1158796815 M * Bertl okay, I'm off to bed now ... have a good one everyone!
1158796823 N * Bertl Bertl_zZ
1158796924 J * marcfiu ~mef@targe.CS.Princeton.EDU
1158796928 P * marcfiu 
1158804191 Q * gerrit_ Ping timeout: 480 seconds
1158804547 Q * bronson Ping timeout: 480 seconds
1158808850 M * essobi_ WEEE!
1158810182 M * Radiance is it possible that when a vserver is set to autostart but networking of the host starts later that this could freeze the boot ?
1158810861 M * bazkie does your vserver depend on the availability of networking?
1158811724 Q * _node 
1158812566 Q * bazkie Read error: Connection reset by peer
1158815735 J * bronson ~bronson@c-71-198-75-160.hsd1.ca.comcast.net
1158816727 Q * Nei Read error: Connection reset by peer
1158818916 Q * cdrx Ping timeout: 480 seconds
1158819135 J * robig ~robig@154.250.80.212.static.versanetonline.de
1158819148 M * robig hi
1158819247 M * daniel_hozac hello
1158819297 M * robig I still have the problem, that my linux environment has no /proc/sys directory... :-S
1158819427 M * daniel_hozac what kernel are you using?
1158819527 M * robig 2.6.17.13
1158819859 Q * s0undt3ch Ping timeout: 480 seconds
1158820057 M * daniel_hozac and you had CONFIG_SYSCTL enabled, yes?
1158820105 M * robig yes
1158820139 M * daniel_hozac do you have some really weird/broken vprocunhide?
1158820179 M * robig what is vprocunhide?
1158820210 M * robig I have simply downloaded the latest vserver patch and the releated kernel.
1158820231 M * daniel_hozac what patch is that?
1158820291 M * daniel_hozac so you haven't downloaded any utils?
1158820522 J * s0undt3ch ~s0undt3ch@bl7-246-193.dsl.telepac.pt
1158820527 M * robig sure. I've tried the util-vserver from dapper
1158820544 M * robig and also the latest from linux-vserver.org
1158820592 M * robig I used: patch-2.6.17.13-vs2.0.2.1.diff
1158820617 M * daniel_hozac have you used setattr at all?
1158820687 M * robig what is this?
1158820783 M * daniel_hozac the program that lets you hide proc entries?
1158820796 M * daniel_hozac (among other things)
1158820947 M * robig I've simply installed a ubuntu dapper in a vmware vm, and installed there a vserver-compatible kernel. the vserver in the vm is for testing software functions, I don't want to test on the real host.
1158820999 M * daniel_hozac do you have other files in /proc? like /proc/virtual/?
1158821040 M * robig yes
1158821050 M * robig /proc/virtual exists
1158821055 M * robig and many others
1158822052 J * dna_ ~naucki@75-205-dsl.kielnet.net
1158822055 M * robig no idea anymore..?
1158822228 M * daniel_hozac have you tried booting to single user mode and check for /proc/sys then?
1158822294 M * |yang| is this a good selection of uti-vserver ? http://backports.org/debian/pool/main/u/util-vserver/util-vserver_0.30.210-8bpo2_i386.deb
1158822426 M * robig no. I'm rebuilding my kernel now.. after testing that, ill test the singleuser mode.
1158822439 M * daniel_hozac probably, if it's the latest :)
1158822933 J * cdrx ~legoater@242.32.96-84.rev.gaoland.net
1158823035 J * Borg- ~borg@217.97.139.162
1158823036 M * robig ok, its now just right there.. :)
1158823502 M * |yang| I am wondering if my server will reboot with the new kernel, without "initrd" option, the previous was "initrd" ...?
1158823594 M * |yang| and i guess there is no other tool to test if it works than reboot the whole thing
1158824043 Q * Aiken Ping timeout: 480 seconds
1158824777 J * coocoon ~coocoon@p54A078F6.dip.t-dialin.net
1158824825 M * coocoon morning
1158824933 J * id23 ~id@p508129BF.dip0.t-ipconnect.de
1158825014 M * Borg- FUCK
1158825018 M * Borg- this start to pissing me off :/
1158825029 M * Borg- checking for vconfig... no
1158825030 M * Borg- configure: error:
1158825087 M * coocoon bogus: more patient please rom wasn't build at one day ;-)
1158825096 J * lilalinux ~plasma@dslb-084-058-199-027.pools.arcor-ip.net
1158825120 M * coocoon bogus: sorry i meant Borg-
1158825142 Q * michal` Ping timeout: 480 seconds
1158825155 M * Borg- coocoon: true.. but util-vserver really lack good readme :/
1158825209 M * coocoon Borg-: u have used testme.sh to check whether everything works fine ?
1158825254 M * Borg- [root@titanium] find . -name "testme.sh"
1158825254 M * Borg- [root@titanium] pwd
1158825254 M * Borg- /home/root/src/util-vserver-0.30.210
1158825255 M * Borg- hm?
1158825322 M * coocoon Borg-: mom
1158825357 M * robig you can find testme.sh in the wii
1158825359 M * robig wiki
1158825370 M * Borg- okey.. let see.
1158825401 J * michal` ~michal@www.rsbac.org
1158825416 M * robig http://linux-vserver.org/Frequently_Asked_Questions_scratch#How_to_verify_that_a_setup_is_working_properly.3F
1158825424 M * Borg- thx
1158825451 M * coocoon robig: thanx too must get to know new wiki, tales longer ;-)
1158825533 M * coocoon +takes
1158825695 M * coocoon Borg-: here are all scripts available http://vserver.13thfloor.at/Stuff/SCRIPT/
1158825742 M * Borg- [root@titanium] ./testme.sh
1158825742 M * Borg- -d option is not supported under Linux.
1158825742 M * Borg- Linux-VServer Test [V0.16] Copyright (C) 2003-2006 H.Poetzl
1158825743 M * Borg- utility 'vserver' could not be found.
1158825753 M * Borg- so before I can use this I have to install util-vserver?
1158825785 M * coocoon Borg-: for sure ;-)
1158825878 M * coocoon Borg-: this is very helpful i think http://oldwiki.linux-vserver.org/Step-by-Step+Guide+2.6
1158825927 M * Borg- ufff finaly
1158825989 M * Borg- requirements for util-vserver: nameif (net-tools), ip (iproute2), iptables, vconfig (vlan)
1158826012 M * coocoon Borg-: which distro are u using?
1158826043 M * Borg- coocoon: the ancient one ;]
1158826063 Q * mire_ Quit: Leaving
1158826197 M * coocoon Borg-: debian
1158826199 M * coocoon ?
1158826208 M * Borg- hehe nah ;)
1158826214 M * Borg- Slackware-9.1
1158826272 M * Borg- FAIL: src/testsuite/vunify-test.sh
1158826279 M * coocoon Borg-: maybe also helpful after step by step guide http://oldwiki.linux-vserver.org/SlackwareVserverHowto
1158826279 M * Borg- FAIL: lib_internal/testsuite/copy-check
1158826283 M * Borg- is that bad?
1158826333 M * coocoon Borg-: all test scripts should be used after installing util-vserver successfully
1158826643 M * Borg- hmm okey.. let see what those 2 scripts do
1158826877 M * Borg- hmm
1158826899 M * Borg- hmm all test went ok.. except one
1158826903 M * Borg- ./testme.sh: line 208: 16#VCISyscall: value too great for base (error token is "16#VCISyscall")
1158826906 M * Borg- any clues?
1158827022 M * coocoon Borg-: could u paste testme.sh output here please http://paste.linux-vserver.org/
1158827123 M * Borg- http://paste.linux-vserver.org/385
1158827366 J * wanagi ~wanagi@212.72.210.4
1158827418 M * coocoon Borg-: i dunno this error other things are looking good, and the error message which u have posted before <Borg-> checking for vconfig... no, does appear when
1158827428 M * wanagi hi all, i am trying to mount a filesystem within a ve using loopback device. but there is none. does anyone have a clue if / how it is possible to add a loopback device to a ve?
1158827448 M * Borg- coocoon: I installed vconfig too.. ./configure went ok
1158827474 M * coocoon Borg-: oh aha maybe daniel_hozac can help dunmno if he is here
1158827479 M * coocoon maybe later ;-)
1158827484 M * Borg- make check failed a bit in 2 things I paste above (vunify-test.sh and copy-check)
1158827522 M * coocoon Borg-: u wanna vunify ur guests
1158827630 Q * bronson Ping timeout: 480 seconds
1158827739 M * coocoon wanagi: maybe here u will find the answer http://wiki.linux-vserver.org/Frequently_Asked_Questions_scratch --> #127.0.0.1 issues
1158827807 M * Borg- oki..thx :) lets try to create my first vserver then ;) t
1158827997 M * wanagi coocoon: thats it...thanks a lot
1158828259 Q * wanagi Quit: Leaving
1158828854 M * |yang| Is vserver more affected to hacking if I run different linux distributions inside a guest?
1158828997 M * |yang| or is it better to keep the same version as the host has?
1158829002 M * |yang| the same distro
1158829123 M * robig im running ubuntu on the host and have also some debian guests.. works fine 
1158829151 M * robig but don't know anything about security, because them all administrated by myself :)
1158830070 J * spq_ ~spq@dslb-084-063-045-233.pools.arcor-ip.net
1158830106 M * spq_ hi, how can i give my guests a localhost ip? (127.0.0.1)
1158830446 M * robig echo '127.0.0.1' > /etc/vservers/VS/interfaces/0/ip
1158830467 M * robig but take a look at the wiki about localhost issues
1158830713 M * spq_ which wiki? old or new?
1158830888 M * robig new one
1158830901 M * robig use the search function ;)
1158831341 Q * coocoon Quit: KVIrc 3.2.0 'Realia'
1158831533 J * mire ~mire@60-167-222-85.COOL.ADSL.VLine.Verat.NET
1158831630 Q * mire Remote host closed the connection
1158831754 J * coocoon ~coocoon@p54A0658F.dip.t-dialin.net
1158831765 N * nokoya nokie
1158831886 Q * cdrx Ping timeout: 480 seconds
1158831969 J * shedi ~siggi@dsl-149-109-85.hive.is
1158832026 J * mire ~mire@60-167-222-85.COOL.ADSL.VLine.Verat.NET
1158833641 M * Borg- argh
1158833646 M * Borg- /usr/sbin/newvserver <- I dont have this one.
1158833649 M * Borg- wtf..
1158833785 M * anonc hi all. has anyone had success getting nfsv3 (solaris-style) acls working inside a vserver. ie linux vserver mounting nfsv3 share from solaris server and being able to use acls on that filesystem? with the appropriate kernel options enabled acls work on the nfs share when mounted outside the vserver, but not when inside...
1158833964 N * Bertl_zZ Bertl
1158833969 M * Bertl morning folks!
1158833973 M * Borg- anyone can give me some /etc/vservers/ conf files?
1158833981 M * derjohn Bertl, moin!
1158833991 M * Borg- for util-vserver-0.30.210
1158833994 M * anonc morning bertl!
1158833994 M * Bertl robig: you should avoid assigning/adding 127.0.0.1 to guests
1158834017 M * Bertl Borg-: newvserver is _not_ part of the tools, actually there is no need for it
1158834030 M * Bertl Borg-: the tools create the config tree for you
1158834041 M * Borg- Bertl: so how I can setup vserver then? I dont get it really ;/
1158834065 M * Borg- there must be an user-land thing 
1158834069 M * Bertl Borg-: http://oldwiki.linux-vserver.org/alpha+util-vserver
1158834082 M * Borg- like iptables.. there is an kernel filter.. but you manage it via iptables tool
1158834098 M * Bertl check out the guest creation part, the magic command is 'vserver'
1158834134 M * Bertl if you already have the guest filesystem, create a skeleton guest
1158834193 M * Bertl anonc: sounds strange, we do not touch the acls, I suspect your solaris side acl stuff is broken or misconfigured (maybe NFS xid tagging is enabled?)
1158834278 M * derjohn Bertl,did you progress in 2.6.18 stuff?
1158834308 M * anonc Bertl: its setfacl that fails with 'Operation not permitted' - getfacl works fine. nfs xid tagging is off. this is only on the nfsmounted filesystem inside the guest. the 'local' filesystem inside the guest works with acls just fine.
1158834325 M * Bertl derjohn: a test version is out (for stable)
1158834331 M * Bertl derjohn: i.e. start testing :)
1158834352 M * Bertl anonc: well, probably requires a special cap?
1158834355 M * derjohn Bertl, ah, the 'ps crash' is solved. fine! great work !
1158834389 M * Bertl derjohn: yeah, was my being too conservative on the first version :)
1158834400 M * anonc Bertl: and using that same share outside the guest (but on the same host) and the acls work fine - so i'm also thinking its a cap issue
1158834405 M * derjohn Bertl, /me cannot test (stable) as ccap stuff's not in
1158834418 J * seeker ~manu_unni@61.247.254.3
1158834427 M * Bertl welcome seeker!
1158834436 M * seeker thanks
1158834442 M * derjohn Bertl, but I wait for devil version .... =D
1158834453 M * Bertl derjohn: well, devel will be rebased on that, so it will have to wait for some stable feedback ...
1158834474 M * Borg- okey.. rebuilding util-vserver :/
1158834493 M * Bertl hmm, rebuilding?
1158834511 M * Borg- ./configure --sysconfdir=/etc --with-vrootdir=/home/vservers
1158834516 M * Borg- default is /vservers
1158834542 M * anonc Bertl: but whatever this cap is its limited to nfs filesystems since it works fine on the local filesystem inside the vserver
1158834843 P * seeker Kopete 0.9.1 : http://kopete.kde.org
1158834935 M * Bertl anonc: could be anything ... but, just out of curiousity, where did you mount that nfs filesystem from?
1158835031 M * |yang| Bertl: that SGI Indigo still waits for you...Maybe you can compile vserver patches on it, I don't know how to configure mips kernel correctly.
1158835068 M * Bertl |yang|: yeah, last time I asked if you (your friend?) managed to install linux on it?
1158835108 M * anonc Bertl: solaris 9 sparc. I'm testing now with linux linux
1158835116 M * |yang| Bertl: it runs debian sid now, with the default debian kernel, but for compilation of own kernel some cross compiling is needed as i was told...
1158835136 M * Bertl |yang|: thing is, I have one sitting in my basement too, but last time I checked, it was not supported ...
1158835177 M * Bertl |yang|: your's is the one which was sitting on the ironing board, right? (well, an identical one :)
1158835198 M * |yang| it's an indigo 2
1158835211 M * |yang| nope, that wasn't mine
1158835249 M * anonc Bertl: same result with linux nfs server
1158835259 M * Bertl |yang|: ah, okay, so 4400 or R10000 arch?
1158835276 M * anonc Bertl: would strace output be of any help in this?
1158835300 M * Bertl anonc: what I meant was, did you mount the nfs from the guest or the host?
1158835325 M * Bertl |yang|: http://www.accurateit.com/images/items/indigo2red_1.jpg
1158835326 M * |yang| cpu model               : R4400SC V6.0  FPU V0.0
1158835329 M * harry Bertl: ?
1158835353 M * Bertl |yang|: ah, so an older one, yeah, that would be great! i.e. it should work ...
1158835375 M * |yang| Bertl: it's identical, but in green colour :)
1158835392 M * Borg- okey..
1158835397 M * |yang| Bertl: do you still have the login to it?
1158835415 M * Bertl |yang|: probably not
1158835417 M * Borg- could anyone please paste me his ls -l /etc/vservers/anything and cat /etc/vservers/anything.conf ?
1158835456 M * Bertl Borg-: why would you want to see a config tree?
1158835503 M * anonc Bertl: the nfs mount is in the /etc/vservers//fstab file
1158835536 M * Bertl Borg-: http://paste.linux-vserver.org/386
1158835541 M * anonc Bertl: grr /etc/vserver/vserver_name/fstab
1158835616 M * Bertl ah, try the fstab.remote
1158835619 M * Borg- Bertl: thx.. vtest.conf too please
1158835626 M * Borg- Bertl: because I have troubles setting vserver :/
1158835628 M * Bertl Borg-: there is none
1158835648 M * Bertl Borg-: the .conf is the legacy config used a few years ago
1158835670 M * Bertl Borg-: and once again, the tools write that config tree for you
1158835671 M * Borg- heh.. then im reading outdated docs :/
1158835719 M * Bertl probably, why not read the doc I pasted you :)
1158835744 M * Borg- Bertl: I have few docs/wikis opens..im not sure now with one is right ;)
1158835770 J * AjAx-- hiddenserv@tor.noreply.org
1158835777 M * Bertl anonc: the thing is, with fstab, you basically mounted the nfs from the host ip, then you switch into the restricted guest, which loses all permissions
1158835797 M * Bertl anonc: with fstab.remote it is mounted from the guest network context
1158835851 M * waldi hmm, is 2.0.2.1-t4 working already?
1158835980 M * Bertl yup, supposed to
1158835988 M * Bertl i.e. it passed all my tests so far
1158836024 M * Bertl waldi: will run it through PLM and test on other archs shortly
1158836042 M * Bertl waldi: of course, feedback is appreciated
1158836092 M * waldi okay, I'll add it to the debian package
1158836256 M * Bertl would appreciate that :)
1158836315 M * Borg- http://paste.linux-vserver.org/387
1158836327 M * Borg- okey.. Im fed up.. im going for newest Debian and do all w/ apt-get
1158836639 M * |yang| Borg-: I have a fresh .config if you need to compile the debian-kernel
1158836677 M * Borg- |yang|: no thx. kernel is not a problem here.. userland tools are..
1158836684 M * Borg- and im not a big fan of debian tho ;/
1158836698 M * Borg- but seems I dont have an choice.. 
1158836699 M * |yang| Borg-: you are running sarge or etch?
1158836712 M * Borg- for now old Slackware-9.1 w/ 2.6.17.13
1158836721 M * Borg- but im going for newest Debian 3.1rc3
1158836773 M * |yang| Borg-: ah ok...if you will install sarge, there are backports.org for util-vserver package
1158836784 M * |yang| and etch allready has the newest inside i think
1158836790 M * Borg- yeah :) I hope they will work instantly
1158836808 M * |yang| Borg-: but you will still need to compile your own kernel for debian
1158836823 M * spq_ how can i give my guests a localhost ip? (127.0.0.1)
1158836857 M * |yang| spq_: I think that you should use 192.168.1.0/24
1158836872 M * spq_ why?
1158836873 M * waldi |yang|: pardon, this is wrong
1158836893 M * Bertl waldi: what's the simplest way to compile a 64bit mips kernel on 32bit mips userspace?
1158836905 M * Bertl waldi: (debian of course)
1158836909 M * waldi Bertl: the kernel build environment should handle that themsefl
1158836922 M * waldi and the mips compiler should support 64bit binaries
1158836925 M * |yang| spq_: so that you could connect to an ip from your LAN, you cannot ssh from other machines onto 127.0.0.1
1158836966 M * Bertl waldi: ah, so an ARCH=mips64 would suffice for manual builds?
1158836977 M * spq_ yang, i want the guests to have a localhost, not a lan-wide accessible ip
1158836997 M * waldi Bertl: no, newer kernels don't have mips64 as architecture, it is called mips
1158836998 M * |yang| spq_: I don't know then
1158837034 M * waldi Bertl: the definition of 32 vs 64bit is done in the config
1158837042 M * Bertl waldi: ah, i.c.
1158837065 M * Bertl waldi: do you by any chance know if the Indigo 2 R4400 can boot a 32bit kernel too?
1158837075 M * waldi ask ths
1158837087 M * waldi but I doubt so
1158837088 J * utonto00 ~utonto00@213.188.216.142
1158837096 M * Bertl welcome utonto00!
1158837101 Q * utonto00 
1158837115 M * Bertl scared him/her away :)
1158837126 J * utonto00 ~utonto00@213.188.216.142
1158837141 M * Bertl ah, no, wb utonto00!
1158837158 M * utonto00 hi
1158837169 M * waldi Bertl: it does
1158837171 M * waldi         select CPU_SUPPORTS_32BIT_KERNEL
1158837171 M * waldi         select CPU_SUPPORTS_64BIT_KERNEL
1158837198 M * waldi and the system supports it also
1158837199 M * Bertl ah, great so we can test both versions then, including the compat32
1158837210 Q * AjAx-- Ping timeout: 480 seconds
1158837392 P * utonto00 
1158837408 M * anonc Bertl: ok - I'm not going to grant mount ccaps to the vservers so I think I'll find a way to achieve what I want on the server side. thanks for the explanation.
1158837439 M * Bertl anonc: the fstab.remote does not need special caps
1158837493 M * anonc Bertl: would it need rpc.portmap and rpc.lockd running inside the vserver?
1158837513 M * Bertl no, just proper permission (on the server) for the guest ip
1158837579 J * Nei ~ailin@userv2.informatik.uni-leipzig.de
1158837591 M * Nei mo'in'
1158837655 M * Bertl hey Nei!
1158837728 M * anonc Bertl: same problem occurs - setfacl -m u:sshd:rw blah -> 'setfacl: blah: Operation not permitted'
1158837740 M * Nei what do I need to do to pureftpd so it works in a vserver?
1158837775 M * Bertl anonc: do you permit it for the guest ip? (on the server)
1158837799 M * Bertl anonc: I assume it requires root=@<ip>/32 or even more :)
1158837815 M * Nei irc is great, whenever you write down your question you find the solution :> ./configure --without-capabilities 
1158837841 M * anonc Bertl: for the sake of testing: /etc/exports => /exports *(rw,fsid=0,insecure,no_subtree_check,no_root_squash,sync)
1158837875 M * Bertl anonc: didn't you use a solaris box as server?
1158837919 Q * ComplexMind Quit: Konversation terminated!
1158837920 M * Bertl anyway, let's give strace -fF a spin on the command
1158837939 M * anonc Bertl: that's production so I can't fiddle with that one. the above is the line from my linux nfs server which uses the same nfsv3 acl protocol and produces the same behavious in the guest (that of operation not permitted)
1158837957 M * Bertl anonc: that's a good start actually
1158837970 M * Bertl i.e. on linux we can debug on both sides :)
1158838003 Q * transacid Quit: Lost terminal
1158838077 M * |yang| now I have one problem, I am trying to install myswl-server on my guest and it fails, syslog says Can't start server: Bind on TCP/IP port: Address already in us...becouse i have mysql on host allready
1158838113 M * anonc Bertl: http://paste.linux-vserver.org/388
1158838248 M * Bertl |yang|: yep, restrict the host's mysql to host only ips
1158838257 M * Bertl |yang|: or alternatively use a different port
1158838283 M * glut Bertl: second one I like more
1158838297 M * glut Bertl: I had just the same issue yesterday on debian Sarge
1158838329 M * Bertl yeah, thing is, most folks have all kind of stuff running on the host system
1158838346 M * Bertl while it would be much better (read: advised) to limit the host to a minimum
1158838370 M * Bertl anonc: kernel version is?
1158838371 M * glut and, as it was in my case, I coulnd't bind mysql running in main to one IP only
1158838391 J * transacid ~transacid@transacid.de
1158838396 M * Bertl glut: if all else fails, you can do so with chbind :)
1158838401 M * Bertl welcome transacid!
1158838406 M * anonc Bertl: 2.6.17.11-vs2.1.1-rc31-amd64 #2 SMP PREEMPT on both nodes
1158838448 M * doener Bertl: ok, all failed hunks but base.c done...
1158838456 M * transacid hey Bertl 
1158838468 M * doener maybe I'll get this done today...
1158838477 M * transacid my irssi-screen locked :(
1158838483 M * Bertl doener: good, once you're done, please double check
1158838510 Q * ||Cobra|| Read error: Connection reset by peer
1158838515 M * Bertl transacid: I managed to do so too (at some point) but you can unlockit by force-detaching and reattaching
1158838567 M * transacid Bertl: i mean not locked in sense of passwd request, but it just didn't react anymore
1158838581 M * Bertl transacid: yeah, that's what I meant
1158838607 M * transacid Bertl: the other screen winows did work so i just think irssi hung up
1158838648 M * transacid happens every few month
1158838672 M * Bertl yes, it is something like this, but as I said, you get it back if you detach and reattach, probably sends some winchg signal or so
1158838674 M * mnemoc transacid: i have seen that precise case quite a few times (more than once per day on some machines), without any solution yet
1158838727 M * transacid mnemoc: gladly happens just every few month to me
1158838738 M * mnemoc lucky you :)
1158838745 M * transacid ok i need to get back to work
1158838749 M * transacid have a nice day
1158838844 M * Bertl u2!
1158838850 M * transacid thx
1158838882 J * ||Cobra|| ~cob@pc-csa01.science.uva.nl
1158838951 M * Bertl welcome ||Cobra||!
1158838969 M * ||Cobra|| hi Bertl 
1158839028 M * anonc Bertl: here's an strace of a successful setattr done on the host (nfs mounting /mnt from the other node) rather than the guest: http://paste.linux-vserver.org/389
1158839082 M * Bertl anonc: the previous one is a file, yeah?
1158839119 M * anonc Bertl: you mean the setattr command is being run against a file? yes.
1158839154 M * anonc same command in both cases - just one done inside a guest and the other done outside.
1158839203 M * Bertl and it's nfsv3, right?
1158839252 M * anonc Bertl: dammit - blah is a directory - my bad. let me do this again from scratch. sorry. and yes its nfsv3, tcp
1158839357 M * Bertl hmm, I do not see an EPERM in the path, except for the server response
1158839373 M * Bertl can you enable certain debug options in the kernel (will require a recompile)
1158839449 Q * MrX Read error: Connection reset by peer
1158839682 M * Bertl mnemoc: if you get it really often (on those specific machines) could you attach with strace once it locked up?
1158839697 M * Bertl mnemoc: I would be interested in tracking that one down ...
1158839730 M * mnemoc Bertl: it's not on mine, but i'll ask him the next time he starts bashing :)
1158839739 M * Bertl (or ltrace if strace is not conclusive)
1158839816 M * anonc Bertl: inside the guest: http://paste.linux-vserver.org/390
1158839828 M * anonc Bertl: outside the guest: http://paste.linux-vserver.org/391
1158839846 M * anonc the file being operated on is called 'this_is_a_file'
1158840068 M * Bertl anonc: what does 'sysctl -a | grep nfs' output on server and client?
1158840312 M * anonc Bertl: http://paste.linux-vserver.org/392
1158840377 M * Bertl ah, good, so we have debug support compiled in
1158840389 M * Bertl thus we can enable debugging with a sysctl command :)
1158840440 M * anonc that's good since these particular servers are also sortof production - i'd need to build up a couple of pure testboxes if we need to delve into recompiles and reboots...
1158840441 M * Bertl let's try the following (slightly excessive) commands on the client (but maybe make sure that you do not ahve too many nfs actions going on)
1158840477 M * anonc both boxes are quad opterons so hopefully there'll be enough cpu to get by...
1158840497 M * Bertl 'sysctl -w sunrpc.nfs_debug=65535 ; sysctl -w sunrpc.rpc_debug=65535'
1158840514 M * Bertl it will certainly flood your log
1158840530 M * Bertl keep a shell with the following commands at hand
1158840544 M * Bertl sysctl -w sunrpc.nfs_debug=0 ; sysctl -w sunrpc.rpc_debug=0'
1158840562 M * Bertl without the single quota
1158840564 M * Bertl *quote
1158840687 M * anonc ok - and you want me to run that setattr command again?
1158841499 M * Bertl yep, after the debug=65535 commands
1158841597 M * anonc Bertl: debugging info when setfacl is run (unsuccessfully) inside the guest: http://paste.linux-vserver.org/393
1158841966 M * anonc Bertl: debugging when setfacl is run (successfully) outside the guest: http://paste.linux-vserver.org/394
1158842009 M * Bertl hmm, why udp is used?
1158842068 M * Bertl anyways, it's the server denying the request
1158842077 M * Bertl Sep 21 21:54:00 [kernel] NFS reply setacl: -1  
1158842115 M * Bertl i.e. we need to get a debug log from the server to figure what's going on
1158842142 M * Bertl on the server side, you need to do: sysctl -w sunrpc.nfsd_debug=65535
1158842165 M * Bertl (not the nfs_d_ isntead of nfs, we still want the rpc too)
1158842168 M * Bertl *note
1158842178 M * anonc Bertl: grr - its was udp on solaris - linux linux has decided to default to udp - you want me to force a tcp mount and run those commands again or just proceed with the udp mounts
1158842180 M * anonc ?
1158842210 M * Bertl well, tcp testrun would be nice
1158842215 M * Bertl (just to make sure)
1158842229 M * anonc ok - i'll redo it with tcp - sorry about this
1158842230 M * Bertl but no debugging required
1158842245 M * Bertl just verify that it fails for tcp too
1158842440 M * anonc ok - exact same mount options for the guest and the host mount - the guest fails with setfacl, the host succeeds
1158842521 M * Bertl okay, let's get a debug trace for the server now
1158842545 M * Bertl (well, two of them, one for the failing call and another for the succeeding one)
1158842692 M * anonc i should point out that the guest interface is configured as nodev, sharing the same ip as the host
1158842708 M * Bertl interesting ...
1158842932 M * anonc setfacl inside the guest: http://paste.linux-vserver.org/395
1158842945 M * anonc setfacl outside the guest: http://paste.linux-vserver.org/396
1158843136 M * daniel_hozac are you sure? the first one looks more like getfacl to me.
1158843217 M * daniel_hozac i don't see setattr in either of those traces.
1158843247 M * doener hm, lots of .orig files but no .rej? do fuzz/offsets also cause .orig to be generated?
1158843253 M * daniel_hozac yes.
1158843302 M * doener funny, never noticed
1158843362 M * doener anyway, sorting out the differences between bertl's and my patch now
1158843495 M * Bertl anonc: I don't see a setfacl either ...
1158843529 M * anonc daniel_hozac: definately a setfacl...i'll past the terminal output to pastebin
1158843534 M * anonc for another run
1158843556 M * daniel_hozac anonc: i guess you might have to remove the old ACLs on the file.
1158843575 M * anonc i'll remove the file between runs
1158843582 M * daniel_hozac even better.
1158843933 M * Bertl okay, have to leave now .. will be back in an hour or so ...
1158843947 N * Bertl Bertl_oO
1158844251 N * spq_ spq
1158844259 N * spq _spq
1158844261 M * anonc daniel_hozac: i was getting bitten by a) syslog rotation b) async syslog. chased those down and the debug is much longer...
1158844283 M * daniel_hozac hehe, cool.
1158844315 M * anonc ok. right - here's the latest attempt for the failed setfacl inside the guest: http://paste.linux-vserver.org/397
1158844368 M * daniel_hozac that is a lot longer..
1158844384 M * daniel_hozac hmm, where's the server trace?
1158844393 M * daniel_hozac too long for the pastebin?
1158844400 M * anonc argh!
1158844434 M * anonc that's not even the complete client trace - just a sec
1158844449 M * _spq hm, whats the best method to give the guests a lo interface  and the ip 127.0.0.1 ?
1158844494 M * daniel_hozac _spq: you don't want to do that at all.
1158844502 M * _spq why not?
1158844512 M * daniel_hozac because there is only one 127.0.0.1.
1158844516 M * daniel_hozac (for now)
1158844525 M * _spq so this is currently not implemented?
1158844526 M * _spq ok
1158844535 M * daniel_hozac and thus guests would be interfering with eachother when they bind something.
1158844542 M * _spq yea
1158844544 M * _spq right
1158844560 M * _spq what about 127.0.0.x with 32 netmask?
1158844592 M * daniel_hozac should work, but i don't see the difference from 192.168.x.y.
1158844606 M * _spq hm
1158844624 M * _spq i dont want the guests localhost adress be accessible by any other host
1158844665 M * daniel_hozac so drop the traffic with iptables?
1158844674 M * _spq ok
1158844703 M * _spq but then why not use 127...
1158844805 M * anonc http://www.users.on.net/~anonc/.traces/guest_failed_setfacl_client_trace.txt and http://www.users.on.net/~anonc/.traces/guest_failed_setfacl_server_trace.txt
1158844897 Q * mire Ping timeout: 480 seconds
1158844966 J * mire ~mire@95-167-222-85.COOL.ADSL.VLine.verat.net
1158845386 J * cdrx ~legoater@cap31-3-82-227-199-249.fbx.proxad.net
1158845412 M * doener Bertl_oO: http://people.linux-vserver.org/~doener/diffs-2.6.18-2.0.2.1-port.diff
1158845449 M * doener Bertl_oO: I already removed all trivial differences (whitespace etc.) and my bugs ;)
1158845507 M * doener Bertl_oO: basically you missed uml, a new function in sched.c (might need further changes) and we have different opinions about the proc changes
1158845768 J * MrX ~urk@219.95.24.141
1158846816 Q * lilalinux Remote host closed the connection
1158847030 P * robig 
1158847219 J * lilalinux ~plasma@dslb-084-058-199-027.pools.arcor-ip.net
1158848555 M * Borg- [root@titanium] vserver test1 start
1158848555 M * Borg- /proc/uptime can not be accessed. Usually, this is caused by
1158848555 M * Borg- procfs-security. Please read the FAQ for more details
1158848556 M * Borg- http://www.linux-vserver.org/index.php?page=Linux-Vserver+FAQ
1158848562 M * Borg- hmm.. what now? :)
1158848687 M * mnemoc Borg-: vprocunhide
1158848773 M * Borg- got it.
1158848942 M * Borg- fuck.. wth wrote setattr... simple +/-[ahw] could be enough.. but naaah.. they using --[~]watch and etc.. *sigh*
1158849160 N * Bertl_oO Bertl
1158849191 M * Bertl doener: okay, a delta somewhere?
1158849208 M * Bertl doener: ah, that is probably the delta :)
1158849328 M * Bertl doener: what do we do the proc_pid_visible() check in the lookup for?
1158849345 M * Bertl proc_pid_lookup() that is
1158849366 M * Borg- [root@titanium] vserver test1 start
1158849366 M * Borg- No command given; use '--help' for more information.
1158849366 M * Borg- An error occured while executing the vserver startup sequence; when
1158849366 M * Borg- there are no other messages, it is very likely that the init-script
1158849367 M * Borg- () failed.
1158849370 M * Borg- how to debug this one?
1158849381 M * Bertl with --debug
1158849448 M * Borg- kewl. sh -x :)
1158849515 M * Borg- hmm chbind fails.. w/ message: No command given..
1158849538 M * Bertl could you upload the output to paste.linux-vserver.org?
1158849609 M * Bertl doener: ah, thanks for the sched.c part, I obviously missed that completely
1158849692 M * Borg- http://paste.linux-vserver.org/398
1158849717 M * Borg- I guess slack 9.1 is too old and unsuitable for vserver... I upgrade part of system w/ 10.2...
1158849840 M * Bertl no, I don't think that any distro is too old or too new
1158849880 M * Borg- Bertl: well ;) in slack 9.1 mktemp doesnt have -t param :) I had to upgrade bin-* pkg to gen newer mkfifo and mktemp :)
1158849889 M * Borg- s/gen/get/
1158849917 M * Bertl ah, you mean the host, right?
1158849993 J * acozzolino ~acozzolin@nat.fub.it
1158849999 M * Bertl welcome acozzolino!
1158850001 M * Borg- hmm the host? I dont get you now..
1158850017 M * acozzolino ?
1158850035 M * Bertl Borg-: well, mkfifo or mktemp is only used on the host system, (the physical machine) not inside the guests
1158850054 M * Borg- ahh yeah.. on the host.
1158850064 M * Borg- my host is slack 9.1 :)
1158850081 Q * shedi Ping timeout: 480 seconds
1158850145 M * Bertl yeah, probably something goes wrong in the script
1158850147 M * acozzolino i've followed the link on linux-vserv.org...i'm a newbie....i have only a little question about network virtualization....i have this problem and i'm not able to solve it: "chbind: kernel does not provide network virtualization"...could you help me"
1158850176 M * acozzolino please?
1158850181 M * Bertl well, the message says that your current kernel 'does not provide the network virtualization' :)
1158850191 M * Bertl what kernel are you using?
1158850219 M * acozzolino it's 2.6.15-vs2.0.1.3 on ubuntu server
1158850256 M * acozzolino i don't know what i have to enable during kernel patching
1158850287 M * acozzolino to allow network virtualization
1158850290 M * Bertl but you patched and recompiled it?
1158850297 M * acozzolino yes
1158850306 M * acozzolino i did it
1158850307 M * Borg- Bertl: 2.6.16.13
1158850319 M * Borg- ahhhhh not to me ;) hehe
1158850320 M * Borg- sorry
1158850321 M * Bertl acozzolino: okay, then let's get the testme.sh script and run that
1158850356 M * acozzolino i did it and chcontext is ok , but chbind isn't
1158850371 M * Bertl okay, please upload the output to paste.linux-vserver.org
1158850394 M * acozzolino ok...just a minute
1158850459 M * acozzolino ok...done
1158850515 J * simon00 ~simon00@host154-158-static.47-85-b.business.telecomitalia.it
1158850531 M * simon00 hi all
1158850537 M * Bertl welcome simon00!
1158850547 M * acozzolino ciao
1158850550 M * simon00 ciao
1158850553 M * simon00 italiano?
1158850557 M * acozzolino si
1158850568 M * simon00 bentrovato
1158850589 M * acozzolino anche a te...ho un guaio con chbind...spero riescano ad aiutarmi
1158850596 M * simon00 buon per te
1158850610 M * simon00 io ancora non riesco a installare il guest....
1158850631 M * acozzolino scusa ma sono ignorante...vuol dire che non riesci a patchare il kernel?
1158850637 M * simon00 no
1158850649 M * simon00 a creare la macchina virtuale
1158850654 M * Bertl please keep it english here!
1158850658 M * simon00 ok ber
1158850660 M * simon00 bert
1158850664 M * simon00 sorry
1158850665 M * acozzolino ok...sorry
1158850675 M * simon00 so.. i sayd 
1158850684 M * simon00 i have a problem installing guest os
1158850696 M * acozzolino i've a problem with testme.sh execution
1158850710 M * acozzolino "chbind failed!"
1158850729 M * simon00 i get the error "Can not find configuration for the distribution..."
1158850729 M * Bertl acozzolino: it's in the queue ...
1158850741 M * simon00 please read http://linux-vserver.org/HowToRegisterNewDistributions
1158850743 M * simon00 but
1158850749 M * simon00 i cannot find the document
1158850755 M * simon00 any suggestion?
1158850783 M * acozzolino no...i had the same problem
1158850806 M * simon00 my test.sh go without problem
1158850830 M * Bertl simon00: what distro are you trying?
1158850837 M * acozzolino che culo!! ehm pardon what lucky man! sorry bertl
1158850842 M * acozzolino :-)
1158850842 M * simon00 my "host" is a centos 43
1158850848 M * acozzolino i'm using ubuntu server
1158850854 M * simon00 i try to install another centos 43
1158850854 M * acozzolino 6.06
1158850859 Q * kaner Remote host closed the connection
1158850869 M * coocoon simon00: http://wiki.linux-vserver.org and then using the search function --> http://wiki.linux-vserver.org/Special:Search?search=HowToRegisterNewDistributions&go.x=13&go.y=8
1158850891 M * Bertl acozzolino: seems you disabled the network virtualization in the kernel :)
1158850900 J * kaner kaner@strace.org
1158850915 M * acozzolino ok bertl...but how can i enable it?
1158850916 M * Bertl CONFIG_VSERVER_LEGACYNET=y
1158850945 M * acozzolino i don't have this line in my .config, can i add it without problem?
1158850964 M * Bertl that's the problem, that you do not have it :)
1158850973 M * Bertl best is to search for CONFIG_VSERVER_LEGACYNET
1158850979 M * Bertl then remove that line and do
1158850982 M * Bertl make oldconfig
1158850983 M * Borg- Bertl: okey :) I give up.. tomorrow Debian 3.1 is comming.. and second aproach to vserver :)
1158850987 M * Borg- thx for support... and bye.. :)
1158850992 M * Bertl okay, cya!
1158851008 M * acozzolino ok...i'll try...thank you very much...bye!
1158851011 M * acozzolino ciao simon
1158851025 M * simon00 cocoon: i found but the link to the document is broken http://oldwiki.linux-vserver.org/HowToRegisterNewDistributions
1158851034 Q * acozzolino Quit: Ex-Chat
1158851037 M * simon00 ciao acozzolino
1158851072 M * Bertl simon00: we are moving the wiki (as you probably saw)
1158851080 M * simon00 i sow
1158851084 M * simon00 saw
1158851086 M * Bertl so the link got lost in the map table, I'd say
1158851101 M * simon00 k
1158851103 M * Bertl i.e. we tried to remap all 'old' entries to the oldwiki
1158851111 M * simon00 k n.p.
1158851125 M * simon00 any way to find the document on other place?
1158851133 N * Belu_zZz Belu
1158851172 M * Bertl simon00: let me try something
1158851179 M * |yang| Bertl: how is it going with Indigo?
1158851187 M * simon00 thank you very very much
1158851203 M * Bertl |yang|: slowly, trying to get some support from the debian folks ...
1158851243 M * |yang| Bertl: did you join #mipslinux @ freenode?
1158851253 M * Belu Bertl, in the next linux magazin 2 artikels about vserver hosting with linux-vserver under openvcp and openqrm
1158851254 M * coocoon simon00: her the both links http://oldwiki.linux-vserver.org/HowToRegisterNewDistributions
1158851259 M * |yang| they will know best
1158851326 M * simon00 yes... may be
1158851338 M * simon00 i will try these....
1158851346 M * simon00 thank you cocoon
1158851429 M * Belu i am so happy, 3 month old projekt and artikels about...
1158851432 M * Bertl Belu: great!
1158851442 M * Bertl will that be available online too?
1158851464 M * Belu yes i think so.... i wrote with the reporter...
1158851481 M * Belu he have problems by install of openqrm *g
1158851617 M * coocoon daniel_hozac: ping
1158851846 J * bronson ~bronson@c-71-198-75-160.hsd1.ca.comcast.net
1158851863 M * Bertl okay, I'm off for now ... back later (have to run ...)
1158851868 N * Bertl Bertl_oO
1158851899 Q * Borg- Quit: leaving
1158852016 J * fluor ~fluor@tanneries.squat.net
1158852215 J * stefani ~stefani@tsipoor.banerian.org
1158852668 J * bboczki ~bboczki@dslb-084-057-071-120.pools.arcor-ip.net
1158852676 M * bboczki hi
1158852725 M * bboczki can anyone help me?
1158852762 M * mnemoc depends
1158852768 M * bboczki i want to install a vserver on debian sarge and i get errors. I found out that in /proc/self/status the s_context is not set
1158852779 M * bboczki i googled
1158852788 M * bboczki but didn't fnd a solutin
1158852870 M * doener what errors do you get?
1158852907 M * bboczki newvserver error:    Must be run from the host server (security context 0)   on a "vserver/ctx-patch" enabled kernel       See: http://www.solucorp.qc.ca/miscprj/s_context.hc
1158852921 M * bboczki comes after using newvserver ......
1158853278 M * doener newvserver is not a mainstream tool and totally outdated
1158853294 M * bboczki ok
1158853302 M * doener you should use one of the build methods of util-vserver itself instead
1158853326 M * bboczki so the debian-utils package is outdated, ok, then i try this, thakn you :)
1158853395 M * doener http://oldwiki.linux-vserver.org/alpha+util-vserver
1158853405 M * doener there's some information on how the build methods works
1158853409 M * doener s/works/work/
1158853432 M * doener also, it would be a good idea to use more recent util-vserver packages as well. AFAIK backports.org has them
1158853492 M * bboczki ok i will try it, thanks
1158853878 M * |yang| Bertl_oO: do you have 2 mediawikis running on the same box maybe?
1158854034 J * Borg- ~borg@cube.benet.uu3.net
1158854085 Q * mire Remote host closed the connection
1158854184 J * Piet hiddenserv@tor.noreply.org
1158854581 M * daniel_hozac coocoon: pong
1158855019 J * Piet_ hiddenserv@tor.noreply.org
1158855051 J * bonbons ~bonbons@83.222.36.111
1158855057 Q * Piet_ Remote host closed the connection
1158855142 M * waldi mm/built-in.o: In function `.sys_move_pages':
1158855142 M * waldi (.text+0x2f74c): undefined reference to `.vx_rmap_pid'
1158855162 M * waldi (powerpc/64)
1158855164 M * daniel_hozac missing #include <linux/vs_cvirt.h>
1158855171 J * Piet_ hiddenserv@tor.noreply.org
1158855198 M * daniel_hozac are you using Bertl's t4 patch?
1158855204 M * waldi yes
1158855242 M * simon00 cocoon+bertl: solved thank you very much
1158855244 M * simon00 bye bye
1158855277 Q * simon00 
1158855308 M * daniel_hozac did you see doener's delta?
1158855313 M * waldi no
1158855324 M * daniel_hozac (shouldn't fix this problem AFAICT though)
1158855360 Q * Piet Ping timeout: 480 seconds
1158855432 M * waldi powerpc/32 seems to build
1158855543 M * daniel_hozac hmm, shouldn't.
1158855573 M * harry alliteration!!! 
1158855577 M * harry doeners delta!
1158855787 M * waldi daniel_hozac: hmm, sched.h should include that
1158855800 M * daniel_hozac really?
1158855825 M * daniel_hozac i thought we decided not to do that.
1158855834 M * waldi it uses vx_rmap_pid, so it have to
1158855840 M * daniel_hozac ah, well, we don't.
1158855886 M * daniel_hozac kernel/rtmutex-debug.c kernel/taskstats.c and mm/migrate.c are all missing an #include <linux/vs_cvirt.h>
1158855913 M * daniel_hozac (according to http://people.linux-vserver.org/~dhozac/t/find-problems.sh)
1158856077 M * coocoon daniel_hozac: hey hello wantedto kniow something about vcd, there is no need for vprocunhide, i am asking because of i can't start the guest, but i think i have found it why, because of in the vxdb the owner table is missing and starting of vserver needs that, but maybe u can explain me short which init capability is meant (plain is also not available for vcd, isn't it?)
1158856107 J * yarihm ~yarihm@whitehead2.nine.ch
1158856139 M * coocoon daniel_hozac: from hollows manual --> methods vx.start => "This method requires the INIT capability and needs to pass owner checks."
1158856159 Q * bboczki Remote host closed the connection
1158856194 M * coocoon daniel_hozac: but it also can be that there mustn't be an owner table in vxdb, hm dunno
1158856201 M * daniel_hozac coocoon: sorry, as i said, i've never used it, nor looked at the code...
1158856215 M * daniel_hozac coocoon: but did you recreate your database after updating?
1158856224 M * daniel_hozac add your users and guests and whatnot.
1158856238 M * coocoon daniel_hozac: ok good, i thought because of u have helped me yesterday
1158856267 M * coocoon daniel_hozac: yes have made it all works fine with creating vserver
1158856302 M * coocoon but after that i have made another hurdle appears
1158856336 M * coocoon *made i8t
1158856743 J * Piet__ hiddenserv@tor.noreply.org
1158857075 Q * Piet_ Ping timeout: 480 seconds
1158858245 M * doener daniel_hozac: I'm really not sure if a working rbind is a good thing
1158858254 Q * bronson Ping timeout: 480 seconds
1158858258 M * daniel_hozac why?
1158858274 M * daniel_hozac i have to admit i don't see how a bind works though.
1158858289 M * daniel_hozac i mean, /proc and such shouldn't be visible in a guest, should it?
1158858356 M * doener the guest never sees the bind mount
1158858367 M * daniel_hozac right, that's the only explanation i can see.
1158858373 M * doener it does a chroot(".") on /vservers/foo
1158858383 M * daniel_hozac and it should do chroot("/")?
1158858407 M * daniel_hozac or rather ../..
1158858451 M * doener the latter, but that's rather random than well defined semantics
1158858466 M * daniel_hozac yeah.
1158858475 M * doener and you'd loose the ability to mount anything visible to the vserver
1158858496 M * daniel_hozac why is that, anyway?
1158858497 M * doener (maybe those funny ../foo thing might work there as well, but don't...)
1158858509 M * daniel_hozac i mean, why does vnamespace -e ... work now?
1158858525 M * doener because the vserver is chrooted to /vservers/foo
1158858525 M * coocoon sorry for asking but have not so much wiki experience where and how to create a new document at wiki.linux-vserver.org
1158858534 M * daniel_hozac but vnamespace doesn't chroot at all.
1158858542 M * doener if you mount sth. there, the vserver can see it
1158858542 M * coocoon i mean most important is where
1158858544 M * daniel_hozac shouldn't it just see the / mounted there?
1158858567 M * daniel_hozac coocoon: what to name it, or what do you mean?
1158858609 M * doener need to care about my spaghetti, I'll prepare a graph later
1158858616 M * daniel_hozac ok, thanks :)
1158858637 M * coocoon hm i wanted to write a how to for vcd
1158858644 M * coocoon installation and creating guests
1158858655 M * coocoon with the latest state
1158858665 M * coocoon is not so much but why not starting with it
1158858703 M * daniel_hozac coocoon: VCD_Howto maybe? i usually just edit pages...
1158858714 M * coocoon hehe
1158858785 M * daniel_hozac coocoon: if someone has a better name for it, it can always be renamed.
1158858854 M * coocoon ok i think so too, but i have no idea where
1158858861 M * coocoon under which topic
1158858906 M * coocoon maybe here Frequently Asked Questions
1158858952 M * daniel_hozac well, can't you just create a new page?
1158859089 M * coocoon no i can't find this option
1158859114 M * daniel_hozac http://linux-vserver.org/VCD_Howto ?
1158859122 M * daniel_hozac i.e. just type in the name you want, click edit.
1158859147 M * coocoon ah cool too easy for me ;-) thanx a lot
1158859872 M * matti daniel_hozac: :)
1158859874 M * matti doener: :)
1158859875 M * matti coocoon: ;)
1158859887 M * daniel_hozac hi matti
1158859924 M * doener daniel_hozac: http://people.linux-vserver.org/~doener/namespace-bind_mount.png
1158859978 M * daniel_hozac ah, right.
1158860014 M * doener the namespace's fs_struct has the "funny" way to reach the "other" /
1158860044 M * doener the vserver's processes' fs_struct somehow gets the other / as rootmnt when you escape
1158860084 M * doener there's some magic in the stacked mount handling that I'm missing to understand that
1158860130 M * daniel_hozac heh.
1158860147 M * doener nd _if_ you manage to escape, then /proc and friends will appear as empty directories
1158860157 M * doener (with the broken --rbind)
1158860162 M * daniel_hozac right.
1158860202 M * doener in if you keep your pwd above that, bash starts to act funny.
1158860227 M * daniel_hozac i bet.
1158860228 M * doener its path lookups totally break, resulting in ". not such file or directory"
1158860239 M * doener s/not/no/
1158860270 M * doener hm, maybe if I clear the hash cache
1158860304 M * doener no
1158860432 M * daniel_hozac so all this time, we haven't been using the namespace protection? would it have been possible to break out if you didn't have a barrier set?
1158860479 M * doener you can get everything below /vservers without the barrier
1158860497 M * doener I have not yet found a way to reach the original /
1158860498 M * daniel_hozac right, that's what i thought.
1158860509 M * doener (unless you have secure_mount)
1158860531 M * doener the namespace thing is just a bonus, the real protection was and still is the barrier
1158860550 M * daniel_hozac right.
1158860695 M * daniel_hozac so the rbind really is useless, right?
1158860730 M * daniel_hozac well, except for protecting the host should they manage to break out of the chroot.
1158860733 M * doener except for protecting the host itself (assuming that you use /vservers, not /foo/var/fsfs/vservers
1158860757 M * doener eg. debians /var/lib/vservers would probably make /var/spool/crontab accessible
1158860768 M * daniel_hozac yeah.
1158860795 M * doener and the bind mount makes it kinda tricky to reach it
1158860814 M * daniel_hozac how so?
1158860834 M * doener I mean, reaching the bind mount
1158860842 M * daniel_hozac ah.
1158860853 M * doener relative path tricks and such stuff
1158860875 M * doener but I'm not sure if the rbind mount has similar "protection"
1158860892 M * waldi ah, the 64bit arches failes, the 32bit ones build
1158860900 M * daniel_hozac hmm, did / refer to the host's root after breaking out?
1158860917 M * daniel_hozac waldi: very strange, IMHO they should all fail.
1158860931 M * doener if the vserver's fstab has a mount for /usr, can we be sure that it does not interfere?
1158860988 M * daniel_hozac with the start process? i'd assume so as it's below the "other" root mount?
1158861027 M * doener I'd think so, too. But I'm not sure anymore ;)
1158861040 M * daniel_hozac hehe.
1158861069 M * daniel_hozac well, the fixed util-vserver seems to work ok (i.e. rbind).
1158861109 M * daniel_hozac although i do not have a /usr mount.
1158861110 M * waldi daniel_hozac: hmm
1158861123 M * daniel_hozac hmm, and /dev/pts is mounted ,nodev :|
1158861150 M * doener ah, that probably explains the broken check *g*
1158861168 M * daniel_hozac lol, yep.
1158861169 Q * rob-84x^ Read error: Connection reset by peer
1158861182 M * daniel_hozac i thought it seemed really fishy.
1158861311 J * rob-84x^ rob@submarine.ath.cx
1158861559 M * _spq can i update my gentoo guest to a nptl-only glibc? i have two glibc's on the debian host, one with linux and one with posix threads
1158861691 Q * rob-84x^ Read error: Connection reset by peer
1158861710 M * doener daniel_hozac: ok, I think the point about the escape protection is that you have chrooted away from the original / 
1158861711 J * bronson ~bronson@66.160.177.209
1158861735 M * doener that probably changes the follow_dotdot semantics and makes the new / accessible
1158861744 M * doener (thereby hiding the original /)
1158861811 M * doener well, not the semantics, but the original / isn't special in the way that it equals rootmnt anymore
1158862265 J * rob-84x^ rob@submarine.ath.cx
1158862709 Q * dna_ Quit: Verlassend
1158863152 Q * rob-84x^ Quit: That's it for today
1158863291 J * dna_ ~naucki@75-205-dsl.kielnet.net
1158864530 Q * lilalinux Remote host closed the connection
1158864805 J * _are_ ~are@62.112.159.81
1158864809 M * _are_ hi
1158864856 M * daniel_hozac hello
1158865181 M * doener daniel_hozac: ok, confirmed... chdir("/root"); chroot("/bin"); chroot(".."); chdir("/");
1158865195 M * doener that get's me "into" the bindmount area
1158865244 M * daniel_hozac heh.
1158865697 J * ComplexMind ~mark@162.84.2.81.in-addr.arpa
1158865698 J * rob-84x^ rob@submarine.ath.cx
1158865857 M * ComplexMind does anyone in here know the best way to expose a ramdisk (eg /dev/ram0) as a filesystem mount inside a vserver?
1158865878 M * Nei mount it in the vserver's fstab?
1158865902 M * ComplexMind yes
1158865909 M * ComplexMind I think so... ;)
1158865948 M * Nei /etc/vservers/*/fstab
1158865956 M * ComplexMind one of our developers wants to try out some scripts running from a ramdisk
1158865990 M * ComplexMind so if I add an entry for /dev/ram0 in there then that device will mount on the vserver?
1158865991 M * cehteh mhm for what shall that be good for?
1158866007 M * Nei if you just want to mount it one time live I guess you can use chcontext?
1158866031 M * ComplexMind I'm not sure - apparently the scripts will take heavy repetitive load and he thinks putting them on a ramdisk might help, and has asked if he can try it on a dev server
1158866065 M * cehteh i doubt that helps since the kernel will have them in the buffer cache already
1158866129 M * ComplexMind good point
1158866139 M * cehteh if you need performance, then dont use bash
1158866199 M * cehteh (assuming you meant shell scripts)
1158866230 M * ComplexMind no php I believe
1158866231 M * cehteh or do it in a real programming language .. but any other shell (zsh or ash) is actually much faster than bash
1158866235 M * cehteh ah ok
1158866246 M * ComplexMind yeah I just look after the vserver end ;)
1158866465 Q * Piet__ Ping timeout: 480 seconds
1158866470 M * cehteh well .. vserver cant improve performance over 100% ;)
1158866745 M * doener daniel_hozac: what does ls -ldi /. /.. show for you inside a vserver?
1158866797 M * daniel_hozac doener: damn, the rbind leads to openpty failures.
1158866812 M * doener the rbind itself or the nodev?
1158866818 M * daniel_hozac well, the nodev.
1158866838 M * daniel_hozac doener: same thing with the rbind.
1158866861 M * daniel_hozac meaning same for both.
1158866865 M * doener hm, how to reproduce that?
1158866884 M * ComplexMind cehteh: very true - well I've given him a ramdisk to play with since its a dev box, I'll confirm/deny shortly ;)
1158866887 M * daniel_hozac http://people.linux-vserver.org/~dhozac/p/uv/experimental/util-vserver-0.30.211-rc1.tar.bz2
1158866901 M * doener I have a fixed secure_mount here (rbind-wise)
1158866913 M * daniel_hozac well, that should do it then.
1158866917 M * cehteh ComplexMind: arent there profiling tools for php?
1158866919 M * daniel_hozac do you also have vlogin?
1158866923 M * doener no
1158866930 M * daniel_hozac well, that's why you haven't noticed it ;)
1158866970 M * daniel_hozac doener: is the ls supposed to show different things?
1158866985 M * ComplexMind cehteh: no idea - i just take care of the lower layers ;) hehe
1158867001 M * daniel_hozac i get the same thing in both an rbind'ed guest and a plain bind guest (older utils).
1158867006 M * doener daniel_hozac: I'm interested in the inode numbers (I guess)
1158867017 M * doener trying to figure out why we change follow_dotdot
1158867019 M * cehteh heh .. well .. wrong aproach to fix performance issues ;)
1158867020 Q * rob-84x^ Quit: That's it for today
1158867038 J * rob-84x^ rob@submarine.ath.cx
1158867041 M * daniel_hozac doener: they're identical for both paths.
1158867052 M * ComplexMind cehteh: yeah, totally agreed
1158867057 M * doener hm, same as without the change
1158867067 M * doener and IIRC we changed that because the inode number differed
1158867076 M * doener but the look perfectly fine here
1158867094 M * doener s/the/they/
1158867113 M * doener daniel_hozac: how does vlogin fail? strace available?
1158867162 M * daniel_hozac doener: the open of /dev/ptmx returns EACCES, because of the nodev.
1158867236 M * doener daniel_hozac: yeah, but you said that the rbind itself also causes it to fail
1158867308 M * daniel_hozac hmm, i misspoke then. the rbind just causes all of the filesystems to be mounted nodev (because of the broken checks in secure-mount).
1158867330 M * doener grr, a global variable named t... not that easy to find...
1158867375 M * daniel_hozac lol, indeed.
1158867422 M * doener the rbind does not cause them to be mounted nodev
1158867433 M * doener that's because of the "fixed" nodev check
1158867469 M * doener if you don't remember, there was a check like "if nodev then nodev"
1158867471 M * daniel_hozac well, right.
1158867478 M * doener and we changed that to "if not nodev then nodev"
1158867582 M * daniel_hozac this showed a bug in vlogin too, the reset atexit handler is added too late.
1158867612 M * doener *sigh*... at least we learn a lot of stuff...
1158867674 M * daniel_hozac heh, indeed.
1158867718 M * doener hm... *goes hacking*
1158867759 M * daniel_hozac btw, did you see my missing headers report for your 2.6.18 ports?
1158867854 M * doener I didn't compile it and actually removed some headers from my port (I didn't check them) when I saw that they were missing from Bertls
1158867856 P * Belu 
1158867908 M * daniel_hozac "kernel/rtmutex-debug.c kernel/taskstats.c and mm/migrate.c are all missing an #include <linux/vs_cvirt.h>"
1158867931 M * doener I did only check for conflicts, fuzz and stuff that caught my eye
1158867964 M * daniel_hozac http://people.linux-vserver.org/~dhozac/t/find-problems.sh will do most of the boring header checking for you ;)
1158868702 J * Blissex ~Blissex@82-69-39-138.dsl.in-addr.zen.co.uk
1158868733 Q * Borg- Quit: leaving
1158868922 M * doener is that like espdiff? ;)
1158869709 Q * sladen_ Ping timeout: 480 seconds
1158870199 J * sladen paul@starsky.19inch.net
1158870800 Q * yarihm Quit: Leaving
1158870811 Q * bonbons Quit: Leaving
1158874015 J * yarihm ~yarihm@84-75-123-221.dclient.hispeed.ch
1158874260 Q * Hunger helium.oftc.net venus.oftc.net
1158874260 Q * fosco helium.oftc.net venus.oftc.net
1158874260 Q * weasel helium.oftc.net venus.oftc.net
1158874293 J * fosco fosco@konoha.devnullteam.org
1158874293 J * weasel ~weasel@weasel.noc.oftc.net
1158874496 M * doener daniel_hozac: If I want vs_set_namespace to pass some data as the final parameter to the syscall, how would I do that in util-vserver?
1158874544 M * daniel_hozac you don't, the API isn't like that. it doesn't even let you specify the xid.
1158874557 M * daniel_hozac you'll have to use vc_syscall directly.
1158874571 J * Aiken ~james@tooax6-041.dialup.optusnet.com.au
1158874596 M * coocoon http://linux-vserver.org hangs
1158874615 M * daniel_hozac worksforme.
1158874622 M * coocoon hm
1158874633 J * Hunger Hunger.hu@213.163.11.138
1158874644 M * coocoon cache?
1158874662 M * daniel_hozac nope.
1158874668 M * doener worksforme
1158874704 M * coocoon :-(
1158874887 M * yarihm does anyone have an idea what this "unable to open /proc/uptime"-thing is when trying to start a Fedora Core 5 vserver? i followed the howto on the wiki-page rather closely but somehow i must have messed up something?
1158874899 M * doener vprocunhide
1158874926 Q * coocoon Quit: KVIrc 3.2.0 'Realia'
1158874952 M * yarihm ... rebooting solved it too ... sorry for the noise
1158874960 M * daniel_hozac yep, rebooting would run it.
1158875068 M * doener daniel_hozac: actually I wanted to change the API ;)
1158875111 M * _spq RTNETLINK answers: Cannot assign requested address
1158875120 M * _spq what could be the problem?
1158875138 M * _spq pops up ad vserver x restart
1158875147 J * coocoon ~coocoon@p54A07B27.dip.t-dialin.net
1158875189 M * mnemoc _spq: the adresses are not set by the guest
1158875203 M * _spq which dresses?
1158875216 M * _spq s/d/ad/
1158875222 M * mnemoc ip
1158875237 M * mnemoc <_spq> RTNETLINK answers: Cannot assign requested address
1158875244 M * _spq so i have to ifconfig them?
1158875273 M * mnemoc 1) stop using ifconfig on linux-based machines from this millenium
1158875297 M * mnemoc 2) no, at /etc/vservers/$vserver/
1158875323 M * coocoon sorry but i dunno why it won't at my system ping googlde works fine see http://rafb.net/paste/results/HHnjPc92.html
1158875344 M * coocoon ping linux-vserver.org will not work
1158875360 M * coocoon or it takes a long time maybe my connection is too slow ;-)
1158875368 M * yarihm hmm ... i'm always feeling a bit stupid when trying new distros, i ran into this:
1158875371 M * yarihm [root@wh2-fc5 schaer]# vyum schaer -- install yum
1158875371 M * yarihm http://mirror.naturidentisch.de/yum/fc5-vps/repodata/repomd.xml: [Errno 14] HTTP Error 500: Date: Thu, 21 Sep 2006 21:47:26 GMT
1158875390 M * yarihm it then states that there are no mirrors left to try. how do I supply new ones to yum/vyum?
1158875441 M * doener coocoon: did you try traceroute or similar?
1158875484 M * coocoon no
1158875516 M * coocoon but all other works fine
1158875548 M * mnemoc MTU?
1158875605 M * doener coocoon: can you reach 85.10.237.67?
1158875609 M * Radiance need my memory refreshed about this: vrsetup /dev/vroot/0 /dev/lvm/vserver0 
1158875613 M * Radiance what does this actually do ?
1158875620 M * Radiance i mean on a plain ide drive system
1158875624 M * doener ehrm, nvm, dead ip address anyway
1158875635 M * coocoon no
1158875670 M * doener coocoon: 85.10.237.41
1158875683 M * doener same hosting company as the linux-vserver box
1158875690 M * coocoon no
1158875716 M * doener then your routing to that net is probably broken
1158875722 M * coocoon ok thanx
1158875843 Q * coocoon Quit: KVIrc 3.2.0 'Realia'
1158876422 Q * dna_ Quit: Verlassend
1158876468 M * doener daniel_hozac: that was quite a PITA to adapt vnamespace...
1158876642 J * coocoon ~coocoon@p54A05D2B.dip.t-dialin.net
1158876673 M * daniel_hozac doener: what are you doing?
1158876684 M * doener trying some stuff
1158876719 M * doener and my "quick" approach involves passing a real value in the vserver syscall pointer (last argument)
1158876738 M * daniel_hozac heh, ok.
1158876809 M * daniel_hozac yarihm: hmm, looks like Cru's repo is broken.
1158876836 M * daniel_hozac yarihm: you could try vyum schaer -- --disablerepo=cru-vps install yum
1158876937 J * shedi ~siggi@inferno.lhi.is
1158877136 J * derjohn2 ~aj@dslb-084-058-217-122.pools.arcor-ip.net
1158877266 P * stefani I'm Parting (the water)
1158877518 M * _spq RTNETLINK answers: Cannot assign requested address || RTNETLINK answers: File exists
1158877519 M * _spq hmm
1158877979 M * coocoon _spq: if go to the wiki and give in under search --> RTNETLINK answers: there will be the information how to solve this ;-)
1158878002 M * _spq thx
1158878315 M * _spq ok works now
1158878322 M * _spq i had the same name 6 times
1158878380 M * _spq RTNETLINK answers: Cannot assign requested address
1158878381 M * _spq again
1158878412 M * _spq hm, the ip was still configured
1158878497 M * _spq but the ip is usable by the guests
1158878501 M * _spq so this is okay
1158878550 M * derjohn2 _spq, if you want to use the same ip for several guests, use the nodev flag in interfaces ...
1158878566 M * _spq no i have 6 different ips
1158878581 M * _spq but the tools do not deconfigure them on vserver x stop
1158878615 M * derjohn2 do they configure them when you vserver x start?
1158878620 M * _spq yes
1158878629 M * derjohn2 or are they manually conf'ed?
1158878629 M * yarihm daniel_hozac: that helped, thanks
1158878651 M * _spq no i deconfigured them and started the guests it worked
1158878698 M * _spq i still have to learn much about these vservers
1158878761 M * derjohn2 _spq, they should go down with vserver bla stop (but they are leavred untouch if you set "nodev")
1158878783 M * _spq no, i dont have the nodev files
1158878919 M * derjohn2 did you change the netmasks? do the guest bring up ip within in the init and change the netmask? (needs capabilities)
1158878956 M * _spq no
1158878999 M * _spq hm
1158879007 M * _spq now restart works without errors
1158879062 M * _spq wait 8087
1158879069 M * _spq why does it sleep so long?
1158879082 M * derjohn2 maybe it's tired?
1158879103 M * _spq ;)
1158879114 M * _spq ah ok
1158879119 M * _spq its the pid of the init
1158879127 M * _spq im sorry, mixed wait and sleep :)
1158879302 M * derjohn2 :)
1158879482 Q * yarihm Quit: Leaving
1158879948 M * coocoon good night to all
1158879953 M * _spq gn8
1158879959 Q * coocoon Quit: KVIrc 3.2.0 'Realia'
1158880425 N * bronson bluelines
1158881572 N * Bertl_oO Bertl
1158881577 M * Bertl evening folks!
1158881577 M * doener evening Bertl 
1158881614 M * Bertl what was the result of the follow.. discussion above?
1158881641 M * doener which one? about the break->return change? nothing
1158881677 M * Bertl are we changing something which isn't required anymore?
1158881696 M * doener seems like, but I'm not sure anymore what the change was supposed to do
1158881716 M * Bertl I presume it's in 2.6.18-*
1158881734 M * doener I'm running 2.6.17.11 atm
1158881753 M * Bertl okay, so it is there too, or only there?
1158881782 M * doener I didn't check anything else, I just wondered if that affects the bindmount semantics in any way
1158881806 M * doener so I changed it back from return to break and noticed that the inode numbers were still the same for "/." and "/.."
1158881830 M * Bertl on normal mounts as well as bind mounts?
1158881885 M * doener I only checked with a local vserver, namespace, no namespace, and with a pre-start /vserver/foo -> /vserver/foo bind mount
1158882030 M * Bertl btw, here is the version after incorporating the things I obviously missed, could you verify that this seems 'okay' with your results? http://vserver.13thfloor.at/Experimental/patch-2.6.18-vs2.0.2.1-t5.diff
1158882138 M * doener first look seems fine, will check it later
1158882149 M * Bertl np, TIA
1158882164 M * Bertl btw, the avoid follow_mount() seems still valid
1158882191 M * Bertl (just checked the code in 2.6.18) and the follow_mount() is still called, which moves up the mount space
1158882205 M * doener I'm hacking on namespace stuff atm, trying to figure out how to get a namespace with a shared root mount that is not a root mount in the original namespace (pivot_root doesn't like shared mounts)
1158882221 M * essobi_ WEEE!
1158882250 M * doener nah, the Nintendo thing is called Wii, not WEEE ;)
1158882258 M * essobi_ Pfft.
1158882267 M * essobi_ you say Wii, I say WEEEEEEEEEEEEEEE!
1158882275 M * Bertl doener: aah, sounds interesting ... have you considered my somewhat half hearted suggestion to have barrier mounts instead of filesystem barriers?
1158882290 M * essobi_ r00t || d13
1158882329 M * Bertl ah, essobi_ is v3ry 1337 :)
1158882330 M * doener to some degree... but I want to see if I can get my idea to work first (using a second stored namespace atm, to keep util-vserver changes low)
1158882345 M * Bertl yeah, would be nice, indeed ...
1158882346 M * essobi_ Bertl Teh l337est. :)
1158882369 M * Bertl a real 1337z0r :)
1158882373 M * essobi_ So... I managed to cram Rlinux onto my Vserver. :)  I'm working out quite a few bootup tweeks now.
1158882386 M * doener basically it consists of "admin namespace" and "vserver namespace", they should inherit mounts from each other, and the vserver namespace contains only /vserver/foo as /, while the admin namespace is what we currently have
1158882406 M * essobi_ Seems it chkconfig/RHish as far as init.rd management goes..
1158882434 M * essobi_ but it's coming along nicely.
1158882446 M * essobi_ Anyone else looked at conary?
1158882451 M * essobi_ Rlinux, etc..
1158882472 M * Bertl doener: yeah, got the idea, would be really nice to have that
1158882511 M * Bertl essobi_: Rlinux?
1158882513 M * essobi_ Its rather like LFS save the centralized package management is a cross between FreeBSD Ports and CVS..
1158882522 M * essobi_ Bertl Yea.. It's pretty neat.
1158882586 M * Bertl basic bootup tweaks for guests: remove all hardware related stuff
1158882606 M * Bertl second step: remove all network setup/shutdown
1158882610 M * essobi_ I've noted.. Kudza keymap and suck..
1158882615 M * essobi_ All networking?
1158882625 M * essobi_ Hmm.. rm /etc/init.d/networking?
1158882628 M * cehteh yes
1158882630 M * essobi_ Or prune it?
1158882630 M * Bertl well, you do not 'configure' interfaces and such in a guest
1158882647 M * essobi_ Roger that.  I figured out that much.
1158882649 M * Bertl they are pre configured on the host, you just get certain ips
1158882664 M * cehteh echo "# not in vserver" >/etc/networking/interfaces
1158882679 M * essobi_ cehteh Roger that..
1158882683 M * Bertl so all the route, iptables, interface, hotplug stuff is not used in a guest
1158882691 M * Bertl (just throws strange error messages)
1158882696 M * essobi_ Yea, I noticed.
1158882700 M * essobi_ I've got it booting now.
1158882730 M * cehteh long time ago i fighted with deinstalling important packages and such .. where other things depend on ... and which get reinstalled on upgrades ..
1158882734 M * essobi_ I'm trying to convince one of the Conary freaks to just build a clean tarball for me. ;)
1158882753 M * essobi_ cehteh And?
1158882763 M * cehteh so now i rather prefer to remove only few packages for vservers and rather handle things in no-op configs
1158882798 M * essobi_ http://www.rpath.org BTW..
1158882803 M * cehteh means you can leave hardware/network controling packages installed but give them empty configs
1158882815 M * essobi_ cehteh Wise choice.
1158882839 M * cehteh which turns out less painful than removing packages from which the distribution think they are important
1158882858 M * essobi_ Hmm. Is there any reason for a packet per second degredation of operation in a guest?
1158882862 M * Bertl alternative would be to make dummy packages, (or package database entries) which fulfill the dependancies
1158882875 M * essobi_ Bertl True true.
1158882886 M * cehteh Bertl: yes .. but that is actually even more work
1158882941 M * essobi_ I'm looking to run some very active vservers.. some of which will produce a very high number of packets per second.. there's no reason to believe a guest will perform much below the level of a host is there?
1158882941 M * cehteh LARTing some debian maintainers (and likely gentoo/RH/Suse people) for a clean separation of kernel/hardware related and userland stuff would be better :)
1158883016 M * essobi_ Bertl Those rbuilder ISOs are appliance based linux ISOs.. conary is their package management, and Rlinux is the base for them all.
1158883059 M * essobi_ Pretty fsking cool.. quite a few of those are oriented to tiny tiny installations with a very vertical application.
1158883067 M * essobi_ Makes perfect sense to use for a vserver.
1158883075 M * Bertl essobi_: no, the main advantage of Linux-VServer is that we try to keep the overhead unmeasureable
1158883096 M * essobi_ Bertl I assumed as much, but I know my boss would ask and w/o benchmarks in hand...
1158883153 M * Bertl well, let me put it like this: if you measure some overhead in a guest, compared to vanilla (same kernel release) on the devel patches, then report it, it must be a bug :)
1158883165 M * essobi_ LOL
1158883179 M * essobi_ Roger that.