1161648115 M * dodgi Bertl well i have run sshd 1161648127 M * dodgi but i cant connect 1161648145 M * Bertl hmm, maybe your host is running sshd too? 1161648158 M * Bertl if so, it needs to be restricted to host ips 1161648165 M * dodgi ach 1161648167 M * Bertl otherwise you will always end up on the host 1161648169 M * dodgi understand 1161648185 M * dodgi alright got it 1161648185 M * Bertl or just use a different port for the guest sshd 1161648190 M * dodgi ohh yes 1161648192 M * dodgi i us 1161648194 M * dodgi difrent 1161648219 M * dodgi localhost irssi-0.8.10 # /etc/init.d/sshd start 1161648219 M * dodgi * WARNING: "sshd" has already been started. 1161648228 M * dodgi but ps aux didint show me sshd running 1161648256 M * Bertl try to stop it 1161648262 M * Bertl then start it again 1161648278 M * dodgi localhost ~ # /etc/init.d/sshd stop 1161648278 M * dodgi * Stopping sshd ... [ !! ] 1161648286 M * dodgi i even dont know how to kill it 1161648295 M * Bertl is it really running? 1161648300 M * dodgi i run it 1161648306 M * dodgi but ps aux didint shoe me 1161648422 M * Bertl well, I would guess that you 'tried' to start it, but as the host 1161648433 M * Bertl already got a running sshd, the sshd itself failed 1161648450 M * Bertl and just the 'runlevel' management system 'thought' it got started 1161648490 Q * kaner Remote host closed the connection 1161648492 J * kaner kaner@strace.org 1161648516 M * dodgi so what to do then? 1161648518 M * doener dodgi: zap it 1161648528 M * dodgi dodgi: zap it? 1161648539 M * doener /etc/init.d/ssh zap 1161648559 M * dodgi lemmy try 1161648606 M * dodgi again its run but ps aux didnt show me 1161648631 M * doener did you restart the host's sshd after limiting its ip addresses? 1161648650 M * dodgi doener: its workig on local vserver 1161648670 M * Bertl if you use the _same_ port, it will clash with the host's sshd 1161648696 M * Bertl that is because the host sshd binds to 0.0.0.0 by default 1161648708 M * Bertl (which means any ip address, even those of guests) 1161648727 M * dodgi no its not working 1161648738 M * dodgi Bertl; I have changed port 1161648762 M * Bertl then try the following inside the guest, and upload the output 1161648772 M * Bertl 'sshd -d' 1161648789 M * Bertl hmm, might need 1161648794 M * Bertl which sshd -d 1161648807 M * Bertl `which sshd` -d 1161648902 M * dodgi ye bertl 1161648904 M * dodgi u right 1161648906 M * dodgi debug1: Bind to port 22 on xxxxxx. 1161648906 M * dodgi Bind to port 22 on xxxxx failed: Address already in use. 1161648906 M * dodgi Cannot bind any address. 1161648920 M * dodgi but i have changed the port in sshd_config on virtualserver 1161648941 M * Bertl see, so the host is bound to 22, and the guest's sshd is trying to bind 22 too 1161648947 M * dodgi but why? 1161648960 M * Bertl what did you change for the guest config? 1161648965 Q * stefani Quit: I Quit! 1161648968 M * dodgi wait 1161649025 M * dodgi on fuck sake i have changed port but i did not unhashed it 1161649026 M * dodgi sorry 1161649118 M * Bertl lol, no need to curse though ... 1161649172 J * litage ~nick@203.220.55.70 1161649175 M * litage hi guys 1161649194 M * Bertl welcome litage! 1161649268 M * litage every day, cron sends an email containing "/etc/cron.daily/logrotate: klogctl: Operation not permitted" for each of my vserver guests. i've spent a lot of time trying to track this down, but i can't find a solution 1161649307 M * Bertl hmm, devel branch? 1161649310 M * dodgi Bertl: That output say that bind port is 32313 and server listetning on ip and port 3233 1161649315 M * dodgi 32313 1161649320 M * dodgi but i still cant connect 1161649325 M * litage on non-vserver boxes, i fixed the problem by setting CONSOLE_LOG_LEVEL=1 in /etc/default/syslog-ng . however, that doesn't fix the problem in vserver guests 1161649365 M * Bertl dodgi: how do you try to connect? 1161649395 M * dodgi from that normal box from localhost 1161649398 M * litage Bertl: how can i determine what version of linux-vserver i'm running? 1161649436 M * Bertl uname -a probably 1161649457 M * dodgi Bertl: i doing something wrong? 1161649468 M * Bertl dodgi: do you specify -p 32313 ? 1161649471 M * dodgi yes 1161649488 M * Bertl and what ip do you use as destination? 1161649523 M * Bertl also note that the sshd started with -d will only run for one connect (debug mode) 1161649551 M * dodgi what i should put there ListenAddress in sshd_config? 1161649559 M * dodgi because i put ipv4 of server 1161649593 M * Bertl inside the guest, you do not need to specify any listen address 1161649604 M * Bertl it will be automatically limited to the guest ips 1161649608 M * dodgi ok so i will hash it 1161649628 M * Bertl on the host, you usually specify the 'host only' ips, if you use the same port (22) for host and guest 1161649695 M * dodgi debug1: Bind to port 32313 on 0.0.0.0. 1161649695 M * dodgi Server listening on 0.0.0.0 port 32313. 1161649695 M * dodgi socket: Address family not supported by protocol 1161649711 M * litage Bertl: `uname -a` onlys spits out the kernel version and some other info that isn't useful: Linux dingo 2.6.12+vserver #1 Mon Nov 21 15:23:28 EST 2005 i686 GNU/Linux 1161649729 M * Bertl dodgi: looks good so far, now try to connect to the guest ip (and port) from the host 1161649738 M * dodgi ok 1161649757 M * Bertl litage: well, 2.6.12+vserver is not a Linux-VServer kernel name 1161649764 M * dodgi localhost / # ssh -l dodgi localhost -p 32313 1161649764 M * dodgi ssh: connect to host localhost port 32313: Connection refused 1161649766 Q * romke Remote host closed the connection 1161649785 M * Bertl litage: so you probably modified the kernel name yourself, thus I can't tell you the branch from the name 1161649878 J * romke ~romke@acrux.romke.net 1161649911 M * dodgi Bertl: any ideas ;/ ? 1161649974 M * litage Bertl: ah =P 1161649981 Q * kaner Remote host closed the connection 1161649989 J * kaner kaner@strace.org 1161650012 M * Bertl dodgi: what is localhost? usually that is 127.0.0.1 1161650032 M * Bertl you probably want to use the name/ip for your guest there 1161650060 M * Bertl (localhost usually refers to the very same machine you are already on) 1161650062 M * litage Bertl: i still have the source from which i compiled my custom vserver kernel. is there a particular file/patch that would tell me which version i used? 1161650069 M * dodgi alright 1161650092 M * dodgi Bertl: in ifconfig its showing me the same ipv4 which is my server 1161650098 M * Bertl litage: do you have any idea what patch you used? 1161650098 M * dodgi so i should us that 1161650113 M * litage Bertl: it was about a year ago, so now ;) 1161650121 M * Bertl dodgi: server means guest or host? 1161650135 M * Aiken wouldn't it be better to get the host sshd bind to a ip that only the host has instead of 0.0.0.0? 1161650146 M * Bertl litage: well, try the testme.sh, amybe that will give us some conclusions ... 1161650165 M * dodgi Bertl: host 1161650166 M * Aiken then so a guest sshd can bind to the guest's ip:22 1161650171 M * Bertl Aiken: usually yes, but dodgi seems to be in an experimental phase 1161650191 M * Bertl dodgi: what does ifconfig show inside the guest? (when you enter it) 1161650215 M * dodgi its showing me eth0 and the same ip which im using on normal server 1161650228 M * Bertl okay, then use that ip for the ssh 1161650242 M * Bertl (and the 32313 port of course) 1161650276 M * dodgi connection refused 1161650319 M * Bertl and you are sure the sshd is now running inside the guest? 1161650368 M * dodgi well ps aux not showing me but if i will do /etc/init.d/sshd start 1161650375 M * dodgi then its saying me its runnin 1161650396 M * dodgi w8 1161650403 M * Bertl well, you already figured that the gentoo runlevel stuff is lying in this regard :) 1161650446 M * dodgi i off and on server 1161650451 M * litage Bertl: i can't find testme.sh . however, this is what's in /usr/src/kernel-patches/diffs/vserver/ : http://rafb.net/paste/results/i1SYZq23.html 1161650460 M * dodgi yup Bertl: sshd is wroking ;) 1161650469 M * dodgi cheers 1161650475 M * litage Bertl: since the box is running kernel 2.6.12, i would guess that i used patch-2.6.11.6-vs1.9.5.12.diff.gz 1161650478 M * Bertl dodgi: you're welcome! 1161650492 M * Bertl dodgi: nevertheless, I'd rethink and restructure your setup 1161650505 M * dodgi Bertl: hum why? 1161650527 M * Bertl litage: that is an ancient patch, if you update to more recent versions (devel) then the error will go away, I think 1161650538 M * Bertl litage: at least if you use the syslog capability 1161650564 M * litage Bertl: hahah well i DID say i did it a year ago ;) thanks for the suggestion. i don't have time to upgrade now, but i will soon 1161650566 M * Bertl dodgi: well, it might cause you unexpected behaviour at some point (with the ip 'sharing') 1161650599 M * dodgi Bertl: well anyway good job, thank you again now im going read again 1161650609 M * Bertl dodgi: a similar but simpler to handle approach would be to assing a private ip to your guest 1161650645 M * Bertl and either map that (with S/DNAT) to your host ip or to a public/local one 1161650654 M * dodgi Bertl: i just want to ppl log on that virtual server and whatever they want to do 1161650684 M * Bertl yeah, in this case it would be the best _not_ to share the ip 1161650697 M * Bertl the explanation is simple: 1161650700 M * dodgi ok 1161650712 Q * kaner Ping timeout: 480 seconds 1161650714 M * Bertl - consider somebody from inside the guest starts an apache 1161650725 M * Bertl - that apache will bind the ip for port 80 1161650734 M * dodgi i can change port aswell 1161650735 M * Bertl - now your host wants to start one too 1161650745 M * Bertl and now the _host_ apache will fail 1161650773 M * Bertl of course, you can assign different ports, but only as long as you _trust_ the folks using the guest 1161650784 M * dodgi right 1161650787 M * dodgi thats tru 1161650794 M * Bertl because if they for example bind the 22 port, you're screwed 1161650803 M * dodgi LOL 1161650810 M * Bertl OTOH, with the private ip, that cannot happen 1161650835 M * Bertl they can only bind sshd/22 to that _private_ ip 1161650842 M * dodgi Well i could change virtual server sshd on 22 and real server on 32313 1161650868 M * Bertl well, then vice versa, once they manage to bind 32313, you lose the host sshd 1161650877 M * dodgi Im just testing, need to read and practice more :) 1161650898 M * Bertl take your time, and ask when you need to know something ... 1161650903 M * dodgi just i dont know how i can fix that emerge :< 1161650921 M * Bertl best will be to ask Hollow, when he gets back tomorrow 1161650933 M * dodgi alright 1161650940 M * dodgi thanks again Bertl 1161650949 M * Bertl you're welcome! 1161650972 M * dodgi oh btw i cant find grsec sources to 2.6.17.11 1161651043 M * Bertl if you want to combine that with vserver, better go for one of the already combined patches harry does 1161651065 M * dodgi could you give me harrys site? 1161651169 M * Bertl http://people.linux-vserver.org/~harry/ 1161651196 M * dodgi ohh yeas i remeber it 1161651198 J * _node ~node@c-69-143-154-220.hsd1.md.comcast.net 1161651219 M * dodgi Bertl: i cant use it because dont know how to patch with that diff ;p 1161651241 M * Bertl hmm? 1161651265 M * dodgi yeah how to patch kernel with that blablbla.diff 1161651293 M * Bertl ah, you are probably bulding the kernel in some gentoo way, right? 1161651298 M * dodgi yes 1161651308 M * dodgi i mean no 1161651309 M * Bertl sorry, you have to ask gentoo folks for that too 1161651312 M * dodgi no emerge stuff 1161651316 M * Bertl otherwise, it's simple 1161651328 M * dodgi just dont know how to patch that 1161651329 M * Bertl go to the kernel directory 1161651332 M * dodgi yes 1161651334 M * Bertl then do: 1161651344 M * Bertl patch -p1 --dry-run <../blablbla.diff 1161651362 M * dodgi Thank you very much ;) 1161651372 M * Bertl assumed the kernel tree is the right one, and the patch applies you get a bunch of lines without complaints 1161651385 M * Bertl if that looks nice, just remove the --dry-run to actually patch it 1161651451 M * Osgiliath hi Bertl, just to tell you i did a successful install in a non-vserver debian, and it seems to work even after reboots 1161651465 M * Osgiliath i'll try tomorrow in a guest 1161651483 M * Bertl good, best will be to actually 'copy' the entire isntallation then 1161651504 M * Osgiliath are you sure of this ? 1161651515 M * Bertl well, if it works on the host, why not? 1161651519 M * dodgi right, i done that but still dont see in Security Options grsec 1161651540 M * Bertl dodgi: did you remove the --dry-run? 1161651545 M * dodgi yes 1161651565 M * dodgi ive download that patch patch-2.6.17.11-vs2.0.2-grsec2.1.9.diff 1161651567 M * Bertl and now you are doing make menu/old/xconfig? 1161651578 M * dodgi make menu 1161651585 M * Osgiliath oh sorry, it's not on the host, it's on an other machine 1161651603 M * Bertl Osgiliath: doesn't matter, the guests are fairly hardware independant 1161651627 M * Bertl Osgiliath: only thing you have to do is cleaning up the hardware related stuff (once it works) 1161651634 M * dodgi grsec standart is in Security options 1161651638 M * dodgi but i dont see it 1161651641 M * Osgiliath yep :) 1161651722 M * Bertl dodgi: no idea, I don't use grsec, but harry knows better, I guess 1161651741 M * Bertl dodgi: maybe some options are enabled by default there 1161651749 M * dodgi yeah 1161651759 M * dodgi i will try compile it 1161651760 M * dodgi now 1161651815 J * kaner kaner@strace.org 1161651903 M * dodgi the same bertl 1161651953 M * Bertl what did the patch process tell you? 1161651966 M * dodgi nothing 1161651975 M * Bertl that's not a good sign 1161651977 M * dodgi just empty field 1161651987 M * Bertl as I said, it should list the files changed 1161651992 M * dodgi aaah 1161651999 M * dodgi yeah normaly patch without grsec 1161652002 M * Bertl probably you got something wrong, either the patch or the path 1161652004 M * dodgi show me files 1161652320 M * dodgi Bertl: http://people.linux-vserver.org/~harry/patch-2.6.17.11-vs2.0.2-grsec2.1.9.diff 1161652323 M * dodgi is that ok? 1161652381 M * Bertl yep, did you download it? 1161652387 M * dodgi yep 1161652388 M * dodgi w8 1161652632 M * dodgi it not showing me :/ 1161652650 M * Bertl after you downloaded the patch, where did you put it? 1161652659 M * dodgi ./usr/src 1161652666 M * dodgi unpatch working 1161652668 M * dodgi but in menu 1161652670 M * dodgi no grsec 1161652676 M * Bertl unpatch? 1161652684 M * dodgi i mean patch working 1161652694 M * Bertl does it list files? 1161652720 M * Bertl (the patch command) 1161652726 M * dodgi yes 1161652741 M * Bertl and you did run it _without_ the --dry-run option too? 1161652748 M * dodgi nope 1161652751 M * dodgi i forgot :/ 1161652755 M * Bertl well, than do that :) 1161652758 M * Bertl *then 1161652899 M * dodgi bingo ;> 1161652974 M * dodgi compiling =D 1161653111 M * dodgi i still thinking about that emerge 1161653581 M * dodgi Linux box 2.6.17.11-grsec2.1.9-vs2.0.2 1161653582 M * dodgi yup 1161654290 M * dodgi Bertl: stil there? 1161654335 M * Bertl yep 1161654372 M * dodgi its working fine 1161654395 M * dodgi when i add new vserver i put architecture x86 1161654400 M * dodgi its that still ok? 1161654421 M * Bertl when your host is x86 (or x86 compatible) sure 1161654459 M * dodgi i686 1161654463 M * dodgi so its no diffrent 1161654489 M * dodgi damn 1161654491 M * dodgi emerge 1161654492 M * dodgi :/ 1161654679 M * dodgi vserver gentoo-template start 1161654679 M * dodgi procfs-security. 1161654681 M * dodgi jeez 1161654718 M * Bertl sorry, but as I said, cant help you with gentoo specific stuff 1161654777 M * dodgi its ok i reading doc grsec+vs on oldwiki 1161655151 J * Aiken_ ~james@tooax8-100.dialup.optusnet.com.au 1161655217 Q * ms_ Ping timeout: 480 seconds 1161655477 Q * Aiken Ping timeout: 480 seconds 1161655977 M * dodgi Bertl: how i can remove guess vs? 1161656158 M * Bertl with recent tools (i.e. 0.30.211+) there is a delete command 1161656171 M * dodgi Bertl i just want remove one server 1161656173 M * dodgi not all stuff 1161656333 M * Bertl yes, that's the purpose, i.e. you do 'vserver hansi delete' 1161656341 M * Bertl and it will remove a guest called 'hansi' 1161658362 Q * Johnnie Ping timeout: 480 seconds 1161658465 Q * bronson Ping timeout: 480 seconds 1161658507 Q * ensc Killed (NickServ (GHOST command used by ensc_)) 1161658517 J * ensc ~irc-ensc@p54B4FB3A.dip.t-dialin.net 1161658647 J * Johnnie ~jdlewis@jdlewis.org 1161658695 Q * Johnnie 1161658705 J * Johnnie ~jdlewis@jdlewis.org 1161661746 M * dodgi box ~ # vserver xbox start 1161661746 M * dodgi procfs-security. 1161661790 M * dodgi box ~ # vserver xbox start 1161661790 M * dodgi ./proc/uptime can not be accessed. Usually, this is caused by 1161661790 M * dodgi procfs-security. 1161661797 M * dodgi can somebody help me? 1161661833 M * Bertl there is a runlevel script called vprocunhide 1161661855 M * Bertl you start that on the host and that's it 1161661903 M * dodgi yeah forgot about it 1161661906 A * doener .oO( /say ) ;) 1161661907 M * dodgi sorry for messing 1161661991 J * ms_ ~ms@arkansas.doc.ic.ac.uk 1161662261 M * Bertl doener: got a minute? 1161662308 M * doener sure 1161662443 M * Bertl http://paste.linux-vserver.org/557 1161662470 M * Bertl that is now with rc42.5 and stack unwinding/frame pointers 1161662494 M * Bertl but, the trace shows something I cannot understand 1161662535 M * Bertl hmm, 5072 -> 507 1161662545 M * Bertl (copy paste error here) 1161662581 M * Bertl doener: please have a look at the fs/namei.c:507 area 1161662603 M * doener sec, still patching 1161662622 M * Bertl the 507 line here is dput(dentry); in real_lookup() 1161662771 M * doener *lol* I just named my directory: ~/src/kernel/linux-2.6.18.1-vs2.1.1-rc42.5.diff 1161662851 M * Bertl hehe 1161662856 M * doener yep, is dput in real_lookup 1161662866 M * Bertl now, the following is known 1161662875 M * Bertl this happens within procfs 1161662902 M * Bertl so, as far as I can tell, the dir->i_op->lookup() should be default 1161662929 M * Bertl the dput() is called on the freshly allocated dentry, right? 1161662945 M * Bertl (in case the 'lookup' returned something) 1161663008 M * Bertl now where does that dentry get an inode with I_CLEAR set from? 1161663139 M * Bertl I have the feeling I'm missing something here 1161663146 M * doener what actually is the default lookup? 1161663241 M * Bertl probably proc_pid_lookup() or proc_tid_lookup() 1161663266 M * Bertl right! that's what I missed 1161663293 M * doener guess you're welcome then ;) 1161663321 M * Bertl thanks a lot! will continue tomorrow, but feel free to investigate further ... 1161663345 M * doener no, need to get some more stuff done for university, so I can go to sleep today ;) 1161663353 M * doener (at all that is, not now) 1161663364 M * Bertl okay, have a good one! and tx! 1161663375 N * Bertl Bertl_zZ 1161663824 J * weichong78 ~weichong7@219.95.31.173 1161663904 M * weichong78 hello, i finally setup a vserver with an interface dummy0 to talk to the host, the funny thing is all traffic (including ping and smtp) works fine except that when i attempt to use tcpdump to catch any traffic on dummy0 and dummy0:1, nothing show except when my vserver is doing a broadcast ping (-b) 1161663911 M * weichong78 can anybody enlighten me? 1161664667 Q * _node Ping timeout: 480 seconds 1161664804 M * doener local traffic _always_ goes over lo 1161664815 M * doener dummy is really just a dummy 1161664825 M * doener it can hold an address, but that's about it 1161664894 M * doener if an address is assigned to an interface, that does not mean that all traffic for that address has to go over that interface (on Linux) 1161664922 M * weichong78 ok... 1161664924 M * doener the traffic will go out through whatever interface the kernel decides to be the best one (based on your routing setup) 1161664941 M * weichong78 so i should be listening to lo instead? 1161664973 M * doener that will show host<->host, host<->guest and guest<->guest traffic (ie. everything that is local to the box) 1161664977 M * weichong78 oh yeah u r right 1161664980 M * doener but it is not isolated 1161664995 M * weichong78 er...sorry u lost me there 1161665011 M * weichong78 although lo does show the traffic, i didnt quite understand ur last statement 1161665018 M * doener so even in a vserver (which needs an additional capability to use tcpdump anyway), you will see eg. host<->host traffic 1161665030 M * weichong78 oh ok 1161665036 M * weichong78 i ran my tcpdump in host only 1161665056 M * doener that's fine and should show all local traffic 1161665058 M * weichong78 oh so what u mean is when i do a ping from dummy0:1 to dummy0 from within vserver 1161665075 M * weichong78 its not really the same as the ping host via tun/tap from qemu/uml etc 1161665088 M * doener you can't do pings from or to interfaces, only from ip address a to ip address b ;) 1161665097 M * weichong78 er ok hihi 1161665108 M * doener yeah, tun/tap actually has one end for traffic to go in and one for traffic to come out 1161665112 M * weichong78 i mean from 192.168.1.1 (vserver) to 192.168.1.250 (host) 1161665122 M * doener and it has routing rules that actually make the traffic go there 1161665164 M * doener in the vserver->host case, the kernel will see that both addresses are local and send the traffic via lo 1161665175 M * weichong78 oh i see 1161665192 M * weichong78 since all is local, why then do i need a dummy0? 1161665206 M * weichong78 why not just assigned lo:1 lo:2 1161665211 M * weichong78 and each put an ip for it 1161665214 M * doener you don't need that at all 1161665218 M * weichong78 oh ok 1161665220 M * weichong78 :o 1161665221 M * weichong78 hehe 1161665232 M * doener on Linux (at least with default settings) it doesn't matter at all which interface has the address 1161665259 M * weichong78 oh i see 1161665332 M * doener eg. you can have 1.2.3.4 on dummy, but if the traffic comes in via eth0, that's all fine. 1161665344 M * doener the kernel just doesn't care 1161665372 M * weichong78 ok 1161665430 M * weichong78 my (maybe wrong) idea originally was that when we run vserver, we have a few virtual OS running that each can act independently and interact with each other 1161665441 M * weichong78 that is what UML and qemu do right? 1161665468 M * weichong78 so for vserver its more like run one same OS (since they share kernel) but confine the danger and role and setup to each vserver 1161665541 M * weichong78 so although the root account for vserver are less priviledge (and thus can harm others) it can still view all the statistic (like how many interface, how much ram there is, how much more hdd space) that other virtual server share with them, correct? 1161665651 M * doener interfaces are only visible if you have access to at least one ip address on that interface 1161665661 M * weichong78 oh ok 1161665674 M * doener disk space can be virtualized/limited for shared partitions 1161665678 M * weichong78 oh ok 1161665699 M * doener RAM size is by now also virtualized if you have set a limit for RSS IIRC 1161665756 M * doener eg. top or free show how much RSS you have available instead of the real, installed RAM in the box. not sure about this one though 1161665786 M * doener most of a vserver should feel like a real box, and not see outside stuff. 1161665793 M * weichong78 something im still a little confused, u said dummy is just a dummy, but since i created a dummy interface and have an ip attached to it, when i ping it, should tcpdump pick up the packet even (by treating and knowing that dummy is actually a localhost), otherwise what is the used of the interface name? 1161665843 M * doener tcpdump only sees traffic that gets actually sent over the interface it is watching 1161665849 M * weichong78 oh ok 1161665860 M * doener I have no idea what a dummy interface is actually good for... 1161665880 M * weichong78 so u mean when we do a ping to an ip attached to a dummy interface, the traffic never go thru that interface at all, but go straight to lo? 1161665900 M * doener maybe if you rename it to sth. else like "dmz" or something (instead of dummy0) it can help you to manage your ip addresses 1161665907 M * doener yes 1161665911 M * weichong78 ah... 1161665927 M * weichong78 but the other weird thing is 1161665936 M * weichong78 if i do a ping -b (broadcast) from within vserver 1161665948 M * weichong78 the tcpdump -i dummy0 actually pick it up but only one direction 1161665973 M * doener the kernel doesn't care about dummy being just a dummy as well 1161665975 M * weichong78 it show as 192.168.1.1 (vserver) to 192.168.1.0 (well...host network in a sense) 1161665990 M * doener the broadcast probably is sth. like "sent on all interfaces, no matter what" 1161665995 Q * dodgi Ping timeout: 480 seconds 1161665996 M * doener and the kernel just does that 1161666019 M * doener of course, you'll never receive any replies on dummy, because there is just nothing attached to it 1161666025 M * weichong78 oh i see 1161666049 M * doener I guess the dummy interface even just discards the data 1161666058 M * weichong78 i see 1161666125 M * weichong78 let say i have a box with two network card eth0 and eth1, can i assigned eth0 to only vserver1 and eth1 to vserver2? 1161666139 M * weichong78 so that those vserver can communicate with outside world 1161666147 M * doener you can't assign interfaces, you only assign ip addresses 1161666153 M * weichong78 oh ok 1161666161 M * doener and if the address is routable, the vserver will be able to communicate 1161666168 M * weichong78 oh ok 1161666177 M * doener if you want to limit them to a certain interface, use eg. policy routing 1161666184 M * weichong78 oh ok 1161666257 M * weichong78 in its simplest form, vserver is actually chroot right? 1161666283 M * weichong78 i mean it uses chroot to confine the environment right? 1161666283 M * doener ah common term is "chroot on steroids" 1161666292 M * weichong78 oh hehehe 1161666299 M * doener yeah, filesystem wise, chroot is part of the chain 1161666306 M * weichong78 ok 1161666341 M * weichong78 hey, u have been very helpful, thanks a hundred 1161666354 M * doener on top of that comes chbind to limit network access and chcontext/vcontext to isolate processes and reduce capabilities 1161666359 M * weichong78 i will play around more and see if what other stuff confused me again hehe 1161666359 M * doener you're welcome 1161666374 M * weichong78 ya the chbind thingy 1161666378 M * weichong78 i dont quite understand 1161666384 M * weichong78 i mean when i do 1161666393 M * weichong78 vserver myvserver enter 1161666402 M * weichong78 doesn't that already confined me within a specific ip? 1161666412 M * daniel_hozac ... that's what chbind does. 1161666424 M * doener chbind is called during "vserver myvserver enter" 1161666431 M * weichong78 oh i see 1161666432 M * weichong78 hehe 1161666440 M * weichong78 i see i see 1161666441 M * doener if you do "vserver --debug myvserver enter" you can see what it is doing 1161666452 M * weichong78 oh ok 1161666469 M * weichong78 hey, thanks a lot u guys, really appreciate the explaination 1161666508 Q * Piet Quit: Piet 1161666644 P * weichong78 1161666667 M * doener ah, morning daniel_hozac! 1161666683 M * daniel_hozac morning doener 1161666712 M * daniel_hozac are you finished with the university stuff? :) 1161666723 M * doener not yet... 1161666744 M * daniel_hozac heh. 1161666761 M * doener I decided to extend the documentation to make it idiot-proof (eg. doomed to fail), to avoid any requests for further enhancements... 1161666784 M * doener I'm actually writing a howto for "configure && make && make install" right now 1161666804 M * daniel_hozac lol, sounds like fun. 1161666827 M * daniel_hozac what class is that for? 1161666853 M * doener yeah... I'm just sure that whoever will read the documentation won't have a clue about eg. LD_LIBRARY_PATH, will not read the "make install" output and fail to use the library I wrote.. 1161666883 M * doener (it will probably be a student who cannot install it into /usr...) 1161666955 M * doener it's a never-ending-story project... it was originally about programming a microcontroller to multiplex a datastream, "compress" it and writing a Linux .so lib that can decompress the datastream and restore the original data 1161667012 M * daniel_hozac that sounds interesting. 1161667014 M * doener in the meantime we had to modify the hardware a few times, and a bunch of things and as the (hopefully) last change I had to add XML support 1161667027 M * doener s/and/add/ 1161667091 M * doener oh, and two full days of the last week I hunted a totally stupid segfault (happened in a zombie process!) 1161667107 M * doener turned out to be part of the proprietary library I had to use 1161667157 M * doener it spawns a thread and if you destroy the C++ object before that thread has died (you don't know that) the whole thing crashes 1161667161 M * FaUl doener: perfectly ;-) 1161667193 M * FaUl doener: sounds like professional-grade commercial software ;-) 1161667205 M * doener their demo source had a comment that said "wait for 100ms", followed by a "sleep(1000)" (isn't that like 1ms?) 1161667214 M * doener s/sleep/usleep/ 1161667236 M * FaUl which costs lot of euros 1161667241 M * doener oh wait, the comment was "wait for 100ms or we will segfault" 1161667260 M * doener so I added the (correct 100ms) usleep call in my library 1161667260 M * FaUl doener: ah, sounds even more like "professional-grade commercial software" ;-) 1161667295 M * doener looks like they just guessed to get that delay, it actually needs 3-4 seconds(!) on our box... 1161667342 M * doener it's a library that processes data from a motion sensor 1161667413 M * doener the SDK version delivered with the device can't even read out the basic data needed to do post-processing... Got a 6MB reply mail to my support request that had a new version of the SDK... been quite lucky that my university mail account had enough free space 1161667489 M * doener FaUl: it's even getty enterprisy, don't you think? 1161667535 A * doener gets his daily wtf 1161667548 M * doener s/getty/getting/ 1161667549 M * FaUl doener: yes ;-) 1161667577 M * FaUl anyway, i'm going to go now because I don't want to miss my train 1161667583 M * doener cya! 1161667584 M * FaUl *wink* 1161667703 J * bronson ~bronson@c-71-198-75-160.hsd1.ca.comcast.net 1161667777 M * daniel_hozac i gotta catch my train too, cya! 1161667791 Q * ensc Remote host closed the connection 1161667798 A * doener wonders if there's some special train event today 1161670679 J * meandtheshell ~markus@85-125-230-154.dynamic.xdsl-line.inode.at 1161671707 Q * ms_ Ping timeout: 480 seconds 1161672607 Q * Aiken_ Ping timeout: 480 seconds 1161674198 J * Aiken ~james@tooax8-074.dialup.optusnet.com.au 1161674457 J * dna_ ~naucki@195-248-dsl.kielnet.net 1161675602 J * coocoon ~coocoon@dslb-084-057-218-055.pools.arcor-ip.net 1161675645 M * coocoon morning 1161675828 M * matti Morning coocoon 1161675829 M * matti :) 1161676037 Q * matled Remote host closed the connection 1161676038 J * matled ~matled@85.131.246.184 1161676164 J * doener_ ~doener@host.magicwars.de 1161676207 Q * doener Read error: Connection reset by peer 1161676215 N * doener_ doener 1161676582 Q * _are_ Ping timeout: 480 seconds 1161677063 Q * martink Ping timeout: 480 seconds 1161677657 Q * weeble Quit: Leaving 1161678169 J * _are_ ~are@62.112.159.81 1161678199 J * prae ~Benjamin@host.187.57.23.62.rev.coltfrance.com 1161678436 J * ms_ ~ms@arkansas.doc.ic.ac.uk 1161678901 J * ensc ~irc-ensc@p54B4FB3A.dip.t-dialin.net 1161680370 Q * shedi Quit: Leaving 1161681512 Q * prae Ping timeout: 480 seconds 1161682059 J * dodgi ~no@host81-132-0-237.range81-132.btcentralplus.com 1161682233 Q * coocoon Quit: KVIrc 3.2.0 'Realia' 1161683553 J * prae ~Benjamin@host.187.57.23.62.rev.coltfrance.com 1161683697 Q * SMuZZ Ping timeout: 480 seconds 1161683884 J * avi foobear@193.30.161.200 1161683893 M * avi anyone aroundz? 1161684294 M * daniel_hozac yep. 1161685570 Q * renihs Ping timeout: 480 seconds 1161686594 M * Hollow m4z: :) 1161689509 M * WorkRoey eh 1161689509 M * WorkRoey avi 1161689517 M * WorkRoey whatcha doing here 1161690490 J * SMuZZ ~smuzz@monster.dataguard.no 1161690936 J * s0undt3ch_ ~s0undt3ch@81.193.57.33 1161691055 Q * s0undt3ch Ping timeout: 480 seconds 1161691055 N * s0undt3ch_ s0undt3ch 1161691347 M * avi Hollow 1161691349 M * avi <3 1161691355 M * avi Listen muh lordz 1161691374 M * avi where can i get the list of latest patches for 2.6 !?!?!?1//1/!?!?/1////1//1/1/ 1161691378 M * avi plz 1161691391 M * Hollow http://linux-vserver.org 1161691419 M * avi Hollow 1161691434 M * avi i wanna have a kernel with vs & xen 1161691449 M * avi does anyone here have a complete merged patch for this ? 1161691459 M * avi or two that would work all togetah !?!?1/1/! plz ? 1161691511 M * Hollow 1) i don't know any, 2) can you use normal punctuation? ;) 1161691520 M * avi LooOoolol 1161691527 M * avi Hollow <3 1161691539 M * avi OK moving o std::punctuation(); 1161691617 M * Hollow thanks :) 1161691672 M * avi OK 1161691679 M * avi Semi, Hollow 1161691695 M * avi dont u know of anybody who already merged? :~( 1161691719 M * Hollow no, sorry... i only know grsec rediffs 1161691795 M * h01ger avi, debian has 1161691800 M * meandtheshell avi: are you with DebianGNU/Linux 1161691806 M * meandtheshell ouh :) 1161691832 M * meandtheshell apt-get source 1161691854 M * meandtheshell linux-image-2.6.16-2-xen-vserver-686 1161691869 M * h01ger yeah, make sure it has xen+vserver in the name :) 1161691870 M * meandtheshell the patch file is contained within there 1161691918 Q * Aiken Quit: Leaving 1161691942 M * avi no way 1161691942 M * avi plz 1161691943 M * avi get me 1161691945 M * avi plz plz plz 1161691949 M * avi i am with gentahh 1161691978 M * avi i really dont have the power to spend my day patching and i dont have debilian plz 1161692016 M * Hollow well, i know for sure there are no gentoo ebuilds, so you have to patch it manually anyway 1161692035 M * avi oh its an image :~( 1161692039 M * avi i didnt notice 1161692040 M * avi ok 1161692061 M * h01ger well, debian is one download away: http://www.us.debian.org/devel/debian-installer/ :-) 1161692062 M * avi Calling std::mergemaster(); plz hold :P 1161692141 M * meandtheshell avi: well, why don't you just set up a DebianGNU/Linux guest, issue apt-get source linux-image.... pick the patch file and you're done? 1161692148 M * h01ger avi, http://packages.debian.org/unstable/source/linux-2.6 - has the sources you want 1161692157 M * h01ger just scroll down 1161692254 M * avi h01ger very much love my lord 1161692509 M * avi dide 1161692512 M * avi i have to kiss u 1161692515 M * avi looOOlolOL 1161692516 M * avi <3<3 1161692517 M * avi <##<#<3 1161692520 M * avi OK where is bertl 1161692547 M * Borg- 14 years old idiots started to use vserver? not good.. 1161692584 M * WorkRoey avi: ata be israel? 1161692623 M * avi Ken Haver Sheli Ani Ken 1161692680 M * WorkRoey wow 1161692684 M * WorkRoey avi: mimatai?! 1161692690 M * WorkRoey avi: whoah 1161692699 M * WorkRoey avi: wait.. ata avi mi #efnet ? 1161693028 M * avi yaz 1161693037 M * avi aval avi hasheni 1161693049 M * avi avi harishon be canadaz 1161693064 M * avi canada lo ? 1161693500 M * daniel_hozac english, please. 1161693561 M * m4z Hollow? 1161693629 M * Hollow m4z: i just saw your membership in the vserve group on studivz :P 1161693663 M * Hollow i was astonished that one day after i created it it got 3 members already ;) 1161693748 M * Loki|muh ah vserver group? 1161693749 M * Loki|muh yeah 1161693777 Q * ms_ Ping timeout: 480 seconds 1161693787 M * Loki|muh but studivz sucks, seems it cannot handle the load :( 1161693792 M * Hollow indeed... 1161693835 M * m4z Hollow: ah ok 1161693873 M * m4z Hollow: 2 days before you i opened a group "vserver" but deleted it 5 mins later because i thought 1161693884 M * m4z _nobody_ would join anyway 1161693894 M * Hollow hehe, i thought so too.. 1161694093 M * m4z Bertl_zZ: concerning the reverse dns thingie yesterday, dig works like a charm so i'm even more clueless about what apache messes up 1161695077 J * Pazzo ~thomas@dialin-225136.rol.raiffeisen.net 1161695133 M * Pazzo hi @ll! 1161695157 M * Pazzo are there any news about IPv6 support? 1161695179 M * Pazzo is http://oldwiki.linux-vserver.org/IPv6 still valid? 1161695415 M * Pazzo http://homepage.internet.lu/brunop/vserver/ipv6-changelog.html looks promising - should I consider this patches REALLY experimental? I mean: will "compiling a fresh new kernel deb (with IPv6 patch applied), installing it on a host (faaar away) and just typing reboot" give me any problems? 1161696018 J * s0undt3ch_ ~s0undt3ch@bl9-224-47.dsl.telepac.pt 1161696189 Q * s0undt3ch Killed (NickServ (GHOST command used by s0undt3ch_)) 1161696189 N * s0undt3ch_ s0undt3ch 1161696245 M * derjohn any new about the rc42 problem in proc ? 1161696250 M * derjohn *news ? 1161696940 M * Borg- hmmm 1161696943 M * Borg- I have strange error 1161696952 M * Borg- [Cvs]can't create temporary directory /tmp/cvs-serv6585 1161696981 M * Borg- the /tmp is not ramdisk 1161696993 M * Borg- quota? I dint use quotes really 1161697515 M * Borg- Filesystem Size Used Avail Use% Mounted on 1161697515 M * Borg- /dev/hdv1 177G 28G 141G 17% / 1161697722 Q * SMuZZ Ping timeout: 480 seconds 1161697955 Q * eyck Ping timeout: 480 seconds 1161699171 Q * dodgi 1161700133 M * daniel_hozac Pazzo: i don't know if there are any differences, but i think http://people.linux-vserver.org/~bonbons/ipv6/ is the new location. 1161700164 M * daniel_hozac Pazzo: while i wouldn't call it stable, it certainly hasn't caused any problems for me. 1161700195 M * daniel_hozac Borg-: permissions? 1161700198 M * Pazzo daniel_hozac: thnx! 1161700221 M * daniel_hozac derjohn: i think it was tracked down yesterday, but i'm not sure. 1161700377 M * derjohn daniel_hozac, fine, then i'll wait with my mext production host for rc43 1161700506 J * ms_ ~ms@arkansas.doc.ic.ac.uk 1161700747 Q * weasel Ping timeout: 480 seconds 1161701029 J * weasel weasel@asteria.debian.or.at 1161701126 Q * bragon Ping timeout: 480 seconds 1161701293 Q * michal` Ping timeout: 480 seconds 1161701775 J * michal` ~michal@www.rsbac.org 1161702091 J * Rich_Estill ~restill@c-24-11-195-139.hsd1.mi.comcast.net 1161702116 J * bragon ~weechat@sd866.sivit.org 1161702137 Q * _are_ Ping timeout: 480 seconds 1161702392 J * lilalinux ~plasma@dslb-084-058-212-090.pools.arcor-ip.net 1161702462 M * Borg- daniel_hozac: nope.. there is 1777 1161702466 M * Borg- bloody Java :/ 1161702478 M * Borg- but weird.. I restarted tomcat and everything works again 1161702717 Q * bragon Ping timeout: 480 seconds 1161703043 J * eyck_ eyck@ghost.anime.pl 1161703132 J * bragon ~weechat@sd866.sivit.org 1161703497 Q * bragon Read error: Connection reset by peer 1161703523 J * bragon ~weechat@sd866.sivit.org 1161703646 M * Rich_Estill more Java issues eh. 1161703690 M * Pazzo daniel_hozac: now I finally got 2 free minutes to launch make-kpkg :-) Building 2.6.17.14-vs2.1.1-rc35ipv6, 64bit... 1161703726 M * daniel_hozac Pazzo: hmm? why not 2.6.18.1-vs2.1.1-rc42 with the latest IPv6 patch? 1161703814 M * Pazzo I'm still running 2.6.17.13 on most servers, I'll probably switch to 2.6.18 not before something like 2.6.18.7 :-) 1161703866 M * Pazzo (ehm... what an awful grammer, sorry...) 1161703926 M * Pazzo s/switch/not switch/; s/8 switch/8/; :-) 1161703947 M * Pazzo (wrong once again, forget it :-) 1161704443 J * SMuZZ ~smuzz@monster.dataguard.no 1161705025 M * Pazzo rebooting... 1161705267 M * Pazzo great - host is up and running... but I forgot to enable IPv6 support :-) so same story once again... 1161705599 Q * avi 1161706005 Q * bronson Ping timeout: 480 seconds 1161706055 M * tokkee vserver has a functioning IPv6 support? 1161706109 M * tokkee Ah... reading backlog helps ;-) 1161706332 J * bonbons ~bonbons@83.222.36.111 1161706497 Q * Johnnie Ping timeout: 480 seconds 1161706819 J * Piet hiddenserv@tor.noreply.org 1161706931 M * derjohn damn, penguins got killed by bunnies: http://www.n-tv.de/724564.html (German) 1161707720 J * stefani ~stefani@tsipoor.banerian.org 1161708100 Q * lilalinux Remote host closed the connection 1161708416 Q * prae Quit: Quitte 1161709005 Q * FireEgl Read error: Connection reset by peer 1161709151 Q * Piet Remote host closed the connection 1161709182 M * Rich_Estill is it worth upgrading FC4 to FC5 or FC6? 1161709184 J * Piet hiddenserv@tor.noreply.org 1161709279 M * Rich_Estill oh, and I want to use yum to upgrade 1161709957 M * dna_ derjohn: lol 1161710018 M * dna_ evil creatures 1161710639 J * bronson ~bronson@66.160.177.223 1161711461 Q * Pazzo Quit: ... 1161711690 M * gdm it is still just vs2.0.2.1 as the latest stable patch, isn't it? 1161712408 M * harry yes 1161712795 M * daniel_hozac Rich_Estill: well, FC4 is legacy now and legacy seems to be lacking manpower... 1161712886 J * Johnnie ~jdlewis@jdlewis.org 1161712908 M * gdm harry: thx 1161714240 M * Rich_Estill yea, I have been following http://www.brandonhutchinson.com/Upgrading_Red_Hat_Linux_with_yum.html 1161714265 M * Rich_Estill now I am in dependency hell 1161714707 Q * derjohn2 Ping timeout: 480 seconds 1161714727 J * derjohn2 ~aj@dslb-084-058-225-025.pools.arcor-ip.net 1161714848 M * gdm anyone around to help configure a kernel? 1161714857 M * gdm i set up a kernel with Bertl_zZ about a month ago 1161714864 M * gdm we turned off the highmemory support 1161714871 M * gdm but now i am trying to turn it back on 1161714894 M * gdm and wonder, FLATMEM or SPARSEMEM ? 1161714980 M * gdm i will go with FLATMEM as that is what it was already 1161714984 M * gdm but what about HIGHPTE ? 1161715103 M * daniel_hozac Rich_Estill: have you read the notes on the fedoraproject.org wiki? 1161715169 M * daniel_hozac Rich_Estill: http://fedoraproject.org/wiki/YumUpgradeFaq 1161715558 M * m4z Bertl_zZ: is it a known problem that you cannot start screen in a guest when you were in a screen when entering the vserver? (with different keybindings for both, of course) 1161715634 M * Hollow m4z: if you get an error for openpty, then yes 1161715668 M * Hollow you need the vlogin patch, which is included in 0.30.211 1161715728 M * gdm is it a good idea to include Remap Source IP Address in the vserver config of a kernel? 1161715892 M * m4z Hollow: the error is "/var/run/screen/S-root/.pts-8.host: No such file or directory" 1161715897 Q * ms_ Ping timeout: 480 seconds 1161715967 Q * Johnnie Read error: Connection reset by peer 1161715982 J * Johnnie ~jdlewis@jdlewis.org 1161716559 M * Rich_Estill daniel_hozac: yea, that was the first site I saw. I think I just have too many rpms installed that don't have updates and are not in repos. No biggie. I am reliious about backing up, so I will just reinstall. 1161719008 J * shedi ~siggi@inferno.lhi.is 1161719390 Q * bronson Ping timeout: 480 seconds 1161720289 J * _are_ ~are@62.112.159.81 1161720388 J * bronson ~bronson@66.160.177.224 1161721591 J * rgl Rui@217.129.151.190 1161721594 M * rgl hello 1161721742 M * daniel_hozac hi 1161722175 Q * bonbons Quit: Leaving 1161722626 J * ms_ ~ms@arkansas.doc.ic.ac.uk 1161723307 Q * Radiance Ping timeout: 480 seconds 1161723397 N * Bertl_zZ Bertl 1161723402 M * Bertl evening folks! 1161723425 M * Osgiliath hello ! 1161723433 A * Bertl .o( forgot to switch to _oO in the morning :) 1161723510 M * Bertl gdm: did you read the associated help text? 1161723538 M * gdm Bertl: haha, thought you were still asleep ;-) 1161723555 M * Osgiliath Bertl, it seems we found out the problem with oracle .... 1161723581 M * Osgiliath it seems it doesn't work with ldap backen 1161723584 M * Osgiliath +d 1161723588 M * gdm Bertl: yeah, i did.... but i didn't really understand it properly 1161723592 M * Bertl ah, sounds good (especially the 'problem with oracle' part :) 1161723603 M * gdm Bertl: so i left HIGHPTE as no 1161723620 M * gdm should i have put yes? 1161723620 M * Bertl ah, I was talking about the adress remapping 1161723639 M * gdm oh, yeah, i didn't understand that either ;-) 1161723646 M * gdm so i left it at FLATMEM 1161723663 M * gdm should that be SPARSEMEM ? 1161723678 M * gdm i didn't have the other option (discontiguous iirc??) 1161723695 M * Bertl why did you enable highmem? how much memory do you have/need? 1161723709 M * rgl hey :D 1161723710 M * gdm i have 5GB 1161723725 M * gdm and i am now happy that this machine (it is the SMP one) is stable.... 1161723737 M * gdm it was the one that was hanging unexpectedly with no obvious cause 1161723743 M * Bertl Osgiliath: so I take it from my SO that you got it working in a guest, right? 1161723751 M * gdm Bertl: https://munin.tachanka.org/mayfirst.org/shadow.mayfirst.org-memory.html 1161723756 M * rgl you guys known how to reinstall a package using rpm? rpm -U pkg.rpm fails :( 1161723786 M * Osgiliath Bertl : yeah, she really helps me ! 1161723786 M * gdm Bertl: you helped myself and dkg about a month ago - 23 sept it was 1161723801 M * Bertl rgl: depends, could be rpm -U --force or rpm -e and rpm -I 1161723824 M * Bertl gdm: okay, the 5GB answers my question ... I guess 1161723827 M * Osgiliath Bertl : but it's a kind of consensus you know ? i just tried many things ... 1161723840 M * Osgiliath we're not sure at all 1161723855 M * gdm Bertl: i wasn't sure if that was masses and masses of memory tho, which is why i didn't enable HIGHPTE 1161723865 M * rgl Bertl, thx :D 1161723869 M * gdm google wasn't too helpful,either 1161723876 M * Osgiliath i'm just trying to remove ldap backend in a guest (where oracle doesn't start), and we'll see again 1161723884 M * Bertl Osgiliath: sure of what? that it works? that it is in a guest? :) 1161723923 M * Osgiliath Bertl : it's working in a guest. But we're not sure if the reason for not working is the LDAP 1161723991 Q * dna_ Quit: Verlassend 1161724005 M * Bertl Osgiliath: i.c. 1161724038 M * Bertl gdm: yeah, well, with 5G you do not have many options regarding memory 1161724117 M * gdm Bertl: well, thank you for all the help you have given us :) 1161724148 M * gdm Bertl: am very happy it is all stable again. i think it might have been something with the debian version ofthe kernel, but not sure 1161724224 M * Bertl could be, but debian kernels are improving since waldi is working on that :) 1161724611 M * _are_ oh, debian kernels: has anyone tried the recent prepatched vserver or vserver/xen kernels? 1161724824 M * Osgiliath Bertl : i confirm that there are problems with ldap/oracle 1161724844 M * Osgiliath but i don't know if i configured wrong something or not ... 1161724875 M * rgl how are you guys running named/bind inside a guest? here it bailing to run because: Starting named: named: -u with Linux threads not supported: no capabilities support or capabilities disabled at build time :| 1161724898 M * rgl (I've build it with --disable-linux-caps) 1161724987 M * gdm Bertl: yes, it was an older debian version.. the ones before 2.6.17 (i.e. 2.6.16 and earlier) seemed to have problems 1161725269 M * Bertl rgl: sounds strange, devel branch even supports bind with linux caps enabled 1161725295 M * rgl Bertl, I've read http://oldwiki.linux-vserver.org/ProblematicPrograms and it seems I have to disable threads too 1161725306 M * rgl Bertl, devel branch of bind? 1161725324 M * Bertl rgl: is still true for the stable Linux-VServer branch (i.e. 2.0.x) 1161725344 M * Bertl rgl: recent devel kernels (i.e. 2.1.x) work around the bind brokenness 1161725369 M * rgl Bertl, ah I see. I'm still on 2.0.2 1161725404 M * rgl Bertl, humm, the problem lies on bind? 1161725410 Q * meandtheshell Quit: exit (0); 1161725429 M * Bertl rgl: yeah, it requires capabilites to drop them later .) 1161725458 M * daniel_hozac rgl: you can use my patch for bind if you want a stable kernel. 1161725491 M * rgl Bertl, humm but requiring caps is not a good thing? 1161725512 M * daniel_hozac rgl: not when they're not available. 1161725536 M * rgl daniel_hozac, ah I see :D 1161725547 M * rgl daniel_hozac, so bind is broken. 1161725567 M * rgl daniel_hozac, sure, where is the patch? on that page ProblematicPrograms? 1161725578 M * daniel_hozac should be. 1161725586 M * rgl http://daniel.hozac.com/stuff/bind-9.3.2-caps-when-available.patch 1161725604 M * daniel_hozac or http://people.linux-vserver.org/~dhozac/p/m/bind-9.3.2-caps-when-available.patch 1161725641 M * rgl lets see if it works with bind 9.2.4 :) 1161725910 J * Aiken ~james@tooax6-248.dialup.optusnet.com.au 1161725927 M * Bertl welcome Aiken! 1161725945 M * Aiken good morning 1161725985 M * morrigan hi Aiken, how's the weather? 1161726086 M * Aiken clear sky and nice temp, hopefully will be quite nice while a friend and I spend several hours on our motor bikes today 1161726126 M * morrigan *siiiigh* 1161726376 M * rgl Aiken, luky you! here its raining like crazy! 1161726430 M * Bertl well, IIRC, Aiken was hoping for some rain ... 1161726501 M * Aiken we need rain 1161726587 Q * SMuZZ Read error: Operation timed out 1161726605 Q * shedi Ping timeout: 480 seconds 1161726881 M * rgl oh I see :( 1161726913 M * rgl how will I run bind in a chroot by creating a dev/random device? 1161726936 M * rgl I mean, I need a dev/random in the bind chroot, but I can't create it in the guest :| 1161726953 M * Bertl rgl: you have several options there 1161726958 M * daniel_hozac do it on the host. 1161726960 M * Bertl - create it from the host 1161726968 M * Bertl - create a link inside 1161727105 M * rgl thats it many thx :) 1161728032 J * debugger Rui@217.129.151.190 1161728041 M * Bertl wb debugger! 1161728060 N * debugger rgl_ 1161728064 M * rgl_ moooo :D 1161728437 Q * rgl Ping timeout: 480 seconds 1161729112 Q * Johnnie Ping timeout: 480 seconds 1161729799 Q * ag- Ping timeout: 480 seconds 1161731049 J * shedi ~siggi@inferno.lhi.is 1161731062 M * Bertl hey shedi! 1161732414 Q * matled Read error: Connection reset by peer 1161732716 J * matled ~matled@85.131.246.184 1161733152 P * stefani I'm Parting (the water) 1161733356 J * SMuZZ ~smuzz@monster.dataguard.no 1161733371 M * Bertl wb SMuZZ! 1161733997 J * ag- ~ag@caladan.roxor.cx 1161734013 M * Bertl wb ag-! 1161734082 Q * SMuZZ Ping timeout: 480 seconds 1161734098 M * rgl_ gtg. g'night guys 1161734113 Q * rgl_ Quit: Fui embora