1155513912 Q * meandtheshell Quit: bye bye ... 
1155514501 J * ekc ~ekc@netblock-66-245-252-180.dslextreme.com
1155514915 J * ntrs__ ~ntrs@68-188-51-87.dhcp.stls.mo.charter.com
1155514916 Q * ntrs_ Read error: Connection reset by peer
1155515684 Q * matled Remote host closed the connection
1155515686 J * matled ~matled@85.131.246.184
1155515709 Q * nokoya Read error: Connection reset by peer
1155515733 J * nokoya young@hi-230-82.tm.net.org.my
1155515912 Q * Johnnie helium.oftc.net strange.oftc.net
1155515912 Q * Roey helium.oftc.net strange.oftc.net
1155515922 J * Johnnie ~john@dynamic-acs-24-154-53-237.zoominternet.net
1155515922 J * Roey ~katz@h-69-3-4-130.mclnva23.covad.net
1155516210 Q * ekc Ping timeout: 480 seconds
1155516466 J * coocoon ~coocoon@p54A074E9.dip.t-dialin.net
1155517893 J * jayeola ~jayeola@88-111-109-232.dynamic.dsl.as9105.com
1155517901 M * jayeola hey chaps
1155517939 M * Johnnie Hello.
1155517978 M * jayeola hi. i've been looking at the mailing list. wondering if vservers work over a wireless lan?
1155517999 M * jayeola i.e. do guests work over wlan. 
1155518032 M * Johnnie Well, sure.
1155518048 M * Johnnie If the host can function on a wireless interface, then the guest(s) can too.
1155518059 M * jayeola :)
1155518076 M * Johnnie It's just a matter of declaring the device and binding IPs.
1155518089 M * jayeola thanks. could find anything on the ml though. funny that
1155518212 J * ekc2 ~EKC@netblock-66-245-252-180.dslextreme.com
1155518241 M * Johnnie You just have to change the device name in the "dev" file in /etc/vservers/NAME/ ...
1155518253 A * jayeola nods
1155518268 M * Johnnie For example, if you have a device declared, i.e. 'eth0', replace with 'wlan0' or whatever it is you have as a wireless device.
1155518279 M * Johnnie And if you're using a 'nodev' setup, then you need not change anything.
1155518490 M * jayeola thanks Johnnie - g2g
1155518509 M * Johnnie Ciao.
1155518526 M * daniel_hozac are there still drivers using wlanX?
1155518572 M * Johnnie Yes.
1155518585 M * Johnnie I believe a lot of the ndiswrapper crud does.
1155518636 M * jayeola oh, i'm using a madwifi driver for -this- card but i do have some orinoco-based ones that are not tainted or need any crud
1155518833 M * jayeola thanks again  chaps
1155518837 Q * jayeola Quit: leaving
1155522747 M * doener daniel_hozac: I have it renamed to wlan0 on my laptop actually ;)
1155522839 M * doener (udev)
1155523216 J * Aiken_ ~james@tooax6-151.dialup.optusnet.com.au
1155523515 Q * Aiken Ping timeout: 480 seconds
1155526384 N * Bertl_oO Bertl
1155526393 M * Bertl hmm, did take longer than I expected ...
1155526611 M * lylix bertl: believe there is a problem w/ token bucket scheduling on x86_64
1155526695 M * lylix definitely working great on 32-bit hosts
1155526787 M * lylix but acts like its not taking tokens on 64-bit host... always hovers around token max even when running cpu_hog x many
1155526818 M * Bertl lylix: interesting, which version are you testing?
1155526834 M * lylix kernel 2.6.15
1155526840 M * lylix vserver patchset 2.0.1
1155526854 M * lylix gentoo x86_64 host
1155526858 M * Bertl hmm, quite old then, would you mind testing a newer release?
1155526914 M * lylix k, ill have to round up an extra 64-bit host
1155526927 M * Bertl there should be some in gentoo too, but you could take as well: http://vserver.13thfloor.at/Experimental/patch-2.6.17.7-vs2.0.2-rc28.diff
1155526953 M * lylix yep, was gg to try that until i found out that 2.0.1 works great on 32-bit
1155526967 M * lylix same kernel/patchset, just not working on 64-bit
1155526999 M * Bertl it's quite unusual and I do not remember that we fixed something in the scheduler which would affect 32vs64 bit
1155527045 M * Bertl but I'd prefer to test with the latest tree, instead of fixing/changin a relatively old release
1155527055 M * lylix are thee any standard kernel opts that might effect its operation?
1155527077 M * Bertl well, the important option is the hard cpu scheduler itself
1155527090 M * lylix in the vserver menus?
1155527097 M * lylix yep have that
1155527100 M * Bertl if you disable that one, and/or do not set the hard cpu scheduling flag, it will not work
1155527113 M * lylix k, all those aspects are covered
1155527122 M * Bertl almost thought so :)
1155527139 M * lylix how "latest" is recent enough for a production enviro?
1155527171 M * Bertl we are releasing 2.0.2 pretty soon now(tm) so it should be quite production ready
1155527208 M * lylix k, do you foresee any show stopping bugs in the current 2.0.2_rc28?
1155527232 M * Bertl no, if there were any, we would be working hard to fix them right now :)
1155527235 M * lylix i actually have it compiled and ready for next reboot
1155527248 M * lylix maybe i can schedule it in tonight
1155527306 M * Bertl okay, lets capture the contents of /proc/virtual/<xid>/* for two guests, one on x86, the other on x86_64, both having hard scheduling enabled, yes?
1155527316 M * Bertl is that possible right now?
1155527328 M * lylix with current implementation? sure...
1155527342 M * Bertl okay, please upload the contents to paste.linux-vserver.org
1155527344 M * lylix give me a couple to load up cpu_hog in some test vservers
1155527350 M * Bertl okay, np
1155527363 M * lylix first to do this, so bear withme ;)
1155527388 M * lylix btw, this is running the original cpu_hog
1155527403 M * lylix latter veriosn (threaded) was being difficult
1155527613 M * doener Bertl: what about can we break cow links on chmod? (see ml)
1155527620 M * lylix 32-bit: http://paste.linux-vserver.org/240
1155527675 M * Bertl doener: daniel has patches for that, IIRC, but I'm not there yet (ml)
1155527716 M * doener ok
1155527756 M * lylix 64-bit: http://paste.linux-vserver.org/241
1155527848 M * lylix tokens just hovering around max, but never drop enough to put process on hold, cpu showing 100% usage
1155528016 M * Bertl yeah, interesting, flags and such look fine, also both machines seem reasonably similar to compare them
1155528039 M * lylix yes, same archs other than one using an intel board, other using an ati
1155528046 M * lylix same cpu, ram, etc.
1155528073 M * lylix only obvious difference is 64-bit vs. 32-bit
1155528184 M * Bertl okay, let's check with 2.0.2-rc28 whenever you get around installing that
1155528201 M * Bertl (of course, a dedicated test machine would be optimal)
1155528269 M * Bertl I'm basically off to bed now, but I'll be around in about 12hours (for a little longer, I hope :)
1155528304 M * lylix yep, id do it on my workstation quickly, but alas... i dont believe reiser4 is officially in the sources yet ;)
1155528335 M * Bertl no, still reiser3 there :)
1155528353 M * lylix 4-5 months
1155528363 M * lylix ahhh... sri
1155528380 M * lylix saying... not sure why... reiser4 has been rock solid here for over 4-5 mnths
1155528387 M * lylix on workstations that is
1155528396 M * Skram Good night, Bertl 
1155528436 M * Bertl lylix: well, I guess it is mainly because of the very intrusive changes to the vfs layer :)
1155528460 M * lylix :)
1155528461 M * Bertl i.e. stuff which _should_ have been done in the vfs layer but _was_ done in reiser4
1155528496 M * Bertl anyway, thanks for reporting and TIA for testing this
1155528502 M * lylix cant wait til zfs hits linux... thatll be the fun fs... anyways, ciao
1155528515 M * Bertl I'm off to bed now ... have fun everyone!
1155528523 N * Bertl Bertl_zZ
1155530488 Q * coocoon Quit: KVIrc 3.2.0 'Realia'
1155530997 J * coocoon ~coocoon@p54A074E9.dip.t-dialin.net
1155531402 J * ntrs_ ~ntrs@68-188-51-87.dhcp.stls.mo.charter.com
1155531402 Q * ntrs__ Read error: Connection reset by peer
1155534928 Q * coocoon Quit: KVIrc 3.2.0 'Realia'
1155536021 M * lylix any ideas where the IP/vserver limit is in the 2.0.2 patchset?
1155537318 J * coocoon ~coocoon@p54A0533F.dip.t-dialin.net
1155538678 J * meandtheshell ~markus@85-125-231-228.dynamic.xdsl-line.inode.at
1155539137 J * dna ~naucki@p54BCEEA6.dip.t-dialin.net
1155540520 Q * Aiken_ Ping timeout: 480 seconds
1155541614 Q * FireEgl Quit: Bye...
1155541971 J * Lauer ~Lauer@mail.tema.de
1155542404 Q * ekc2 Ping timeout: 480 seconds
1155542877 J * FireEgl ~FireEgl@2001:5c0:84dc:1:4::
1155542899 M * Lauer hmmm ... so I've had problems with chbind, now I have a different problem again
1155542927 M * Lauer chbind: vc_set_ipv4root(): Function not implemented
1155542932 M * Lauer what did I do wrong?
1155543574 J * renihs ~penguin@83-65-34-34.arsenal.xdsl-line.inode.at
1155543637 M * Lauer gentoo default install using the gentoo vserver howto btw
1155543651 M * Skram well, i think im off for now.. im going to splurge and sleep 5 hours instead of 4
1155543654 M * Skram peac
1155543656 M * Skram e
1155543700 M * FaUl Lauer: do you have booted a linux-vserver-enabled kernel?
1155543745 M * Lauer yes, it is gentoo vserver-sources
1155543914 M * Lauer FaUl: I've had to tweak util-vserver already since it didn't enable network virtualization at all
1155543924 M * FaUl ah
1155543969 M * FaUl if you don't enable network virtualization its obvious that vc_set_ipv4root is not implemented
1155544045 M * Lauer it used to fail with one error, I added --enable-apis=NOLEGACY to configure and the first chbind error went away
1155544050 M * Lauer now I have a different one :-)
1155544183 Q * FireEgl Quit: Bye...
1155544209 M * coocoon Lauer: can u paste vserver-info
1155544225 M * Lauer so ... any ideas why I'm running into chbind problems?
1155544304 M * Lauer coocoon: it'll take me a second to get nopaste installed, please standby :-)
1155544335 M * coocoon paste it here http://paste.linux-vserver.org/ ;-)
1155544372 M * Lauer problem is: I have to work from a stupid terminal driver (windows XP)
1155544373 M * coocoon and also interesting is the vserver part in the kernel config, i am sorry do not know the grep command
1155544383 M * Lauer so I don't have c&p from my ssh connections
1155544436 J * FireEgl FireEgl@Sebastian.Atlantica.US
1155545034 M * Lauer coocoon: http://www.rafb.net/paste/results/ba5vlF52.html
1155545047 J * schimmi ~sts@port-212-202-73-176.dynamic.qsc.de
1155545127 M * Lauer need to restart, brb
1155545129 Q * Lauer Quit: leaving
1155545364 J * pisco ~pampel@p5087A871.dip0.t-ipconnect.de
1155546368 Q * pisco Quit: Download Gaim: http://gaim.sourceforge.net/
1155546877 Q * schimmi Ping timeout: 480 seconds
1155546951 J * Viper0482 ~Viper0482@p54976D6E.dip.t-dialin.net
1155547530 N * meebey_ meebey
1155547651 J * Lauer ~Lauer@mail.tema.de
1155547657 M * Lauer back
1155547678 N * Lauer bonsaikitten
1155547756 M * bonsaikitten coocoon: did you see my vserve-info paste?
1155547810 M * coocoon bonsaikitten: yes i have seen it maybe u can also paste the VSERVER part from u r kernel config, sorry do not know the grep command, for showing only the important lines
1155547847 M * bonsaikitten ok, I had to shutdown that box, I'll do that as soon as it's back up
1155547852 M * bonsaikitten thanks for helping
1155547871 M * coocoon why that
1155547902 M * bonsaikitten wiring problems :-) 
1155547924 M * coocoon ok
1155548276 M * sid3windr daniel_hozac: host's init, machine doesn't boot
1155548588 M * bonsaikitten coocoon: http://www.rafb.net/paste/results/EpMTUf94.html
1155548639 M * coocoon bonsaikitten: u must disable CONFIG_VSERVER_LEGACY=y and CONFIG_VSERVER_LEGACY_VERSION=y
1155548783 M * bonsaikitten 'k
1155548875 A * bonsaikitten needs another reboot
1155548879 Q * bonsaikitten Quit: leaving
1155549096 J * schimmi ~sts@host82.natpool.mwn.de
1155549315 Q * michal_ Ping timeout: 481 seconds
1155549918 J * michal_ ~michal@www.rsbac.org
1155550074 J * lilalinux ~plasma@dslb-084-058-204-250.pools.arcor-ip.net
1155551380 Q * Roey oxygen.oftc.net strange.oftc.net
1155551380 Q * Johnnie oxygen.oftc.net strange.oftc.net
1155551420 J * ntrs ~ntrs@68-188-51-87.dhcp.stls.mo.charter.com
1155551437 Q * ntrs_ Read error: Connection reset by peer
1155551629 J * Johnnie ~john@dynamic-acs-24-154-53-237.zoominternet.net
1155551629 J * Roey ~katz@h-69-3-4-130.mclnva23.covad.net
1155552688 J * me1 ~mef@c-68-39-177-97.hsd1.nj.comcast.net
1155552698 P * me1 
1155553577 Q * s0undt3ch Ping timeout: 480 seconds
1155553746 J * s0undt3ch hqvtrfc@bl7-249-187.dsl.telepac.pt
1155555902 Q * s0undt3ch Ping timeout: 480 seconds
1155556895 J * s0undt3ch vcxukfm@bl7-243-147.dsl.telepac.pt
1155557465 J * pisco ~pampel@p5087A871.dip0.t-ipconnect.de
1155558182 Q * h01ger Remote host closed the connection
1155558205 J * h01ger ~holger@socket.layer-acht.org
1155560131 J * hallyn ~xa@adsl-75-21-68-95.dsl.chcgil.sbcglobal.net
1155560171 Q * pisco Quit: Download Gaim: http://gaim.sourceforge.net/
1155560749 J * pisco ~pampel@p5087A871.dip0.t-ipconnect.de
1155561491 Q * pisco Remote host closed the connection
1155561532 J * pisco ~pampel@p5087A871.dip0.t-ipconnect.de
1155561701 J * mef ~mef@targe.CS.Princeton.EDU
1155561704 P * mef 
1155562194 J * Suleyman ~KLavye-8-@88.224.185.7
1155562198 P * Suleyman 
1155563393 J * gerrit ~kvirc@dslb-084-060-241-056.pools.arcor-ip.net
1155564252 M * michal_ Bertl_zZ: ping when you are back :]
1155565048 Q * Viper0482 Ping timeout: 480 seconds
1155565893 N * Belu_zZz Belu
1155566129 J * shedi ~siggi@dsl-og-108-50.du.vortex.is
1155566271 J * kir_home ~kir@65.91.114.3
1155567157 Q * coocoon Quit: KVIrc 3.2.0 'Realia'
1155567554 Q * meandtheshell Quit: bye bye ... 
1155567800 M * derjohn does anyonew compile vserver kernel(s) with gcc-4.1? On x86_64? seems to fail here, now trying to switch back to gcc-4.0
1155567886 J * meandtheshell ~markus@85-124-206-202.dynamic.xdsl-line.inode.at
1155568175 M * lylix derjohn: have you had vserver kernel running on x86_64 previously?
1155568206 M * cehteh lylix: i have .. but its somewhat older
1155568206 M * derjohn lylix, sure, devel version. i'm using it in production.
1155568220 M * lylix are you using token bucket scheduling?
1155568246 M * derjohn the same kernel runs fine on x86. it's 2.6.17.8-rc28 (see: linux-vserver.derjohn.de)
1155568258 M * derjohn lylix, yes
1155568268 M * derjohn sched_hard and sched_prio
1155568272 M * lylix vserver patchset 2.0.2? or 2.1.1?
1155568275 M * derjohn 2.1.1
1155568278 M * derjohn rc28
1155568302 M * lylix hmm, ok... i was running 2.0.1, upgraded to 2.0.2rc28 and token handling is not working
1155568314 M * lylix spoke with bertl about it last night
1155568338 M * lylix same kernel/patchset on a 32-bit system is working fine though
1155568343 M * derjohn you use x86_64 ?what did he say?
1155568364 M * lylix i dumped /proc/virtual/<xid>/ info here:
1155568399 M * lylix http://paste.linux-vserver.org/240
1155568400 M * lylix http://paste.linux-vserver.org/240
1155568401 M * lylix http://paste.linux-vserver.org/240
1155568410 M * lylix sri, darn carriage return stuck
1155568413 M * lylix http://paste.linux-vserver.org/241
1155568431 M * lylix on x86_64 tokens just hover around max value
1155568440 M * lylix had cpu_hog running in both cases
1155568462 M * lylix 32-bit systems worked fine, hovering betw 0 and min after initial burst
1155568492 M * lylix the only difference in the systems/kernels is 32-bit vs. 64-bit
1155568508 M * lylix and i applied a change to include/linux/vserver/network.h
1155568561 M * lylix ie. #define NB_IPV4ROOT     40
1155568584 M * derjohn lylix, hm, i run 64 bit hosts on debian with 32 bit guests (we do so to have the possibilty to move the guests from one host to another without 32 vs 64 bit hassles)
1155568590 M * lylix the IP limit was changed on the 64-bit system
1155568601 M * lylix same here
1155568614 M * derjohn i rise the limit to 64 or 256 Ip
1155568628 M * derjohn do you use sched_hard?
1155568659 M * lylix is that all that needs changed, network.h? or are there more changes in kernel tree?  i already have util-vserver setup w/ 64 IP limit
1155568665 M * lylix hard
1155568691 M * lylix enabled in kernel and flag set
1155568716 M * derjohn lylix, check out http://linux-vserver.derjohn.de/dpatch-directory-2.6.17.8-rc28/ patch 12 :) It's only one define you have to change.
1155568772 M * derjohn feel free to test the behavior with a devel version. there a many changes in devel when it comes to the scheduler AFAIR. (I dont use stable anymore - need to run bind9 in guest)
1155568803 M * lylix whats that about?
1155568818 M * lylix we compile bind w/o caps
1155568831 M * lylix you mean you dont need to do that anymore w/ devel patchset?
1155568862 M * derjohn 2.6.15-vs2.0.1-gentoo-r5-64  <-- you are gentoo, you are used to compile :)
1155568913 M * derjohn with devel you can run bind9 and pure etc. without disableing the capabilies support
1155569070 M * lylix yep, compiling/patching is no biggie
1155569084 M * lylix ill have to fire up a test box later today then and see...
1155569108 M * lylix for a while, it seemed like a low setting on the IP limit allowed it to work
1155569128 M * lylix which made me think it was effecting the scheduling, but didnt make any sense
1155569164 M * lylix then the CPU usage began escalating after a bit, just hovering around the ,max token limit
1155569383 J * stefani ~stefani@tsipoor.banerian.org
1155569443 M * derjohn hm, strange. as both thingies have nothing to do with each other. I have to admit i am not using many ips in guest anymore.
1155569517 J * Viper0482 ~Viper0482@p54977BC4.dip.t-dialin.net
1155570094 M * Belu Tonight 0.2 from www.openvcp.org is published, webinterface based on www.linux-vserver.org :D
1155570300 Q * shedi Quit: Leaving
1155570879 M * daniel_hozac Belu: you know linux-vserver.org is getting a major overhaul, right? :)
1155570915 M * doener daniel_hozac: I guess he meant to say "based on Linux-VServer"
1155570932 M * doener although I don't think that's quite the right term either
1155570958 M * daniel_hozac that didn't parse for me either.
1155570981 M * daniel_hozac derjohn: i'm using gcc 4.1.1 on x86_64 (as well as x86).
1155571017 M * doener daniel_hozac: more like a plain "foobar, a webinterface for Linux-VServer"
1155571035 M * daniel_hozac yeah.
1155571054 M * derjohn barfoo, a webinterface for Linux-VServer Management
1155571068 J * stanley_ ~stanley@61.170.213.32
1155571079 M * doener derjohn: does throwing in urls instead of names qualify for bullshit bingo?
1155571097 M * derjohn doener, sure ! :)
1155571117 P * stanley_ 
1155571213 J * coocoon ~coocoon@p54A06A1B.dip.t-dialin.net
1155571349 Q * kir_home Quit: Ухожу я от вас
1155571864 M * meebey I still have problems with interactive programs that run inside a vserver
1155571874 M * meebey like ncurses, openssl, debconf etc
1155571881 M * meebey vpn-openvpn_galilei:/etc/openvpn# openssl rsa < g1.vpn.gsd-software.net-key.pem > g1.vpn.gsd-software.net-key_np.pem 
1155571885 M * meebey User interface error
1155571887 M * meebey unable to load Private Key
1155571889 M * meebey I would like to know what the cause is
1155571900 M * meebey before I upgraded the vserver-util I think it worked
1155572048 M * meebey I ssh to the host, use vserver foo enter, and then I try to run an interactive program
1155572063 M * meebey lets see if it works when I use a console directly on the server
1155572155 Q * schimmi Ping timeout: 480 seconds
1155572229 M * meebey same from the console
1155572230 M * daniel_hozac what util-vserver version are you using?
1155572252 M * meebey ii  util-vserver                               0.30.210-8bpo2                             user-space tools for Linux-Vserver virtual private servers
1155572304 M * meebey I dont see anything in  /dev/pts
1155572308 M * meebey is that normal?
1155572327 M * meebey according to /proc/mounts its mounted though
1155572360 Q * renihs Quit: Leaving
1155572364 M * meebey Linux-VServer Test [V0.15] Copyright (C) 2003-2006 H.Poetzl
1155572368 M * meebey that testme is happy
1155572388 M * daniel_hozac do you have /dev/tty inside the guest?
1155572400 M * meebey yes
1155572407 M * meebey  ls /dev
1155572407 M * meebey MAKEDEV  console  fd  full  initctl  log  net  null  ptmx  pts	random	shm  stderr  stdin  stdout  tty  urandom  xconsole  zero
1155572411 M * daniel_hozac and it's a device node?
1155572432 M * meebey hm no
1155572448 M * meebey its a file
1155572458 M * daniel_hozac that's obviously not right.
1155572460 M * meebey vpn-openvpn_galilei:/# cat /dev/tty
1155572460 M * meebey Enter pass phrase for g1.vpn.gsd-software.net-key.pem:
1155572462 M * meebey eh :)
1155572469 M * meebey thats the question that openssl should have asked me! :)
1155572478 M * daniel_hozac it expected to find you on /dev/tty.
1155572484 M * meebey uh
1155572492 M * meebey so delete it and copy from host?
1155572495 M * daniel_hozac yep
1155572509 M * meebey lemme try
1155572548 M * mnemoc copy pts from host?
1155572549 M * meebey weeee!
1155572552 M * meebey it works again
1155572552 M * mnemoc o.o
1155572557 M * meebey daniel_hozac: thank you so much
1155572564 M * meebey daniel_hozac: this was driving me crazy :)
1155572586 M * meebey so somehow that one became a file instead of a nod
1155572592 A * meebey checks his vserver template
1155572617 M * meebey the template has no /dev/tty
1155572619 M * meebey uh
1155572632 M * meebey wondering how it worked before, with older vserver
1155572651 M * meebey ok so the cause of my problem is found, I will fix that on all deployed vservers now
1155573898 Q * Hunger arion.oftc.net europa.oftc.net
1155574043 J * Hunger Hunger.hu@Hunger.hu
1155574234 M * daniel_hozac doener, Bertl_zZ: re Aiken's filp leak on COW, isn't it due to fs/namei.c:open_namei calling path_lookup_open which gets nd->intent.open.file, which isn't freed by path_release(nd) (from the COW path) and we need to release_open_intent before that?
1155574961 Q * coocoon Quit: KVIrc 3.2.0 'Realia'
1155575085 M * daniel_hozac adding the release_open_intent seems to fix it here.
1155575596 J * bonbons ~bonbons@83.222.36.236
1155575824 M * mnemoc OT: was ngnet posponed or it's merged on 2.1 ?
1155575848 M * daniel_hozac it's postponed.
1155575869 M * mnemoc thanks
1155575882 M * daniel_hozac how is that OT though? ;)
1155575901 M * mnemoc not about leaking cows :p
1155575961 Q * bonbons Quit: Leaving
1155576111 J * bonbons ~bonbons@83.222.36.236
1155577338 J * zkbrsnie ~zkbrsnie@83-64-146-226.klosterneuburg.xdsl-line.inode.at
1155577786 J * shedi ~siggi@inferno.lhi.is
1155578174 Q * insomniac Quit: leaving
1155578192 J * coocoon ~coocoon@p54A05ED7.dip.t-dialin.net
1155578205 J * insomniac ~insomniac@slackware.it
1155578238 Q * insomniac 
1155578272 J * insomniac ~insomniac@slackware.it
1155578436 J * schimmi ~sts@port-212-202-73-176.dynamic.qsc.de
1155579094 N * Bertl_zZ Bertl
1155579098 M * Bertl evening folks!
1155579100 M * phedny hi :)
1155579244 M * Bertl daniel_hozac: ah, excellent, didn't dig into that yet, good work!
1155579278 M * Bertl mnemoc: LOL @ leaking cows
1155579414 M * mnemoc :)
1155579867 M * Hollow Bertl: what do you think about this fix/feature for persistent? http://home.xnull.de/misc/delta-persistent-fix01.patch
1155579891 M * Hollow would save me some forks :)
1155579931 M * Bertl hmm .. basically not migrating your creation task
1155579942 M * Hollow yep
1155579997 M * Bertl do we really want that in all cases? what about having a flag which basically prohibits this migration?
1155580011 M * Bertl (just an idea)
1155580012 M * Hollow another one?
1155580029 M * Hollow would be ok for me too
1155580058 M * Bertl well, there is a certain relation between PERSISTENT and not migrating the creator ...
1155580073 M * Bertl daniel_hozac: what's your opinion on that?
1155580596 M * mnemoc (OT: the VS at the mediawiki's logo has an ugly frame)
1155580608 A * Hollow giggles
1155580615 M * Bertl which is part of the logo :)
1155580629 M * mnemoc the VS
1155580642 M * mnemoc a gray box around it here
1155580643 M * Bertl the frame around the VS letters
1155580648 M * mnemoc yes
1155580652 M * mnemoc is it intentional?
1155580661 M * Bertl yep, so that we can have the VS only too
1155580675 M * mnemoc o.o
1155580817 M * Hollow like in the favicon ;)
1155580843 M * mnemoc i'm blind enough to not see the frame around the favicon :p
1155580867 M * mnemoc but the frame around the VS really looks like a bug :p
1155580887 M * Hollow Bertl: btw, i saw the vs_state_change in ctx_create... would it be possible to implement the startup of a guest in vshelper?
1155580906 M * Hollow s/possible/intended/
1155580912 M * Bertl mnemoc: that's the idea, it isn't there when used as 'VS' only .. well, nobody said so yet ... let's see what other folks say
1155580942 M * Bertl Hollow: yes, you could do 90% of the external setup from there
1155580958 M * Hollow i'll probably give that a try
1155581096 A * Belu is away (i�ll be back later...)
1155581097 N * Belu Belu_zZz
1155581154 M * Hollow Bertl: in the non-legacy/sync case the ctx_create returns only if the vshelper returned, right?
1155581180 J * shedii ~siggi@inferno.lhi.is
1155581210 M * Bertl Hollow: yep, and it should give a proper reply code too
1155581213 M * Bertl wb shedii!
1155581235 M * shedii thank you Bertl
1155581253 M * Hollow excellent
1155581338 M * daniel_hozac i think it makes sense to not migrate the creation task if the context is persistent.
1155581375 M * Bertl okay, then we'll add that to the next patch ...
1155581387 M * Hollow great, thx
1155581519 M * Hollow Bertl: what are the signal fix deltas about?
1155581548 M * daniel_hozac privacy fixes?
1155581569 Q * shedi Ping timeout: 480 seconds
1155581574 M * Bertl yep, they basically ensure that the guest is not killed without giving guest-init a chance
1155581582 Q * michal_ Ping timeout: 481 seconds
1155581611 M * Bertl once init is gone, or when it is not present at all, the kill can proceed
1155581649 M * Hollow but with init you can only kill it if no other processes are present, or send it a sigint?
1155581668 M * Bertl precisely, so init is supposed to terminate
1155581689 M * Bertl all other signals will be mapped to SIGINT as long as it is there
1155581739 Q * zkbrsnie Ping timeout: 480 seconds
1155581743 J * meebey_ meebey@booster.qnetp.net
1155581743 Q * meebey Read error: Connection reset by peer
1155581830 M * Bertl daniel_hozac: btw, I had to make a few changes to util-vserver, to allow for secure/private mounting
1155581855 M * Bertl daniel_hozac: do you think it is a problem to do all the fstab mounting from _inside_ the context?
1155581855 M * daniel_hozac oh?
1155581884 M * Bertl should we have a separate fstab.ctx or so?
1155581904 M * Bertl if so, then the rootfs mount has to check that too
1155581909 M * daniel_hozac when would it happen?
1155581919 M * Bertl I'll upload the patches, sec
1155581926 M * daniel_hozac IMHO mounting has to happen before the guest is started.
1155581953 M * daniel_hozac and the context doesn't exist before the guest is started, so it's kind of a catch-22.
1155581985 M * Bertl well, it works fine here, but give me a minute :)
1155582025 M * daniel_hozac i guess adding secure-mount to the giant command might work.
1155582147 M * Hollow ah, mount from inside.. you read my mind Bertl :)
1155582207 M * Bertl daniel_hozac: this is a change to allow to have a script _before_ something happens:
1155582210 M * Bertl http://vserver.13thfloor.at/Experimental/TOOLS/util-vserver-0.30.210-initialize.patch
1155582227 M * Bertl (i.e. especially before a rootfs mount occurs)
1155582249 J * michal_ ~michal@www.rsbac.org
1155582261 M * Bertl and this is the 'hack' I did to get the mounts _into_ the context:
1155582262 M * Bertl http://vserver.13thfloor.at/Experimental/TOOLS/util-vserver-0.30.210-context-mount.patch
1155582281 M * Hollow Bertl: another fix for vshelper.. for VXF_REBOOT_KILL it would probably make more sense to kill before the helper is called... http://home.xnull.de/misc/delta-rkill-fix01.patch
1155582298 M * Skram Hey guys
1155582323 M * Bertl Hollow: hmm, then the helper would have no control of the action, no?
1155582349 M * Hollow how does it have controlled afterwards?
1155582375 M * Bertl when the helper says no (i.e. error) the kill is not executed, right?
1155582424 M * Bertl when the helper wants to act after the kill, it simply spawns a waiter, which acts when the context is gone
1155582472 M * Hollow mhm, makes sense..
1155582475 M * Bertl note that moving it after the kill, will not guarantee that the context isn't there, on the contrary, the context _will_ still exists at this point
1155582499 M * Bertl aside from that, you also have the context shutdown helper, which could be used
1155582529 M * Hollow the shutdown helper is called once the context has disappeared, right?
1155582535 M * Bertl yep
1155582637 M * Hollow Bertl: the mounting from inside.. does it work already, or did you made a patch for it? (kernel-side of things)
1155582648 M * Hollow with VXC_SECURE_MOUNT i assume
1155582655 M * Bertl yes, works fine with devel branch
1155582677 M * Bertl at the tool stage (util-vserver) you do not need SECURE_MOUNT
1155582687 M * Bertl of course, inside the guest you need that
1155582709 M * Hollow what do you mean with tool stage?
1155582752 M * Bertl well, you can as well do the mounts _inside_ the context/namespace but with elevated capabilities
1155582810 M * Bertl daniel_hozac: what I would envision is to extend the secure mount to take a context id too
1155582825 M * Bertl daniel_hozac: and when given, then it actually does the mount inside the context
1155583014 M * daniel_hozac i fail to see why the mount has to happen inside the context.
1155583035 M * Bertl because devices like loop or dm are tagged with the context id
1155583066 M * Bertl otherwise they would not know which context they belong to (similar to pts)
1155583067 M * daniel_hozac ah, so you can't mount a loopback device on the host and have the guest use it? or just for inter-guest checks?
1155583082 M * Bertl you can have three variants here:
1155583111 M * Bertl - strict isolation (everything expect identical id is rejected)
1155583135 M * Bertl - weak isolation/blendthrough (0 can be used everywhere, >0 is blocked)
1155583197 M * Bertl - >0 is not accessible from 0 but 0 can be used in >0
1155583240 M * Bertl the second one is better described as almighty admin + blendthrough
1155583434 M * daniel_hozac yeah.
1155583482 M * daniel_hozac i haven't read the isolation and privacy patches yet, so which behavior is used there?
1155583490 Q * Johnnie Read error: Connection reset by peer
1155583524 M * Bertl I decided togo for a general admin decision at compile time, which is called PRIVACY
1155583552 M * Bertl i.e. if you enable that, most checks for ANDMIN/WATCH are disabled, where they interfere with privacy issues
1155583558 J * Johnnie ~john@dynamic-acs-24-154-53-237.zoominternet.net
1155583567 M * Bertl (this happens via a simple define)
1155583607 M * daniel_hozac ok.
1155583608 M * Bertl with privacy enabled, you get the strict isolation wherever possible, but still have admin caps as long as you do not remove the flag
1155583635 M * Bertl i.e. you can enter and/or modify the guest as long as the flag is set
1155583657 M * daniel_hozac right.
1155583658 M * Bertl the enter can be disabled with the LOCK flag, but that isn't even required if you remove the ADMIN flag
1155583873 M * Bertl together with the context tagging of (for now certain) devices, you should be able to have cryptoloop inside a guest, which cannot be accessed from outside
1155583926 M * Bertl (note, given that the kernel is intact :)
1155583998 M * daniel_hozac hehe.
1155584118 M * Bertl but that is the same problem with tcfs and friends
1155584135 M * daniel_hozac tcfs?
1155584150 M * Bertl transparent cryptographic filesystem
1155584162 M * daniel_hozac ah.
1155584164 M * Bertl basically gives you 'per guest' encryption
1155584167 M * daniel_hozac never heard of that before.
1155584173 M * Bertl guest/user
1155584304 M * daniel_hozac will the context stay around due to the mounts, or how do your patches work?
1155584316 M * daniel_hozac or is it just the tagging that's important?
1155584328 M * Bertl no, only the xid is recorded, so that's all what matters
1155584340 M * daniel_hozac ok.
1155584453 M * daniel_hozac are the IPC changes in delta-privacy-feat01 intentional? (VX_IDENT->VX_WATCH_P|VX_IDENT)
1155584481 M * Bertl yes, I thought it might be good to extend the non-privacy case too
1155584493 M * daniel_hozac ok, just checking :)
1155584500 M * Hollow hm, i don't quite get the privaqcy feature...
1155584532 M * Hollow does this change the behaviour of xid = 1?
1155584536 M * daniel_hozac default y for CONFIG_VSERVER_PRIVACY?
1155584562 M * Bertl Hollow: basically it allows a benevolent system administrator to protect a guest against attacks/access from the host
1155584582 M * Hollow ah.. ok
1155584587 M * Bertl daniel_hozac: it seemed to match more the current default
1155584610 M * Bertl i.e. we have privacy for pts and ipc already
1155584665 M * daniel_hozac sure, but this seems to change a lot of other things as well, like vkill.
1155584666 M * Bertl and I didn't see any unwanted effects with existing tools (unpatched) so it seemed fine
1155584705 M * Bertl vkill should only be affected with a guest lockdown
1155584731 M * daniel_hozac so i'm misinterpreting the delta-privacy-feat01 check_kill_permission hunk?
1155584741 M * Bertl sec
1155584745 J * PowerKe ~icuser@d5153A0DA.access.telenet.be
1155584751 M * Bertl welcome PowerKe!
1155584772 M * PowerKe Hi Bertl :)
1155584856 M * Bertl daniel_hozac: probably, IIRC that is only affecting user level kills
1155584866 M * daniel_hozac ok.
1155585083 M * daniel_hozac i guess it might be quite unexpected to not have xid 1 be able to see everything anymore though.
1155585147 M * Bertl it doesn't affect process info atm, but maybe we make that a choice lateron (instead of a bool)
1155585162 M * Bertl i.e. something like privacy-level or so
1155585171 M * daniel_hozac makes sense.
1155585176 Q * Viper0482 Quit: one day, i'll find this peer guy and then i'll reset his connection!!
1155585180 M * daniel_hozac maybe have it runtime tunable in proc too.
1155585194 M * Bertl not sure that is a good idea, but maybe ..
1155585388 M * Bertl in any case, this differtiation will allow to provide more privacy on one side, and more ways for 'fascist logging' on the other :)
1155585414 M * Bertl (like the often requested access to terminal devices)
1155586386 M * Bertl should have the cleanup results for 2.0.2 in a few minutes :)
1155586406 J * ntrs_ ~ntrs@68-188-51-87.dhcp.stls.mo.charter.com
1155586407 Q * ntrs Read error: Connection reset by peer
1155586418 M * Hollow Bertl: any timeframe for 2.2.0 yet?
1155586512 M * Bertl not really, but right after 2.0.2, we will release 2.1.1 and start trimming down that for a 2.1.2 (i.e. remove legacy stuff and such), after that we will start adding the network stuff in parallel
1155586551 M * Hollow netowrk stuff? ipv6?
1155586576 M * Bertl yep, and we will probably have a third branch which follows/uses -mm too :)
1155586599 M * Bertl with a little luck, all that will happen with git :)
1155586613 M * Hollow nice ;)
1155587024 J * tatiane ~tatiane@201009067213.user.veloxzone.com.br
1155587129 Q * tatiane 
1155587153 Q * gerrit Quit: KVIrc 3.2.0 'Realia'
1155587229 M * Bertl interesting that tatiane person :)
1155588707 J * DreamerC_ ~dreamerc@59-112-2-165.dynamic.hinet.net
1155588785 J * Aiken ~james@tooax6-025.dialup.optusnet.com.au
1155588856 M * Bertl welcome Aiken!
1155588975 M * Aiken hello
1155589072 Q * DreamerC Ping timeout: 480 seconds
1155589214 M * Bertl daniel_hozac: okay, I figured that the lock assertions are not needed anymore, and I think they are of dubious value, so here is a patch to remove them (we can keep them around for a test/debug patch or so)
1155589223 M * Bertl http://vserver.13thfloor.at/Experimental/delta-locks-clean01.diff
1155589242 Q * Adrinael Quit: Maintenance.
1155589265 M * Bertl further, here are all whitespace cleanups I found to make 202 smaller (i.e. reduced changes to mainline)
1155589271 M * Bertl http://vserver.13thfloor.at/Experimental/delta-vs202-white01.diff
1155589310 M * Bertl and finally, a few cleanups (i.e. removed commented stuff and unnecessary modifications)
1155589313 M * Bertl http://vserver.13thfloor.at/Experimental/delta-vs202-clean01.diff
1155589351 Q * dna Quit: Verlassend
1155590540 M * daniel_hozac it all looks fine to me.
1155590617 M * ray6 reeeee Bertl
1155590810 M * Bertl hey ray6!
1155590843 M * brc_ Do i need to change anything on kernel config doing an upgrade on server from 2GB RAM to 4GB RAM?
1155590855 M * daniel_hozac depends on your arch.
1155590885 M * Bertl brc_: I would not suggest to update an x86 box to 4GB
1155590900 M * Bertl at least one megabyte is definitely wasted there
1155590943 M * Bertl s/mega/giga/ :)
1155591080 M * brc_ Bertl: Hm!! this is a x86 box. So i am lsoing 1 GB  ? :( Better to leave 3 gb ?
1155591102 M * Bertl well, I assume it is a vserver host :)
1155591127 M * brc_ yes it is!
1155591137 M * Bertl thing here is, you can use up to 3GB with the proper split
1155591153 M * Bertl above that, you have to use highmem, which adds overhead
1155591168 M * brc_ Is it better to haev 3GB than 4GB ?
1155591174 M * brc_ in this case..
1155591179 M * Bertl so to make use of that last GB (with a 4GB box) you add overhead to the entire system
1155591195 M * Bertl which IMHO isn't worth it ...
1155591214 M * Bertl the change from 2GB to 3GB without highmem makes sense though
1155591226 M * Bertl (you have to make sure that the proper split is enabled)
1155591231 M * brc_ I am having swap problems. Even in this case isn't it worth it ?
1155591263 M * Bertl could you upload /proc/meminfo somewhere?
1155591281 M * brc_ Sure
1155591282 M * brc_ hold
1155591306 M * ebiederm If you can run an x86_64 kernel you don't have to play the silly highmem games.
1155591330 M * Bertl well, unlikely on an x86 box :) well, maybe with QEMU :)
1155591373 M * ebiederm If the box is new enough it might just be running in 32bit mode for some strange reason.
1155591397 M * Bertl wouldn't be an x86 box then, no?
1155591405 J * Adrinael adrinael@hoasb-ff09dd00-79.dhcp.inet.fi
1155591420 M * ebiederm It wouldn't just be an x86 box. 
1155591422 M * Bertl welcome Adrinael!
1155591422 M * brc_ this is a x86 box
1155591443 M * ebiederm brc_:  You can't run a 64bit kernel?
1155591447 M * Adrinael Hello again.
1155591488 M * ebiederm brc_:  A recent 32bit only box that will allow you to put 4GB into is a weird place in the hardware spectrum.
1155591524 M * brc_ i though that most 32bit boxes would allow GB
1155591543 M * brc_ 4GB
1155591585 M * Bertl they allow 4GB and even mor with PXE and PAE
1155591591 M * ebiederm Well the cpu certainly will allow 4GB. 
1155591603 M * ebiederm Bertl: Make that PSE and PAE.
1155591612 M * ebiederm brc_:  What processor do you have?
1155591626 M * brc_ pentium 2.8 D
1155591629 M * brc_ D = dual core
1155591652 Q * bonbons Quit: Leaving
1155591776 Q * hallyn Quit: leaving
1155592083 M * ebiederm Ok.  I did a quick lookup and at least one review lists that part as supporting em64t.
1155592101 M * ebiederm So it is quite possible you can run a 64bit kernel on that machine.
1155592120 M * ebiederm In /proc/cpuinfo do you should be able to see a lm capablity in the flags field.
1155592140 M * Bertl unfortunately that is as inconclusive as the ht flag there
1155592159 M * Bertl i.e. many celerons show the ht flag but are not ht capable
1155592181 M * Wonka thats evil...
1155592194 M * ebiederm Actually they only support one hyper thread if I recall.
1155592202 J * s4edi ~siggi@inferno.lhi.is
1155592213 M * ebiederm The lm flag should be more useful as it means you can run a 64bit kernel.
1155592253 M * ebiederm Regardless if you have a low end chipset I would still be careful with 4GB as there are frequently memory mapped I/O devices below 4GB.
1155592262 A * Wonka has 
1155592262 A * Wonka has flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss tm pbe nx
1155592298 M * Wonka so, with pse and pae, i should have more than 4GiB address space?
1155592305 M * ebiederm And if your chipset can't move the memory above 4GB then no matter what the software does you won't be able to see it.
1155592341 M * ebiederm It looks like your processor came out just on the edge of when Intel was introducing 64bit support, and so you don't have it ;(
1155592362 M * ebiederm With pse and pae yes your kernel can have 64bit page table entries.
1155592378 M * ebiederm The chipset issue is very relevant though.
1155592383 M * Bertl flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm up
1155592395 M * Bertl so this one should be able to do emt64?
1155592425 M * ebiederm Bertl:  I don't see the lm capability anywhere.
1155592433 M * Bertl ah, lm, okay, sorry
1155592509 M * ebiederm What is funny is having nx support without lm support.   As Intel initially implemented them in the other order (nx being non executable page tables)
1155592548 J * shedi ~siggi@inferno.lhi.is
1155592582 M * ebiederm I have: flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt lm 3dnowext 3dnow pni lahf_lm cmp_legacy
1155592589 M * ebiederm On my Opteron.
1155592599 Q * shedii Ping timeout: 480 seconds
1155592641 M * Bertl what's that lahf_lm ?
1155592720 M * ebiederm I haven't looked closely but one of the places where the initial x86_64 implementations differened is what they did with the load ah flags instruction lahf, so I assume it reports that instruction is supported.
1155592821 M * Bertl daniel_hozac: okay, so I'm going to send the 2.0.2 to PLM shortly, to check for gcc and similar messages, could you give it a sping with your include checking scripts too?
1155592867 Q * s4edi Ping timeout: 480 seconds
1155592872 M * mnemoc Hollow: vxpasswd is segfaulting :(
1155592917 M * ebiederm My early xeon looks like: flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall lm constant_tsc pni monitor ds_cpl est tm2 cid xtpr
1155592958 M * mnemoc Hollow: i'll rebuild with -g, but it's at sha1_transform
1155593218 Q * eyck Quit: leaving
1155593245 M * Wonka ebiederm: this is a Celeron M 370
1155593276 M * Wonka ebiederm: so it's a dumbed down version, so i don't really wonder there's features missing that were implemented earlier
1155593424 M * daniel_hozac Bertl: only false positives, so no problems found.
1155593442 M * Bertl looks good, tx!
1155593464 P * stefani I'm Parting (the water)
1155593490 M * brc_ Bertl: Just a conclusion here. If i want to have SPLIT 2/2 i should forget all those other options we changed on .config. right (expect the embeeded which makes it possible to use split)?
1155593524 M * Bertl yeah, the vmsplits depend on EMBEDDED
1155593536 M * brc_ thanks a lot :D
1155593548 M * Bertl but easiest way is to just remove the current SPLIT option, and do the make oldconfig
1155593565 M * Bertl (similar for the HIGHMEM part)
1155593660 J * ekc2 ~EKC@netblock-66-245-252-180.dslextreme.com
1155593678 M * brc_ ok thanks!
1155593694 M * Bertl welcome ekc2!
1155593738 M * ekc2 hello
1155593869 J * Piet ~piet@tor-irc.dnsbl.oftc.net
1155593884 M * Bertl wb Piet!
1155593896 M * Piet heya
1155593920 M * ekc2 is there way to bind localhost to 127.0.0.1 for multiple guests running under one host?
1155593936 M * Bertl yes, but it will not be secure 
1155593941 M * ekc2 right now, i have localhost bound to the ip-address for the guest
1155593957 M * Bertl which is the proper way to go for now
1155593972 M * ekc2 yeah, that's what i thought. just wanted to check if anyone has come up with something better
1155593997 M * Bertl we have patches which give you isolated lo, but they are just a working prototype
1155594073 M * ekc2 working prototype? would you advise against using them in a production environment?
1155594257 M * lylix Bertl: same conditions with tokens on 2.0.2
1155594287 M * lylix just hovering around max... rolling out a 2.1.1 kernel after a bit
1155594352 M * ekc2 bertl: is this the lo patch you were referring to?: http://www.13thfloor.at/~herbert/delta-lo0.05.1.diff.hl
1155594365 M * daniel_hozac Bertl: http://paste.linux-vserver.org/242
1155594391 M * daniel_hozac Bertl: is that me or fixed since -rc28 was released?
1155594453 M * daniel_hozac (got it when upgrading from 2.6.17.7-vs2.1.1-rc26.ipv6 to 2.6.17.8-vs2.1.1-rc28.ipv6)
1155594699 M * mnemoc Hollow: not very usefull but it's at sha1/sha1_transform.c:66 (r321)
1155594763 J * shedii ~siggi@inferno.lhi.is
1155595053 M * Skram for some reason I dont think RSS is reporting the true amount of RAM being used..
1155595072 M * Skram Actually, maybe RSS is and my script isnt
1155595086 M * Skram  vserver-stat 
1155595086 M * Skram CTX   PROC    VSZ    RSS  userTIME   sysTIME    UPTIME NAME
1155595086 M * Skram 0       83    53M  21.8M   4h17m51   2h13m57   4d01h05 root server
1155595087 M * Skram 10001   48   1.5G 539.4M  52m38s21   9m17s52   4d01h04 
1155595095 M * daniel_hozac vserver-stat is as incorrect as it gets.
1155595109 M * Skram right
1155595121 M * Skram so I built my own script to do it.. and it seems to under"estimate" now
1155595132 Q * shedi Ping timeout: 480 seconds
1155595147 M * Skram  XID      CURRENT LIMIT   HIT?    Ob.MAX      VS-ID
1155595148 M * Skram 17659   27.3    0       0       38.4        gete01-vs1-01
1155595154 M * Skram current 27.3M
1155595171 M * Skram it was always higher before the server reboot when i upgraded kernels
1155595179 M * Skram but thats what free -m inside the gust says
1155595182 M * Skram does free -m "work"?
1155595241 M * daniel_hozac yes.
1155595255 M * Skram hrmmm
1155595272 A * Skram whips out a calculator
1155595326 M * Skram all of them add up to ~380mb (all guests)
1155595345 M * Skram free -m | grep Mem
1155595345 M * Skram Mem:          2026       1971         55          0        231        847
1155595364 M * Skram but there is only 55mb free out of 2048mb?
1155595383 M * Johnnie 2026
1155595389 M * Skram yeah, okay.
1155595415 M * daniel_hozac 55 + 231 + 847
1155595431 M * Skram equals 1133
1155595440 Q * s0undt3ch Ping timeout: 480 seconds
1155595472 M * Johnnie The RSS has never been right to my calculations.
1155595475 M * Johnnie Never ever.
1155595483 M * Johnnie So, I don't even pay attention to that.
1155595488 M * Skram At one point my script seemed more accurate
1155595490 M * Johnnie Hell, htop and vtop don't even coincide.
1155595496 M * Skram :)
1155595502 M * Johnnie What's more, top doesn't either.
1155595507 M * Johnnie So, just guess and get used to it.
1155595512 M * daniel_hozac enter, /proc/virtual/x/limit.
1155595516 M * daniel_hozac where the kernel keeps track of it.
1155595538 M * Skram cat /proc/virtual/10001/limit | grep RSS
1155595538 M * Skram RSS:          8521           11997  
1155595540 M * Skram right
1155595549 M * Skram so the first data column divided by 256
1155595560 M * Skram equals 33
1155595569 M * Skram which coincides with free -m
1155595576 M * Skram (and the script I wrote)
1155595609 M * Johnnie Well then, there you go.
1155595644 M * Skram Right.. but now I am curious why these results do not seem to fit with the output of free -m (on the host)
1155595681 M * Johnnie If they don't fit, how do they coincide?
1155595684 Q * meandtheshell Quit: bye bye ... 
1155595718 M * Skram I miswrote; free -m on the guest and /proc/.../limit both coincide
1155595729 M * Johnnie Well, of course.
1155595741 M * Skram However the totals of all the guests do not coincide with the total (free -m) on the host
1155595743 M * Johnnie You're grabbing it out of that context.
1155595764 M * Johnnie Well, then add the guests, subtract that from the total and you have the results of what the host is using.
1155595788 M * Johnnie The host needs RAM time too. :)
1155595791 M * Skram I dont think a host would be using a gig and a quarter of ram, should it?
1155595812 M * Johnnie I doubt it.
1155595819 M * Johnnie But you're running more than one guest, I assume.
1155595824 M * Skram Indeed
1155595833 M * Johnnie Well, what are all of your guests adding up to?
1155595849 M * Skram Lets round up and say 400mb total for all the guests
1155595871 M * Skram according to free -m on the host, 2000mb of ram is currently used.
1155595888 M * Skram now, this is skewed (IIRC) because of cached memory, etc.
1155595906 M * Johnnie Well, I presume it's going to cache.
1155595912 M * Skram so subtract the 850mb cached, and w eget 1150mb free
1155595922 M * Johnnie As I said, I wouldn't wet the bed over poor RAM stats.
1155595934 M * Johnnie We've had this discussion, they're not accurate and I don't expect them to be.
1155595937 M * Skram I dont feel right to settle with just saying the host is consuming near 750mb
1155595959 M * Johnnie Yeah, and it's not likely that your guests are using that much, either.
1155595972 M * Skram Johnnie: Indeed we sort of did; Therefore I really am not asking you, and you being snippy and almost rude throughout this isnt appreciated
1155595990 M * Skram So, please, I understand what you think is going on, I would love to have other people's opinions for my own curiousity's sake
1155595993 M * Johnnie They're jailed processes...so, figure if Apache uses 12 MB or something and you have 12 guests running Apache, 144 MB of RAM are being used.
1155596005 M * Skram Right
1155596015 M * Johnnie I'm not being snippy.
1155596034 M * daniel_hozac Johnnie: except most of that is shared.
1155596051 M * Johnnie Correct, daniel_hozac.
1155596062 M * Johnnie I'm just going on basic logic of where RAM might be consumed.
1155596073 M * Johnnie Statistics do lie, Skram.
1155596082 M * Skram I know, Johnnie
1155596099 J * s0undt3ch vwaixjvc@bl7-248-115.dsl.telepac.pt
1155596114 M * Skram I am trying to find out if they are in this case ( daniel_hozac ?) or if RSS in free -m on the host is indeed doing the lying
1155596133 M * Skram *lieing
1155596138 M * Johnnie lying
1155596141 M * Skram okay, yeah
1155596152 M * Skram Its Monday, spelling doesnt count
1155596173 M * Johnnie Well, do as daniel_hozac said, since the kernel tracks the RAM anyway.
1155596195 M * Skram Which I am
1155596209 M * Johnnie I'm pretty sure lylix knows the answer to this, since I believe he and I discussed this a long time ago at some point.
1155596215 M * Skram so limits is showing the memory the VPS is using.. not including any cached (from the guest), etc.
1155596237 M * Skram s/limits/limit
1155596352 M * Skram anyone have any other explanations?
1155596380 M * Skram SO-- free -m on the host is skewed but correct inside the guest, only counting the guest's actual ram usage, not what the guest has cached
1155596397 M * Johnnie http://linux-vserver.org/Memory+Management
1155596412 M * Skram Okie Dokies
1155596423 M * Bertl ekc2: yes
1155596441 M * Bertl daniel_hozac: hmm, haven't encountered that yet, but seems like a namespace collision
1155596791 M * Johnnie Now that I read all of this, the memory management makes total sense, especially with setting limits.
1155596797 Q * ekc2 Ping timeout: 480 seconds
1155596847 M * Skram Im going to read it now
1155596880 M * Johnnie That should answer all of your questions.
1155596897 M * Johnnie In short, VServer doesn't do a lot in the way of totals accounting.
1155596939 M * Skram I am not asking for a quick fix on how to see how much RAM a VPS uses.. I am purely curious in the subject for my own knowledge and applying it to VServer limites
1155596941 M * Johnnie They're all where daniel_hozac said they'd be, in /proc/virtuals/<context>/limit, so if you wrote a script to add them, that'd be fairly accurate, minus paging.
1155596952 M * Skram well.
1155596954 J * ekc2 ~EKC@netblock-66-245-252-180.dslextreme.com
1155596999 M * Skram I did, i added divided by 256, and voila. Though that means the hosts is using hundreds of megabytes
1155597006 M * Johnnie No.
1155597007 M * Johnnie Not so.
1155597018 M * Johnnie As I said, "minus paging".
1155597039 M * Skram how would you account for the amount of paging?
1155597082 M * Johnnie Well, take what's being used on the hosts and guests, add those up, and figure the rest is going to miscellaneous paging.
1155597107 M * Skram how would you account for how much is used on the host? is there a /proc file for it?
1155597139 M * Johnnie cat /proc/meminfo
1155597168 M * Skram thats the total hosts
1155597180 M * Johnnie You see that there's also allocation. :)
1155597193 M * Johnnie The allocations are obviously being added up in the totals.
1155597222 M * Skram i get this from what you said: add the host and guests, minus the total (according to free -m) and assume the rest is going to paging
1155597239 M * Johnnie More or less.
1155597258 M * Skram when you say host, you mean the host not including guests
1155597268 M * Skram how do you figure that out, without counting the paging
1155597275 M * Johnnie It's either sitting in idle pages or in a state of allocation.
1155597287 M * Skram kind of like the equivalent of 
1155597287 M * Skram CTX   PROC    VSZ    RSS  userTIME   sysTIME    UPTIME NAME
1155597288 M * Skram 0       83    53M  21.8M   4h17m54   2h14m04   4d01h42 root server
1155597290 M * Skram but correct :)
1155597296 M * Johnnie cat /proc/meminfo
1155597337 M * Skram Total - Free?
1155597343 M * Skram that would show everything, including guests
1155597358 M * Skram you aren't being clear or I am not understanding you
1155597363 M * Bertl it also includes all buffers and caches
1155597366 M * Skram Right
1155597380 M * Skram so how to find out what ram *just* the "root server" is using
1155597407 M * Bertl very hard to do, as stuff might be shared with the guests
1155597413 M * Johnnie Right.
1155597418 M * Skram Alright
1155597420 M * Johnnie You would have to basically kill the guests and then look.
1155597435 M * Johnnie Which isn't really worth doing if you have production grade guests.
1155597444 M * Johnnie So, just guesstimate.
1155597449 M * Skram Well, I am talking in a development setting
1155597457 M * Bertl you could get an idea if you add up all the RSS sizes (from proc)and substract that from the physical memory
1155597470 M * Skram Bertl: that will give me what?
1155597476 M * Johnnie What's being used.
1155597480 M * Bertl the amount of host pages and caches used
1155597498 M * Skram does 1.5gb sound right if one is running multiple guests?
1155597506 M * Bertl for what?
1155597519 M * Skram total ram used minus RSS for each guest
1155597537 M * Johnnie Well, yes, it is the total RAM used, but like I said, you have allocation/paging.
1155597540 M * Bertl what is your total ram, and how large are the caches/buffers?
1155597548 M * Skram free -m
1155597550 M * Skram woops
1155597560 M * Johnnie If you do: cat /proc/meminfo, you can see that. :)
1155597566 M * Skram              total       used       free     shared    buffers     cached
1155597566 M * Skram Mem:          2026       1970         56          0        230        847
1155597567 M * Skram -/+ buffers/cache:        892       1134
1155597574 M * Skram Johnnie: correct, or free -m will parse that for you :)
1155597599 M * Johnnie I realize that.
1155597602 M * Bertl so that'd be 1.5GB-230M-847M-56M host only stuff
1155597613 M * Johnnie The objective is for you to parse the file to get the big picture of what's in there.
1155597629 M * Skram Bertl: okay
1155597633 M * Bertl roughly 400MB host pages
1155597635 M * Skram Right
1155597656 M * Skram Okay, Thanks
1155597835 M * Skram Bertl: if at all, when were RSS soft limit support added?
1155597843 M * Skram s/were/was
1155597868 Q * ntrs_ Read error: Connection reset by peer
1155597869 J * ntrs_ ~ntrs@68-188-51-87.dhcp.stls.mo.charter.com
1155597890 M * Bertl it was added some time ago for devel, it is mainly to figure over limit guests and to show proper mem/swap values
1155597902 M * Skram right
1155597906 M * Skram that is what I am trying to do
1155597918 M * Johnnie I think it was in 1.9.5, at least.
1155597919 M * Bertl I think it should be part of the 2.0.2 now too, but I'd have to check
1155597926 M * Skram okay
1155598025 M * ekc2 is the reported 1.5% overhead for the lo-patch network/cpu/memory overhead?
1155598099 M * Skram Bertl: is this correct to add a 64mb soft limit on specified context?:
1155598105 M * Skram vlimit -c 17659 -S --rss 16384
1155598238 M * Skram nevermind
1155598255 M * Skram its better to just specify in /etc/vservers/NAME/rlimits/rss.soft, right?
1155598431 J * Hurga nobody@p508AA9DA.dip0.t-ipconnect.de
1155598487 M * Hurga Hiya.
1155598635 M * Bertl wb Hurga!
1155598645 Q * sladen Ping timeout: 480 seconds
1155598656 M * Bertl Skram: best is to specify in rss.soft and rss.hard
1155598706 J * sladen paul@starsky.19inch.net
1155598720 A * Hurga could need a hint or two about services binding to 127.0.0.1...
1155598777 M * Bertl daniel_hozac: http://plm.testing.osdl.org/patches/show/5217
1155598789 P * lylix 
1155598796 M * Bertl Hurga: don't do it :) i.e. have localhost point to the first assigned ip
1155598843 M * Hurga I have a setup where I have services inside a vserver binding to 127.0.0.1 port 8030 and I can access that from the root server - but netstat doesn't show it. Is that the expected behaviour?
1155598909 M * Skram Bertl: Okay
1155598914 M * Bertl a daemon inside a guest (without loopback addresses assigned to it) should not be able to bind to 127.0.0.1 at all
1155598919 M * Skram and just restart the vserver for those changes to take affect; thanks
1155598942 M * Bertl Hurga: so I assume you already added 127.0.0.1 to your guest (which you should not do if you want it to stay secure)
1155598946 M * Hurga Bertl: I thought it would be a good idea to bind services which are only used internally (e.g. a caching nameserver) to 127.0.0.1 but results are confusing so far.
1155599005 M * Bertl if you can trust the guest similar to the host, then you can assign a special ip like 127.0.0.42 to each guest, and use that, but IMHO it's not required at all
1155599028 M * Bertl services binding to 'public' ips can be restricted with either tcpwrappers or iptables
1155599044 M * Bertl the traffic itself will happen locally anyway
1155599063 M * Hurga Bertl: I wasn't aware there are security issues. I just remember some things behaving strangely if there's no 127.0.0.1...
1155599068 M * daniel_hozac Bertl: odd that alpha failed, as it worked for 2.6.17.7.
1155599088 M * Bertl well, I'm more concerned about the gcc4.1 results
1155599113 M * Bertl Aiken: could you give the rc28x a spin (compile level) on your machine?
1155599138 M * Aiken alpha, x86 or either?
1155599143 M * Bertl alpha
1155599150 M * Aiken ok
1155599160 M * daniel_hozac Bertl: missing gcc.
1155599169 M * Hurga Bertl: Why are there security concerns? Is there some text I can read about it?
1155599218 M * Bertl Hurga: it's simple, as the interfaces (especially lo here) is not isolated, with giving 127.0.0.1 to each guest, they can sniff and spoof traffic between eachother and the host
1155599245 M * daniel_hozac sniff/spoof requires CAP_NET_RAW, no?
1155599266 M * Bertl depends, you could bind ports when the other host is not there
1155599302 M * Bertl but right, the typical attacks do not work without that
1155599317 M * daniel_hozac right, you can interfere a lot.
1155599333 M * matti Hi Bertl.
1155599346 M * Bertl hey matti!
1155599358 A * Hurga hms.
1155599360 M * matti Bertl: I solve my problem.
1155599413 M * matti Heh, goodnight all!
1155599435 M * Bertl matti: ah? let's hear!
1155599469 M * matti Bertl: Broken glibc. Was not pax-aware.
1155599488 M * matti Bertl: solar from Gentoo Hardened points me in the right direction.
1155599552 M * matti Bertl: Now, kernel with full pax support and vserver works excellent. I owe (I remember ;p) harry one, for his good job with patches.
1155599566 M * matti Bertl: BTW, did use -ck or -mm?
1155599575 M * Bertl good to hear, nevertheless, let's post something on the ML ...
1155599611 M * Bertl yes, I used ck for some time, and will again start using -mm as we try to get virtualization working there
1155599613 M * matti I must subscribe then. I only read archives.
1155599628 M * matti Bertl: Good news then.
1155599636 M * matti Bertl: -mm looks very promising.
1155599639 M * Bertl can't hurt, but should work without subscription too
1155599655 M * matti Bertl: So much fixes and new innovative stuff.
1155599683 M * matti Bertl: But, almost 8 MB patch is quite problematic to modify for lvs ;p
1155599707 M * daniel_hozac Bertl: arm's warning differences appear to be different warning levels, IMO.
1155599735 M * matti Bertl: -mm + lvs + grsec would be totally outstanding ;-)
1155599756 M * doener matti: you can get a crashing kernel more easily ;)
1155599764 M * matti ;p
1155599766 M * matti Hehehe.
1155599779 M * matti doener: -mm is so unstable?
1155599795 M * doener I have no idea, was just an uneducated joke ;)
1155599831 M * matti doener++
1155599832 M * matti ;-)
1155599845 M * doener IIRC the recent -mm threads on lkml were on few but sometimes grave bugs
1155599882 A * doener is talking about the -mm announcements + the replies to those
1155599933 M * Bertl daniel_hozac: sorry for the jump, but any idea regarding that glibc version issue reported from Jum?
1155599937 M * Bertl *Jim
1155599947 M * matti doener: I see.
1155599957 M * matti doener: And what about -ck? Looks nice.
1155599984 M * Bertl ekc2: could you follow up your own thread/question and give some answers on the ML?
1155599993 M * doener Bertl: hm, util-vserver was build against glibc, maybe that causes it to use the host's glibc to run 'env'?