 480 seconds 1153190479 Q * mkhl Quit: 1153190656 J * FireEgl Atlantica@Atlantica.US.TO 1153190919 M * Radiance nvm found the evil :) 1153191466 J * gerrit ~gerrit@wm402rot.66.ADSL.NetSurf.Net 1153203784 J * eyck eyck@ghost.anime.pl 1153204014 N * otaku42_away otaku42 1153204599 J * dna ~naucki@dialer-184-3.kielnet.net 1153206752 J * schimmi ~sts@port-212-202-73-176.dynamic.qsc.de 1153206766 J * ||Cobra|| ~cob@pc-csa01.science.uva.nl 1153207126 Q * meandtheshell Quit: bye bye ... 1153207432 Q * Aiken Ping timeout: 480 seconds 1153207870 J * Zaki_ ~Zaki@212.118.99.21 1153208174 Q * Zaki Ping timeout: 480 seconds 1153208308 Q * insomnia1 Read error: Operation timed out 1153208429 J * insomniac ~insomniac@slackware.it 1153208684 J * MrX ~urk@219.95.13.36 1153209990 P * anonc adios 1153209996 J * anonc ~anonc@staffnet.internode.com.au 1153210567 Q * DreamerC Remote host closed the connection 1153210864 Q * schimmi Ping timeout: 480 seconds 1153210916 J * DreamerC ~dreamerc@59-112-7-22.dynamic.hinet.net 1153211510 Q * DreamerC Quit: leaving 1153211741 J * DreamerC ~dreamerc@59-112-7-22.dynamic.hinet.net 1153211751 Q * DreamerC Quit: 1153211768 N * Zaki_ Zaki 1153211817 J * DreamerC ~dreamerc@59-112-7-22.dynamic.hinet.net 1153212484 Q * gerrit Ping timeout: 480 seconds 1153212555 M * anonc daniel_hozac: you around? 1153212659 J * schimmi ~sts@host10.natpool.mwn.de 1153212822 Q * Greek0 Ping timeout: 480 seconds 1153212984 J * yarihm ~yarihm@84-74-17-70.dclient.hispeed.ch 1153213198 J * pisc1 ~pampel@p5087BA22.dip0.t-ipconnect.de 1153214208 J * Greek0 ~greek0@85.255.145.201 1153215251 Q * DreamerC Quit: leaving 1153215306 J * DreamerC ~dreamerc@59-112-7-22.dynamic.hinet.net 1153215338 Q * DreamerC Quit: 1153215419 J * DreamerC ~dreamerc@59-112-7-22.dynamic.hinet.net 1153215463 Q * DreamerC Quit: 1153215479 J * DreamerC ~dreamerc@59-112-7-22.dynamic.hinet.net 1153215487 Q * DreamerC Quit: 1153215504 J * DreamerC ~dreamerc@59-112-7-22.dynamic.hinet.net 1153215552 J * lilalinux ~plasma@dslb-084-058-203-233.pools.arcor-ip.net 1153215876 J * dna_ ~naucki@dialer-167-59.kielnet.net 1153215892 J * mattr_sf ~matt@p508853FA.dip.t-dialin.net 1153216122 J * lilalinux_ ~plasma@80.69.35.186 1153216269 Q * dna Ping timeout: 480 seconds 1153216358 Q * mattr_sf Quit: Leaving 1153216504 Q * lilalinux Ping timeout: 480 seconds 1153216616 Q * shedi Quit: Leaving 1153217558 N * Bertl_zZ Bertl_oO 1153220765 P * anonc adios 1153220800 J * anonc ~anonc@staffnet.internode.com.au 1153222181 J * cdrx ~legoater@wm402rot.66.ADSL.NetSurf.Net 1153222354 J * Karmek ~nichts@i53874E82.versanet.de 1153222359 M * Karmek hello 1153222634 N * Bertl_oO Bertl 1153222639 M * Bertl morning folks! 1153222699 A * weeble waves at bertl 1153222740 M * Karmek Hi Bertl 1153222777 M * Hollow hossa, bertl awake at 1pm.. how comes? 1153222782 M * Hollow :) 1153222804 M * Bertl Hollow: heh, a lot of work to do .. 1153222849 M * Karmek can somebody explain me how to limit diskspace and CPU usage of a vserver? 1153222878 M * Hollow http://linux-vserver.org/Disk+Limits 1153222887 M * Hollow http://linux-vserver.org/Resource+Limits 1153222908 M * Hollow http://linux-vserver.org/Scheduler+Parameters 1153222909 M * Bertl yep, and the scheduler page, basically all you can find @ http://linux-vserver.org/Documentation 1153222922 M * Karmek Thank You 1153222941 M * Bertl You're welcome! :) 1153222986 M * Hollow Bertl: btw, did you find the execve issue yet? 1153223013 M * Bertl nah, I _thought_ that I'd see a bug in the code yesterday, but it seems fine 1153223020 M * Hollow hmhm 1153223027 M * Hollow nasty little bug 1153223034 M * Bertl the proper syscall is used, the args look fine, IMHO one of the arguments is wrong 1153223065 M * Bertl so the next step is to check the three pointers (to pointers) passed to the syscall 1153223077 M * Hollow would ssh acccess help? it's a dev box anyway 1153223103 M * Bertl not really, as I don#t have _any_ time atm 1153223129 M * Bertl but you can gdb once again to the syscall, and check the arguments manually 1153223138 M * Hollow ic, i will take a look at rcx/r10 and gather some debugging stuff for 1153223142 M * Hollow you 1153223151 M * Bertl rcx/r10 can be ignored 1153223161 M * Bertl this is just a red hering 1153223169 M * Hollow ok.. 1153223178 M * Hollow so for what should i look? 1153223184 M * Hollow i mean which registers/vars 1153223187 M * Bertl i.e. the 4th argument is generated by the kernel enter routine for execve 1153223220 M * Bertl the fact that usespace _seems_ to pass the 4th argument is just the fact that dietlibc does the unified syscall stuff 1153223258 M * Bertl when I find some time, I submit a fixup for the 4,5 and 6 arg syscalls, which are silently ignored as on other archs 1153223261 M * Hollow ah, ic.. this would happen with shiny.h too, no? 1153223283 M * Bertl that's the point I'd be interested in, but I'd say so 1153223302 M * Bertl i.e. call execve with 3 arguments (with shiny, for example) 1153223344 M * Bertl my best guess would be that _one_ argument which is considered mutable is actually in the wrong section or so 1153223362 M * Bertl or maybe a pointer does not point into usable space 1153223387 M * Hollow ok, will take a look 1153223767 M * harry is there a 255 limit for number of vservers on 1 system actually? 1153223782 M * Bertl harry: nope, not really 1153223802 M * Bertl xid limit is 49150 (currently) 1153223805 M * daniel_hozac anonc: pong 1153223818 M * harry hmm... quite a lot ;) 1153223835 A * harry will maybe learn some mainframe os stuff in the next couple of months 1153223843 M * harry i think that would be cool 1153223933 M * anonc daniel_hozac: delayed return ping :) 1153224063 M * daniel_hozac anonc: what's up? 1153224095 M * anonc daniel_hozac: back when I was asking about why 'rm' was thinking cow-linked files were write-protected. Its the access() call which fails: access("c", W_OK) = -1 EACCES (Permission denied) 1153224129 M * daniel_hozac anonc: yeah, that's what prompted doener's IS_IMMUTABLE review. 1153224164 M * anonc wasn't that the utimes() call? 1153224294 M * daniel_hozac i guess we thought it was an isolated case until he ran into the access thing. i can't remember for sure though. 1153224323 J * gerrit ~gerrit@wm402rot.66.ADSL.NetSurf.Net 1153224347 Q * cdrx Ping timeout: 480 seconds 1153224756 M * Bertl wb gerrit! 1153225387 M * anonc daniel_hozac: i wonder if access() is still making some assumptions since it doesn't know about iunlink flags...(the isn't-that-file-read-only issue is still there after the delta-cow-feat03.diff patch 1153225480 M * anonc daniel_hozac: it shouldn't be too hard to fix since access is just a test and doesn't require any action to be taken. I'll see what I can find tomorrow Off to the bus. Bye. 1153225696 M * Hollow Bertl: i have gathered the contexts of the memory location just before the syscall opcode, http://home.xnull.de/misc/execve-bug.tar.bz2 1153225701 M * Hollow *contents 1153225728 M * Bertl and, any clues yet? 1153225771 M * Bertl hmm, 346 and 411? is it a gcc related issue too? 1153225783 M * Hollow at least with 3.4.6 it works 1153225790 M * Hollow and 4.1.1 not 1153225795 M * Bertl very interesting ... 1153225833 M * Hollow well.. %rdi looks ok in the memory dump, %rsi should contain the same as %rdi imo, but both 346 and 411 looks like nonsense to me 1153225924 M * Bertl check %rdx, this one looks suspicious to me 1153225953 M * Bertl in the 346 case that is in the same segment/are as the others 1153225972 M * Bertl while in the 411 case it is somewhere else 1153225978 M * Hollow indeed 1153225999 M * Bertl and this _is_ the env pointer :) 1153226517 Q * gerrit Ping timeout: 480 seconds 1153227101 M * cryptronic Hi all 1153227166 M * cryptronic I need a little bit support, i'm running linux vserver, all works fine expect top and vtop 1153227198 M * cryptronic if i run top or vtop the proccess needs 90% and more cpu power and i have no clue what i can do against that 1153227208 M * cryptronic maybe someone could help me? 1153227215 M * cryptronic it is a debian host system 1153227281 M * daniel_hozac anonc: it's a very EASYFIX, in fs/namei.c:permission, add && !IS_COW(inode) to the IS_IMMUTABLE check. 1153227387 M * Bertl cryptronic: that sounds at least interesting 1153227407 M * Bertl cryptronic: could it be that some frquency scaling or so kicks in? 1153227438 M * cryptronic i have no clue when i run top in vservers all works fine 1153227457 M * daniel_hozac what if you copy the top from the host and run that in a guest? 1153227481 M * cryptronic just a moment 1153227481 J * Milf ~Miranda@ipsio391.ipsi.fraunhofer.de 1153227491 M * Milf Howdy 1153227529 M * Milf Anoone got an idea on how to recreate device files after I overwrote them in a recover from tape? 1153227548 M * cehteh MAKEDEV ? 1153227585 M * Hollow Bertl: %rdx is changed in execv library call before the execve syscall.. both gcc versions can be found here http://paste.linux-vserver.org/206 1153227586 M * cryptronic while executing in vserver the hosts top: top: error while loading shared libraries: libproc.so.3.2.1: cannot open shared object file: No such file or directory 1153227600 M * Milf Hmmm makedev, why didn't I think of that? 1153227663 M * daniel_hozac cryptronic: so what distro do your guests use? 1153227671 M * cryptronic same debian 3.1 1153227746 M * Milf is makedev something distro specific? 1153227764 M * cryptronic ok coyped the lib 1153227765 M * daniel_hozac it's usually in /dev, i.e. not in your PATH. 1153227779 M * cryptronic now same top proramm runns normal with 0.3% 1153227787 M * daniel_hozac but i suppose it is kind of distro specific. 1153227826 M * Bertl cryptronic: guess you have to strace the top on the guest 1153227837 M * Bertl s/guest/host/ 1153227869 M * cryptronic just a moment 1153227876 Q * lilo2 Remote host closed the connection 1153227921 J * lilo2 hiddenserv@tor.noreply.org 1153228040 M * cryptronic ok i just made a strace on the host and on a vserver 1153228056 M * Bertl I'd assume the host is looping somewhere 1153228065 M * cryptronic yes thats is 1153228066 M * cryptronic it 1153228071 M * cryptronic i just wanted to post that ;) 1153228080 M * cryptronic but how can i breakt the look? 1153228083 M * cryptronic loop? 1153228085 M * Bertl okay, use paste.linux-vserver.org 1153228120 M * Bertl could be terminal related, might try with screen (or if you do, without) 1153228209 M * cryptronic i can't paste because it's to long and piping didn't work :( 1153228247 M * doener -o output.file (if you meant strace) 1153228251 M * cryptronic when i run under screen there happens the same 1153228258 M * cryptronic ah ok mom 1153228267 M * doener or use 2>file for piping, strace prints to stderr 1153228382 J * gerrit ~gerrit@OTWAON23-1177993857.sdsl.bell.ca 1153228391 M * gerrit g'morning Bertl 1153228432 M * Bertl okay, have to leave now .. will be back in the evening ... 1153228464 N * Bertl Bertl_oO 1153228489 M * cryptronic hmm 1153228524 M * cryptronic bacause it's to much to paste: www.cryptronic.de/host.txt and www.cryptronic.de/vserver.txt 1153228568 M * cryptronic maybe someone have a hint or i have to wait for Bertl_oO to come back 1153228625 M * cryptronic would it help to update my hostsystem to sid? 1153228689 Q * pusling Ping timeout: 480 seconds 1153229225 J * cdrx ~legoater@cmr-208-97-126-250.cr.net.cable.rogers.com 1153229318 J * pusling pusling@195.215.29.124 1153229421 M * Milf What a mess: I had to recover a whole Hostserver (thankfully not yet put into production) to exchange both it's disks. 1153229449 M * Milf Reinstall, recover: I recovered the devices too. Big mistake, as I changed the partition layout. 1153229477 M * Milf Now I gotta reinstall and recover again, this time without recovering devices. 1153229484 M * Milf Or has anyone else another idea? 1153229531 M * Milf MAKEDEV wont work as I can't boot the system. Booting KNOPPIX I don't know how to tell knoppix' MAKEDEV to work on /mnt/sda2/dev 1153229561 M * Milf (apart from that, SuSE doesn't deliver MAKEDEV, it's got other tools) 1153230188 Q * derjohn Quit: by(t)e 1153230835 M * sid3windr chroot /mnt ? 1153230926 M * Milf Yeah, on the first try, I got no access to /proc that way. I'll try a hardlink or sumpin 1153230943 M * daniel_hozac or you could just mount /proc. 1153231062 M * Milf Oh hmm, would be the better approach I guess. 1153231147 M * sid3windr yea 1153231148 M * sid3windr :) 1153231154 M * meebey where can I find the params that vserver passes to the scripts? 1153231166 M * daniel_hozac hmm? 1153231168 M * meebey like prepre-start.d 1153231182 M * meebey the flowerpower page is not a wiki btw, which is bad 1153231193 M * meebey nobody can add missing pieces/info 1153231232 M * mnemoc or spam 1153231258 M * meebey I dont see spam on the wiki 1153231268 M * mnemoc :p 1153231273 M * doener because powerfox does a good job cleaning it up 1153231293 M * doener (pretty easy if you follow the wiki ml and have the time to check all changes) 1153231313 M * meebey so where can I find the params now? :) 1153231330 M * daniel_hozac vserver.functions:execScriptlets. 1153231336 M * meebey I am writing a hack, else I cant use the directory config layout 1153231370 M * meebey to write the current IP in the interfaces/foo/ip file 1153231381 M * meebey and I want to do that with prepre-start.d 1153231389 M * daniel_hozac you realize that giving a guest a dynamic IP address is a bad idea, right? 1153231391 M * meebey before it brings the interface up 1153231405 M * daniel_hozac (because you have to restart the guest every time your address changes...) 1153231417 M * meebey I know 1153231430 M * daniel_hozac would make more sense to give the guest a private IP address and use NAT, IMHO. 1153231434 M * meebey the VPN tunnel must be reinitialized anyhow 1153231434 P * pisc1 1153231448 M * meebey daniel_hozac: thats what I do for all services that are NAT safe 1153231454 M * meebey ipsec is not 1153231469 M * Milf Hrgn, I f**ed up the install with on fs in reiser and one in ext2 and another probably ext3 :) 1153231470 M * daniel_hozac you could also just put the interface name in the ip file, if you really want to do that uglyness. 1153231492 M * meebey daniel_hozac: will that work? 1153231499 A * Milf gets a rag and some Sidolin to wipe the disk. 1153231499 M * meebey daniel_hozac: the old config supported, using interface names 1153231514 M * daniel_hozac in the sense of automatically converting it to the primary interface address, yes. 1153231548 M * meebey that would make the required hack unneeded 1153231553 M * meebey *testing* 1153231635 M * meebey hm it worked 1153231651 M * meebey nice, nobody told me this, and its the 3rd time I mention this problem 1153231668 M * meebey and now I cant add that info to the page ;) 1153231712 M * meebey also its not that nice to change the vserver configs 20 times per server, so using the interface name is much more flexible 1153231722 M * meebey even if its not dynamic (as in DHCP) 1153231764 Q * Curus Read error: Operation timed out 1153231774 J * Curus ~Curus@kbhn-vbrg-sr0-vl209-213-185-8-10.perspektivbredband.net 1153231940 M * meebey daniel_hozac: thanks for the tipp 1153231984 M * doener meebey: i don't know about daniel_hozac, I don't know about that since a few days ago, when we discovered that feature in chbind 1153231992 M * doener s/since/until/ 1153232049 M * meebey doener: so its a just discovered unknown feature? :) 1153232064 M * doener at least for me, yes 1153232078 M * meebey that makes it possible for me to use the directory config layout 1153232106 M * meebey my vservers are templates for many servers, so hardcoding something means I need to adjust it for every server and vserver 1153232117 M * doener it's a bit strange, as the chbind call then looks like: ... --ip eth0 (or similar) probably noone expected that to work 1153232128 M * meebey hehe 1153232162 M * doener the semantics are like "use the ip address that ifconfig shows for that interface" then AFAICT 1153232166 M * meebey though for my vpn vserver, the directory config causes it to not start openswan correctly 1153232188 M * meebey I suspect a bug in openswan or vserver tools, with the old config it works, and starting openswan from inside works too 1153232193 M * doener hm, didn't you fix that just a day ago? 1153232207 M * doener something with a missing call to vprochunhide? 1153232209 M * meebey not fixed, but workaround by using old config file 1153232219 M * meebey doener: thats not the cause of it 1153232226 M * meebey I use vprocunhide, yes 1153232233 M * doener what's the cause then? ;) 1153232240 M * meebey vserver vpn start -> openswan will not start 1153232249 M * meebey vserver vpn exec /etc/init.d/ipsec start -> openswan will not start 1153232265 M * meebey vserver vpn enter; /etc/init.d/ipsec start from inside -> openswan starts 1153232290 M * doener hm... any messages from openswan when it fails to start? sounds like a pty issue 1153232296 M * meebey nope 1153232301 M * meebey no message at all 1153232309 M * Hollow Java is broken 1153232312 M * meebey I tried to strace it, but I couldnt see anything strange 1153232314 M * Hollow *giggle* 1153232319 M * meebey doener: the process just dissappears 1153232331 M * doener do you still have that strace? 1153232341 Q * TheSeer Read error: Operation timed out 1153232342 M * meebey hm no but I can rerun it, if you want 1153232389 M * meebey its hell to read because lots of subscripts 1153232441 M * meebey also stopping the vpn vserver causes the vserver script to get killed 1153232473 M * meebey could be related to caps 1153232509 M * doener well, I see that kill message as well, I guess it's harmless, but others might know better 1153232539 M * meebey it doesnt show up with the old config (old scripts) 1153232550 M * meebey Rebooting... /usr/sbin/vserver: line 85: 11476 Killed "${NICE_CMD[@]}" ${USE_VNAMESPACE:+$_VNAMESPACE --enter "$S_CONTEXT" -- } $_VCONTEXT $SILENT_OPT --migrate --chroot --xid "$S_CONTEXT" -- "${INITCMD_STOP[@]}" 1153232554 M * meebey that one 1153232623 M * doener that's because the old config also causes the old toolchain to be used that does sth. _completely_ different 1153232658 M * meebey I understand that, its just it worked somehow better, at least less problems for me :) 1153232672 M * doener the message just states that the /etc/init.d/rc 0 call inside the vserver was killed 1153232771 J * Term_ ~PhAnATiC@201.152.72.89 1153233051 M * meebey doener: does the older toolchat assign a pts? 1153233093 M * meebey for vserver exec/start 1153233179 M * daniel_hozac no. 1153233482 M * doener hm, true, pty issue makes no sense... 1153233524 M * daniel_hozac most recent vlogin patches only enable it on enter :) 1153233557 M * meebey hm indeed 1153233570 M * meebey root 15865 0.0 0.1 2388 436 pts/2 S 16:38 0:00 /bin/bash /usr/lib/ipsec/_plutorun --debug all --uniqueids yes --nocrsend --strictcrlpolicy yes --nat_traversal yes --keep_alive - 1153233575 M * meebey the process runs on a pts 1153233604 M * meebey maybe its unable to get/spawn/whatever a pts when running via vserver start/exec? 1153233737 M * meebey http://paste.debian.net/9243 1153233743 M * meebey thats the output of pluto in debug mode 1153233757 M * meebey the first start is done via vserver vpn start, the second from inside the vserver 1153233767 Q * gerrit Ping timeout: 480 seconds 1153233779 J * gerrit ~gerrit@cmr-208-97-126-250.cr.net.cable.rogers.com 1153234026 Q * Term_ Quit: (-(PS)-) [v5.0.r02] http://www.kalendas.net 1153234188 N * otaku42 otaku42_away 1153234334 J * meandtheshell ~markus@85-124-36-39.dynamic.xdsl-line.inode.at 1153235257 Q * ||Cobra|| Remote host closed the connection 1153235265 M * meebey ok I think I got further 1153235291 M * meebey to me it looks like ipsec uses the parent shell 1153235308 M * meebey which causes problems with vserver start/exec 1153235311 M * meebey root 22742 0.0 0.1 2388 432 pts/2 S+ 17:07 0:00 /bin/bash /usr/lib/ipsec/_plutorun --debug all --uniqueids yes --nocrsend --strictcrlpolicy yes --nat_traversal yes --keep_alive - 1153235333 M * meebey I could start openswan when I used bash in the exec call with & 1153235346 J * Exomorph ~gvarga@S0106000f66a56f1a.cg.shawcable.net 1153235424 M * meebey http://paste.debian.net/9244 1153235443 M * meebey thats the output using "ps auxf" every 0.5 seconds to see if the process dies or not 1153235477 M * Exomorph Anyone know why, after I copied my vserver guest's from one machine to another, I'm not unable to ping from within the guest systems? 1153235510 M * meebey Exomorph: ping needs special caps? 1153235517 M * FaUl missing capabilitys? 1153235518 M * Exomorph I can do the "ping -I www.yahoo.com 1153235528 M * meebey Exomorph: or you need to update your IP configuration of your vservers 1153235530 M * waldi meebey: any reason why you use pluto and not racoon? 1153235545 M * meebey waldi: because it worked for me :) 1153235555 M * Exomorph meebey: Where do I do that? 1153235566 M * meebey Exomorph: /etc/vservers/$vserver/interfaces 1153235575 M * meebey Exomorph: check "ip addr" inside your vserver 1153235577 M * Exomorph meebey: I've been there. :) 1153235616 M * meebey waldi: and I have roadwarriors, x509 certs, NAT-T 1153235662 M * Exomorph meebey: What am I looking for with the output of "ip addr" Everything looks fine to me. I have my lo interface, as well as my eth1 interface with the proper IPs. 1153235676 M * waldi meebey: and? 1153235685 M * meebey vserver vpn exec bash -c "/etc/init.d/ipsec start &" is not letting it work 1153235694 M * meebey so it only runs as long as my shell is attached 1153235698 M * waldi (especialy that you don't need nat-t if you use esp ...) 1153235730 M * meebey Exomorph: dont know then 1153235772 M * meebey waldi: I am using it for 3 years now and I know what I have, so changing that is not a good idefa 1153235806 J * Viper0482 ~Viper0482@p54976DBE.dip.t-dialin.net 1153235852 J * balbir ~balbir@125.22.32.112 1153235894 M * Exomorph meebey: when copying guest's from one host to another... Is there anything other then the /vservers and /etc/vservers directories I need to rsync? 1153235949 M * meebey not that I know of, did you start the vserver properly? 1153235976 M * meebey is the old vserver still running? and may cause IP conflict? 1153235993 M * meebey or something netfilter related 1153235997 Q * Milf Quit: Miranda IM! Smaller, Faster, Easier. http://miranda-im.org 1153236012 M * Exomorph Nope... The old server is at home... and the new on is in a colo 1153236024 M * Exomorph Let me turn off iptables 1153236185 M * Exomorph meebey: This is what I get... 1153236193 M * Exomorph (from inside the vserver) 1153236196 M * Exomorph [root@web /]# ping www.yahoo.ca 1153236197 M * Exomorph connect: Invalid argument 1153236197 J * pisco ~pampel@p5087BA22.dip0.t-ipconnect.de 1153236222 M * Exomorph But doing a "ping -I www.yahoo.ca" works just fine 1153236242 M * Exomorph ( and stoping iptables doesn't fix the issue) 1153236261 M * Exomorph Where do I go to find the capabilities of the vserver? 1153236658 J * derjohn ~derjohn@80.69.37.19 1153236732 J * pint ~pint@p54930BDF.dip0.t-ipconnect.de 1153236741 P * pint 1153236845 M * Skram can someone briefly explain the difference or even how VServer uses chroot? Does it use it or not 1153236855 M * Skram or its basically a glorified chroot 1153237028 M * cehteh its a hardened chroot AND some more things like resource limits, security contexts, ip roots 1153237162 Q * pisco Ping timeout: 480 seconds 1153237217 Q * cdrx Ping timeout: 480 seconds 1153237394 Q * FireEgl Ping timeout: 480 seconds 1153237608 M * daniel_hozac and namespaces. 1153237617 M * daniel_hozac which is what makes the chroot secure. 1153237634 M * doener hm, that or the barrier 1153237638 M * daniel_hozac right. 1153237646 M * daniel_hozac but IIRC it's namespaces nowadays, right? 1153237675 M * doener unless you use the nonamespace flag/file 1153237680 M * daniel_hozac of course :) 1153237717 J * stefani ~stefani@tsipoor.banerian.org 1153237729 M * daniel_hozac Exomorph: so ip addr inside the guest shows the guest's IP address(es)? 1153237733 M * doener btw, I still don't know why the namespace trick actually works ;) 1153237758 M * daniel_hozac hehe. 1153237847 M * doener Exomorph: did you adjust /etc/hosts? 1153237919 M * Exomorph doener: These guests were running perfictly on the other vserver host... ITs only when I moved them over here that they stop pinging. 1153237937 M * doener they kept having same ip addresses? 1153237941 M * Exomorph doener: ALso, the old vservers still start up and work as per norm. 1153237941 M * daniel_hozac Exomorph: /etc/resolv.conf? 1153237955 M * Exomorph resolv.conf on the guest or host? 1153237960 M * daniel_hozac guest, of course. 1153237993 M * Exomorph doener: Yes, they were the same IP... Altho, I had a ipsec tunnel setup on the old host... so that might be the key diffrence. 1153238012 M * doener shouldn't matter AFAICT 1153238039 M * Exomorph daniel_hozac: resolve works... 1153238041 M * Exomorph [root@web /]# host www.yahoo.ca 1153238041 M * Exomorph www.yahoo.ca is an alias for rc.yahoo.com. 1153238053 M * Exomorph Altho resolve points to the named in the vserver host 1153238072 M * Exomorph Hmmm 1153238078 M * doener what does your /etc/hosts in the guest specify for "localhost" and $HOSTNAME? 1153238103 M * Skram ok 1153238148 M * Exomorph doener: 127.0.0.10 for localhost 1153238152 M * Exomorph and hostname 1153238217 M * Exomorph doener: I just noticed... when it starts up it sets the ipv4root to 127.0.0.10 1153238257 M * doener hm, isn' 1153238260 M * doener oops 1153238272 M * doener hm, isn't 127.0.0.0/8 host-local? that'd explain the -EINVAL 1153238308 M * daniel_hozac yep. 1153238317 M * doener yep, it is: 1153238317 M * doener PING google.de (216.239.57.104) from 127.0.0.10 : 56(84) bytes of data. 1153238317 M * doener ping: sendmsg: Invalid argument 1153238374 M * Exomorph doener: Ya... I have a couple of vservers that I don't want to communicate to the outside world (ldap server, etc) but I do have a couple of vservers (web/mail/etc) that need to talk to the internal vservers. 1153238385 M * Exomorph So how do I work around this then? :) 1153238400 M * doener specify the external ip address for $HOSTNAME in /etc/hosts 1153238413 M * doener that should make ping use that one instead of 127.0.0.10 1153238447 M * Exomorph Ok... Let me check that. :) 1153238467 M * daniel_hozac really? ping relies on /etc/hosts? 1153238502 M * Exomorph daniel_hozac: I think ipv4root relies on it. 1153238534 M * daniel_hozac so you're using legacy config, right? 1153238537 M * Exomorph at least, that would make more sense to me. ;) 1153238556 M * Exomorph daniel_hozac: Nope, not that I know of... 1153238557 M * daniel_hozac but no, chbind shouldn't use /etc/hosts in the guest, ever. 1153238568 J * zob000 ~zob000@wsp05974758wss.cr.net.cable.rogers.com 1153238580 M * zob000 howdy 1153238595 M * daniel_hozac Exomorph: so you're using the lots of files in a directory config? how did you get chbind to be verbose? 1153238616 M * Exomorph daniel_hozac: vserver -v start 1153238629 M * daniel_hozac Exomorph: ah, you explicitly enabled it, ok. 1153238639 M * Exomorph daniel_hozac: And yes... I am using the "lots of files in a directory" config. 1153238653 M * zob000 when you create a guest do you have to use snat in order for the guest to see the world ? even if the guest has public ip ? 1153238662 M * doener daniel_hozac: yeah, strace shows that (my) ping accesses /etc/hosts... yours might not 1153238666 M * Exomorph daniel_hozac: ipv4root is now: 1153238668 M * Exomorph ipv4root is now 127.0.0.10 216.251.134.16 216.251.134.17 1153238681 M * Exomorph Doesn't look like it changed. 1153238685 M * doener I know of at least two ping implementations that are shipped with debian 1153238695 M * Exomorph daniel_hozac: Does it matter the order of the interface in /etc/vserver? 1153238701 M * daniel_hozac Exomorph: yes. 1153238718 M * daniel_hozac the first IP address is the "default" one. 1153238722 M * Exomorph daniel_hozac: Let me change those... 1153238738 M * daniel_hozac zob000: of course not. 1153238757 M * daniel_hozac doener: are you sure that's not just for the google.de resolving? 1153238812 M * Exomorph daniel_hozac: Yay!!! That fixed it! 1153238827 M * Exomorph daniel_hozac: Should probably put that on the FAQ or Wiki... 1153238864 M * daniel_hozac Exomorph: feel free :) 1153238893 M * Exomorph I found into on trying to use "ping -I www.yahoo.ca" and see if that works. (which it did in this case) But no info on if normal ping doesn't work. 1153238914 M * daniel_hozac being 127.0.0.10? 1153238936 M * Exomorph daniel_hozac: No... being 216.251.134.16 1153238952 M * Exomorph because I knew 127.0.0.10 wouldn't get to the outside world. 1153238966 J * bonbons ~bonbons@83.222.36.236 1153238984 M * doener daniel_hozac: oops! yeah, you're right, I mis-parsed the strace output 1153238985 M * zob000 daniel_hozac, i am creating guests on a host 192.168.33.3 and the guests are 192.168.3.* none of them can ping the outside world 1153238988 M * daniel_hozac Exomorph: so what did you ping output say when you tried to ping from the guest? 1153239011 M * zob000 daniel_hozac, they can all ping the host 1153239037 M * daniel_hozac zob000: that's not enough information. assuming a default prefix of /24, 192.168.33.0/24 and 192.168.3.0/24 aren't the same. 1153239060 M * zob000 both the guest and the host have /16 1153239071 M * Exomorph daniel_hozac: It said... "Connect: Invalid Argument" 1153239081 M * Exomorph with a normal ping 1153239087 M * Exomorph ie: ping www.yahoo.ca 1153239116 M * daniel_hozac Exomorph: it didn't have the usual header of PING () from etc.? 1153239124 M * Exomorph Nope 1153239149 M * Exomorph daniel_hozac: I'll post the full output... 1153239158 M * daniel_hozac Exomorph: nevermind, i see it now. 1153239186 M * daniel_hozac Exomorph: but anyways, i'm pretty certain it's documented somewhere that the first IP address is special. 1153239234 M * daniel_hozac zob000: no firewall rules on the NAT device? does that also use a /16 prefix? 1153239267 M * zob000 daniel_hozac, i just rebooted with no firewall rules .. lemme retry it 1153239292 M * Exomorph daniel_hozac: Since you mentioned it before, I'm sure your right. I just think it should be in the FAQ for documentation... 1153239303 M * Exomorph errr I mean for troubleshooting 1153239304 M * daniel_hozac Exomorph: so add it ;) 1153239310 M * Exomorph daniel_hozac: Going to. ;) 1153239414 Q * schimmi Ping timeout: 480 seconds 1153239442 M * Exomorph daniel_hozac: Thanks for all your help. :) 1153239467 M * Exomorph doener, meebey: and you guys too... Thanks. 1153239563 J * FireEgl Atlantica@Atlantica.DollarDNS.Net 1153239590 M * zob000 daniel_hozac, i passed the wrong interface when i was creating the guest. is there a way to fix that or ... just recreate it ? 1153239643 M * zob000 oops there 1153239728 M * zob000 i changed the device hope that fixes it 1153239822 N * Ben_zZz Ben_ 1153239910 M * zob000 yay .. that fixed it ! thnx guys 1153240349 Q * FireEgl Remote host closed the connection 1153240492 M * zob000 daniel_hozac, ok ... after changing the device my laptop 192.168.33.240/16 can see the guest 192.168.3.1 but not vice versa. and yes i rebooted and all firewall is off 1153240515 M * zob000 the guest is inside the host 192.168.33.3/16 1153240552 M * daniel_hozac zob000: "see" means? 1153240560 M * zob000 daniel_hozac, ping it 1153240597 M * daniel_hozac zob000: so no firewall on the laptop either? 1153240602 M * zob000 and no my laptop has no firewall 1153240638 M * zob000 daniel_hozac, it cant ping ahything on that lan 192.168.33.* 1153240676 M * zob000 again pinging the host works 1153240703 M * daniel_hozac zob000: what prefix did you specify in /etc/vservers//interfaces/*/prefix? 1153240709 M * zob000 16 1153240820 M * daniel_hozac zob000: what happens if you use an IP in 192.168.33.*? 1153240885 M * zob000 shit ... i can ping the windows box at 192.168.33.6 1153241049 M * zob000 i just double checked neither my laptop nor the debian server at 192.168.33.2 have firewalls all accept in input,forward,output 1153241074 Q * Wenix Ping timeout: 480 seconds 1153241098 M * zob000 also my laptop is on the same hub as the host (192.168.33.3) is connected to 1153241115 M * zob000 this does not make sense at all 1153241181 J * schimmi ~sts@port-212-202-73-176.dynamic.qsc.de 1153241261 M * daniel_hozac maybe you disabled the sysctl? 1153241273 Q * schimmi Quit: 1153241360 M * zob000 humm .. how can i check ? 1153241436 M * zob000 i installed vsutils under /usr/local so there is no config in /etc/sysctl that tells anything about vshelper 1153241524 M * zob000 do i need "echo 'kernel.vshelper = /usr/local/lib/util-vserver/vshelper' >> /etc/sysctl.conf" ? 1153241746 M * Exomorph daniel_hozac: Ok... added to the bottom of the faq... 1153241766 M * meebey re 1153241789 M * daniel_hozac zob000: i meant the ping sysctl ;) 1153241839 M * Exomorph meebey: wb... Fixed my issue. It was interface ordering. 1153241847 Q * gerrit Ping timeout: 480 seconds 1153241884 M * meebey Exomorph: ordering? 1153241932 M * zob000 daniel_hozac, is the /etc/sysctl still needs to get changed tho ? 1153241940 M * meebey order of interfaces? do you have different interfaces on the same subnet? 1153241952 M * daniel_hozac zob000: if you didn't run make install-distribution, sure. 1153241962 M * daniel_hozac IIRC make install-distribution will install a /sbin/vshelper symlink. 1153242028 M * meebey Exomorph: ah I read the backlog now 1153242033 M * zob000 daniel_hozac, i did run make install-distribution on the latest source from debian 210-10. i still dont see the stuff in /etc/sysctl. i passed /usr/local as prefix tho 1153242041 M * meebey Exomorph: the old config is very anal about the ip root thing :) 1153242043 M * Exomorph meebey: No... I have a lo interface (127.0.0.x) to talk to other secure vservers, and another interface for the public IP... The public ip on needs to be first because its the default one. :) 1153242052 M * Exomorph meebey: Old config? 1153242060 M * daniel_hozac zob000: /sbin/vshelper is the default path, ergo you wouldn't need anything in /etc/sysctl. 1153242063 M * meebey Exomorph: you use the legacy config layout 1153242070 M * meebey Exomorph: the /etc/vserver/*.conf stuff 1153242109 M * Exomorph meebey: Nope... I use the /etc/vservers//* 1153242123 M * meebey Exomorph: so where is the order then? 1153242130 M * meebey its different files 1153242144 M * daniel_hozac there are these things called names :) 1153242145 M * Exomorph But... I have interface 0 as the lo interface... it needed to be the public one. 1153242163 M * meebey the default interface as set in interfaces/dev 1153242169 M * meebey s/as/is/ 1153242172 M * daniel_hozac no it's not. 1153242180 M * daniel_hozac that's the default for the subdirectories. 1153242183 M * meebey no? then is the flowerpower page wrong 1153242187 M * daniel_hozac so you don't have to respecify it. 1153242187 J * FireEgl Atlantica@Atlantica.Tcldrop.US 1153242194 M * daniel_hozac it's not wrong, you're interpretation is. 1153242199 M * daniel_hozac +english, sigh. 1153242230 M * meebey so it guesses by string comparinson what the first interface is by using the symbolic name? 1153242253 M * meebey I called them "local" "wan" "lan" etc, since its called name 1153242253 M * Exomorph meebey: It takes the lowest number and uses that for the first interface 1153242263 M * daniel_hozac no, the name of the directory. 1153242302 M * meebey daniel_hozac: that should be documented then, the flowerpower page is not saying they name has any meaning 1153242303 M * Exomorph ya... ./interfaces/0 is public... ./interface/1 is private 1153242307 Q * pusling Ping timeout: 480 seconds 1153242319 M * meebey s/they/the/ 1153242340 M * Exomorph meebey: I put something on the faq page (at the bottom) Maybe update that with a bit more into? 1153242342 M * meebey so I would trapped into that too 1153242345 M * Exomorph s/into/info/ 1153242379 M * meebey or I call it 00-local 01-lan 02-wan 1153242385 M * meebey errr not 1153242389 M * daniel_hozac "'iface' is an arbitrary name for the interface; the value itself is not important but may be interesting regarding interface-creation and usage with chbind. Both happens in alphabetical order and numbers like '00' are good names for these directories." 1153242398 M * meebey local should not the first one, because it will cause the problem you have :) 1153242415 M * daniel_hozac i'd say the flower page already covers it. 1153242428 M * meebey daniel_hozac: no it doesnt 1153242433 M * Exomorph daniel_hozac: I think it needs a bit more info... 1153242436 M * meebey daniel_hozac: it lets you think you can pick anything you want 1153242443 M * meebey daniel_hozac: and it doesnt matter 1153242460 M * daniel_hozac did you miss the "Both happens in alphabetical order..." part? 1153242471 M * Exomorph Well, it says you can pick anything, and that it may be important. I think it needs to specify why its important. 1153242497 M * meebey "it may be important" that means nothing 1153242513 A * meebey doesn 1153242536 A * meebey doesn't get why clear documentation is that a problem 1153242590 M * meebey instead of making the point clean in the main documentation (the cause of the missunderstanding, and I am not the only one it seems) instead fixing the symptom with the FAQ 1153242635 M * meebey s/clean/clear/ like I said I would like to make the directory configuration layout documentation butter, but can't because it's not on the wiki 1153242642 M * meebey I may copy the content then and extend it... 1153242653 M * daniel_hozac submit patches to the XML. 1153242712 N * Ben_ Ben_zZz 1153242760 M * Exomorph daniel_hozac: Maybe you can give a .tgz file of the documentation that meebey can download and create patches against? 1153242774 M * Exomorph Or a cvs/svn repo? :) 1153242781 M * daniel_hozac both of which already exist... 1153242794 M * Exomorph Oh... That I didn't know. SOrry. :) 1153242795 M * daniel_hozac util-vserver-0.30.210/doc/configuration.xml is the source for the flower page. 1153242844 M * daniel_hozac with ViewCVS at http://cvs.savannah.nongnu.org/viewcvs/util-vserver/doc/configuration.xml?rev=HEAD&root=util-vserver&sortby=date&view=markup 1153242851 M * meebey like what I missed too was a list of minimum files you need for a vserver configuration 1153242866 M * meebey I had to go try&error to find out :) 1153242871 M * Exomorph hehe 1153242881 Q * yarihm Quit: Leaving 1153242897 M * daniel_hozac meebey: vserver ... build -m skeleton? 1153242934 M * meebey I didnt try those tools yet, I use a copy of a minimal debian system to create new vservers 1153242965 M * daniel_hozac vserver build -m skeleton just creates the config and /dev, /proc and /tmp. 1153242980 M * meebey sounds promising 1153243144 M * daniel_hozac err, s/tmp/etc/ 1153243375 M * Exomorph Does anyone know if Fedora Core 5 still has the broken chroot issue? its using yum 2.6.1 1153243539 Q * FireEgl Ping timeout: 480 seconds 1153243739 M * daniel_hozac damnit, i knew there was something else i meant to ask Enrico! 1153243836 M * daniel_hozac i haven't investigated it myself yet. 1153244114 M * Exomorph daniel_hozac: Well I know the vserver patch for it doesn't apply anymore. And it looks they may have fixed it, but I'm unsure. 1153244201 J * gerrit ~gerrit@OTWAON23-1177993857.sdsl.bell.ca 1153244323 M * ekc Can someone exlplain to me what the vserver context is for? Do multiple vservers running on the same host need to have different contexts? 1153244349 J * FireEgl Atlantica@Atlantica.US 1153244350 M * daniel_hozac ekc: yes. the xid is what separates one guest from another. 1153244417 M * ekc So the max # of concurrently running vservers is gated by the max # of contexts? What is the max # of contexts? 1153244425 M * daniel_hozac sure. 1153244442 M * daniel_hozac 49150 if you use static contexts. 1153244490 M * ekc Yes, i'm using static contexts. Is there a way for ''vserver start'' to find an unused context and use it to start a vserver? 1153244493 M * daniel_hozac on devel with dynamic contexts disabled, i think it's extended to 65534 or so. 1153244527 M * daniel_hozac well, you could use dynamic contexts, but they're deprecated and discouraged as they'll be going away soon. 1153244559 M * daniel_hozac why would you want to? 1153244616 M * ekc I have my vservers stored on nfs, and I may end up having > 49150 (running across multiple hosts). So, there may be > 1 vserver with the same context-id running on different hosts. 1153244641 M * ekc So, I need to set the context-id at run-time. 1153244718 M * ekc Does vserver maintain a list of currently used context id's that I can parse before starting a vserver? 1153244758 M * daniel_hozac i suppose ls -1 /proc/virtual and /proc/virtnet might work. 1153244865 Q * FireEgl Ping timeout: 480 seconds 1153244929 M * ekc awesome. thanks. i'll just parse that and write to /etc/vservers//context before starting the vserver. 1153245042 M * meebey hmm having vservers on nfs sounds interesting 1153245057 M * meebey very easy to run/swap/failover vservers then 1153245534 Q * lilalinux_ Remote host closed the connection 1153245549 M * mnemoc OT: does anyone know an ssl library based on libtomcrypt? 1153246478 J * cdrx ~legoater@cmr-208-97-126-250.cr.net.cable.rogers.com 1153246597 M * zob000 how do you remove a vserver ? which dir should i remove ? should cachebase/ go as well ? 1153246609 M * daniel_hozac vserver ... delete :) 1153246623 M * zob000 tow ! 1153246783 M * zob000 daniel_hozac, dont seem to exist .. 1153246798 M * zob000 i meant delete option to vserver 1153246827 M * daniel_hozac zob000: it's added my patches, so will only exist if you use a distribution package. 1153246832 M * daniel_hozac (or apply the patches yourself) 1153246936 M * zob000 i used the debian src from unstable. but compiled by hand. 1153246953 M * zob000 and yes i passed install-distribution 1153246964 M * zob000 but where is the patche ? 1153247149 M * daniel_hozac http://daniel.hozac.com/vserver/util-vserver/util-vserver-0.30.210-delete.patch 1153247624 M * zob000 daniel_hozac, "`readlink -f "$VSERVER_DIR"/vdir`" "$VSERVER_DIR" both these to the same thing .. no ??? 1153247650 J * Naucki ~naucki@dialer-167-59.kielnet.net 1153247660 M * zob000 s/these/these point 1153247851 M * daniel_hozac no. 1153247864 M * daniel_hozac $VSERVER_DIR is the configuration directory. vdir is the /vservers/... 1153248077 Q * dna_ Ping timeout: 480 seconds 1153248083 M * zob000 daniel_hozac, sorry ... what "$PKGCFGDIR" 1153248083 M * zob000 points to ? 1153248102 M * daniel_hozac /vservers/.pkg/, for externalized package management. 1153248150 M * zob000 daniel_hozac, thnx 1153248261 Q * cdrx Read error: Operation timed out 1153248943 M * daniel_hozac Exomorph: IMHO the issue is still present. 1153248953 M * daniel_hozac (though i'm still not entirely sure what the issue is) 1153249006 M * Hollow daniel_hozac: would you be interested in making yum build scripts for vserver-utils? 1153249046 M * daniel_hozac sure. 1153249061 M * Hollow great :) 1153249068 M * Hollow will start with it in the next days 1153249097 M * Hollow who sacrifzes for rpm and apt? :D 1153249124 M * Skram does this make sense: 1153249138 M * Skram Accomplished by a glorified chroot-like environment which utilizes kernel level isolation (all Guests utilize the same kernel) 1153249168 M * Hollow glorified? ;) 1153249183 M * Hollow i don't remember when chroot was ever glorified :P 1153249390 M * Exomorph daniel_hozac: Could be... Like I said, I only know that there was alot of work in that area. 1153249597 M * Exomorph daniel_hozac: Do you have any idea of what the issue is around yum and chroot? 1153249772 M * daniel_hozac Exomorph: i believe the problem is that it uses some magic to determine whether to use files inside the chroot or outside. 1153249787 M * daniel_hozac i.e. it's slightly non-deterministic, and it's possible to use symlink attacks. 1153249794 M * Skram Hollow: well, its the same concept almost as chroot 1153249800 M * Skram it uses the contexts, etc. 1153249826 M * daniel_hozac Skram: chroots have contexts? :) 1153249835 M * Skram blah i dont know 1153249837 M * daniel_hozac Skram: chroot is just one part of the larger whole. 1153249840 M * Hollow well, we actually use chroot... 1153249842 M * Skram right 1153249849 M * Hollow i just said we never glorified chroots :p 1153249853 M * Skram okay 1153249866 M * Skram so -glorified, is the statement correct 1153249874 M * Exomorph daniel_hozac: How was it fixed in the 2.4 releases? I'm thinking we just add an option to force the chroot logic... 1153249881 M * Hollow yep 1153249882 M * Skram Hollow: ? 1153249882 M * Exomorph If thats the only issue. :) 1153249888 M * Skram Hollow: Okay 1153249891 M * daniel_hozac Exomorph: that's one part of the patch. 1153249908 M * Hollow Skram: it would be ok if you glorify it, i just couldn't resist ;) 1153249910 M * Exomorph Ahhh 1153249922 M * Exomorph I'll have to dive into the patch more so then... 1153249931 M * daniel_hozac Exomorph: he also adds the chrootfs:// and hostfs:// prefixes to let you specify which inside the configuration files as well. 1153249963 M * daniel_hozac in addition to solving yum locking issues, AFAICT. (by placing the lock inside the chroot) 1153250005 M * Skram Hollow: okay, right on :P 1153250027 M * Skram Hollow: I meant it by saying it uses MORE than just chrtoo 1153250064 M * Exomorph daniel_hozac: Who's the owner of the yum patch? 1153250070 M * Exomorph errr creator? 1153250077 M * daniel_hozac Exomorph: Enrico, AFAIK. 1153250087 M * Hollow yeah, actually we use three other methods to make the chroot safer: namespaces, rbind the root filesystem, barrier inode attribute 1153250092 M * Hollow ^ Skram 1153250116 M * daniel_hozac he has tried pushing it upstream, but skvidal seems to hate it (mostly the chrootfs/hostfs thing, IIRC). 1153250304 Q * Viper0482 Remote host closed the connection 1153250352 Q * coocoon Ping timeout: 480 seconds 1153250467 J * TrueLight ~truelight@truelight.xs4all.nl 1153250512 M * TrueLight Hi guys! I hope one of you can help me. I notice lately when I shutdown a VPS, remove the content, I still can't remove the main dir. I have a sepearet fs for each VPS. What can still use this dir? ('lsof' doesnt show anything) 1153250562 J * kir_home ~kir@toronto-HSE-ppp4218829.sympatico.ca 1153250703 M * daniel_hozac the mount would've been copied into the namespace of every single guest you started after mounting it, unless you have namespace cleanup enabled. 1153250724 M * TrueLight hmmz. That gives me 2 questions: a) how to see the list of mounts, even in other namespaces 1153250730 M * TrueLight b) how to quickly unmount them myself? 1153250796 J * cdrx ~legoater@toronto-HSE-ppp4218829.sympatico.ca 1153250814 M * daniel_hozac vnamespace -e cat /proc/mounts 1153250874 M * daniel_hozac something like for i in `ls -1 /proc/virtual`; do vnamespace -e $i umount /vservers/...; done might do the trick. 1153250889 M * daniel_hozac (might want to add -n to the umount command) 1153250937 J * coocoon ~coocoon@p54A077EC.dip.t-dialin.net 1153250961 A * TrueLight hugs daniel_hozac :) 1153250963 M * TrueLight Tnx :) 1153250978 M * TrueLight But a command like 'vmount' (simular to 'vps') would be useful :) 1153251074 M * daniel_hozac the kernel lacks support for that. 1153251121 M * TrueLight too bad :) 1153251133 M * TrueLight but okay, finally this VPS is removed :) 1153251242 M * zob000 anyone: s$#^#$^% vserver-copy is chattr: Inappropriate ioctl for device while reading flags on /usr/local/etc/vservers/.defaults/vdirbase/test1 1153251242 M * zob000 " 1153251247 M * zob000 tow 1153251267 M * zob000 that was after running "vserver test1 build -m skeleton --force --hostname test1 --interface eth1:192.168.3.2/24 1153251267 M * zob000 " 1153251288 M * zob000 i am trying to copy a vserver 1153251332 M * daniel_hozac your kernel/filesystem doesn't support the legacy way of setting barrier. 1153251340 M * daniel_hozac (well, unsetting in this case) 1153251364 M * daniel_hozac i've got a patch for the issue though. 1153251368 M * zob000 i have reiserfs and the kernel is 2.6.14 1153251388 M * waldi oh, oh, this is old ... 1153251393 M * zob000 ok ... where is the patch 1153251394 M * daniel_hozac (hopefully Enrico will get around to doing a new release next week with a lot of fixes) 1153251414 M * zob000 there is no manual way around this ? 1153251416 M * daniel_hozac it's not a critical error. it should still create the configuration for you. 1153251445 M * daniel_hozac change chattr -t in vserver.functions to setattr --~barrier. 1153251462 M * daniel_hozac err, vserver-build.functions. 1153251536 P * Exomorph 1153251555 M * zob000 daniel_hozac, there is chattr -t "$VDIR" 1153251555 M * zob000 in there 1153251581 M * zob000 so it becomes : setattr --~barrier "$VDIR" 1153251592 M * zob000 tow 1153251593 M * daniel_hozac or $_SETATTR. 1153251824 M * zob000 daniel_hozac, i replaced chattr -t "$VDIR" $_SETATTR "$VDIR" ... i still get the same error 1153251869 M * daniel_hozac uh, from where? 1153251883 J * alexx ~alexx@proxy.ikse.net 1153251920 Q * lilo2 Remote host closed the connection 1153251925 M * zob000 /usr/local/lib/util-vserver/vserver-build.functions 1153251952 M * zob000 line 192 1153251957 M * daniel_hozac ... the file i told you to edit. 1153251993 M * zob000 yes .. after the err that is 1153252002 M * zob000 daniel_hozac err, vserver-build.functions. 1153252012 J * lilo2 hiddenserv@tor.noreply.org 1153252191 J * click_ click@ti511110a080-4790.bb.online.no 1153252295 M * zob000 sorry ... it all works 1153252309 J * Exomorph ~gvarga@S0106000f66a56f1a.cg.shawcable.net 1153252309 Q * click Ping timeout: 480 seconds 1153252335 M * Exomorph This is kinda OT... But anyone seen this before? 1153252338 M * Exomorph [root@tux /]# ping -I 127.0.0.1 www.yahoo.ca 1153252338 M * Exomorph PING rc.yahoo.akadns.net (66.94.234.13) from 127.0.0.1 : 56(84) bytes of data. 1153252338 M * Exomorph ping: sendmsg: Invalid argument 1153252338 M * Exomorph ping: sendmsg: Invalid argument 1153252412 M * matled I get this too without vserver, so I guess this is normal if you try to ping from 127.0.0.1 to something not reachable from the loopback interface 1153252413 M * daniel_hozac 17:58 < doener> ping: sendmsg: Invalid argument 1153252424 M * daniel_hozac just a few hours ago :) 1153252427 Q * gerrit Ping timeout: 480 seconds 1153252460 M * doener 127.0.0.1 is host local, anything not on that box is not only unreachable from 127.0.0.1 but it is even invalid to try that 1153252460 M * matled why do you try this anyway? 1153252487 M * doener packets using an address from 127.0.0.0/8 may ever appear on the wire 1153252528 M * Exomorph doener: I have a SNAT rule for it. 1153252558 M * doener the check happens earlier, the whole net may not communicate with the outside 1153252559 M * Exomorph matled: Because I have a vserver with only a lo interface ip, and I want it to be able to download updates from the internet. 1153252570 M * Exomorph Hmmmm... 1153252591 M * Exomorph Is there a way to setup a dummy interface in vserver for internal communication? 1153252612 M * daniel_hozac you don't need dummy interfaces. 1153252619 M * daniel_hozac any host-local traffic will use lo anyway. 1153252640 M * matled Exomorph: can you ping another ip of the machine? 1153252653 M * Exomorph daniel_hozac: Yes, but I have some vservers that I do not want to have any internet IPs at all. Blocked totally from the network. 1153252669 M * daniel_hozac Exomorph: so give them a private IP address. 1153252677 M * Exomorph matled: I can ping anything on the 127.0.0.0/8 network. 1153252680 M * matled "blocked totally" and "download updates from the internet" does not match :) 1153252687 M * doener Exomorph: well, you can't have both at the same time (totally blocked and downloading updates) 1153252701 J * pusling pusling@195.215.29.124 1153252704 M * Exomorph matled: hehe True... But I do want them to be able to get out. :) 1153252714 M * matled except for the updates? :) 1153252738 M * Exomorph LOL Ya ya... I know its a contrition! :) 1153252790 M * Exomorph This is the layout... I have a web server (in a vserver guest) that communicates to an ldap server (in another guest) 1153252838 M * Exomorph ldap needs to be secure because of the information held within it... the web server needs to be free flowing to the internet and able to communicate with the ldap server. 1153252856 M * Exomorph So I used the lo network for all of this. 1153252862 M * doener and your problem is that the ldap server should still be able to get updates? 1153252881 M * Exomorph doener: Yes... I would like the ldap server to still be able to get updates. 1153252888 J * yarihm ~yarihm@84-75-128-46.dclient.hispeed.ch 1153252898 M * Exomorph But I don't want the ldap server to have any ip on a real interface... 1153252914 M * doener what distro are you using? if it's debian, you could setup an apt-proxy on that box 1153252935 M * doener for other distros there's probably something similar available 1153252941 M * daniel_hozac Exomorph: what interface it's on doesn't matter. 1153252960 M * Exomorph doener: Fedora core 5 1153252969 M * doener then daniel_hozac is your friend ;) 1153253043 M * Exomorph daniel_hozac: So I could put a 192.168.1.100 on the lo interface and snat it to an internet ip and it would work? 1153253074 M * daniel_hozac possible, lo may be special. 1153253121 M * Exomorph daniel_hozac: Well, thats what I'd like... I'd rather not put it on the eth0 interface as it could be used to attack the ldap server. 1153253151 M * Exomorph vservers needs the ability to have virtual switches like vmware does. ;) 1153253156 M * daniel_hozac Exomorph: IIRC that would be possible anyway. 1153253243 M * Exomorph daniel_hozac: I didn't think it was... At least in my tests that I have done before. 1153253295 M * Exomorph Actually... I think I could set it up with the noarp option... another project used it before. Just gotta remember the info. 1153253318 M * Exomorph Because if thats the case then I can set it up on any interface and force that ip not to send arps out for it. 1153253323 M * Exomorph Then I don't have to worry. 1153253393 J * gerrit ~gerrit@toronto-HSE-ppp4218829.sympatico.ca 1153253624 M * Exomorph daniel_hozac: What do you think about implementing something like the below (url) into vservers? 1153253626 M * Exomorph http://www.vm.ibm.com/perf/reports/zvm/html/vswitch.html 1153253627 J * tatiane ~tatiane@201009018188.user.veloxzone.com.br 1153253652 M * Exomorph It would give the ability to have virtual switches and routers... 1153253675 Q * tatiane Quit: 1153253833 M * daniel_hozac Exomorph: sounds a lot like what ngnet is meant to be. 1153253873 M * Exomorph ngnet? (goes to look) 1153253896 M * Exomorph User-Mode Linux has virtual switches... Never knew that. 1153253898 M * Exomorph http://mia.ece.uic.edu/~papers/publications/UML-1_final.pdf 1153253957 Q * gerrit Ping timeout: 480 seconds 1153254220 M * Exomorph daniel_hozac: When do you think ngnet will be going into a stable release? 1153254245 M * daniel_hozac given that it's currently vaporware, not for quite some time :) 1153254310 N * Ben_zZz Ben_ 1153254377 M * Exomorph daniel_hozac: LOL I thought it was worked on more then that... Oh well. 1153254398 M * Exomorph Ug.. and its almost a year old! :) 1153254427 M * daniel_hozac well, there have been a few prototypes. 1153254515 J * DreamerC_ ~dreamerc@59-112-1-233.dynamic.hinet.net 1153254564 M * Exomorph daniel_hozac: Any ideas why they have all gone to vapourware? 1153254612 M * daniel_hozac i guess there wasn't enough interest/funding/etc. 1153254627 Q * kir_home Quit: Ухожу я от вас 1153254700 Q * DreamerC_ Quit: 1153254718 J * DreamerC_ ~dreamerc@59-112-1-233.dynamic.hinet.net 1153254792 J * gerrit ~gerrit@cmr-208-97-126-251.cr.net.cable.rogers.com 1153254857 Q * DreamerC Ping timeout: 480 seconds 1153255074 M * daniel_hozac Exomorph: http://daniel.hozac.com/vserver/yum-2.6.1-chroot.patch 1153255159 M * jake- any hints to get a gentoo guest running on a debian host? 1153255174 M * daniel_hozac (note: it's a q'n'd port, i didn't check for new cases that needs rooting or anything like that) 1153255196 M * coocoon jake-: http://www.gentoo.org/do 1153255200 M * daniel_hozac jake-: get the tarball, vserver ... build -m skeleton, untar. 1153255210 M * coocoon jake-: sorry http://www.gentoo.org/doc/en/vserver-howto.xml 1153255214 M * Exomorph daniel_hozac: Ahhh! Thankyou! :) 1153255233 M * daniel_hozac Exomorph: i'll start testing it myself now... 1153255265 M * jake- i installed a stage3 but it doesnt start 1153255267 M * Hollow jake-: basically, use sekelton build method, and extract a vserver stage3 to vdir 1153255274 M * daniel_hozac jake-: remember to use the plain initstyle. 1153255279 M * Hollow you probably took a normal stage3? 1153255322 Q * mire Quit: Leaving 1153255331 M * jake- no the one from http://lylix.net/vps+templates/func,select/id,1/ 1153255370 M * Hollow and you use plain init style? 1153255403 M * Exomorph daniel_hozac: Was just gonna build an rpm for it... 1153255415 M * jake- vs~Hollow: mom let me check 1153255426 M * Exomorph daniel_hozac: Do you want the rpm source once I'm done? 1153255439 M * daniel_hozac already built my own ;) 1153255445 M * Exomorph LOL 1153255467 M * Exomorph daniel_hozac: Well then I'll wait until you build and post the rpm then. :) 1153255499 M * daniel_hozac http://daniel.hozac.com/vserver/yum-2.6.1-0.fc5.chroot.noarch.rpm 1153255534 Q * alexx Quit: Ex-Chat 1153255547 M * jake- vs~Hollow: that was the problem. i used gentoo 1153255552 Q * gerrit Ping timeout: 480 seconds 1153255553 M * jake- thank you! 1153255559 Q * cdrx Ping timeout: 480 seconds 1153255560 M * Hollow yw! 1153255574 J * namulator ~nam@S0106001195551ff0.va.shawcable.net 1153255578 M * jake- ls 1153255581 M * jake- ups sry 1153255596 N * DreamerC_ DreamerC 1153255844 M * Exomorph daniel_hozac: vyum doesn't see that its patched... But things seem to work just fine. 1153255861 M * daniel_hozac Exomorph: yeah, the check vyum uses needs tweaking for the patch. 1153255937 M * daniel_hozac umm, whoops, lol. 1153255940 M * daniel_hozac i forgot to apply the patch. 1153255950 M * daniel_hozac maybe you should do the RPM. 1153255989 M * Exomorph daniel_hozac: LOL 1153255997 M * Exomorph daniel_hozac: Do you want me to do the rpm? 1153256011 M * Exomorph Doesn't bother me to do it... 1153256012 Q * nammie Ping timeout: 480 seconds 1153256018 M * daniel_hozac it's remaking right now, hopefully i got it right this time :) 1153256084 M * daniel_hozac http://daniel.hozac.com/vserver/yum-2.6.1-0.fc5.chroot2.noarch.rpm 1153256114 M * Exomorph :) 1153256146 J * shedi ~siggi@inferno.lhi.is 1153256287 M * Exomorph daniel_hozac: LOL YOu killed my yum! :) 1153256306 J * gerrit ~gerrit@OTWAON23-1177993857.sdsl.bell.ca 1153256315 M * daniel_hozac ouch :) 1153256327 M * daniel_hozac how so? 1153256336 M * daniel_hozac oh crap, i see. 1153256350 M * daniel_hozac the self. thing in Python always throws me off. 1153256379 M * Exomorph :) 1153256452 A * Exomorph waits for version 3) 1153256502 M * daniel_hozac http://daniel.hozac.com/vserver/yum-2.6.1-0.fc5.chroot3.noarch.rpm 1153256516 M * daniel_hozac seems to work fine, i just updated my test box :) 1153256545 M * daniel_hozac you'll need http://daniel.hozac.com/vserver/util-vserver-0.30.210-yum26.patch to make vyum recognize it. 1153256565 M * daniel_hozac (patch -p2 -d /usr/lib*/util-vserver < util-vserver-0.30.210-yum26.patch will apply it on an installed copy) 1153256638 M * Exomorph daniel_hozac: Thanks. :) 1153256663 M * Exomorph daniel_hozac: Back to the virtual switch... UML has a good source of information. 1153256665 M * Exomorph http://user-mode-linux.sourceforge.net/networking.html 1153256716 M * Exomorph I'm going to try some of the setups to make sure it will work with vservers 1153256722 M * daniel_hozac you realize something like a virtual switch will incur a lot of overhead, right? 1153256761 M * daniel_hozac you should be able to use a tun per guest and have a daemon on the host that does the switching. 1153256767 M * Exomorph daniel_hozac: Yes. It really depends on how its setup. Kernel driver / etc. 1153256789 M * daniel_hozac _any_ setup will cause a lot more overhead than the current networking. 1153256797 M * Exomorph daniel_hozac: Thats what UML appears to do. It also has a switch daemon that I want to look into. 1153256833 M * daniel_hozac the yum thing appears to work fine here, how's it working for you? 1153256933 M * Exomorph daniel_hozac: Works here too. 1153256955 M * daniel_hozac cool, i'll put it in the next build of util-vserver. 1153257097 P * TrueLight 1153257149 M * Exomorph daniel_hozac: Back to the network thing... How is building you own kernel driver to be a virtual switch more overhead then either the lo driver or an ethernet driver? 1153257170 M * Exomorph I agree it will be a bit more overhead... But not a lot. 1153257170 M * daniel_hozac Exomorph: the problem is that any packet will travel through the stack twice. 1153257191 M * Exomorph daniel_hozac: How does lo do it? 1153257213 M * daniel_hozac i don't really know, i'm more of a userspace guy :) 1153257252 M * daniel_hozac however, any packet that is going to the outside would have to first go through the switch driver, and then out the real interface. 1153257264 M * Exomorph daniel_hozac: hehe... Well once I have a bit more time, I'll look into that. 1153257291 M * Exomorph daniel_hozac: Oh... you mean for packets going to the internet? Ya, I can agree with that. 1153257469 Q * gerrit Quit: Client exiting 1153257474 J * gerrit ~gerrit@OTWAON23-1177993857.sdsl.bell.ca 1153257520 Q * Naucki Quit: Verlassend 1153258540 Q * bonbons Quit: Leaving 1153258767 Q * gerrit Ping timeout: 480 seconds 1153260018 N * Ben_ Ben_zZz 1153260650 Q * zob000 Quit: Leaving 1153261393 P * stefani I'm Parting (the water) 1153262991 Q * yarihm Quit: Leaving 1153263584 Q * Karmek Ping timeout: 480 seconds 1153264010 J * tdjb ~tdjb@209.151.52.189 1153264748 J * mire ~mire@249-166-222-85.COOL.ADSL.VLine.Verat.NET 1153264847 Q * gdm Ping timeout: 480 seconds 1153265042 J * Aiken ~james@tooax6-049.dialup.optusnet.com.au 1153265609 J * gdm ~gdm@64.62.195.81