1164844848 M * Guy- Bertl: http://paste.linux-vserver.org/708
1164844875 M * Guy- Bertl: the interesting bits start at line 59, I think
1164844949 M * Bertl yep, probably gs is not saved over the kernel syscall
1164845026 M * Bertl in what code section is the %gs stuff?
1164845089 M * Guy- Bertl: see this channel 4 hours ago
1164845104 M * Guy- 0x080485ce <processFile+8>:     mov    %gs:0x14,%eax
1164845124 M * Bertl okay, process file is in util-vserver, right?
1164845152 M * Bertl do you have the relevant C code at hand?
1164845152 J * ruskie_ ~ruskie@84.20.228.4
1164845176 M * Guy- I guess
1164845180 M * Guy- a sec
1164845198 Q * ruskie Read error: Connection reset by peer
1164845201 M * Guy- yes
1164845205 M * Guy- it's line 150 of src/fstool.c
1164845242 Q * ruskie_ 
1164845255 J * ruskie ~ruskie@ruskie.user.oftc.net
1164845264 Q * prae Quit: Quitte
1164846151 J * matti_ matti@linux.gentoo.pl
1164846609 Q * matti Ping timeout: 480 seconds
1164846609 N * matti_ matti
1164847703 Q * micah Server closed connection
1164847704 J * micah ~micah@micah.riseup.net
1164849897 Q * nebuchadnezzar Server closed connection
1164849901 J * nebuchadnezzar ~nebu@zion.asgardr.info
1164849902 J * FireEgl FireEgl@Sebastian.Atlantica.US
1164850267 Q * besonen_ Server closed connection
1164850295 J * besonen_ ~besonen@dsl-db.pacinfo.com
1164850471 J * Zaki_ ~Zaki@88.213.57.69
1164850585 Q * sladen Server closed connection
1164850591 J * sladen paul@starsky.19inch.net
1164850706 M * micah Guy-: i got booted from the chan, as did the log bot, so I didn't see the result of what you and Bertl found... or maybe there hasn't been one yet?
1164850840 Q * Zaki Ping timeout: 480 seconds
1164851315 Q * nox Server closed connection
1164851326 J * nox ~nox@static.88-198-17-175.clients.your-server.de
1164851517 Q * duckx Quit: Client exiting
1164851859 M * hansi33 I have troubles with a vserver-load going high during night without any real load for the thrid night (same machine but diffrent guest).
1164851910 M * hansi33 other guest are running fine, but one guest can't be stopped or entered
1164851933 M * hardwire its something you did.. I am sure of it :)
1164851963 M * hardwire micah: whats the last thing you saw from either of them
1164851996 M * micah 17:06 < Guy-> it's line 150 of src/fstool.c
1164852007 M * hansi33 nothing i realy changed
1164852021 M * hansi33 what you mean "saw"
1164852241 M * micah hansi33: hardwire was asking me
1164852247 M * hansi33 i could enter the other guests, but not stop them. only could stop the services in the other guest one by line with /etc/init.d/... stop.
1164852266 M * hansi33 micah: sorry
1164852338 M * micah hansi33: no problem, I am sorry I dont know the answer to your question -- maybe install some monitoring software to get an idea?
1164852360 M * hardwire blah
1164852361 M * hardwire and
1164852362 M * hardwire 1/2
1164852368 M * hardwire I am so ready to just relax and go home
1164852402 M * micah hardwire: was there something after what I saw last?
1164852407 M * hansi33 i am monitoring /proc/virtual/ of all guest, but get no idea
1164852420 M * hardwire micah: thats what I am asking.. whats the last thing you saw :)
1164852434 M * hardwire oh
1164852434 M * micah hardwire: and I pasted it above :)
1164852437 M * hardwire haha
1164852438 M * hardwire nuhr
1164852439 M * hardwire no
1164852441 M * hardwire there was nothing
1164852461 M * hardwire heard of Coral CDN?
1164852682 Q * Borg- Server closed connection
1164852683 J * Borg- borg@cube.benet.uu3.net
1164852850 J * marcfiu ~mef@c-68-39-177-97.hsd1.nj.comcast.net
1164853259 Q * Hunger Server closed connection
1164853346 J * Hunger Hunger.hu@Hunger.hu
1164854379 M * doener hansi33: anything in dmesg? which kernel version is that?
1164854425 M * hansi33 Linux version 2.6.17.13-vs2.0.2.1
1164854494 M * hansi33 dmesg nothing special, I am using drbd, drbd-connection go down during the problems, but as a result
1164854578 M * doener does "vps aux" list any processes stuck in D state?
1164854605 M * hansi33 vps aux also does not work.
1164854622 M * doener "hangs"?
1164854632 M * hansi33 yes hangs
1164854744 M * doener hm, I had really expected an Oops to show up in such a situation
1164854761 M * doener daniel_hozac: do we have any known bugs like that in 2.0.2.1?
1164854795 M * hansi33 I have an additional info: there is a cronjob running on another guest which produces high load, but thats not the guest affected.
1164854990 M * doener Hm, doesn't trigger any memory of such a bug...
1164855072 M * doener Bertl: any clue?
1164855127 M * Bertl hmm, sec ...
1164855235 M * Bertl hansi33: you're sure the drbd issues are a result? how so?
1164855316 M * hansi33 the start some seconds later
1164855343 M * hansi33 Bertl: I mean: they start some seconds later
1164855435 M * Bertl hmm ... to me the overall description looks like so I/O system stalling
1164855480 M * doener Bertl: hm, I've not seen that with drdb, but with nfs server gone, at least ps keeps working, so I dropped that idea
1164855487 Q * rob-84x^ Server closed connection
1164855487 J * rob-84x^ rob@submarine.ath.cx
1164855510 M * Bertl yeah, the ps part seems odd
1164855514 M * hansi33 Bertl: the last two nights also the second drbd-machines got troubles, tonight only this machine
1164855525 M * Bertl but it could be a high number of processes
1164855550 M * hansi33 vserver-stat does not show high number of processes
1164855555 M * Bertl e.g. the following scenario could match, although I consider it unlikely:
1164855579 M * Bertl - monitoring on the host checks /proc/virtual and logs somewhere
1164855603 M * Bertl - system gets out of memory (probably lowmem) and/or starts trashing at some point
1164855627 M * Bertl - I/O load rises as the system is not designed for high volume pageouts
1164855644 M * Bertl - processes increase (monitoring or so)
1164855677 Q * vasko Server closed connection
1164855677 J * vasko ~vasko@unreal.rainside.sk
1164855677 A * vasko is gone. Gone since Wed Sep 20 15:44:00 2006
1164855681 M * Bertl - at the point where you try to get info, so many processes are there, that ps cannot transfer it
1164855765 M * Bertl - the swapping delays too
1164855797 M * hansi33 I have analyzed the cronjob of the user: it is probably a memory problem, because many apache-processes are started
1164855878 M * doener hm, php script executed via "/usr/bin/curl" instead of "/usr/bin/php"? ;) Some bad MySQL interaction on top of that you you get a first class memory hog ;)
1164855889 M * doener s/you you/and you/
1164855935 M * hansi33 the php-script is called via lynx -dump ....
1164855951 M * doener even better ;)
1164855966 Q * Schaka Ping timeout: 480 seconds
1164855993 M * hansi33 what do you meam with bad mysql interaction
1164856050 M * doener mod_php has some nice side-effect when dealing with large mysql result sets. The are by default completely stored client-side (ie. apache process), and the requested memory is never freed by apache.
1164856090 M * doener Also, the php memory limit does _not_ limit that memory.
1164856126 M * hansi33 very interesting!
1164856127 M * doener I've seen a server with ten 200MB RSS apache monsters
1164856153 M * doener a whopping 2GB of memory wasted for nothing
1164856204 M * hansi33 I have limited VM in the vserver
1164856270 M * hansi33 but this seems to have no effect for this.
1164856335 M * doener hm, VM being AS?
1164856373 M * hansi33 yes
1164856383 M * doener how big is that limit?
1164856430 M * hansi33 500000
1164856471 M * doener well, that's an address size of 2GB. 
1164856510 M * doener so at least those ten monsters would fit in ;)
1164856562 M * doener is RSS limited as well?
1164856573 M * hansi33 but this limit is not reached during the job! it stays at 135000
1164856634 M * doener hm, about 527MB AS... RSS is probably a lot less
1164856663 M * hansi33 RSS 15000
1164856704 M * hansi33 I started this job manually: the job works fine, but the load on the other guest goes up.
1164856713 M * doener just 60MB... should be easy to survive
1164856734 M * doener that probably means that the cronjob is heavily I/O-bound
1164856751 M * doener leading to increased IO-wait in the other guests as well
1164856792 M * doener up until .19 (or .18?) processes waiting for IO are accounted in load average just like processing burning cpu time
1164856802 M * hansi33 this is a searies of calculation which last 0.1 second each, and the the next lynx-line ist started.
1164856877 M * doener the forks probably increase the load average quite a bit as well. but that should not show up in the other guests
1164856881 M * hansi33 during the calculations the apaches on all guest are running ok, but ssh is very slow.
1164856905 M * doener that's weird (to me)...
1164856959 M * hansi33 i will do a test with stopped drbd now. one moment.
1164857009 M * hansi33 stopped i mean disconnect.
1164857114 M * hansi33 doesnt change anything.
1164857174 M * hansi33 one info is not ok i gave: the apache on other guest is not OK, it is also very slow.
1164857346 J * Miguelzinho ~miguel@201.53.243.177
1164857411 M * Bertl welcome Miguelzinho!
1164857437 M * Miguelzinho Bertl, Hi
1164857530 Q * FireEgl Quit: Bye...
1164858004 M * hansi33 doener: I have a solutiuon! I did insert a sleep 5 before every lynx ... line.
1164858401 M * hansi33 doener: do you have an idea, what limits to set, that this could not happen again?
1164858465 M * doener hansi33: not really... Bertl might though
1164858470 Q * sannes Server closed connection
1164858476 J * sannes ace@har.sagt.no
1164858835 M * hansi33 Bertl: did you follow my discussion with doener? do you have any idea what i could limit, that the problem does not occur again?
1164858873 M * doener the cronjob would probably love to get a make-over anyway ;)
1164858910 M * Bertl hansi33: not atm ... but you can basically limit everything :)
1164858993 M * hansi33 Bertl: ok, I will study my monitoring lists and try to find the value to limit.
1164859052 M * hansi33 doener: thanks! my first call tomorrow morning will be to the customer, who programmed the cron-job!
1164859325 M * Bertl okay, I'm off to bed now ... have a good one everyone!
1164859332 N * Bertl Bertl_zZ
1164860845 Q * Miguelzinho Quit: Leaving
1164861209 P * marcfiu 
1164862510 Q * mnemoc Server closed connection
1164862521 J * mnemoc ~amery@kilo105.server4you.de
1164862603 J * A-liyaoshi ~asdfas@220.248.100.66
1164862914 Q * morfoh Server closed connection
1164862933 J * morfoh ~morfoh@kilo105.server4you.de
1164863112 P * A-liyaoshi 
1164863177 Q * phedny Server closed connection
1164863184 J * phedny ~mark@phedny.vps.van-cuijk.nl
1164868519 Q * transacid Server closed connection
1164868529 J * transacid ~transacid@transacid.de
1164868544 J * bronson_ ~bronson@adsl-75-36-144-172.dsl.pltn13.sbcglobal.net
1164868653 Q * Adrinael Ping timeout: 480 seconds
1164870156 Q * thunder1 Quit: cubic
1164870411 Q * ex Server closed connection
1164870415 J * ex ~ex@valis.net.pl
1164870456 J * cdrx ~legoater@cap31-3-82-227-199-249.fbx.proxad.net
1164870961 J * DavidS ~david@chello062178045213.16.11.tuwien.teleweb.at
1164871522 Q * DavidS Quit: Leaving.
1164872853 J * daniel15 ~dansoftau@60-240-130-116.tpgi.com.au
1164873107 M * daniel15 The Linux-VServer Wiki is still getting spammed :(
1164873155 M * daniel15 http://linux-vserver.org/index.php?title=Wiki_Team&action=history :\
1164874105 M * harry wiiiiiii... 2.6.19!
1164875451 M * oo Is it possible to use iptables with vserver in any existing versions?
1164875506 M * daniel15 I don't think so
1164875529 M * daniel15 You can use IPTABLES on the host machine, but not in any of the guests
1164875557 M * daniel15 I think it's to do with how networking is implemented in Linux-VServer
1164875744 M * oo daniel15: ok. I was just curious if there was any changes to that by now :)
1164875950 J * Torsti76 tkurbad@gate.iwm-kmrc.de
1164877146 J * dna_ ~naucki@20-245-dsl.kielnet.net
1164877361 J * DavidS ~david@www.heureka.co.at
1164878697 J * brc_ ~bruce@201.19.175.199
1164878951 Q * TheSeer Server closed connection
1164878983 J * TheSeer ~theseer@border.office.salesemotion.net
1164879435 J * eGnarF ~bartek@bk.crystone.se
1164879449 M * eGnarF Hi! I have a vsched question...
1164879461 M * eGnarF I've read what I found on it but I'm still a bit confused...
1164879482 M * eGnarF What I want to do is to limit a guest so it NEVER EVER can use more than 10% CPU
1164879497 M * eGnarF How would I do that?
1164879524 M * eGnarF this is on a dual-proc machine
1164879549 M * eGnarF Would setting --fill-rate to 1 and --interval to 10 and activating the hard scheduler for the context do the trick?
1164879792 M * daniel15 Hmmm... I have no idea, I've never used vsched
1164879811 M * daniel15 Did you see http://oldwiki.linux-vserver.org/vsched+explained?
1164879821 Q * Aiken Quit: Leaving
1164879890 M * daniel15 (this IRC channel is quite quiet at the moment, I think everyone is asleep :P)
1164880106 J * Aiken ~james@tooax6-104.dialup.optusnet.com.au
1164880383 Q * trash Server closed connection
1164880618 M * eGnarF daniel15: yeah.. I saw that. That's where I got my theory =)
1164880879 J * prae ~Benjamin@host.187.57.23.62.rev.coltfrance.com
1164880936 Q * cohan Server closed connection
1164880943 J * cohan ~cohan@koniczek.de
1164881088 M * nox oo: it shouldn?t be 2 hard to make a webfrontend which allow vservers to set rules for their src|dst
1164881203 M * nox maybe thats already done, otherwise i guess a lot of people would like to have it
1164881776 M * renihs bah, i hate administrating solaris boxes
1164881896 M * Borg- ;)
1164881967 M * renihs starting an administration console (secure global desktop) takes, ...27 minutes
1164881995 M * renihs ups, wrong channel btw
1164882586 Q * bronson_ Ping timeout: 480 seconds
1164883255 M * Guy- micah: sorry, no result I'm aware of
1164883558 Q * DavidS Ping timeout: 480 seconds
1164883752 J * thunder1 ~thu@tor-irc.dnsbl.oftc.net
1164883767 Q * Vudu Server closed connection
1164883796 J * Vudumen ~vudumen@perverz.hu
1164885104 M * prae hmmm, context patch has been integrated into official linux kernel release ?!
1164885798 Q * Aiken Read error: Connection reset by peer
1164887124 M * trippeh What, no 2.6.19 patches yet? :P
1164887454 M * daniel15 Any reason to upgrade a kernel? I've been using the Debian '2.6.16-2-vserver-686' kernel for ages :P
1164887621 M * Guy- daniel15: um, like, secholes? I think there have been a few
1164887838 M * daniel15 Any serious security holes I should worry about? (All vservers on my server are mine, I use them for testing stuff. The only public access to this server is via Apache, and I'm the only user with an account to SSH in)
1164887855 M * daniel15 I probably don't need to worry about much, do I? :P
1164888012 Q * ensc Killed (NickServ (GHOST command used by ensc_))
1164888021 M * harry daniel15: don't know
1164888022 J * ensc ~irc-ensc@p54B4F66C.dip.t-dialin.net
1164888026 M * harry there are some DoS bugs fixed...
1164888084 M * harry and a root exploit
1164888117 M * harry i don't know if the prctl bug is fixed in your version tough...
1164888128 M * harry but in "vanilla" kernels, it's fixed in 2.6.17.5
1164888136 M * harry sry... 2.6.17.4
1164888721 Q * prae Ping timeout: 480 seconds
1164889073 Q * thunder1 Read error: Operation timed out
1164889211 J * thunder1 ~thu@tor-irc.dnsbl.oftc.net
1164889776 J * duckx ~Duck@tox.dyndns.org
1164891220 Q * Radiance Server closed connection
1164891232 J * Radiance 93138f1f09@halt.1984world.eu
1164891475 J * DavidS ~david@chello062178045213.16.11.tuwien.teleweb.at
1164891768 Q * daniel15 Ping timeout: 480 seconds
1164892683 J * kir ~kir@swsoft-mipt-nat.sw.ru
1164892876 Q * doener Ping timeout: 480 seconds
1164893103 J * doener ~doener@host.magicwars.de
1164893108 J * D4rkf|23 ~d3bi4n@adsl-ull-183-13.46-151.net24.it
1164893333 N * D4rkf|23 darkfire
1164893925 J * prae ~Benjamin@host.187.57.23.62.rev.coltfrance.com
1164894370 Q * Medivh Server closed connection
1164894390 J * Medivh ck@paradise.by.the.dashboardlight.de
1164894885 Q * kaner Server closed connection
1164894886 J * kaner kaner@strace.org
1164895128 Q * renihs Read error: Connection reset by peer
1164897684 J * dreamind ~dreamind@C2107.campino.wh.tu-darmstadt.de
1164897706 M * dreamind Hi folks :)
1164897771 M * daniel_hozac hello
1164897872 Q * pusling Server closed connection
1164897880 J * pusling pusling@195.215.29.124
1164897989 M * dreamind hi daniel_hozac :)
1164898617 J * Shufla ~shufla@aev134.internetdsl.tpnet.pl
1164898739 Q * cdrx Quit: Leaving
1164898754 J * |D4rkf|23| ~d3bi4n@adsl-ull-15-15.46-151.net24.it
1164898872 Q * |D4rkf|23| 
1164899066 Q * kir Quit: Leaving
1164899093 Q * darkfire Ping timeout: 480 seconds
1164899402 M * Shufla hello. on http://linux-vserver.org/VServer_Configuration I've found info about /etc/vservers/vserver-name/rlimits directory. Great. But what kind of values shall I put in here? Percent of total? some magic numbers? where could I get more info about that?
1164899423 M * daniel_hozac http://linux-vserver.org/Resource_Limits
1164899564 M * Shufla daniel_hozac: thanks :) Well, I've got to change my glassess as I see :)
1164899825 M * Hollow daniel_hozac: apropos.. in 0.30.212 all tools should be in sync with the wiki/kernel defines, right? i.e. caps, flags and limit ..
1164899839 M * daniel_hozac yep.
1164899843 M * daniel_hozac at least, AFAIK.
1164899850 M * Hollow good, gonna remove the extra tag then on the resource limit page
1164899859 M * Hollow if not, it's a bug :)
1164900023 M * Hollow IMO we need to make a better distinction in the wiki for the theory pages, and pages about configuration in user-space, especially with regard to vcd & friends ..
1164900082 M * Shufla huh. last question rlimits/cpu - how to know how many ms shall I give?
1164900099 M * daniel_hozac rlimits/cpu isn't implemented because it doesn't make sense.
1164900113 M * Shufla ok...so how to limit CPU usage for guest?
1164900123 M * Shufla and where it's written on wiki?
1164900133 M * Shufla (that it's not implemented?)
1164900143 M * daniel_hozac http://oldwiki.linux-vserver.org/Scheduler+Parameters
1164900172 M * daniel_hozac http://oldwiki.linux-vserver.org/vsched+explained
1164900193 M * daniel_hozac it says in the tag column.
1164900288 M * Shufla ok, thank you very much, bye bye
1164900289 Q * Shufla Quit: Ex-Chat
1164900289 Q * fosco Server closed connection
1164900292 J * fosco fosco@konoha.devnullteam.org
1164900382 A * Hollow sighs
1164900469 M * daniel_hozac Hollow: how about a util-vserver/ namespace for pages concerning that, and vcd/ vwrappers/ etc. for those, and just have the theory pages at the top-level?
1164900481 Q * DavidS Read error: No route to host
1164900527 M * Hollow daniel_hozac: yeah, i thought about something like that as well
1164900564 M * daniel_hozac would make it rather obvious.
1164900620 J * DavidS ~david@chello062178045213.16.11.tuwien.teleweb.at
1164900929 Q * mugwump_ Server closed connection
1164900932 J * mugwump ~samv@watts.utsl.gen.nz
1164901542 Q * dreamind Quit: dreamind
1164901665 Q * hansi33 Read error: Connection reset by peer
1164903274 J * yarihm ~yarihm@whitehead2.nine.ch
1164903308 Q * michal` Ping timeout: 480 seconds
1164903691 J * michal` ~michal@www.rsbac.org
1164904308 M * micah daniel_hozac: do you know why those bash variables in 'functions' are declared as read-only? I can't find any other way to solve that problem, but it doesn't seem a very clean way either
1164904556 M * daniel_hozac because they shouldn't be modified.
1164904573 M * daniel_hozac the scripts aren't really written to be sourced multiple times ;)
1164904860 M * jpachec morning everyone!
1164904875 M * jpachec 2.6.19 is out!
1164904973 Q * ntrs Server closed connection
1164904990 J * ntrs ~ntrs@68-188-55-120.dhcp.stls.mo.charter.com
1164905160 M * harry 09:08 < harry> wiiiiiii... 2.6.19!
1164905195 M * jpachec damn
1164905257 M * daniel_hozac 23:36 < doener> .19 is out :)
1164905269 M * jpachec bah
1164905284 M * jpachec 12 hours later
1164905286 M * jpachec not bad
1164905320 M * harry dammit, daniel_hozac ... you fast bastard!
1164905320 M * harry ;)
1164905325 M * daniel_hozac that was doener.
1164905341 M * micah daniel_hozac: yeah, so the solution is either to make them modifiable, or somehow force the removal of those variables in one's environment before sourcing the scripts. I just got another bug on this, so its annoying some people :)
1164905345 M * jpachec ack
1164905350 M * jpachec still no reiserfs 4
1164905351 M * jpachec :(
1164905362 M * daniel_hozac micah: i saw, but why don't you make the sourcing conditional instead?
1164905378 M * harry doener: you fast bastard!
1164905385 M * harry why cant i fucking read!?
1164905387 M * micah daniel_hozac: you mean in the bash_completion check to see if the variables are set already?
1164905391 M * jpachec i don't care if he killed his wife or not. i just want my fs
1164905395 M * daniel_hozac micah: right.
1164905396 M * jpachec ;)
1164905431 M * daniel_hozac micah: seems cleaner to me, at least.
1164905457 M * sid3windr jpachec: not 12 hours later, 18 hours later :p
1164905476 M * jpachec 12 for me
1164905486 M * jpachec its 11:30 am here
1164905493 M * daniel_hozac it's 17:51 here.
1164905498 M * sid3windr yeah, but doener said it 18 hours ago ;)
1164905506 M * jpachec 23:xx?
1164905508 M * jpachec that's 11pm
1164905521 M * sid3windr CEST yup
1164905528 M * daniel_hozac CET, actually.
1164905529 M * sid3windr CET even
1164905531 M * sid3windr heh
1164905531 M * harry GMT for president!!!!!!!
1164905536 M * sid3windr gotta drop the S these days ;)
1164905536 M * jpachec bah
1164905543 M * jpachec EST is the only time that matters
1164905610 M * harry not true... my good times is all that matters
1164905631 M * sid3windr =)
1164905693 M * jpachec gfs2 or ocfs2?
1164905714 M * daniel_hozac OCFS2 should be supported.
1164905741 M * jpachec which do you think is better
1164905762 M * daniel_hozac i don't have an opinion on either.
1164905770 M * jpachec ic
1164905782 M * daniel_hozac i just know that we added OCFS2 support a while back :)
1164905792 M * micah daniel_hozac: yeah you are right, for some reason I didn't even think that as a possibility
1164905824 M * micah the simpliest solution is sometimes the least obvious :)
1164905832 M * daniel_hozac hehe.
1164905847 M * micah if [ ! -n $_VS_NEWLINE -o $VS_ALLVSERVERS_ARGS ]; then .  "$UTIL_VSERVER_VARS"; . "$_LIB_FUNCTIONS" ; fi
1164905869 M * daniel_hozac -z == ! -n
1164905876 M * daniel_hozac and i guess you want quotes.
1164905894 M * daniel_hozac and an operator before VS_ALLVSERVERS_ARGS
1164905945 M * micah yeah, and I probably want to move the sourcing of the functions out of that if block
1164905969 M * daniel_hozac what?
1164906015 M * micah err, no thats not what I meant
1164906028 M * micah hey its 8am here
1164906039 A * micah hooks up caffeine drip
1164906079 M * daniel_hozac hehe.
1164906442 J * bonbons ~bonbons@83.222.39.117
1164906580 M * micah daniel_hozac: about to upload -5 with a handful of fixes, any others you think I should sneak in quick?
1164906610 M * daniel_hozac you got the non-sysv init fix, right?
1164906617 M * micah daniel_hozac: http://svn.debian.org/wsvn/pkg-vserver/util-vserver/trunk/debian/changelog?op=file&sc=1
1164906640 M * micah (thats the latest changelog), and yes got that fix
1164906651 M * daniel_hozac well, should be fine then.
1164906672 J * stefani ~stefani@tsipoor.banerian.org
1164906688 J * marcfiu ~mef@aegis.CS.Princeton.EDU
1164906697 M * marcfiu hello
1164906703 M * daniel_hozac hi
1164906722 M * daniel_hozac how's the backport working?
1164906731 M * marcfiu working fine... as far as I can tell.
1164906779 M * daniel_hozac sounds good.
1164906794 M * marcfiu Is there a tool that lets one easily compare and reason about two kernel config files.   Something beyond using "sort" and "diff"?
1164906810 M * micah daniel_hozac: hmm the initstyle fix gives me a weird error on starting a guest
1164906816 M * micah /usr/lib/util-vserver/vserver.functions: line 253:  : command not found
1164906823 M * micah maybe I pulled that wrong
1164906941 J * bronson_ ~bronson@adsl-75-36-144-172.dsl.pltn13.sbcglobal.net
1164906993 M * daniel_hozac you have a space too much there.
1164907015 M * daniel_hozac should be \<newline>, looks like it's \ <newline>
1164907016 N * Bertl_zZ Bertl
1164907020 M * Bertl morning folks!
1164907021 M * daniel_hozac morning Bertl!
1164907032 M * jpachec morning
1164907044 M * micah daniel_hozac: yeah, thats subtle
1164907054 M * Bertl hey daniel_hozac! tried (yesterday) to pin down the sparc/64 missing include ... but I didn't get it, any ideas?
1164907610 M * marcfiu hi bertl
1164907702 M * daniel_hozac Bertl: the fs/xfs/quota/xfs_qm_syscalls.c one?
1164907719 M * Bertl yep
1164907727 M * marcfiu sounds familiar
1164907745 M * marcfiu in my backported version I #include <vs_base.h>
1164907751 M * marcfiu in xfs_qm_syscalls.c
1164907761 M * Bertl okay, but why doesn't it show up on certain archs?
1164907764 M * marcfiu But I don't believe the patch I sent you nicluded that one.
1164907783 M * marcfiu Not enabled in the config file for certain archs?
1164907799 M * Bertl could be, haven't checked yet, what is the config option for that?
1164907817 M * daniel_hozac Bertl: could you please refresh my memory? i can't find the error.
1164907820 M * marcfiu Or, vs_base.h gets included indirectly from some other kernel include header (e.g., net/af_unix.h, etc.)?!
1164907907 M * marcfiu Btw., I've gotten annoyed with figuring out differences between kernel config file using tools like grep, sort, diff, etc.  So I whipped something together that does this comparison hopefully in a way that is better. It is available from http://www.cs.princeton.edu/~mef/vserver/kompare.  You run it with: ./kompare from.config to.config to compare two config files called from and to, respectively.
1164907969 M * Bertl daniel_hozac: I couldn't find it either but it was reported from somebody and it showed up in some cross compile report, but maybe I did check the wrong one ... redoing the report now on: http://plm.testing.osdl.org/patches/show/Linux-VServer-2.6.18.3-vs2.1.1.2.3
1164907977 M * goblin hi again :-)
1164908021 M * goblin can I modify routing table for vservers somehow?
1164908038 M * marcfiu I'd love some feedback on the kompare tool.
1164908041 M * goblin I'd like to have a virtual network, say 10.1.0.0/16, on dummy0 interface
1164908054 M * goblin and a real network, say 10.0.0.0/16 on eth0
1164908064 M * Bertl 'for' of course, 'from' not without allowing the guest to modifeverything
1164908067 M * goblin and I'd like the main context to do NAT for the dummy network
1164908088 M * Bertl and 'dummy' is not a good idea, because if that would be actually used, the packets will get discarded
1164908100 M * goblin hmm
1164908114 M * goblin yes, 'for', not 'from'
1164908129 M * goblin well, the problem I seem to have is that all vservers see the same route as the main context
1164908137 M * goblin what should I use instead of dummy then? lo?
1164908163 M * Bertl daniel_hozac: ah, I got that mixed up, the xfs one was reported, but didn't show up, the sparc one is TASK_INTERRUPTIBLE undefined in vs_context.h
1164908167 M * goblin (I don't get why would they be discarded)
1164908193 M * Bertl goblin: the sole purpose of 'dummy' interfaces is to discard traffic
1164908204 M * goblin oh.
1164908217 M * Bertl goblin: of course, if you just bind addresses to any device, but do not use them 
1164908223 M * goblin but it quite cheerfully works ;-) I was told before to use dummy rather than lo because lo is dodgy or something
1164908229 M * goblin not here, but by a friend
1164908231 M * Bertl then 'dummy' is fine for that purpose too
1164908269 M * Bertl for guest-guest (local) and guest-host traffic, the lo device will _always_ be used, regardless of the interface carrying the ip
1164908285 M * goblin well, 10.1.0.0/16 works quite well for me... only that issue that the actual packets go to eth anyway, because they see it in the routing table
1164908300 M * goblin hm.
1164908311 M * Bertl no, that is a misconception
1164908320 M * Bertl what actually is true is the following:
1164908320 M * goblin I see now
1164908330 M * Bertl - packets travel over lo (for local traffic)
1164908347 M * Bertl - addresses are advertized to the outside (because they are bound to ethX)
1164908355 M * Bertl solutions here can be:
1164908371 M * Bertl - use an unused interface to hold the addresses (like dummy0)
1164908385 M * Bertl - block advertizement with iptables 
1164908394 M * goblin hm
1164908400 M * Bertl - assign the addresses to lo, if they are _truly_ local
1164908425 M * goblin ok, let's say eth0 has an IP of 10.0.1.1
1164908434 M * goblin and uses 10.0.0.1 as a geteway to the internet
1164908469 M * goblin now, I have a vserver on a dummy interface, with IP of 10.1.0.23 assigned to the dummy interface
1164908481 M * goblin which works quite dodgy ;-)
1164908488 M * goblin so if I move the IP to the lo interface
1164908503 M * goblin will I be able to specify 10.0.1.1 as the gateway for the vserver?
1164908515 M * goblin and then do NATing on 10.0.1.1 to actual 10.0.0.1?
1164908526 M * goblin I want the vserver not to see 10.0.0.1 anywhere
1164908545 M * goblin so that the box appears to local network as only one IP
1164908600 M * goblin I'm not sure if I explained correctly... do you get any of this? ;-)
1164908837 M * daniel_hozac Bertl: hmm? looks like the same problem to me?
1164908897 M * daniel_hozac goblin: any particular reason iptables -t nat -A POSTROUTING -s 10.1.0.0/16 -j SNAT --to 10.0.1.1 wouldn't work?
1164908922 M * goblin daniel_hozac, at the moment (with the dummy interface), it works like that:
1164908953 M * goblin a packet leaves eth0 with source IP of 10.1.0.23 routed through 10.0.0.1 to the internet
1164908991 M * daniel_hozac and, wouldn't the above line fix that? i.e. replace 10.1.0.23 with 10.0.1.1?
1164908994 M * goblin then a ack packet comes back from 10.0.0.1 to 10.1.0.23 and arrives there quite cheerfully because 10.0.0.1 automagically thinks that 10.1.0.23 must have the same hardware address as 10.0.1.1
1164909013 M * goblin hm.
1164909088 M * Bertl and typically it has, unless you use reverse path filtering
1164909194 M * goblin daniel_hozac, should work
1164909207 M * goblin but I don't know how to set up the routing inside the vserver...
1164909217 M * goblin how will it know that 10.0.1.1 is the gateway?
1164909218 M * Bertl you do not do that
1164909226 M * daniel_hozac 10.0.1.1 isn't the gateway.
1164909235 M * daniel_hozac 10.0.0.1 is.
1164909242 M * Bertl goblin: if your host actually had two different gateways
1164909252 M * goblin hm
1164909255 M * goblin nonono
1164909265 M * goblin I thought I'd set up NATing on 10.0.1.1
1164909276 M * goblin so that 10.0.1.1 would be the gateway for 10.1.0.0/16
1164909292 M * goblin that's precisely what this SNAT rule does, isn't it?
1164909300 M * daniel_hozac 10.0.1.1 doesn't have to be the gateway for that.
1164909340 M * daniel_hozac networking happens on the host. guests are just restricted to a subset of the IP addresses.
1164909381 M * goblin yeah, I kind of noticed that
1164909414 M * goblin hmm
1164909468 M * goblin so basically, there is no way to set up a "virtual" routing inside a vserver, right?
1164909484 M * goblin they like use whatever the host does
1164909514 M * Bertl 'virtual' routing would require virtual network stacks (like in UML)
1164909522 M * Bertl which would add significant overhead
1164909528 M * hardwire and a virtual amount of lines of code
1164909541 M * goblin ok, I'm not saying it's requested or needed ;-)
1164909551 M * goblin I was just trying to sort of understand how it works
1164909561 M * goblin right.
1164909563 M * hardwire its the fanciest most secure Chroot system .. evar.. 
1164909580 M * goblin cool.
1164909580 M * Bertl nevertheless, if you want to have different gateways, then the advanced routing tables will allow for that too (on the host)
1164909608 M * goblin hm
1164909613 M * hardwire make a table that has "if source address poo.. route via crud"
1164909624 M * hardwire you just have to have your host on all the effective networks
1164909639 M * goblin Bertl, but a vserver will always see the whole host's routing table when someone types ip route ls, right?
1164909651 M * goblin mhm
1164909671 M * Bertl for now, yes :)
1164909681 M * hardwire anc-www-01:~# route
1164909681 M * hardwire Kernel IP routing table
1164909681 M * hardwire Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
1164909681 M * hardwire 209.112.165.0   *               255.255.255.0   U     0      0        0 *
1164909683 M * hardwire 192.168.50.0    *               255.255.255.0   U     0      0        0 eth0
1164909683 M * hardwire default         *               0.0.0.0         UG    0      0        0 *
1164909687 M * hardwire there is an example
1164909700 M * hardwire on a multi-niced host server.. from a vserver
1164909727 M * hardwire notice the *
1164909733 M * goblin hm, precisely
1164909739 M * goblin how did you get the *? ;-)
1164909751 M * hardwire anc-srv-01:~# route
1164909751 M * hardwire Kernel IP routing table
1164909751 M * hardwire Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
1164909751 M * hardwire 209.112.165.0   *               255.255.255.0   U     0      0        0 eth1
1164909753 M * hardwire 192.168.50.0    *               255.255.255.0   U     0      0        0 eth0
1164909753 M * hardwire default         209.112.165.129 0.0.0.0         UG    0      0        0 eth1
1164909755 M * Bertl goblin: that's part of the isolation
1164909756 M * hardwire thats from the host itself
1164909789 M * goblin $ /sbin/ip route ls
1164909789 M * goblin 10.0.0.0/16 dev if2  proto kernel  scope link  src 10.0.1.68
1164909789 M * goblin 10.1.0.0/16 dev dummy0  proto kernel  scope link  src 10.1.0.100
1164909790 M * goblin default via 10.0.0.1 dev if2
1164909799 M * goblin that's what I have ;-)
1164909832 M * hardwire afaik the appropriate eth will show up for the first appropriate network device that has an address matching the scope of the vservers IP
1164909845 M * hardwire and everything else is *
1164909921 M * hardwire Bertl: which brings to mind this question.. if I have interfaces/1 defined with 209.112.165.0 subnet attached to it.. do the * go away and it shows eth1 in the vserver routing table
1164909953 M * hardwire goblin: for what its worth vserver is great for dedicated servers that don't have to deal with network muck.
1164909977 M * hardwire like web servers/content delivery/testing/pseudo co-location services
1164909993 M * goblin mhm
1164910039 M * hardwire using it to route is painfull
1164910051 M * hardwire since it cannot add routes :)
1164910053 M * goblin I'm sort of using it more as a chroot extension, to basically hide my local network from people who have shells on one context
1164910081 M * hardwire goblin: I would do the inverse. or multiple vservers on one dummy host
1164910109 M * hardwire trap shells from multiple users in its own vserver.. run your own or use the host..
1164910127 M * hardwire otherwise shells on the main context if root access can just enter your context
1164910147 M * Bertl hardwire: if all 'required' addresses/interfaces are visible inside a guest, it will show the full information
1164910161 M * daniel_hozac goblin: your users would still be able to figure stuff out about your network.
1164910163 M * hardwire I misread what he wanted
1164910215 M * goblin daniel_hozac, oh well. I guess figuring stuff out isn't as important to security than being able to actually connect to one of those boxes :-}
1164910228 M * goblin and for that vserver is brilliant
1164910243 M * hardwire goblin: so it is your firewall/router as well as a box you want to have shells on?
1164910253 M * hardwire otherwise I would suggest just placing it into a DMZ itself.. 
1164910274 M * hardwire by it I mean the server you want to offer shell access on
1164910291 M * goblin no, it's not a router
1164910303 M * goblin router is in hardware, together with the modem
1164910323 M * goblin well, I thought of placing it into a DMZ, but there was one big reason against it
1164910337 M * hardwire can you remember?
1164910343 M * goblin I'm trying ;-)
1164910355 M * goblin ah, right.
1164910366 M * goblin simple -- physical topology
1164910366 M * hardwire I know.. you wanted to use a virtualization system that would solve you having to do that.. big reason :)
1164910401 M * hardwire if I were offering shell accounts I would slap everybody into a qemu with usernet networking and say "have fun losers"
1164910409 M * goblin I'd need to have another switch for the DMZ, basically
1164910425 M * hardwire you would?
1164910457 M * hardwire if your users can't modify the routing table.. or use pcap programs.. why would they ever know one nic had two subnets?
1164910468 Q * prae Quit: Quitte
1164910480 M * hardwire rather one physical network had two subnets
1164910487 M * jpachec question: how come vserver hasn't been added to mainline kernel?
1164910495 M * hardwire and your shell box is only part of one of them
1164910517 M * hardwire jpachec: because the idiots who program it don't send money to the OSDN
1164910523 M * hardwire :P
1164910532 M * goblin hardwire, OK, I'm lost now ;-)
1164910536 M * jpachec lol
1164910557 M * daniel_hozac jpachec: because there are multiple ways to do virtualization?
1164910567 M * hardwire goblin: if your router can assign multiple subnets to one interface it can route inbetween subnets
1164910585 M * hardwire so one machine has 192.168.1.1/24 and another has 192.168.2.1/24
1164910601 M * hardwire the router is 192.168.1.254 and 192.168.2.254 for one interface
1164910621 M * hardwire I guess the real question is.. what kind of router is this?
1164910628 M * goblin it can do it
1164910632 M * goblin it's speedtouch 716
1164910644 M * goblin but, what is the reason, basically?
1164910659 M * goblin I thought the idea of DMZ is that it is a physically separated zone
1164910683 M * goblin if it's separated only in software, then virtualization provided to me by vserver does the same job, basically.
1164910702 Q * maharaja Server closed connection
1164910705 J * maharaja maharaja@ip52.ipax.at
1164910748 M * goblin I assume that if someone is able to break out of vserver and modify the interface's IP addresses, there will be no DMZ for him, cause he will simple be able to access both 192.168.{1,2}.0
1164910838 M * goblin so to continue, there is no real reason why all the traffic between boxes on the local network to this server be routed via router, if simply switches can do it
1164910862 M * goblin one more trick, the switch is gigaether, whereas the router is only 100mbps
1164910883 M * goblin so I'd lose 900mbps on local network if I routed everything via the router
1164910887 M * goblin with no real gain
1164910892 Q * borgfish Server closed connection
1164910894 M * hardwire goblin: if you can't modify the different physical zones then they are different physical zones
1164910896 M * goblin unless I'm confusing something.
1164910938 M * goblin well, having two subnets assigned to one interface isn't two different physical zones...
1164910945 M * goblin it's one physical, and two software
1164910952 M * hardwire yup
1164910960 M * hardwire its a guise
1164910976 A * hardwire waves hand in front of goblin
1164910985 A * goblin waves back happily
1164910993 M * hardwire "they are different if nobody knows about it...  We are not the men you are looking for.. "
1164911004 M * goblin hehe
1164911011 M * hardwire ST's don't wave back
1164911015 M * hardwire :)
1164911039 M * goblin well, I did wave back. Your firewall may have dropped it, but I did.
1164911047 M * goblin [-;
1164911071 M * goblin what's ST, anyway? ;-)
1164911092 M * goblin Seagate Technology? Segment Table / Type? Shared Tree?
1164911104 M * hardwire Storm Trooper
1164911106 M * goblin or maybe The {country code} for Sao Tome and Principe?
1164911107 M * hardwire :P
1164911123 M * goblin oh, right ;-)
1164911139 M * goblin oh, I'm not one of them
1164911143 M * hardwire I have no idea why I am fielding questions.
1164911144 M * goblin you're confusing the worlds ;-)
1164911180 M * hardwire but from your user standpoint if they don't have access to change IP's on the vserver.. which they don't.. and libpcap would be useless from inside a vserver.. which it is.. 
1164911191 M * hardwire you can DMZ based off of those ideas.. 
1164911202 M * goblin that's effectively what I'm doing
1164911203 M * hardwire I can draw you a diagram stating how silly this is.
1164911213 M * hardwire and its effective too :)
1164911219 M * goblin it's like a virtual DMZ on the server itself
1164911225 M * goblin doesn't have anything to do with the router
1164911237 M * hardwire and it makes moving vservers a bit easier too
1164911262 M * hardwire yeh.. if you have a virtualization system like uml/qemu/etc.. that has its own nic.. you can do all sorts of things
1164911273 M * hardwire mut if you want to use vserver.. you need to think tricky
1164911278 M * hardwire you need to be in your prime
1164911292 M * goblin heheh
1164911296 M * goblin that's what I'm trying to learn
1164911308 M * goblin it's not like it's a mission critical production server
1164911314 M * goblin it's just a toybox of mine [-;
1164911314 M * hardwire did you know today is National Methamphetamine Awareness Day?
1164911323 M * goblin oh really?
1164911332 M * hardwire I just checked my office
1164911333 M * hardwire its clean
1164911335 J * kevinp ~kevinp@ny.webpipe.net
1164911337 M * goblin lol [-;
1164911370 M * kevinp successful testme from vs2.1.1.2 --> http://paste.linux-vserver.org/709
1164911376 Q * Greek0_ Server closed connection
1164911385 M * goblin hardwire, unlucky there, you'll have to go to a dealer
1164911390 J * Greek0 ~greek0@85.255.145.201
1164911404 M * daniel_hozac kevinp: you may want 2.1.1.2.3 if you want a working hard CPU scheduler, and RSS limits ;)
1164911421 M * hardwire you a brit?
1164911422 M * kevinp oh, man! I can't keep up! :)
1164911428 M * daniel_hozac (the hard CPU scheduler works in some configurations on 2.1.1.2 though)
1164911460 M * hardwire daniel_hozac: whats RSS?
1164911462 M * goblin who? me?
1164911470 M * hardwire goblin: yeh
1164911474 M * daniel_hozac resident set size.
1164911477 M * goblin nah, I only live here
1164911502 M * hardwire ah.. so ti was a good guess
1164911507 M * hardwire ti/it
1164911511 M * goblin guess?
1164911521 M * goblin doesn't my IP give it all up?
1164911550 J * lilalinux ~plasma@dslb-084-058-214-064.pools.arcor-ip.net
1164911565 M * hardwire daniel_hozac: so its primary function is to limit a vservers memory usage and push overages to swap?
1164911572 M * daniel_hozac no.
1164911574 M * hardwire or is it to limit all processes
1164911586 M * kevinp another sucess (different box) --> http://paste.linux-vserver.org/710
1164911586 M * daniel_hozac it limits the amount of RAM that can be consumed by a guest.
1164911599 M * daniel_hozac once the limit is reached, allocations return ENOMEM and OOM might strike.
1164911599 M * hardwire I think I tried to say that
1164911601 M * goblin hardwire, you must be american then [-;
1164911606 M * hardwire goblin: terribly.
1164911619 M * goblin oh bugger.
1164911626 M * hardwire daniel_hozac: ah.. hmm.. 
1164911628 M * goblin well, yeah, with hosting so cheap in states nowadays...
1164911635 M * hardwire daniel_hozac: so a hard limit on all memory.
1164911650 M * hardwire not just if it goes over a few hundred megs start prioritizing to swap on the host.
1164911658 M * goblin sounds like a cool feature
1164911679 M * hardwire goblin: its cheap?
1164911687 M * kevinp daniel_hozac, I forget I looked into that once, is the memory virtualized yet, so top and other commands would only see the 256 MB available or whatever?
1164911688 M * hardwire I can't afford hosting at all
1164911700 M * daniel_hozac kevinp: yes, if you use the virt_mem flag.
1164911706 M * hardwire thats spiffy
1164911706 M * kevinp excellent
1164911721 M * goblin hardwire, I've heard a friend of mine has a dedicated server she's paying something like $40/month for...
1164911737 M * hardwire she is screwing somebody important then
1164911744 M * goblin doesn't seem much to me for a box with managed hardware
1164911749 M * goblin no
1164911765 M * hardwire dedicated server for $40/mo is just sweet
1164911773 M * hardwire you may have to find out where
1164911782 M * goblin I'll give you a link tom...
1164911788 M * goblin oh fuck, she's not in till tuesday
1164911794 M * goblin I don't remember where it is
1164911804 M * goblin if I remember, I'll tell you on Tuesday (or if you remind me)
1164911805 A * hardwire is currently attempting to rewrite webapps to use contend distribution networks like Coral CDN
1164911820 M * hardwire content
1164911846 M * hardwire and hosting my stuff at home
1164911867 M * hardwire that way I save massive amounts of bandwidth on my per/month gig limit
1164912050 Q * blizz Server closed connection
1164912051 J * blizz ~blizz@evilhackerdu.de
1164912082 M * goblin can't seem to find it now
1164912088 M * hardwire no worries
1164912091 M * goblin remind me on tuesday, I'll tell you
1164912095 M * hardwire I can't afford $40/mo anyways
1164912099 M * hardwire I would like to
1164912110 M * hardwire maybe if I get more site hits once I am finished adsense can help subsidize it
1164912158 M * goblin anyway, where are you from then? :-)
1164912241 M * hardwire US
1164912243 M * hardwire I live in Alaska
1164912263 M * goblin why did you say 'terribly' then? ;-)
1164912281 M * hardwire because I am terribly american
1164912283 M * hardwire :)
1164912285 M * goblin right ;-)
1164912289 M * goblin heheh
1164912296 M * goblin I thought my guess was terrible. ;-)
1164912527 M * jpachec alaska?
1164912529 M * jpachec damn
1164912583 M * goblin it's the most-east, most-west and most-north located state, apparently.
1164912620 M * goblin so... it's gotta be somewhere around 6am there now!
1164912646 M * goblin damn, I would be so asleep at this time of the day.. ;-)
1164912678 Q * virtuoso Server closed connection
1164912692 J * virtuoso ~s0t0na@shisha.spb.ru
1164912740 M * goblin oh, it's not that bad.
1164912748 M * goblin 10am is survivable.
1164912758 M * goblin anyway, I'm off, see you guys later :-)
1164912782 M * jpachec oooo
1164912795 M * jpachec new kernel menuconfig has nice colors
1164912814 M * jpachec well
1164912820 M * jpachec they use blue instead of yellow
1164912864 M * Bertl hmm, not sure that is really nice ... it's hard to read on gray IMHO
1164912894 Q * ntrs Remote host closed the connection
1164912977 Q * ruskie Quit: Caught sigterm, terminating...
1164913331 Q * Torsti76 Quit: Download Gaim: http://gaim.sourceforge.net/
1164913354 J * ruskie ~ruskie@ruskie.user.oftc.net
1164913475 Q * yarihm Ping timeout: 480 seconds
1164914717 J * ntrs ~ntrs@68-188-55-120.dhcp.stls.mo.charter.com
1164917756 J * RichyF ~RIchy@82-32-120-219.cable.ubr04.hawk.blueyonder.co.uk
1164917893 M * Bertl welcome RichyF
1164918014 M * RichyF :) hi Bertl
1164918028 Q * lilalinux Remote host closed the connection
1164918302 J * kerberos ~satan@85.138.138.52
1164918424 M * Bertl http://vserver.13thfloor.at/Experimental/patch-2.6.19-vs2.1.x-t1.diff
1164918427 M * Bertl (for testing)
1164918453 Q * cehteh Server closed connection
1164918470 J * cehteh ~ct@pipapo.org
1164918869 M * mnemoc how harmful was 2.6.19 to vservER?
1164918967 M * Bertl well, the 2.6.19 branch is _very_ different :)
1164918977 M * Bertl and so is the vserver patch there :)
1164919065 M * mnemoc would have git help you? or hand patching still the better choice?
1164919122 M * waldi hmm
1164919151 M * waldi # grep srv/chr fstab   
1164919151 M * waldi /dev/vg0_wavehammer/devel_srv_chroot    /srv/chroot             auto    dev             0 0
1164919159 M * Bertl mnemoc: it largely was a rewrite of certain things ...
1164919159 M * waldi # vnamespace -e 3 cat /proc/mounts | grep chroot
1164919159 M * waldi /dev/vg0_wavehammer/devel_srv_chroot /srv/vserver/devel/srv/chroot xfs rw,nodev 0 0
1164919197 M * mnemoc Bertl: oh
1164919198 M * Bertl waldi: okay, and?
1164919214 M * waldi Bertl: i specified dev and it is overwriten with nodev
1164919234 M * Guy- I'm reading http://oldwiki.linux-vserver.org/Proc-Security; context 0 is the host, and context 1 is a special 'spectator' vserver?
1164919342 M * daniel_hozac waldi: which util-vserver version?
1164919357 M * waldi 0.30.211(-4)
1164919359 M * daniel_hozac waldi: you didn't mount it from inside the guest, right?
1164919371 M * waldi no
1164919396 M * waldi this was the fstab in /etc/vserver/$name/
1164919420 M * daniel_hozac Guy-: not a special vserver, just a special xid.
1164919436 M * daniel_hozac waldi: hmm, i thought this was supposed to work...
1164919443 M * waldi daniel_hozac: i also
1164919453 M * waldi and it worked before
1164919503 M * waldi anyway, have to check that later
1164919506 Q * bronson_ Ping timeout: 480 seconds
1164919589 M * Guy- daniel_hozac: but a vserver has only one xid, right?
1164919599 M * Guy- daniel_hozac: so the vserver that has the xid of 1 becomes special?
1164919609 M * daniel_hozac Guy-: you can't have a guest with an xid of 1.
1164919627 M * Guy- daniel_hozac: OK, I think I'm missing something here, what should I read? :)
1164919672 M * Bertl Guy-: two xid numbers are special xid=0 and xid=1
1164919689 M * Bertl they do not represent a context, they are reserved for the system
1164919702 M * Bertl 0 represents the host system, while 1 is the so called spectator context
1164919720 M * Guy- Bertl: I gathered that much, but now I'm unclear on the distinction between 'vserver' and 'guest' and what a xid identifies
1164919760 M * Guy- I thought every vserver had a xid, and the one where xid=1 would be the spectator
1164919774 M * Guy- and the 'outside', the host itself, has xid=0
1164919789 M * daniel_hozac waldi: if you figure out what's causing it, please let me know... i don't see anything.
1164919794 M * Bertl every context has an xid, but not every xid maps to a context
1164919806 M * Guy- ah
1164919826 M * Guy- so how do I use the spectator xid, if it doesn't map to a context?
1164919830 M * Bertl 'vservers' are called 'guests' and they have to have an unique xid
1164919853 M * Bertl you use the same interface as for 'normal' contexts
1164919864 M * Bertl i.e. you 'enter' that context and that's it
1164919868 M * Bertl simple example:
1164919875 M * Bertl chcontext --xid 1 -- ps auxwww
1164919899 M * Guy- OK, so the idea is to not clutter the output of ps in xid0?
1164919914 M * Bertl precisely
1164919921 M * Guy- (btw, the answers you give me aren't wasted, I'm writing a hungarian vserver howto :)
1164919948 M * Bertl excellent! maybe an english version too? maybe some cleanups/extensions on the wiki :)
1164919973 M * Guy- well, mine is going on _a_ wiki, anyway :)
1164920000 M * Guy- I'm not far enough down the road yet to presume to clean up anything on the official site
1164920028 M * Bertl well, if you write a howto, you'll end up there sooner or later, I hope :)
1164920036 M * Guy- so do I
1164920044 M * daniel_hozac any reason you can't just put it on linux-vserver.org?
1164920056 M * Guy- daniel_hozac: no, you can have it if you like
1164920094 M * Guy- daniel_hozac: but in its current form it's more like a presentation; I'm doing a course on unix/linux administration and I thought I'd devote one of the lectures to vserver
1164920114 M * Guy- daniel_hozac: but the page should be easy to copy to your wiki because I also use mediawiki
1164920186 M * Guy- the point I'm trying to make is that the first version isn't going to be very useful without spoken explanations (which I intend to provide during tomorrow's lecture, obviously)
1164920222 M * Guy- but I encourage the students to fill in the gaps, so there is hope
1164920261 Q * trippeh Server closed connection
1164920278 J * trippeh atomt@x.vx.no
1164920438 Q * michal` Ping timeout: 480 seconds
1164920467 M * Guy- is setattr documented somewhere? it has no manpage
1164920480 M * daniel_hozac most of the utils have rather descriptive --help texts.
1164920511 M * daniel_hozac (and don't trust the manpages. they're 3 years old)
1164920559 M * Bertl would be a good idea to update them, any volunteers?
1164920582 M * Guy- setattr --help
1164920582 M * Guy- Usage:  setattr [-Rx] [--[~](iunlink|admin|watch|hide|barrier|iunlink-but-not-immutable)]* [--] <file>+
1164920590 M * Guy- this isn't very helpful
1164920597 M * daniel_hozac how come? :)
1164920608 M * Guy- also, the initscript uses --!hide, which doesn't appear in --help
1164920619 M * Guy- I assume it means the same as --~hide?
1164920620 M * daniel_hozac ~ and ! are equivalent.
1164920625 M * Guy- 'k
1164920635 M * Guy- I know about admin, watch and hide
1164920646 M * Bertl ! is kind of problematic bash
1164920654 M * Guy- what's the deal with iunlink and iunlink-but-not-immutable?
1164920663 M * Guy- I think I know what barrier does
1164920733 J * michal` ~michal@www.rsbac.org
1164920755 M * daniel_hozac iunlink sets the immutable and inverted unlink attributes.
1164920812 Q * k3mper Server closed connection
1164920813 J * k3mper ~maio@mail.progamers.cz
1164920825 M * Guy- inverted unlink?
1164920847 M * Guy- also, these are in the vfs layer, right? they are not written to disk?
1164920850 M * daniel_hozac lets you unlink the immutable files.
1164920857 M * daniel_hozac they are.
1164920872 M * matti :)
1164920886 M * daniel_hozac they are implemented as extensions to the chattr attributes.
1164920908 M * Guy- daniel_hozac: and are they supported on all filesystems?
1164920917 M * daniel_hozac a lot of them, at least.
1164920991 M * Guy- you can only use hide, watch and admin on /proc though, right?
1164921004 M * daniel_hozac yes, and only on proc.
1164921015 J * Aiken ~james@tooax6-239.dialup.optusnet.com.au
1164921070 M * Guy- how is iunlink useful?
1164921081 M * daniel_hozac it's used for unification/hashification.
1164921089 M * Guy- and especially, how is iunlink-but-not-immutable useful?
1164921093 M * daniel_hozac http://linux-vserver.org/Paper#Unification
1164921102 M * Guy- I know what hashification is
1164921110 M * Guy- (at least I think so)
1164921140 M * Guy- OK, reading
1164921161 M * daniel_hozac iunlink-but-not-immutable sets only the iunlink attribute, while iunlink sets immutable as well.
1164921228 M * Guy- why does it make sense to explicitly allow unlinking when the file isn't immutable in the first place?
1164921248 M * daniel_hozac it's inverted unlink, so it would actually disallow unlinking it.
1164921278 M * Bertl it's there for completeness of features, it's not really used
1164921331 M * daniel_hozac it also lets you unset the iunlink attribute while keeping the immutable.
1164921384 M * Guy- OK, so if a file has +iunlink-but-not-immutable, it can't be unlinked but it can be modified?
1164921402 M * daniel_hozac that's the idea.
1164921453 M * Guy- and if it is iunlink, it can't be modified either because it's immutable too
1164921474 M * Guy- so what was that about 'lets you unlink the immutable files'?
1164921521 M * daniel_hozac it does lets you unlink immutable files.
1164921537 M * Guy- I'm confused :)
1164921563 M * Guy- immutable prevents unlinking. iunlink also prevents unlinking. no?
1164921571 M * daniel_hozac no.
1164921574 M * daniel_hozac iunlink 
1164921583 M * daniel_hozac inverts the unlink behaviour.
1164921594 M * daniel_hozac so for immutable files, where it's disallowed, it's allowed.
1164921603 M * Guy- ah, OK, now I get it
1164921603 M * daniel_hozac for regular files, where it's allowed, it's disallowed.
1164921608 M * Guy- thanks
1164921798 M * Guy- barrier is only useful to prevent escaping from a chroot, and you need to set it on the directory just above the chroot, correct?
1164921833 M * daniel_hozac right.
1164921857 M * Guy- does it prevent all known chroot escaping attacks?
1164921890 M * daniel_hozac of course.
1164921903 M * daniel_hozac what good would a guest be if you could easily escape?
1164921954 M * jpachec i had trouble cd'ing to a directory that had the barrier turned on
1164921960 M * jpachec is that normal?
1164921961 M * Guy- what I meant was, is setting the barrier flag sufficient to prevent chroot escaping attacks, or must the chrooted process also have a different xid?
1164921976 M * daniel_hozac jpachec: yes, that's the point.
1164922009 M * jpachec if i can't cd (as root) then how am i suppost to get inside my vservers?
1164922022 M * daniel_hozac root on the host can access it.
1164922025 M * daniel_hozac but that's it.
1164922033 M * jpachec ahh
1164922040 M * jpachec i'll have to revisit that
1164922077 M * Guy- daniel_hozac: so, assuming I run a service chrooted inside a vserver, and set barrier on the parent directory of the chroot, will this prevent the chrooted service from escaping the chroot? and how about if all of this takes place in xid0?
1164922103 M * daniel_hozac yes.
1164922119 M * daniel_hozac if you're running it on the host, gaining root access would be sufficient to break out.
1164922180 M * Guy- OK, thanks
1164922199 J * ehazlett ~ehazlett@adsl-68-249-103-255.dsl.ipltin.ameritech.net
1164922218 M * Bertl welcome ehazlett!
1164922248 M * ehazlett greetings all...!  i was looking around and couldn't find a definite answer...  can you specify a mac address for a vserver nic?
1164922271 M * daniel_hozac what's a "vserver nic"?
1164922285 M * ehazlett a virtual server network card 
1164922407 M * daniel_hozac well, there's no such thing.
1164922418 M * Bertl so the answer is no :)
1164922435 M * Guy- it could also be yes :)
1164922457 J * prae ~Benjamin@foxhound.sherpadown.net
1164922472 M * Guy- ehazlett: but I guess it might be possible to use ebtables to get a vserver to appear to have a different MAC
1164922492 M * Guy- at least if it's possible to match packets by xid...
1164922519 Q * Snow-Man Server closed connection
1164922520 J * Snow-Man ~sfrost@kenobi.snowman.net
1164922520 M * Guy- oh, I'm stupid
1164922525 M * Guy- you could match by source IP
1164922536 M * Guy- and then rewrite the MAC on outgoing packets
1164922542 M * Guy- be sure to also do this for ARP
1164922554 M * Bertl more than one mac requires interfaces to be run in promisc mode
1164922568 M * Guy- true
1164922569 M * ehazlett thanks
1164922575 M * Bertl that also adds significant overhead as packets have to be filtered by software
1164922585 M * ehazlett yeah thats what ive read...
1164922597 M * Guy- the overhead depends on the amount of traffic though
1164922611 M * Guy- if it's a switched LAN, it's not an issue
1164922624 M * ehazlett what about the number of vservers?
1164922629 M * Guy- because you only get the packets that concern you anyway
1164922646 M * ehazlett that's true
1164922677 M * Guy- ehazlett: I don't think that matters much either, other than that ebtables needs to examine more rules for outgoing packets
1164922695 M * Guy- for incoming packets, you don't need to rewrite the MAC because the destination IP matches and you're in promisc mode
1164922699 M * Guy- so you get them anyway
1164922720 M * Guy- (at least I imagine this should work)
1164922726 M * ehazlett cool... thanks
1164922734 M * Guy- you're welcome
1164922741 M * Guy- be sure to come back and tell us if it worked
1164922769 M * ehazlett roger that...!  thanks guys...
1164922792 Q * ehazlett Quit: Leaving
1164922936 Q * ag- Server closed connection
1164922948 J * ag- ~ag@caladan.roxor.cx
1164922992 J * yarihm ~yarihm@84-75-123-221.dclient.hispeed.ch
1164923161 M * Guy- CONFIG_INOXID_X seems to be gone?
1164923181 M * Bertl it is named differently in devel
1164923221 M * Guy- CONFIG_PROPAGATE?
1164923278 M * Bertl for tag propagation, not really _that_ useful atm
1164923292 M * Guy- ah, no, I meant whether this was the new name
1164923298 M * matti Bertl: :)))))))
1164923432 M * Bertl CONFIG_TAGGING_*
1164923441 M * Bertl hey matti!
1164923447 M * matti How are you?
1164923573 M * Bertl fine thanks, and you?
1164923607 M * matti Same, thanks :)
1164923684 M * Guy- inode tagging is only useful/needed for disk quotas, right?
1164923765 M * Bertl disk limits and disk quotas
1164923783 M * Bertl (and if you like to have security on shared partitions)
1164923912 M * Guy- what's the difference between a disk limit and a disk quota?
1164923931 M * Guy- (a documentation pointer is fine, I'm literate :)
1164924023 M * Guy- do I need iunlink if I have CONFIG_VSERVER_COWBL?
1164924041 P * marcfiu 
1164924075 M * Guy- based on the help text, it would seem that CONFIG_VSERVER_COWBL takes care of breaking cross-xid links on modification (or is it all links, not just cross-xid?)
1164924196 M * Bertl links typically belong to the host context (those used for unification)
1164924214 M * Bertl and yes, that's the copy on write feature for those kind of links
1164924268 M * Guy- but isn't that also what iunlink can be used for?
1164924359 M * daniel_hozac iunlink needs to be set for CoW to activate.
1164924411 M * Guy- so, CONFIG_VSERVER_COWBL alone does nothing?
1164924426 M * Guy- you also need the files to be immutable and iunlink?
1164924436 M * Guy- that doesn't make sense
1164924443 M * Guy- in this case you wouldn't need CONFIG_VSERVER_COWBL at all
1164924494 M * Bertl hmm?
1164924513 M * Bertl it's a feature you can turn on and off, nothing more, and nothing less
1164924600 M * daniel_hozac the option enables the link breaking on writes.
1164924609 M * daniel_hozac (to files with iunlink set)
1164924625 M * Bertl (or other modifications, btw :)
1164924640 M * daniel_hozac well, IMHO chmod is a kind of write, just to the inode rather than the blocks :)
1164924691 J * comfrey ~comfrey@201.243.176.219
1164924695 M * Guy- so, let's try to sort this out. if a file is immutable+iunlink, it cannot be modified but it can be unlinked. if I also enable CONFIG_VSERVER_COWBL, then the file becomes modifiable as well?
1164924696 Q * bonbons Quit: Leaving
1164924703 M * daniel_hozac yes.
1164924707 M * Guy- great
1164924730 Q * Skram Server closed connection
1164924731 J * Skram ~mark@HERCULES.sentiensystems.net
1164924743 M * Guy- but I guess not if the link count is 1?
1164924761 M * daniel_hozac if the link count is 1, iunlink is just removed.
1164924815 M * Guy- so, if a file is immutable and iunlink, and CONFIG_VSERVER_COWBL is enabled, it can still be modified
1164924826 M * daniel_hozac yes
1164924841 M * Guy- that's important to know
1164924909 M * RichyF Have a guest account setup for Debian, used a debootstrap, is it possible to do a similar thing for fedora 5?
1164924954 M * daniel_hozac yes, you can build guests with the yum build method.
1164925130 M * Bertl btw, could we make a page with examples for different distros?
1164925149 M * Bertl i.e. what and where to specify the source/url/etc
1164925170 M * daniel_hozac good idea.
1164925207 M * Guy- daniel_hozac: hold on; you said if CONFIG_VSERVER_COWBL is enabled and nlinks=1 and iunlink and immutable are set, and the file is opened for writing, iunlink is removed - but not immutable?
1164925222 M * daniel_hozac iunlink and immutable.
1164925226 M * Guy- OK
1164925231 Q * Blissex Remote host closed the connection
1164925338 P * kerberos isnt it obvious?
1164925358 Q * DavidS Ping timeout: 480 seconds
1164925651 M * Bertl daniel_hozac: should I file new bug reports (for 212-rc2) to savannah, or just paste them here?
1164925715 M * Guy- what is "namespace cleanup"?
1164925742 M * daniel_hozac Bertl: doesn't really matter to me, pasting them here works just as well.
1164925754 M * daniel_hozac Guy-: it unmounts things that aren't necessary for the guest.
1164925766 M * Bertl daniel_hozac: okay, great!
1164925829 M * daniel_hozac so, what's the bug? :)
1164925841 M * Bertl daniel_hozac: nitpick, the help text from ./configure states: libext2fs2-devel, but that is only true for x86, it's lib64ext2fs2-devel for x86_64 (and other 64bit archs)
1164925857 M * Bertl I just started :)
1164925966 M * Guy- it says that in 2.0.2 "Remove broken/obsolete filesystem namespace cleanup" - does this mean that 'namespace cleanup' is gone and I shouldn't worry about it?
1164925979 M * daniel_hozac it's gone from kernel space, yes.
1164925986 M * daniel_hozac it's implemented in userspace since 0.30.211.
1164926058 M * Guy- OK, I'm reading http://oldwiki.linux-vserver.org/Namespaces - is this a good place to find out about this feature?
1164926077 M * Guy- (it doesn't contain 'cleanup', but who knows)
1164926253 M * daniel_hozac 0.30.212 will be enabling namespace cleanup by default.
1164926292 M * Bertl good decision ..
1164926312 M * daniel_hozac yeah, when we got three people complaining about the mounts in one day, i enabled it ;)
1164926351 M * Guy- ok, is the feature explained in any kind of detail anywhere? :)
1164926357 M * Guy- I couldn't find it on the wiki
1164926363 M * daniel_hozac the source? :)
1164926369 M * daniel_hozac it's a rather new feature.
1164926395 M * daniel_hozac Bertl: lib(64)ext2fs2-devel ok? or should i put 32-bit and 64-bit on separate lines?
1164926397 M * Bertl Guy-: wouldn't hurt to add comments to the namespace wiki page though
1164926409 M * daniel_hozac has it been migrated yet?
1164926423 M * Guy- OK, how about you explain to me, I document it in Hungarian now (because that's what I need for tomorrow), but I promise to contribute it back to the wiki in English?
1164926447 M * Bertl daniel_hozac: for me personnaly lib*ext2fs2-devel would suffice, do not know about others
1164926500 M * daniel_hozac i guess i should change it to Mandriva as well.
1164926511 M * Bertl how is that on fedora btw?
1164926522 Q * bj Server closed connection
1164926524 J * bj ~bj@insanefactory.com
1164926529 M * daniel_hozac the packages are named the same thing.
1164926561 M * Bertl i.c. how do you install the 32bit version on a 64bit system?
1164926562 M * Guy- "Security is added since alpha util-vserver also overlay the original root directory with the vserver's root directory (using a recursive bind mount)" - what does this mean?
1164926572 M * Guy- overlay?
1164926585 M * daniel_hozac yum install <package>.i386
1164926597 M * Guy- it basically does a "mount --bind /root/of/vserver /"?
1164926603 M * daniel_hozac --rbind actually, but yes.
1164926610 M * Guy- OK
1164926636 M * Guy- btw, is it possible to cause rbind to also work on directories that are mounted after the rbind?
1164926668 M * daniel_hozac like make new mounts in the original tree show up in the rbind'd tree?
1164926675 M * Guy- i.e. I have /foo/bar, I do mount --rbind /foo/bar /baz, and then mount something under /foo/bar/xyz, and would like that to appear in /baz/xyz too
1164926679 M * Guy- yes
1164926710 M * daniel_hozac one of the recent mainline kernels added something called shared subtrees which should let you do that.
1164926729 M * Guy- OK, thanks, will look that up sometime
1164926967 M * Guy- so, if I use namespaces (which I must?), can I mount --bind /somedir /var/lib/vservers/myserver/somedir, then start the vserver and use the content under /somedir?
1164926993 M * Bertl nah, you do not have to use them :)
1164927001 M * daniel_hozac of course you can.
1164927008 M * Guy- OK, thanks on both counts :)
1164927016 M * daniel_hozac you could also put it in the guest's fstab.
1164927023 M * Guy- yikes. I just had my first flower page experience
1164927048 M * Bertl waht about making the grass default there too?
1164927079 M * Guy- 'weedpage' is fine with me :)
1164927093 M * Bertl yeah, that looks nice ...
1164927100 Q * comfrey Read error: Connection reset by peer
1164927160 M * Guy- but, uh, isn't this content the same as http://people.linux-vserver.org/~dhozac/p/uv/experimental/configuration.html?
1164927173 M * daniel_hozac yes.
1164927176 M * daniel_hozac well, not really.
1164927187 M * daniel_hozac the one in my experimental area is more recent.
1164927296 M * Guy- vnamespace only changes the namespace, not the xid, whereas chcontext does both?
1164927356 J * comfrey ~comfrey@201.243.176.219
1164927464 M * Bertl wb comfrey!
1164927613 M * daniel_hozac chcontext only changes the xid.
1164927675 M * Guy- OK
1164927682 M * Guy- and vserver enter does both?
1164927708 M * daniel_hozac and a few other things, yes.
1164927731 M * Bertl hmm, btw, that probably is worth a bug report then ...
1164927764 M * Bertl chcontext _did_ change the 'uts namespace' before 2.6.19 :)
1164927786 M * Bertl can we work around that somehow?
1164927843 M * Guy- is it OK if /var/lib/vserver is a symlink?
1164927860 M * Bertl daniel_hozac: i.e. chcontext --xid 49151 --hostname zaphod true (fails on 2.6.19)
1164927895 M * daniel_hozac hmm, right...
1164927908 M * Bertl does chcontext use clone()?
1164927912 M * daniel_hozac no.
1164927917 M * Bertl thought so ...
1164927924 M * daniel_hozac Guy-: why not change /etc/vservers/.defaults/vdirbase?
1164927931 M * Bertl daniel_hozac: maybe we could unshare and set it there?
1164927949 M * Guy- daniel_hozac: because in http://oldwiki.linux-vserver.org/Step-by-Step+Guide+2.6 it says the location may be hardcoded in the utilities
1164927963 M * Guy- (note: I doubt that this is the way to do it, because IIRC, the path is hardcoded into some scripts/tools ... specifying it at build time with --with-vrootdir=/home/vservers would be advised, and don't blame us for the /var/lib/vservers path, that's a debian oddity, all other distros we know of use /vservers -- Bertl)
1164928002 M * Bertl could be obsolete by now, except for the debian part :)
1164928094 Q * doener Quit: brb
1164928112 J * doener ~doener@host.magicwars.de
1164928137 M * daniel_hozac that's probably still true, at least for some utils.
1164928223 M * Bertl daniel_hozac: btw, do we have uprmi support by now?
1164928230 M * Bertl *urpmi
1164928238 M * daniel_hozac no.
1164928255 M * Bertl could you help me to add that?
1164928273 M * daniel_hozac sure!
1164928274 M * Bertl it should be straight forward, as the tool knows --root <dir>
1164928294 M * Bertl            Use the file system tree rooted for rpm install. All operations and
1164928294 M * Bertl            scripts will run after chroot(2). The rpm database that lies in the
1164928294 M * Bertl            rooted tree will be used, but the urpmi configuration comes from
1164928294 M * Bertl            the normal system.
1164928314 Q * bogus Server closed connection
1164928319 J * bogus ~bogusano@fengor.net
1164928337 M * Bertl daniel_hozac: ssh logon to such a system would help?
1164928351 M * daniel_hozac well, the database is stored externally for the other rpm-based build methods.
1164928400 M * daniel_hozac yeah sure, but i don't think i'll be able to do anything today, i'll be off to bed soon. i should have time over the weekend though.
1164928416 Q * Smutje Ping timeout: 480 seconds
1164928429 M * Bertl okay, np, it's not urgent ...
1164928462 M * Bertl daniel_hozac: please send me a signed ssh key, I'll add that then ...
1164928632 M * daniel_hozac http://daniel.hozac.com/tmp/vserver_id.pub.asc
1164928686 M * Bertl great, tx, btw the 'build' method still leaves broken guests on failure
1164928704 M * daniel_hozac which method?
1164928747 M * RichyF hi guys, soz i was grabbing my tea, are there any examples of setting up a guest using the yum method (in particular Fed5 or fed6)
1164928781 M * daniel_hozac i've seen it too, but i've been too lazy to investigate it as it's always happened when i've needed a guest...
1164928783 M * Bertl daniel_hozac: http://paste.linux-vserver.org/711
1164928811 M * daniel_hozac RichyF: vserver guest build -m yum ... -- -d fc6
1164928833 M * Bertl btw, what was the 'arch' argument for debootstrap?
1164928848 M * Bertl I mean, how was it specified correctly?
1164928861 M * daniel_hozac ARCH=... or -- --arch ..., IIRC.
1164928906 M * Bertl ah, two dashes :)
1164929006 Q * comfrey Ping timeout: 480 seconds
1164929166 M * Bertl daniel_hozac: # vserver sarge start
1164929166 M * Bertl exec-ulimit: execv(): Bad address
1164929187 M * Bertl (right after install, any ideas?)
1164929197 M * daniel_hozac hmm, x86_64?
1164929206 M * Bertl yep
1164929212 M * daniel_hozac isn't that the strange syscall issue?
1164929224 M * Bertl hmm, maybe?
1164929229 M * Guy- what is the .pkg directory used for?
1164929237 M * daniel_hozac external package management.
1164929242 M * Bertl daniel_hozac: dietlibc is 0.30 + patches
1164929254 M * RichyF vserver fedora build -m yum --context 43 --hostname fedoar.test.org --interface eth0:192.168.1.52/24 -- -d fc5 seems to be working, can i put that somewhere on the wiki?
1164929259 M * Guy- daniel_hozac: meaning?
1164929272 P * stefani I'm Parting (the water)
1164929288 M * daniel_hozac Guy-: meaning you don't need rpm/yum/etc. installed inside the guest, just on the host.
1164929302 M * Guy- daniel_hozac: OK, so how is this related to the .pkg directory?
1164929318 M * Bertl daniel_hozac: could you elaborate on the 'strange' syscall issue and what can be done about it?
1164929319 M * Guy- daniel_hozac: and is it only used for rpm-based distros?
1164929339 M * daniel_hozac Bertl: i don't really remember much about it, you and Hollow were tracking it down IIRC.
1164929356 M * daniel_hozac Guy-: so far, yes.
1164929356 M * Bertl so it should be fixed by now, no?
1164929364 M * Guy- daniel_hozac: (remember, I'm trying to write documentation, so I need to understand what's going on :)
1164929367 M * Guy- daniel_hozac: OK, thanks
1164929368 M * daniel_hozac Bertl: i don't recall a fix at all.
1164929383 Q * yarihm Quit: Leaving
1164929392 M * Bertl aha, intersting ... so the utils are broken on x86_64 now?
1164929425 M * daniel_hozac well, they work fine for me.
1164929445 M * Bertl i.c., could you upload a binary version of 2.12-rc2 please?
1164929451 M * Bertl *212
1164929526 M * Guy- are the CFG-OPTIONS of vserver build documented anywhere (better than in vserver-build.8)?
1164929555 J * Smutje ~Smutje@xdsl-87-78-98-134.netcologne.de
1164929603 M * daniel_hozac vserver - build --help
1164929683 M * Guy- not really more there, alas
1164929691 M * Guy- just more recent
1164929721 M * daniel_hozac Guy-: what more is it that you're looking for?
1164929744 M * Guy- for example, --interface [<name-suffix>=][<device>:]<ip>[/<mask|prefixlen>]
1164929750 M * Guy- what are its exact effects?
1164929764 M * daniel_hozac that interface will be made available to the guest.
1164929791 M * daniel_hozac the IP will be added to <device>, with the mask/prefix specified, and with the name-suffix label if specified.
1164929794 M * Guy- so --interface 1.2.3.4 will allow the guest to bind() to 1.2.3.4
1164929798 M * daniel_hozac yes.
1164929823 M * Guy- I don't yet know what <device> is
1164929830 M * daniel_hozac an interface.
1164929849 M * Guy- ah OK, didn't pay attention there
1164929908 M * Guy- --interface foo=eth0:1.2.3.4/32 would then do 'ip addr add dev eth0 1.2.3.4/32' on the host, right?
1164929930 M * Guy- and where would I see foo? in the output of ifconfig in the guest?
1164929963 M * daniel_hozac ip addr add 1.2.3.4/32 dev eth0 label foo
1164929981 M * daniel_hozac the label means ifconfig will be able to display it.
1164930215 M * Guy- hmmm... what exactly does this label thing do? just "ip addr add 1.2.3.4/32 dev eth0 label foo" doesn't even work, it says "dev" (eth0) must match "label" (foo).
1164930226 M * Guy- I've never used this label feature of ip(8) before
1164930244 M * Guy- and man ip isn't exactly verbose on the subject :)
1164930311 M * Guy- it's to do with .q vlans?
1164930317 M * daniel_hozac no.
1164930318 M * Guy- then I guess I understand
1164930323 M * daniel_hozac it's to do with ifconfig.
1164930334 M * daniel_hozac ifconfig can only handle one IP address per interface.
1164930364 M * Bertl daniel_hozac: where could I find a binary version?
1164930376 M * daniel_hozac Bertl: i'm working on it...
1164930385 M * Bertl ah, okay, sorry :)
1164930387 M * Guy- daniel_hozac: so the label feature would make the new IP appear as a different interface, so that ifconfig would be able to display it?
1164930408 M * daniel_hozac Guy-: it would make it appear as an alias, yes.
1164930412 M * Guy- daniel_hozac: but why then does it say 'eth0' must match 'foo'?
1164930423 M * daniel_hozac because it should be label eth0:foo, i guess.
1164930427 M * Guy- ah
1164930445 M * Guy- right on!
1164930499 M * Guy- if I keep learning new things at this rate, I'll be so sharp that I'll cut myself :)
1164930666 J * comfrey ~comfrey@201.243.176.219
1164930706 M * Guy- why do you need the second "--" in this example? vserver DebianSid build -m debootstrap -- -d sid -m ftp://ftp.at.debian.org/debian/ -- --resolve-deps
1164930728 M * Guy- the first "--" separates the arguments of vserver build from those of debootstrap
1164930737 M * Guy- but --resolve-deps is an option for debootstrap
1164930753 M * Guy- (I got it from http://oldwiki.linux-vserver.org/Step-by-Step+Guide+2.6)
1164930813 M * daniel_hozac -- separates the arguments of vserver build from the build method.
1164930819 M * daniel_hozac the first+
1164930834 M * daniel_hozac the second -- separates those arguments from debootstrap's options.
1164930947 M * RichyF guys, ive just installed a fedora test guest but there are absolutly no programs on it, cant wget yum or rpm anything to build up the install. have i dont something wrong?
1164930997 M * daniel_hozac nope.
1164931000 M * Guy- daniel_hozac: oh, right, my bad again, sorry
1164931013 M * daniel_hozac RichyF: just use vrpm or vyum from the host to install things.
1164931030 M * RichyF taa, ill give it a go
1164931049 M * daniel_hozac RichyF: see http://oldwiki.linux-vserver.org/VServer+installation+Fedora+Core+5
1164931073 M * daniel_hozac (basically the same things are true for FC6)
1164931158 Q * wenchien Server closed connection
1164931175 J * wenchien ~wenchien@59-105-176-11.adsl.static.seed.net.tw