1158624812 J * s0undt3ch_ ~s0undt3ch@bl7-240-207.dsl.telepac.pt 1158624889 Q * s0undt3ch Killed (NickServ (GHOST command used by s0undt3ch_)) 1158624890 N * s0undt3ch_ s0undt3ch 1158625824 N * Bertl_oO Bertl 1158625828 M * Bertl back now ... 1158626759 M * doener morning :) 1158627396 M * tokkee Good morning ;-) 1158629968 Q * Guest1084 Ping timeout: 480 seconds 1158631670 J * ensc ~irc-ensc@p54B4FA30.dip.t-dialin.net 1158632119 Q * s0undt3ch Quit: leaving 1158633330 M * matti :) 1158633951 J * anonc ~anonc@staffnet.internode.com.au 1158634522 Q * anonc charon.oftc.net neutron.oftc.net 1158634567 J * s0undt3ch ~s0undt3ch@bl7-240-122.dsl.telepac.pt 1158634857 Q * fluor Ping timeout: 480 seconds 1158634923 J * anonc ~anonc@staffnet.internode.com.au 1158635783 Q * micah Remote host closed the connection 1158636409 J * micah ~micah@micah.riseup.net 1158636663 J * fluor ~fluor@tanneries.squat.net 1158637147 Q * fluor Ping timeout: 480 seconds 1158637946 Q * micah charon.oftc.net neutron.oftc.net 1158637946 Q * anonc charon.oftc.net neutron.oftc.net 1158637949 J * micah ~micah@micah.riseup.net 1158637949 J * anonc ~anonc@staffnet.internode.com.au 1158638489 M * Bertl okay, off to bed now .. have a good one everyone! 1158638497 N * Bertl Bertl_zZ 1158638542 Q * s0undt3ch Ping timeout: 480 seconds 1158638608 J * s0undt3ch ~s0undt3ch@bl7-240-222.dsl.telepac.pt 1158638801 Q * anonc hydrogen.oftc.net neutron.oftc.net 1158638801 Q * micah hydrogen.oftc.net neutron.oftc.net 1158639254 Q * ruskie hydrogen.oftc.net europa.oftc.net 1158639298 J * micah ~micah@micah.riseup.net 1158639298 J * anonc ~anonc@staffnet.internode.com.au 1158639420 J * ruskie ~ruskie@84.20.228.4 1158639866 Q * anonc charon.oftc.net neutron.oftc.net 1158639866 Q * micah charon.oftc.net neutron.oftc.net 1158640812 J * micah ~micah@micah.riseup.net 1158640812 J * anonc ~anonc@staffnet.internode.com.au 1158641749 Q * anonc hydrogen.oftc.net neutron.oftc.net 1158641749 Q * micah hydrogen.oftc.net neutron.oftc.net 1158641837 J * Piet hiddenserv@tor.noreply.org 1158641837 J * micah ~micah@micah.riseup.net 1158641837 J * anonc ~anonc@staffnet.internode.com.au 1158642696 J * coocoon ~coocoon@p54A06462.dip.t-dialin.net 1158642721 M * coocoon morning 1158642725 M * matti call 0xc0ffee 1158642726 J * sid3wind1 luser@bastard-operator.from-hell.be 1158642733 Q * sid3windr Read error: Connection reset by peer 1158643062 Q * Nei Read error: Connection reset by peer 1158643231 J * Aiken ~james@tooax6-087.dialup.optusnet.com.au 1158643627 Q * s0undt3ch Read error: Operation timed out 1158644514 Q * anonc hydrogen.oftc.net neutron.oftc.net 1158644514 Q * micah hydrogen.oftc.net neutron.oftc.net 1158644514 Q * Piet hydrogen.oftc.net neutron.oftc.net 1158644536 J * Piet hiddenserv@tor.noreply.org 1158644536 J * micah ~micah@micah.riseup.net 1158644536 J * anonc ~anonc@staffnet.internode.com.au 1158644780 Q * Aiken Quit: Leaving 1158644907 Q * anonc charon.oftc.net neutron.oftc.net 1158644907 Q * micah charon.oftc.net neutron.oftc.net 1158644907 Q * Piet charon.oftc.net neutron.oftc.net 1158645563 J * Piet hiddenserv@tor.noreply.org 1158645563 J * micah ~micah@micah.riseup.net 1158645563 J * anonc ~anonc@staffnet.internode.com.au 1158646767 J * Aiken ~james@tooax6-087.dialup.optusnet.com.au 1158646812 J * meandtheshell ~markus@85-124-37-253.dynamic.xdsl-line.inode.at 1158647339 Q * cdrx Read error: Operation timed out 1158647556 Q * mcp Read error: Connection reset by peer 1158647560 J * mcp ~hightower@wolk-project.de 1158647913 J * s0undt3ch ~s0undt3ch@bl7-245-194.dsl.telepac.pt 1158648102 J * id23 ~id@p50812D5F.dip0.t-ipconnect.de 1158648111 M * id23 morning #vserver 1158648587 J * micah_ ~micah@micah.riseup.net 1158648629 Q * micah Remote host closed the connection 1158648722 Q * s0undt3ch Quit: leaving 1158648731 J * s0undt3ch ~s0undt3ch@bl7-245-194.dsl.telepac.pt 1158649640 J * Piet_ hiddenserv@tor.noreply.org 1158650010 Q * Piet Ping timeout: 480 seconds 1158650032 J * lilalinux ~plasma@dslb-084-058-211-243.pools.arcor-ip.net 1158650465 M * nayco hello, all ! 1158650581 M * nayco Ohhhh, I was looking on the website waiting for 2.1.1-rc32 to be released, and the topic here learns me that it already rc-35 :D !!! 1158650883 J * dna_ ~naucki@58-242-dsl.kielnet.net 1158650889 J * cdrx ~legoater@242.32.96-84.rev.gaoland.net 1158651304 M * coocoon daniel_hozac: ping 1158653390 Q * lilalinux hydrogen.oftc.net neutron.oftc.net 1158653390 Q * Piet_ hydrogen.oftc.net neutron.oftc.net 1158653390 Q * micah_ hydrogen.oftc.net neutron.oftc.net 1158653390 Q * id23 hydrogen.oftc.net neutron.oftc.net 1158653390 Q * anonc hydrogen.oftc.net neutron.oftc.net 1158653780 J * lilalinux ~plasma@dslb-084-058-211-243.pools.arcor-ip.net 1158653780 J * Piet_ hiddenserv@tor.noreply.org 1158653780 J * micah_ ~micah@micah.riseup.net 1158653780 J * id23 ~id@p50812D5F.dip0.t-ipconnect.de 1158653780 J * anonc ~anonc@staffnet.internode.com.au 1158654129 Q * shedi Quit: Leaving 1158654619 Q * anonc hydrogen.oftc.net neutron.oftc.net 1158654619 Q * id23 hydrogen.oftc.net neutron.oftc.net 1158654619 Q * micah_ hydrogen.oftc.net neutron.oftc.net 1158654619 Q * lilalinux hydrogen.oftc.net neutron.oftc.net 1158654619 Q * Piet_ hydrogen.oftc.net neutron.oftc.net 1158654839 J * lilalinux ~plasma@dslb-084-058-211-243.pools.arcor-ip.net 1158654839 J * Piet_ hiddenserv@tor.noreply.org 1158654839 J * micah_ ~micah@micah.riseup.net 1158654839 J * id23 ~id@p50812D5F.dip0.t-ipconnect.de 1158654839 J * anonc ~anonc@staffnet.internode.com.au 1158654845 M * ay_ what's the difference of vserver restart and condrestart? 1158655121 M * ray6 I have no idea but I would guess: condrestart only restarts when it's running, restart starts it new even if it's down? 1158655453 M * ay_ Ah. Makes sense 1158655453 Q * lilalinux Read error: Connection reset by peer 1158655528 J * lilalinux ~plasma@dslb-084-058-211-243.pools.arcor-ip.net 1158655944 J * AjAx-- hiddenserv@tor.noreply.org 1158655973 N * AjAx-- AjAx- 1158656800 M * harry anyone here? 1158656810 M * harry i need some info on weirdness++ 1158656815 M * harry 44 24 638.1M 243.3M 0m05s97 0m06s44 17h52m44 webmailtest 1158656816 M * AjAx- yes i am if that counts? 1158656831 M * AjAx- im weird also 1158656837 M * AjAx- :P 1158656845 M * harry gandalf:/proc/virtual/44# cat limit |grep -e "VM:" -e RSS 1158656846 M * harry VM: 163356 178429 262144 0 1158656846 M * harry RSS: 34804 38103 131072 0 1158656865 A * harry thinks he's stupid 1158656940 M * AjAx- as the next person.. 1158656950 M * AjAx- we are all equal 1158657003 M * AjAx- ppl can only point you in the right direction then it is all up to you how much effort you put into it 1158657012 M * harry i was thinking,... he's using 600+ meg, and limit is 262k, but i have to multiply by 4 ;) 1158657018 M * AjAx- keep that in mind and you shall succeed 1158657026 M * AjAx- :) 1158657104 M * AjAx- ppl have put most the information on the internet for the world to read if you look you shall find what you are looking for 1158657314 M * AjAx- actually im suprised Bertl isnt around to reply , he is a great helper 1158657503 Q * AjAx- Quit: Always try to be the best, but don't ever think you are the best. 1158657517 J * AjAx-- hiddenserv@tor.noreply.org 1158657523 N * AjAx-- AjAx- 1158657623 M * gdm AjAx-: and you appear to be a great philosopher :p 1158657665 M * gdm harry: sorry, i'm stupid too... 1158657674 M * gdm (or it's too early in the morning) 1158657682 M * gdm which one are you multiplying by 4? 1158657724 M * AjAx- gdm: lol 1158657751 M * AjAx- i may be a couple cans short of a six pak but i like to speak my mind 1158657920 M * AjAx- my bad i should know better this is a help channel after all.. 1158657945 M * gdm no, it is nice to have some humanity here as well... 1158657967 M * gdm but maybe you should also join something like #alcoholicphilosophers ;-) 1158657987 M * gdm they might be able to help with your six pack problem 1158657992 M * AjAx- lol join in the pisshead talk 1158658014 M * AjAx- no thnx but thanx for the advice 1158658041 M * gdm hehe, np. anyway, i have to get back to some work... break's over :/ 1158658087 M * gdm i'm still curious about which number harry wanted to multiply by 4.. i always get really confused by the whole bits/bytes/1024/1000 etc multiples and conversions 1158658122 M * AjAx- no faq to check up on? 1158658148 M * AjAx- obviously not otherwise he wouldnt be askin 1158658255 M * gdm well, i think he figured it out... but nice to share the knowledge ;-) 1158658264 M * gdm ok, *really* going now! 1158658287 M * AjAx- ye my 9 yrs of skooling really helps me in life! 1158658406 N * Piet_ Piet 1158658784 Q * coocoon Quit: KVIrc 3.2.0 'Realia' 1158659396 M * doener harry: where does that first stat come from? 1158659410 M * harry vserver-stat 1158659418 M * harry but, doener , i just miscaclulated 1158659422 M * doener don't trust these values too much 1158659431 M * harry i thought: my limit is 512MB rss, not vm :) 1158659440 M * harry vm is 1GB, that's why it's all still ok :) 1158659452 M * doener shared mem and such isn't even taken into consideration, they can be pretty far off in some cases 1158659486 M * harry do you know what a return value -12 is ? 1158659490 M * harry of where i can find it? 1158659496 M * harry i'll look into it later... no time now 1158659503 M * AjAx- 1.8p4m with 512 and a typical slow ass notebook hdd is it worth putting vm on it>? 1158659505 M * harry collegue here, wants to leave for lunch NOW :) 1158659561 M * doener errno.h in the kernel source 1158659564 M * AjAx- starbucks or subways? :P 1158659846 J * coocoon ~coocoon@p54A06462.dip.t-dialin.net 1158660184 Q * ruskie Read error: Connection reset by peer 1158660308 J * ruskie ~ruskie@ruskie.user.oftc.net 1158660757 M * daniel_hozac coocoon: pong. 1158660809 M * coocoon daniel_hozac: hello wanted to ask something but it is not so important at this moment, have found a solution, thanx for answering 1158660934 M * daniel_hozac coocoon: ok, np. 1158661152 Q * cdrx Ping timeout: 480 seconds 1158661527 Q * Aiken Ping timeout: 480 seconds 1158661677 M * phedny small question, is it easy to configure a vserver to only allow communication with other vserver(s) on the same system? 1158661694 M * phedny I want to seperate two processes that now communicate over 127.0.0.1 into seperate vservers, but one of them should not be allowed traffic to eth0 1158661724 M * daniel_hozac give it an address that your network doesn't know how route. 1158661748 M * daniel_hozac its traffic will get out on the network, but your gateway won't know where to respond. 1158661782 M * phedny is that okay in a colocated environment? (I'm not owner of the network, I only pay for traffic) 1158661913 M * daniel_hozac i have no idea. 1158661925 M * daniel_hozac i suppose you could filter out the traffic with iptables on the host as well. 1158661977 M * daniel_hozac (i.e. iptables -A OUTPUT -o ! lo -s -j REJECT or something like it) 1158662099 J * Aiken ~james@tooax6-032.dialup.optusnet.com.au 1158662379 J * Zaki_ ~Zaki@88.213.22.103 1158662513 M * phedny daniel_hozac: thanks, this works 1158662544 M * phedny daniel_hozac: but I have little bit changed it, assigning addresses from 172.16.1.* to dev lo and communication is possible between vservers :) 1158662674 Q * Zaki Ping timeout: 480 seconds 1158662732 N * sid3wind1 sid3windr 1158662967 M * harry #define ENOMEM 12 /* Out of memory */ 1158662969 M * harry wiiiiiiiiii 1158662976 A * harry gives doener a big kiss!!! 1158662998 M * harry (yes, you are allowed to be disgusted) 1158663332 J * cdrx ~legoater@cap31-3-82-227-199-249.fbx.proxad.net 1158663970 M * ay_ Hm. If I want to create an image of a vserver for using as a template for later (vserver build skeleton; and then tar xjvf) Should I tar the whole vserver, or should i skip /dev and /proc? 1158664015 M * ay_ Would be cool if vserver had a vserver extract-image-to-template :-D 1158664060 M * harry then make one :) 1158664073 A * harry just has a spare "copy" of a standard vserver which i copy every time 1158664347 M * harry is it useful to limit the amount of virtual memory of a vps ? 1158665726 Q * weasel Ping timeout: 480 seconds 1158665903 J * weasel ~weasel@asteria.debian.or.at 1158666350 Q * qfire Quit: leaving 1158666439 M * daniel_hozac ay_: you mean like vserver ... build -m template? 1158666776 M * ay_ daniel_hozac: In svn? 1158666781 M * daniel_hozac ay_: right. 1158666823 A * ay_ has not got the svn stuff to build yet. 1158666831 M * ay_ aclocal -I m4 1158666831 M * ay_ aclocal: configure.ac: 44: macro `AM_PROG_CC_C_O' not found in library 1158666845 M * ay_ (not that I've tried much though) 1158666877 M * ay_ (on ubuntu-dapper) 1158666879 M * daniel_hozac well, there are a few problems with it. 1158666899 M * daniel_hozac (which i haven't committed the fixes for yet) 1158666916 J * fluor ~fluor@tanneries.squat.net 1158667317 M * ay_ daniel_hozac: But while we are waiting for the new and shiny util-vserverpackage with image support. What is the best way to make images (vserver copy? tar jxvf while it's down?) 1158667682 M * daniel_hozac i'd probably go with cpio while it's down. 1158667838 M * daniel_hozac (or dump while it's down) 1158668008 N * Zaki_ Zaki 1158669415 J * DavidS cool@helios.uni-ak.ac.at 1158669602 P * DavidS 1158669610 J * DavidS cool@helios.uni-ak.ac.at 1158669654 M * DavidS Hi, i have two VGs with a LV each, mounted to /var/lib/vservers/something; After starting both vservers, i have to shutdown both to deactivate any LV. 1158669660 M * DavidS any hints? 1158669752 M * DavidS I'm running Debian's 2.6.17-9 (containing 2.6.17.13 and VServer 2.0.2) 1158669772 M * daniel_hozac that's expected. 1158669789 M * daniel_hozac it's mounted in both namespaces, to remove it you have to unmount it in both. 1158669804 M * daniel_hozac there was a thread on the mailing list just the other day about this. 1158669816 M * daniel_hozac http://archives.linux-vserver.org/200609/0102.html 1158669843 M * DavidS uhm, /var/lib/vserver/something is different for the two vservers 1158669849 A * DavidS goes reading 1158669904 Q * Aiken Quit: Leaving 1158669968 M * ay_ daniel_hozac: tar cjvf isn't your cup of tea? Or will it do bad stuff to /proc and /dev? 1158670009 M * DavidS so i'd better mount the LV only in the namespace of the contained (in the LV) VServer, probably by putting it into the appropriate fstab ... 1158670012 M * daniel_hozac ay_: you'll want l as well, to make sure you only get that filesystem (i.e. not /proc). 1158670022 M * daniel_hozac DavidS: right, or enable namespace cleanup. 1158670073 M * daniel_hozac DavidS: but the fstab solution is generally better. 1158670107 M * daniel_hozac (you'll need http://people.linux-vserver.org/~dhozac/p/uv/experimental/namespace.patch for enter and stop to work though) 1158670364 M * daniel_hozac ay_: but IIRC tar isn't very good at hardlinks. 1158670803 J * Roey ~katz@h-69-3-4-130.mclnva23.covad.net 1158670806 M * Roey hi 1158670845 M * ay_ daniel_hozac: Does it work good at /dev? 1158670949 M * daniel_hozac ay_: it should. 1158671372 Q * fluor Ping timeout: 480 seconds 1158672112 M * DavidS i'll go with the "umount everywhere" alternative .. it's not a beauty, but everything else is even more disruptive ... *sigh* 1158672129 N * Bertl_zZ Bertl 1158672133 M * Bertl morning folks! 1158672145 M * coocoon morning 1158672155 M * daniel_hozac morning Bertl! 1158672157 M * Bertl DavidS: why not go with the 'mount only in the appropriate namespace' approach? 1158672169 Q * Roey Quit: Leaving 1158672654 M * DavidS Bertl: I'm doing backups from external and as long as i haven't upgraded to backing up lvm-snapshots i need the access from the host without much hassle ... 1158672708 M * Bertl so then I must have missed something ... 1158672732 M * Bertl first, you want to unmount it on the host, then you want to access it from the host? 1158672786 M * Bertl but anyways, no problem to mount it on the host too 1158672809 M * Bertl (and do the backups there) just don't forget to unmount it when you want it unmounted :) 1158672851 M * DavidS i have two servers with shared storage and heartbeat. one VG per server where I store the vservers. Failing one VG back doesn't work because the VG can't be deactivated ... 1158672890 M * Bertl would be the same with a mount on the host, no? 1158672942 M * DavidS can i mount something _only_ on the host, without potentially polluting guests? If the "namespace cleanup" patches do what i'd expect them to do (only copy "needed" namespace entries to guests), this wuold be best IMO ... 1158672965 M * daniel_hozac yep. 1158672974 M * Bertl yes, that is the idea ... 1158672977 M * DavidS Bertl: currently i just mount the LV via heartbeat to /var/lib/vservers/$VS 1158672995 M * Bertl what about the backup you mentioned? 1158673070 M * DavidS Bertl: I rdiff-backup /var/lib/vservers ... although I'm not happy with this too, because after moving vservers from one host to another i have some backups twice ... (not good for 130G homes) 1158673110 M * DavidS if this failback works with the new umount, I'll look into backing up "vservers" in contrast to just the whole /var/lib/vservers ... 1158673132 M * Bertl well, why not look at the full picture in the first place? 1158673148 M * Bertl IMHO simplifies your setup drastically 1158673168 M * Bertl i.e. only mount those lvms from the fstab for the guest 1158673172 M * DavidS because i was forced to migrate the production servers before i had everything in place and i will leave on two week holidays tomorrow 1158673194 M * Bertl and have the backups running inside the guest (rsync works perfectly fine inside) 1158673207 M * DavidS i.e.: "correct" backup: not neccessary; "correct" failover capacities: necessary 1158673221 M * Bertl that also solves the issues with 'backups' at 'failover' time 1158673455 M * DavidS my last fear: while i mount a snapshot, someone restarts one or more vservers ... i still need namespace cleanup (patches or umount_everywhere) then? 1158673628 M * Bertl well, can someone simply mount a snapshot or restart a server without you knowing? in any case the namespace cleanup is a nice thing to have 1158673667 M * DavidS I'm only "installing" the system ... others will have to admin it ... 1158673708 M * DavidS the namespace cleanup thing would make this whole thing much more intuitive: only "ref counting" mounts actually accessible by the vserver ... 1158673751 M * DavidS also it's imaginable, that vservers will failover into the server while a backup is running, suddenly tainting the mount 1158673762 M * DavidS .. of the snapshot being backupped 1158673931 M * Bertl that's why I'd suggest to run the backup _inside_ the guest 1158673947 M * Bertl because a failover then will automatically stop the backup 1158673959 M * Bertl (i.e. in this case a switchover) 1158674181 M * DavidS then i can't use snapshots and have to install she backup software everywhere ... 1158674339 M * DavidS she/the 1158674642 M * Bertl backup software? didn't you talk about rsync? 1158674714 M * Bertl as far as I understood, you have (at least) two machines, which are in a failover setup 1158674736 M * Bertl you are doing rsync between them to keep the other end(s) up to date, right? 1158674814 M * DavidS no, i have a shared storage fibre channel thingy and i rsync to a third system for daily backups ... 1158674894 M * Bertl okay, so the 'backup' software is rsync (for the hosts) right? 1158674922 M * DavidS yes 1158674940 M * Bertl and installing rsync on the guests seems complicated to you? 1158674955 M * Bertl (IIRC, there are two of them?) 1158675177 M * Bertl well, you can even avoid that, by putting the appropriate rsync task into the guest namespace 1158675196 M * Bertl but you will lose the 'feature' that rsync stops on switchover 1158675216 M * DavidS 11 currently and I'm neither finished with migrating legacy systems or splitting off redundant/mixed services 1158675217 M * DavidS task? 1158675280 M * DavidS i'd rather just use "vnamespace -e $XID rsync" from the host at this point ... 1158675300 M * DavidS you meant that ^^^ didn't you? 1158675306 Q * lilalinux Remote host closed the connection 1158675316 M * Bertl DavidS: yep, something like that :) 1158675394 M * DavidS well I now have a umount_everywhere that works so now i can start testing again whether the services switch over correctly ... then i can start with the backup for real ... 1158675475 M * DavidS and if i have time, i'll try to fixup the damned routing table too ... but that's another story ... 1158675513 M * Bertl demand routing ... sounds interesting 1158675678 J * lilalinux ~plasma@dslb-084-058-211-243.pools.arcor-ip.net 1158675797 M * DavidS dAmned, not demand 1158675810 M * DavidS like in godawfuldamned 1158675879 M * phedny Bertl: tinc has demand routing ;) 1158675881 M * mnemoc hi, OT: any hint about where can i find some information about crosscompiling `screen` ? 1158675905 M * Bertl phedny: ah, replaced tinc some time ago by openvpn :) 1158675970 M * Bertl mnemoc: probably the same as for all other tools, get a cross compile chain that works, and compile it with CC=gcc-whatever 1158675979 M * mnemoc openvpn rules :) 1158675980 A * phedny uses OpenVPN too, but I read about tinc as it might prove usefull in a scenario where a lot of sites needed to be crossconnected 1158676009 M * mnemoc Bertl: screen's configure is *ugly* 1158676073 M * meandtheshell hi folk - might anybody do me a favour ... you guys get an ECHO REPLY from security.debian.org when trying to ping? 1158676099 M * meandtheshell Because I'm not - got 100% packet loss 1158676100 M * phedny 64 bytes from villa.debian.org (212.211.132.32): icmp_seq=1 ttl=52 time=16.8 ms 1158676121 M * meandtheshell phedny: ok - I see 1158676224 M * meandtheshell phedny: and what about ping 194.109.137.218? 1158676267 M * phedny what is that IP for? 1158676308 M * meandtheshell phedny: security.debian.org 1158676314 M * phedny 64 bytes from 194.109.137.218: icmp_seq=1 ttl=57 time=10.1 ms 1158676329 M * phedny owh, they have 4 IP's :) 1158676339 M * meandtheshell phedny: hm ... that's odd 1158676354 M * meandtheshell phedny: yeah - 4 IP's :) 1158676389 M * meandtheshell phedny: well - thanks so far 1158676395 M * phedny np 1158676425 M * phedny all my projects are stalled, so I'm not really busy atm 1158676515 Q * fosco Ping timeout: 480 seconds 1158676693 M * DavidS drat! that didn't work .. i should work on my test strategies ... 1158676713 J * fluor ~fluor@tanneries.squat.net 1158676725 M * DavidS at least the guests failed over correctly after the active node rebooted :-/ 1158676742 M * phedny DavidS: that's cool! 1158676806 J * fosco fosco@konoha.devnullteam.org 1158676871 J * Belu_zZz B.Lukas@mail.openvcp.org 1158676902 J * cryptronic crypt@mail.openvcp.org 1158677326 M * waldi Bertl: when do you intent to start the 2.6.18 patch cycle? 1158677343 M * DavidS phedny: it'd been cooler if the active node hadn't rebooted in the first place ... 1158677384 N * Belu_zZz Belu 1158677400 A * Belu is away (iŽll be back later...) 1158677400 N * Belu Belu_zZz 1158677445 N * Belu_zZz Belu 1158677488 A * Belu is away (iŽll be back later...) 1158677488 N * Belu Belu_zZz 1158677506 M * Bertl waldi: soon, we already had a first try (well, at least intent on my side :) 1158677714 N * Belu_zZz Belu 1158677814 J * AjAx-- hiddenserv@tor.noreply.org 1158677908 N * micah_ micah 1158678014 Q * AjAx- Ping timeout: 480 seconds 1158678022 M * Bertl welcome AjAx--! good morning Belu! hey micah! 1158678022 N * AjAx-- AjAx- 1158678036 P * Belu 1158678062 J * Belu B.Lukas@mail.openvcp.org 1158678185 Q * Belu Quit: changing servers 1158678192 J * Belu B.Lukas@mail.openvcp.org 1158678264 Q * derjohn Remote host closed the connection 1158678387 Q * AjAx- Remote host closed the connection 1158678413 J * AjAx-- hiddenserv@tor.noreply.org 1158678418 N * AjAx-- AjAx- 1158678698 J * efl ~efl@h50n1fls31o840.telia.com 1158678729 M * Bertl welcome efl! 1158679131 Q * mcp Read error: Connection reset by peer 1158679145 J * mcp ~hightower@wolk-project.de 1158679272 M * daniel_hozac Bertl: have you investigated https://savannah.nongnu.org/bugs/index.php?15508 any further? 1158679436 M * Bertl nope 1158679458 M * Bertl but maybe eyck can test and comment? 1158679506 M * Bertl I should have an 1.2.x version running somewhere too, will see if I manage to find it :) 1158679514 M * daniel_hozac hehe. 1158679529 M * daniel_hozac all my servers are too recent to even support a 2.4 kernel. 1158679547 M * Bertl well, I moved to 2.6 a long time ago too ... 1158679568 M * Bertl anyways, will there be a 0.30.211-rc for testing? 1158679584 M * daniel_hozac i was thinking about that. 1158679607 M * Bertl IMHO that would be a good choice, so that follks do not have to meddle with the svn/cvs 1158679696 M * daniel_hozac i'm still not sure how we should solve the env bug. 1158679790 M * Bertl env bug? 1158679838 M * daniel_hozac the save_ctxinfo: execv: No such file or directory if /usr/bin/env is a relative symlink to /bin/env problem. 1158679888 M * daniel_hozac (it's looking inside the guest to resolve the symlink, because we hit the root) 1158679933 M * Bertl what about making a copy of the env tool for this purpose (on an absolute but shared position)? 1158679965 M * Bertl or what about reordering the PATH? 1158679985 M * Bertl the relative link will point to the 'generic' path /bin/env no? 1158680044 M * daniel_hozac yeah, but that feels kind of evil. 1158680095 M * daniel_hozac i guess that is probably the easiest way to solve it though. 1158680099 M * Bertl btw, how do we 'hit' the root there? 1158680146 M * daniel_hozac the symlink is ../../bin/env. 1158680173 M * Bertl okay, and that clashes with the barrier, right? 1158680177 M * meandtheshell what about the "Template:" at http://linux-vserver.org/Frequently_Asked_Questions#If_I_shut_down_my_vserver_guest.2C_the_whole_Internet_interface_ethX_on_the_host_is_shut_down.__What_happened.3F - what's the idea behind it? I mean "vserver foo stop" should be it - no? 1158680188 M * daniel_hozac no, it's not the barrier. 1158680200 M * Bertl daniel_hozac: so what is the problem then? 1158680210 M * daniel_hozac for some reason (doener might know), after ../.., it's resolving it inside the guest. 1158680211 M * meandtheshell some sort of copy-paste bug? 1158680247 M * daniel_hozac meandtheshell: probably. 1158680281 M * daniel_hozac i have no idea why it's inserting those Template: thingies. 1158680292 M * meandtheshell daniel_hozac: ok - I see - I'll fix it - just wanted to be sure "derjohn" didn't have something special in mind ... 1158680416 M * Bertl daniel_hozac: ah, because of the rbind ... I see 1158680482 M * Bertl daniel_hozac: you could lstat it before execution, then 'lookup' the link manually (i.e. calc the absolute path) if it is one, and edxecute that instead? 1158680573 M * daniel_hozac Bertl: that's really ugly though. 1158680594 M * Bertl well, manually could be with the help of the libc of course 1158680606 M * Bertl just avoiding the execution via the symlink would suffice 1158680629 M * Bertl (i.e. realpath(3)) 1158680685 M * daniel_hozac hmm, will realpath work even if the file doesn't exist? 1158680700 M * Bertl probably 1158680744 M * Bertl could be that it returns ENOENT though 1158680826 M * daniel_hozac wrapping just the env test in PATH=/bin:$PATH would probably suffice... 1158680874 M * Bertl yes, but it will fail on esoteric distros putting env into /usr/bin and making /bin/env a symlink :) 1158680891 M * daniel_hozac lol, true. 1158680919 M * Bertl but we can delay that issue until one of those pops up :) 1158680980 M * Bertl s/delay/postpone/ 1158681076 J * dreamind ~dreamind@C2107.campino.wh.tu-darmstadt.de 1158681521 J * stefani ~stefani@tsipoor.banerian.org 1158681637 M * Bertl wb dreamind! hey stefani! 1158681645 M * dreamind Hi Bertl :) 1158681646 M * stefani hola 1158681661 M * dreamind hi stefani 1158681688 M * stefani Bertl: not that it is really your issue, but for the heck of it i was looking at trying to build a vmware kernel module to run in a vserver system 1158681757 M * Bertl stefani: and? issues with the pid macro? 1158681802 M * stefani the error i get is compat_wait.h:60: error: conflicting types for ‘poll_initwait’ 1158681826 M * Bertl and on a vanilla kernel you do not get that? 1158681828 M * stefani i know i could hack this, but i'm not certain i want to spend time going this route. 1158681839 M * stefani on a vanilla kernel i'm ok. 1158681848 M * Bertl same kernel version? 1158681851 M * stefani y 1158681861 M * stefani not a big deal. 1158681868 M * Bertl strange ... because we do not touch this area as far as I can remember ... 1158681892 M * stefani i could investigate more , but i'd need a spare box to work with. 1158681910 M * Bertl devel or stable release? and what kernel versions are we talking about? 1158681937 M * stefani 2.6.16 1158681964 M * stefani if i can find a spare box to test on more, 'll look at it. 1158681986 M * Bertl well, I don't think that you need a spare box for kernel compiling ... 1158682015 M * Bertl but I double checked now, we do not touch this area at all 1158682025 M * Bertl so IMHO there are three options here: 1158682032 M * stefani not to compile, but to get it off of the workstations i manage. ;) 1158682062 M * Bertl - your compiler is a newer one when you try 'now' and it fails (because of broken code in the vmware thingy) 1158682086 P * efl 1158682103 M * Bertl - some header file is included now (which actually defines the call) and this one is different to the one vmware (falsely) includes 1158682158 M * Bertl - some error happened when you tested with mainline and a newer module is required (would mean that it would fail with the same vanilla kernel version too) 1158682204 M * Bertl as we do neither touch nor modify poll_initwait() or the template, it is unlikely that the vserver patch affects this 1158682222 M * Bertl s/template/declaration/ 1158682436 M * nayco trying 2.6.17.13-vs2.1.1-rc35 ... 1158682458 M * Bertl stefani: try to google for 'poll_initwait vmware' :) 1158682504 M * stefani quite a few entries 1158682593 M * nayco Bertl: Hello ! Does vs2.1.1-rc35 include the xfs quota patches ? 1158682639 M * Bertl nayco: nope, the patches need some work and were not included yet 1158682753 M * nayco Bertl: Ok. IIRC, 2.0.2 included it, although not as complete ? 1158682781 M * Bertl nope, not the device masquerading part 1158682799 M * Bertl i.e. it will work with both versions, but not 'perfect' yet 1158682845 M * nayco Mmmm, you mean xfs quota work with 2.0.2, but I need to specify the full device path (/dev/hd...) instead of the mountpoint, right ? 1158682863 M * Bertl yep 1158682899 M * nayco Ok, I'll try this one in production for a file server. Thanks ;-) 1158682917 M * Bertl you're welcome! 1158682917 M * nayco And anyway, I'm trying 2.1.1-rc35, just to report :-) 1158682923 M * Bertl excellent! 1158683203 M * stefani Bertl: thank you once again. booting FC 5 1158683260 J * dreamind_ ~dreamind@C2107.campino.wh.tu-darmstadt.de 1158683260 Q * dreamind Read error: Connection reset by peer 1158683469 J * bonbons ~bonbons@83.222.36.111 1158683507 M * Bertl stefani: np 1158683510 M * Bertl welcome bonbons! 1158684102 M * daniel_hozac Bertl: http://people.linux-vserver.org/~dhozac/p/uv/experimental/env.patch is probably the most general fix, but it's _really_ ugly overriding autoconf's internal macros. 1158684155 M * nayco Sorry, this is off-topic, but for a couple of month (since I tryied 2.6.17 kernel with latest VS patches), shorewall wont start on my machines. Do I miss some kernel compile options, or are my iptables version incompatible with 2.6.17 ? Ie has netfilter code changed this much since 2.6.13 ? 1158684202 M * daniel_hozac nayco: it's possible you don't have the support anymore. 1158684206 M * daniel_hozac the options changed names. 1158684294 M * nayco daniel_hozac: Well, I just tried with CONFIG_NETFILTER_XTABLES=y , wich wasn't activated, but shorewall outputs the same message. 1158684304 M * nayco Do I miss another option ? 1158684311 M * Bertl yeah, most of the iptables options moved to xtables and have a different name for the iptables too 1158684331 M * Bertl double check with make menuconfig and select all the iptable related modules 1158684342 M * nayco Bertl: So, my current iptable userspace binaries are not compatible anymore with 2.6.17 ? 1158684360 M * Bertl nope, most likely your new kernel is missing certain modules 1158684370 M * Bertl (and or config options) 1158684391 M * Bertl okay, have to leave now ... will be back in the later evening ... 1158684398 N * Bertl Bertl_oO 1158684419 M * nayco Bertl: Well, by setting CONFIG_NETFILTER_XTABLES=y, menuconfig "opens" many more options, and I checked them all... But I put : I gonna try with 1158684433 M * nayco thx 1158684493 Q * nokoya Ping timeout: 480 seconds 1158684874 J * nokoya young@hi-230-82.tm.net.org.my 1158685757 J * HM2K ~HM2K@82.152.138.226 1158685859 M * nayco Still off-topic, but thank you all : I activated all the iptables options I could see (set to ), and now iptables works again. Good, now I go back to 2.0.2 and quotas ;-) 1158686117 Q * HM2K Quit: :: www.hm2k.org :: 1158686869 J * gerrit_ ~gerrit@c-67-160-146-170.hsd1.or.comcast.net 1158686937 Q * ensc Ping timeout: 480 seconds 1158688760 Q * Johnnie Read error: Connection reset by peer 1158689053 Q * gerrit_ Ping timeout: 480 seconds 1158689330 Q * coocoon Quit: KVIrc 3.2.0 'Realia' 1158690532 Q * lilalinux Quit: Leaving 1158690900 J * shedi ~siggi@inferno.lhi.is 1158691842 Q * matti Ping timeout: 480 seconds 1158691902 Q * fluor Ping timeout: 480 seconds 1158692195 J * comfrey ~comfrey@h-64-105-215-75.sttnwaho.covad.net 1158692244 J * gerrit_ ~gerrit@bi01p1.co.us.ibm.com 1158692348 J * |yang| ~yang@cpe-213-157-253-172.dynamic.amis.net 1158692363 M * |yang| my debian+vserver got hacked, all the files deleted 1158692403 M * |yang| I was running a webserver with php, if that is possible to bypass for someone to enter the system, i don't know? 1158692428 M * daniel_hozac what happened exactly? 1158692446 M * daniel_hozac what versions were you using? 1158692455 M * |yang| all i was able to see is a shell message "Die" and then everything got disconected 1158692497 M * |yang| i was using 2.6.12 kernel and vserver for that version 1158692566 M * ray6 yang: there are many php scripts out there which are vulnerable to remote execution attacks - did you have any installed? 1158692608 M * ray6 apache+php themself didn't have bad errors for quite a while, but some which get relevant together with certain scripts 1158692628 M * daniel_hozac 2.6.12 is ancient, there have been plenty of mainline vulnerabilities fixed since then. 1158692655 M * ray6 ... and after hacking the apache becoming root is relatively easy on old kernels 1158692687 M * DavidS Bertl_oO, daniel_hozac: after using umount_everywhere i tracked down a bug in my own scripts where i mounted two things on the same directory .. umounting it didn't do everything that was needed. but now it works :) 1158692709 M * DavidS 'night and thanks for the great help! 1158692713 Q * DavidS Quit: Leaving. 1158692720 M * |yang| ray6: i had moinmoin and wordpress installed...and apache+php 1158692798 M * |yang| I can still see some "bots" connected from my server 1158692801 M * |yang| and its pingable 1158692822 M * ray6 yang: do you operate the host also or are you just user of the guest? 1158692833 M * |yang| i had webserver on host 1158692948 M * daniel_hozac you had a webserver on the host? 1158693034 M * |yang| yes 1158693071 M * ray6 I guess he means his guest, yang: with "host" we refer to the whole machine which is running multiple vservers, do you operate that yourself or are you only using one vserver there? 1158693098 M * |yang| yes on main server 1158693100 M * |yang| on host 1158693111 M * |yang| i had webservers there 1158693141 M * ray6 ah OK, those are of course additional attack vectors - but I expect then the whole system would be erased not just the vserver... 1158693164 M * |yang| but... 1158693178 M * |yang| if the php bugs are exploitable why are they in the debian tree 1158693186 M * ray6 possibly someone got in through wordpress or something, then elevated to root using a kernel or some other old software bug... 1158693192 M * |yang| i was running debian testing 1158693226 M * |yang| this really sucks, and i didnt manage to make any backups for the websites 1158693230 M * ray6 most of these bugs are not PHP bugs themselves but affect poorly written scripts 1158693284 J * matti matti@linux.gentoo.pl 1158693297 M * ray6 I get over 50 posts regarding wordpress on bugtraq in my archive, wordpress <2.0.3 for example allows arbitrary command execution 1158693312 M * daniel_hozac |yang|: well, there's a reason you should never ever run services on the host... 1158693318 M * daniel_hozac |yang|: and do proper backups :) 1158693337 M * |yang| sigh :/ 1158693355 M * ray6 yang: ext2 undelete is possible but it's a pain in the ass and usually doesn't give good results 1158693431 M * |yang| well the server is in the co-location i cant do much now 1158693440 M * |yang| different country 1158693454 M * ray6 yang: but it's just one guest which is hacked isn't it? 1158693461 M * ray6 or is the whole host erased? 1158693476 M * |yang| its a host which was hacked, the webserver was on host 1158693509 M * ray6 yang: ah... so it doesn't really have anything to do with vserver? :) 1158693531 M * ray6 except for that it would have been a good idea to run the apache inside a vserver 1158693539 M * ray6 that's what they're for :) 1158693620 M * |yang| it was an IRC script kiddie thing, becouse i hosted some on guests 1158693666 M * ray6 so why didn't you put your own stuff into a guest also? 1158693683 M * ray6 ah it's so easy to give good advice afterwards, I know :) 1158693744 M * |yang| well if they can rescue something at the ISP it would be nice 1158693750 M * |yang| if he didn't do rm -rf / 1158693769 M * |yang| I just thought wordpress isn't hackable 1158693798 Q * transacid Quit: reboot 1158694356 J * maks ~max@baikonur.stro.at 1158694545 M * ray6 yang: ah you're not sure if everything's erased? 1158694555 P * maks bella ciao 1158694631 M * ray6 yang: wordpress not hackable? Just look for example at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2667 there you have direct php code execution... 1158694634 J * _are_ are@dslb-088-064-125-150.pools.arcor-ip.net 1158694645 J * transacid ~transacid@transacid.de 1158694803 M * |yang| piece of crap 1158695017 J * samuel_ ~samuel@jupe.quebectelephone.com 1158695019 M * samuel_ hello 1158695089 J * Johnnie ~jdlewis@jdlewis.org 1158695349 M * daniel_hozac hi 1158695949 M * _are_ hi 1158696528 Q * bonbons Quit: Leaving 1158696783 M * nayco Bertl_oO: Ok, confirmed, XFS disk quotas work with 2.0.2.1 (still only when using the device name - /dev/hdv2 for example) but great ! 1158696827 M * nayco Now they gonna learn not to fill my hard disk. Disk space is too much for them ! (c)BOFH 1158696951 J * yarihm ~yarihm@84-75-123-221.dclient.hispeed.ch 1158697322 M * essobi_ hehe 1158697853 J * FireEgl FireEgl@Sebastian.Atlantica.US 1158700486 J * Aiken ~james@tooax8-095.dialup.optusnet.com.au 1158700607 P * stefani I'm Parting (the water) 1158700764 Q * dreamind_ Quit: dreamind_ 1158702342 Q * meandtheshell Quit: exit (0); 1158702424 M * doener daniel_hozac: btw, I wonder if a working rbind might have more bad side effects than the plain bind we have now 1158702617 Q * mire Quit: Leaving 1158702900 Q * FireEgl Ping timeout: 480 seconds 1158702999 Q * Piet Quit: :tiuQ 1158703288 J * nayco_ ~nayco@lns-bzn-59-82-252-184-45.adsl.proxad.net 1158703305 Q * nayco_ 1158703608 J * fluor ~fluor@tanneries.squat.net 1158703666 Q * comfrey Ping timeout: 480 seconds 1158704240 J * comfrey ~comfrey@h-64-105-215-75.sttnwaho.covad.net 1158704240 Q * _are_ Read error: Connection reset by peer 1158704730 A * Belu is away (iŽll be back later...) 1158704731 N * Belu Belu_zZz 1158705331 M * |yang| Is it possible that abuser can gain access to host from the guest with an exploit? 1158705339 M * |yang| and shutdown the machine 1158705414 M * waldi yes, if there are bugs 1158705458 M * |yang| becouse i am giving guests to third party people, which can add abusers 1158705776 M * |yang| also, is it treated differently if you run different distribution of linux on guests...I had one gentoo and one debian, i think they managed to get inside over gentoo 1158705837 M * doener the distro is only relevant WRT the time it takes for updated packages to appear after a security problem was found 1158705872 M * |yang| becouse i am unable to track what goes on in guests and how they are maintained 1158705915 M * |yang| but maybe it's just better to have all guests with debian if host is also debian? 1158705933 M * doener that makes it important to maintain the host properly, ie. update the kernel if there are security problems, so that an attacker is kept within the guest 1158705944 M * |yang| yes 1158705975 M * |yang| well i was still running 2.6.12, i had some issues with 2.6.17 it died soon after bootup... 1158706079 M * waldi ups 1158708559 Q * dna_ Quit: Verlassend 1158708911 J * AjAx-- hiddenserv@tor.noreply.org 1158709214 Q * AjAx- Ping timeout: 480 seconds 1158709232 N * AjAx-- AjAx- 1158709947 J * FireEgl FireEgl@Sebastian.Atlantica.US