1158883283 M * cehteh mhmpf .. just learned that you shouldnt make your primary nameserver a CNAME 1158883422 M * essobi_ Hehehe. 1158883425 M * essobi_ The hard way? 1158883448 M * cehteh well all worked ... even the secondary fetched the zone 1158883468 M * _spq gn8 1158883469 M * cehteh but my ISP send ne a note 1158883492 M * cehteh "Your namserver is not functional!" .. 1158883531 M * Bertl what domain? 1158883559 M * cehteh pipapo.org 1158883569 Q * _spq Quit: _spq 1158883586 M * essobi_ Is it a wise idea to have an entry to the local IP on a guest mapped to localhost and localhost.localdomain in /etc/hosts on the guests? 1158883593 M * Bertl http://www.dnsreport.com/tools/dnsreport.ch?domain=pipapo.org 1158883597 M * doener Bertl: did you restrict google's access to irc.13thfloor.at or something? I find almost nothing anymore 1158883608 M * essobi_ Mmm... I suppose any service that used localhost would get pegged. 1158883621 M * Bertl doener: no, not that I know of? 1158883625 M * doener Bertl: just 4 matches for "site:irc.13thfloor.at bertl" 1158883628 M * essobi_ No robots.txt? :) 1158883693 M * Bertl doener: well, it was moved (i.e. ip changed) but that should not affect google, should it? 1158883711 M * Bertl but let me check the logs ... 1158883712 Q * derjohn2 Ping timeout: 480 seconds 1158883737 M * essobi_ Mmm. cant mount /proc or /sys in a guest, correct? 1158883746 M * cehteh ah thanks bertl ... nice debugging tool ;) 1158883789 M * cehteh mhm so MX must be a A record too 1158883791 M * doener damn, now I forgot what I was searching for :( 1158883874 M * Bertl doener: hmm, seems some robots.txt sneaked in on the apache update ... fixing that up now 1158883917 M * essobi_ I'm psychic. 1158884023 M * essobi_ So is /proc mapped from the host to the guest I assume? 1158884047 M * doener procfs is mounted by the tools on start-up 1158884063 M * essobi_ Ah. 1158884067 M * doener essobi_: http://www.cs.princeton.edu/~mef/research/vserver/paper.pdf#search=%22linux-vserver%20benchmark%22 1158884086 M * doener some comparison between virtualisation technologies by princeton folks 1158884095 M * essobi_ doener: But it is essentially the same thing, the host sees yes? 1158884097 M * essobi_ Nice. 1158884131 M * doener includes a bunch of benchmark results, slightly outdated and a bit of apples vs. oranges, but you can at least get a picture of Linux-VServer performance 1158884156 M * doener essobi_: no, it's virtualized. processes are hidden and a bunch of files that a vserver should not see 1158884188 M * doener (actually all files are hidden by default, the tools unhide a sane set) 1158884413 M * essobi_ MHAHAHA. 1158884429 M * essobi_ Comparing Vserver to Xen is almost shameful. 1158884468 M * essobi_ The 256M mmap tests make Xen look pretty bad. 1158884634 M * essobi_ So umm.. Hmm. 1158884668 M * doener haha! first step mastered... a gazillion of steps remains 1158884697 M * essobi_ Is there any docs on what per vserver things are available via /proc on the host OS? 1158884785 M * essobi_ I'm interested in expanded what's currently being graphed in via collectD for vservers. 1158884866 M * essobi_ For instance.. is there a way to see how many IRQ's per second a vserver is incurring on the host? Context switches? Packets per second on the interface? 1158884868 M * Bertl doener: no, the robots.txt cannot be the cause, maybe they started purging .txt files? let's wait a week or so and see what googlebot accesses, maybe we have to activate the long planned htmlizer :) 1158884930 M * essobi_ Maybe (they/their upstream DNS) had the old IP cached the last time the googledance occured. 1158884943 M * doener Bertl: second step accomplished as well, got namespace A and B in the setup that I wanted to have 1158885004 M * doener now comes the hard part... util-vserver... ;) 1158885077 M * essobi_ Like... would it be worthwhile to run sar@sysstat on each vserver and collect them on the host, or is that same information exposed in /proc to the guest naturally? 1158885262 M * essobi_ Mmm.. 1158885279 M * essobi_ Is ping localhost and ping 127.0.0.1 on a guest suppoed to land on the host? 1158885461 J * derjohn2 ~aj@dslb-084-058-194-184.pools.arcor-ip.net 1158885466 M * Nei there is no localhost on the guest 1158885666 M * Bertl echo " localhost" >/etc/hosts :) 1158885687 M * Bertl (inside a guest) 1158885764 M * Nei NOW there is one 1158885773 M * Nei can you fake 127.0.0.1 too? 1158885854 M * essobi_ I'd assume not. 1158885876 M * essobi_ Which kind of sucks.. 1158885904 M * Nei ;) 1158885904 M * essobi_ Like you can't have mysql run on 127.0.0.1:3306... 1158885914 M * Nei run it on unix socket instead 1158885916 M * essobi_ Well.. Mysql is a bad example as it provides.. 1158885919 M * essobi_ :P~~~~~ 1158885924 M * essobi_ I was getting to that. 1158885952 M * essobi_ But I'm sure there are applications that expect to bind to 127.0.0.1 for security sakes.. 1158885953 A * cehteh experimented with a empty bridge device for such things ... 1158885960 M * Bertl 127.0.0.1 is auto remapped to the first ip 1158885974 M * essobi_ It is? 1158885979 M * cehteh dunno .. but likely you can configure a bridge with 127.0.0.1 1158885983 M * Nei you could provide a dummy interface as if0 to retain some security 1158885986 M * doener isn't the whole 127.0.0.0/8 net host-local? 1158885993 M * cehteh (which would require to turn off this auto-remapping) 1158886005 M * doener so using 127.0.0.2 as first ip address should solve that, right? 1158886012 M * Bertl if you do not care about making the guest a insecure, just assign 127.0.0.x to the guest (as first ip) 1158886016 M * doener (and .3, and .4 and so on) 1158886025 M * Bertl s/a/a little/ 1158886036 M * doener Bertl: in which way insecure? 1158886059 M * cehteh does 127.0.0.1 see the traffic on 127.0.0.2 ? 1158886069 M * Bertl you could bind to those addresses, and host connections could verify them as _local_ 1158886079 M * essobi_ Scary. 1158886096 M * Bertl host services that is 1158886160 M * cehteh Bertl: if not, how about having a 127.0.0.x address for each vserver (well that would limit it to 254 vservers :P) and auto-remap 127.0.0.1 to the exact used address? 1158886193 M * essobi_ Bertl How/where/when is 127.0.0.1 "autoremapped"? 1158886199 M * Bertl cehteh: no real need for that 1158886209 M * Bertl essobi_: whenever used for binding ... 1158886215 M * essobi_ Telnet 127.0.0.1 25 lands me on the hosts smtp server from the guest. 1158886228 M * essobi_ Ah. 1158886238 M * Bertl well, that is correct, isn't it? 1158886252 M * essobi_ So it's only transparent on the binding side... 1158886253 M * Bertl try 'telnet localhost 25' and you get the guest's telnet 1158886266 M * Bertl (assuming that you did configure the /etc/hosts correctly) 1158886268 M * Nei its not obvious 1158886285 M * Nei that 127.0.0.1 despite not being availabe would point to the host 1158886294 M * Bertl Nei: think network isolation, not virtualization 1158886306 M * cehteh Bertl: dunno .. i would rather expect usual behaviour 1158886318 M * Bertl Nei: 127.0.0.1, , , ... 1158886331 M * Bertl Nei: guest gets and 1158886336 M * cehteh means every guest should look like it has its own private loopback 1158886347 M * Bertl that would be virtualization 1158886369 M * Bertl which would add overhead to the networking just to make it 'look' nice 1158886371 M * cehteh not nessary .. just the mapping as i saied could work 1158886402 M * essobi_ Newp. 1158886404 Q * id23 Remote host closed the connection 1158886420 M * Bertl we will have a virtual network stack for the folks who really want to have that (and gladly take the overhead) in the future 1158886439 M * essobi_ I only have port 25 running on my host. 1158886442 M * Bertl probably it will be selectable on a per guest basis 1158886454 M * cehteh Bertl: could one create a first interface with dev=lo, 127.0.0.x and then add 127.0.0.x localhost to /etc/hosts 1158886460 M * essobi_ I telnet localhost 25 on guest and land on the hosts. 1158886484 M * Bertl cehteh: sure, but what would that buy you? 1158886493 A * cehteh doesnt fully understand how linux implements loopback devices 1158886496 M * Bertl essobi_: double check /etc/hosts as mentioned above 1158886496 M * essobi_ Bertl A few confused uses? :) 1158886522 M * cehteh Bertl: a per-vserver loopback .. 1158886523 M * Bertl cehteh: the traffic within a host (including the guest) will always use lo 1158886536 M * Bertl cehteh: regardless of the addresses used 1158886537 M * essobi_ ping localhost resolves the the guests IP address. 1158886545 M * essobi_ and yes.. I tripple checked /etc/hosts 1158886555 M * cehteh yes .. but is lo sniff-able and does 127.0.0.1 see traffic from 127.0.0.2 ? 1158886561 M * Bertl essobi_: okay, and telnet on the host was restricted to host only ips? 1158886573 M * Bertl cehteh: yes 1158886577 M * essobi_ Bertl Ah.. good point. 1158886578 M * essobi_ ;) 1158886589 M * cehteh ok thats bad then 1158886621 M * essobi_ Bertl Is there a decent way to audit your host machines binding? Mmm.. netstat -na | grep -i listen | grep -i 0.0.0.0 perhaps? 1158886632 M * cehteh Bertl: dunno maybe that could be restricted with iptables .. or as i saied before configure a bridge device with 127.0.0.1 1158886634 M * Bertl cehteh: trust me, except for broken proprietary software there is no reason for having 127.0.0.1 in a guest 1158886654 M * cehteh well ok 1158886674 M * Bertl essobi_: you can check with netstat in xid=1 (spectator) it should show all existing bindings 1158886701 M * Bertl essobi_: except for that, the usual tools work inside the guest too 1158886720 M * Bertl s/except for/in addition to/ 1158886749 M * Bertl okay, I'm off to bed now .. have to get out early today ... 1158886751 M * essobi_ netstat -na |grep -i listen doesn't show port 25 active but I can telnet localhost 25 sure enough. 1158886752 M * essobi_ :) 1158886777 M * essobi_ Noght Bert.. Thanks for all teh fish^Whelp. 1158886778 M * Bertl try chcontext --xid 1 -- netstat -na |grep -i listen 1158886810 M * Bertl have a good one everyone! cya! 1158886814 N * Bertl Bertl_zZ 1158886827 M * essobi_ mmm. 1158886846 M * essobi_ 2 programs on 0.0.0.0.. 1158886850 M * essobi_ and one on 127.0.0.1.. 1158886920 M * essobi_ Mmm.. what do you use on debian to control which programs startup on what runlevels? I can' remember.. Heh. 1158887117 M * cehteh mhm syslog in root for all guests .. lets go 1158887133 M * cehteh essobi_: upsdate-rc.d 1158887144 M * cehteh ups ;) ... update-rc.d 1158887222 M * essobi_ Oh.. rcconf was the other one.. 1158887243 M * cehteh is there a very simple and small relaying syslogger (prolly udp only) 1158887311 M * essobi_ I wrote a perl one in POE. 1158887318 M * essobi_ Really really simple in POE. 1158887327 M * essobi_ And you can do whatever you want w/it.. 1158887354 M * essobi_ like special conditions.. Page my ass or email me depending on the time..... :) 1158887367 M * essobi_ It's handy. 1158887387 M * cehteh nah i just want to forward /dev/log to udp 1158887392 M * cehteh maybe socat can do that 1158887397 M * essobi_ Ah. 1158887419 M * cehteh or i just put /dev/log sockets from the main syslog into the guest 1158887432 M * essobi_ I seem to remember them doing that with syslog-ng 1158887441 M * cehteh sure .. but thats to fat 1158887458 M * cehteh i am running syslog-ng on the root 1158887460 M * essobi_ No diggity. 1158887477 M * essobi_ Debian? 1158887483 M * cehteh yes 1158887485 M * essobi_ Check the socklog package maybe.. 1158887531 M * cehteh checked .. thats rather a full syslog system 1158887537 Q * Nei Quit: No windows for this server 1158887538 M * essobi_ Ah.. 1158887539 A * cehteh tries socat 1158887564 M * essobi_ Um.. just use a poe receptor and send it out to UDP.. 1158887577 M * essobi_ I'm a fan of perl POE if you can't tell. 1158887598 M * cehteh i am not a fan of perl in no way 1158887599 M * essobi_ AnyAnyways.. 1158887618 M * essobi_ What's XID 1 for anyways? 1158887621 M * essobi_ The spectator? 1158887635 M * essobi_ Can it see everything in all guests and the host at the same time? 1158887681 M * cehteh yes 1158887927 M * doener http://people.linux-vserver.org/~doener/double_namespace_setup.txt 1158887956 M * doener my proposal for the future of vserver fs-handling 1158887995 M * doener well, not really fs, but as I lack a better description... ;) 1158888019 A * cehteh just puts logging interfaces from the root server into the guests .. i think thats secure enough 1158888058 M * cehteh if someone can exploit syslog-ng by a forged message on /dev/log he can likely do the same on a udp packet 1158888112 M * cehteh .. and that way it works much simpler 1158888435 M * doener (btw, as that proposal contains administration related stuff, it might be interesting for non-hackers as well ;) 1158888835 M * cehteh looks cool 1158888912 M * doener yeah, I tried something like that for weeks long(?) before 2.6.15 came out... I feel dumb now that I didn't realize that I can finally _do_ it with those shared subtrees 1158888946 M * doener I should have been jumping up and down all day when I saw shared subtrees ;) 1158889692 Q * bluelines Ping timeout: 480 seconds 1158890848 J * Nei ~ailin@userv2.informatik.uni-leipzig.de 1158891659 Q * Blissex Read error: Connection reset by peer 1158892601 M * Radiance access("/proc/uptime"): Permission denied 1158892601 M * Radiance /proc/uptime can not be accessed. 1158892610 M * Radiance i checked permissions and they're all +r 1158892620 M * doener regular user? 1158892635 M * Radiance starting the vserver as root 1158892684 M * doener ls -ld /{,vserver/{,foo/{,proc}}} 1158892688 M * doener (on the host) 1158892759 M * doener hm, s/vserver/vservers/ and replace foo with the vserver's name 1158892811 M * doener and check that the barrier is set on the directory right above the vserver's root, not the root itself (eg. /vservers, not /vservers/foo) 1158892949 M * Radiance it all looks good 1158892988 M * Radiance it has to do with vprocunhide 1158893010 M * Radiance (debian sarge) 1158893017 M * doener that would be "no such file" not "Permission denied" 1158893131 M * Radiance well i just saw vprocunhide doesn't exist 1158893131 M * Radiance i installed the latest util-vserver since the one in sarge is outdated 1158893132 M * Radiance but there is another package i need which most likely has this vprocunhide script 1158893136 M * Radiance checking.. 1158893208 M * doener the debian package uses /etc/init.d/util-vserver 1158893298 M * Radiance i know 1158893306 M * Radiance i need the newer util-vserver 1158893329 M * Radiance util-vserver conflicts with vserver-debiantools 1158893345 M * doener because they are obsolete 1158893370 M * Radiance well actually i only want that vprocunhide script 1158893379 M * Radiance is there a manual way to do this ? 1158893380 M * doener but why do you search for vprocunhide if you know that debian uses /etc/init.d/util-vserver instead? 1158893401 M * Radiance cause it worked on my other vserver 1158893434 M * doener they both call /usr/lib/util-vserver/vprocunhide... 1158893442 M * Radiance hmm 1158893445 M * doener no difference in that regard 1158893667 M * Radiance access("/proc/uptime"): Permission denied 1158893667 M * Radiance /proc/uptime 1158893677 M * Radiance guess that didn't matter indeed 1158893690 M * doener did you check the barrier? 1158893696 M * Radiance so i'm really wondering wtf happened, i followed all the steps i usually do 1158893737 M * Radiance what barrier ? 1158893765 M * doener the one that prevents the guest's root from breaking out of the chroot 1158893786 M * Radiance the vserver sits in /here 1158893794 M * Radiance on its own partition 1158893801 M * doener showattr -d /{,vservers/{,foo/{,proc/}}} 1158893881 M * Radiance it gives errors 1158893890 M * Radiance i fill in the name of the vserver but it gives nothing useful 1158893894 M * doener did you replace foo with the vserver's name? 1158893898 M * Radiance i did 1158893912 M * doener which errors? 1158893920 M * Radiance lstat(): No such file or directory 1158893920 M * Radiance lstat(): No such file or directory 1158893936 M * doener hm, but /vservers/foo does exist, right? 1158893960 M * Radiance no the vserver is: /test 1158893965 M * doener that won't work 1158893978 M * doener you need a directory between / and the vserver's root 1158893990 M * Radiance well it works on my other server just fine 1158894017 M * doener the util-vserver init-script has set the barrier on / now, which breaks util-vserver 1158894019 M * Radiance adjusted vdirbase and such 1158894064 M * Radiance the reason i did it and put it on its own partition is for quotas 1158894089 M * doener you can put it on its own partition on /vservers/test as well, can't you? 1158894092 M * Radiance BertI said it would work just fine 1158894118 M * Radiance test will never be able to access /vserver/quota-files 1158894124 M * Radiance so quotas won't work 1158894154 M * doener hm? aren't quota-files in /vservers/test/ then? 1158894162 M * Radiance they're in /test 1158894179 M * Radiance so the vserver can access them when it's active 1158894193 M * Radiance any other place won't work cause it can't get out to the host 1158894225 M * doener what's the difference between "mount foo /test" and "mount foo /vservers/test" that breaks your setup?! 1158894229 M * Radiance but anyway, this setup works like a charm on the other 2 servers 1158894243 M * Radiance i'm just in a lock here what i might have skipped or didn't see heh 1158894257 M * doener it works, but it is pretty sure vulnerable to chroot breakouts 1158894271 M * doener (your other box) 1158894272 M * Radiance if it is then any vserver is 1158894308 M * doener to prevent chroot breakouts, you need the barrier on /path/to/vserver-root/.. 1158894318 M * Radiance well to be honest no difference 1158894320 M * doener in your /test case that's /test/.. == / 1158894326 M * doener and that _breaks_ 1158894348 M * Radiance ok, i think that should be easy to adjust 1158894351 M * doener usually the barrier is on /vservers/foo/.. == /vservers 1158894356 M * doener which is fine 1158894358 M * Radiance but what about this proc permission issue ? 1158894389 M * doener the barrier stops you from accessing the directory it is set on once you're in a vserver context 1158894410 M * doener so util-vserver migrates into the context and looses access to / and everything else 1158894426 M * doener this happens while the vserver is starting 1158894452 M * Radiance ok so you think it's because it's located in /test ? 1158894471 M * Radiance the only difference with the other servers is the kernel version, they run on .7 and this one on .11 1158894475 M * doener that and because the more recent debian package sets the barrier correctly 1158894497 M * Radiance well i use the one from backports for sarge 1158894513 M * doener the old packages did set it on /var/lib/vservers only, the new one does The Right Thing 1158894574 M * doener if you use the same package on the other box, it might very well be, that you didn't reboot since the package upgrade and it will break when you do so 1158894583 M * doener (or run /etc/init.d/util-vserver manually) 1158894604 M * Radiance lemme fix that now, if it works then i can adjust the others too 1158894641 M * doener just move it to /vservers/test adjust the paths/config and re-run /etc/init.d/util-vserver afterwards to fix the barrier 1158894660 M * doener (or /var/lib/vservers/test if you prefer that, doesn't matter) 1158894756 M * doener Radiance: http://oldwiki.linux-vserver.org/chroot-barrier 1158894797 M * doener hm, nvm, doesn't contain what I thought it does 1158894834 M * doener just think of the barrier as a mega "chmod 000" for guests ;) _all_ access is denied, even for root 1158894938 M * doener you can check if the barrier is set on a certain directory using "showattr -d /path" 1158894969 M * doener if there's an upper case B, it is set. if it's a lower case b, it is not set. 1158895027 M * doener but in general the debian init-script takes care of that just fine (well, except for the /here vserver case which can't work that way) 1158895166 M * doener btw, your other box might get some chroot protection from the bindmount stuff that is done for namespace-enabled vservers, preventing the "usual" attacks, but I'd not rely on that 1158895202 M * doener afk for a while... probably back in about an hour 1158895239 M * Radiance ok thanks for the advise, looks like a connection breakdown is happening here so stuff is slow as shit moving on a horizontal plate 1158895572 M * essobi_ So.. doener Are you one of the core devs? 1158895589 M * essobi_ I hadn't read up on who's who in the vserver core.. 1158895611 M * essobi_ Radiance dd copy your other servers. :) 1158895632 M * essobi_ I find getting a setup that works and replicating the shit out of it seems to work good for me. :) 1158895886 M * Radiance access("/proc/uptime"): Permission denied 1158895939 M * Radiance the barrier stuff is now as it should be 1158896128 M * Radiance correction, the error is gone after using the .10 util-vserver 1158896159 M * Radiance another error, but this one is easy i hope :) 1158896301 M * Radiance ok works :) 1158896323 M * Radiance doener, thanks for the insight, been a long day here hehe 1158896743 M * doener essobi_: kind of ;) I'm primarily checking patches, doing semi-regular code auditions (or what I call audition *g*), help out on irc and complain about stuff I don't understand 1158896829 M * doener there's no real "part" of the project that I contributed, I just do a lot of little things 1158897786 M * essobi_ Weeeeee! 1158897789 M * essobi_ Sounds like fun. 1158898040 M * doener yeah, most of the time it is fun 1158898278 M * essobi_ Looks like I got rlinux all straightened out. 1158898279 M * essobi_ :) 1158898317 M * essobi_ vserver v1 stop isn't too happy thou.. Hehe 1158898342 M * essobi_ Start up is clean now thou. 1158898732 M * essobi_ ... 1158898734 M * essobi_ init: /dev/initctl: No such file or directory 1158898734 M * essobi_ Warning: Executing wildcard deletion to stay compatible with old scripts. 1158898734 M * essobi_ Explicitly specify the prefix length (72.1.64.146/32) to avoid this warning. 1158898734 M * essobi_ This special behaviour is likely to disappear in further releases, 1158898734 M * essobi_ fix your scripts! 1158898740 M * essobi_ WTF is that? 1158898774 M * doener the /dev/initctl is reboot (or poweroff) trying to talk to init 1158898818 M * doener the other error is because iproute got picky about not specifying a prefix for ip addresses and util-vserver does not yet provide one 1158898848 M * essobi_ Oh.. 1158898860 M * essobi_ Should I fix them? ;) 1158898870 M * doener If you dare *g* 1158898890 M * doener did you specify a prefix in /etc/vservers/foo/interfaces/0/prefix? 1158898896 M * essobi_ Umm. No. 1158898911 M * essobi_ What should be in prefix? 1158898920 M * essobi_ A netmask for the interface? 1158898924 M * doener maybe that already makes util-vserver provide the prefix to iproute and only the default case is broken 1158898961 M * doener a prefix ;) ie. the number of bits set in the netmask. netmask 255.0.0.0 == prefix 8. netmask 255.255.255.255 == prefix 32 1158899003 M * essobi_ Ah. 1158899004 M * doener if you don't need broadcasting, you're best off using 32 1158899036 M * essobi_ AFAIK I don't use any broadcasting.. 1158899056 M * essobi_ What about the /dev/initctl? 1158899059 M * doener http://www.linux-vserver.org/Frequently_Asked_Questions#If_I_shut_down_my_vserver_guest.2C_the_whole_Internet_interface_ethX_on_the_host_is_shut_down.__What_happened.3F 1158899071 M * essobi_ should I makedev? 1158899074 M * doener (about why a prefix of 32 is the easiest to use) 1158899091 M * doener (with 32 you only have primary addresses) 1158899128 M * doener initctl is a socket on which init listens. it's not required except for using "reboot" instead of "reboot -f" 1158899157 M * doener _both_ ways will cause a clean reboot of the vserver, it's not comparable to a real host 1158899201 M * doener if you want "reboot" to work, change the initstyle to "plain", that will spawn a init when starting the vserver (which means one additional, pretty useless, process per vserver) 1158899215 M * doener oh, don't change the init-style while the vserver is running ;) 1158899228 M * doener initstyle is set in /etc/vservers/foo/apps/init/style 1158899280 M * doener default is sysv, that means that util-vserver starts "/etc/init.d/rc 3" directly 1158899371 M * essobi_ I turned on promote. :) 1158899420 M * doener just means that you're safe not to use a prefix of 32, won't make the error message go away ;) 1158899507 M * essobi_ Ah.. 1158899509 M * essobi_ So umm. 1158899528 M * essobi_ What exactly is the clear way to view the "great flower page"? :) 1158899542 M * doener depends on your browser 1158899565 M * doener in Firefox it's View->Page Style->$YOUR_FAVORITE 1158899567 M * doener mine is gras1 1158899576 M * essobi_ I figured there would be some smart ass comment purchasing the flower first. ;) 1158899655 M * essobi_ I like weeedpage. 1158899673 M * doener i dislike the fixed bar at the top, distracts me ;) 1158899688 M * essobi_ Hehe.. 1158899693 M * essobi_ Unlike the flowers. 1158899702 M * essobi_ Anyways.. umm.. Mm. 1158899731 M * doener hm, 6:30am... I guess I should go to bed... 1158899746 M * Skram :)( 1158899760 M * essobi_ Nice. 1158899768 M * essobi_ It's 12:30am here. 1158899775 M * essobi_ *YAWN* 1158899810 M * doener hey Skram 1158899872 M * essobi_ Mmm... So can't I just not call reboot, but reboot -f in the halt script? 1158899881 M * essobi_ howdy skram 1158899908 M * doener essobi_: /etc/init.d/halt? that usually calls reboot -f -i -something-else 1158899928 M * doener at least on the distros that I've seen (few ;) 1158899931 M * essobi_ Not on rlinix.. :) 1158899950 M * essobi_ -f fixed it.. 1158899953 M * essobi_ BAH! 1158899967 M * essobi_ Adding a prefix and the promote is throwing an error now on shutdown.. 1158899968 M * essobi_ :| 1158899971 M * essobi_ Sending all processes the KILL signal... [ OK ] 1158899971 M * essobi_ Please stand by while rebooting the system... 1158899971 M * essobi_ ifdown: shutdown eth0: Permission denied 1158899971 M * essobi_ ifdown: shutdown eth0: Permission denied 1158899979 M * doener that's -i of reboot 1158899990 M * doener that causes it to try to shutdown the interfaces 1158900034 M * essobi_ No -i there.. 1158900036 M * essobi_ command="/sbin/reboot -f" 1158900083 M * doener hm, it's ifdown... try to grep for that in /etc/init.d or something... I'm not familiar with rlinux 1158900100 M * essobi_ right right.. 1158900149 M * doener ok, off to bed now... brain starts to show random outages ;) 1158900154 M * doener g'night! 1158900233 M * essobi_ Night. 1158901338 M * essobi_ Mmm.. Klogd appears to be failng to start on boot.. 1158901403 M * essobi_ wonder why.. 1158901417 M * daniel_hozac of the guest? 1158901431 M * essobi_ yea.. 1158901484 M * daniel_hozac well, your guest will need the syslog ccapability to get a virtualized syslog. 1158901512 M * daniel_hozac (note: syslog means the kernels syslog, i.e. klog ;)) 1158901523 M * essobi_ yea.. klogd isn't starting.. Mm. 1158901539 M * daniel_hozac otherwise it will not be able to access the klog. 1158901544 M * daniel_hozac and klogd will fail to start. 1158901579 M * daniel_hozac generally you just disable klogd inside guests, as the virtualized one doesn't ever log anything making the klogd a useless resource consumer. 1158901617 M * essobi_ Oh.. 1158901714 M * essobi_ So syslogd works fine, but klogd is useless? 1158901720 M * daniel_hozac right. 1158901726 M * essobi_ I'm understanding that correctly? Roger that.. 1158901784 M * essobi_ Cool.. starting and stopping rpath appears to be working fine now.. 1158901786 M * essobi_ :) 1158902495 M * Radiance guys, is CAP_NET_BIND_SERVICE really needed for bind9 ? i thought CAP_SYS_RESOURCE would do the job 1158902534 J * ido ~ido@ido.cs.uchicago.edu 1158902907 J * s0undt3ch_ ~s0undt3ch@bl7-246-193.dsl.telepac.pt 1158903172 P * ido 1158903269 Q * s0undt3ch Killed (NickServ (GHOST command used by s0undt3ch_)) 1158903269 N * s0undt3ch_ s0undt3ch 1158903588 Q * anonc Remote host closed the connection 1158904656 Q * cdrx Ping timeout: 480 seconds 1158905048 J * anonc ~anonc@staffnet.internode.com.au 1158906095 Q * mountie Ping timeout: 480 seconds 1158907394 J * meandtheshell ~markus@85-124-61-218.dynamic.xdsl-line.inode.at 1158907955 M * daniel_hozac Radiance: CAP_NET_BIND_SERVICE is given by default... 1158908184 J * cdrx ~legoater@242.32.96-84.rev.gaoland.net 1158908443 J * coocoon ~coocoon@p54A06B08.dip.t-dialin.net 1158908540 M * coocoon morning 1158908633 M * Radiance daniel, thanks :) 1158909397 Q * Nei Read error: Connection reset by peer 1158909987 J * Borg- ~borg@217.97.139.162 1158910929 J * Piet hiddenserv@tor.noreply.org 1158911101 J * dna_ ~naucki@178-221-dsl.kielnet.net 1158911298 J * yarihm ~yarihm@whitehead2.nine.ch 1158912340 Q * Loki|muh Read error: Connection reset by peer 1158912563 Q * shedi Quit: Leaving 1158912595 J * Loki|muh loki@satanix.de 1158912738 J * robig ~robig@83.221.253.44 1158912750 M * robig good morning :) 1158912817 M * daniel_hozac good morning. 1158912858 J * Piet_ hiddenserv@tor.noreply.org 1158913061 N * Bertl_zZ Bertl_oO 1158913092 Q * Piet Ping timeout: 480 seconds 1158913559 Q * Aiken Quit: Leaving 1158913971 J * Nei ~ailin@userv2.informatik.uni-leipzig.de 1158914523 M * meandtheshell daniel_hozac: morning daniel - looking around at the old_wiki http://oldwiki.linux-vserver.org/Linux-VServer I recognized we had some categories like "Development" (containing the ngnet stuff for example) which are not present within the new_wiki as of now - as far as I can tell ... 1158914523 M * meandtheshell My Question is: 1158914523 M * meandtheshell Are there plans to add those categories e.g. 1158914523 M * meandtheshell - important links 1158914523 M * meandtheshell - public relations 1158914525 M * meandtheshell - development 1158914525 M * meandtheshell - etc. 1158914527 M * meandtheshell also to the new_wiki or is the structure already a "static", meaning the content within the old_wiki/development etc. has to be incorporated somewhere (where then? which category@new_wike?) within the new_wiki? I'd like to port over the nget stuff etc. put I'm not gained the rights to create a new category "Development" at the right-hand-side of the main site of the new wiki. 1158914663 M * daniel_hozac meandtheshell: sorry, i don't really know much about how the wiki migration is supposed to work. you should probably talk to Hollow (when he gets back) or derjohn. 1158914732 M * meandtheshell daniel_hozac: I see - and I know that but asking you doesn't cost a nickle - so ... - you could have been known :) 1158914751 M * meandtheshell no problem - I'll ask the wiki experts when they're around ... 1158915276 M * gdm meandtheshell: it's a wiki :) 1158915286 M * gdm meandtheshell: constructive help welcomed from anyone!! 1158915294 M * gdm meandtheshell: jfdi ;-) 1158915306 M * gdm anyway, that's my opinion 1158915369 M * gdm meandtheshell: i cannot really speak for the "wiki migration team" as i have not been participating, but i would be super impressed if someone just pitched in and did something cool on a wiki i _was_ working on 1158915388 M * gdm meandtheshell: and anyway, maybe you have an idea that they didn't have 1158915396 M * gdm meandtheshell: and if they don't like it, they just revert or whatever 1158915435 M * meandtheshell gdm: well I know but as a matter of fact I'm not able to edit the main page in a way to add a new category 1158915448 M * meandtheshell Am I? 1158915586 M * meandtheshell gdm: I wasn't talking about "normal" content somewhere around the wiki - as you pointed out above its a wiki ... 1158915626 M * gdm meandtheshell: oh, you mean the bar on the left? 1158915664 M * meandtheshell gdm: exactly 1158915690 M * gdm ahh, i don't really know mediawiki that well, i use twiki more 1158915706 M * gdm meandtheshell: but maybe just start putting pages up, make an index page for your new topic 1158915728 M * gdm meandtheshell: and then email the wiki team and say 'hey, i gotta new topic, can you put a link to this' or something 1158915755 M * gdm what i reallly mean is, i wouldn't wait until they're around to ask, i would just do stuff 1158915759 M * meandtheshell I do it anyway - so what could be wront if I'll wait one more day or so until hollow made that new categy :) 1158915761 M * gdm and then get them to incorporate it later 1158915766 M * meandtheshell *wrong 1158915786 M * gdm nothing.. if you're still gonna have the time :) 1158915788 M * daniel_hozac meandtheshell: do you know how to edit the menu? i.e. what is required? 1158915976 M * meandtheshell daniel_hozac: first of all I wanted to know if the folks (Bertl, Hollow, derjohn, etc. ...) had already something special in mind with the main site as it looks right now (maybe the don`t want it like the old_wiki was?). When that question is answered in a way - let's say I got a go for a new category someone with rights to edit the main page (add a new category) and afterwards I'll port over that stuff ... :) 1158916042 M * meandtheshell ok the last sentence sound a bit odd :) 1158916049 M * daniel_hozac meandtheshell: well, the idea is to structure up the content a bit more. 1158916084 M * daniel_hozac meandtheshell: and merge similar pages. 1158916109 M * meandtheshell daniel_hozac: ok - I see - finally: where should old_wiki/developement go to? 1158916114 M * daniel_hozac meandtheshell: http://linux-vserver.org/MediaWiki:Sidebar can you edit it if you're logged in? 1158916143 M * daniel_hozac URL? 1158916168 M * meandtheshell http://oldwiki.linux-vserver.org/Linux-VServer 1158916177 M * daniel_hozac ah. 1158916178 M * meandtheshell --> Development 1158916240 M * daniel_hozac meandtheshell: btw, i think we're making _ the word separator for page titles. 1158916262 M * daniel_hozac i.e. ProblematicPrograms ought to be Problematic_programs 1158916313 A * meandtheshell has to spend some minutes in order to figure out the very challenging task of site-bar hacking :) 1158916418 M * meandtheshell daniel_hozac: the Problematic Programs thing is an example - i did some work on that stuff couple of days ago - now its without an underscore within the new_wiki "Problematic Programs" 1158916517 Q * Piet_ Ping timeout: 480 seconds 1158916519 M * meandtheshell whatever - I'll check how to edit the side-bar first ... 1158916530 M * daniel_hozac meandtheshell: what? 1158916569 M * meandtheshell adding a new category 1158916588 M * daniel_hozac so you can you edit the sidebar if you're logged in? 1158916635 M * daniel_hozac i.e. it doesn't say "locked to prevent abuse"? 1158916703 M * daniel_hozac meandtheshell: do you really think Development warrants a new category in the sidebar? i don't see anything really major there. 1158916722 M * daniel_hozac well, alpha+util-vserver, but that should be moved to Documentation. 1158916833 M * meandtheshell daniel_hozac: yes - imho Development should be a new category 1158916846 M * daniel_hozac and which pages do you think belongs there? 1158916900 M * meandtheshell all that stuff already there in the old_wiki and additional as its fits ... 1158916922 M * meandtheshell s/its/it/ 1158916924 M * daniel_hozac are you sure? 1158916944 M * daniel_hozac i really don't think alpha+util-vserver nor the legacy to new-style config converter belongs in Development. 1158916947 M * meandtheshell what is the alternative? 1158916966 M * daniel_hozac i really think it should be reorganized. 1158916974 M * daniel_hozac alpha+util-vserver should be somewhere under Documentation. 1158916998 M * meandtheshell ok - I see 1158917019 M * meandtheshell what about the ngnet stuff? 1158917026 J * mire ~mire@95-167-222-85.COOL.ADSL.VLine.verat.net 1158917026 M * daniel_hozac the ngnet stuff is mostly obsolete anyway. 1158917077 M * daniel_hozac there haven't been any new patches for months... 1158917090 M * meandtheshell hm ... ok then 1158917158 Q * Nei Read error: Connection reset by peer 1158917180 M * daniel_hozac the openfoundry links probably aren't as relevant anymore either, as util-vserver is now hosted at svn.linux-vserver.org. 1158917198 M * meandtheshell the the upshot is to port the alpha+util-vserver over into development I'd say - no? 1158917226 M * daniel_hozac s/development/documentation/ and i'd agree with you. 1158917234 M * meandtheshell pff- ... sure :) 1158917252 M * daniel_hozac but it should probably be renamed to Alpha_util-vserver 1158917281 M * meandtheshell ok 1158917318 J * Piet hiddenserv@tor.noreply.org 1158917362 M * meandtheshell well - I think I'll find the time to do it within the next 3-5 days - ok then - have to go for lunch now - back later 1158917381 N * meandtheshell meandthell_oO 1158917397 N * meandthell_oO meandtheshell_oO 1158917810 J * shedi ~siggi@dsl-149-109-85.hive.is 1158918514 J * lilalinux ~plasma@dslb-084-058-204-214.pools.arcor-ip.net 1158918587 J * acozzolino ~acozzolin@nat.fub.it 1158918620 M * acozzolino hi 1158918736 Q * cdrx Ping timeout: 480 seconds 1158918905 Q * acozzolino Quit: Ex-Chat 1158919904 J * Rohak ~roror@82-199-187-2.vallnet.nu 1158919910 N * Rohak Kowi 1158919919 M * Kowi hello 1158920005 J * acozzolino ~acozzolin@nat.fub.it 1158920028 M * acozzolino hi Bertl! 1158920038 M * Kowi does anyone know how to create a guest os with for, for example, debootstrap? i'm running grsec it doesnt work very well with chroot mounting proc =( 1158920141 M * acozzolino Bertl, do you remember me? my kernel "does not provide network virtualization", even if i have added "CONFIG_VSERVER_LEGACYNET=y" to my .config file...i'm disperate! 1158920382 M * coocoon acozzolino: u should disable all LEGACY options in the kernel and the reconfigure util-vserver with ./configure --prefix=/usr --mandir=/usr/share/man --sysconfdir=/etc --localstatedir=/var --with-vrootdir=/vservers --enable-apis=NOLEGACY 1158920424 M * acozzolino thanks coocoon...i'm going to try 1158920429 M * coocoon n/the/then 1158920892 J * mountie ~mountie@69.196.162.198 1158921260 M * ay_ I'm clustering vservers using drbd and running start and stop on vservers. But is there any way to "freeze" or "pause" vservers like xen? My guess is no since it's acctually running on the main server directly, but I might be wrong. 1158921325 Q * Kowi 1158921470 Q * lilalinux Remote host closed the connection 1158922019 N * |yang| yang 1158922796 J * dreamind ~dreamind@p54A7B2D5.dip0.t-ipconnect.de 1158922837 Q * dreamind 1158922845 J * dreamind ~dreamind@p54A7B2D5.dip0.t-ipconnect.de 1158922902 M * dreamind Hi folks :) 1158925909 N * meandtheshell_oO meandtheshell 1158926056 J * spq_ ~spq@dslb-084-063-010-137.pools.arcor-ip.net 1158926377 M * meandtheshell derjohn: I haven't looked at http://oldwiki.linux-vserver.org/Documentation for a couple of months. Where are all tutorials and howtos gone to? There was a huge bunch of them located there if I recall correctly. 1158926468 M * meandtheshell Haven't found them within the new_wiki too ... hm ... 1158926526 J * cdrx ~legoater@cap31-3-82-227-199-249.fbx.proxad.net 1158926846 J * zobel ~zobel@neualius.turmzimmer.net 1158926847 M * derjohn meandtheshell, I didnt change anything on the olf wiki (I even stopped writing new stuff to it during the time of transition). But there should be everythign where it was. 1158926990 M * meandtheshell derjohn: I see - than something happended before the beginning of the transition that I can't find all those stuff anymore 1158927041 M * coocoon meandtheshell: some are here http://wiki.linux-vserver.org/List_of_pages_not_migrated_yet 1158927194 M * meandtheshell coocoon: ahh - I see - here we go 1158927284 J * Kowix Kowix@c-a7a070d5.016-220-73746f23.cust.bredbandsbolaget.se 1158927286 N * Kowix Kowi 1158927291 M * zobel derjohn: btw, ipv6 kernels and utils on your site would be realy nice... 1158927361 M * Kowi anyone know how to mount proc in chroot with grsec installed? 1158927374 M * Kowi from inside chroot that is :P 1158927379 M * derjohn zobel, there is work in progress, I didnt dare to include bonbons v6 patch, but true: for a "bleeding edge" kernel it should be in. 1158927431 M * derjohn daniel_hozac: Is the ipv6 in guest patch cool enough to inlcude it for public? could it "harm" if someone doesnt use v6 at all? 1158927436 M * Kowi right now I can't use: vserver bla build -m deboostrap.. =( 1158927488 M * Kowi *debootstrap 1158927903 M * zobel is it possible to say in which scope an ip-address set for a vserver? 1158928339 M * derjohn zobel, as all IP are on the host I doubt that vserver has extra featires for doing so. We dont have virtualized nic yet, this is part of the NGnet, which is under (slow) development 1158929394 J * Piet_ hiddenserv@tor.noreply.org 1158929717 Q * Piet Ping timeout: 480 seconds 1158930065 J * dna___ ~naucki@62-237-dsl.kielnet.net 1158930138 M * spq_ are there test utils for the chroot barrier to check if it works? 1158930169 M * spq_ or a simple test binary, or some lines of code 1158930260 M * meandtheshell derjohn: FYI - page "Problematic Programs" has been transfered over to new wiki http://wiki.linux-vserver.org/List_of_migrated_pages 1158930309 Q * acozzolino Quit: Ex-Chat 1158930310 M * derjohn meandtheshell, this one should be migrated to the FAQ ;) 1158930340 M * meandtheshell derjohn: really?! hä? 1158930396 M * meandtheshell why that? - a stand-alone site is much better I guess - no? 1158930461 M * derjohn the FAQ is to be strictured in several sub-parts 1158930462 Q * Piet_ Ping timeout: 480 seconds 1158930466 Q * dna_ Ping timeout: 480 seconds 1158930486 M * meandtheshell I see 1158930491 N * dna___ dna_ 1158930512 M * meandtheshell but currently there's no structuring in place as far as i can see ... 1158930521 Q * dreamind Quit: dreamind 1158930524 M * derjohn but someone ( /me ) must sort or classify the FAQs first as they are gathered from many differnt single FAQs 1158930558 M * spq_ http://www.ampaste.net/3883 is this good? (the barrier attribute) 1158930580 M * meandtheshell right ... - well meanwhile the page "problematic programs" can hang around ... 1158930616 M * derjohn http://www.linux-vserver.org/Frequently_Asked_Questions_scratch 1158930625 M * derjohn meandtheshell, -> problematic 1158930726 M * meandtheshell I see - so you're are telling me right now I spend 2h for nothing since you did the job of copy paste fun right before - wtf :-) 1158930745 M * meandtheshell rm string 'are' 1158930791 M * derjohn well, I am sorry for creeating more effort to you, but currently I am stuck in $$ projects which have a higer prio here 1158930804 M * derjohn meandtheshell, but feel invite to help me with the FAQ! 1158930822 M * derjohn you are welcome .. if you are interested, we should discuss ! 1158930849 M * derjohn meandtheshell, and you had been warned. quote: CURRENTLY THE CONTENT OF THE OLD WIKI FAQ (AND MORE) IS BEING MIGRATED TO THIS PAGE (TASK: DERJOHN) 1158930890 P * robig 1158930906 M * meandtheshell it's all about the "AND MORE" :) 1158930975 M * derjohn well, e.g. there is "Software compatibility" and "Problematic Programs". Those should be in the same category. others cateogeories need to be re-sorted, too 1158930976 M * meandtheshell no problem - sure - I'll help here and there time allows - right now I'm a bit busy - let's talk later that day or so ... 1158930982 M * derjohn kk ! 1158930994 M * derjohn meandtheshell, you are weclome, really! 1158931020 M * meandtheshell Sehr schön :) 1158931101 N * meandtheshell meandtheshell_oO 1158931137 J * trippeh atomt@uff.ugh.no 1158931147 J * gcj ~chris@cmp245.neoplus.adsl.tpnet.pl 1158931173 M * gcj hi all, does anyone know why an RSS limit on a vserver might not be honoured? 1158931189 Q * mire Remote host closed the connection 1158931396 M * derjohn gcj, in which conf file did you set the limit? and you you know it's counted in pages, not in KB (i.e. factor 4 differnce) 1158931420 M * derjohn gcj, and the differnce between as and rss is clear ? 1158931468 M * gcj ok, that could well be it 1158931498 M * gcj /etc/vservers/noronha/rlimits/rss.hard 1158931499 M * gcj -> 128M 1158931611 M * derjohn oh 1158931613 M * derjohn no ;) 1158931648 M * gcj well, that does seem to work better (with 32K in that file, instead of 128M) 1158931653 M * gcj thanks :-) 1158931653 M * derjohn gcj, mv /etc/vservers/noronha/rlimits/rss /etc/vservers/noronha/rlimits/rss.hard 1158931673 M * derjohn gcj, cat /etc/vservers/noronha/flags ? 1158931675 M * gcj uhh, i have no "rss", only "rss.hard" 1158931688 M * gcj nor any flags file 1158931701 M * derjohn i never heard about the rss.hard file ... where is it form ? 1158931717 M * gcj bertl advised me to use it for procs limit 1158931728 M * gcj i think it sets the hard instead of the soft limit 1158931751 M * derjohn uhm, maybe ... i am not as enlightend as Bertl ;) 1158931803 M * derjohn i only heard about hard and soft limits when it comes to CPU stuff 1158931821 M * gcj it does seem to work, the limits are set correctly according to vlimit 1158931839 M * derjohn ok 1158931915 M * derjohn /etc/vservers/noronha/rlimits/rss.hard ... 128 M ? there is a 32xxxx number ? 1158932253 Q * Borg- Quit: leaving 1158932809 M * gcj I had 128M in there, i changed it to 32k 1158932823 M * gcj and it seemed to be working, but now the vserver has exceeded the limit again 1158932851 M * derjohn gcj, the file doesnt under stand "m" or "kb". only plain numbers ! 1158932859 M * derjohn gcj, pls cat /etc/vservers/noronha/rlimits/rss.hard 1158932885 M * derjohn gcj, (if the mighty Bertl did add magic within the last 4 weeks) 1158932887 M * gcj 32k 1158932901 M * gcj I will try 32768 1158932907 M * gcj but: 1158932917 M * gcj chris@top ~ $ sudo /usr/sbin/vserver-stat 1158932924 M * gcj 49158 22 626.8M 391.4M 0m18s61 0m02s20 19m27s20 noronha 1158932930 M * gcj chris@top ~ $ sudo /usr/sbin/vlimit -c 49158 -a 1158932936 M * gcj RSS N/A N/A 0x7d00 1158932956 M * gcj 7d00 is 32000 1158932964 M * derjohn 32768 --> these are 32768 * 4K = 131074 KB 1158932980 M * gcj yes, that's what I expected, but RSS is nearly 400M 1158932987 M * derjohn you can also cat /proc/virtual//limit 1158933027 M * gcj hmm, that shows: 1158933028 M * gcj RSS: 14960 17235 32000 0 1158933034 M * gcj so perhaps vserver-stat is wrong? 1158933059 M * derjohn gcj, you use stable or devel ???? 1158933079 M * gcj this is an old kernel (1 year old stable) but latest stable tools, I think 1158933269 M * derjohn gcj, I _assume_ hard vs soft limit stuff if only in (recent) devel .. 1158933327 M * derjohn gcj, devel looks like: 1158933328 M * derjohn root@herbert:~# cat /proc/virtual/120/limit 1158933328 M * derjohn Limit current min/max soft/hard hits 1158933328 M * derjohn PROC: 34 0/ 44 -1/ -1 0 1158933360 M * derjohn please mind the soft/hard part separated by / 1158933429 M * gcj hmm, must be some new kernel feature that I don't have 1158933468 M * derjohn gcj, I think the rss/as limits in stable _are_ hard limits 1158933492 M * gcj yeah, probably are 1158933510 M * gcj i think the limit is being enforced by the kernel, and vserver-stat is reporting the RSS wrongly 1158933544 M * derjohn well, cat /proc/virtual/120/limit works well, you even see how often the limit it hit 1158933640 M * gcj yep 1158933652 M * gcj i will ignore vserver-stat RSS for now 1158933654 M * gcj thanks for your help 1158933681 M * derjohn gcj, always welcome here! 1158933845 M * gcj this is a great forum, i'm very impressed with support for vservers 1158933861 M * gcj i wish there was a prize for best supported OSS project :-) 1158933907 M * derjohn well, if a free Java compiler appears here we have to help ;) 1158933908 M * spq_ l-vserver wouldnt win it :( the wiki is too bad atm, but i know it will change soon ;) 1158933937 M * derjohn spq_, feel free to extend it ! 1158933948 M * spq_ i feel free 1158933961 M * spq_ but im working on my knowledge of these vservers first 1158933972 M * spq_ dont wanna write stupid things :) 1158933987 M * spq_ ah and a question to the wiki 1158933995 M * gcj however good or bad the wiki is, it's really useful to be able to talk to real people if you have a problem 1158933995 M * spq_ what are those Template: things? 1158934038 M * spq_ i wanted to write some of the missing pages but only have seen those Template: pages and pages i dont know anything about 1158934062 M * spq_ s/and pages/and topics/ 1158934377 J * kinderchemie ~kinderche@c179049.adsl.hansenet.de 1158934380 M * kinderchemie hi 1158934390 M * gcj hiya 1158934474 M * kinderchemie perhaps today is somebody here. my question is not that complicated i think. i ve 2 running vserver. the host system has 3 ips each vserver has its own ip. but now i want to start 3 other vserver with the same ip to jail qmail,apache and ftp. is that possible? 1158934525 M * gcj kinderchemie, i don't think so, but you could possibly assign virtual IPs to some new interfaces for those services, and use DNAT to redirect ports to them? 1158934537 M * Wonka sounds like a case for security contexts, not for complete vservers 1158934561 M * Wonka which are possible with the vserver patches too 1158934564 M * gcj actually, you might be able to share an IP between multiple vservers, i never tried it 1158934575 M * gcj have you tried configuring them all with the same IP? 1158934602 M * kinderchemie i tried to start 2 on the same ip but i get an error like rtlink is allready open or something 1158934610 M * kinderchemie forgot about the error message ;) 1158934626 M * kinderchemie wonka: and how? 1158934627 M * Wonka gcj: that doesn't work, the ip assignment will fail 1158934641 M * kinderchemie or where can i read about it wonka? 1158934658 M * Wonka kinderchemie: erm. dunno. i don't do such things (yet). search the web, there was such a thing in older docs. 1158934679 M * Wonka gcj: we tried it by accident :) 1158934764 M * kinderchemie wonka: the documentation about vserver is really poor i think. a also try to find out how to assign ram and cpu to the vservers becaus i dont want them to ve access to the hole ram and cpu power 1158934801 M * Wonka kinderchemie: for those topics, there's the big flower page 1158934859 M * kinderchemie wonka: where? 1158934876 M * Wonka linux-vserver.org somewhere 1158934908 M * derjohn spq_, you dont need templates, you can wikicode straight on 1158934936 M * spq_ kinderchemie, use the nodev file and give two huests the same ip 1158934953 M * Wonka kinderchemie: anyway, for putting several servers into own vservers, this could be applicable: http://linux-vserver.org/Frequently_Asked_Questions#If_my_host_has_only_one_a_single_public_IP.2C_can_I_use_RFC1918_IP_.28e.g._192.168.foo.bar.29_for_the_guest_vservers.3F 1158934981 M * spq_ s/huests/guests/ 1158935008 M * Wonka kinderchemie: http://linux-vserver.org/Frequently_Asked_Questions also has stuff about resource limits 1158935067 M * Wonka aaaargh. why doesn't http://linux-vserver.org/Frequently_Asked_Questions#What_is_the_.22great_flower_page.22.3F link to the darn flower page? 1158935077 M * kinderchemie heeh ok 1158935080 M * kinderchemie thx wonka 1158935382 M * gcj kinderchemie, the RFC1918 question/answer describes using SNAT, but you probably want DNAT as well for incoming connections 1158935410 M * kinderchemie never heard about snat and dnat sorry 1158935469 M * kinderchemie i will read about it 1158935654 M * spq_ kinderchemie, i think u dont need this, just give two guests the same ip, the will share this ip 1158936235 M * spq_ how can i find out how big the memory pages are? 1158936426 M * gcj spq_, they are usually 4K, it is compiled into the kernel 1158936469 M * gcj i think it depends on the hardware architecture actually, so pages on i386 are always 4k? 1158936475 M * spq_ ok, is it in the config og a header? 1158936858 M * doener morning folks 1158936886 M * derjohn doener, hi ! 1158936916 M * doener daniel_hozac: did you see my namespace proposal thingy? 1158936982 M * daniel_hozac doener: yeah, makes sense to me. 1158937064 M * gcj spq_, write a C program to call getpagesize() ? 1158937088 M * doener the only downside I currently see is that the vserver should not be able to change the shared subtree flags, cause that would break the 2<->3 link 1158937105 M * doener but then again, a vserver user usually may not mount anything himself anyway 1158937480 M * nox /lastlog 6.18 1158937483 M * nox oops 1158937488 M * doener heh 1158937800 M * doener daniel_hozac: could you parse the namespace test in "vserver" for me? When does it spawn a new namespace? 1158938045 M * gcj can someone give me some examples of resource limits that they use? does 200 procs, 1.1G VM, 128M RSS seem reasonable? 1158938237 M * gcj also, anyone configured munin to monitor vserver memory usage, as derjohn suggests? 1158938274 M * derjohn gcj, h01lger wrote the plugin. he's sometimes on this channel, too 1158938286 M * gcj great, i'll watch out for him, thanks 1158938301 M * gcj is the plugin available somewhere, e.g. for download? 1158938338 M * derjohn gcj, yes, in h01gers svn repo on the debian servers. google for it. 1158938376 Q * yarihm Quit: Leaving 1158938396 Q * meandtheshell_oO Quit: exit (0); 1158938436 M * gcj gotcha, thanks 1158938575 J * Curus ~Curus@kbhn-vbrg-sr0-vl209-213-185-8-10.perspektivbredband.net 1158938595 M * Curus Does anyone know what happened to the rpm repository cru-vps? 1158938625 M * Curus Or naturidentisch.de 1158938773 M * Curus It was a very handy place to get the vserver fakekernel etc. 1158938861 M * Curus Now it's just refusing access. Of course it could just be me it doesn't like 1158938968 J * stefani ~stefani@tsipoor.banerian.org 1158939226 M * doener daniel_hozac: nvm, found the bug in my parsing... 1158939617 Q * kinderchemie Quit: Leaving 1158940451 N * nokie nokoya 1158942051 M * gcj spq_, you can find the pagesize thus: 1158942064 M * gcj perl -MPOSIX -e 'print POSIX::sysconf(_SC_PAGESIZE), "\n";' 1158942071 M * gcj (thanks to h01gers) 1158942164 Q * node Quit: Lost terminal 1158942533 M * Kowi anyone got a solution for this:? i'm running grsec, and debootstrap fails when i try to use vserver .. build (when it tries to mount proc). 1158942564 J * node ~dwindsor@stanford.columbia.tresys.com 1158942628 M * daniel_hozac Curus: yeah, i don't know what happened, have you tried emailing Cru? 1158942654 M * daniel_hozac Kowi: did you configure grsec the way harry's README tells you to? 1158942665 M * daniel_hozac Kowi: http://people.linux-vserver.org/~harry/_README_ 1158943371 M * Kowi hmm I'm gonna take a look at that now, thanks =) 1158943410 M * doener wow, GPLv3 really failed amongst kernel maintainers 1158943456 M * doener http://lkml.org/lkml/2006/9/22/176 1158943905 M * daniel_hozac hehe. 1158944378 M * Roey ah 1158946277 Q * gcj Quit: Leaving 1158947721 M * Kowi daniel_hozac: nope, doesn't work 1158947800 M * Kowi i keep ketting "mount: permission denied" when trying to mount while chrooted 1158947962 M * doener Kowi: I'd expect that you kept a chroot enhancement turned on that you should have turned off 1158948038 M * Kowi hmm 1158948216 M * Kowi lol 1158948232 M * Kowi well i could try compiling with grsec security level custom instead of high 1158948246 M * Kowi =P 1158948260 M * doener yeah, high is bound to break, see harry's README 1158948274 M * Kowi i thought i had set custom, stupid me hehe 1158948534 J * meandtheshell ~markus@85-124-140-71.dynamic.xdsl-line.inode.at 1158948569 J * bluelines ~bronson@c-71-198-75-160.hsd1.ca.comcast.net 1158949331 M * yang doener: any idea what could access port 2607 ? 1158949435 M * doener ospfapi 2607/tcp # OSPF-API 1158949435 M * yang doener: it identifies as inetd 1158949448 M * yang what is that OSPF? 1158949456 M * doener that's what /etc/services says 1158949476 M * Kowi open shortest path first 1158949492 M * Kowi aargh slow kernel compile 1158949495 M * Kowi =P 1158949522 M * yang hmmm 1158949536 M * Kowi its used for network routing 1158949559 Q * s0undt3ch Read error: Connection reset by peer 1158949561 J * s0undt3ch ~s0undt3ch@82.155.69.225 1158949573 M * Kowi hmm, yeah I found this: http://en.wikipedia.org/wiki/OSPF 1158949894 M * spq_ Kowi, i switched on the high level, modified the .config to switch to custom and enabled the chroot security settings as harry did 1158949921 M * spq_ so you have the high setting but working with vserver 1158950118 M * Kowi you switched on high level and set it to custom in the .config?=P 1158950352 M * Kowi as in you set CONFIG_GRKERNSEC_CUSTOM=y, or did you leave _HIGH=y and did the harry-modifications? 1158950438 Q * daniel_hozac Remote host closed the connection 1158950450 J * daniel_hozac ~daniel@c-2c1472d5.010-230-73746f22.cust.bredbandsbolaget.se 1158951513 J * tatiane_ ~tatiane@201009039217.user.veloxzone.com.br 1158951626 Q * cdrx Ping timeout: 480 seconds 1158951788 J * gerrit_ ~gerrit@1153ahost99.starwoodbroadband.com 1158952408 Q * Roey Quit: Leaving 1158952434 J * Roey ~katz@h-69-3-4-130.mclnva23.covad.net 1158952499 J * comfrey ~comfrey@h-64-105-215-75.sttnwaho.covad.net 1158953384 M * derjohn2 yang, ospf is usually done by a daemon/package called quagga or maybe zebra 1158953664 M * yang right, its related to ipv6 pop 1158954137 J * Blissex ~Blissex@82-69-39-138.dsl.in-addr.zen.co.uk 1158954626 J * LokNessMobster ~tom@68-187-206-090.dhcp.ahvl.nc.charter.com 1158954707 P * LokNessMobster 1158955295 Q * sladen Ping timeout: 480 seconds 1158956047 J * sladen paul@starsky.19inch.net 1158956436 Q * shedi Quit: Leaving 1158956886 M * yang chbind: vc_set_ipv4root(): Function not implemented 1158956888 M * yang how can i avoid this error http://paste.debian.net/13526 1158956912 M * yang is it related to old util-vserver package? 1158956965 M * yang ii util-vserver-64ip 0.30.209-2 tools for Virtual private servers and contex 1158956982 M * doener too old for non-legacy network kernels 1158957041 M * yang ok 1158957504 M * yang but the normal util-vserver supports how many maximum IP's in guest 1158957526 M * yang I used to have 30 IPs in one, but with some patch i think 1158957603 M * spq_ 8 or 16 i think 1158957743 M * daniel_hozac 16. 1158957752 M * daniel_hozac you can still raise it though. 1158957793 M * yang daniel_hozac: that means i should add the 64-IP patch to it? 1158957802 M * daniel_hozac right. 1158958132 M * yang daniel_hozac: is there a debian package allready made with -64IP patch? 1158958220 Q * micah Ping timeout: 480 seconds 1158958322 M * yang the patch is hidden somewhere on the old wiki 1158958478 Q * Zaki Remote host closed the connection 1158958495 Q * tatiane_ Quit: Leaving 1158958566 M * yang There is a 64-IP patch available, which is in "derjohn's kernel", you need extra util-vserver anyway) 1158958572 J * micah ~micah@micah.riseup.net 1158958680 M * essobi_ Hey umm.. where's the start up scripts that create /proc/ for the vservers? 1158958731 M * doener create == mount? 1158958796 M * doener vserver.functions, search for fstab in that file 1158958944 M * essobi_ I've got some crazy app that's looking for /proc/ide 1158958958 M * essobi_ And It's not getting created when the server get's started.. 1158959246 M * coocoon daniel_hozac: ping 1158959297 J * mire ~mire@95-167-222-85.COOL.ADSL.VLine.verat.net 1158959415 M * yang derjohn: planing to do an update on http://linux-vserver.derjohn.de/util-vserver-64-ip/ ? 1158959650 M * daniel_hozac coocoon: pong 1158959685 M * daniel_hozac essobi_: that means it's not unhidden. nothing is ever "created". 1158959695 M * essobi_ Uh.. 1158959705 M * essobi_ How do I unhide it? 1158959706 M * essobi_ :) 1158959716 M * derjohn2 yang: util-vserver-64ip is fomr /me and pretty long time not updates 1158959717 M * daniel_hozac setattr --~hide /proc/ide/ 1158959717 M * derjohn2 * 1158959721 M * derjohn2 *updated 1158959746 M * yang derjohn: yes i know...Well I limited my IPs to 16 now since you don't have an update 1158959782 M * derjohn2 hm, I think I made one some time ago, bud forgot to upload. 1158959793 M * derjohn2 but you solved the problem meanwhile ;) 1158959794 M * yang maybe it's even better like this, so i can have more guests 1158959812 M * daniel_hozac what? 1158959866 M * derjohn2 daniel_hozac, did you update the ipv6 patch to rc35? I merged the rejects,but when compiling there are errors about redefining some (?) functions 1158959890 M * daniel_hozac derjohn2: not yet, have you checked with bonbons? 1158959918 M * derjohn2 nope, didnt see him today. on his homepage the patches stop somewhere at 2.6.18.x 1158959937 M * derjohn2 i'll mail him ... 1158959956 M * derjohn2 and what about devel rc35 2.6.18 ? 1158959968 M * coocoon daniel_hozac: sorry but need some information for vcd howto on wiki and hope u can give it to me 1. a short description about vwrappers and 2. also a short description for lucid 1158960023 M * daniel_hozac coocoon: umm, i have no idea what vwrappers is, but AFAIK lucid is a library full of useful utility functions. 1158960038 M * coocoon vserver utilities 1158960041 M * coocoon ? 1158960056 M * daniel_hozac hmm? 1158960063 Q * meandtheshell Quit: exit (0); 1158960087 M * coocoon ok will have a look for it thanx a lot, takes no long time than i am ready 1158960287 M * spq_ where is this 64ip patch? 1158960312 M * derjohn2 spq_, utils or kernel side? you need both 1158960326 M * spq_ yea both 1158960333 J * goblin ~jaaa@sr-fw1.router.uk.clara.net 1158960343 M * goblin ahh hi guys :-) 1158960348 M * spq_ hi 1158960373 M * goblin I'm desperately trying to find some kind of documentation about what actually happens when I type vserver start 1158960376 M * derjohn2 spq_, here is my dpatch dir http://linux-vserver.derjohn.de/dpatch/dpatch-directory-2.6.17.11-rc31/ 1158960379 M * goblin because I can't figure it out 1158960393 M * derjohn2 there is the kernel side in, it's just onbe line to change. 1158960409 M * derjohn2 in this case 256ip, but you can type 64 instead 1158960416 M * spq_ hm, why not include it in the normal release? 1158960432 M * goblin it looks like some init is run, but it doesn't look like neither the main system's init nor like the vserver's one 1158960435 M * derjohn2 spq_, performance any maybe memory issues 1158960440 M * spq_ ? 1158960458 M * spq_ i thought about a kernel config option 1158960470 M * derjohn2 spq_, is a linear search/lookup on every paket inspection, the longer the thing gets, the more slowly it gets ;( 1158960491 M * spq_ hm? what do u mean? 1158960546 M * derjohn2 the data stucture within the kernel. if it was a hash or tree, it would be lightning fast, but linear gets slow on long lists (of IPs) 1158960559 M * daniel_hozac goblin: that depends entirely on the init-style. 1158960600 M * spq_ ok, but if users want it they should be able to have it without patching the source 1158960612 M * goblin daniel_hozac, hm. the one in /etc/vservers/vserver-name/apps/init/style? I don't have such a file 1158960632 M * daniel_hozac goblin: so sysv then. 1158960652 M * daniel_hozac goblin: should just run /etc/{init,rc}.d/rc . 1158960675 M * goblin hmm 1158960684 M * derjohn2 spq_, as you have to patch the utils too, it better this way. Only a global change would be useable for everyone, i.e. the tools should as the kernel "how many IP per guest do you support?" ... it's simple: no one wrote that patches yet. 1158960720 M * derjohn2 besdies that:; imagine peope putting 512 IP in a guets and then complain linux-vserver is "slow" ... we dont want that ;( 1158960749 M * goblin daniel_hozac, do you happen to know if it actually runs /bin/sh /etc/something/rc, or passes it to exec() syscall directly (I mean, can I make /etc/init.d/rc a binary file?) 1158960798 M * derjohn2 *besides *people ... 1158960811 M * daniel_hozac directly. 1158960841 M * goblin daniel_hozac, thanks 1158960929 M * goblin well, here's my problem, actually. I built a new vserver with -m skeleton, I created a simple hello world program in C, and copied the binary as /etc/init.d/rc in my vserver 1158960952 M * goblin when I try to run a vserver start, I get No command given; use '--help' for more information. 1158960976 M * goblin and then An error occured while executing the vserver startup sequence; when there are no other messages, it is very likely that the init-script () failed. 1158961010 M * daniel_hozac is it executable? 1158961045 M * goblin yes 1158961049 M * goblin and statically linked 1158961115 M * daniel_hozac derjohn2: i haven't tested this in any way, but the reject was fairly obvious: http://people.linux-vserver.org/~dhozac/p/k/delta-2.6.17.13-vs2.1.1-rc35-ipv6.diff 1158961246 M * derjohn2 daniel_hozac, if the fails weren't obvoius I would not have been able to merge them ... I bet yours will fail, too, but I press thumbs ;) 1158961254 M * derjohn2 (I'll try now) 1158961321 M * daniel_hozac derjohn2: how did it fail? 1158961399 M * derjohn2 daniel_hozac, i'll show next time ... i compiled within a "screen bash" and the shift - page up keys doesnt work there, read: I lost it in the buffer ! 1158961442 M * goblin derjohn2, use screen's ^A [ and uparrow 1158961442 M * daniel_hozac ah. 1158961472 M * goblin if you've still got the screen open 1158961477 P * stefani I'm Parting (the water) 1158961482 M * derjohn2 goblin, i'll try 1158961609 M * derjohn2 goblin, cool, that works, but now my buffer is too small as I compiled a new kernel (without v6) afterwards ... 1158961615 M * derjohn2 I'll try daniels patch now 1158961653 M * goblin yeah, the default one is small 1158961675 M * goblin try ^A : and type scrollback 10000, for example 1158961699 M * derjohn2 i'll pimp it with the pills they always send me ads for, ;) 1158961700 M * goblin but you won't retrieve lost lines this way ;-) 1158961700 M * derjohn2 k 1158961709 M * doener derjohn2: if you want to see errors/warnings only, use "make -s" 1158961735 M * derjohn2 doener, make-kpkg make -s ? 1158961768 M * derjohn2 it's aeons ago, that /me compiled kernels with standard make 1158961774 M * doener no idea if make-kpkg can use that option... but you can make first and package it with make-kpkg later 1158961781 M * derjohn2 true 1158961992 M * derjohn2 how has the user's ".public_html" have to be named?? 1158962017 M * daniel_hozac remove the dot? 1158962139 M * doener Joe User: no, "remove the dot" does not work either! 1158962146 M * derjohn2 hey, it aeons ago that I used userdir html ..but yes, only no dot is good dot! 1158962205 M * derjohn2 ah, follow symlinks is on. fine. 1158962292 M * goblin do you know some good piece of documentation to read if I want to use vserver in a Linux From Scratch? (i.e., not Debian nor Ubuntu?) 1158962322 M * doener LFS as host? That should work straight-forward 1158962328 M * doener install the kernel, install the tools, done 1158962346 M * goblin doener, that's what I thought :-) 1158962386 M * goblin but, as I say, the error I get now looks like "No command given; use '--help' for more information." 1158962423 M * doener did you try "vserver --debug foo start"? 1158962430 M * goblin it must come either from chcontext, reducecap or vcontext :-) 1158962432 M * goblin no 1158962450 M * doener (provide the output on paste.linux-vserver.org if it doesn't get you any further) 1158962450 M * goblin oh, that's cool 1158962638 M * goblin it's running a horrendous chbind command :-) 1158962741 M * spq_ derjohn2: yea thought about this (supported ip count) (giving the info in a file in proc/sysfs), ill try it 1158962748 M * derjohn2 goblin, after ^A [ i am in some kind of command mode ... how can I switch back to normal mofr 1158962774 M * goblin derjohn2, either hit ESC twice or press [ again 1158962783 M * derjohn2 spq_, for someone speaking C it should be a huge problem to write the patch. 1158962851 M * spq_ derjohn, why? 1158962873 M * spq_ arent there already some proc files? 1158962878 M * derjohn2 why? because the changes should be minimal 1158962882 M * spq_ ah 1158962889 M * spq_ huge... 1158962899 M * coocoon daniel_hozac: sorry but i need the "svn co url", maybe u can send me the url for util-vserver 1158962901 M * derjohn2 spq_, not that I am aware of. the max number of Ips is a #define that is not exported 1158962924 Q * fluor Quit: . 1158962925 M * derjohn2 errrggg * not a huge .... 1158962930 M * spq_ :) 1158962931 M * spq_ yea 1158962949 J * leta4 ~dimitar@87.97.201.154.eth.ggbit.net 1158962952 M * derjohn2 spq_, the /proc approach would be nice, too 1158962964 M * spq_ some infos could be exported i think 1158962999 M * derjohn2 goblin, it got stuck when I ^A scrollback 1ooo 1158963017 M * goblin ^A ^Q 1158963018 M * goblin ;-) 1158963030 M * goblin you probably forgot about the colon (:) after ^A 1158963039 M * derjohn2 goblin, sry for bugging you. yep that works ;) 1158963043 M * goblin and pressed ^A s which caused a scrolllock 1158963082 M * derjohn2 goblin, aaaaaaaaaaaahh ! yeah, fine. screen is still evil magic ,) 1158963086 M * coocoon daniel_hozac: have it sorry 1158963106 M * goblin derjohn2, not a problem :-) 1158963183 M * doener derjohn2: as long as you find someone to cast the runes for you, all is fine, right? ;) 1158963191 M * goblin ok, here's the output from my vserver --debug samba start: http://uukgoblin.net/f 1158963225 M * goblin if that's of any use 1158963278 Q * leta4 Quit: Leaving 1158963281 M * doener goblin: /usr/local/etc/vservers/samba/vdir//etc/init.d/rc was not found (or is not executable) 1158963281 M * derjohn2 goblin, what is the problem with that guest? 1158963297 M * derjohn2 ah 1158963304 M * derjohn2 and maybe: "Explicitly specify the prefix length (10.1.0.100/32)" 1158963323 M * derjohn2 (not related to the init problem though) 1158963344 M * derjohn2 doener, BTW:nice photo on the devel's list 1158963366 M * doener my hair is shorter now, but I look as stupid ;) 1158963369 M * goblin doener, right, I've switched to a different fs now... 1158963372 M * goblin one sec... 1158963419 M * doener goblin: there are some symlinks in the config tree, make sure they point to the right place 1158963463 N * Bertl_oO Bertl 1158963470 M * derjohn2 I think about adding me as FAQ-writer-developer .... really lame, but the foto would fit, nor? http://www.derjohn.de/pics/john-atthegates.jpg 1158963470 M * Bertl evening folks! 1158963482 M * derjohn2 Bertl, I hope you slept well ;) 1158963503 M * Bertl well, I wish I had slept at all :) 1158963505 M * doener *lol* 1158963558 M * doener Bertl: http://people.linux-vserver.org/~doener/double_namespace_setup.txt -- current status, including description of what I want ;) Fighting against util-vserver and bash now ;) 1158963575 M * Bertl what's the score? 1158963592 M * goblin doener, nope, I'm really really sure it exists and is executable: 1158963602 M * goblin /usr/local/etc/vservers/samba/vdir//etc/init.d/rc 1158963612 M * goblin results in "hello world" output, as expected 1158963632 M * goblin and when I do a "file" on it, it reports it as /usr/local/etc/vservers/samba/vdir//etc/init.d/rc: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.6.0, statically linked, for GNU/Linux 2.6.0, not stripped 1158963640 M * doener Bertl: UV 5 : 1 poor me 1158963642 M * Bertl goblin: what about the hashbang line? 1158963656 M * goblin Bertl, it's a binary, see above 1158963662 M * goblin lemme try to make it a real script... 1158963666 M * doener Bertl: does test -x even care about that? 1158963679 M * Bertl ah, okay, binary, what about the libraries then? 1158963688 M * goblin Bertl, statically linked, see above :-D 1158963702 M * yang Bertl: hey, how's it going with SGI ? 1158963709 M * Bertl goblin: nice .. I'm off to bed then ... :) 1158963719 M * Bertl nah, not yet .. but soon :) 1158963753 M * goblin the same happens if I make it a bash script. no output from it at all, only the "No command given" 1158963754 M * Bertl yang: no real progress today, but I will address it tomorrow ... 1158963757 M * spq_ are these rlimits okay: as: 32 rss: 128 ? 1158963779 M * spq_ i want 128mb ram 512 ram+swap 1158963780 M * yang Bertl: ok good night ! 1158963787 M * goblin yeah, I guess end of the week friday evening isn't good for thinking... I'll head to bed too 1158963806 M * Bertl spq_: typically those values are pages a 4k 1158963808 M * yang lets all go to bed, yes ! 1158963830 M * derjohn2 spq_, several zeros are missing in your rlimits files ... 1158963835 M * goblin don't be so enthusiastic though, I'll bug you again tomorrow :-D 1158963836 M * spq_ Bertl, so this should be okay? 1158963845 M * goblin thanks for your help so far guys :-) 1158963863 M * Bertl spq_: if 32x4k is enough for your purposes, yes :) 1158963879 M * derjohn2 spq_, 32*4 KB = 128 KB , not MB ! 1158963893 M * spq_ 32pages * 4096kb / 1024kb = 128mb 1158963897 M * spq_ ah 1158963907 M * Bertl 4k not 4M 1158963909 M * spq_ * 4096 byte not kb :) 1158963915 M * derjohn2 :) 1158963973 M * spq_ as: 32768 rss: 131072 1158963980 M * spq_ should be what i want, right? 1158964059 M * spq_ hm 1158964073 M * spq_ without rlimits it works fine but with: http://www.ampaste.net/3888 1158964276 M * derjohn2 512 MB RSS is not very much, but for the init it should be ok. 1158964294 M * spq_ yea, this is currently just a testing machine 1158964303 M * spq_ it only has 512 ram and 2g swap 1158964338 M * spq_ but currently no guest is running 1158964352 M * spq_ what could causing this? 1158964354 M * derjohn2 spq_, keep in mind that RSS != VM. a process can "reserve" tons of RSS without ever using it, and this it need much less ""VM" 1158964368 M * spq_ hm 1158964377 M * spq_ yea, ill play with these values 1158964384 M * spq_ but currently it doesnt evenwork 1158964388 M * doener derjohn2: the other way 1158964395 M * derjohn2 did you try to start with --debug to look what process 4483 is ? 1158964433 M * derjohn2 doener, hmmmm 1158964464 M * derjohn2 eh .... AS=VM RSS=Physical mem ... ? 1158964484 J * _node node@c-69-143-148-254.hsd1.md.comcast.net 1158964493 M * derjohn2 spq_, swap AS and RSS numbers ... 1158964496 M * doener not sure about AS/VM, but RSS is the actually used amount 1158964509 M * derjohn2 AS must be > RSS 1158964557 M * derjohn2 doener, IMVHO the AS != VM. Bertl pointed out the might be AS "reserved" (word???) but not be used in a sense of "VM used". 1158964562 M * spq_ still the same problem 1158964562 M * derjohn2 or so ;) 1158964576 M * derjohn2 --debug ? 1158964696 M * doener spq_: the highest value I see after starting a Mysql+Apache vserver is VM, which max'ed at 108799 1158964703 M * spq_ http://www.ampaste.net/3889 1158964753 M * spq_ i cant read much in this list 1158964789 M * spq_ s/list/debug output/ 1158964820 M * doener bah, I'm not sun-compatible... 1158964837 M * doener returned from Egypt 3 weeks ago and still loosing lots of skin 1158964862 M * Bertl hehe 1158964887 M * Bertl okay, I'm off to bed for today ... have a good one everyone! cya! 1158964893 M * doener good night Bertl 1158964894 N * Bertl Bertl_zZ 1158964906 M * derjohn2 Bertl, n8 and thanks for the short visist ;) 1158964909 M * derjohn2 *visit 1158965585 M * spq_ whats wrong with the vserver list archives? 1158965602 M * spq_ and derjohn2, do u have an idea whats wrong with those rlimits? 1158965660 M * derjohn2 spq_, no. I use them but the line that fails conatins the word "ulimit". might it be that some inits wants to set a ulimit higher then the rlimit allows? 1158965679 M * spq_ probably, ill check 1158965708 M * spq_ hmm 1158965721 M * spq_ it contains ulimit and many others 1158965729 M * spq_ it is a long line 1158965741 M * spq_ ill check whats the diff in this line with and without rlimits 1158965754 M * derjohn2 good idea ! 1158966095 Q * bluelines Ping timeout: 480 seconds 1158968461 Q * mire Remote host closed the connection 1158968476 Q * Blissex Remote host closed the connection 1158968747 Q * dna_ Quit: Verlassend 1158968804 J * mire ~mire@243-167-222-85.COOL.ADSL.VLine.verat.net 1158968931 M * coocoon http://linux-vserver.org/VServer_Control_Daemon_HowTo