1155687032 M * brc_ skram! Sup bro :) 1155687552 J * mire ~mire@110-167-222-85.COOL.ADSL.VLine.Verat.NET 1155687800 J * ntrs_ ~ntrs@68-188-51-87.dhcp.stls.mo.charter.com 1155687800 Q * ntrs Read error: Connection reset by peer 1155687961 M * Skram Hey, brc_ 1155688155 J * ntrs ~ntrs@68-188-51-87.dhcp.stls.mo.charter.com 1155688420 Q * ntrs_ Ping timeout: 480 seconds 1155688438 J * Karmek ~nichts@i53870E16.versanet.de 1155688461 M * Karmek hello 1155688589 M * Karmek anybody here who might help me with a vserver problem? 1155688699 Q * meandtheshell Quit: bye bye ... 1155691093 J * s0undt3ch_ cwewvoet@bl7-243-39.dsl.telepac.pt 1155691101 Q * s0undt3ch Ping timeout: 480 seconds 1155691113 N * s0undt3ch_ s0undt3ch 1155691151 M * brc_ karmet how can i help you 1155691224 M * Karmek oh, i solved my problem :)Thanks anyway google was a good friend this time 1155693045 J * ntrs_ ~ntrs@68-188-51-87.dhcp.stls.mo.charter.com 1155693045 Q * ntrs Read error: Connection reset by peer 1155693530 Q * Karmek Quit: Da war "Nichts" :D | [14:45] muß die jungfrau gehaun werden? | dd bekomm ich die jungfrau biiiitttteee 1155698969 J * balbir ~balbir@59.144.50.138 1155699271 Q * s0undt3ch Ping timeout: 480 seconds 1155700038 J * s0undt3ch hjarqk@bl7-241-212.dsl.telepac.pt 1155708708 J * ntrs ~ntrs@68-188-51-87.dhcp.stls.mo.charter.com 1155708708 Q * ntrs_ Read error: Connection reset by peer 1155709632 Q * balbir Remote host closed the connection 1155709859 J * balbir ~balbir@59.144.50.138 1155711845 Q * Aiken Ping timeout: 480 seconds 1155712902 J * ntrs_ ~ntrs@68-188-51-87.dhcp.stls.mo.charter.com 1155712902 Q * ntrs Read error: Connection reset by peer 1155713118 J * dna ~naucki@p54BCFAD4.dip.t-dialin.net 1155713141 J * renihs ~penguin@83-65-34-34.arsenal.xdsl-line.inode.at 1155713529 J * dna_ ~naucki@p54BCFAD4.dip.t-dialin.net 1155713532 J * ybanafa ~ybanafa@82.114.176.164 1155713585 J * yarihm ~yarihm@whitehead2.nine.ch 1155713707 Q * renihs Remote host closed the connection 1155713879 Q * dna Read error: Operation timed out 1155714547 Q * dna_ Read error: Operation timed out 1155714622 J * dna ~naucki@p54BCFAD4.dip.t-dialin.net 1155714858 J * dna_ ~naucki@p54BCF7A6.dip.t-dialin.net 1155715106 J * s0undt3ch_ frunxzaq@bl7-248-173.dsl.telepac.pt 1155715149 Q * dna Ping timeout: 480 seconds 1155715215 Q * s0undt3ch Ping timeout: 480 seconds 1155715222 N * s0undt3ch_ s0undt3ch 1155715320 Q * ybanafa Ping timeout: 480 seconds 1155715447 J * pisc1 ~pampel@p5087C0B8.dip0.t-ipconnect.de 1155715483 J * dna ~naucki@p54BCF7A6.dip.t-dialin.net 1155715491 J * phreak``_ ~phreak``@styx.xnull.de 1155715635 P * phreak``_ 1155715777 Q * dna_ Read error: Operation timed out 1155715982 M * meebey ok time to add OpenVPN to ProblematicPrograms 1155716122 J * dna_ ~naucki@p54BCF7A6.dip.t-dialin.net 1155716474 Q * dna Read error: Operation timed out 1155716848 J * dna ~naucki@p54BCF7A6.dip.t-dialin.net 1155717111 Q * dna_ Read error: Operation timed out 1155717492 J * dna_ ~naucki@p54BCF7A6.dip.t-dialin.net 1155717840 J * dna___ ~naucki@p54BCF7A6.dip.t-dialin.net 1155717850 Q * dna Read error: Operation timed out 1155718199 Q * dna_ Ping timeout: 480 seconds 1155719828 Q * coocoon Quit: KVIrc 3.2.0 'Realia' 1155720430 Q * shedi Quit: Leaving 1155720764 J * coocoon ~coocoon@p54A07E21.dip.t-dialin.net 1155721062 Q * rob-84x^ Remote host closed the connection 1155721664 Q * schimmi Ping timeout: 480 seconds 1155722247 J * shedi ~siggi@dsl-og-108-50.du.vortex.is 1155722784 N * dna___ dna 1155723395 J * meandtheshell ~markus@85-125-231-85.dynamic.xdsl-line.inode.at 1155723706 J * schimmi ~sts@host82.natpool.mwn.de 1155723775 Q * yarihm Quit: Leaving 1155724509 Q * s0undt3ch Ping timeout: 480 seconds 1155726799 J * Snow-Man ~sfrost@kenobi.snowman.net 1155726810 Q * Hollow Quit: Konversation terminated! 1155726979 J * Hollow ~hollow@2001:a60:f026::1 1155727090 M * derjohn Hollow, ping 1155727098 M * Hollow derjohn: pong 1155727352 M * derjohn Hollow, if we have URLs like "linux-vserver.org/Linux-VServer-Paper" .. will such an URL be the same after the new wiki is up? 1155727372 M * derjohn Hollow, as you might know I worte an article for t3n about linux-vserver 1155727383 M * derjohn Hollow, and annotated that link ... 1155727450 M * derjohn up == "in real production". BTW: WIll the wiki URL be www.linux-vserver.org? Or will there be a splash page? 1155727525 M * Hollow derjohn: until the old wiki is completely gone, there will be a redirection map: content that has been migrated will redirect to wiki.* other pages to oldwiki.* respectively.. 1155727622 M * derjohn Hollow, so the URL ist not lost, at least for the next couple of month? 1155727638 M * Hollow which url? linux-vserver.org? 1155727650 M * derjohn Hollow, and: If i merge the FAQ, should I simply start to do so on wiki.linux-vserver.org =? 1155727666 M * Hollow yep, just create an account a go :) 1155727669 M * derjohn in in the article i mention "linux-vserver.org/Linux-VServer-Paper" 1155727697 M * derjohn it would be bad foo, if the url doesnt work after the magazine comes out 1155727759 M * Hollow well, the redirection will be in place for quite a long time i guess, because of google and friends so we don't invalidate old links... 1155727770 M * Hollow but it would be better to use new links in the new wiki 1155727813 M * Hollow and create the pages later on 1155727819 M * derjohn Hollow, but the mag goes in print within next 5 days ... which URL should I use? 1155727852 M * Hollow mag? 1155727863 M * derjohn öh ... ? I'll check if Bertl_zZ has a version on 13th Floor 1155727899 M * derjohn Hollow, as you might know I worte an article for t3n about linux-vserver (this a typo3 magazine in print form) 1155727949 M * Hollow ah, sorry.. didn't read that ;) 1155727955 M * Hollow well, use old links probably 1155727963 M * Hollow the redirection will do the rest anyway 1155727975 M * derjohn ok, i'll do so. 1155728138 M * derjohn Hollow, i just see, that the paper is already "ported": http://wiki.linux-vserver.org/Paper 1155728154 M * derjohn do you think that URL will change? 1155728218 M * derjohn Hollow, or even the permalink: http://wiki.linux-vserver.org/index.php?title=Paper&oldid=1473 ? 1155728290 M * Hollow no, old urls is better 1155728352 M * derjohn ok, thx. Now I have an account, the FAQ stuff will be my work. (yes, you found a volunteer ;)) 1155728601 J * Karmek ~nichts@i53871DD4.versanet.de 1155728607 M * Karmek hello 1155728721 M * Karmek Is anybody familiar with iptables and nat? I could need some help 1155728918 M * Hollow daniel_hozac: around? 1155728934 M * Hollow derjohn: great :) 1155728954 M * derjohn Karmek, whats the problem? 1155728961 J * lilalinux ~plasma@dslb-084-058-200-169.pools.arcor-ip.net 1155729000 M * Karmek I've set up 2 Vservers with 2 IPs on my Host System. So i have 1 IP for 1 Vserver and 1 IP for the second Vserver+Host System 1155729028 M * derjohn Karmek, public IP? or rfc1918 (i.e. 192er...) 1155729042 M * Karmek 2 public IPs 1155729073 M * Karmek so i need to share one ip with the host and the second vserver 1155729087 M * derjohn to share on ip with with hosT and guest A, simply "touch /etc/vserver/guestA/interface/0/nodev" 1155729110 M * derjohn then with "vserver start/stop guestA" the IP of the host wont be taken down 1155729137 M * derjohn make sure that on the host there run NO daemons with bind ports on that ip. 1155729150 M * Karmek but there is at least ssh 1155729154 M * derjohn Karmek, check out http://linux-vserver.org/some_hints_from_john , search for "ssh" 1155729155 J * yarihm ~yarihm@vpn-global-dhcp1-191.ethz.ch 1155729191 M * derjohn Karmek, well, I would put the host's ssh on port 22222 1155729194 M * Karmek in order to do that i created dummy0 as network device with 192.168.0.1 as IP adress and gave 192.168.0.2 to my second Vserver. Now i have problems in setting up the route correct :/ 1155729356 M * Karmek there is No file nodev 1155729419 J * mef ~mef@c-68-39-177-97.hsd1.nj.comcast.net 1155729455 P * mef 1155729714 M * Skram Hello All 1155729929 M * Karmek derjohn? 1155729993 M * Karmek My problem is not like the one you described in your FAQ. Its more like Q: If my host has only one a single public IP, can I use RFC1918 IP (e.g. 192.168.foo.bar) for the guest vservers? 1155730060 M * derjohn Karmek, sorry was in the BG :) 1155730088 M * derjohn Karmek, yes you can use a rfc1918. You need a NAT rule on the host (!) 1155730092 M * Karmek i allready did the masquerading part. But when i do: iptables -t nat -A PREROUTING -s ! 192.168.0.0/24 -m tcp -p tcp --dport 80 -j DNAT --to-destination 192.168.0.3:80 it maps every request on the host to my second Vserver 1155730113 M * derjohn -m and -p tcp ? 1155730114 M * Karmek so i can not reach my first Vserver with an own IP on port 80 any longer 1155730121 M * Karmek sorry? 1155730130 M * derjohn ... 192.168.0.0/24 -m tcp -p tcp --dport ---- 1155730162 M * derjohn Karmek, would you mind to define host=IP... guestA=Ip und guestB=ip ? 1155730179 M * derjohn (so that I understand what you want to accompish) 1155730197 M * Karmek oh of course sorry 1155730314 M * Karmek Lets say HostIP is $publicIP1 - Vserver1 IP is $publicIP2 - Vserver2 IP is 192.168.0.2 and additionally my Host has a dummy0 Interface with 192.168.0.1 1155730319 M * derjohn Karmek, the rule you posted about will DNAT _every_ request on the host to the 192xx IP. keep in mind that all guest IPs are kown to the host (type "ip addr show" on the host... the rule grabs all port 80 requests) 1155730355 M * Karmek yes, thats my problem =) 1155730383 M * derjohn ah, good. you do now want to HostIP is $publicIP1 AND Vserver2 IP is $publicIP1 ? 1155730406 M * derjohn that would be no problem and saves to lots of hassles with NAT.... 1155730434 M * Karmek Yes 1155730454 M * derjohn Yes means: you want NAT (for security of whatever ....) 1155730473 M * Karmek i would prefer net, if it is possible 1155730481 M * Karmek nat, sorry 1155730552 M * derjohn :) ok ... iptables --help tells me: "--destination -d [!] address[/mask]". So you could match $publicIP1 there and only that for this IP on port80. 1155730568 M * derjohn add: "-d $publicIP1/32" 1155730595 M * derjohn i assume that works in prerouting, too. 1155730615 M * derjohn dotn forget to delete the old rule you made. 1155730635 M * derjohn or maybe "ipatbles --flush" to remove all goof you maybe did. 1155730641 M * Karmek would you mind telling me the whole string? I am new to iptables and not sure how to do that 1155730651 M * Karmek I did a iptables -t nat -F 1155730656 M * derjohn OK. 1155730671 M * Karmek and added the masquerading you explained in your FAQ 1155730677 M * derjohn a differnt hint: There is a nice iptables warpper out called "firehol". 1155730708 M * derjohn iptables -t nat -A PREROUTING -d %%mypublic.ip/32%% -s ! 192.168.0.0/24 -m tcp -p tcp --dport 80 -j DNAT --to-destination 192.168.0.3:80 1155730716 M * Karmek i'll have a look for that tool later, Thanks =) 1155730718 M * derjohn i would try that 1155730773 M * derjohn Karmek, firehol has a mode "/sbin/firehol try" which activates you ruleset and sets it back to the old state, if you by accident firewalled your ssh away ;) 1155730790 M * derjohn (at leat thats fine if your machine is at some ISP ....) 1155730903 M * Karmek whow, it seems to work 1155730931 M * derjohn HF! 1155730958 M * Karmek great, Thanks so much 1155732451 N * Bertl_zZ Bertl 1155732467 M * Bertl morning folks! 1155732581 M * Hollow morning Bertl! i have problem after upgrading to rc28.n from rc25 1155732606 M * Hollow i get EACCESS in switch in state 6 1155732624 M * Hollow after a simple ctx_create with persistent and then trying to set flags/caps etc 1155732661 M * Bertl probably you 'forgot' to add the ADMIN flag on the create :) 1155732700 M * Hollow i tried that.. didn't work.. and the other strange thing is that guests start fine with util-vserver and i can set caps with my utils afterwards 1155732727 M * Bertl okay, maybe it's a bug somewhere ... let's see 1155732733 M * Hollow and util-vserver guests don't have STATE_ADMIN either 1155732752 M * Bertl well, that would point into the same direction, no? 1155732771 M * Bertl is daniel_hozac around? 1155732777 M * Hollow i pinged him before 1155732780 M * Hollow no answer yet 1155732785 M * Bertl ok, np 1155732878 N * Belu_zZz Belu 1155733004 M * Hollow Bertl: this is how i reproduce it: http://paste.linux-vserver.org/245 1155733525 M * Bertl I presume, for the last vx --set-flags command (first example), you hold CAP_CONTEXT and xid=0 1155733540 Q * Karmek Read error: Connection reset by peer 1155733561 M * Bertl could you provide the debug output for that call too` 1155733565 M * Bertl s/`/? 1155733567 M * Hollow strace? 1155733603 M * Bertl nah, Linux-VServer debug message 1155733606 M * Hollow ok, sec 1155733618 M * Bertl debug_switch=255 1155733705 M * Hollow Bertl: http://paste.linux-vserver.org/246 1155733794 M * Bertl sidequestion: interesting, why does the first one lack STATE_INIT? 1155733823 M * Hollow i'd rather wonder why the second one has state_init.. it was never set.. 1155733974 J * brc bruce@i.am.someasshole.com 1155734017 M * Hollow Bertl: i found it... wrong define of state_admin... but i still wonder why it works on util-vserver guests.. 1155734022 M * brc anyone eever experiencied a context crash ? 1155734025 M * Hollow will test if the fix changes sth 1155734029 M * brc which does not stop, does not enter,e tc 1155734151 M * Bertl brc: hmm? please elaborate 1155734161 M * Hollow Bertl: yes.. this fixes it if state_admin is enabled.. still the question why i can change util-vserver guests which do not have state_admin 1155734178 M * brc Bertl: vps -aux does not return, it keeps running forever 1155734185 M * brc i mean, it it does not give any output 1155734200 M * brc vserver NAME stop does not work . it just stands there forever and does not output anything 1155734220 M * Bertl looks more like a locking issue 1155734222 M * brc nothing on dmesg 1155734226 M * brc that would indicate any issue 1155734227 M * Bertl what kernel version do you use? 1155734244 M * brc 2.6.17.8-vs2.0.2-rc28 1155734258 J * FCOJ ~mordur@dsl-og-108-50.du.vortex.is 1155734260 M * Bertl hmm, even more interesting 1155734267 M * Bertl welcome FCOJ! 1155734297 M * Bertl brc: could you upload the output of 'chcontext --xid 1 -- ls /proc' somewhere? 1155734308 M * Bertl (ah, make that paste.linux-vserver.org :) 1155734380 M * brc http://paste.linux-vserver.org/247 1155734392 M * brc it is weird cause i tried to kill some processes (vps -aux gave right output just once) 1155734399 M * brc and those proceesses do not get killed 1155734408 M * brc and i just found out there are some xid 1 processes that do not get killed either 1155734411 M * brc i send a kill -9 but they keep alive 1155734449 M * brc stat of the xid 1 process that does not get killed is Ds 1155734469 M * Bertl so it is waiting for some device I/O then? 1155734479 M * Bertl sounds like your machine might be trashing? 1155734494 M * brc no the speed is ok 1155734494 M * brc not trashing 1155734497 M * brc everything is fine 1155734513 M * Bertl when you start a new process on the host, like this: 1155734516 M * brc well load aveage is kinda high 1155734541 M * Bertl bash -c 'echo $$' 1155734544 M * brc some vserver is probrabluy running lot of processes and is limited by cpu sched 1155734571 M * Bertl does the process (pid) reported by that command still exist afterwards? 1155734583 M * Hollow Bertl: uh.. i'm dumb.. after fixing the dfine, also util-vserver guests show state_admin 1155734600 M * brc no. it started and finished 1155734604 M * brc check ps and the pid does not exist 1155734627 M * Bertl Hollow: ah, okay ... you might want to sync the includes with 2.1.1-rc28 (vserver dir) 1155734673 M * brc Any idea? Whats hould i do to uncrash ? 1155734676 M * Hollow yes, that's where the error came from.. i copied it wrong ;) 1155734721 M * Bertl Hollow: it might be advisable to actually _use_ those includes instead of transcribing them, to reduce the possible sources of error 1155734746 M * Bertl brc: and you have a guest you definitely want to shutdown, right now, yes? 1155734789 M * brc yes because iti s crashed 1155734791 M * brc i need to restart it 1155734796 M * brc i mean nothing works on it 1155734819 M * Hollow Bertl: is there some special handling that STATE_ADMIN gets assigned by default? because util-vserver doesn't know about it..? 1155734828 M * Bertl brc: okay, try 'vkill --xid -s 9 -- -1 1155734837 M * Bertl brc: then the same with 0 at the end 1155734881 M * Bertl Hollow: no, just util-vserver uses the create command without flag passing, so the defaults from the include files kick in (which were updated too :) 1155734889 M * brc i think that it doid not work 1155734895 M * brc vserver-star report 53 processes for that server 1155734914 M * Hollow Bertl: ah, VXF_INIT_SET? 1155734921 M * Bertl yep, precisely 1155734950 M * Hollow so, once state_admin is removed it cannot be added back, right? 1155734980 M * Bertl that's the idea behind it 1155735004 M * Hollow how do i kill it then, if the reboot helper is called? 1155735008 M * brc Hmm it seems the hd is not working 1155735017 M * brc i tryed to ls the other partition without an answer 1155735019 M * Bertl brc: ah! here we go 1155735025 J * pflanze ~chris@unk-110.ethz.ch 1155735028 M * brc any way to kill all the vservers there ? iam going to try to remount it 1155735030 M * pflanze Hello 1155735034 M * Bertl brc: that will keep most processes in D state 1155735049 M * Bertl brc: no chance to change that, you have to wait until timeout/hardware comes back 1155735054 M * Bertl welcome pflanze! 1155735056 M * brc i have two parittions i think that all the ones in this one are crashed 1155735061 M * brc any way to kill all thems o i can try to remount ? 1155735064 M * Bertl Hollow: kill has a special casing 1155735083 M * Bertl Hollow: i.e. without init process, you can send vkill, with init you can only send TERM to that init 1155735118 M * Bertl (so all in all, you should be able to terminate them properly :) 1155735125 M * Hollow ah, ok.. i start to understand all those new changes.. ;) 1155735150 M * Bertl yes, it was kind of tricky to get the logic right (and I'm still not sure it is perfect :) 1155735185 M * Bertl brc: no chance, they are 'stuck' in a kernel action acessing that hardware 1155735196 M * Hollow well, now that i got it, it seems to make sense.. together with the privacy thing it will pretty much lock down the host 1155735202 M * Bertl brc: singlas will be queued until the hardware is back 1155735231 Q * weasel Quit: irssi messed up 1155735234 Q * alphaweasel Quit: leaving 1155735244 J * weasel weasel@asteria.debian.or.at 1155735248 M * Hollow though i'm not sure yet how the privacy thing affect things.. can i still switch to xid 1 and see all procs, etc? 1155735258 M * pflanze I'm trying to move a directory bar, on which a filesystem has been mounted (from host context, before vservers are started). So I'm trying to umount that filesystem. I did vnamespace --enter umount /vservers/foo/bar for all running vservers. I still cannot move the directory (Device or resource busy). 1155735278 M * pflanze I'm doing vnamespace --enter 1006 cat /proc/mounts and I see /bar there. 1155735301 M * pflanze I try vnamespace --enter 1006 umount /bar but that gives me No such file or directory 1155735324 M * Bertl Hollow: for now, yes 1155735336 M * Hollow what does it limit then? 1155735340 M * pflanze I'm trying chcontext --ctx 1006 umount /bar and it says not found. 1155735386 M * pflanze I've written a small C program which calls chroot(2) and umount(2), and it says the same thing, file not found 1155735388 M * Bertl pflanze: probably mount tries to be too smart 1155735412 M * Bertl pflanze: first try to 'fake' an mtab entry for the data found in /proc/mounts 1155735424 M * Bertl then try to use 'umount -f' on that 1155735454 M * pflanze and what do I need? chcontext or vnamespace or both? 1155735468 M * Bertl Hollow: well, for example access to pts or devices 'owned' by a guest, as well as strace and process memory 1155735482 M * Bertl pflanze: vnamespace is the relevant one 1155735595 J * rob-84x^ rob@submarine.ath.cx 1155735610 M * Bertl welcome rob-84x^! 1155735615 M * rob-84x^ hi 1155735769 M * pflanze Still no joy. 1155735798 M * pflanze LANG=C vnamespace --enter 1006 umount -f /vservers/scrat/gentoo/debian/tmp 1155735798 M * pflanze umount2: No such file or directory 1155735798 M * pflanze umount: /vservers/scrat/gentoo/debian/tmp: not found 1155735804 M * pflanze LANG=C vnamespace --enter 1006 umount -f /debian/tmp 1155735805 M * pflanze umount2: No such file or directory 1155735805 M * pflanze umount: none: not found 1155735811 M * pflanze (and the last 2 lines repeated once) 1155735813 M * Bertl it remains visible in the vnamespace's /proc/mounts ? 1155735817 M * pflanze yes 1155735828 M * pflanze # vnamespace --enter 1006 cat /proc/mounts|grep debian 1155735828 M * pflanze /dev/mirrorvg/mirrorroot /debian reiserfs rw,noatime 0 0 1155735828 M * pflanze none /debian/tmp tmpfs rw 0 0 1155735828 M * pflanze none /debian/dev/pts devpts rw 0 0 1155735828 M * pflanze none /debian/proc proc rw,nodiratime 0 0 1155735843 M * pflanze I'm trying to umount /debian/tmp first. 1155735861 M * pflanze (I want to move the debian directory.) 1155735862 M * Bertl and /vservers/scrat/gentoo/debian/tmp == /debian/tmp ? 1155735878 M * pflanze I'd say so. No idea how the kernel got this path. 1155735881 M * Bertl actually you want to specify the pathes /proc/mounts lists 1155735889 M * pflanze I've tried both 1155735906 M * Bertl but I wonder about the 'scrat' and 'gentoo' 1155735932 M * pflanze /vserver/scrat contains two vservers, /vserver/scrat/debian and /vserver/scrat/gentoo. 1155735976 M * Hollow Bertl: i think we need a fix if the context is persistent but no processes live inside and no state_admin is set... there no way to get rid of these contexts.. 1155735982 M * pflanze They can see each other's directory when running (the user owning those vservers can switch between them by using some infrastructure from me). 1155736026 M * pflanze For this I mount --bind /vserver/scrat/debian /vserver/scrat/gentoo/debian and mount --bind /vserver/scrat/gentoo /vserver/scrat/debian/gentoo 1155736036 M * pflanze and mount tmpfs and proc and pts on both. 1155736046 M * Bertl Hollow: indeed, good point ... 1155736076 M * Bertl Hollow: what about adding back STATE_ADMIN for those? 1155736093 M * Hollow sounds good 1155736103 A * pflanze will try shutting down scrat's running gentoo instance 1155736114 M * Bertl Hollow: or any 'more' secure idea? 1155736126 M * Hollow another idea would be to remove persistent on ctx_kill 1155736185 M * Bertl okay, for what purpose do you 'use' the persitent except for guest startup? 1155736200 M * Hollow nothing yet 1155736228 M * Hollow i also can't think of any other reason atm 1155736238 M * Bertl okay, so I see three options we have here: 1155736259 M * Bertl - add back admin when the last process goes away 1155736288 M * Bertl - remove persistent when you do 'the' vkill 1155736291 M * pflanze BTW the strange/interesting thing is that at first, vnamespace --enter 1006 cat /proc/mounts did show /vservers/scrat/debian/tmp, which I *could* sucessfully umount. After that, the /debian/tmp entry appeared (which wasn't there before, if I'm correct). 1155736313 M * Bertl - allow to unset/dissolve the context even with admin set 1155736323 M * Bertl (unset = unset persistent) 1155736339 M * Hollow s/with/without/? 1155736353 M * Bertl yep 1155736377 M * Bertl pflanze: interesting 1155736386 M * Hollow well, i think the last one adds ugy special casing to flags_set 1155736424 M * Hollow the second one is probably the most logical one, whereas the first one sounds like nice automagic ;) 1155736499 M * Bertl okay, will think about it ... (let's also hear what daniel_hozac thinks about it) 1155736511 M * Hollow yup 1155736530 M * Bertl unfortunately I have to leave now (while shops are still open), but I'll be back later 1155736545 M * Bertl have fun! and cya! 1155736552 N * Bertl Bertl_oO 1155736778 M * brc_ bertl 1155736786 M * brc_ going to reboot the box, do you think that it might crash? It is the slave hdd with problems 1155737086 Q * FireEgl Ping timeout: 480 seconds 1155737510 Q * brc Read error: Connection reset by peer 1155738181 J * FireEgl ~FireEgl@2001:5c0:84dc:1:4:: 1155738357 Q * derjohn Remote host closed the connection 1155738357 Q * FireEgl Quit: Bye... 1155738761 J * derjohn ~derjohn@80.69.37.19 1155739052 J * mef ~mef@targe.CS.Princeton.EDU 1155739058 P * mef 1155739478 J * pisco ~pampel@p5087C0B8.dip0.t-ipconnect.de 1155739558 J * FireEgl ~FireEgl@Sebastian.Atlantica.US 1155739580 Q * FireEgl 1155739782 Q * brc_ Ping timeout: 480 seconds 1155740041 J * FireEgl FireEgl@Sebastian.Atlantica.US 1155740563 J * mef ~mef@targe.CS.Princeton.EDU 1155740579 M * mef daniel_hozac: hi 1155740621 J * dna_ ~naucki@p54BCF7A6.dip.t-dialin.net 1155740629 J * brc_ bruce@201.19.180.97 1155740653 Q * coocoon Quit: KVIrc 3.2.0 'Realia' 1155740722 Q * rob-84x^ helium.oftc.net nova.oftc.net 1155740722 Q * dna helium.oftc.net nova.oftc.net 1155740722 Q * Adrinael helium.oftc.net nova.oftc.net 1155740722 Q * sladen helium.oftc.net nova.oftc.net 1155740722 Q * michal_ helium.oftc.net nova.oftc.net 1155740722 Q * insomniac helium.oftc.net nova.oftc.net 1155740869 J * sladen paul@starsky.19inch.net 1155740880 J * Adrinael adrinael@hoasb-ff09dd00-79.dhcp.inet.fi 1155741064 J * coocoon ~coocoon@p54A07E21.dip.t-dialin.net 1155741086 J * michal_ ~michal@www.rsbac.org 1155741173 J * insomniac ~insomniac@slackware.it 1155741405 J * rgl Rui@217.129.151.190 1155741409 M * rgl hello 1155742207 Q * Wonka Ping timeout: 480 seconds 1155742298 J * debugger_ Rui@217.129.151.190 1155742488 Q * michal_ Quit: REBOOT 1155742541 P * mef 1155742632 J * stefani ~stefani@tsipoor.banerian.org 1155742749 Q * rgl Ping timeout: 480 seconds 1155742823 J * Viper0482 ~Viper0482@p54977E41.dip.t-dialin.net 1155742907 M * weeble ping? 1155742990 M * FaUl pong 1155743020 M * weeble I just rebooted the firewall, and it didn't drop my IRC connection. 1155743028 M * weeble Which is handy. 1155743054 M * cehteh static ip ... 1155743262 Q * Johnnie Remote host closed the connection 1155743791 J * gypsymauro ~Io@84.18.151.77 1155743794 M * gypsymauro hello 1155743942 J * Johnnie ~john@dynamic-acs-24-154-53-237.zoominternet.net 1155744378 M * gypsymauro there is a way to tell vserver build to don't create symbolic links ? I want to have every vserver things under a folder (to make easier my backup) 1155744434 Q * FireEgl Remote host closed the connection 1155744674 M * cehteh which symbolic links .. the config ones? 1155744880 J * bonbons ~bonbons@83.222.36.236 1155744892 M * gypsymauro cehteh: the /var/run one 1155745034 J * FireEgl FireEgl@Sebastian.Atlantica.US 1155745053 M * cehteh you dont need to backup /var/run 1155745093 M * cehteh actually you rather should not .. that volatile data 1155745496 Q * gypsymauro Quit: leaving 1155746146 Q * schimmi Ping timeout: 480 seconds 1155747252 M * daniel_hozac hi 1155747596 Q * FireEgl Ping timeout: 480 seconds 1155747717 J * rob-84x^ rob@submarine.ath.cx 1155747721 J * Karmek ~nichts@i53871DD4.versanet.de 1155747729 M * Karmek Hi 1155747894 Q * phreak`` Quit: leaving 1155747945 J * phreak`` ~phreak``@140.211.166.183 1155748492 Q * balbir Ping timeout: 480 seconds 1155749500 J * rgl Rui@217.129.151.190 1155749554 J * schimmi ~sts@port-212-202-73-176.dynamic.qsc.de 1155749958 Q * debugger_ Ping timeout: 480 seconds 1155750130 J * s0undt3ch gbmmpmm@bl8-7-116.dsl.telepac.pt 1155750302 Q * Viper0482 Remote host closed the connection 1155750314 A * Belu is away (i´ll be back later...) 1155750314 N * Belu Belu_zZz 1155750522 J * Viper0482 ~Viper0482@p54977E41.dip.t-dialin.net 1155750602 Q * cehteh Quit: Terminated with extreme prejudice - dircproxy 1.0.5 1155751334 P * pisco 1155752579 Q * shedi Quit: Leaving 1155752654 Q * FCOJ Quit: Leaving 1155753798 N * Bertl_oO Bertl 1155753801 M * Bertl evening folks! 1155753889 M * daniel_hozac evening! 1155753974 M * Bertl hey daniel_hozac! could you point me to the latest patches for COW and the fixes for Aiken's fh losses? 1155754045 M * daniel_hozac http://daniel.hozac.com/vserver/delta-cow-feat04.diff 1155754210 J * shedi ~siggi@inferno.lhi.is 1155754219 M * rgl hello 1155754237 M * rgl when will we have vserver on some SCM server? :) 1155754249 M * daniel_hozac http://daniel.hozac.com/vserver/delta-cow-fix05.diff 1155754263 M * mnemoc git is planned afaik 1155754270 M * daniel_hozac http://daniel.hozac.com/vserver/delta-file-acc-fix01.diff 1155754284 Q * s0undt3ch Ping timeout: 480 seconds 1155754302 M * rgl with git, daniel_hozac would just publish a url or send an email :) 1155754314 M * daniel_hozac hmm? 1155754331 M * mnemoc git is the most ugly think ever programmed :( 1155754335 M * mnemoc (imho) 1155754340 M * daniel_hozac how is it different from what i just did? 1155754367 M * rgl daniel_hozac, you are pasting some url here, but that could be handled automatically by git/other_scm :) 1155754389 M * daniel_hozac git pastes URLs in IRC for you? :) 1155754395 M * mnemoc :D 1155754407 M * rgl ok ok, you just need one :) 1155754427 M * rgl mnemoc, I don't even use git *G* 1155754433 M * daniel_hozac i could've done one now too. 1155754478 M * rgl I just wanted some automated way to see the progress made in vserver :) 1155754490 M * daniel_hozac changelogs not good enough? deltas? 1155754501 M * rgl they are :) 1155754523 M * rgl but as of now, I have to grab them by hand :D 1155754543 M * mnemoc vserver is the only project in earth which works that perfectly managing the changes by hand that it really doesn't need a tool for that (imo) 1155754568 M * rgl oh ok then :) 1155754572 M * rgl my bad :D 1155754583 M * mnemoc just for helping mr. B to update from one linux version to another :p 1155754618 M * rgl *G* 1155754752 J * s0undt3ch sanuchfe@bl8-6-211.dsl.telepac.pt 1155754764 M * Hollow Bertl: for vs_state_change the helpers exit code is lost currently... maybe you can take a look at http://home.xnull.de/misc/delta-state-change-fix01.patch 1155754907 M * daniel_hozac Hollow: just on startup? isn't it used elsewhere? 1155755005 M * daniel_hozac or is it only during startup where we want it to make the function fail? 1155755027 M * Hollow i think so 1155755068 M * Hollow who would get the return code on context death anyway? 1155755797 M * rgl the process that create it? (like exec(2)) 1155755818 Q * Viper0482 Remote host closed the connection 1155755841 M * rgl argh... like clone :D 1155755848 M * rgl no fork *G* 1155755886 Q * yarihm Ping timeout: 480 seconds 1155756225 Q * lilalinux Remote host closed the connection 1155756449 Q * bonbons Quit: Leaving 1155756700 J * debugger_ Rui@217.129.151.190 1155756849 J * bonbons ~bonbons@83.222.36.236 1155756896 J * cehteh ~ct@cehteh.homeunix.org 1155756989 M * Bertl hmm, having some issues with my xdmx setup, did anybody test this beast yet? 1155757009 M * Bertl does anybody know where I could finx an xorg related channel? 1155757078 M * coocoon Bertl: on freenode xorg and xorg-devel 1155757126 M * Bertl k, tx 1155757169 Q * rgl Ping timeout: 480 seconds 1155757335 J * transacid ~transacid@e176013251.adsl.alicedsl.de 1155757352 M * brc_ Sup bertl 1155758942 Q * bonbons Quit: Leaving 1155759159 M * brc_ the machien was rebooted and got back to work. really weird. do you think that might be a hardware fault ? 1155759286 J * bonbons ~bonbons@83.222.36.236 1155760318 Q * dna_ Quit: Verlassend 1155760391 Q * mire Quit: Leaving 1155760615 M * Hollow uhm.. 1155760629 M * Hollow Bertl: i have a process running in xid = 3, but /proc/virtual does not show it :o 1155760655 M * Hollow it somehow happend while playing with VXF_SC_HELPER 1155760661 M * Bertl hmm, and it is still running? 1155760680 M * Hollow well, it is in D state 1155760692 M * Bertl so it might be already dead 1155760695 M * Hollow but vps shows it running in xid = 3 1155760712 M * Hollow s/running/dead/ 1155760712 M * Hollow ;) 1155760748 M * Bertl yeah, thing is, the context is disposed as soon as the last process exits, but the structures are kept around for longer 1155760778 M * Bertl it _might_ just be that the process is already dead (as far as it concerns the /proc entries/context) 1155760798 M * Bertl but it still has the xid tagging 1155760807 A * Hollow nods 1155760813 M * Bertl I just wonder how vps actually gets the info 1155760847 M * Hollow "our" vps uses vx_get_task_xid iirc 1155760938 Q * bonbons Quit: Leaving 1155761145 M * Hollow Bertl: did you see my vshelper return code patch? i think it may be caused by this.. because the helper failed, but vx_create thought everything is ok, since the exit code is lost.. 1155761251 J * ntrs__ ~ntrs@68-188-51-87.dhcp.stls.mo.charter.com 1155761251 Q * ntrs_ Read error: Connection reset by peer 1155761487 M * Bertl Hollow: hmm, failed as in? 1155761503 M * Hollow exit(EXIT_FAILURE); 1155761566 M * Bertl and why should that keep a process in D state inside the context? 1155761649 M * Hollow *shrug* 1155761744 M * Bertl I don't think that it _is_ a good idea to return the code passed from the helper as return code of the syscall 1155761805 M * Hollow but how do i know if the helper failed when calling ctx_create? 1155761812 M * Bertl I agree that we might want to pass the results abck somehow 1155761848 M * Bertl but I already see syscalls returning 256 or similar :) 1155761857 M * Hollow yay, it works... vshelper starts guests via vs_state_change :D 1155761911 M * daniel_hozac cool. 1155761924 M * Hollow this makes things way less ugly 1155762002 M * Bertl but doesn't that also mean that you actually would not need the 'external' setup at all :) 1155762029 M * Hollow you mean persistent? 1155762058 M * Bertl well, both, config from 'outside' the context and contexts without tasks 1155762075 M * Bertl it would suffice to put the helper in a 'special' config mode 1155762078 M * Hollow well, for nx there is no task in it until vx_create finishes 1155762108 M * Hollow but for vx, persistent can be skipped probably 1155762169 J * ntrs_ ~ntrs@68-188-51-87.dhcp.stls.mo.charter.com 1155762177 Q * cehteh Ping timeout: 480 seconds 1155762186 Q * ntrs__ Read error: Connection reset by peer 1155762568 M * Hollow Bertl: that special config mode would probably be VXF_STATE_ADMIN which is stripped after init has started, no? 1155762743 M * Hollow i still think we can keep persistent for both nx and vx.. but we need a way to strip persistent like discussed before... 1155762753 M * daniel_hozac Bertl: btw, did we fix the information leak in /proc/net yet? 1155763109 J * Aiken ~james@tooax7-112.dialup.optusnet.com.au 1155763188 M * Bertl daniel_hozac: hmm? 1155763211 M * daniel_hozac IIRC there were some files where interfaces weren't hidden. 1155763237 M * Bertl ah, hmm, in proc, good point, we should double check that 1155763272 M * daniel_hozac /proc/net/igmp for instance. 1155763491 J * mazsola ~mazsola@ip-c1ca557e.dir.hu 1155763641 M * daniel_hozac /proc/net/dev_mcast too. 1155763765 M * Bertl welcome mazsola! 1155763813 J * cehteh ~ct@cehteh.homeunix.org 1155763903 J * rgl ~Rui@217.129.151.190 1155764354 Q * debugger_ Ping timeout: 480 seconds 1155764738 J * Hurga nobody@p508A984E.dip0.t-ipconnect.de 1155764755 M * Hurga Hiya. 1155765144 M * Hurga I habe a little problem to identify which application opens ports inside my vserver... none of the trick with fuser, lsof or netstat works. 1155765154 M * Hollow Bertl: oops, another context which has no entry in /proc/virtual... but this time not in D state 1155765187 M * daniel_hozac Hurga: are you sure the guest is the one opening them? try the host. 1155765207 M * Bertl Hollow: okay, can you double check the number of contexts with the entries in proc? 1155765246 M * Hollow well, i have a lot of zombie contexts atm (those with persistent, but without state_admin ;) 1155765251 M * Hurga daniel_hozac: I'm sure, yes. The vserver is ancient, which might be part of the problem. 1155765402 M * Hollow Bertl: according to the helper logs the context dies immediately after it was created... vshelper startup and shutdown get called in the same second.. but vps shows init [3] running in S state 1155765444 Q * mazsola Ping timeout: 480 seconds 1155765462 M * daniel_hozac Hollow: real init or blendthrough? 1155765470 M * Hollow real init 1155765497 M * daniel_hozac can't you kill it? 1155765530 Q * Nam Ping timeout: 480 seconds 1155765536 M * Hollow daniel_hozac: no, not even from xid=1 1155765541 M * Hollow using kill -9 1155765547 M * daniel_hozac vkill? 1155765561 M * Hollow ESRCH ;) 1155765570 M * Hollow xid = 4 is already gone 1155765651 M * Hollow i never had this before playing with SC_HELPER 1155765714 M * daniel_hozac does the lack of STATE_ADMIN remove it from /proc/virtual too? 1155765884 M * Hollow need to check.. but withtout state_admin the whole creation process will probably fail 1155765920 M * Hollow vcd sets up from outside and eventually strips state_admin 1155765975 M * Bertl ah, I remember a comment regarding hashed/unhashed contexts 1155765990 M * Bertl (I did write some time ago into the code :) 1155766037 M * Bertl I suspect the creation task is migrated (don't know why) but the context is disposed afterwards 1155766072 M * Hollow i don't think so 1155766091 M * Hollow my kernel already has the with-persistent-dont-migrate-on-create patch ;) 1155766122 M * Bertl hmm, maybe your kernel has _too_many_ patches :) 1155766137 M * Hollow no, just rc28.n + this one ;) 1155766150 M * Hollow not even gentoo patches 1155766181 M * Bertl okay, let's try to find a vcmd sequece to reproduce 1155766187 M * Bertl +n 1155766221 M * Hollow ok, have to compile them first 1155766293 M * pflanze I'd say there seems to be a bug with namespace handling. 1155766322 M * Bertl pflanze: can be, mainline is not perfect :) 1155766326 M * pflanze I can umount a filesystem from every namespace, and still the kernel is holding references on it. 1155766327 M * Hollow Bertl: ok, i basically need ctx_create + execve 1155766333 M * Hollow how do i handle this with vcmd? 1155766370 M * pflanze /proc/mount does not show any trace of it in any namespace. But I cannot mount the filesystem again, so there must be something hanging around. 1155766381 M * Bertl Hollow: http://wiki.linux-vserver.org/Linux-VServer-Hacks 1155766410 M * Bertl pflanze: filesystem or device? 1155766411 M * Hollow i see, will try 1155766443 M * pflanze Bertl: in this case, an ext3 filesystem /dev/md1 on /boot 1155766451 M * Bertl pflanze: it could as well be that some process is keeping the filesystem around, you basically have to check the namesapces of all processes 1155766466 M * pflanze Bertl: no, I did check with lsof 1155766482 M * pflanze in context 1 1155766483 M * Bertl lsof does only see the currently visible processes, no? 1155766513 Q * shedi Quit: Leaving 1155766548 M * pflanze Bertl: I run chcontext --silent --ctx 1 lsof|less and search for boot w/o a match 1155766548 M * Bertl pflanze: well, if you can reproduce it, I have a patch to add debug info there 1155766603 M * pflanze And I had to reboot the machine to be able to move the /vserver/scrat/debian directory mentioned earlier: shutting down all vservers was not enough. 1155766624 M * pflanze 2.6.17.8-vs2.0.2-rc28 1155766662 M * Hurga quick question... if I remove the "mark" file from a running vserver, will "util-vservers stop" stop it? 1155766688 M * Bertl Hurga: good question, I'd say no 1155766690 M * pflanze Bertl: yes, I'd add this patch to my kernel, but will only check after the next regular reboot. 1155766737 M * Bertl pflanze: well, you can do that, but it would be better to get a test setup, otherwise it'll take several weeks to figure 1155766764 M * Bertl maybe you have a chance to play around on a local machine/laptop/virtual? 1155766790 M * pflanze Bertl: I want to set up two new machines soon (in a few weeks), then I'll have the machines and time to test. 1155766804 M * pflanze Until then checking after the next reboot is the only thing I can do. 1155766843 M * Bertl pflanze: k, that's fine with me ... let me dig out that patch 1155766856 J * transaci1 ~transacid@e176013251.adsl.alicedsl.de 1155766875 J * Skram_ ~Mark@hermes.sentiensystems.com 1155766900 J * cohan_ ~cohan@koniczek.de 1155766906 M * coocoon Bertl: daniel_hozac: please can u explain me the names of patch-2.6.17.7-vs2.1.1-rc28.n.diff or patch-2.6.17.7-vs2.0.2-rc28x.diff, for what do the addons n or x mean 1155766915 M * Bertl pflanze: http://vserver.13thfloor.at/Experimental/patch-holders.diff 1155766919 M * doener pflanze: did you just stop all vservers or did you unmount the device in each namespace? 1155766926 M * coocoon -mean +stand 1155766933 M * Bertl coocoon: forget it, was just a stupid naming I did for my personal down/upload 1155766953 M * Bertl I'll upload an rc29 shortly 1155766965 M * pflanze doener: how would I unmount a device in the namespace of a vserver after it has been shut down? I thought after no processes would live anymore holding a namespace, it would go away? 1155766972 Q * transacid Ping timeout: 480 seconds 1155766974 M * coocoon Bertl: thanx so i will wait very cool 1155766992 Q * Skram Ping timeout: 480 seconds 1155767005 M * doener pflanze: I meant if you started with unmounting it in each namespace, and just stopped the vservers, because that didn't help 1155767006 N * Skram_ Skram 1155767009 M * daniel_hozac Hurga: well, util-vservers means the initscript, right? 1155767017 Q * cohan Ping timeout: 480 seconds 1155767017 M * doener or if you did only shut them down 1155767018 M * daniel_hozac Hurga: you actually want that to stop _all_ of your guests. 1155767018 M * Hurga daniel_hozac: Yes 1155767028 M * daniel_hozac otherwise they'll be left running when you reboot. 1155767035 M * daniel_hozac causing all sorts of failures. 1155767057 M * daniel_hozac if you just want to stop marked servers, use /usr/lib*/util-vserver/start-vservers directly. 1155767080 M * pflanze doener: I *did* umount the filesystem in all running vservers, but at least in the first case (moving the directory) I had started and stopped vservers before today on the machine. No chance to clean up anything from a vserver which had been shut down I would say? 1155767091 M * Hurga daniel_hozac: Currently I just want to experiment with the pre- and post- scripts without wanting to shut down some other running vservers. 1155767107 M * daniel_hozac Hurga: hmm? why can't you just use vserver ... start/stop? 1155767132 M * Bertl pflanze: there should not be anything left from a guest you did shut down 1155767149 M * doener Bertl: dangling contexts because of sockets are solved? 1155767150 M * Hurga daniel_hozac: because the init scripts are so convoluted that I don't really trust them to work the same. 1155767181 M * daniel_hozac Hurga: uh, they just execute that. 1155767212 M * Hurga They are rather complicated for that :) 1155767218 M * pflanze (doener: I did vps after shutting down all vservers, and chcontext --ctx 1 lsof|grep debian, both of which didn't give any result.) 1155767249 M * pflanze (well, vps did give only processes of contexts 0 and 1, that is) 1155767267 Q * jake- Ping timeout: 480 seconds 1155767296 M * daniel_hozac does lsof show mounts in other namespaces? 1155767298 M * pflanze but yes I didn't check netstat. 1155767303 J * shedi ~siggi@inferno.lhi.is 1155767371 J * mkhl mkhl@200-148-41-96.dsl.telesp.net.br 1155767408 M * pflanze daniel_hozac: hm no, you're right. 1155767497 M * daniel_hozac /proc//mounts should show it. 1155767516 M * Bertl okay, uploaded vs2.0.2-rc29 1155767528 M * daniel_hozac changes from rc28x? none? 1155767543 M * Bertl none, just rediffed (in this case .8) 1155767550 M * daniel_hozac ok. 1155767625 M * pflanze BTW is there a security / announcement mailing list for vserver? So I don't have to check the normal list so often for not missing an important update. 1155767629 M * coocoon Bertl: for experimental it will take more time 1155767655 M * daniel_hozac pflanze: the vserver list is fairly low-traffic. 1155767671 M * pflanze yes, that's true. Still I won't feed it to my normal inbox. 1155767695 M * pflanze (I've set up a script which notifies me if new versions are uploaded to the Experimental dir. 1155767709 M * pflanze This will send me a notice tomorrow morning :) 1155767714 M * daniel_hozac should be easy to do a wiki-list filter. 1155767728 M * daniel_hozac though the wiki lags quite often. 1155767791 M * Bertl pflanze: how often does it run? 1155767804 M * pflanze Bertl: once a day 1155767816 M * Bertl daniel_hozac: how was this discovered? what does it fix? delta-cow-fix05.diff 1155767850 M * daniel_hozac access(2) says -EACCES for write access, making rm ask if you're sure, IIRC. 1155767872 M * Bertl ah, interesting ... 1155768004 M * daniel_hozac and saying -EACCES on COW files is just lying. 1155768152 Q * brc_ Ping timeout: 480 seconds 1155768236 P * stefani I'm Parting (the water) 1155768333 Q * cehteh Ping timeout: 480 seconds 1155768612 M * Bertl daniel_hozac: sorry but I cannot remember your comment on the persistent without admin issue, i.e. how you would suggest to solve that 1155768646 Q * rgl Quit: Fui embora 1155768689 M * daniel_hozac i didn't comment, i'm not sure what would be the cleanest. on kill seems a bit unexpected, IMHO. 1155768751 M * daniel_hozac but i also think that contexts without processes is one of the potential purposes of persistent contexts, so readding admin when the last process exits wouldn't be very nice either. 1155768826 M * Bertl well, the question is, what is the purpose of a persistant context _without_ state_admin? 1155768843 M * Bertl (when the last process left the context, that is) 1155768944 M * daniel_hozac hmm, true. 1155769060 M * Bertl so I think the +admin magic on last process exit is probably the best handling of this cornercase 1155769060 Q * shedi hydrogen.oftc.net helium.oftc.net 1155769060 Q * Hurga hydrogen.oftc.net helium.oftc.net 1155769060 Q * ntrs_ hydrogen.oftc.net helium.oftc.net 1155769060 Q * Johnnie hydrogen.oftc.net helium.oftc.net 1155769060 Q * pflanze hydrogen.oftc.net helium.oftc.net 1155769060 Q * pisc1 hydrogen.oftc.net helium.oftc.net 1155769060 Q * Roey hydrogen.oftc.net helium.oftc.net 1155769060 Q * nokoya hydrogen.oftc.net helium.oftc.net 1155769060 Q * mcp hydrogen.oftc.net helium.oftc.net 1155769060 Q * tokkee hydrogen.oftc.net helium.oftc.net 1155769060 Q * fs hydrogen.oftc.net helium.oftc.net 1155769060 Q * weeble hydrogen.oftc.net helium.oftc.net 1155769060 Q * hap hydrogen.oftc.net helium.oftc.net 1155769060 Q * [PUPPETS]Gonzo hydrogen.oftc.net helium.oftc.net 1155769060 Q * Karmek hydrogen.oftc.net helium.oftc.net 1155769060 Q * FloodServ hydrogen.oftc.net helium.oftc.net 1155769061 M * daniel_hozac ok, so readding admin when the last process exits makes a lot of sense. 1155769085 J * shedi ~siggi@inferno.lhi.is 1155769085 J * Hurga nobody@p508A984E.dip0.t-ipconnect.de 1155769085 J * ntrs_ ~ntrs@68-188-51-87.dhcp.stls.mo.charter.com 1155769085 J * Johnnie ~john@dynamic-acs-24-154-53-237.zoominternet.net 1155769089 M * Bertl hollow called it 'nice magic' so I think this is acceptable for all 1155769089 J * Karmek ~nichts@i53871DD4.versanet.de 1155769101 J * pflanze ~chris@unk-110.ethz.ch 1155769101 J * pisc1 ~pampel@p5087C0B8.dip0.t-ipconnect.de 1155769101 J * Roey ~katz@h-69-3-4-130.mclnva23.covad.net 1155769101 J * nokoya young@hi-230-82.tm.net.org.my 1155769101 J * mcp ~hightower@wolk-project.de 1155769101 J * tokkee tokkee@casella.verplant.org 1155769101 J * fs fs@213.178.77.98 1155769101 J * weeble ~weeble@81.52.144.1 1155769101 J * hap ~penso@212.27.33.226 1155769101 J * [PUPPETS]Gonzo gonzo@langweiligneutral.deswahnsinns.de 1155769113 M * Bertl doener: any opinion on your side? 1155769159 Q * harry Ping timeout: 480 seconds 1155769161 J * cehteh ~ct@cehteh.homeunix.org 1155769209 J * brc_ bruce@201.19.205.120 1155770061 Q * pisc1 Quit: Download Gaim: http://gaim.sourceforge.net/ 1155770134 J * mire ~mire@110-167-222-85.COOL.ADSL.VLine.verat.net 1155770662 Q * DreamerC Quit: leaving 1155770830 J * DreamerC ~dreamerc@59-112-2-165.dynamic.hinet.net 1155771218 M * doener Bertl: hm 1155771239 M * doener state_admin basically means that you go back into a state where you can mess with context settings, right? 1155771251 M * Bertl yes 1155771336 M * doener one thing I have in mind for years now but never managed to try out was sth. like cgi isolation. The first idea was to have the webserver spawn cgis with limited network access 1155771351 M * doener with persistent contexts, all cgis could be shifted into a prepared context 1155771361 M * Bertl okay 1155771397 M * doener if the admin state was added automatically in that case, it would be a little problematic, right? 1155771421 M * Bertl no, why? you would need the admin to migrate the cgi's into it anyway? 1155771450 M * Bertl no admin = no access to the context 1155771471 M * doener oh, then removing admin would actually break it... ok then :) 1155771496 M * Bertl precisely, my reasoning is based on the following: 1155771524 M * Bertl consider a context which is locked down (no admin) and the last process exits, what will you do with that context? 1155771592 M * doener I thought that admin is for control from the inside and only CAP_CONTEXT is required for migration 1155771593 M * Bertl I could see a single purpose for that, and this is the only reason I hesitate 1155771616 J * FloodServ services@services.oftc.net 1155771642 M * Bertl if a bunch of admins have several guests on a common host, they might want to make sure that a once taken context will not be replaced 1155771670 M * Bertl but as we do not have multi admin capabilities yet, it's kind of useless right now 1155772671 T * Bertl http://linux-vserver.org/ | latest stable 2.01, 1.2.10, 1.2.11-rc1, devel 2.1.0, exp 2.{0.2,1.1}-rc29, stable+grsec 2.0.2-rc28 | util-vserver-0.30.210 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) 1155772679 M * Bertl *rc29 1155772691 M * Bertl - whitespace cleanups (stable + devel) 1155772705 M * Bertl - comment cleanups (stable + devel) 1155772721 M * Bertl - file acc fix (devel) 1155772724 M * doener cd su - 1155772732 M * Bertl hmm? 1155772732 M * doener ehrm, wrong window 1155772736 M * doener oh, and brain damage 1155772743 M * doener :) 1155772780 M * Bertl - cow-fix07 (fh, devel) 1155772797 M * Bertl - locks assertion removed (stable)