1162080040 M * Aiken daniel_hozac my cow guest is called hoppy in a directory hoppy chown -R james.james hoppy/ 1162080054 M * daniel_hozac ok, well, with chown, that's expected due to the bug. 1162080069 M * daniel_hozac chmod/touch/etc. should work. 1162080073 M * Aiken trying it now to see what happens 1162080080 M * Bertl excellent! tx! 1162080083 M * Aiken have not tried touch 1162080403 M * phreak`` daniel_hozac: any idea why util-vserver would delete apps/init/tty after a failed start ? 1162080416 M * daniel_hozac hmm, no, that seems very strange. 1162080552 M * daniel_hozac are you sure it's util-vserver doing it? 1162080573 M * phreak`` daniel_hozac: there's no other daemon running, that would dare touch that file .. 1162080600 M * Aiken df now reports the correct free space after rm -rf the ex cow :) 1162080611 M * daniel_hozac Aiken: awesome! 1162080632 M * Bertl great, so another step on the road to perfection :) 1162080652 M * Aiken this is good, I can not reproduce the earlier symptoms 1162080657 M * daniel_hozac phreak``: what kind of file is it? 1162080676 M * phreak`` daniel_hozac: text/plain containing "/dev/console" 1162080693 M * daniel_hozac hmm, well, it's supposed to be a symlink. 1162080703 M * daniel_hozac having it as a file should make it overwrite the file. 1162080707 M * daniel_hozac and try to use it as input. 1162080733 M * daniel_hozac but i can't think of any reason why it would get removed... 1162080799 M * phreak`` k, just figured. it echo's "" to tty then :) (if its a file) 1162080875 M * daniel_hozac exec <$ttyname; exec &>$ttyname to be exact ;) 1162080916 M * daniel_hozac are you sure it's getting removed, and not just wiped out? mine becomes empty, but it's still there. 1162080992 M * phreak`` yeah, gets blanked (being empty afterwards) 1162081001 M * daniel_hozac ok, so expected behaviour :) 1162081025 M * phreak`` and I even got rid of that bug (somehow) 1162081058 M * phreak`` apperently it was apache (or rsync) - didn't do anything other .. 1162081103 M * lylix any rrdtool buffs out there? 1162081282 M * Bertl what's the problem? 1162081347 Q * _node Ping timeout: 480 seconds 1162081383 M * Bertl (or maybe no problem, just a free rrdtool config giveaway party? :) 1162081510 M * Aiken something else I wanted to setup to monitor ntp 1162081840 Q * phreak`` Quit: leaving 1162081874 J * phreak`` ~phreak``@140.211.166.183 1162081877 M * Bertl http://plm.testing.osdl.org/patches/show/5554 1162081963 Q * phreak`` 1162082141 M * daniel_hozac down to just the vs_base.h duplicate inclusion thing. 1162082158 M * Bertl doing a cross compile report now 1162082203 M * Bertl http://vserver.13thfloor.at/Experimental/crosscompile_report_5554.txt 1162082268 M * daniel_hozac hehe, i just finished running the script myself. 1162082272 J * phreak`` ~phreak``@styx.xnull.de 1162082395 M * daniel_hozac it's a shame the sparse thing is complaining so much. too high noise-to-signal ratio. 1162082438 M * Bertl yeah, it could be improved there 1162082533 M * lylix Bertl: sri... ran off for a minute 1162082537 M * daniel_hozac kernel/vserver/switch.c:sys(32)?_vserver, is the extern prefix intentional? 1162082539 M * lylix playing around w/ vstatd 1162082577 M * lylix the data source is collecting net data as a cumulative value 1162082632 M * lylix w/o modifying the original data source, is there an implementation during the graphing stage to get the derivative of a datapoint and the previous datapoint 1162082658 M * Bertl daniel_hozac: IIRC, at some point that was required 1162082671 M * daniel_hozac to export the functions? 1162082678 M * lylix so basically the outcome would be bytes/s vs. just bytes 1162082698 M * daniel_hozac i thought extern was just to say "this isn't here, resolve during link". 1162082746 M * Bertl yeah, I don't see a good reason for the extern atm 1162082761 M * daniel_hozac one of the few legit complains from sparse, perhaps, hehe. 1162083169 J * shedi ~siggi@inferno.lhi.is 1162083565 M * Bertl lylix: hmm, I think that would be simple to do with a separate rrd 1162083641 M * Bertl using the DERIVE directive 1162083663 M * lylix yep, after minimal research, prob best to use the DERIVE 1162083696 M * lylix perhaps time to try a patch on vstatd and see what upstream ops say :) 1162083738 M * lylix cumulative net data is rather "boring", but still useful 1162087753 J * Aiken_ ~james@tooax8-212.dialup.optusnet.com.au 1162088081 Q * Aiken Ping timeout: 480 seconds 1162090534 Q * ensc Killed (NickServ (GHOST command used by ensc_)) 1162090544 J * ensc ~irc-ensc@p54B4E4F0.dip.t-dialin.net 1162091736 Q * ms_ Ping timeout: 480 seconds 1162091902 J * s0undt3ch_ ~s0undt3ch@81.193.57.141 1162092335 Q * s0undt3ch Ping timeout: 480 seconds 1162092335 N * s0undt3ch_ s0undt3ch 1162092451 Q * FireEgl Quit: Bye... 1162093000 Q * sladen Ping timeout: 480 seconds 1162093163 J * sladen paul@starsky.19inch.net 1162093516 M * Bertl wb sladen! 1162094623 Q * _mcp Read error: Connection reset by peer 1162094623 J * __mcp ~hightower@wolk-project.de 1162094642 Q * besonen Read error: Connection reset by peer 1162094658 J * besonen ~besonen@dsl-db.pacinfo.com 1162096628 T * Bertl http://linux-vserver.org/ <- new and shiny | latest stable 2.02.1, exp 2.02.2-rc4, devel 2.1.0, exp 2.1.1-rc44, stable+grsec 2.0.2.1 | util-vserver-0.30.211 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) 1162096633 M * Bertl *2.02.2-rc4 1162096645 M * Bertl okay, I'm off to bed now ... have fun! 1162096655 N * Bertl Bertl_zZ 1162096755 Q * matled Remote host closed the connection 1162097409 Q * Aiken_ Quit: Leaving 1162098042 J * FireEgl ~FireEgl@Sebastian.Atlantica.US 1162098465 J * ms_ ~ms@arkansas.doc.ic.ac.uk 1162100630 J * _node ~node@c-69-143-154-220.hsd1.md.comcast.net 1162104541 Q * _node Ping timeout: 480 seconds 1162105373 M * sladen Bertl_zZ: ta! 1162105848 J * s0undt3ch_ ~s0undt3ch@81.193.59.165 1162106302 Q * s0undt3ch Ping timeout: 480 seconds 1162106302 N * s0undt3ch_ s0undt3ch 1162106499 J * ooDOObXYm ~hollow@styx.xnull.de 1162106500 J * ntrs_ ~ntrs@68-188-51-87.dhcp.stls.mo.charter.com 1162106728 Q * ntrs Read error: Connection reset by peer 1162106728 Q * Hollow Read error: Connection reset by peer 1162106755 J * Greek0_ ~greek0@85.255.145.201 1162106755 Q * Greek0 Read error: Connection reset by peer 1162107304 N * ooDOObXYm Hollow 1162107854 J * dna_ ~naucki@173-199-dsl.kielnet.net 1162109049 P * gpiero 1162110702 J * matled ~matled@85.131.246.184 1162110884 J * meandtheshell ~markus@85-125-231-241.dynamic.xdsl-line.inode.at 1162112658 J * weichong78 ~weichong7@219.95.252.241 1162112757 M * weichong78 hello i just successfull compiled a custom FC6 kernel that support my FC6 host for vserver, and did a "vserver xxx build -m rpm -- -d fc6" 1162112769 M * weichong78 however the /vserver/xxx seems very minimal 1162112782 M * weichong78 wonder is there a way i do a more complete installation without internet connection 1162112830 M * weichong78 i dont seem to find vserver-copy in my util-vserver-build rpm 1162112868 M * Loki|muh there was an option which duplicates the host to a guest 1162112876 M * Loki|muh but I don't remeber clearly 1162112880 M * Loki|muh +m 1162112897 M * weichong78 +m ? 1162112916 M * weichong78 i read something about -m copy 1162112919 M * Loki|muh I missed a m in remember ;) 1162112941 M * weichong78 build that option exist in my util-vserver-build rpm 1162112958 M * weichong78 i am able to do -m rpm ( -m yum not working well either ) 1162113044 M * Loki|muh in the old wiki there was a little build howto: http://oldwiki.linux-vserver.org/alpha+util-vserver 1162113060 M * Loki|muh I don't know if its on the new wiki anywhere yet 1162113153 M * weichong78 hmm... 1162113201 M * Hollow FYI.. i just migrated the step by step guide: http://wiki.linux-vserver.org/Installation_on_Linux_2.6 1162113203 M * weichong78 the page u show me just now doesn't teach the method of duplicating the host...or did i miss something... 1162113222 M * weichong78 ok...let me check it out... 1162113235 M * Loki|muh weichong78: no it doesn't :( I only heard of, not read of :( 1162113259 M * Hollow weichong78: util-vserver-0.30.211 should support FC6 as build method... 1162113276 M * weichong78 Hollow: it does support FC6 1162113286 M * weichong78 the thing is it gave me a very minimal installation 1162113312 M * weichong78 doesn't look like its working 1162113334 M * Hollow what is missing in your opinion? does it even start? 1162113347 M * weichong78 let me try.... 1162113466 M * weichong78 it complains no /tmp and no /var/run/utmp (coz tehre is no /var/run directory) and failt o start 1162113663 M * Hollow well, i'm not an FC expert, but maybe it helps to just create these directories? 1162113685 M * Hollow OTOH, these dirs should probably be installed by baselayout/base-system, or whatever it is in fedora 1162113717 M * weichong78 ok... 1162113730 M * weichong78 what is the standard way to duplicate the host into the guest? 1162113741 Q * ms_ Ping timeout: 480 seconds 1162113869 M * Hollow weichong78: well, you could just copy your hosts rot filesystem to /vservers/whatever 1162113882 M * Hollow but there is no "standard way" i guess 1162113930 M * weichong78 oh i see 1162113960 M * weichong78 how do i add rpm to the guest (controlling from host), just use vrpm guestname -ivh packagename.rpm? 1162113983 M * Hollow guess so... i never used rpm, nor apt, nor yum.. ;) 1162113992 M * weichong78 :P 1162114007 M * weichong78 i nkow, i like apt-get better too, but just trying out FC6 1162114021 M * weichong78 oh, u dont use apt either :o 1162114028 M * Hollow <- portage 1162114029 M * Hollow :) 1162114030 M * weichong78 so what do u use? slackware? gentoo? 1162114031 M * weichong78 oh 1162114034 M * weichong78 gentoo hehe 1162114041 M * weichong78 too long didn't touch that, 1162114046 M * weichong78 my box would go zzz on it 1162114048 M * weichong78 hehe 1162114065 M * Hollow hehe... well, i maintain vserver in gentoo, so i rarely use other distros 1162114074 M * weichong78 oh i see 1162114095 M * weichong78 :) 1162115612 J * bonbons ~bonbons@83.222.36.111 1162117708 J * franklinux ~franklin@klabs.be 1162117722 P * franklinux Leaving 1162117744 J * UyUsSs ~mturk2474@85.99.181.124 1162117771 A * UyUsSs s.a 1162117953 A * UyUsSs aq 1162118078 Q * UyUsSs Quit: mIRCTurk 1162118455 Q * bonbons Quit: Leaving 1162118546 J * bonbons ~bonbons@83.222.36.111 1162118580 Q * meandtheshell Quit: exit (0); 1162118713 Q * bonbons 1162118719 J * bonbons ~bonbons@83.222.36.111 1162119220 J * meandtheshell ~markus@85-124-37-173.dynamic.xdsl-line.inode.at 1162119828 N * __mcp _mcp 1162120174 N * _mcp __mcp 1162120490 J * ms_ ~ms@arkansas.doc.ic.ac.uk 1162121493 P * weichong78 1162122890 M * Hollow derjohn2: you around? 1162123140 J * lilalinux ~plasma@dslb-084-058-205-158.pools.arcor-ip.net 1162127532 Q * mire Quit: Leaving 1162128389 J * Piet hiddenserv@tor.noreply.org 1162130698 J * sla 1006@leo.sinp.msu.ru 1162130701 M * sla hi! 1162130725 M * sla I've got the situation, when mysql under vserver hangs on 2.6.18.1 1162130812 M * sla processes are visible, everything is working, I can rather connect to the server with mysql, but connection between mysql and httpd via PHP is not possible 1162130832 M * sla also, there is no way to shut the mysqld in such a situation. 1162130840 M * sla what are possible problems? 1162130980 Q * sla Remote host closed the connection 1162131108 M * doener too impatient 1162131123 J * sla 1006@leo.sinp.msu.ru 1162131131 M * sla ? 1162131132 M * doener *lol* 1162131151 M * doener I just said that you are too impatient because you left :) 1162131169 M * sla are u a robot? 1162131174 M * doener anyway... which kernel patch are you using? 1162131180 M * sla latest 1162131188 M * doener yeah, a bot with lots of humor ;) 1162131199 M * sla nice! :) 1162131215 M * sla so, I've lost connection for a moment. 1162131217 M * doener that's rc44? 1162131253 M * doener are you on x86_64? 1162131257 M * sla no, latest available 2 days ago, 42 1162131269 M * sla no, P4, 32 1162131314 M * doener hm, the MySQL related fix was x86_64 only IIRC... daniel_hozac do you know? 1162131330 M * sla no 1162131333 M * doener in what way does shutting down mysql fail? 1162131381 M * sla so, very strange. It is possible to connect to mysqld by mysql. but it fails when connecting from iother procs. 1162131392 M * sla and hangs to shutdown 1162131404 M * sla maybe, rlimits? 1162131437 M * doener possible, does dmesg in the host tell anything about killed processes? 1162131441 M * sla i've changed the nproc and nofiles, to 1000 and 3000 , but it cannot help... 1162131456 M * sla no, there is no report in dmesg. 1162131512 M * doener do you have a cli or cgi version of php available? 1162131536 M * doener ie. one that runs from command line? 1162131552 M * sla no, php httpd module and cli. 1162131566 M * sla check them too? 1162131634 M * sla as I can see, mysqld hangs after some time for mysql too. 1162131658 M * doener what does "hang" mean exactly 1162131659 M * doener ? 1162131758 M * sla stops answering. processes are active (according to ps -ax), but no connections available. 1162131803 M * sla sometimes there are reports that /tmp/mysql.sock is not operable (or so) 1162131827 M * doener could you get me such a report and put it on paste.linux-vserver.org? 1162131833 Q * michal` Ping timeout: 480 seconds 1162131874 M * doener the output of "show variables" in mysql would also be useful 1162132055 M * sla I need some time to reproduce the situation 1162132096 J * michal` ~michal@www.rsbac.org 1162132150 M * daniel_hozac doener: hmm, wasn't the MySQL fix the do_IRQ enters admin context, in which case it's for all archs? 1162132180 M * matti Maybe somebody know: is there a way to add some new value to POST from javascript? 1162132196 M * daniel_hozac however, that problem was supposed to be fixed a while ago... -rc39 or so. 1162132229 M * sla vxW: xid=5 did lookup hidden f7eee4a0[#0,4026531874] »/proc/bus«. 1162132229 M * sla vxW: xid=5 did lookup hidden f7eee4a0[#0,4026531874] »/proc/bus«. 1162132229 M * sla vxW: xid=5 did lookup hidden f7eee4a0[#0,4026531874] »/proc/bus«. 1162132229 M * sla vxW: xid=5 did lookup hidden f7eee4a0[#0,4026531874] »/proc/bus«. 1162132229 M * sla vxW: xid=5 did lookup hidden f7eee4a0[#0,4026531874] »/proc/bus«. 1162132230 M * sla vxW: [#5] pid_task(2251,0) = c19e2a90[#0] 1162132230 Q * sla Killed (FloodServ ((FloodServ) Warning, you have triggered a network protection. Stop flooding!)) 1162132239 M * doener matti: do you already have a POST form element? 1162132240 J * sla 1006@leo.sinp.msu.ru 1162132249 M * sla but mysql still working. 1162132274 M * daniel_hozac sla: please use paste.linux-vserver.org for anything longer than 3 lines. 1162132303 M * sla OK 1162132311 M * sla am i alive? 1162132361 M * sla sent 1162132432 Q * sla 1162132438 J * sla 1006@leo.sinp.msu.ru 1162132448 M * sla hi again 1162132513 M * daniel_hozac hello 1162132529 N * __mcp mcp 1162132529 M * sla so, the dmesg output posted. 1162132579 M * daniel_hozac yep, should be harmless. 1162132634 M * matti doener++ 1162132637 M * sla yet another cake pasted.... 1162132741 M * daniel_hozac again, should be harmless. the pid_task warnings are very easy to get. 1162132814 M * sla for now, mysqld is running. without problems. i'm waiting for it. 1162132897 M * derjohn2 Hollow, you pinged /me 1162132947 M * Hollow derjohn2: yeah, just wanted to know the status of your FAQ work... 1162132997 M * derjohn2 lart me, I didnt process yet, but I promise to spend time on the project as soon as I got a working rc44 on my hosts 1162133001 M * derjohn2 hopefully this evebing 1162133024 M * derjohn2 and: Thanks for reminding ... ("Verdraengung ;)") 1162133202 Q * derjohn2 Remote host closed the connection 1162133251 M * sla mysqld still works. strange. 1162133470 M * phreak`` daniel_hozac: btw, everything seems to be fixed; even the strange startup oops bug (the pid_task cross context lookup thing) 1162133521 M * daniel_hozac phreak``: cool, what did you do to fix it all? :) 1162133554 M * phreak`` daniel_hozac: rebuilt the guests :) 1162133573 M * phreak`` (and created a new config from scratch) 1162133581 M * daniel_hozac ah 1162133603 J * mire ~mire@233-167-222-85.adsl.verat.net 1162133628 M * sla oh! mysqld hangs! 1162134046 Q * Piet Ping timeout: 480 seconds 1162134251 Q * lilalinux Remote host closed the connection 1162134533 M * daniel_hozac sla: and what does strace say mysqld is doing? 1162134686 M * doener and could I get the requested data? 1162134944 J * lilalinux ~plasma@dslb-084-058-205-158.pools.arcor-ip.net 1162135289 M * sla doener: hm... seems, that there is a limit for socket connections, maybe? php reports, that mysql has too much connections. 1162135301 M * doener yeah, that's a mysql setting 1162135308 M * doener you're just exceeding the limit 1162135346 M * doener and probably there's an idle timeout set, that makes you mysql client become disconnected (which looks like a hanging mysqld to you) 1162135771 Q * ms_ Ping timeout: 480 seconds 1162135789 J * b0dy ~zipzap@87.218.87.140 1162136971 J * Piet hiddenserv@tor.noreply.org 1162138355 N * Bertl_zZ Bertl 1162138359 M * Bertl morning folks! 1162138430 M * daniel_hozac morning Bertl! 1162138450 M * Bertl doener: any info regarding the sendfile issue? just skimmed over the ML posting .. 1162138464 M * doener no idea 1162138494 M * daniel_hozac i'd be inclined to blame lustre. 1162138509 M * doener dito 1162138538 M * Bertl okay, so we do not see similar with ext2/3/nfs? 1162138564 M * daniel_hozac my httpd's with ext3 filesystems work fine. 1162138577 M * Bertl and uses sendfile, I presume :) 1162138634 M * daniel_hozac indeed. 1162138842 M * Bertl okay, tx 1162139129 M * sid3windr luser filesystem! 1162139129 M * sid3windr ;) 1162139426 Q * Greek0_ Ping timeout: 480 seconds 1162141817 M * m4z hey, it's once again for me asking (maybe) stupid questions - i can't seem to run exim within a guest, it fails with "setrlimit(RLIMIT_NPROC) failed: Operation not permitted", however i don't know why this happens since the process count is far beyond the allowed maximum 1162142010 M * m4z s/again /again time / 1162142060 M * nox relaying on topic you will have much wikiwork 2do 1162142232 M * Bertl m4z: probably your host has some ulimits set, but the guest (exim) wants to raise them 1162142246 M * Bertl m4z: which is not allowed inside a guest 1162142269 M * Bertl i.e. either change the limits for exim/pam or raise the limits for the guest 1162142296 M * m4z Bertl: i know that but i haven't, both ulimits and rlimits are _way_ above the currently used number 1162142319 M * Bertl yeah, it's not the 'number' it's the limit itself 1162142341 M * Bertl i.e. you have let's say an ulimit of 1000 1162142352 M * Bertl and exim (or whatever) wants to set an ulimit of 2000 1162142367 M * Bertl while there are 5 processes running right now :) 1162142376 M * m4z hmm, so i can choose between either ripping them out of the host system or giving the guest cap_sys_resource (or what it's called)? 1162142401 M * Bertl nah 1162142414 M * Bertl options are: 1162142426 M * Bertl - raise the guest's ulimit (in the config) 1162142450 M * Bertl - change the config of the process trying to raise limits inside the guest 1162142476 M * Bertl - give the partially dangerous SYS_RESOURCE 1162142507 M * Bertl typically it is solved with a proper host and guest config 1162142515 M * m4z concerning the first, that's what i do in rlimits/, right? 1162142516 J * ms_ ~ms@arkansas.doc.ic.ac.uk 1162142529 M * Bertl m4z: nope, ulimts 1162142534 M * Bertl *ulimits 1162142554 M * Bertl rlimits are per guest, the ulimit is per process (and that's what bites you) 1162142573 M * m4z hmm, /etc/security/limits.conf or is there a "hack" for vsenver? 1162142579 M * m4z *rver 1162142605 M * Bertl nope, that is fine, but you can put per guest ulimits into the guest config 1162142637 M * Bertl strace the exim startup, and see to what values it tries to raise the limits 1162142657 M * Bertl then give the guest at least those limits and/or change the exim config 1162142665 M * m4z k, thanks for your time (: 1162142697 J * the_hydra ~a_mulyadi@202.59.168.29 1162142700 M * Bertl np, we'll add something like tghe igneg_nice for limits sooner or later (where raises get silently ignored) 1162142731 M * Bertl in 99% the process requesting the raise doesn't need it anyways 1162142907 M * nox is the "buglet" for tun devices already fixed in .211? 1162142928 M * daniel_hozac what "buglet" is that? 1162142938 M * daniel_hozac (and it probably would've been had i known about it :)) 1162143000 M * nox was not able to run it with a tun devive, due to a buglet in util-vserver <- in the FAQ from derjohn committed by you daniel_hozac 1162143029 M * daniel_hozac hmm? 1162143059 M * nox confirmed ofcause 1162143121 M * daniel_hozac well, the peer issue was fixed in -rc23.2 IIRC. 1162143156 M * daniel_hozac and i don't really consider it a bug that you can't do peer assignments with the utils. 1162143202 M * daniel_hozac it works fine to bring up the address yourself in a pre-start script. 1162143286 M * nox and map it to the guest? 1162143324 M * daniel_hozac as always, you only assign IP addresses to guests, not interfaces. 1162143341 M * daniel_hozac so just assign the address you assigned to the tun0 to the guest, and it'll be visible. 1162143373 M * nox ok thx gonna try that asap 1162143400 M * daniel_hozac (and remember nodev, as you've brought it up elsewhere) 1162143481 M * nox so guest starts with the ip but it is not used until vpn ist started? 1162143495 M * nox s/ist/is 1162143540 M * nox well better try first then i gonna c 1162143542 M * daniel_hozac it will be used for all guest generated traffic. 1162143550 M * daniel_hozac as usual. 1162143569 M * daniel_hozac (unless tun devices are handled specially and i'm unaware of that, of course ;)) 1162143781 M * m4z Bertl: this sucks 1162143782 M * m4z getrlimit(RLIMIT_NOFILE, {rlim_cur=1024, rlim_max=1024}) = 0 1162143782 M * m4z getrlimit(RLIMIT_NPROC, {rlim_cur=128, rlim_max=128}) = 0 1162143782 M * m4z setrlimit(RLIMIT_NPROC, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = -1 EPERM (Operation not permitted) 1162143783 Q * michal` Ping timeout: 480 seconds 1162143812 M * the_hydra that as root? 1162143817 M * Bertl m4z: see, that is a typical misguided app 1162143831 M * Bertl m4z: first it lowers the limits to 128/128 1162143846 M * Bertl then it raises them again to infinity 1162143855 M * Bertl (well it tries to, but fails) 1162143863 M * m4z the_hydra: it's about exim, it tries to do bullshit 1162143877 M * the_hydra m4z: i c 1162143882 M * Bertl what I wonder is, where does the 128/128 come from? 1162143895 M * Bertl maybe your limits inside the guest per session? 1162143913 M * m4z hmm, afaict i haven't set any 1162143927 M * Bertl check inside the guest in /etc/security/limits* 1162143950 M * Bertl and if there is a 128/128 limit, remove that for exim 1162143965 M * m4z none set 1162143971 M * Bertl also check that when you start it (via shell or so) that you do not bring limits from outside 1162143976 M * Bertl check with ulimit -a 1162143991 M * m4z yeah they're from the host- 1162143999 M * m4z but does that change anythin? 1162144014 M * Bertl sure, they are inherited if not specified otherwise 1162144037 M * Bertl are you logged on via ssh or via 'enter'? 1162144081 M * m4z via enter - so if i log in via ssh i can specify greater (ie 1024) limits than in the host? 1162144089 M * m4z (ie 128) 1162144094 M * Bertl you can do so in any case 1162144096 M * daniel_hozac only if the sshd was started with greater limits. 1162144101 M * Bertl just the procedure is different 1162144129 M * Bertl in the enter case, you would use ulimit to raise them before you enter 1162144150 M * Bertl in the ssh case, you have to raise them for the guest before you start the sshd 1162144160 M * m4z well but i would've raise them to infinity, right? 1162144168 A * m4z slaps the exim authon 1162144170 M * m4z *r 1162144175 M * the_hydra :)) 1162144210 M * m4z thanks again then 1162144240 Q * virtuoso Ping timeout: 480 seconds 1162144251 Q * b0dy Remote host closed the connection 1162144326 M * Bertl m4z: ur welcome! 1162144366 J * virtuoso ~s0t0na@shisha.spb.ru 1162144592 J * michal` ~michal@www.rsbac.org 1162145217 M * Hollow daniel_hozac: apropos ulimits.. the configuration.xml says, these are only honored in 2.4 kernels... 1162145236 M * daniel_hozac oh right! i forgot to fix that. 1162145278 M * Bertl btw. how good/bad would you think are our chances to rename the rlimits to climits and use rlimits for ulimits? 1162145301 M * Bertl (not saying that I really want to go through that :) 1162145328 M * Hollow guess it would confuse a lot of people even more .. 1162145339 M * daniel_hozac indeed. 1162145351 M * Bertl okay, tx 1162145498 M * Hollow daniel_hozac: regarding the configuration.xml -> wiki synchronisation.. IMO it is even less readable than the flower page, i'd like to split/move that page into some smaller parts with more descriptive text in it, do you think it is really necessary to have this long list in the wiki? we could just link to the flower page as "/etc/vservers reference" 1162145545 M * Hollow (and probably change the default stylesheet of the flower page ;) 1162145571 M * Bertl yeah, I think the grass2 was really nice 1162145571 M * Hollow not that i'm against this nice background.. but... you know ;) 1162145646 M * Hollow uhm... either i am dumb, or google does not list the flower page if you search for flower page anymore 1162145910 M * daniel_hozac yeah, i don't know what's up with that... 1162145926 M * daniel_hozac and yeah, not having the same thing in the wiki would make sense. 1162145941 M * Bertl maybe somebody requested to clear certain pages? 1162145953 M * Bertl it seems google doesn't index the irc logs either 1162145962 A * Hollow whips 1162146063 M * Hollow daniel_hozac: i see two options: either we split the configuration across the approiate pages (e.g. /etc/vservers/*/ccapabilities to Capabilites_and_Flags), or we make a pretty page explaining all the configuration options with sections, headings etc... 1162146119 M * Hollow Bertl: probably because the logs are *.txt? 1162146125 M * Hollow dunno what google actually does index.. 1162146136 M * daniel_hozac google used to index the IRC logs. 1162146142 M * Hollow hm.. 1162146152 M * Bertl yep, but we can 'html-ify' them easily 1162146417 M * daniel_hozac very strange that the flower page isn't googleable anymore. 1162146445 J * s0undt3ch_ ~s0undt3ch@bl4-57-54.dsl.telepac.pt 1162146621 J * Greek0 ~greek0@85.255.145.201 1162146877 Q * s0undt3ch Ping timeout: 480 seconds 1162146877 N * s0undt3ch_ s0undt3ch 1162147504 Q * mire Quit: Leaving 1162147543 Q * the_hydra 1162148074 M * Hollow daniel_hozac: another (minor) configuration.xml thing... bcapabilities and ccapabilities is probably not experimental anymore? 1162148693 M * Bertl btw, if there are no objections, I plan to release the 2.1.1 tonight, will upload the 'hopefully final' rc45 now ... 1162148896 T * Bertl http://linux-vserver.org/ <- new and shiny | latest stable 2.02.1, exp 2.02.2-rc4, devel 2.1.0, exp 2.1.1-rc45, stable+grsec 2.0.2.1 | util-vserver-0.30.211 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) 1162148940 M * Bertl *rc45: cow chown fixes, removed inode debug, removed extern on syscall, mips ptrace 1162148991 M * Bertl please let me know if I forgot something and/or you encountered any issues with rc44+ 1162149007 M * Hollow :) 1162149029 M * Bertl ah, we'll remove the stack trace in pid_task() for final 1162150208 Q * eyck_ Remote host closed the connection 1162150953 M * derjohn Bertl, why dont you remove it now and upload "in place"? 1162151082 M * derjohn There would be good chances that that rc45 could be declared as stable then ? 1162151205 M * daniel_hozac not stable, but devel :) 1162151267 M * derjohn daniel_hozac, *g* confusung, yes ... 1162151307 M * Radiance BertI, about the si load issue...the changes helped for a bit but it's spiking again making the box almost unusable...i'm going to upgrade to 2.6.18 see if it helps 1162151505 M * Bertl make that and please let us know how it goes! 1162151627 Q * ruskie Ping timeout: 480 seconds 1162151699 M * Radiance ok :) 1162151723 M * Bertl rc45 is a good choice IMHO 1162151744 Q * sla Remote host closed the connection 1162151996 Q * FireEgl Ping timeout: 480 seconds 1162152585 M * derjohn rc45 is THE choice ;) 1162153337 M * Zaki hello 1162153345 M * Zaki hello Bertl :) 1162153437 J * ruskie ~ruskie@ruskie.user.oftc.net 1162153454 M * Bertl hey Zaki! 1162153470 M * Zaki Bertl, how are you? 1162153496 M * Zaki and how is vserver development going? 1162153500 M * Bertl fine, thanks! 1162153563 M * Zaki is there a way to limit disk I/O usage in VServers? 1162153726 M * Bertl well, limit not really, but that wouldn#t buy you muc 1162153729 M * Bertl +h 1162153755 M * Bertl if you limit disk I/O it causes many processes to get stuck in D state 1162153773 M * Bertl it's better to limit such guests (with excessive I/O) in cpu 1162153801 M * Bertl but Linux-VServer support 'fair' I/O scheduling with cfq 1162154043 M * Zaki i mean Guest VPS'es 1162154066 M * Zaki to limit disk I/O of a specific VPS 1162154070 M * Bertl yeah, we call the VPS'es Guests 1162154089 M * Zaki so VServer does that? 1162154101 M * Bertl fair I/O scheduling with CFQ yes 1162154125 M * Zaki OpenVZ does not do it right? 1162154146 M * derjohn Zaki, ask on a differnt channel ;) 1162154147 M * Bertl IIRC, they announced to add it recently, so maybe it's already there in some test version 1162154169 M * Zaki i see 1162154190 M * Zaki derjohn, comparison only 1162154236 M * derjohn Zaki, well, the ovz people know for sure, what their product can do. We dont - and we dont want to spread false information! 1162154257 M * Zaki derjohn, oh ok :) 1162154259 M * Bertl right, but we appreciate objective comparions :) 1162154271 M * derjohn yes, we really do ! 1162154295 M * Zaki Bertl, especially at features supported by vservers and not in others!! 1162154306 M * Zaki hehe 1162154319 M * Zaki i'm just kidding 1162154334 M * Bertl nah, not really, but I think there are many features where OVZ and Linux-VServer differ 1162154343 J * s0undt3ch_ ~s0undt3ch@81.193.57.211 1162154350 M * derjohn ehlo s0undt3ch ! 1162154691 Q * s0undt3ch Read error: Operation timed out 1162154691 N * s0undt3ch_ s0undt3ch 1162155257 Q * shedi Quit: Leaving 1162155905 M * derjohn Bertl, or daniel_hozac : where can I manually remove that stacktrace you talked about ? 1162156062 M * Bertl look for WARN_ON in the patch 1162156088 M * derjohn in the patch ? k, thx ! 1162156137 J * shedi ~siggi@inferno.lhi.is 1162156216 M * derjohn if I remove all "WARN_ON(..)" then the stacktraces will be gone ? 1162156226 M * Bertl yup 1162156250 M * derjohn can I delte that directly from the patch? of will patch complain then? 1162156268 M * Bertl well, if you correct the line numbers in the aptch, sure 1162156321 M * derjohn I never understood what they mean: e.g. @@ -873,24 +873,15 @@ ? 1162156330 M * derjohn Minus? Plus? 1162156333 J * FireEgl FireEgl@Sebastian.Atlantica.US 1162156369 M * Bertl -, +, 1162156413 M * derjohn ah, thx ! (/me wonders why /me didnt fint that info with google or man ... and I really searched!) Thx ! 1162156502 M * derjohn but I just decided to put /* */ around the line :) 1162156618 M * derjohn *find 1162156625 Q * bonbons Quit: Leaving 1162157375 Q * Radiance Remote host closed the connection 1162157831 Q * ms_ Ping timeout: 480 seconds 1162158891 Q * lilalinux Remote host closed the connection 1162159342 J * Radiance 315ca812d1@halt.1984world.eu 1162160225 Q * dna_ Quit: Verlassend 1162162562 J * Aiken ~james@tooax6-212.dialup.optusnet.com.au 1162163700 J * s0undt3ch_ ~s0undt3ch@81.193.60.193 1162163857 M * Radiance BertI, upgrade done, now it's just waiting 1162164099 J * pzYsTorM schak@dslc-082-082-073-186.pools.arcor-ip.net 1162164145 Q * s0undt3ch Ping timeout: 480 seconds 1162164145 N * s0undt3ch_ s0undt3ch 1162164213 M * pzYsTorM evening. anyone an idea for: denied resource overstep by requesting 126967808 for RLIMIT_STACK against limit 8388608 for /lib/util-vserver/secure-mount ? kernel 2.6.17.14+grsec2.1.9 1162164225 M * pzYsTorM when starting a vserver 1162164306 M * Bertl seesm like some stack limit got hit? 1162164317 M * doener over 100mb of stack? 1162164339 M * Bertl unusual, but it looks like, no? 1162164348 M * doener sure, just wondering why it does that 1162164360 M * pzYsTorM yes, wondering, too 1162164398 M * Bertl but there is grsec involved too ... 1162164413 M * pzYsTorM my grsec adjustments are as simple as possible. no rbac, no pax 1162164429 M * Bertl actually it looks to me somewhat like grsec messages, sec 1162164446 M * pzYsTorM yes. that is a grsec msg 1162164485 M * Bertl is it always reproducible? 1162164507 M * pzYsTorM i will restart it, just a second 1162164589 J * ms_ ~ms@arkansas.doc.ic.ac.uk 1162164601 M * pzYsTorM it seems so: this time-> 131047424 for RLIMIT_STACK against limit 8388608 1162164621 M * Bertl check if it keeps increasing 1162164640 M * Bertl if so, it's a bug in the grsec adaptation (or grsec itself) 1162164672 M * pzYsTorM yes :( 133279744 for RLIMIT_STACK against limit 8388608 1162164686 M * Bertl so some counter doesn't get reset 1162164820 M * pzYsTorM and... shall i ignore that problem? ... or build a kernel without grsec? 1162164835 M * daniel_hozac does it work? 1162164845 M * daniel_hozac that seems to be a rather fatal problem. 1162164846 M * pzYsTorM yes. the guest starts without errors 1162164870 M * Bertl well, harry does maintain the grsec combos, so you ahve to ask him for debugging 1162164906 M * Bertl of course, using Linux-VServer without grsec should fix it too :) 1162164957 M * pzYsTorM but i love these tiny features like proc-security or chroot-security :) 1162164982 M * daniel_hozac how do they differ from the features named the same thing in Linux-VServer? 1162165184 M * pzYsTorM sorry? does the linux-vserver have those features build-in? 1162165184 M * Bertl kind of nap attack here ... so I'm off to bed now, and probably back later ... (if not, the release will be done tomorrow) 1162165227 M * daniel_hozac yes, that's why you have to run vprocunhide and set the chroot barrier... 1162165241 M * doener pzYsTorM: hm, the chroot protections of grsec of which I know would break util-vserver 1162165250 N * Bertl Bertl_zZ 1162165318 M * doener and the general proc-hiding is IMHO pretty annoying... "Hm, is some process on havoc? Oh, I need to be root to see that..." 1162165509 M * pzYsTorM there are also some features against escaping a chroot. disallow mknod. disallow double-chroot. deny sysctl writes. all those things, exploits would use to break out. 1162165533 M * doener chroot escape protection is in linux-vserver. 1162165546 M * doener double chroot restrictions would break chroot in a vserver 1162165553 M * doener mknod is disallowed in a vserver 1162165570 M * doener sysctl as well 1162165582 M * pzYsTorM ah ok. didnt know that. 1162165591 J * _node ~node@c-69-143-154-220.hsd1.md.comcast.net 1162165614 M * doener well, it's a basic requirement... if you could break out that easily, the whole vserver thing would be useless 1162165945 M * pzYsTorM well, i disable the chroot stuff in grsec. the process-hide is a must-have. i hope, that the stack bugs are gone, if i ease the restrictions. 1162165992 M * daniel_hozac what process-hide? 1162166017 M * doener why is it so critical if user foo can see what user bar is running? 1162166036 M * pzYsTorM top, ps faux, netstat only show the processes of the user and not the root and system-processes 1162166128 M * pzYsTorM its critical that all those vserver owners run their php restriction-less. with phpShell or selfbuild-scripts a web-user could see the processes 1162166178 M * daniel_hozac so you have multiple users in each guest? 1162166204 M * daniel_hozac and using suphp or whatever it's called? 1162166283 M * doener so it protects admins from webhackers seeing them downloading pr0n? *g* 1162166309 M * daniel_hozac ah, of course! haha. 1162166315 M * Radiance pzYsTorM, such warnings from grsec are 9 out of 10 caused by bad/buggy code in the app being denied 1162166352 M * doener Radiance: would be a rather strange bug in the app that causes it to request more memory each time it is run 1162166364 M * doener not impossible, but it is very likely a kernel bug 1162166380 M * Radiance yeah, could be anything, grsec just catches those 1162166394 M * Radiance without grsec in many cases such warnings are not displayed 1162166396 M * doener heh, catching its own bugs :)