1162944005 J * morrigan morrigan@IRC.13thfloor.at
1162944695 M * Bertl great, I'm back .. seems austria went offline ... at least the telekom adsl ...
1162945008 M * nox god bless all bnc (;
1162945295 M * Bertl hehe
1162945501 M * hardwire heh
1162945645 Q * bonbons Quit: Leaving
1162946618 Q * yarihm Quit: Leaving
1162947285 Q * virtuoso Server closed connection
1162947310 J * virtuoso ~s0t0na@shisha.spb.ru
1162947879 Q * Godsey Server closed connection
1162947883 J * Godsey ~jason@proto.OpenSYSV.com
1162947896 M * Bertl wb Godsey! virtuoso!
1162948272 Q * node Server closed connection
1162948284 J * node ~dwindsor@stanford.columbia.tresys.com
1162948305 J * ekc ~ekc@netblock-66-245-252-180.dslextreme.com
1162948333 M * Bertl wb node! ekc!
1162948345 M * ekc hello
1162948656 M * ekc If I don't set a limit on the number of dentry structs, can a malicious program use that to launch a dos attack on the host?
1162948838 M * Bertl yes, as with basically all resources
1162948906 M * Bertl but in reality, those kind of attacks are pretty rare
1162948933 Q * ekc Remote host closed the connection
1162948949 J * ekc ~ekc@netblock-66-245-252-180.dslextreme.com
1162948956 M * Bertl wb ekc!
1162948957 M * ekc right. what is a reasonable limit for dent?
1162948986 M * Bertl the kernel gives you a 'current' value for each guest
1162949014 M * Bertl check that for a bunch of them, multiply it with 5 or 10 and you should have a sane limit
1162949045 M * ekc where in proc can I see the current value for the host?
1162949058 M * Bertl /proc/virtual/<xid>/limits
1162949076 M * Bertl it's for each guest, the host is unlimited in most of them
1162949317 M * ekc also, i had a question about idle time. I'm using vsched 0.3 to set idle time. I noticed that the vsched.c included with vserver-util 2.1.1 doesn't include idle time config options. 
1162949332 M * ekc Did the interface change or are there two different vsched's for a reason?
1162949424 M * Bertl the typical v*-0.0x tools from the experimental dir are test tools to make new kernel functionality available for folks testing that
1162949474 M * Bertl the tools in util-vserver (0.30.211) are maintained by daniel_hozac and ensc, and version 0.30.212 (or the cvs) should already support idle time
1162949496 M * ekc ah. ok. i saw idle time listed in the changelog for 2.1.1 and thought that vsched-0.3 might have been folded into 2.1.1
1162949527 M * Bertl nah, not yet
1162949556 Q * ekc Remote host closed the connection
1162949577 J * ekc ~ekc@netblock-66-245-252-180.dslextreme.com
1162949588 M * ekc ok
1162949689 M * Bertl seems your connection is a little flakey ..
1162949882 M * ekc no kidding. it's terrible. i need to find good IRC client I can run from a shell so I can ssh into one of my colocated boxes and use IRC
1162950177 M * nox and with vserver the risk for that is much smaller
1162950213 M * brcc w
1162950280 M * nox wouldn?t run irssi on a productive server elsewise
1162950299 M * Bertl ekc: try irssi, works like a charm
1162950484 Q * ekc 
1162950604 M * nox Bertl: but if you would use it great ignore i would miss your greetings (;
1162950618 M * nox s/it/its
1162950866 J * eser ~eser@netblock-66-245-252-180.dslextreme.com
1162950874 M * Bertl welcome eser!
1162950974 M * eser aka ekc
1162951001 M * eser should have switched to irssi earlier
1162951054 M * Bertl you can do some nice tricks with irssi ... like have a permanent status window (as upper split)
1162951066 Q * eser Remote host closed the connection
1162951081 M * Bertl also you can reach various channels (more than 25 here) via keyboard shortcuts
1162951104 J * eser ~eser@netblock-66-245-252-180.dslextreme.com
1162951122 M * eser apparently there are some shortcuts i have to get used to :)
1162951138 M * Bertl there is a nice intro page ...
1162951174 M * Bertl http://www.irssi.org/documentation/startup
1162951194 M * eser reading now
1162951409 M * eser i'm setting dentry limits in /etc/vservers/<vserver>/rlimits/dentry but when I start the vserver /proc/virtual... is showing -1 for dentry soft limit
1162951433 M * eser Any idea what I'm doing wrong?
1162951742 M * Bertl there is no soft limit, the hard limit should get a value though
1162951909 M * eser hmm. hard limit is showing -1, too. renamed /rlimits/dentry to  /rlimits/dentry.hard -- same result
1162951931 M * Bertl what tool version do you have?
1162951958 M * eser also, 'vlimit' doesn't recognize 'dentry' as a valid resource
1162951962 M * eser 0.30.211
1162951969 J * Johnnie ~jdlewis@jdlewis.org
1162951975 M * eser can I use vcmd to set the dentry limit?
1162951982 M * Bertl yes, of course
1162952096 M * eser what's the vcmd syntax for setting rlimits? (vcmd always gets me)
1162952248 M * Bertl well, it's a hack tool, shall I explain the secrets to you or do you just want a command line? :)
1162952358 M * eser i got as far as 'vcmd -i <ctx> -BC set_rlimit .dentry=1000' from the source. 
1162952368 M * eser can I cheat? what's the command line? :)
1162952391 M * Bertl hmm, that won't work ...
1162952416 M * Bertl let's take the chance and do a short walkthrough 'how' it really works
1162952435 M * Bertl the most important options are '-n' and '-d'
1162952463 M * Bertl the first disables any actions (syscall) the second enables debug output
1162952478 M * Bertl now, if you do: vcmd -n -d -C set_rlimit
1162952503 M * Bertl you will get a list of data elements and the direction input/output/both
1162952517 M * eser got it
1162952531 M * Bertl the -i as you figured gives the 'implicit' id argument
1162952547 M * Bertl (which most commands use as context (xid))
1162952573 M * Bertl now we need to know the id of the limit too, check out: http://linux-vserver.org/Resource_Limits
1162952592 M * eser ok. dentry is id '22'
1162952626 M * Bertl precisely, so the command goes like this:
1162952663 M * Bertl vcmd -n -d -i <xid> -C set_rlimit .id=22 .maximum=20000
1162952697 M * Bertl the -B and -A will show the actual data passed
1162952708 M * Bertl and if everything looks fine, just remove the -n
1162952758 M * eser ah! so there is a logic behind vcmd. thanks. works like a charm
1162952837 M * Bertl my pleasure
1162952853 M * eser one more question about vcmd
1162952858 M * Bertl sure
1162952877 M * eser in this command: vcmd -i 42 -BC ctx_create .flagword=^34^8 -- cpuhog &
1162952878 Q * gdm Server closed connection
1162952886 M * eser what is flagword?
1162952925 M * Bertl when you create a context, the newer API takes an argument (the flagword) as initial context flags
1162952946 M * Bertl http://linux-vserver.org/Capabilities_and_Flags
1162952948 M * eser what I normally set in /etc/vservers/<vserver>/flags ?
1162952961 M * eser right ok. got it
1162952971 M * Bertl yes, except that the 'init' flags are of importance here
1162952991 M * Bertl in this case, the STATE_ADMIN is preserved
1162952997 M * Bertl (^34)
1162953013 M * Bertl vcmd is quite flexible in interpreting numbers btw
1162953096 M * Bertl i.e. you can use  &, | and the ^<bit> notation
1162953101 M * eser so, create context '42' with STATE_ADMIN and hard cpu scheduling, run cpu hog, and dump data before and after the syscall
1162953105 M * eser makes sense now
1162953215 J * gdm ~gdm@www.iteration.org
1162953302 M * Bertl wb gdm!
1162957283 J * shedi ~siggi@inferno.lhi.is
1162957290 M * Bertl welcome shedi!
1162957309 M * shedi thank u sir
1162957336 M * Bertl how are you? everything fine?
1162957708 Q * eGnarF Server closed connection
1162957719 J * eGnarF ~bartek@bk.crystone.se
1162957740 M * Bertl wb eGnarF!
1162959061 J * Aiken_ ~james@tooax8-006.dialup.optusnet.com.au
1162959083 M * Bertl hey Aiken_!
1162959093 M * Aiken_ hi
1162959104 M * Aiken_ 3rd net connection is less than an hour :(
1162959136 M * Bertl well, had a complete network outage a few hours ago
1162959188 M * Aiken_ storm building up near by, every time a strike between me and the exchange I lose my net connection
1162959387 Q * Aiken Ping timeout: 480 seconds
1162959826 Q * Aiken_ Remote host closed the connection
1162961977 J * bronson ~bronson@c-71-198-75-160.hsd1.ca.comcast.net
1162963028 Q * matled Read error: Operation timed out
1162963031 J * Aiken ~james@tooax6-182.dialup.optusnet.com.au
1162963033 J * matled ~matled@85.131.246.184
1162963552 Q * Aiken Ping timeout: 480 seconds
1162963896 M * Bertl okay, I'm off to bed now .. have a good one everyone!
1162963902 N * Bertl Bertl_zZ
1162963947 Q * mcp Read error: Connection reset by peer
1162963993 J * mcp ~hightower@wolk-project.de
1162970202 Q * |yang| Ping timeout: 480 seconds
1162971968 Q * cdrx Remote host closed the connection
1162972204 Q * harry Read error: Operation timed out
1162972574 J * harry ~harry@d54C2508C.access.telenet.be
1162973124 Q * doener Server closed connection
1162973132 J * doener ~doener@host.magicwars.de
1162973550 J * Piet hiddenserv@tor.noreply.org
1162973811 Q * harry Read error: Operation timed out
1162973939 Q * pflanze Ping timeout: 480 seconds
1162974415 M * nayco_work HEllo, all !!!
1162974424 M * daniel_hozac hello nayco_work.
1162974465 Q * Piet Ping timeout: 480 seconds
1162975245 Q * Zaki Ping timeout: 480 seconds
1162975503 J * dna_ ~naucki@20-198-dsl.kielnet.net
1162975555 J * Zaki ~Zaki@88.213.43.2
1162976214 M * nayco_work daniel_hozac: I was not at work yesterday, that's why I did not investigate more. I gonna have another look today.
1162976249 M * daniel_hozac ok.
1162976270 Q * Zaki Ping timeout: 480 seconds
1162976382 J * meandtheshell ~markus@85-124-37-155.dynamic.xdsl-line.inode.at
1162976549 J * lilalinux ~plasma@dslb-084-058-214-151.pools.arcor-ip.net
1162976638 J * bonbons ~bonbons@83.222.36.166
1162976699 Q * meandtheshell Quit: Leaving.
1162976893 J * Piet hiddenserv@tor.noreply.org
1162977115 J * meandtheshell ~markus@85-124-37-155.dynamic.xdsl-line.inode.at
1162977355 J * harry ~harry@d54C2508C.access.telenet.be
1162977608 J * m4z m4z@bastard-operator.from-hell.net
1162979225 J * Zaki ~Zaki@88.213.43.2
1162979399 Q * Medivh Server closed connection
1162979414 J * Medivh ck@paradise.by.the.dashboardlight.de
1162979705 Q * shedi Quit: Leaving
1162981476 M * nayco_work daniel_hozac: Ah, I gonna reinstall the "strange guest", due to distro version conflict (rpm versions...). So, I juste stopped it, and I got the following message : http://paste.linux-vserver.org/648
1162981502 M * nayco_work And now I remember I just had the same last time... Interresting.
1162981514 M * daniel_hozac stopped is odd.
1162981526 M * daniel_hozac and the empty process list is weird, but i've seen it too.
1162981579 M * nayco_work "stopped" is not the real message : I translated it from french.
1162981627 M * nayco_work I restarted it, to be sure : The strange MySQL problem did not occur again. The processes are visible from the guest, not the host, so everything is ok.
1162981737 M * nayco_work I think last time I ran into a badly handled transient : Upgrading a running guest (although it should not be a problem), stopping it with the above error message, restarting it...
1162981777 M * nayco_work Ok, now I reinstall it. strange anyway... But not reproductible.
1162981959 M * Hollow daniel_hozac: doesn't adding fields to a struct break API? regarding the scheduler changes in util-vserver ..
1162981991 M * daniel_hozac Hollow: yep.
1162982010 M * daniel_hozac well, i'm off to lunch, i'll bbiab.
1162982028 M * Hollow wouldnÄt that imply libvserver.so.1 then?
1162982035 M * Hollow ok, cu later
1162982048 M * daniel_hozac no, because the ABI/API isn't stable ;)
1162982055 M * daniel_hozac it's called alpha for a reason.
1162982056 M * Hollow heh..
1162982108 J * weeble ~weeble@81.52.144.1
1162982114 M * Hollow (beside that it is alpha for ages now ... ;)
1162982438 M * nayco_work daniel_hozac: oh, here is the _real_ english message : http://paste.linux-vserver.org/650
1162982680 Q * weeble Quit: Leaving
1162982875 Q * FireEgl Read error: Connection reset by peer
1162982922 Q * sladen Remote host closed the connection
1162982948 J * sladen paul@starsky.19inch.net
1162983053 Q * matled Read error: Connection reset by peer
1162983053 J * matled ~matled@85.131.246.184
1162983177 J * pflanze ~chris@unk-110.ethz.ch
1162983231 M * harry http://www.kuleuven.be/harry/Image008.jpg
1162983235 M * harry anyone clues?
1162983270 M * nayco_work Huh ? My last vserver stop seems to have failed due to klogd on the host monitoring /proc/kmsg in the guest. So I couldn't be able to rm -rf the guest, I had to kill the host's klogd, manually unmount /vservers/icwww/proc, then retstart the host's loggin system. And now I can rm the guest.
1162983287 Q * ||Cobra|| Read error: Connection reset by peer
1162983810 M * sid3windr harry: "borken"
1162983917 Q * nayco_work Ping timeout: 480 seconds
1162983918 J * ||Cobra|| ~cob@146.50.22.204
1162984248 J * MrX ~urk@219.95.1.214
1162984270 Q * bronson Ping timeout: 480 seconds
1162985481 J * W_SgcQTob ~hollow@styx.xnull.de
1162985532 Q * Hollow Read error: Connection reset by peer
1162985730 Q * Skram Remote host closed the connection
1162985732 J * Skram ~mark@HERCULES.sentiensystems.net
1162986210 J * nayco_work ~nayco@proxy2.laroche.univ-nantes.fr
1162986228 M * nayco_work hello again. (power outage)
1162986590 P * maks bella ciao
1162987104 M * daniel_hozac ok, finally back.
1162987175 M * daniel_hozac harry: we'd need the whole trace.
1162987200 M * daniel_hozac nayco_work: Killed sounds better.
1162987535 M * nayco_work daniel_hozac: yep ;-)
1162987591 M * nayco_work daniel_hozac: Anyway, i'm rebuilding this guest. I think the strange issue of monday will not happen again (sadly, in fact, because I'd liked to know...)
1162987652 M * daniel_hozac me too, although it seemed as if the processes had just been executed in a chroot.
1162988890 J * chand ~chand@m244.net81-64-156.noos.fr
1162989067 M * nayco_work daniel_hozac: maybe they hadn't been killed properly before I restarted the vserver... Well. Anyway, I still get the previous error when stopping this guest, even after reinstalling it from scratch. I use # vserver --version
1162989071 M * nayco_work vserver 0.30.210 -- manages the state of vservers
1162989073 M * nayco_work oops
1162989076 M * nayco_work This program is part of util-vserver 0.30.210
1162989091 M * nayco_work -4mdk from Bertl_zZ 
1162989158 M * waldi hmm, is it secure to allow users to do vserver $bla enter via sudo?
1162989246 M * daniel_hozac nayco_work: you should update to 0.30.211-1mdk :)
1162989260 M * daniel_hozac waldi: it should be, but i wouldn't rely on it.
1162990289 J * rgl ~Rui@87.196.201.177
1162990293 M * rgl hellos
1162990318 M * daniel_hozac hi
1162990320 M * rgl anyone using grsecurity?
1162990432 M * daniel_hozac harry is :)
1162990929 J * click_ click@ti511110a080-3612.bb.online.no
1162991027 M * rgl ah a user :D
1162991037 M * rgl or maybe he's a developer? :D
1162991045 Q * click Ping timeout: 480 seconds
1162991072 Q * pflanze Ping timeout: 480 seconds
1162991408 M * daniel_hozac he's the one doing the merges ;)
1162992327 J * pflanze ~chris@zo-hg-dock-1-305.ethz.ch
1162992716 J * marcfiu ~mef@targe.CS.Princeton.EDU
1162992726 M * marcfiu hello
1162993019 Q * virtuoso Ping timeout: 480 seconds
1162993221 M * daniel_hozac hi
1162993222 M * harry daniel_hozac: i can't give you that... since the machine completely froze... nothing in the logs
1162993228 M * harry only this on screen... no scrolling etc...
1162993285 M * daniel_hozac will be hard to debug then.
1162993417 M * doener frozen from a warning?
1162993435 M * doener maybe that's what bertl meant with the warnings that render the machine unusable?
1162993471 M * doener 17:58:26 <Bertl> problem is, that the number of warnings usually make the  system unuseable :)
1162993484 M * doener that was regarding __do_IRQ though (AFAICT)
1162994072 M * daniel_hozac doener: but the history isn't dumped for warnings.
1162994109 M * daniel_hozac so that looks like an oops or a panic to me.
1162994174 Q * tokkee Server closed connection
1162994191 J * tokkee tokkee@casella.verplant.org
1162994396 J * virtuoso ~s0t0na@80.253.205.251
1162995310 M * harry doener: i don't know what exactly happened, but it wouldn't even respond to any alt-sysrq-sequences
1162995317 J * borgfish ~bla@141.12.9.118
1162995319 M * borgfish re
1162995452 J * shedi ~siggi@inferno.lhi.is
1162996501 Q * rgl Quit: Fui embora
1162996626 J * cunha ~adray@109.102.broadband6.iol.cz
1162996696 M * cunha Hi, could you tell me which attributes are used for unification via hashify?
1162996727 M * pflanze Hello
1162996778 M * renihs welcome pflanze 
1162996874 A * pflanze wanted to know whether one would say "Please take a seat" or whether just "Take a seat" would be ok in an invitation phrase on a web page
1162996898 M * renihs fasten your seatbelt 
1162996911 M * pflanze (in the mean time my client choose to ask somewhere else, so don't necessarily bother)
1162996918 M * pflanze heh
1162996921 M * renihs but i honestly doubt this is the wrong chan :)
1162996924 M * renihs i mean
1162996927 M * renihs i honestly think
1162996937 M * pflanze sure:) but is there a right one for such questions?
1162996954 M * pflanze At least this is a channel I already was on.
1162996964 M * renihs sure, everything has the right time and the right place, at least in this part of the galaxy 
1162997083 A * pflanze joins #english-for-aliens and notices he's the only one
1162997258 M * renihs aliens, the ones from that crazy artist, are soooooooo cute
1162997263 M * renihs hugly
1162998018 M * renihs cudly
1162998108 Q * goblin Server closed connection
1162998120 J * goblin ~jaaa@sr-fw1.router.uk.clara.net
1162998585 Q * Bertl_zZ Server closed connection
1162998593 J * Bertl_zZ herbert@IRC.13thfloor.at
1162998633 N * click_ click
1162998717 Q * cunha Quit: Leaving.
1162998811 M * renihs hi Bertl_zZ !
1162998938 J * Lauren Lauren@cpe-76-179-128-6.maine.res.rr.com
1162998946 M * Lauren @find the marine
1162999010 M * Lauren anyone know where i can get the marine
1162999093 M * renihs very confused ppl joining today
1162999107 Q * Lauren 
1162999484 J * ComplexMind ~mark@cpc1-brig1-0-0-cust828.brig.cable.ntl.com
1162999570 J * qb_ ~qb@sq.sk
1163000026 Q * borgfish 
1163000059 M * ComplexMind anyone here run vservers on top of 802.1q tagged vlans?
1163000084 M * ComplexMind I've got some strange behaviour going on :)
1163000159 N * W_SgcQTob Hollow
1163000565 J * borgfish ~bla@141.12.9.118
1163001367 M * daniel_hozac ComplexMind: such as?
1163001389 Q * blizz Server closed connection
1163001395 J * blizz ~blizz@evilhackerdu.de
1163001498 M * ComplexMind well, I have a vserver host which has two vlans and an ip address on each: eth0.2 (11.22.11.1/24), eth0.4 (10.11.0.1/24)
1163001554 M * ComplexMind I bring up a vserver with an interface on eth0.2, yet it is able to ping and otherwise communicate with hosts on the 10.11.0.1/24 network
1163001573 M * ComplexMind and it isn't going via a router (there is no nat for this network it is pure internal)
1163001627 M * daniel_hozac what hosts? other hosts? or guests on that network, on the same host?
1163001648 M * ComplexMind both on the same host and across the network
1163001687 M * ComplexMind It's not a production setup (yet) but it appears to be set up correctly (tagged vlans on switch etc)
1163001762 M * ComplexMind just seems strange that a vserver with an interface on a vlan should be able to communicate with devices on a seperate vlan, and on non-nat'd private addresses
1163001825 J * cdrx ~legoater@cap31-3-82-227-199-249.fbx.proxad.net
1163001828 M * ComplexMind I could fix this with firewall rules, but surely that's the whole point of tagged vlans - am I missing something?
1163002165 M * daniel_hozac well, is that host the gateway for the other hosts on 10.11.0.0/24?
1163002198 M * daniel_hozac without source-based routing, you'll have guests trying to route traffic from their IP addresses on the VLAN of the other network.
1163002797 M * ComplexMind no - the host running the vserver guests is not a gateway, although it does have an interface on both vlans
1163002798 J * DavidS ~david@chello062178045213.16.11.tuwien.teleweb.at
1163002821 M * ComplexMind the vserver is only on a single vlan
1163002851 M * daniel_hozac guests are not bound to interfaces, they are bound to IP addresses.
1163003016 M * ComplexMind yes
1163003032 M * ComplexMind the guest is bound to an ip address on the vlan interface
1163003045 M * daniel_hozac but anyway, if there's nothing routing between the VLANs, and you're not doing NAT, what you're describing would be impossible.
1163003062 M * ComplexMind yeah
1163003070 M * ComplexMind but apparently not
1163003072 M * ComplexMind :)
1163003121 M * daniel_hozac so the other host you're able to communicate with, it does not have a default route?
1163003167 M * ComplexMind one vlan contains all hosts on the 10.11.0.1/24 network, the other vlan has a public ip subnet.  there is no nat set up but there are a pair of routers upstream
1163003183 M * ComplexMind every host has a default route
1163003229 M * ComplexMind I can paste some configs
1163003372 M * daniel_hozac do you have tcpdump logs or so?
1163003456 M * ComplexMind ok sec
1163003500 M * daniel_hozac or maybe iptables would be better, as you'd get the interface then.
1163003866 M * pflanze renihs: the aliens of Mr. Giger?
1163003872 M * renihs yaaaa
1163003875 M * renihs soooo hugley
1163003877 M * renihs cudley
1163003879 M * renihs cute
1163003883 A * renihs wanna stroke
1163003892 M * pflanze heh
1163003905 M * pflanze at least he's compatriot
1163003924 M * renihs compatriot?
1163003928 J * stefani ~stefani@tsipoor.banerian.org
1163003942 M * pflanze yeah, he's swiss.
1163003967 M * renihs me isnt swiss
1163003969 M * renihs giger is swiss?
1163003974 M * pflanze yep
1163003976 M * ComplexMind daniel_hozac: here you go http://paste.linux-vserver.org/651
1163003978 M * renihs hmm mkay
1163003993 N * Bertl_zZ Bertl
1163003995 M * ComplexMind you can clearly see the echo request going out one way and back the other
1163004000 M * Bertl morning folks!
1163004005 M * ComplexMind hi bertl! :)
1163004078 M * Bertl misconfigured routers?
1163004098 M * Bertl (or to be precise, manageable switches)
1163004120 M * ComplexMind yes there are managed switches in between, but ports are all tagged correctly
1163004131 M * Bertl what about tracepath?
1163004170 M * pflanze Has anyone else seen mozilla always crashing upon startup under vservers?
1163004182 M * Bertl ComplexMind: btw, what purpose have the two default routes?
1163004191 M * Bertl pflanze: nah, why should it?
1163004199 Q * waldi Server closed connection
1163004203 J * waldi ~waldi@bblank.thinkmo.de
1163004225 M * ComplexMind paste updated with tracepath
1163004231 M * ComplexMind no sign of it going via a router
1163004240 M * pflanze Bertl: dunno, it started some time ago in Debian testing, but I'm usually using galeon which works. Then now it also happens in sarge.
1163004258 M * ComplexMind Bertl: I am experimenting with dead gateway detection
1163004297 M * Bertl pflanze: ah, I'm using galeon for ages, it's mozilla based too
1163004345 M * ComplexMind there are two routers on the edge, each with their own gateway to the isp
1163004387 M * Bertl ComplexMind: try to enable the revers path filtering
1163004417 M * Bertl for a dual router setup, you need advanced routing and some kind of rule setup
1163004449 M * pflanze Another thing which happened yesterday: I ran some program under gdb inside emacs, then closed the X connection (means emacs shut down). The machine became almost unresponsive, after minutes of waiting I got an ssh login, load was ~100, but only 2 processes running, the app under gdb. kill -9 and I got the machine back.
1163004450 M * ComplexMind yeah I didn't think it would be so simple, it was an experiment
1163004451 Q * chand Quit: chand
1163004479 M * pflanze the process only took about 20M, so no trashing.
1163004490 M * ComplexMind so how do I enable reverse path filtering?
1163004510 M * ComplexMind s'ok I found it
1163004517 M * pflanze (s/trashing/thrashing/)
1163004545 M * Bertl pflanze: sounds strange, a load of 100 with 2 processes?
1163004555 M * pflanze yep
1163004561 M * Bertl pflanze: what kernel/patch version do you use?
1163004571 M * pflanze 2.6.17.8-vs2.0.2-rc28
1163004617 M * Bertl is something of the reported stuff reproducible ?
1163004656 M * pflanze I'm suspecting some ptrace problem, and since I think had the process under gdb in segfault state, maybe segfaults were happening in an endless loop or something.
1163004682 M * pflanze I'll try if I can reproduce. Just wanted to be sure it isn't known before putting time into that.
1163004788 M * ComplexMind looks like the rp_filter has it :)
1163004922 A * pflanze -> off, later
1163004931 M * ComplexMind thanks bertl, turning on rp_filter solved the problem
1163004978 Q * pflanze Quit: [x]chat
1163004986 M * ComplexMind although, the guest can still communicate with it's host on the private network
1163005011 M * ComplexMind but anything off-machine is now correctly filtered
1163005026 M * Bertl well, I first thought you are contacting the other end with the proper ip
1163005038 M * Bertl that's why I opted for a misconfigured switch
1163005052 M * Bertl then I saw (from your paste) that you are using the wrong ip
1163005060 M * Bertl which is perfectly fine btw
1163005083 J * bronson ~bronson@c-71-198-75-160.hsd1.ca.comcast.net
1163005105 M * ComplexMind yeah I understand why, sometimes you might want asymetrical routing but not in my case, so I can turn on rp_filter
1163005170 M * ComplexMind rp_filter has bitten me before :)
1163005180 M * ComplexMind hopefully for the last time now ;)
1163005208 M * Bertl wb bronson!
1163005395 Q * eser Remote host closed the connection
1163005408 J * eser ~eser@netblock-66-245-252-180.dslextreme.com
1163006148 M * Bertl okay, off for dinner ... back shortly
1163006153 N * Bertl Bertl_oO
1163006335 Q * bronson Ping timeout: 480 seconds
1163006994 J * Piet_ hiddenserv@tor.noreply.org
1163007305 Q * Piet Ping timeout: 480 seconds
1163007942 T * * http://linux-vserver.org/ <- new and shiny | latest stable 2.02.1, exp 2.02.2-rc5, devel 2.1.1, stable+grsec 2.0.2.1, devel+grsec 2.1.1 | util-vserver-0.30.211 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the iki, and we'll forget about the minute ;)
1163007942 T * harry -
1163007972 N * Bertl_oO Bertl
1163007976 M * Bertl back now ...
1163008315 J * Ben81 ~Ben81@tipi0e.lri.fr
1163009160 M * Bertl welcome Ben81!
1163009228 M * Ben81 hi
1163009337 Q * duckx Read error: Connection reset by peer
1163009487 J * duckx ~Duck@81.57.39.234
1163009496 Q * eser Remote host closed the connection
1163009499 M * Bertl wb duckx!
1163009504 J * togtog ~tog@e182122101.adsl.alicedsl.de
1163009508 J * eser ~eser@netblock-66-245-252-180.dslextreme.com
1163009513 M * Bertl welcome togtog!
1163009574 M * Bertl networks seem especially unstable the last few days ...
1163009984 M * Hollow freenode was completely down some days ago ;)
1163010000 M * Bertl yeah, IIRC, they suspected a DDoS
1163010009 M * Bertl but it turned out to be a bug in their ircd
1163010013 M * Hollow heh
1163010026 M * Bertl well, happens, the oftc ircd is buggy too
1163010088 M * Bertl daniel_hozac: ping?
1163010091 M * daniel_hozac pong
1163010101 M * Bertl ah, that I call response time! :)
1163010105 M * daniel_hozac hehe.
1163010121 M * Bertl it seems 211 doesn't support dentry limits
1163010128 M * daniel_hozac indeed.
1163010140 M * Bertl so I wondered, wouldn't it be a good idea to have something similar than with the flags?
1163010143 M * daniel_hozac or well, they should be supported by number to vlimit, but not in the configuration.
1163010151 M * Bertl i.e. allow ^xx.hard limits?
1163010169 M * Bertl this way new limits could at least be configured
1163010175 M * daniel_hozac yeah.
1163010216 M * Bertl okay, please consider that a 212 feature request then :)
1163010260 M * daniel_hozac am i missing something, or are none of the VLIMITs supported?
1163010274 M * Bertl could be, haven't checked 
1163010283 Q * Ben81 Quit: Leaving
1163010296 M * Bertl ensc wasn't very fast in implementing new limits/flags
1163010319 M * Bertl (well, in the beginning he was, actually :)
1163010363 M * Hollow Bertl: off-topic question... are there archs beside x86 that use segmentation?
1163010392 M * Bertl you mean with segment registers?
1163010411 M * Hollow yep
1163010455 M * Bertl hmm, except for x86_64 nothing jumps into my mind
1163010481 M * Hollow so, other archs use linear adresses directly?
1163010531 M * Bertl well, most archs have at least 32bit registers
1163010551 M * Bertl and alost all archs support register indirect
1163010612 M * Hollow ok.. thanks so far.. maybe more questions later ;)
1163010614 M * Bertl actually parisc uses something similar, IIRC
1163010661 M * Bertl parisc 7xxx or so
1163010704 J * MihaLab ~mixa26578@gw.211.ru
1163010720 M * Bertl welcome MihaLab!
1163010727 M * MihaLab =|[::Bertl::]|=>hello!
1163010743 M * Bertl hmm, I do not read green on green :)
1163010767 M * MihaLab ))
1163010774 M * Bertl MihaLab: try to get rid of the mirC color codes :)
1163010809 M * MihaLab i will be try
1163010821 M * Bertl excellent! what's up?
1163010839 M * MihaLab sorry
1163010866 M * MihaLab i very bad know english
1163010884 M * Bertl we'll manage that! just tell me when you do not understand something
1163010930 M * MihaLab i am from Russia. and you?
1163010934 J * kerberos ~satan@85.138.138.172
1163010946 M * Bertl welcome kerberos!
1163010951 M * kerberos hello :)
1163010953 M * Bertl MihaLab: Austria
1163010969 J * bronson ~bronson@66.160.177.229
1163010978 M * MihaLab very good
1163011138 A * MihaLab WHO FROM RUSSIA?
1163011142 M * Hollow Bertl: so, if i got that right, Linux does not use the segmentation in x86?
1163011151 M * Bertl MihaLab: does it matter?
1163011201 M * MihaLab i am not understand you
1163011202 M * Bertl Hollow: not in the usual 'segment' way, it uses it for the TLB
1163011212 M * MihaLab please wait
1163011223 M * Bertl MihaLab: folks are from around the world ...
1163011245 M * MihaLab i am installing dictionary
1163011296 M * Hollow Bertl: but isn't the TLB only used by the paging unit?
1163011382 M * Bertl http://en.wikipedia.org/wiki/Memory_management_unit #x86)
1163011461 M * Hollow heh, well, i just read "Understanding the Linux Kernel" but it's memory sections confuse more then they help :)
1163011545 M * Bertl hehe, I'm sure Rik would be glad to take comments :)
1163012025 Q * Roey Ping timeout: 480 seconds
1163012711 J * Roey ~katz@h-69-3-4-130.mclnva23.covad.net
1163012783 P * h01ger need to find focus - see you & have fun!
1163014483 Q * eser Read error: Connection reset by peer
1163014667 J * Obi ~jgfuyafil@75.35.38.45
1163014701 P * Obi 
1163014995 P * togtog 
1163016027 J * Johnsie ~jdlewis@jdlewis.org
1163016057 Q * MihaLab Quit: *** ExCluSiVe Script v2 *** Cêà÷àòü ìîæíî çäåñü: *** http://www.intramail.ru/~t-tsylin/ ***
1163016155 M * Bertl hmm, I'd like to factor out the vserver includes once again, and break them down into vx_info (or nx_info) dereferences and vx_info unaware/opaque parts .. anybody interested in helping there?
1163016200 J * Johnno ~jdlewis@jdlewis.org
1163016208 M * Bertl wb Johnno!
1163016310 M * bonbons Bertl: isn't that similar to my break-out for IP stuff, just on header side?
1163016396 Q * Johnnie Ping timeout: 480 seconds
1163016569 Q * bronson Quit: Ex-Chat
1163016576 Q * Johnsie Ping timeout: 480 seconds
1163016634 M * Bertl yeah, somewhat like that
1163016651 M * Bertl thing is 2.6.19 brings a huge header cleanup
1163016669 M * Bertl and I'd like to make the vs_* headers self contained
1163016679 M * Bertl i.e. they should include all referenced stuff
1163016699 M * Bertl of course, I'd also like to avoid dragging in all vserver headers
1163016735 M * bonbons sounds logical to avoid risk of type clashes, especially with all new virtualisation that has been introduced!
1163016740 M * Bertl so the basic idea is to have a set of 'macros' and/or inlines which do not need to know about vx_info internals
1163016772 M * Bertl i.e. which requires 'struct vx_info;' at most
1163016799 M * Bertl and a second (similar named include file) which has the vx_info related stuff
1163016816 M * Bertl (for all the various include files)
1163016862 M * bonbons ok, will think about it an eventually help out in the network area
1163016882 J * bronson ~bronson@66.160.177.229
1163016883 M * Bertl okay, btw, did you get a glance at the first network stuff I uploaded?
1163016900 M * bonbons the lo-mapping?
1163016929 M * Bertl http://vserver.13thfloor.at/Experimental/patch-2.6.18.2-vs2.1.1.0.diff
1163016944 M * Bertl actually a misnomer, will change that to vs2.3.0 or so
1163017059 M * bonbons hmm, need to interdiff that one to get out what it includes... will check once my stomack is busy
1163017076 M * Bertl okay, np, get something to eat :)
1163017090 M * bonbons back later :)
1163017390 J * s0undt3ch_ ~s0undt3ch@bl9-228-246.dsl.telepac.pt
1163017576 Q * s0undt3ch Read error: Operation timed out
1163017576 N * s0undt3ch_ s0undt3ch
1163017626 Q * Johnno Ping timeout: 480 seconds
1163017729 J * Johnnie ~jdlewis@jdlewis.org
1163019333 J * dothebart ~willi@xdsl-213-196-253-233.netcologne.de
1163019337 M * dothebart hy.
1163019349 M * Bertl hey dothebart!
1163019355 M * dothebart hy bertl ;)
1163019373 M * dothebart i'm returning with questions ;-)
1163019382 M * Bertl k, shoot!
1163019422 M * dothebart is there another way to notice that one is in a vserver except from doing 
1163019424 M * dothebart  kill 1
1163019424 M * dothebart bash: kill: (1) - No such process
1163019427 M * dothebart ?
1163019441 M * dothebart from within a shellscript?
1163019445 M * Bertl that's not a good indication :)
1163019469 M * Bertl when you have an init running inside, that test will give false results
1163019469 M * dothebart well, but the one i'm facing right now...
1163019483 M * Bertl best to check /proc/self/status
1163019497 M * dothebart which would return?
1163019514 M * Bertl which should contain a VxID line inside a guest
1163019566 M * Bertl i.e. something like:
1163019574 M * Bertl grep VxID /proc/self/status
1163019619 M * dothebart hm, i don't have one in either a machine with or without vserver.
1163019632 M * dothebart or is mi vserver to old?
1163019646 M * Bertl well, a) could be an older version, and b) it can be disabled
1163019690 M * dothebart i've got an s_context
1163019692 M * Bertl try grep s_context /proc/self/status
1163019703 M * Bertl yeah, that means it is a legacy system
1163019726 M * dothebart is it there in newer ones too?
1163019745 M * Bertl nope
1163019757 M * Bertl they have the beforementioned VxID instead
1163019763 M * dothebart so if i want to detect it automatic, i should search both?
1163019826 M * Bertl yes, would be adviseable, something like egrep 's_context|VxID'
1163019841 M * dothebart ok, that'll help it.
1163019860 M * dothebart and, another topic.
1163019875 M * dothebart i've got a multithreaded webserver, that uses per thread locale.
1163019888 M * dothebart that won't work in my vserver for some reason.
1163019903 M * dothebart it's webcit, the citadel.org frontend.
1163019905 M * Bertl sounds interesting .. have you installed the locales?
1163019924 M * dothebart well, it speaks german to me ;-)
1163019936 M * dothebart instead of it's native english.
1163019973 M * dothebart but it should be selectable on the login prompt, but no effect on my vserver installation.
1163020001 M * Bertl well, what does 'locale -a' tell you?
1163020101 M * dothebart C POSIX de_DE.iso885915@euro de_DE.utf8 de_DE.utf8@euro de_DE@euro en_GB.utf8 en_US.utf8es_ES.utf8 it_IT.utf8 pl_PL.utf8
1163020134 M * Bertl so not that much, especially on iso885915 the only option seems to be de_DE
1163020164 M * Bertl I assume it works as expected elsewhere, right?
1163020170 M * dothebart yep.
1163020175 M * Bertl check the locales there too
1163020190 M * dothebart hm.... 
1163020193 M * Bertl (and if there is a difference, install the missing ones and retry)
1163020222 M * dothebart what should i do on a debian system to add another?
1163020235 M * dothebart there is an italian translation though.
1163020254 M * Bertl no idea, guess debian folks will know
1163020336 M * dothebart maybe localeconf?
1163020475 M * Bertl could be
1163021015 M * dothebart hm, generating all of them.
1163021407 M * dothebart hm, could this allso depend on the languages installed in the build system?
1163021591 M * Bertl on the host?
1163021611 M * dothebart yep, i compile it in a dedicated vserver...
1163021637 M * Bertl no, the host is not related, but the build vserver might make a difference
1163021654 M * Bertl if supported languages are checked at compile time
1163021665 M * dothebart hm, ok. i'll check that.
1163021684 M * dothebart it's dpkg-reconfigure locales btw.
1163021701 M * Bertl ah, good to know
1163021718 M * dothebart oh, the build one doesn't have that installed :(
1163021908 Q * meandtheshell Quit: Leaving.
1163022046 J * meandtheshell ~markus@85-124-37-155.dynamic.xdsl-line.inode.at
1163022441 J * Aiken ~james@tooax6-143.dialup.optusnet.com.au
1163022475 M * Bertl morning Aiken!
1163022485 M * Aiken hi
1163022745 P * stefani I'm Parting (the water)
1163023568 M * dothebart Bertl: now i've enabled all languages on the build and the run vserver.
1163023571 M * dothebart no change.
1163023655 M * Bertl did you try to run the _same_ app outside?
1163023660 M * dothebart i've got /usr/share/locale/it/LC_MESSAGES/webcit.mo 
1163023666 M * dothebart for example.
1163023745 M * dothebart OH!
1163023752 M * dothebart it was an environment setting!
1163023837 M * dothebart now my webcit speaks all kinf of foreign tongue.
1163023936 M * Bertl well, another of those 99% which are not really vserver related, np
1163023945 M * dothebart ;)
1163023956 M * dothebart thanks anyway. ;-)
1163023989 M * dothebart i think the vserver is just one of the cheapest ways, to get a plain unconfigured system...
1163024047 M * dothebart and to suffer from all the goodies you have on a configured system ;)
1163024317 M * Bertl yes, indeed
1163024962 J * rgl ~Rui@84.90.11.243
1163024966 M * rgl yelllooowww
1163024980 M * Bertl blue rgl!
1163024996 M * rgl hi Bertl :D
1163025007 M * rgl you use grsec Bertl ?
1163025014 M * Bertl nope
1163025071 M * rgl ah ok :D
1163025154 M * daniel_hozac rgl: why?
1163025154 Q * dna_ Quit: Verlassend
1163025173 M * rgl daniel_hozac, just curious :D
1163025187 M * rgl I'm not yet sure what is the role of grsec inside a guest
1163025199 M * daniel_hozac there is no "grsec inside a guest".
1163025208 M * daniel_hozac there's just grsec.
1163025271 M * rgl humm, how does it play with vserver?
1163025282 M * rgl its completly transversal?
1163025717 M * Bertl probably best to ask harry about that?
1163026014 Q * lilalinux Remote host closed the connection
1163026287 M * harry aha
1163026291 M * harry ask me!!!!!!! :)
1163026293 M * harry ask what? ;)
1163026324 M * harry ah... 
1163026346 M * harry grsec stuff... best is... imho, to disable proc security in grsec, because Bertl fixes that in vserver just fine :)
1163026384 M * harry furthermore... most things in grsec, like randomisation of network/pid/... etc... are working fine in guests
1163026404 M * harry other memory protection/sanitization etc... (pax stuff) works completely independent from vserver
1163026421 M * daniel_hozac Bertl: don't we want people using 2.0.2.2-rc6? or was the topic missed? :)
1163026460 M * harry Bertl: are you working on vserver patcches for 2.6.1-rcX9 too?
1163026463 M * harry Bertl: are you working on vserver patcches for 2.6.19-rcX9 too?
1163026476 P * marcfiu 
1163026478 M * bonbons Bertl: looks like a lot of reorganization in the networking area, from the part I look at it gives a positive impression :)
1163026647 M * Bertl bonbons: tx!
1163026669 M * Bertl harry: yep
1163026709 T * Bertl http://linux-vserver.org/ <- new and shiny | latest stable 2.02.1, exp 2.02.2-rc6, devel 2.1.1, 2.2.0-pre1, stable+grsec 2.0.2.1, devel+grsec 2.1.1 | util-vserver-0.30.211 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the iki, and we'll forget about the minute ;)
1163026731 M * daniel_hozac ok, i'll add it to the wiki too then.
1163026745 M * Bertl tx a lot!
1163026745 M * bonbons I guest the vserver/inet.c and header will need some more cleanup when putting their counterpart vserver/inet6.c into the game
1163026756 M * brcc w
1163026757 M * bonbons s/guest/guess/
1163026789 M * rgl harry, I see.  any more tips? :)
1163026791 M * daniel_hozac Bertl: and btw, i saw you mention 2.3.0, aren't these changes going into 2.2.0?
1163026793 M * Bertl yeah, I'm not sure yet what we should do first, adjust/fix the address store or add the ipv6 part
1163026906 M * bonbons hard to tell, probably it doesn't really matter which one comes first if we keep the other one in mind...
1163027030 M * bonbons the only major difference between IPv4 and IPv6 is the broadcast address which disappears, the rest is just minor difference in where things get done
1163027047 M * daniel_hozac how will the loopback stuff work with IPv6?
1163027055 M * daniel_hozac there is just one loopback address, right?
1163027137 M * bonbons daniel_hozac: should be similar to handle than the IPv4 loop-back: ::/64 for loopback, just need to patch the function that determines address type
1163027165 Q * mire Ping timeout: 480 seconds
1163027180 M * daniel_hozac is ::/64 guaranteed to be free? seems a bit odd to be changing that though.
1163027220 M * daniel_hozac what happened to the previous loopback patch, the one with per-guest 127.0.0.1s? did it have too much overhead/complexity compared to the new one?
1163027221 M * bonbons from the function that determines the address type it's free
1163027233 M * daniel_hozac i meant more in the IANA sense.
1163027245 M * daniel_hozac or whoever's in charge.
1163027294 M * bonbons Bertl changed his mind on that... the old one has the advantage of preparing for future vserver-tagging for netfilter...
1163027319 M * daniel_hozac hmm, shouldn't we already have what's required for that? the sockets are already tagged.
1163027332 M * daniel_hozac i guess, for inbound traffic, that's not sufficient though.
1163027387 M * daniel_hozac i did a quick hack patch to -m owner to support xids a while back.
1163027416 M * daniel_hozac (and nids)
1163027423 M * daniel_hozac but anyway, that's off-topic.
1163027438 Q * kerberos Remote host closed the connection
1163027526 M * bonbons not sure how the netfilter code handles packet analysis, would need a detailed check on that :)
1163027575 M * Bertl okay, back from phone
1163027609 M * Bertl for me, the 2.1.1 development ended (mostly) with 2.2.0 start
1163027638 M * Bertl we will do some rebasing of 2.1.1 in the near future
1163027647 M * Bertl and probably do a 2.1.2 release too
1163027658 M * daniel_hozac hmm, so this won't make it to 2.1.2 or 2.2.0?
1163027675 M * Bertl that really depends, the stuff will first go into 2.3.x
1163027688 M * Bertl I think we won#t make big 2.3.x releases
1163027691 M * daniel_hozac IMHO it's weird to start 2.3.x before 2.2.x has been released.
1163027703 M * Bertl i.e. 2.3.x wills tay experimental
1163027714 M * daniel_hozac forever? even after 2.2.x is out?
1163027715 J * mire ~mire@187-166-222-85.adsl.verat.net
1163027746 M * Bertl maybe, but at least until 2.2.x is out
1163027762 M * daniel_hozac so 2.1.x would still be devel then?
1163027769 M * Bertl yep
1163027778 M * harry rgl: on my site, there is a readme... read it ;)
1163027779 M * daniel_hozac that sounds really confusing :)
1163027781 A * harry off to bed now :)
1163027784 M * harry cya'll
1163027796 M * Bertl daniel_hozac: well, if you have better suggestions, go ahead
1163027810 M * Bertl the requirements from my side are:
1163027810 M * rgl harry, whats your site?
1163027824 M * Bertl - we have a stable branch (2.0.x)
1163027842 M * Bertl - we get a 'new' stable branch (2.2.x) based on current devel (2.1.x)
1163027855 M * Bertl - we have an experimental branch fro all the entworking stuff
1163027866 M * harry rgl: http://people.linux-vserver.org/~harry/
1163027877 M * Bertl   (2.3.x was the best I could come up with, without hijacking 2.1.x)
1163027881 M * rgl harry, thx! :)
1163027891 M * harry np
1163027892 A * harry off now
1163027897 M * harry i'll be back in about 8 hours ;)
1163027923 M * Bertl 2.2.x would get stuff fed from 2.1.x and 2.3.x for some time
1163027939 M * Bertl 2.1.x gets all the non network specific stuff
1163027993 M * bonbons would 2.3.x get the non-network stuff get "post"-ported from 2.1.x at some intervals?
1163028001 M * daniel_hozac hmm, IMHO it would seem more logical to do development (networking etc.) on 2.1.2, remove legacy cruft, release as 2.2.0, start 2.3.x.
1163028002 M * Bertl yep, sure
1163028040 M * Bertl daniel_hozac: problem is, I'm not sure that the networking changes are 2.2.x stuff
1163028057 M * Bertl daniel_hozac: especially as we are changing a lot of things
1163028071 J * dreamist ~dreamist@commonground.arialink.com
1163028072 M * daniel_hozac i suppose...
1163028073 M * Bertl i.e. I'd like to get the 2.2.x out as stable
1163028079 M * dreamist greetings :-)
1163028091 M * Bertl welcome dreamist!
1163028117 M * Bertl daniel_hozac: after some more testing, I think the 2.1.1 is pretty stable (removing the unused stuff there should not affect it)
1163028157 M * daniel_hozac i just think it would be a mistake not to have IPv6 in the next stable branch.
1163028161 M * Bertl an alternative would be (IMHO) to drop current 2.1.x compeltely and call that the new experimental tree
1163028173 M * dreamist is there a succinct description (or an up to date tool) of all the stuff that I need to snag to copy a vserver from one host to another?  My first guess is /etc/vservers/<vservername>, /vservers/<vservername>, and /vservers/.pkg/<vservername>
1163028186 M * daniel_hozac that should suffice.
1163028188 M * Bertl daniel_hozac: I'm not saying we won't put it in, depends on how it goes, I'd like to leave that option open
1163028199 M * daniel_hozac right.
1163028221 M * daniel_hozac but IMHO the networking changes are one of the biggest problems people have today.
1163028224 M * Bertl daniel_hozac: and I also want a clearly experimental branch right now
1163028254 M * daniel_hozac 2.e? :)
1163028261 M * Bertl if folks are really interested in ipv6 (and it seems so) we'll get a lot of testing the upcoming releases
1163028281 M * Bertl if that goes well, the ipv6 stuff will be in 2.2.x
1163028291 M * Bertl (maybe not 2.2.0, but at least 2.2.1 :)
1163028314 M * Bertl btw, I want to increase the release dates somewhat
1163028318 M * bonbons that would be described as back-merge of 2.3.x to 2.1.x ;)
1163028321 M * Bertl s/dates/interval
1163028322 M * daniel_hozac what would 2.2.x have over 2.0.x?
1163028332 M * daniel_hozac increase the interval? :)
1163028344 M * Bertl all the stuff devel has right now (and decrease :)
1163028355 M * daniel_hozac i agree we have to do releases more often though.
1163028358 M * Bertl i.e. increase the frequency 
1163028361 M * daniel_hozac right
1163028386 M * Bertl so something like a release every two month sounds okay to me (major release)
1163028406 M * daniel_hozac but what really special features does devel have? CoW, and...?
1163028423 M * dreamist Cow?
1163028437 M * daniel_hozac copy-on-write.
1163028451 M * daniel_hozac every two months sounds good indeed.
1163028466 M * Bertl daniel_hozac: 2.2.x will feature CoW,good FS support, Cap Masking and the loopback virtualization
1163028472 M * daniel_hozac ah right, the cap masking.
1163028480 M * daniel_hozac that is indeed a killer feature.
1163028498 M * Bertl maybe we can get rid of the __enter/leave too
1163028505 M * daniel_hozac loopback virtualization sounds good as well.
1163028528 M * Bertl ah, and probably the 16ip limit will be gone
1163028628 M * Bertl daniel_hozac: btw, we probably will need some new strategies and userspace changes for the nsproxy in 2.6.19
1163028641 M * daniel_hozac nsproxy?
1163028653 M * daniel_hozac i haven't read about that.
1163028657 M * Bertl i.e. it seems that I cannot provide the existing functionality in 2.6.19 without help/changes in userspace
1163028663 M * daniel_hozac (i should start following lkml, i know)
1163028669 M * daniel_hozac hmm, that sounds bad.
1163028678 M * Bertl np, I can get you up to date easily
1163028680 M * daniel_hozac but i guess that's workable.
1163028699 M * Bertl thing is, you know the namespace (which is a pointer per task)?
1163028706 M * daniel_hozac right.
1163028723 M * Bertl you also know that this namespace can be 'unshared' with clone() (or unshare)
1163028739 M * daniel_hozac yep.
1163028759 M * Bertl enter_namespace() switches that pointer to a recorded (set_namespace) one
1163028781 M * Bertl now the changes in 2.6.19 remove that namespace pointer
1163028801 M * Bertl instead, they introduce an intermediate structure
1163028813 M * Bertl calles nsproxy, which contains a bunch of those pointers
1163028827 M * daniel_hozac hmm?
1163028832 M * Bertl one of them being the old namespace
1163028864 M * daniel_hozac can you still access that somehow? what's the point of keeping it around?
1163028864 M * Bertl I can now easily do the 'switching' based on that nsproxy
1163028885 M * Bertl but I cannot simply 'change' the namespace in that proxy
1163028896 M * Bertl because it is shared between several tasks (possibly)
1163028910 M * daniel_hozac ok.
1163028913 M * Bertl so, the options are like this:
1163028934 M * Bertl - switch the entire nsproxy (easy from the kernel PoV)
1163028950 M * Bertl - duplicate the nsproxy on 'set'
1163028978 M * Bertl - duplicate the nsproxy on enter, and change the namespace
1163028982 M * daniel_hozac oh, the nsproxy includes the uts namespace and ipc namespace?
1163028996 M * Bertl yep, and more to come, like pid namespace
1163029012 M * daniel_hozac seems like the proper thing would be to have an nsproxy per guest then.
1163029042 M * Bertl yes, the bad news there is, you have no control over the nsproxy from userspace, as it is transparent
1163029058 M * daniel_hozac right, but we could make the old vserver functions control it, no?
1163029082 M * Bertl sure, I'm currently trying to figure what changes would be least intrsive
1163029087 M * Bertl *intrusive
1163029151 J * kerberos ~satan@85.138.138.52
1163029152 M * daniel_hozac the nsproxy seems to be rather similar to a vx_info, only transparent.
1163029188 M * Bertl again, yes and no, thing is everytime a process 'clones' or 'unshares' some stuff, a potential new nsproxy comes into play
1163029199 M * daniel_hozac ah, right...
1163029205 M * Bertl I don#t think they do nsproxy folding atm, but ut might be possible
1163029223 M * Bertl (so I would not even assume a tree like structure)
1163029295 M * daniel_hozac well, we want to set the namespaces to the guest's on enter anyway, so that makes sense to me.
1163029330 Q * rgl Read error: Connection reset by peer
1163029335 M * daniel_hozac however, i guess things will break if they're all switched at once, as opposed to the multiple calls we have now. (once pid spaces come along, and such)
1163029366 M * Bertl yes, my solution to this would be:
1163029386 M * Bertl - assume userspace unshares everything required per guest
1163029404 M * Bertl - create a copy of the nsproxy with set_nsproxy()
1163029423 M * Bertl - allow to enter each namespace individually 
1163029436 M * Bertl   (something like enter_space(vxi, space)
1163029462 M * Bertl probably with a space mask like clone/unshare
1163029486 M * daniel_hozac yeah, sounds sane.
1163029525 M * Bertl I will se if I can fit that into existing commands
1163029558 Q * bonbons Quit: Leaving
1163029572 M * Bertl maybe we can have the set/enter_namespace() as a special case of the more generic ones
1163029603 M * daniel_hozac yeah.
1163029666 M * Bertl yeah, I guess that should work ...
1163029683 M * Bertl nevertheless you should prepare for thesproxy stuff
1163029690 M * Bertl *the nsproxy
1163029710 M * Bertl especially we will need the proper clone/unshare calls
1163029711 M * daniel_hozac yeah, i'll add it to my list.
1163029756 M * Bertl another question which pops up is namespaces within other spaces
1163029771 M * Bertl i.e. we support 'adjusting' the utsnames at runtime
1163029786 M * Bertl we can still do that for the 'guest' nsproxy easily
1163029798 M * daniel_hozac ah, yes... but it won't propagate.
1163029812 M * daniel_hozac i guess that is sort of expected behaviour though, isn't it?
1163029825 Q * Piet_ Quit: Piet_
1163029849 M * Bertl yes, and I think it will turn out quite fine actually
1163029851 M * daniel_hozac i mean, if a process unshares the uts namespace, it won't ever notice if the box changes name, even on a regular system.
1163029865 M * Bertl yes
1163029891 M * daniel_hozac hopefully not too many things will do that though :)
1163029906 M * Bertl question is more, hould we/have we to add capabilities for that change too?
1163029911 M * Bertl *should
1163029924 M * Bertl (my typing sucks today :)
1163029926 M * daniel_hozac hmm?
1163029932 Q * micah Remote host closed the connection
1163029947 M * Bertl i.e. you can configure a normal kernel without UTS namespaces
1163029971 M * Bertl now, when we use that feature, and I think we will :), then we have to enable that unconditionally
1163029994 M * Bertl OTOH, we could also provide non-uts-namespace aware guests
1163030013 M * Bertl (by simply ignoring UTS unshares)
1163030060 Q * meandtheshell Quit: Leaving.
1163030067 J * micah ~micah@micah.riseup.net
1163030076 M * Bertl wb micah!
1163030090 M * micah thankyee kindly sir
1163030092 M * daniel_hozac i suppose so, but is there any point to doing so?
1163030125 M * Bertl daniel_hozac: only time can tell :)
1163030136 M * daniel_hozac i guess it wouldn't be hard to just add a context cap/flag for that.
1163030302 M * Bertl probably more like space mask, but yeah
1163030341 M * daniel_hozac well, i gotta get some sleep... we'll have to continue this tomorrow, good night!
1163030379 M * dreamist just a quick cheerleading comment -- vserver rocks guys, thanks for your hard work
1163030392 M * dreamist just migrated 12 servers to new hardware in 20 minutes ;-)