1158454274 M * marl whats the easiest way to setup vs-utils to create ubuntu guests instead of debian guests?
1158454961 M * doener do you have a Ubuntu-based host?
1158455040 M * marl yup
1158455103 M * doener if you install debootstrap (ie. Ubuntu's version of it) instead of letting util-vserver download the debian version, you should be able to use the debootstrap method with, for example, "-d breezy" 
1158455147 M * doener or dapper and whatever the other versions were called
1158455176 M * marl ah ok thanks :)
1158455190 M * marl is there a way of telling which version of debootstrap ive got?
1158455200 M * marl or is its package name marked?
1158455414 M * marl its ok, found it thanks :)
1158455574 M * doener util-vserver does download a copy from a debian server and unpack it in some separate location (that works on non-apt distros as well), it never actually really "installs" it
1158455616 M * doener so you either have it installed (which means the Ubuntu version on Ubuntu) or you don't ;)
1158455634 M * marl ah :( ill try the ubuntu names and if it doesnt work come back :)
1158455692 M * doener no need to make sad faces, just a matter of "sudo apt install debootstrap" ;)
1158455699 M * doener ehrm, apt-get
1158455712 M * doener tab-completion somehow didn't work *g*
1158455739 M * marl ubuntus one is installed at moment, but will check if its using the deb version or its own downloaded version
1158455774 M * doener util-vserver checks for debootstrap being already available and downloads the debian version only if not
1158456017 M * marl ah, is there a way to devine what packages are downlaoded by debootstrap?
1158456148 M * doener the scripts that control how a debootstrap of a certain version is done are located in /usr/lib/debootstrap/scripts
1158456171 M * marl thanks, was looking under /etc for them 
1158456215 M * doener you can just copy them to a new name and use that name as argument to vserver foo build then, eg. -d my_breezy
1158456327 M * marl ah, now i get it, i did see a page about copying the scripts, but lost is hitting ctrl+w fopr find instead of ctrl+f, i use pico all the time for file edditing, one day il get around to disabling ctrl+w in firefox
1158456421 M * doener doener@atjola:~$ cat .gtkrc-2.0 
1158456421 M * doener gtk-key-theme-name = "Emacs"
1158456508 M * doener that at least makes ctrl-w stop closing tabs while you are typing an url or sth. like that. only if you have focused the tab itself (eg. clicking on the page text/background) it still does that
1158456535 M * marl never been abel to get my head around emacs editor, one day ill sit down and studdy it enough and then go 'how did i ever manage without it!!!!' but till then, pico will do :)
1158456550 M * doener no idea what other side-effects it was, Firefox is about the only graphical thing I use regularly
1158456592 M * doener I'm not an emacs user, I'm a vim addict ;) I just found that workaround somewhere and didn't care much about the other gtk settings
1158456599 M * doener so I just copied it
1158456691 M * marl ahhhhhhhhh, going to have to setup a local ubuntu archive, this is taking forever :(
1158457890 M * renihs talking about offtopic, i need feedback on this xgl screencapture avi :) http://haxor.me.uk/matja/wma/Xgl-livedvd.avi
1158458158 Q * pisco Remote host closed the connection
1158459574 M * marl ok ubuntu guest installed on ubuntu host, can ping hosts ip from guest, cant ping guests ip from guest, and cant ping machines on same network other than te host, any pointers?
1158460650 J * FireEgl FireEgl@Sebastian.Atlantica.US
1158461101 J * ensc ~irc-ensc@p54B4FD77.dip.t-dialin.net
1158461217 Q * Guest1043 Ping timeout: 480 seconds
1158462435 Q * coocoon Quit: KVIrc 3.2.0 'Realia'
1158462595 M * Radiance hmm what was that option to mark a vserver to autostart at boottime ? 
1158463650 Q * sladen Ping timeout: 480 seconds
1158463839 Q * somegeek Ping timeout: 480 seconds
1158463912 J * sladen paul@starsky.19inch.net
1158464469 N * Bertl_oO Bertl
1158464482 M * Bertl OMG lilo is dead?
1158464719 Q * FireEgl Quit: Bye...
1158465035 M * Bertl well, we will definitely miss him ...
1158465063 M * Bertl it's quite early, so I'm off for bed now ...
1158465068 N * Bertl Bertl_zz
1158465070 N * Bertl_zz Bertl_zZ
1158465762 Q * ag- Remote host closed the connection
1158465773 J * ag- ~ag@caladan.roxor.cx
1158467984 J * somegeek hiddenserv@tor.noreply.org
1158469753 J * FireEgl FireEgl@Sebastian.Atlantica.US
1158472352 J * AjAx- ~ajax@tor-irc.dnsbl.oftc.net
1158472418 M * AjAx- what is vserver?
1158472729 J * dna_ ~naucki@p54BCFF27.dip.t-dialin.net
1158474342 Q * dna_ Quit: Verlassend
1158476881 Q * ag- Remote host closed the connection
1158476893 J * ag- ~ag@caladan.roxor.cx
1158477147 Q * mcp Read error: Connection reset by peer
1158477162 J * mcp ~hightower@wolk-project.de
1158482103 J * bonbons ~bonbons@83.222.36.111
1158482176 J * ekc2 ~EKC@netblock-66-245-252-180.dslextreme.com
1158482493 Q * FireEgl Ping timeout: 480 seconds
1158482547 M * ekc2 I am thinking of moving my vservers from ext3 to xfs. Is anyone using xfs to host devel-branch vservers? Is vserver support for xfs fully functional?
1158482817 M * daniel_hozac there were some quota issues recently, but they should be fixed now.
1158482840 M * Loki|muh ekc2: not satisfied with ext3?
1158482946 J * meandtheshell ~markus@85-124-175-38.dynamic.xdsl-line.inode.at
1158483284 Q * ekc2 Remote host closed the connection
1158483714 J * vrwttnmtu ~eryktyktu@82-69-161-137.dsl.in-addr.zen.co.uk
1158484762 Q * ag- Remote host closed the connection
1158484774 J * ag- ~ag@caladan.roxor.cx
1158486299 N * Bertl_zZ Bertl
1158486306 M * Bertl morning folks!
1158486337 M * Bertl AjAx-: have a look at the 'Overview' at linux-vserver.org
1158486386 M * Bertl AjAx-: basicallz it's compareable to solaris zones and similar (i.e. BSD jails on steroids :)
1158486393 M * Bertl *y
1158486554 Q * somegeek Remote host closed the connection
1158486560 Q * ag- Remote host closed the connection
1158486569 J * somegeek hiddenserv@tor.noreply.org
1158486573 J * ag- ~ag@caladan.roxor.cx
1158486626 M * Zaki good morning Bertl :)
1158487443 Q * somegeek hydrogen.oftc.net neutron.oftc.net
1158487443 Q * blizz hydrogen.oftc.net neutron.oftc.net
1158487443 Q * mountie hydrogen.oftc.net neutron.oftc.net
1158487443 Q * glut hydrogen.oftc.net neutron.oftc.net
1158487443 Q * mnemoc hydrogen.oftc.net neutron.oftc.net
1158487443 Q * gdm hydrogen.oftc.net neutron.oftc.net
1158487443 Q * phedny hydrogen.oftc.net neutron.oftc.net
1158487443 Q * litage hydrogen.oftc.net neutron.oftc.net
1158487443 Q * sid3windr hydrogen.oftc.net neutron.oftc.net
1158487443 Q * virtuoso hydrogen.oftc.net neutron.oftc.net
1158487443 J * blizz ~blizz@evilhackerdu.de
1158487444 J * sid3windr luser@bastard-operator.from-hell.be
1158487448 J * gdm ~gdm@www.iteration.org
1158487448 J * mountie ~mountie@CPEdeaddeaddead-CM000a739acaa4.cpe.net.cable.rogers.com
1158487454 J * virtuoso ~s0t0na@shisha.spb.ru
1158487458 J * phedny ~mark@volcano.p-bierman.nl
1158487467 J * glut glut@no.suid.pl
1158487468 J * litage ~nick@203.220.55.70
1158487493 J * mnemoc ~amery@kilo105.server4you.de
1158487507 Q * meandtheshell Ping timeout: 480 seconds
1158487696 Q * vrwttnmtu Read error: Connection reset by peer
1158487809 J * ekc2 ~EKC@netblock-66-245-252-180.dslextreme.com
1158488068 J * meandtheshell ~markus@85-124-38-213.dynamic.xdsl-line.inode.at
1158488102 P * meandtheshell 
1158488151 J * meandtheshell ~markus@85-124-38-213.dynamic.xdsl-line.inode.at
1158488409 Q * ekc2 Remote host closed the connection
1158490102 M * Bertl okay, off for now .. back later ...
1158490108 N * Bertl Bertl_oO
1158490157 M * renihs cu
1158492895 Q * shedii Quit: Leaving
1158494532 Q * derjohn2 Read error: Connection reset by peer
1158494554 J * derjohn2 ~aj@dslb-084-058-217-254.pools.arcor-ip.net
1158495226 J * s0undt3ch_ ~s0undt3ch@bl8-0-115.dsl.telepac.pt
1158495412 Q * s0undt3ch Read error: Operation timed out
1158495412 N * s0undt3ch_ s0undt3ch
1158496944 J * shedi ~siggi@inferno.lhi.is
1158497511 J * ybanafa ~admin@82.114.177.253
1158497593 P * ybanafa 
1158498701 J * jure ~jure@chello080109031206.15.14.vie.surfer.at
1158499625 Q * jure Quit: using sirc version 2.211+KSIRC/1.3.11
1158499941 J * jure ~jure@chello080109031206.15.14.vie.surfer.at
1158500562 J * ComplexMind ~mark@162.84.2.81.in-addr.arpa
1158502078 Q * jure Quit: using sirc version 2.211+KSIRC/1.3.11
1158503572 J * ray6 ~ray@vh5.gcsc2.ray.net
1158503615 M * ray6 reeee
1158503723 N * _nokoya nokoya
1158504755 J * the_hydra ~a_mulyadi@202.59.168.29
1158505191 Q * ComplexMind Remote host closed the connection
1158505602 M * m4z tard
1158505633 M * the_hydra Bertl_oO: ping
1158506033 J * pisco hiddenserv@tor.noreply.org
1158506499 Q * ag- Remote host closed the connection
1158506512 J * ag- ~ag@82.238.123.217
1158506575 J * kinderchemie ~kinderche@dslb-084-061-071-080.pools.arcor-ip.net
1158506578 M * kinderchemie hi
1158506607 M * kinderchemie hope somebody is here. i want to install a suse guest how to do this
1158506643 M * kinderchemie i know how to install a gentoo guest
1158506651 M * kinderchemie but i cant find how to install suse
1158507561 Q * the_hydra Read error: Connection reset by peer
1158507713 Q * kinderchemie Quit: Leaving
1158508029 J * AjAx--- ~ajax@tor-irc.dnsbl.oftc.net
1158508191 J * coocoon ~coocoon@p54A07012.dip.t-dialin.net
1158508207 M * coocoon hello
1158508212 Q * Johnnie Quit: G'bye!
1158508294 J * Johnnie ~jdlewis@jdlewis.org
1158508337 Q * AjAx- Ping timeout: 480 seconds
1158508347 N * AjAx--- AjAx-
1158508413 J * matti matti@linux.gentoo.pl
1158508820 J * id23 ~id@80.129.72.234
1158508826 M * id23 hiho
1158508973 Q * pisco Ping timeout: 480 seconds
1158509399 Q * coocoon Quit: KVIrc 3.2.0 'Realia'
1158510217 J * Pazzo ~thomas@host130-250-static.72-81-b.business.telecomitalia.it
1158511523 Q * derjohn Ping timeout: 480 seconds
1158511915 Q * sezuan helium.oftc.net plasma.oftc.net
1158511932 J * ruskie_ ~ruskie@84.20.228.4
1158511937 Q * ray6 Ping timeout: 480 seconds
1158511940 J * ray6 ~ray@194.126.159.45
1158511955 J * sezuan matthias@agamemnon.ipv6.scheff32.de
1158512010 J * ay_ ay@false.linpro.no
1158512125 Q * ay Ping timeout: 480 seconds
1158512125 Q * ruskie Ping timeout: 480 seconds
1158512143 N * ruskie_ ruskie
1158512173 Q * ebiederm Ping timeout: 480 seconds
1158512193 Q * lylix Ping timeout: 480 seconds
1158512235 J * derjohn ~derjohn@80.69.37.19
1158512390 J * ebiederm ~eric@ebiederm.dsl.xmission.com
1158512705 Q * ag- Read error: Connection reset by peer
1158512713 J * ag- ~ag@caladan.roxor.cx
1158512843 Q * derjohn Ping timeout: 480 seconds
1158513427 J * Piet hiddenserv@tor.noreply.org
1158513562 J * derjohn ~derjohn@80.69.37.19
1158514078 Q * derjohn Ping timeout: 480 seconds
1158514864 J * derjohn ~derjohn@80.69.37.19
1158515428 Q * derjohn Ping timeout: 480 seconds
1158515574 J * dna_ ~naucki@p54BCDBC2.dip.t-dialin.net
1158516114 J * derjohn ~derjohn@80.69.37.19
1158516198 J * coocoon ~coocoon@p54A06D5B.dip.t-dialin.net
1158516225 M * coocoon evening
1158516252 M * daniel_hozac evening.
1158516327 M * doener daniel_hozac: any progress on deciphering the bindmount on / semantics? ;)
1158516337 M * daniel_hozac lol, no, you?
1158516358 M * doener no, my brain is still recovering from the latest discoveries
1158516404 Q * telmich Ping timeout: 480 seconds
1158516468 J * dna___ ~naucki@p54BCDBC2.dip.t-dialin.net
1158516588 Q * dna_ Ping timeout: 480 seconds
1158516604 Q * derjohn Ping timeout: 480 seconds
1158517216 J * dna_ ~naucki@p54BCDBC2.dip.t-dialin.net
1158517256 Q * ag- Remote host closed the connection
1158517268 J * ag- ~ag@caladan.roxor.cx
1158517424 J * derjohn ~derjohn@80.69.37.19
1158517558 Q * dna___ Ping timeout: 480 seconds
1158518175 J * eyck eyck@195.242.124.71
1158518278 Q * derjohn Ping timeout: 480 seconds
1158519155 J * derjohn ~derjohn@80.69.37.19
1158519309 J * duckx ~Duck@tox.dyndns.org
1158519663 Q * derjohn Ping timeout: 480 seconds
1158519875 Q * renihs Remote host closed the connection
1158520399 J * derjohn ~derjohn@80.69.37.19
1158520626 Q * Piet Quit: :tiuQ
1158520978 Q * derjohn Ping timeout: 480 seconds
1158521210 Q * Pazzo Quit: Ex-Chat
1158521521 J * andrew_ ~andrew@puddle.nc.erkle.org
1158521629 J * derjohn ~derjohn@80.69.37.19
1158521641 M * andrew_ evening - having a minor issue with vserver 2.0.1 relating to hidden /proc entries and usb devices - wondered if anyone might be able to offer me a little advice?
1158521791 M * andrew_ I'm trying to get USB devices visible to a vserver, but can't unhide the /proc/bus/usb directory using setattr
1158521799 M * andrew_ # setattr --~hide /proc/bus/usb/
1158521799 M * andrew_ /proc/bus/usb/: Invalid argument
1158521806 M * andrew_ is what I get :-(
1158522149 Q * shedi Read error: Connection reset by peer
1158522178 Q * derjohn Ping timeout: 480 seconds
1158522874 J * derjohn ~derjohn@80.69.37.19
1158523378 Q * derjohn Ping timeout: 480 seconds
1158523542 J * marcfi1 ~mef@c-68-39-177-97.hsd1.nj.comcast.net
1158523549 Q * coocoon Quit: KVIrc 3.2.0 'Realia'
1158523549 P * marcfi1 
1158523974 M * Hollow ok, guys, i'm off now, see you in some days
1158524047 Q * Hollow Remote host closed the connection
1158524138 M * daniel_hozac andrew_: that's another pseudo filesystem.
1158524153 M * daniel_hozac andrew_: you'll have to mount it inside the guest.
1158524247 M * andrew_ ah, right - I see  - do I need to do a --bind mount there, or should I be specifying a different filesystem type for a normal mount?
1158524258 M * andrew_ scratch that - it's usbfs
1158524449 M * andrew_ hmm - don't seem to be having much joy there - the vserver context insists the /proc/bus/usb directory exists, and outside of the context (in the root server) the /proc directory structure for the vserver doesn't seem to exist
1158524455 M * andrew_ am I missing something?
1158524480 Q * ag- Read error: Connection reset by peer
1158524489 J * ag- ~ag@caladan.roxor.cx
1158524507 M * daniel_hozac namespaces will do that.
1158524518 M * daniel_hozac vnamespace -e <guest> mount ... should do it.
1158524540 Q * bonbons Quit: Leaving
1158524682 J * derjohn ~derjohn@80.69.37.19
1158524859 M * daniel_hozac anyone have ideas for how to solve the env problems? hardcoding it seems like such a bad idea...
1158524910 M * andrew_ daniel_hozac: that still seems to have issues, but it's given me a few ideas - I'll go and play and might be back later if it still doesn't work :-)
1158524912 M * andrew_ thanks
1158524914 Q * andrew_ Quit: Leaving
1158525182 M * doener daniel_hozac: what does the env call look like? (too lazy to look it up)
1158525183 Q * derjohn Ping timeout: 480 seconds
1158525571 M * marl hi ive just created a guest install, and mucked up the networking side (only put in an ip addy, no dev etc.) ive now got 2 files under intervaces/0/   ip with "192.168.0.168" in it, and dev with "eth0" in it, is this all i need? as i cant ping past the host system (new install of host withubuntu dapper, with kernel-2.6.17-8-server and util-vserver 0.30.310, both from uni-klu.ac.at
1158525733 M * marl i added the 'dev'file myself because that was all i thought i needed other than the ip file, and my only other machine with vs on, the main program drive has failed, so i cant check my settings against it :(
1158525758 M * doener daniel_hozac: we could add a --clean-env option to vcontext, right?
1158525766 M * marl i know im missing a step, but cant see which one it is :(
1158525805 M * doener marl: inside the vserver, the ip address is visible (ifconfig or iproute, the former works only on recent kernels)
1158525809 M * doener ?
1158525867 M * marl lol cant install iproute cus i cant access the net, hold on a sec, ill install from host
1158525883 M * doener well, try ifconfig first ;)
1158525902 M * marl hold on, ifconfig gives me 192.168.0.168 :)
1158525907 M * doener ok
1158525920 M * doener and how do you test network connectivity?
1158525924 J * derjohn ~derjohn@80.69.37.19
1158525939 M * marl ping/ssh/apt
1158525964 M * doener did you try "ping -n some.ip.addr.ess"?
1158526002 M * doener preferably start with an address on the same subnet
1158526028 M * marl trying to ping my router and its not working with the -n
1158526046 M * doener the host's ip address is in the same subnet?
1158526052 M * marl yup
1158526059 M * marl can ping the hosts ip from the guest
1158526072 M * doener on the host, does "ping -n -I 192.168.0.168 <your-router>" work?
1158526126 M * marl cant ping the guest from the host
1158526163 M * marl and the ping -I run on host gives cannot assign ip address
1158526184 M * doener hm, funny
1158526201 M * doener could you put the output of "ip a" on paste.linux-vserver.org?
1158526211 M * doener (run it on the host)
1158526260 M * marl http://paste.linux-vserver.org/380
1158526265 J * DreamerC_ ~dreamerc@59-115-49-95.dynamic.hinet.net
1158526287 M * doener *lol* typo alert :)
1158526306 M * marl ah hold on, it loks like the 168 is /32 instead of /24, why would it be that?
1158526316 M * doener that's not the problem
1158526317 M * marl is that it?
1158526323 M * doener the problem is a few chars to the left
1158526328 M * marl ok what did i do wrong?
1158526350 M * doener inet 192.168.9.168/32 scope global eth0
1158526374 M * marl just rebooting it now :(
1158526382 M * doener hm, the bold character is not as obvious as I wanted it to be
1158526424 M * mnemoc inet 192.168._9_.168/32 scope global eth0 <--- more obvious ,-)
1158526440 M * doener mnemoc: cheater, you added extra chars! ;)
1158526451 M * marl sorry :( my stupidity, i must have re-read that ip file a dozen times and not spotted it :(
1158526471 M * mnemoc doener: that's the only way for 'text-mode' people like me :p
1158526484 M * doener marl: don't worry, that happens to the best of us ;)
1158526487 M * marl thats it working now :)
1158526507 M * marl feel so stupid :(
1158526526 M * mnemoc *g*
1158526527 M * marl ill go and find my glasses now, looks like i need them for computer work now as well as driving LOL
1158526579 M * marl how do u change the hostname for a guest (the one that gets displayed at hte command prompt) ?
1158526598 M * doener mnemoc: hm, even more text-mode than irssi on a plain virtual console?
1158526602 M * marl its ok, managed it :)
1158526622 M * doener oh, wow, on a vc the 9 is much more obvious than with irssi in a xterm
1158526654 Q * DreamerC Ping timeout: 480 seconds
1158526675 J * Nei ~ailin@userv2.informatik.uni-leipzig.de
1158526678 Q * derjohn Ping timeout: 480 seconds
1158526683 M * mnemoc doener: framebuffer doesn't work good on this machine, so i'm forced currently to use xorg :\  .... but urxvt+dropbear+screen+{irssi,mutt,elinks} anyway :p
1158526748 M * doener no framebuffer on this box at all, but I'm happy with fvwm+xterm+screen+{irssi,mutt,vim}
1158526748 M * Nei heya, got a stupid question maybe someone can clear me up.. how do I add some bind mounts to my vserver?
1158526759 A * doener can't talk about his browser right now ;)
1158526769 M * doener Nei: on start-up or later on?
1158526771 M * mnemoc *G*
1158526813 M * doener Nei: if you want them to be created on vserver-startup, add them to /etc/vservers/foo/fstab
1158526818 M * Nei doener I found out that I can do it manually later with vnamespace -e weirdnumber mount -o bind /fs/in/the/host /var/lib/vservers/name/target
1158526830 M * doener the first path is relative to the hostfs, the second is relative to the guestfs
1158526838 M * doener and as option you use "bind"
1158526864 M * doener the other fields are to be used as usual
1158526882 M * Nei so in the example here I would use /fs/in/the/host /target ufs bind ?
1158526889 M * Nei I'll try, thanks for the help
1158526897 M * doener I'd use "auto" as fs type
1158526931 M * mnemoc doener: how did you make the 9 bold using irssi and without *9* ?
1158526934 Q * meandtheshell Quit: exit (0);
1158526943 M * doener ^b
1158526953 M * mnemoc thanks :)
1158526956 M * doener np
1158526977 M * marl ok heres one, i used to get on my old vs guests as well, if i run any perl programs (like apt-get install scripts) i keep getting : setting locale failed, please chek locale settings language="en_GB:en" "LC_ALL=(unset)" lang="en_GB.UTF-8" is there a way around this?
1158526996 M * Nei doener do you know if I can fake the device name in the mtab?
1158527020 M * Nei it's not very aesthetic to reveal the host's file system structure on the vserver
1158527063 M * Nei marl install locales/locales-all?
1158527106 J * yarihm ~yarihm@84-75-123-221.dclient.hispeed.ch
1158527107 Q * dna_ Quit: Verlassend
1158527158 M * marl ok thanks
1158527246 Q * ag- Remote host closed the connection
1158527289 J * AjAx--- ~ajax@tor-irc.dnsbl.oftc.net
1158527305 J * ag- ~ag@caladan.roxor.cx
1158527411 M * doener Nei: I don't see a way to avoid the mtab entry, but daniel_hozac might know more about it
1158527451 M * Nei I dont necesarily want to avoid it, just a fake one live /dev/hdv1 
1158527459 M * Nei thanks for your help :)
1158527499 M * marl anyone know if djbdns works unmodified within a vserver?
1158527598 Q * AjAx- Ping timeout: 480 seconds
1158527609 N * AjAx--- AjAx-
1158527871 J * derjohn ~derjohn@80.69.37.19
1158528483 Q * derjohn Ping timeout: 480 seconds
1158528493 J * derjohn ~derjohn@80.69.37.19
1158528614 J * Aiken ~james@tooax6-092.dialup.optusnet.com.au
1158528752 J * shedi ~siggi@inferno.lhi.is
1158528965 M * daniel_hozac doener: i recently added support for speciyfing an initial environment, so it'll set variables now too.
1158529060 M * doener hmpf :(
1158529084 Q * derjohn Ping timeout: 480 seconds
1158529167 M * marl anyone recomend a dns program that will run in a guest, for use on a local network running samba and normal web browseing?
1158529286 M * Nei daniel_hozac sorry to be so cocky, would you know how to fake an entry in the mtab when it is caused by the vserver's fstab?
1158529396 M * doener marl: I'm quite happy with powerdns here
1158529501 M * Nei I figure this is not a vserver question, but if I'm following the iptables steps tp set up a virtual private network with the vservers in it, where would a good place for the iptables commands be in debian?
1158529563 M * marl thanks doener, 201 pages for the manual LOL, is it resonably easy to set up and maintain?
1158529629 M * doener marl: my "setup" here consisted of changing about 6 lines in the configuration. Allowed networks, listen address and mysql configuration
1158529646 M * doener the default settings seemed to be quite sane
1158529649 J * derjohn ~derjohn@80.69.37.19
1158529693 M * doener most of the manual describes how to setup and maintain the various available backends (oracle, mysql, bind zones, ...)
1158529786 M * daniel_hozac Nei: hmm, i don't think there's a way to do that. (pre-start should be able to massage it though)
1158529818 M * marl thanks, and it runs fine as a guest?
1158529852 M * doener marl: sure
1158529859 M * marl thanks agian
1158529911 M * Nei daniel_hozac thanks for the hint. how exactly do I need to write my files so the .default scripts are not skipped? somehow I dont quite understand the meaning of "environment variable must be set by one of the in-shellcontext scripts (the non-executable ones)"
1158529938 M * daniel_hozac make sure your script isn't executable, and export DONT_SKIP_DEFAULTS=1
1158529942 M * daniel_hozac (IIRC)
1158529950 M * Nei ok thanks
1158529976 M * Nei and will it still run any other scripts if they dont exist, or do I need to create dummy scripts for all variants with that content?
1158529996 M * daniel_hozac it will only run the ones that exist.
1158530006 M * daniel_hozac i.e. dummy scripts aren't needed.
1158530011 M * Nei great
1158530283 Q * derjohn Ping timeout: 480 seconds
1158530640 J * FireEgl FireEgl@Sebastian.Atlantica.US
1158530678 Q * derjohn2 Ping timeout: 480 seconds
1158531275 J * meandtheshell ~markus@85-124-38-213.dynamic.xdsl-line.inode.at
1158531895 J * derjohn ~derjohn@80.69.37.19
1158532536 M * daniel_hozac to everyone with bug reports in savannah: sorry for all the spam.
1158533347 M * fluor- hallo - I can't get to do rbind within vserver using /etc/vservers/$vserver/fstab on debian, while manually mounting via vnamespace -e $vserver mount --rbind works... any clue?
1158533378 M * daniel_hozac well, rbind was broken :)
1158533402 M * daniel_hozac it should be fixed in SVN.
1158533411 M * fluor- ah :)
1158533412 M * daniel_hozac (hmm, i should bind a key to that)
1158533491 M * Nei I guess you could fake it with --bind in the meantime
1158533503 M * Nei (or update of course)
1158533505 M * fluor- Nei: well, it does work using --rbind
1158533517 M * daniel_hozac just not with secure-mount.
1158533520 M * Nei or keep doing it from scripts
1158533523 M * fluor- Nei: it just doesn't work upon vserver start
1158533534 M * fluor- so yeah, I guess I'll have to use scripts
1158533550 M * daniel_hozac or use SVN ;)
1158533566 M * doener daniel_hozac: what do you think of ripping out the bindmount? It doesn't really buy that much, but causes some trouble in some cases
1158533582 M * fluor- well, I'd rather stick to Debian packages for a stable server :)
1158533611 M * Nei how can current bind mount scenarios be solved with it gone?
1158533628 M * daniel_hozac fluor-: you could quite easily package it up with a release of 0.30.211-0.2320.svn ;)
1158533638 M * daniel_hozac doener: well, are we sure about that? :)
1158533655 M * fluor- hehe
1158533689 M * Nei how secure is a bind mount?
1158533703 M * doener Nei: I'm talking about the special bind mount done for namespace-enabled vservers that map /vservers/foo to /
1158533724 M * doener daniel_hozac: hm?
1158533743 M * doener we've seen the symlink causing trouble, and the barrier protects from chroot breakout anyway
1158533750 M * daniel_hozac are you positive it doesn't buy anything?
1158533799 M * daniel_hozac do we already support all filesystems about the barrier?
1158533864 M * doener I _really_ hope so, otherwise all vservers with non-namespace vservers on those unsupported filesystems were vulnerable to chroot breakouts
1158533865 M * daniel_hozac like NFS, and such?
1158533945 M * doener AFAIK it's fs agnostic
1158534019 M * daniel_hozac why do we patch all those filesystems then? just because they have functions for converting i_flags?
1158534029 M * doener yep
1158534071 M * doener so you might need a patched nfs server if /vservers is on nfs... but Bertl_oO should know that better than me
1158534136 M * doener but search for S_IUNLINK in the kernel, not used in nfs code either
1158534171 M * daniel_hozac yeah, you're right.
1158534450 M * daniel_hozac but the namespace does buy us the private mounts.
1158534451 N * Bertl_oO Bertl
1158534456 M * Bertl evening folks!
1158534461 M * daniel_hozac evening Bertl!
1158534525 M * Bertl NFS allows for handling the ext attributes, but it needs support on the server
1158534549 M * Bertl basically the same is true for the iunlink and tagging, but
1158534577 M * Bertl NFS root filesystem (and here is the point) have a directory node on the underlying filesystem as mountpoint
1158534619 M * Bertl so, at least if I remember correctly (read: we might have changed that several times since :) the barrier is on the mount point dir, not the filesystem
1158534666 M * daniel_hozac what happens if you have all of your guests on a single NFS mountpoint? (as i assume is the most common setup)
1158534668 M * doener Bertl: aren't the mountpoint permissions and attributes overriden by the mounts / ?
1158534680 M * daniel_hozac i was thinking that too.
1158534711 M * doener and if the host's / is served via nfs the mountpoint is on nfs anyway :) (I guess that kind of setup is possible, right?)
1158534720 M * Bertl I think/fear we changed that at some point
1158534752 M * Bertl i.e. I remember the "root inode is not part of the fs" issue
1158534812 M * Bertl doener: yes, and used by lycos, btw
1158534815 M * doener hm, I only remember a "/. inode is different from /.."
1158534820 M * doener issue
1158534830 M * Bertl but they have patched filers too
1158535090 J * _node node@c-69-143-148-254.hsd1.md.comcast.net
1158535171 M * Bertl daniel_hozac: in this case you basically depend on a patched filer
1158535208 M * Bertl but, those cases are probably easy to extend to unpatched filers (btw)
1158535259 M * Bertl because we could simply 'tag' certain --bind mounts with a barrier (wouldn't that be a great thing for the every day guest too? :)
1158535335 M * doener What I'd love to see would be a mix of the current namespace and non-namespace setup + mount inheritance... but I never found enough energy to find out how that actually works and what would need to be done to util-vserver
1158535415 M * doener ie. you have all mounts in the host's namespace and vservers get a new namespace, where / is exchanged with /vserver/foo, the namespace is cleansed and the new / hierarchy in the vserver's namespace inherits mounts from the host's /vservers/foo/
1158535483 M * Bertl sounds good too ... but what to do in cases were you do not want the host to have those mounts (for whatever reasons)
1158535533 M * doener then you loose the ability to add new mounts to the vserver. util-vserver would need adjustment to not rely on anything from the host namespace after switching to the guest namespace anyway
1158535535 M * daniel_hozac i really like how clean the host's namespace is now.
1158535583 M * doener we could also have a "watcher" namespace that inherits from the host (but not the other way round) from which the vserver's namespaces inherit (and vice versa)
1158535624 M * Bertl that sounds more like it ...
1158535769 Q * fluor- Quit: zZz
1158535808 J * fluor ~fluor@tanneries.squat.net
1158535827 Q * Snow-Man Ping timeout: 480 seconds
1158536110 Q * meandtheshell Quit: exit (0);