1171411218 M * Bertl daniel_hozac: basically, as I said the last time, I'd expect recent tools, to work out of the box for recent kernels, regardless of their configuration as long as there is a match/overlap between the ABIs
1171411357 M * litage Bertl: thanks
1171411374 M * daniel_hozac Bertl: but without knowing the API version, how can the utils tell which are available?
1171411415 M * Bertl daniel_hozac: why don't they know the API version?
1171411428 M * daniel_hozac the legacy version?
1171411450 M * Bertl we added that as special version so that it can be recognized, no?
1171411450 Q * dna Quit: Verlassend
1171411476 M * daniel_hozac sure, but which APIs do you enable? 2.0? 2.1? 2.2? 2.3?
1171411567 M * Bertl I'm okay if we special case that, i.e. we put a big warning message into the kernel help and if the tools do detect this version, they give a specific warning too, how about that?
1171411587 M * Bertl (do detect this version without having the proper support)
1171411628 M * daniel_hozac so message would be something like chbind: legacy version detected, unable to continue?
1171411662 M * Bertl I'd prefer something like: "legacy version id enabled in the kernel, but legacy API missing in the tools'
1171411674 M * Bertl maybe even:
1171411675 M * daniel_hozac sure.
1171411689 M * baldy lol strange
1171411694 M * Bertl "legacy version id enabled in the kernel, but legacy API missing in the tools, no idea what ABI you actually have :)'
1171411710 M * pflanze Hm, chbind --ip ... is giving me "ncontext: vc_net_create(): Invalid argument" with vs2.2; I've tried chbind --nid 22 --ip ... which "worked", but I can't see the network connections now, and ncontext --migrate 22 says "Can not migrate to an unknown context"
1171411736 M * pflanze how do I behave right?
1171411743 M * baldy when i do a ./vserver-info - SYSINFO in the src dir it shows me complete other thinks as i use vserver-info - SYSINFO out of the bin dir
1171411754 M * Bertl pflanze: upload information :)
1171411763 M * pflanze will do
1171411791 M * Bertl baldy: probably you have more than one set of tools installed
1171411807 M * baldy Bertl: i deleted evertink
1171411811 M * baldy think
1171411836 M * daniel_hozac pflanze: no dynamic context support in the kernel.
1171411859 M * daniel_hozac pflanze: and what you want is ncontext --nid 22 --migrate.
1171411895 M * daniel_hozac but, i need to get some sleep. good night everyone!
1171411942 M * Bertl daniel_hozac: okay, have a good one!
1171412053 M * pflanze thanks daniel
1171412066 A * pflanze has posted http://paste.linux-vserver.org/1156, but will look at --nid 22 now
1171412100 M * pflanze hm root@elvis root# ncontext --nid 22 --migrate lsof -i -n   -> does not complain anymore but gives empty output
1171412134 M * pflanze what's that with the dynamic context support in the kernel?
1171412138 M * pflanze why would I need that?
1171412155 Q * litage Remote host closed the connection
1171412160 M * pflanze One note though: the config option for vserver privacy is enabled in my kernel
1171412174 M * Bertl dynamic context support was something jacques considered a good idea
1171412175 M * pflanze Is this the culprit for the empty outputs?
1171412203 M * pflanze dynamic ctx ids, right? nowadays we are using /etc/vservers/*/context, as I do.
1171412212 M * Bertl we suffered from the dynamic contexts (and the race conditions they cause) for more than three years, now we basically removed them
1171412221 M * pflanze But why does that matter for my chbind stuff here?
1171412250 M * Bertl well, both process and network contexts now require a static context id
1171412251 M * pflanze I didn't plan running ntpd in another ctx.
1171412270 M * pflanze Yeah, so that's why chbind nees an nid; fine for me,
1171412275 M * Bertl xid for the process contexts, nid for the network contexts
1171412278 M * pflanze I used the example 22 (hopefully that's free?)
1171412291 M * Bertl yes, everything but 0 and 1 is free
1171412292 M * pflanze Can I give nid 0 or something for "host"?
1171412308 M * Bertl in theory, but you cannot migrate to it
1171412318 M * Bertl but 1 (spectator) should work to see everything
1171412336 M * pflanze Not for me, because of the "private" stuff probably
1171412354 M * Bertl that could be, but is more unlikely ...
1171412381 M * Bertl what did you start in --nid 22?
1171412387 M * pflanze ntpd
1171412398 M * pflanze as per my example above / on the above paste
1171412433 M * Bertl what does chbind --nid 22 --migrate -- ip addr ls   give?
1171412437 M * pflanze (What's the worth of the "vserver privacy" anyway? Host root can peek every context/nid anyway, so where does it help the privacy?)
1171412455 M * Bertl pflanze: no, with the privacy enabled it cannot
1171412501 M * pflanze well, I wrote a script to loop over all vservers to still be able to peek into them, so I'd definitely say it can
1171412516 M * Bertl then the privacy is not used yet :)
1171412530 M * pflanze chbind --nid... is wrong, but root@elvis root# ncontext --nid 22 --migrate -- ip addr ls 
1171412532 M * pflanze gives a long list
1171412547 M * pflanze of all network ip's of the vservers
1171412559 M * Bertl should not be that long, if you restricted nid=22 to some ips ...
1171412570 M * Bertl what kernel do you use now?
1171412577 M * pflanze 2.6.19.3-vs2.2.0-rc12
1171412607 M * Bertl sec, let me check that here
1171412681 A * pflanze has confirmed that CONFIG_VSERVER_PRIVACY=y btw
1171412741 J * FreshPrince ~FreshPrin@80-218-189-15.dclient.hispeed.ch
1171412749 M * Bertl welcome FreshPrince!
1171412751 M * pflanze btw: ntpd is complaining in syslog: Feb 14 01:24:00 elvis ntpd[20276]: sendto(134.214.100.6): Bad file descriptor
1171412766 M * FreshPrince hallo Bertl :)
1171412775 M * pflanze (134.214.100.6 is the remote ntp server)
1171413067 J * ntrs ~ntrs@68-188-55-120.dhcp.stls.mo.charter.com
1171413216 M * FreshPrince the most channels on that server are debian channels.. -.-
1171413250 M * Bertl this is not a debian channel :)
1171413309 M * Bertl pflanze: yep, something is wrong here too ... will investigate
1171413371 M * pflanze Thanks, Bertl
1171413683 Q * er Quit: Leaving
1171413851 M * Bertl pflanze: ah, I see it now, it is a transitional issue
1171413891 M * Bertl while the network context is mostly independant by now, the network interface hiding is still part of the process context
1171413925 M * pflanze so that explains why ip addr ls lists all interfaces.
1171413962 M * Bertl yes, that is already handled properly in 2.3.x
1171413986 M * Bertl now let's check for the binding issue ...
1171414000 M * pflanze But why does lsof -i -n giving me empty output? Well, as I see in the above syslog output, ntpd didn't seem to get a workig socket anyway, so that may explain lsof output?
1171414014 M * Bertl yep, I guess so
1171414025 M * Bertl let's try (here and for you) with nc -l
1171414037 Q * bonbons Quit: Leaving
1171414067 M * Bertl it might be that the ntpd failed for a different reason, e.g. host is already running ntpd or something on that port
1171414121 M * Aiken has the ip if the interface that ntp was bound to changed since ntp was started?
1171414153 M * Aiken ntp does not respond too well to ip changes and I think that the error you get
1171414162 M * pflanze Bertl: ok, nc seems to work
1171414172 J * BillB0B ~derengel_@tor-irc.dnsbl.oftc.net
1171414182 M * Bertl welcome BillB0B!
1171414206 P * BillB0B 
1171414235 M * Bertl pflanze: same here, so that looks good ...
1171414311 M * pflanze strange, I've got no idea what it could be
1171414332 M * Bertl strace?
1171414339 M * pflanze The only changes to the host setup have been the kernel+vserverutils upgrade, and using dhclient instead of a static address.
1171414345 M * pflanze ahsure
1171414836 M * pflanze weird. 28223 bind(4, {sa_family=AF_INET, sin_port=htons(123), sin_addr=inet_addr("0.0.0.0")}, 16) = -1 EADDRINUSE (Address already in use)
1171414879 M * pflanze but there's been no ntp process running before
1171414910 M * pflanze hmm
1171414919 M * Bertl well, somebody _is_ using it :)
1171414919 M * pflanze not true, one is running in a vserver, shuck
1171414945 M * pflanze  / yuck / whatever
1171414950 M * Bertl :)
1171414978 M * pflanze but that vserver does not have hte ip I'm using on the host
1171415026 M * Bertl try the following, on the host:
1171415055 M * Bertl chbind --nid 22 --ip <the ip>/<prefix> -- nc -l -p 123
1171415136 M * pflanze I've now logged into the vserver, stopped the ntpd there, and now I can run the one on the host.
1171415231 M * pflanze cat /proc/self/status|grep ipv4root:  from that vserver shows: ipv4root: 0107000a/00ffffff 0107a8c0/00ffffff
1171415268 M * pflanze now how can be that this prevents me from starting 'chbind --nid 22 --ip 84.73.56.44  -- /etc/init.d/ntp-server start' on the host
1171415503 M * Bertl http://paste.linux-vserver.org/1157 <- this works here on 2.6.19.3-vs2.2.0-rc12
1171415992 M * pflanze yes this works for me as well
1171415997 P * FreshPrince 
1171416015 M * Bertl well, let's try with you ntp server then ...
1171416019 M * Bertl *your
1171416084 M * pflanze what exactly?
1171416175 M * Bertl instead of the nc, put the ntp
1171416789 M * pflanze Bertl: the above with ntp works as expected
1171416807 M * Bertl so what is different in your setup?
1171416828 M * pflanze But when I stop the normal ntpd on the host, stop&start the vserver (which starts it's own ntp (for no reason)), I cannot start ntpd on the host, again
1171416893 M * pflanze root@elvis root# chcontext --ctx 1007 cat /proc/2611/status|egrep '(Name|ipv4root):'
1171416893 M * pflanze Name:	ntpd
1171416893 M * pflanze ipv4root: 0107000a/00ffffff 0107a8c0/00ffffff
1171416908 M * pflanze 1007 is the vserver with the ntp
1171416930 M * Bertl chcontext is not the best idea :)
1171416945 M * Bertl check with /proc/virtnet/*/info
1171416945 M * pflanze ah?
1171416949 M * pflanze k
1171416968 M * pflanze root@elvis root# cat /proc/virtnet/1007/info 
1171416968 M * pflanze ID:	1007
1171416968 M * pflanze Info:	e8396480
1171416968 M * pflanze 0:	10.0.7.1/255.255.255.0
1171416968 M * pflanze 1:	192.168.7.1/255.255.255.0
1171417003 M * Bertl and what is the command you use to start the ntp on the host now?
1171417024 M * pflanze root@elvis root# chbind --nid 22 --ip 84.73.56.44  -- /etc/init.d/ntp-server start
1171417040 M * Bertl an when you try with a prefix?
1171417066 M * pflanze you mean like 84.73.56.44/24 ?
1171417070 M * Bertl yup
1171417081 M * pflanze doesn't help
1171417094 M * pflanze root@elvis root# ncontext --nid 22 --migrate lsof -i -n  -> empty
1171417109 M * Bertl but the same works, when the guest is not started?
1171417125 M * pflanze yep, or even when I log into the vserver and stop the ntp there
1171417155 M * Bertl and it also works when you started the guest's ntp with a simila chbind, but different ip?
1171417163 M * Bertl +r
1171417295 M * pflanze where do you mean?
1171417318 M * Bertl well, that was what I suggested before and you answered that it would work as expected
1171417337 M * Bertl i.e. do a chbind --nid ... ip1 ... ip2 ... -- guest-ntp start
1171417349 M * pflanze but the guest is on the guests's filesystem
1171417359 M * pflanze I'd have to run it with chcontext..
1171417366 M * Bertl then try to start the chbind --nid ... ip3 ... -- host-ntp start
1171417372 M * pflanze k
1171417373 M * Bertl pflanze: why?
1171417380 M * pflanze or at least chroot
1171417384 M * Bertl yep
1171417398 M * pflanze and this is the guest which I trust least of all of them..
1171417408 Q * meandtheshel1 Quit: Leaving.
1171417447 M * Bertl well, if that guest already manages to bind to unassigned ips ...
1171417490 Q * FireEgl Quit: ...
1171417625 P * muuhDBX 
1171418078 M * pflanze Only ntpd breaks the binding, nc doesn't.
1171418305 M * pflanze http://paste.linux-vserver.org/1158
1171418326 M * pflanze (I did stop the vserver for this)
1171418376 M * Bertl so the second ntpd has issues starting?
1171418415 M * pflanze http://paste.linux-vserver.org/1159
1171418417 M * Bertl i.e. the ntpd in context 22 fails?
1171418427 M * pflanze here you see that it doesn't have issues if I don't start the first one
1171418431 M * pflanze yep
1171418452 M * Bertl okay, please do an strace -fF of both ntpds
1171418459 M * Bertl in the failing setup
1171418497 M * Bertl (i.e. stop both, and redo your test with strace -fF -o ntpd.trace prepended to the ntpd command
1171418877 M * pflanze http://paste.linux-vserver.org/1160, http://elvis-jaeger.mine.nu:5080/~chris/scratch/fileEA5KkG.tgz
1171418886 M * pflanze the latter contains the two straces
1171418896 M * pflanze the first shows exactly what I did for them
1171419084 M * Bertl I guess your problem is that ntpd here seems to be very funny coded
1171419165 M * Bertl but it's interesting that you get EADDRINUSE
1171419208 M * pflanze Could it be because of iptables rules?
1171419229 M * pflanze I've got those rules for port 123:
1171419230 M * Bertl do you do weird remappings?
1171419232 M * pflanze -A INPUT -s 134.214.100.6 -i eth0 -p udp -m udp --dport 123 -j ACCEPT 
1171419232 M * pflanze -A INPUT -i eth0 -p tcp -m tcp --dport 123 -j REJECT --reject-with icmp-port-unreachable 
1171419232 M * pflanze -A INPUT -i eth0 -p udp -m udp --dport 123 -j REJECT --reject-with icmp-port-unreachable 
1171419246 M * pflanze But note that I did test with  nc -u -l -p 123
1171419255 M * pflanze so that should fall under the same rules.
1171419292 M * pflanze do you want my full rule set?
1171419322 M * pflanze (probably of no use, though)
1171419333 M * Bertl  bind(4, {sa_family=AF_INET, sin_port=htons(123), sin_addr=inet_addr("84.73.56.44")}, 16) = -1 EADDRINUSE
1171419341 M * Bertl this is the only one which really confuses me
1171419383 M * pflanze yeah, and it happens this way also when running the "bad" vserver regularly.
1171419417 M * pflanze can you reproduce it or do you need me to do more test?
1171419487 M * Bertl cannot reproduce it yet, as it works with nc :/
1171419508 M * Bertl do you have debug enabled in the kernel? especially vserver debugging?
1171419509 M * pflanze well, replace nc with your ntpd?
1171419515 M * pflanze no
1171419530 M * Bertl my test setup has no ntpd :)
1171419552 M * pflanze shall I package up my ntpd for you?
1171419593 M * Bertl are you sure that raw sockets aren't permitted?
1171419595 M * pflanze so that you can run it in a chroot
1171419603 M * pflanze well this is on the host
1171419610 M * pflanze everything permitted.
1171419614 M * Bertl for the guest, I mean
1171419731 M * Bertl because one of the first things we do in inet_bind() is
1171419748 M * Bertl the network collision checks, which would return
1171419754 M * Bertl -EADDRNOTAVAIL
1171419766 M * Bertl but you get  -EADDRINUSE
1171419784 M * Bertl and the only way I see here you could get that is with a 
1171419791 M * Bertl raw socket bind function ...
1171419817 M * pflanze here's my config (of the "bad" vserver = "thea", and the defaults) http://paste.linux-vserver.org/1161
1171419882 M * Bertl interesting, what happens if you do not put those ips on lo?
1171419901 M * pflanze in my tests on the host I did put them to eth0
1171419911 M * pflanze but I can check with thea, too
1171419914 M * Bertl so that makes no difference then
1171419945 M * Bertl how large is your ntpd stuff?
1171419956 M * pflanze how, how large?
1171419980 M * Bertl if I want to integrate this for a temporary test
1171419985 M * pflanze ah
1171420000 M * pflanze I'd have to grep all open's out of the strace and package that up, to see
1171420035 M * Bertl if it fits in 256MB I can arrange something
1171420066 M * Bertl but I think nc should be able to recreate the issue ...
1171420559 J * FireEgl Proteus@2001:5c0:84dc:1:211:9ff:feca:b042
1171421096 M * pflanze Bertl: http://elvis-jaeger.mine.nu:5080/~chris/scratch/ntpdpack.tgz
1171421734 M * Bertl nice, even fits in my actual test env ...
1171422081 M * Bertl okay, seems I can recreate it here ... let's see what the debug info will tell ...
1171422795 M * Bertl hmm, interesting ...
1171422856 M * Bertl yep, seems that got broken in 2.6.19 ...
1171422982 M * pflanze Thanks for your work. I'll log off to bed now, good night
1171422996 M * Bertl have a good one, and expect a fix tomorrow :)
1171423016 Q * pflanze Quit: [x]chat
1171423853 J * Fartag ~tester@ppp-70-244-167-22.dsl.rcsntx.swbell.net
1171424442 Q * Aiken Quit: Leaving
1171425046 J * Aiken ~james@ppp109-15.lns2.bne4.internode.on.net
1171425187 M * Bertl welcome Fartag!
1171425591 Q * Aiken Read error: Connection reset by peer
1171425603 J * Aiken ~james@ppp109-15.lns2.bne4.internode.on.net
1171429179 J * olivierk ~olivier@olivierk.org
1171429289 Q * olivierk_ Ping timeout: 480 seconds
1171430801 J * DoberMann_ ~james@AToulouse-156-1-59-183.w90-16.abo.wanadoo.fr
1171430910 Q * DoberMann[ZZZzzz] Ping timeout: 480 seconds
1171433755 Q * olivierk Ping timeout: 480 seconds
1171433909 Q * akaihola Ping timeout: 480 seconds
1171434394 M * Bertl daniel_hozac: okay, I reall _hope_ shiny16 fixes all known i386 issues and the ones yet to come *G* .. haven't tested the 6 arg syscall yet, but at most it should be an offset issue ...
1171434398 M * Bertl *really
1171434459 M * Bertl tested with -O2, -Os, -fPIC, gcc 3.3.6 and 4.1.1 (only compile tested though)
1171434587 M * Bertl neuralis: please try to replace the lib/syscall-alternative.h with http://vserver.13thfloor.at/Experimental/SYSCALL/syscall_shiny16.h, it should fix your gcc 3.3 issues
1171435289 J * stefani ~stefani@24.19.46.211
1171435640 M * Bertl daniel_hozac, doener: please have a look at the delta-udp-fix01.diff, it should deal with the FIXME currently present (please confirm so that I can remove that)
1171435680 M * Bertl okay, off to bed now ... have a good one everyone! cya!
1171435684 N * Bertl Bertl_zZ
1171435927 J * olivierk ~olivier@olivierk.org
1171436870 P * stefani parting (is such sweet sorrow)
1171436978 Q * Fartag Remote host closed the connection
1171437524 N * DoberMann_ DoberMann[PullA]
1171438714 Q * cdrx Ping timeout: 480 seconds
1171439680 Q * Aiken Read error: Connection reset by peer
1171439835 N * DoberMann[PullA] DoberMann
1171439905 J * lilalinux ~plasma@80.69.41.2
1171440739 Q * mire Ping timeout: 480 seconds
1171440819 J * Aiken ~james@ppp109-15.lns2.bne4.internode.on.net
1171441003 Q * gab Quit: Leaving
1171441021 J * gab ~gab@158.36.45.236
1171442276 J * ema ~ema@lart.galliera.it
1171442567 Q * ema 
1171443454 J * cdrx ~legoater@blueice2n1.uk.ibm.com
1171443882 Q * cdrx Quit: Leaving
1171443997 J * Piet hiddenserv@tor.noreply.org
1171444299 J * cdrx ~legoater@blueice1n1.uk.ibm.com
1171444483 J * dna ~naucki@163-202-dsl.kielnet.net
1171444881 J * bonbons ~bonbons@83.222.37.103
1171445534 Q * cdrx Quit: Leaving
1171445734 Q * m`m`h Ping timeout: 480 seconds
1171446089 J * dlezcano ~dlezcano@AToulouse-252-1-63-147.w83-200.abo.wanadoo.fr
1171446950 J * cdrx ~legoater@blueice1n1.uk.ibm.com
1171447525 J * muuhDBX ~foo@a213-22-7-59.cpe.netcabo.pt
1171447755 Q * bonbons Remote host closed the connection
1171447877 Q * shedi Quit: Leaving
1171447929 J * meandtheshell ~markus@85-124-174-151.dynamic.xdsl-line.inode.at
1171447992 J * bonbons ~bonbons@83.222.37.103
1171448295 Q * meandtheshell Quit: Leaving.
1171448508 J * meandtheshel1 ~markus@85-124-174-151.dynamic.xdsl-line.inode.at
1171448711 J * olivierk_ ~olivier@olivierk.org
1171448755 Q * infowolfe Quit: Leaving
1171448774 J * infowolfe ~infowolfe@c-67-164-195-129.hsd1.ut.comcast.net
1171448782 Q * infowolfe 
1171448787 J * infowolfe ~infowolfe@c-67-164-195-129.hsd1.ut.comcast.net
1171448800 Q * olivierk Ping timeout: 480 seconds
1171450203 M * DoberMann does anyone successfully run vserver on an Edgy ?
1171450251 M * DoberMann i used this : http://specialreports.linux.com/article.pl?sid=06/12/19/0456207&tid=136&tid=86  but when i create the test Vserver, i've got thi error message :
1171450267 M * DoberMann save_ctxinfo: symlink("/etc/vservers/test1","/etc/vservers/.defaults/run.rev/49157"): No such file or directory
1171450493 J * olivierk ~olivier@olivierk.org
1171450600 Q * olivierk_ Ping timeout: 480 seconds
1171450869 M * DoberMann hum, package installation problem : "kdir /var/run/vservers.rev "did the trick
1171450874 M * DoberMann *mkdir
1171451831 Q * cdrx Read error: Connection reset by peer
1171451910 J * m`m`h ~simba@deb30.mgts.by
1171452124 P * muuhDBX 
1171452480 J * shedi ~siggi@dsl-149-109-85.hive.is
1171452988 M * shedi is it possible to add an ip address to a running guest?
1171453039 M * shedi and how many ip addresses is a guest able to keep?
1171453455 M * bonbons shedi: yes it is possible
1171453499 M * bonbons right now the maximum count of IP addresses per guest is defined in the patch (default is 16)
1171453510 M * shedi I see
1171453542 M * bonbons not sure starting with which version of util-vserver there is userspace support for adding addresses
1171453576 M * shedi I'm using 0.30.210-6
1171453759 M * bonbons hm, that one might be too old...
1171453819 M * bonbons at least the 0.30.210 I have here (Gentoo) does not look good enough
1171454412 J * duckx ~Duck@tox.dyndns.org
1171455661 M * Loki|muh DoberMann: the util-vserver package is buggy, you must add some mkdirs in the initscript
1171455673 M * Loki|muh DoberMann: there is a bug against that somewhere in launchpad.net
1171455842 M * DoberMann k, thx
1171455873 Q * SNy Ping timeout: 480 seconds
1171456005 Q * Aiken Quit: Leaving
1171456182 J * SNy 101b43d93c@bmx-chemnitz.de
1171456538 J * cdrx ~legoater@cap31-3-82-227-199-249.fbx.proxad.net
1171457389 Q * shedi Quit: Leaving
1171458192 M * DoberMann is there a more efficient way to use loopback device than dummy interface ?
1171458576 M * bonbons DoberMann, any local traffic will go over loopback... you could also assign multiple addresses to lo itself
1171458728 M * DoberMann a simple "ping localhost" does not work
1171459439 J * DavidS ~david@vpn.uni-ak.ac.at
1171459841 J * olivierk_ ~olivier@olivierk.org
1171459950 Q * olivierk Ping timeout: 480 seconds
1171460688 M * bonbons DoberMann: what IP address is your guest trying to ping locally?
1171460763 M * bonbons if it's 127.0.0.1 then it may fail because your guest does not have 127.0.0.1 available
1171460942 M * DoberMann that's it
1171460979 M * bonbons then you would better have to adjust /etc/hosts to map localhost to the (first) address assigned to your guest
1171461021 M * bonbons that will also solve lots of potential problems you may see with applications using local udp/tcp connections
1171461051 J * ema ~ema@lart.galliera.it
1171461175 M * bonbons If I remember well, there is a kernel config option that influences this, remapping 127.0.0.1 to the first IP assigned to the guest (but I might also be mixing some information)
1171461298 M * DoberMann yes, but that also opens security problems, such as mysql opened on the internet for instance
1171461316 M * DoberMann you can't bind servrs to localhost anymore
1171461576 M * bonbons DoberMann: if you guest has exactly one IP address, the problem always exitst. For that issue you would need to have two IP addresses per guest, one "public" and one "private", the private mapped to localhost
1171461653 M * bonbons vserver does pure IP level isolation, thus applications inside a guest can just use the IP addresses which were assigned to if, if there is no 127.0.0.1, then there is no such address available
1171461736 Q * Piet Remote host closed the connection
1171461746 M * bonbons there are plans to make a "virtual" 127.0.0.1 address optionally available to guests, but that's no implemented yet (as of now there are multiple implementation ideas)
1171461788 J * Piet hiddenserv@tor.noreply.org
1171462382 M * DoberMann k
1171462789 Q * sladen Ping timeout: 480 seconds
1171462822 J * sladen paul@starsky.19inch.net
1171463644 Q * gab Quit: Leaving
1171464828 M * rw23 how can i specify a default gw for my guest linux?
1171464871 M * rw23 i have looked at the wiki and googled.. but i cant find a working solution ^^
1171464898 M * baldy they dont have a default gw
1171464916 M * baldy the host system is the "router"
1171464959 M * rw23 so if i asign a private ip addres range to the guest they will access the internet through the host machiunes IP ?
1171465229 M * baldy when u allow nati think yes
1171465232 M * baldy nat
1171465410 M * rw23 hm i want a virtual private network
1171465482 M * rw23 i want to provide some services which are running with different IP's so that i can watch the traffic using iptables
1171465503 M * rw23 so i asign ip adressses like 192.168.11.1-255 to my guests
1171465545 M * rw23 and they need a different default route than the host machine cause the gateway of the host will not handle my private ip adresses
1171465559 M * bonbons rw23: the guest will only use the addresses assigned to it, but the host will do the job of sending the packets to the right destination (if it has a route that works for the given source address)
1171465602 M * bonbons for that it will just work as if the host was sending something with those IP addresses
1171465616 M * bonbons so the best way would be source-based routes
1171465634 M * rw23 source-based routes?
1171465635 M * baldy rw23: u can define route manuel via ip r a
1171465690 M * bonbons something like:    ip route add default via 123.123.123.123 dev eth5 src 192.168.11.0/24
1171465692 M * rw23 how is the package for ip called?
1171465698 M * bonbons iproute2
1171465700 M * baldy ipriute
1171465703 M * rw23 i have no ip command
1171465713 M * baldy bonbons: u cant define more then one default route
1171465725 M * baldy rw23: apt-get install iproute
1171465733 M * rw23 yes got it
1171465741 M * bonbons sure? I already often got multiple default routes working
1171465777 M * baldy normaly yes
1171465783 M * baldy i can set
1171465803 M * baldy ip r a network/subnet via 1.1.1.1 dev eth0
1171465805 M * bonbons you can have more than one route for the same target, e.g. to get failover routes or load balancing (with preference, aka metric)
1171465813 M * rw23 and i need to add the route on the host?
1171465815 M * baldy but no more then 1 default route
1171465827 M * bonbons yes
1171465850 M * baldy bonbons: doese it rela works?
1171465855 M * baldy realy
1171465863 A * baldy dont like static routes hehe
1171465885 M * bonbons baldy: yes they do, it just gets harder to debug when you have a complex routing table :)
1171465924 M * baldy cr0-ffm:~# ip r |wc -l
1171465924 M * baldy 207361
1171465926 M * baldy hihi ;)
1171465927 M * bonbons the most important in this case is the SOURCE-based routing
1171465999 M * bonbons baldy: then you are sitting on a big router oder concentrator, a host should not have much more than a hand full routes
1171466015 M * bonbons s/oder/or/
1171466067 M * baldy bonbons: i unterstand the word "oder" hehe... yes.. some cisco/juniper/foundry/quagga routers hehe
1171466135 M * rw23 ip route add default via 123.123.123.123 dev eth5 src 192.168.11.0/24 -> 123.123.123.123 is ?
1171466150 M * bonbons I've not touched those beasts too much yet, risk of breaking someone's connectivity is quite high on such gateways
1171466184 M * bonbons rw23: some sample address you have to replace with the gateway address for your 192.168.11.0/24 subnet
1171466221 M * rw23 hm it tells me "File exists"
1171466266 M * bonbons then you already have a route that is too similar to the new one you want to add
1171466282 M * rw23 a general default route
1171466315 M * bonbons first check your current routing table to see what it contains
1171466332 M * bonbons but your default route has possibly the same target...
1171466364 M * rw23 i start reading the docs, thanks :)
1171466543 M * bonbons by the way, if you set some metric information it takes a second default route through the same network
1171468448 J * gerrit ~gerrit@mobile-166-214-058-246.mycingular.net
1171468707 Q * renihs|wr Quit: Leaving
1171470009 J * shedi ~siggi@ftth-237-144.hive.is
1171470324 Q * Piet Read error: Connection timed out
1171470919 Q * ema Quit: leaving
1171471992 J * stefani ~stefani@flute.radonc.washington.edu
1171473485 J * fs fs@213.178.77.98
1171473758 J * Piet hiddenserv@tor.noreply.org
1171473981 Q * cdrx Quit: Leaving
1171474152 J * cdrx ~legoater@cap31-3-82-227-199-249.fbx.proxad.net
1171474197 J * dreamind ~dreamind@C2107.campino.wh.tu-darmstadt.de
1171474216 M * dreamind Hi folks :)
1171475066 N * DoberMann DoberMann[PullA]
1171475092 Q * DavidS Quit: Leaving.
1171475850 J * ema ~ema@lart.galliera.it
1171476195 N * Bertl_zZ Bertl
1171476200 M * Bertl morning folks!
1171476501 M * bonbons Morning Bertl! (virtual time offset unchanged ;))
1171477180 J * user ~user@68-188-55-120.dhcp.stls.mo.charter.com
1171477207 N * user Guest3379
1171477245 M * Bertl welcome Guest3379!
1171477250 Q * Guest3379 
1171477276 M * Bertl neuralis: ping?
1171477290 M * Bertl daniel_hozac: ping?
1171477477 M * daniel_hozac semi-pong.
1171478088 Q * rob-84x^ Quit: That's it for today
1171478096 J * rob-84x^ ~rob@submarine.ath.cx
1171478207 M * Bertl daniel_hozac: busy?
1171478227 M * daniel_hozac well, just eating.
1171478335 M * Bertl ah, np, let me know when you have time
1171478349 M * Bertl don't want to disturb your dinner ...
1171478480 M * daniel_hozac heh, you're not disturbing. i like having something to read ;)
1171478503 M * yang hey Bertl !
1171478542 M * Bertl hey yang! I have a new mips kernel to test :)
1171478558 M * yang Bertl: ok cool, when do you wanna test it?
1171478568 M * Bertl whenever you got time ...
1171478579 Q * lilalinux Remote host closed the connection
1171478699 N * DoberMann[PullA] DoberMann
1171479227 M * neuralis Bertl: pong. the machine went into production yesterday, so i can't easily test a new kernel :(
1171479681 J * olivierk ~olivier@olivierk.org
1171479796 Q * olivierk_ Ping timeout: 480 seconds
1171480115 M * Bertl neuralis: not kernel, userspace :)
1171480569 M * daniel_hozac Bertl: delta-udp-fix01 looks fine to me.
1171480779 M * neuralis Bertl: ah, okay, i thought you had mentioned it was a kernel issue
1171480807 M * Bertl yes, but it is userspace, nevertheless, my fault :)
1171480858 M * neuralis no problem, will test.
1171480892 M * Bertl I guess daniel_hozac will replace the shiny in util-vserver soon too
1171481076 M * daniel_hozac there. :)
1171481112 M * Bertl I think it might not just affect 3.3.6 but also some versions of 4.x, so a replacement is advised
1171481123 M * Bertl sorry for the trouble ...
1171481638 Q * Piet Remote host closed the connection
1171481688 J * Piet hiddenserv@tor.noreply.org
1171482441 J * kir_home ~kir@72-255-8-85.client.stsn.net
1171482906 M * Bertl welcome kir_home!
1171482934 M * meebey good evening
1171482968 M * meebey I have a problem with vserver on 2.6.16 kernel and ppp0 interface
1171483005 M * meebey the ppp0 interface is missing in the vserver, while I use IPROOT=ALL, all other interfaces like lo, eth0* are there
1171483015 M * meebey I need the ppp0 interface for openswan though
1171483049 M * Bertl IPROOT=ALL? sounds like a legacy config?
1171483054 M * meebey yeah
1171483063 M * meebey afaik that doesnt make a difference...
1171483084 M * Bertl what does /proc/virtnet/<nid>/info show?
1171483086 M * meebey oh it did, I remember I cant use the normal config
1171483107 M * Bertl hmm?
1171483119 M * meebey openswan is not starting at all using the normal config, thats why I had to go back to the legacy config
1171483140 M * Bertl sounds strange, but maybe daniel_hozac knows more ...
1171483142 M * meebey I tried strace and everything and I could not find the cause, the start scripts of openswan just died somehow
1171483159 M * meebey Bertl: one second
1171483159 M * daniel_hozac openswan in a guest?
1171483163 M * meebey yes
1171483169 M * daniel_hozac isn't that mostly kernel side?
1171483184 M * meebey sure, but not the software
1171483196 M * meebey always worked...
1171483214 A * meebey connects to the server...
1171483218 M * daniel_hozac nothing should be different, AFAIK...
1171483226 M * daniel_hozac unless the namespace is somehow causing problems.
1171483246 M * meebey strange is that all interfaces except ppp0 shows up
1171483255 M * meebey even the IP shows up when I do "vserver vpn enter"
1171483262 M * meebey but not the interface according to ifconfig
1171483295 M * daniel_hozac what? what is the IP address assigned to then?
1171483335 M * meebey let me do some pastebin stufff
1171483366 M * Bertl 2.6.16 could be a version missing the ip replacement stuff, if it isn't the primary interface, doener?
1171483374 M * meebey http://paste.debian.net/21933
1171483381 M * daniel_hozac yeah, sounds likely.
1171483389 M * daniel_hozac depends on what 2.6.16, i guess.
1171483411 M * meebey have to stay at 2.6.16 till 2.6 gets unfucked for me :)
1171483416 M * meebey as crippled UDF
1171483446 M * daniel_hozac 2.0.2-rc18 added it.
1171483458 M * meebey let see which vserver version I hav
1171483467 M * meebey some easy way to ask proc or the kernel?
1171483482 M * daniel_hozac uname -a?
1171483483 M * Bertl uname -a (if it isn't debian)?
1171483499 M * meebey the changelog of debian kernel is sometimes not that verbose
1171483506 M * meebey if it comes to version numbers
1171483535 M * meebey Bertl: that doesn't give the version as its a debian kernel
1171483601 M * meebey   [ Bastian Blank ]
1171483601 M * meebey   * Update vserver patch to 2.0.2-rc21.
1171483663 M * meebey Bertl: the nid is random?
1171483680 M * meebey can't tell by the numbers which virtnet the one is of the vserver
1171483691 M * meebey some way to find it out?
1171483700 M * meebey ls /proc/virtnet/
1171483701 M * meebey 1008  49152  49153  49154  49155  49156  49157	49159  49166  info
1171483776 M * meebey I am running openswan in a guest on 2.6.16 btw but that server has eth1 as interface instead of ppp0
1171483806 M * meebey so its just the missing network interface...
1171483907 M * Bertl you should definitely switch to static context ids
1171483921 M * meebey I am only using static context ids
1171483934 M * Bertl 49152-65535 is dynamic range
1171483952 M * meebey Bertl: maybe you dont believe me, but vserver-stat
1171483954 M * meebey Bertl: http://paste.debian.net/21938
1171484010 M * meebey maybe the tools use dynamic range for network when legacy config or so? as 1008 is the only normal config :)
1171484086 M * Bertl could be, daniel_hozac?
1171484086 M * meebey the customer isn't working now so I can give the other config a try to see if ppp0 shows up then :)
1171484113 M * meebey but I fear the start of openswan will fail in a different way then, but I give it a try
1171484142 M * Bertl meebey: what keeps you from updating the entire system?
1171484178 M * Bertl i.e. 2.6.19.3-vs2.2.0-rc13 (lucky number :) and util-vserver-0.30.213-rc3+?
1171484204 Q * kir_home Ping timeout: 480 seconds
1171484234 M * daniel_hozac yeah, older tools will use a dynamic nid.
1171484271 M * meebey Bertl: latest software isn't always the best, stability wise, less tested and production systems are not that easy to upgrade anyhow, so I need to use packages which is not the latest greatest
1171484291 M * daniel_hozac again with the "old known bugs" arguments :)
1171484330 M * meebey but you can decide then if you can live with them or not
1171484336 M * meebey compared to the unknown problems :)
1171484373 M * meebey when I deploy new servers I use the latest tested versions always
1171484383 M * daniel_hozac what's a "tested" version?
1171484387 M * meebey but once they are deployed they are only changed when really needed
1171484403 M * daniel_hozac Bertl: is there a -rc13, or is that futuristic?
1171484416 M * Bertl there will be in a few minutes
1171484430 M * meebey daniel_hozac: we have a development server it runs the system at least some 2 weeks
1171484435 M * daniel_hozac okay.
1171484446 M * meebey s/some//
1171484486 M * meebey if no problems popup, it goes in a new master image, which is used for new deployed servers then
1171484506 M * Bertl daniel_hozac: do you have a moment to go through the FIXMEs in 2.2.0?
1171484511 M * meebey and with debian packages, I can upgrade later the systems easily when needed
1171484535 M * daniel_hozac Bertl: sure.
1171484617 M * Bertl http://www.13thfloor.at/~herbert/hunk-fixme-diff.hl
1171484629 M * meebey hm same with normal config, no ppp0
1171484646 M * Bertl I guess we will keep the parisc part around, till I find some time to fix and test it properly
1171484656 M * meebey so its some restriction not related to the config tools
1171484680 M * Bertl the second one (namei) should not be a FIXME IMHO, as it does what it says ...
1171484685 M * meebey Unknown HZ value! (4510489) Assume 100.
1171484686 M * meebey eeeks :)
1171484695 M * Bertl broken ps
1171484702 M * Bertl ps/top/whatever
1171484711 M * meebey what are they doing wrong? :)
1171484717 M * meebey wondering how they care...
1171484723 M * meebey s/how/why/
1171484759 M * meebey ip addr is not showing ppp0 either
1171484764 M * meebey hm
1171484770 M * daniel_hozac on the host?
1171484782 M * meebey on host:
1171484795 M * meebey http://paste.debian.net/21941
1171484816 J * kir_home ~kir@72-255-78-114.client.stsn.net
1171484834 M * Bertl meebey: they are trying to 'guess' the HZ values from uptime and timer interrupt count
1171484844 M * meebey Bertl: urgs
1171484906 M * meebey so should I blindly try to get a new version and hope it might work then or test more things?
1171484914 M * meebey wasnt there a network interface hiding thing feature?
1171484932 M * Bertl yes, hide_netif IIRC
1171484974 M * meebey oh I think that was active when there is no IP assigned, like tap or tun
1171485320 Q * ema Quit: leaving
1171485573 M * Bertl daniel_hozac: 
1171485577 M * Bertl 21:33 <neuralis> the reason i'm pretty sure it's gcc's fault, by the way, is because grepping the one-liner binary compiled with -fno-s-p for 'stack' doesn't find anything, but grepping vserver binaries compiled with -fno-s-p still finds "smashed stack detected. program terminated."
1171485594 M * Bertl (regarding util-vserver and ubuntu gcc 4.x)
1171485599 M * meebey Bertl: ~net_hideif doesn't make a difference
1171485604 M * meebey for ppp0 at least
1171485611 M * daniel_hozac because it's ~hide_netif? :)
1171485625 M * meebey ups
1171485631 M * Bertl meebey: you might want to disable it, instead of enabling it
1171485651 M * Bertl daniel_hozac: could it be that some part of util-vserver doesn't get the proper -fno-s-p ?
1171485654 M * meebey thats what I am doing, eh? :)
1171485664 M * daniel_hozac Bertl: was it verified that -fno-stack-protector is passed?
1171485684 M * daniel_hozac i.e. is the problem with the Makefiles, or with e.g. diet?
1171485685 M * meebey hm wondering why vserver didnt cry when I started the vserver about unknown flags
1171485705 M * meebey ah!
1171485708 M * meebey big difference
1171485715 M * Bertl neuralis: said he used it with the configure, and the one liner compiles fine with -fno-s-p
1171485720 M * meebey seems like it does the trick, now openswan must start and I am happy
1171485749 M * meebey so something is not unhiding ppp0...
1171485765 M * neuralis daniel_hozac: visually, the build did pass -fno-s-p to most places, but i didn't properly inspect that everything got the CFLAGS passed
1171485797 M * daniel_hozac so choose a binary and make sure it's compiled with that.
1171485800 M * meebey ah now I remember what the problem was
1171485813 M * meebey vserver vpn start -> openswan bails out somehow
1171485824 M * meebey but starting openswan after the vserver was started works
1171485847 M * Bertl meebey: that could be related to the environmental stuff we fixed in recent tools?
1171485851 M * meebey Feb 14 21:43:42 vpn_galilei pluto[29673]: "ph_net-gsd_net" #7: IPsec SA established {ESP=>0xe13ec145 <0xc14e3254 IPCOMP=>0x0000c802 <0x00000e8d}
1171485853 M * meebey weeee! :)
1171485888 M * meebey Bertl: hm might be, also exec fails IIRC
1171485891 M * neuralis daniel_hozac: sure, i'll take a look a bit later. my first priority was to get the machine operational.
1171485908 M * Bertl neuralis: okay, np, was just an idea ....
1171485926 Q * dreamind Quit: dreamind
1171485945 M * Bertl daniel_hozac: okay, let's focus on the FIXMEs ...
1171485957 M * Bertl do you agree so far?
1171485976 M * neuralis Bertl: heh, i want to figure this out as much as you do. it took me 12 hours with a headache to get everything built properly, working, and the rest of the machine set up. it'd be nice if it it can take people half an hour in the future.
1171485981 M * meebey Bertl: openswan is tons of dirty scripts :)
1171485987 M * daniel_hozac Bertl: yeah.
1171486030 M * meebey Bertl: so is that ppp0 thing a bug or feature? :)
1171486039 M * meebey I am not sure when vserver should hide an interface and when not..
1171486050 M * daniel_hozac meebey: could be a bug.
1171486132 M * daniel_hozac not sure when the point-to-point bug was fixed.
1171486174 M * meebey the customer will be happy as we can give remote support again :-P
1171486182 M * daniel_hozac (my deltas list suggest 2.0.2-rc23.1, but IIRC it was fixed before that too...
1171486212 A * meebey checks if he can get a newer kernel with later vserver version, UDF is a show stopper though
1171486262 M * Bertl right, there was a bug with peer-to-peer 
1171486292 M * meebey  linux-image-2.6.18-4-vserver-686 maybe
1171486305 M * meebey lets see which vserver version it includes
1171486313 M * daniel_hozac 2.0.2.2-rc9
1171486367 M * meebey   [ Bastian Blank ]
1171486367 M * meebey   * Bump ABI to 4.
1171486367 M * meebey   * Update vserver patch to 2.0.2.2-rc9. (closes: #402743, #403790)
1171486368 M * meebey yeah
1171486375 M * Bertl okay, I tried to figure what the FIXME: needs fsinfo means, but I have no clue atm, only a vague guess
1171486399 M * meebey daniel_hozac: so that version could make it?
1171486414 M * meebey without that ~hide_netif workaround
1171486416 M * daniel_hozac it should.
1171486426 M * meebey I will try it then on the development server
1171486435 M * meebey thanks!
1171486437 M * daniel_hozac Bertl: similar to the superblock flags FIXME in xfs?
1171486458 M * Bertl probably, the generic proc approach could be a flag or so, but I guess the compare is fine for now
1171486476 M * daniel_hozac yeah.
1171486482 M * Bertl so I think we simply leave the FIXME there and ignore for now
1171486492 M * daniel_hozac the proc_task_readdir one is interesting.
1171486495 M * Bertl what about the FIXME: could go away now
1171486501 M * Bertl hehe
1171486512 M * Bertl yeah, we should definitely try to remove it :)
1171486542 M * Bertl I guess I must have had a reason for writing that there :)
1171486558 M * meebey hehe FIXME comments are sometimes very obscure
1171486575 M * daniel_hozac i'm not sure i understand why it can go away though.
1171486594 M * Bertl daniel_hozac: I see two options there:
1171486612 M * Bertl a) It can go away, and I figured why, but I can't remember right now
1171486652 M * Bertl b) I had some great idea why that wouldn't be required there, but I was wrong, and it is required :)
1171486683 M * Bertl I think the simplest way to check that is to put a WARN_ON() there instead
1171486720 M * daniel_hozac proc_task_readdir is /proc/pid/task, right?
1171486730 M * Bertl yep
1171486746 M * daniel_hozac i guess, /proc/pid should be inaccessible if it's not in the guest.
1171486772 M * Bertl as I said, we'll replace that with a WARN_ON() and bash on proc
1171486783 M * Bertl it's probably the easiest way to figure
1171486788 J * fb fback@red.fback.net
1171486795 M * Bertl welcome fb!
1171486816 M * fb hello
1171486872 M * fb i've upgraded to vs2.2 from vs2.0 and now I cannot access raw mapper partitions.
1171486894 M * fb can anybody point me to a right caps?
1171486895 M * daniel_hozac is the device mapper tagging enabled by default?
1171486902 M * Bertl yes
1171486912 M * daniel_hozac (is it even disablable?)
1171486932 M * Bertl nope, but we want to allow host mappings in guests too
1171486938 M * Bertl (i.e. that is/was a bug)
1171486974 M * Bertl fb: you can work around that by creating the mapping inside the guest for now
1171486983 M * Bertl fb: more precisely, with the proper context id
1171486986 M * fb that's what I do
1171487000 M * Bertl hmm?
1171487034 M * fb can I paste something to the channel?
1171487046 M * fb or i'm supposed to use dpaste.com?
1171487047 M * daniel_hozac use paste.linux-vserver.org if it's longer than 3 lines.
1171487048 M * Bertl use paste.linux-vserver.org
1171487108 M * fb http://paste.linux-vserver.org/1162
1171487119 M * fb basically. that was enough with 2.0
1171487119 Q * kir_home Read error: Connection reset by peer
1171487164 J * kir_home ~kir@72-255-78-114.client.stsn.net
1171487173 M * fb and with 2.2: 
1171487173 M * fb newsfeed:/# head /dev/mapper/vg02-lvol5 
1171487173 M * fb head: cannot open `/dev/mapper/vg02-lvol5' for reading: Permission denied
1171487210 M * daniel_hozac you need to do the actual creation of /dev/mapper/* inside the context.
1171487234 M * fb I've added SYS_RAWIO to bcapabilities
1171487249 M * fb and ADMIN_MAPPER to ccapabilities
1171487253 M * Bertl yes, and you do _not_ need to put device nodes inside the guest
1171487268 M * Bertl (unless you want the guest to do the actual mounting or whatever)
1171487286 M * fb i need the gues to access them in a rew way
1171487297 M * fb (they're used for cycbuffs)
1171487306 M * Bertl fb: okay, basically you ahve two options, you can simply change a line in the kernel
1171487333 M * Bertl or you can remove the mappings from the host, and redo them inside the guest contexts
1171487390 M * fb Bertl: can you point me to a docs, how to remap them inside guest context?
1171487406 M * Bertl I can explain it, you know how devmapper works?
1171487444 M * Bertl if you do 'dmsetup table' you get a list off all mappings currently active
1171487450 M * fb not much, i'm afraid
1171487500 M * Bertl now, what you basically want to do is (for the guest mappings)
1171487513 M * Bertl dmsetup remove <device>
1171487553 M * Bertl echo "...." | chcontext --xid <guest-xid> -- dmsetup create <device>
1171487561 M * fb hm, so i need to install dmtools, or how is its name inside the guest, right?
1171487565 M * Bertl where "...." is the line from the dmsetup table
1171487583 M * Bertl no, all that happens on the host
1171487585 M * fb ok
1171487594 M * fb so i need to install it on host :)
1171487602 M * Bertl you should better have it :)
1171487609 M * daniel_hozac how on earth did you create the mappings if you don't have it already?
1171487644 M * fb i think kernel does it somehow, maybe with udev?
1171487664 M * fb all i know, they're dynamically done during a boot
1171487675 M * Bertl udev might be the trigger, but the tools must be somewhere
1171487700 M * Bertl daniel_hozac: okay, the xfs will remain until I get to that
1171487719 M * fb but which tools?
1171487731 M * Bertl try 'locate dmsetup'
1171487745 M * fb dmsetup seems to be separate package under debian
1171487751 M * fb debian etch
1171487775 A * Bertl is not saying anything now ...
1171487795 M * fb i may be a little chaotic now, sorry
1171487812 M * Bertl daniel_hozac: the ipc stuff is covered by the sysctl now, no?
1171487819 M * fb i shouldn't have touched this machine with this stupid cold :/
1171487837 M * Bertl fb: well, make sure that it doesn't get infected :)
1171487846 M * daniel_hozac i think so. i haven't checked it inside the guests.
1171487866 M * Bertl okay, won't hurt if we keep that limits around a little longer
1171487895 M * Bertl the fork part is more a TODO, and will not change for now
1171487919 M * fb Bertl: i've created partitions with {pd,vg,lv}create
1171487939 M * fb and i only installed lvm2 for these to work
1171487942 M * Bertl which should use the same devmapper interfaces
1171487962 M * Bertl maybe debian decided to put the dmsetup in a separate package
1171487963 M * fb i never saw a mention about dmsetup
1171487967 M * Bertl if so, install that too
1171488029 M * fb ok, now the table consists of lines like vg02-lvol5: 0 4194304 linear 104:16 46137728
1171488064 M * Bertl so, for example
1171488077 M * fb so, basically i need the script to pick the lines with proper lvols, remove them from the mappings inside host, and create them inside right context?
1171488085 M * Bertl echo "0 4194304 linear 104:16 46137728" | chcontext --xid <guest-xid> -- dmsetup create vg02-lvol5 
1171488094 M * Bertl is what you want to do (after removing it)
1171488137 M * Bertl alternatively, if you want to fix this, you can change a line in the kernel, and recompile
1171488144 M * fb and i need to start this context before, right?
1171488150 M * Bertl nope
1171488164 Q * gerrit Ping timeout: 480 seconds
1171488207 M * fb i think some tools here depends on dynamic xids
1171488214 M * fb i needed to turn them on
1171488221 M * Bertl you should avoid dynamic xids
1171488242 M * Bertl i.e. they are gone in future kernels, fix your userspace configs
1171488253 M * daniel_hozac (and/or upgrade your utils)
1171488343 M * fb 0.30.212-1
1171488360 M * fb isn't it the latest version?
1171488635 J * Aiken ~james@ppp109-15.lns2.bne4.internode.on.net
1171488839 M * fb dm_task_set_name: Device /dev/mapper/vg02-lvol5 not found
1171489075 M * fb ok, mayba i should start with dropping use of dynamic xids, can you point me to a quick howto?
1171489083 J * gerrit ~gerrit@mobile-166-214-166-031.mycingular.net
1171489380 M * Bertl fb: well, just specify a context id in your config
1171489392 M * fb ok, already found it in faq
1171489395 M * Bertl fb: or on guest creation next time you build one
1171489397 Q * kir_home Remote host closed the connection
1171489404 M * Bertl morning Aiken!
1171489495 M * Bertl daniel_hozac: the FIXME: nsproxy should be done by now, no?
1171489573 M * daniel_hozac hmm?
1171489596 M * Bertl i.e. a context has a default namespace by now
1171489639 M * daniel_hozac it does?
1171489651 M * Aiken hi Bertl
1171489796 M * Bertl daniel_hozac: hmm, right the VX_INFO_NAMESPACE is not handled yet
1171489860 M * Bertl but it should be quite simply to switch to the
1171489878 M * Bertl vx_set_space() with the mnt_ns flag set, no?
1171489894 M * fb ok, static xids work without more hassle
1171489916 M * Bertl that's why we dropped dynamic contexts a few years? ago :)
1171489931 M * daniel_hozac yeah, that should be fine.
1171489948 M * fb now to get the mapper to work 
1171490044 M * matti Bertl: :)
1171490057 M * Bertl daniel_hozac: so that should do the trick, no?
1171490058 M * Bertl                 if (vc_data.flags & VX_INFO_NAMESPACE)
1171490058 M * Bertl                         vx_set_space(new_vxi, CLONE_NEWNS|CLONE_FS);
1171490080 M * Bertl s/);/));
1171490095 M * Bertl no, original was correct :)
1171490098 M * daniel_hozac hehe.
1171490101 M * daniel_hozac yeah, looks fine to me.
1171490152 M * fb Bertl: and how to make entries to appear in /dev/mapper inside guest?
1171490153 M * Bertl okay, the udp.c can be removed after the fix
1171490225 M * Bertl fb: you can basically copy them from the host
1171490246 M * Bertl (or create them with mknod)
1171490297 M * Bertl daniel_hozac: the rpc FIXME, I do not remember right now
1171490335 M * fb Bertl: and if I create them with mknod, should i change the context?
1171490348 M * Bertl no, not relevant
1171490358 M * daniel_hozac it looks to me like the code that's there is handling it, am i missing something?
1171490375 M * Bertl okay, guess we simply remove it then, yes?
1171490429 M * Bertl ah, RPC_CLNT_CREATE_TAGGED does not exist (yet) :)
1171490440 M * daniel_hozac ah, hehehe.
1171490442 M * daniel_hozac that explains it.
1171490446 M * Bertl so that is more a TODO than a fixme
1171490450 M * daniel_hozac indeed.
1171490468 M * Bertl hey, vim knows TODO: too :)
1171490474 M * Bertl I'll change that then :)
1171490502 M * fb Bertl: i think it works now, thank you very much :)
1171490527 M * Bertl you're welcome! and it will be simpler in upcoming kernel versions I think
1171490811 Q * Aiken Quit: Leaving
1171491239 Q * gerrit Ping timeout: 480 seconds
1171491377 M * Bertl daniel_hozac: the tools now handle nx flags too, yes?
1171491412 M * daniel_hozac yep.
1171491425 M * Bertl is that also valid for chbind?
1171491434 M * daniel_hozac yes.
1171491446 M * Bertl so I could do a chbind with NX_HIDE_NETIF or so ...
1171491477 M * daniel_hozac --secure should add that automatically.
1171491481 M * Bertl then we should switch to that asap, I guess
1171491495 M * Bertl my idea for 2.2.x is to check for both flags for now
1171491508 M * Bertl i.e. the context and the network one (when legacy enabled)
1171491516 M * Bertl and only for the network one when disabled
1171491521 M * Bertl does that make sense?
1171491578 J * Aiken ~james@ppp109-15.lns2.bne4.internode.on.net
1171491583 M * daniel_hozac i suppose... i don't think --secure is used by default yet though.
1171491621 M * Bertl that won't hurt, would it?
1171491646 M * Bertl or does that mean that interfaces would become visible on upt-to-date guests?
1171491648 M * daniel_hozac ah, it is.
1171491672 M * Bertl okay, so that should be fine then, no?
1171491680 M * daniel_hozac if we go the network flags route, they really ought to be added to proc again.
1171491689 M * daniel_hozac yeah, i'd say so.
1171491715 M * Bertl do't we have the network flags in proc already?
1171491732 M * daniel_hozac not in my version of rc12, at least.
1171491757 M * Bertl ninfo/ virtnet/info doesn't contain them?
1171491773 M * Bertl (if so, that is a bug then :)
1171491803 M * daniel_hozac i know we added them at some point, but it must've been lost in one of the rebases.
1171491815 M * daniel_hozac (or it was added to just 2.1 or similar)
1171491842 M * Bertl could be, I'll check and add them if they aren't there
1171491867 M * shedi I have a guest getting a bit of a load on a apache2 server, returning "vlogin: fork(): Try again" when running the command "vserver blah enter" what does it mean
1171491880 M * shedi should I be concerned?
1171491898 M * Bertl probably means that you are hitting some kind of limit
1171491909 M * Bertl but Try again sounds like EINTR
1171491927 M * shedi I have a limti, but the guest isn't near it
1171491928 M * Bertl *EAGAIN I mean
1171491943 M * daniel_hozac none of them?
1171491967 M * daniel_hozac fork will excercise rss, as, nproc, and probably some others i'm forgetting.
1171491981 M * Bertl nproc soft, hard and rlimit :)
1171491984 M * daniel_hozac and of course, if you're running low on resources, that could probably cause it too.
1171492003 M * Bertl but out of kernel memory will give ENOMEM
1171492014 M * shedi I have to recalculate the limits I'm setting among the servers
1171492025 M * Bertl just check with proc
1171492027 M * shedi I have but one limit rss
1171492034 M * Bertl you should see if that got hit
1171492034 M * shedi yes
1171492137 M * shedi it could be that I have set rss hard limit that exceeds the machine's capabilities?
1171492157 M * shedi is that a possible reason for the failure
1171492227 M * Bertl you mean, the limit is higher than what you have on that box?
1171492343 M * shedi I topped my limit on a nproc limit I didn't recall setting
1171492351 M * shedi that was the reason
1171492361 M * shedi thanks for the help
1171492372 M * Bertl you're welcome!
1171492445 P * stefani I'm Parting (the water)
1171493219 Q * dlezcano Ping timeout: 480 seconds
1171493871 M * Bertl daniel_hozac: okay, please check the 4 new deltas ...
1171493937 M * daniel_hozac no VS_WATCH_P in lo_open?
1171493955 M * Bertl would we need that for anything?
1171493960 M * daniel_hozac nah, i guess not.
1171493994 M * daniel_hozac they look fine to me.
1171494175 M * Bertl okay, I also added this one
1171494176 M * Bertl http://vserver.13thfloor.at/Experimental/delta-proc-warn01.diff
1171494210 M * Bertl I guess we keep that in the rc, but remove it on release, no?
1171494218 M * daniel_hozac yeah, sounds good.
1171494544 M * Bertl okay, do we consider the 2.6.20 version rc too?
1171494559 M * daniel_hozac unfortunately, i haven't had a chance to test it yet.
1171494572 M * Bertl okay, then we keep that pre for now
1171494873 Q * infowolfe Read error: Connection reset by peer
1171495055 M * Bertl I'm going to submit both versions to PLM again
1171495118 M * daniel_hozac sounds like a plan. were there any issues last time, other than the allnoconfig?
1171495131 M * Bertl no, at least I didn't see any
1171495149 M * Bertl might be worth looking into the sparse stuff though (which I didn't do yet)
1171495307 M * daniel_hozac do we care about symbol 'xxx' was not declared. Should it be static? warnings?
1171495322 M * daniel_hozac looks like there are some missing __user's in sysctl.c
1171495367 M * Bertl we could address the 'static' stuff by making them static
1171495382 M * Bertl i.e. would probably shake out inproper uses at link time
1171495401 M * daniel_hozac yeah, but i think a few of these are supposed to be external.
1171495429 M * daniel_hozac vs_reboot, e.g.
1171495430 M * Bertl btw, http://vserver.13thfloor.at/Experimental/delta-config-clean03.diff
1171495455 M * daniel_hozac i guess we'll need to look in to them and decide on a case-by-case basis.
1171495465 M * Bertl yeah, probably the best
1171495479 M * daniel_hozac capital B in the second sentence
1171495488 M * Bertl ah, tx
1171495655 Q * ensc Ping timeout: 480 seconds
1171495817 N * DoberMann DoberMann[ZZZzzz]
1171496686 T * Bertl http://linux-vserver.org/ | latest stable 2.0.2.1, 2.0.3-rc1, 2.2.0-rc13/pre4, devel 2.1.1.7.1, 2.3.0.9, stable+grsec 2.0.2.1, 2.2.0-rc12 | util-vserver-0.30.212 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the Wiki, and we'll forget about the minute ;)
1171497132 Q * FireEgl Quit: ...