1172016398 N * Bertl_oO Bertl 1172016410 M * Bertl mjt: no, actually you can have a persistant context too 1172016455 M * Bertl which doesn't require that you have a process in the context 1172016477 M * mjt that was more like a joke really 1172016484 M * Bertl but yes, the default is to get rid of the context as soon as the last process exits 1172016520 M * Bertl well, as you can see, there is support for that :) 1172016564 M * CHTEKK yup, and it's even used, for example in VCD 1172016640 M * CHTEKK Bertl, btw if you get that fix for scheduling with force enabled done in the next hours, you can just tell me and I'll test it, else just ping me or hollow tomorrow :) 1172016712 M * Bertl okay, will have dinner before that, quite hungry, but I can make it my first patch after dinner :) 1172016753 M * CHTEKK sure no rush, go eat, eating is so much more important, of that I assure you ;) 1172017206 M * Bertl okay, off for now ... back later ... 1172017211 N * Bertl Bertl_oO 1172018066 Q * gerrit Read error: Operation timed out 1172018985 Q * mjt Server closed connection 1172019287 J * mjt ~mjt@nat.corpit.ru 1172019533 Q * Hunger Server closed connection 1172019924 Q * FireEgl Quit: ... 1172020318 Q * Aiken Quit: Leaving 1172020329 Q * chand Quit: chand 1172020719 J * Hunger Hunger.hu@Hunger.hu 1172021003 J * Aiken ~james@ppp126-23.lns2.bne4.internode.on.net 1172021470 M * CHTEKK gn8 all 1172025130 M * quiksilv hi all, anyone built a redhat guest from scratch ? i.e without apt-rpm 1172026388 N * Bertl_oO Bertl 1172026410 M * Bertl back now ... was a little longer than expected 1172026544 M * Bertl quiksilv: from scratch as in compiling the rpms yourself? 1172027248 J * FireEgl Proteus@68.220.222.136 1172027278 J * gerrit ~gerrit@c-67-160-146-170.hsd1.or.comcast.net 1172027352 M * Bertl duke 1172027364 M * Bertl *oops* sorry ... 1172028399 M * quiksilv hmm from just plain rpms 1172028414 M * quiksilv i have a base list of rpms that come in the distro 1172028417 M * Bertl ah, there is a build method for that 1172028448 M * quiksilv for the time-being i copied my host system into a vserver... but its a pain getting /proc working as well as init scripts 1172028471 M * Bertl hmm, proc doesn't need any special handling? 1172028487 M * Bertl and what's the problem with init scripts? 1172028541 M * Bertl vserver - build --help says: 1172028543 M * Bertl rpm ... -- [-d ] --empty|([--force] [--nodeps] )+ 1172028546 M * Bertl ... installs lists of rpm-packages 1172028752 M * quiksilv is the manifest just a list of rpm filenames? 1172028767 M * Bertl yep 1172028793 M * quiksilv including full path to the rpm ? 1172028837 M * quiksilv btw, in the system i have running atm, proc is mounted but "ps" gives an error saying proc isnt mounted 1172028893 M * Bertl did you run the vprocunhide runlevel script on the host yet? 1172028930 M * Bertl regarding the rpm, you probably have to check the build script for details (i.e. haven't tried that install method yet) 1172028940 M * quiksilv yea i think i did but ill read that part again 1172028976 M * quiksilv hmm yea rpm installs are confusing me... and there is no apt-rpm repository for redhat enterprise unfortunately 1172029007 M * Bertl IIRC, you can make apt/yum repositories from a directory containing some rpms ... 1172029191 M * quiksilv hmm thats also an idea...cheers 1172029335 M * quiksilv vprocunhide wasnt started...thanks 1172029354 M * Bertl you're welcome! 1172030281 Q * Aiken Quit: Leaving 1172032698 M * daniel_hozac quiksilv: -b /path/to/directory -d centos4 manifest should do it, IIRC. 1172032772 M * Bertl good morning? daniel_hozac 1172032791 M * daniel_hozac morning Bertl! 1172032901 M * quiksilv thanks daniel, but im just using my host redhat system as a guest image 1172033206 M * quiksilv doing quite well... its amazing you can just make some hard-links and away you go really 1172033233 M * daniel_hozac you have your guests on the root filesystem? 1172033366 M * quiksilv yea (i havent actually hard-linked in this instance but obviously you could right) 1172033384 M * daniel_hozac that's a bad idea if you ever want to use e.g. disk limits. 1172033400 M * daniel_hozac you ought to use a separate filesystem for /vservers. 1172033417 M * Bertl at least it is suggested :) 1172033454 M * quiksilv yea thats a good idea actually... it should be ok for the time-being 1172033743 Q * gerrit charon.oftc.net scorpio.oftc.net 1172033743 Q * FireEgl charon.oftc.net scorpio.oftc.net 1172033743 Q * shedi charon.oftc.net scorpio.oftc.net 1172033743 Q * brcc charon.oftc.net scorpio.oftc.net 1172033743 Q * Hollow charon.oftc.net scorpio.oftc.net 1172033743 Q * eyck charon.oftc.net scorpio.oftc.net 1172033945 J * gerrit ~gerrit@c-67-160-146-170.hsd1.or.comcast.net 1172033945 J * FireEgl Proteus@68.220.222.136 1172033945 J * shedi ~siggi@ftth-237-144.hive.is 1172033945 J * brcc bruce@i.am.someasshole.com 1172033945 J * Hollow ~hollow@styx.xnull.de 1172033945 J * eyck eyck@kuszelas.com 1172034746 M * Bertl daniel_hozac: how does this look for you? http://vserver.13thfloor.at/Experimental/delta-sched-fix03.diff 1172034837 M * daniel_hozac looks good. 1172034908 M * Bertl okay, so we will see how it goes for CHTEKK and Hollow then ... 1172034920 M * Bertl if it works as expected, we'll add it to 2.2.0 1172034946 M * daniel_hozac makes sense. 1172034956 M * daniel_hozac do we have any other open issues? 1172035050 M * daniel_hozac (i have to run, will be back in an hour and a half or so...) 1172035248 M * Bertl not that I know of ... 1172035260 M * Bertl will be off to bed then I guess, so cya! 1172035650 J * DoberMann_ ~james@AToulouse-156-1-34-86.w81-49.abo.wanadoo.fr 1172035758 Q * DoberMann[ZZZzzz] Ping timeout: 480 seconds 1172035764 M * quiksilv Any reason why when i SSH into my guest it goes to the host instead ? 1172035796 M * Bertl yes, because your host's sshd is not restricted 1172035812 M * Bertl so what happened is that the guest sshd could not bind to the guest ips 1172035822 M * quiksilv ah change sshd.conf 1172035830 M * quiksilv thanks 1172035831 M * Bertl just use the Listen directive on the host 1172035833 M * Bertl np 1172035990 N * DoberMann_ DoberMann 1172036089 M * quiksilv just a question, without that directive sshd will bind to all interfaces right ? 1172036137 J * meandtheshel1 ~markus@85-124-175-88.dynamic.xdsl-line.inode.at 1172036141 M * quiksilv so can the host see the guests interface as well ? (obviously not through ifconfig) 1172036159 M * Bertl yeah, it can 1172036180 M * Bertl the ifconfig is just too old, so it has bad sight :) 1172036191 M * Bertl this isn't Linux-VServer specific 1172036201 M * Bertl use ip from iproute2 to see the whole truth 1172036246 M * quiksilv right, so the guests interface is really just a virtual if to the host 1172036264 M * Bertl actually, there is no guest interface :) 1172036274 M * Bertl i.e. the interfaces and ips are all on the host 1172036286 M * Bertl the guest has just a subset of IPs it can bind to 1172036335 M * Bertl that's called IP isolation, and it is quite faster than a virtual network or interface 1172036353 J * DreamerC_ ~dreamerc@125-225-98-182.dynamic.hinet.net 1172036487 M * quiksilv how does it bind to it... using routines in the vserver kernel ? 1172036505 M * Bertl nope, that is again pure Linux stuff 1172036519 M * Bertl sockets are usually bound to an IP or IP_ADDR_ANY 1172036532 M * Bertl the latter is restricted on a guest to certain IP subset 1172036550 M * Bertl this allows for several sockets binding to IP_ADDR_ANY to coexist 1172036573 M * Bertl as routing and iptables are on the host, all caching happens naturally 1172036593 M * Bertl okay, I'm quite tired ... so I'm off to bed now ... have fun! 1172036601 N * Bertl Bertl_zZ 1172036611 M * quiksilv cool, gnite - thanks for the great info agaain! 1172036761 Q * DreamerC Ping timeout: 480 seconds 1172039834 J * Vudu ~vudumen@217.20.138.14 1172039836 J * FaUl_ immo@shell.chaostreff-dortmund.de 1172039856 J * neuralis_ ~krstic@solarsail.hcs.HARVARD.EDU 1172039865 J * Greek0_ ~greek0@85.255.145.201 1172039870 J * HobGoblin ~jaaa@sr-fw1.router.uk.clara.net 1172039883 Q * tamitall synthon.oftc.net xenon.oftc.net 1172039883 Q * derjohn synthon.oftc.net xenon.oftc.net 1172039883 Q * Greek0 synthon.oftc.net xenon.oftc.net 1172039883 Q * mountie synthon.oftc.net xenon.oftc.net 1172039883 Q * Vudumen synthon.oftc.net xenon.oftc.net 1172039883 Q * neuralis synthon.oftc.net xenon.oftc.net 1172039883 Q * UukGoblin synthon.oftc.net xenon.oftc.net 1172039883 Q * Roey synthon.oftc.net xenon.oftc.net 1172039883 Q * FaUl synthon.oftc.net xenon.oftc.net 1172039883 J * tamitall_ ~tam@gw.nettam.com 1172040553 J * Roey ~katz@h-69-3-4-130.mclnva23.covad.net 1172040559 J * mountie ~mountie@CPE0080c6fe323f-CM000a739acaa4.cpe.net.cable.rogers.com 1172040592 J * derjohn ~derjohn@80.69.41.2 1172041850 Q * gab Remote host closed the connection 1172042691 J * DoberMann_ ~james@AToulouse-156-1-110-106.w90-30.abo.wanadoo.fr 1172042745 N * DoberMann_ DoberMann[PullA] 1172042798 Q * DoberMann Ping timeout: 480 seconds 1172043002 J * gab ~gab@158.36.45.236 1172043060 Q * DreamerC_ Quit: leaving 1172043098 J * DreamerC ~dreamerc@125-225-98-182.dynamic.hinet.net 1172045356 J * DavidS ~david@chello062178045213.16.11.tuwien.teleweb.at 1172046581 N * DoberMann[PullA] DoberMann 1172047059 Q * transacid Remote host closed the connection 1172047081 J * transacid ~transacid@transacid.de 1172047400 J * dna ~naucki@112-239-dsl.kielnet.net 1172049251 Q * dev-zero Remote host closed the connection 1172049490 J * tzafrir ~tzafrir@62.90.10.53 1172049994 M * tzafrir is the mknod operation not permitted to a vserver guest? 1172050025 M * daniel_hozac no. 1172050027 M * derjohn tzafrir, nope, unless you allow it 1172050047 M * daniel_hozac with the device mapping feature, you can let guests mknod just specific devices. 1172050057 M * derjohn tzafrir, look out "capabilities" in the wiki or mknod on the host 1172050064 M * derjohn device_mapping? new ????? 1172050094 M * daniel_hozac we added it late in 2.1, yeah. 1172050110 M * tzafrir well, I get an error message when installing a certain debian package, from running mknod. I wonder what to write on the bug report. 1172050121 M * daniel_hozac tzafrir: which package? 1172050126 M * tzafrir It doesn't really need to run there mknod anyway 1172050131 M * tzafrir zaptel 1172051317 M * matti :) 1172051319 M * matti daniel_hozac: :) 1172051323 M * daniel_hozac hello matti 1172051331 M * matti How are you? 1172051348 M * daniel_hozac fine. how are you today? 1172051360 M * matti Not bad. 1172051387 M * matti It is a very #include and warm day :) 1172051390 M * matti ops 1172051398 M * matti ;p 1172051413 M * matti And I just flooded my desk with coffee :) 1172051423 M * matti ... again ;p 1172051436 M * matti Lalal :) 1172051477 M * daniel_hozac lol 1172051495 M * matti ;p 1172052040 J * duckx ~Duck@tox.dyndns.org 1172052316 Q * glut Server closed connection 1172052330 J * glut glut@no.suid.pl 1172052361 J * Beuc_ ~yo@LAubervilliers-151-11-71-202.w193-251.abo.wanadoo.fr 1172052732 Q * morfoh Server closed connection 1172052744 J * morfoh ~morfoh@kilo105.server4you.de 1172052773 M * Beuc_ Hi, I'd like to umount an entry from fstab.remote (a bind mount) without shutting down the vserver. Is that possible? 1172053129 M * daniel_hozac Beuc_: vnamespace -e umount /vservers/... 1172053325 M * Beuc_ I try "vnamespace -e 49156 umount /vservers/network/mnt/backup/" but I get "umount: /vservers/network/mnt/backup/: not mounted". Hmm.. 1172053358 M * daniel_hozac probably just umount trying to be clever. 1172053363 M * daniel_hozac try adding -f. 1172053375 M * Beuc_ "vnamespace ... umount /mnt/backup" worked once, but did nothing 1172053426 M * Beuc_ -f gives: "umount2: Invalid argument" plus the "not mounted" error 1172053463 M * daniel_hozac vnamespace -e cat /proc/mounts _does_ list the mount, right? 1172053514 M * Beuc_ Yes. I see there's a symlink in the path, I'll try w/o. 1172053516 M * daniel_hozac and you really should stop using dynamic contexts. 1172053538 M * Beuc_ Ah, it worked 1172053576 Q * shedi Quit: Leaving 1172053596 M * Beuc_ daniel_hozac: That's a backports.org install, I didn't changed dyn. contexts there yet :) 1172053612 M * Beuc_ Thanks. So problem was essentially: use of symlinks. 1172053623 M * ard Hmmm.... So, there is context id, network id, and there is namespace? 1172053652 M * daniel_hozac what? 1172053657 A * ard never feels comfortable unless he understands it down to the bottom ... 1172053688 M * ard daniel_hozac : I was just snooping what you said, and tried to vnamespace -e something /bin/bash 1172053727 M * ard then I found out that XID is still 0, so namespace is another eh... seperation of some kind? 1172053744 M * daniel_hozac yes. 1172053752 M * ard ah :-) 1172053758 M * daniel_hozac the namespaces are a part of the context. 1172053778 M * daniel_hozac (vnamespace only enters the filesystem one) 1172053818 M * ard heh... I still find the context word dazzling :-). 1172053833 M * ard From a process view I am part of 3 context (with respect to vserver) 1172053840 M * daniel_hozac ? 1172053890 M * ard daniel_hozac : hmmm, never mind me too much... I've just drunk one caffee, and still am sleepy... 1172053914 M * daniel_hozac i don't understand what the third context would be. 1172053946 M * ard ah, I thought process-context, network context, and namespace as third 1172053962 M * daniel_hozac namespaces are mainline. 1172053975 M * daniel_hozac in vserver, they are a part of the process context. 1172054016 M * daniel_hozac i mean, the guest's namespaces are stored in the process context. 1172054019 M * ard Hmmm... But if I do vnamespace -e c32791-vs1 /bin/bash, would that not change my process-context? 1172054026 M * daniel_hozac no. 1172054028 M * ard ah.. 1172054046 M * daniel_hozac that just changes the task's filesystem namespace/fs_struct to that of the guest. 1172054087 A * ard is grinding... :-) 1172054138 M * ard Hmmm, I will take a look at vnamespace.c after the lunchbreak... 1172054175 M * ard (I don't want to bother you to much with things I could have read in the source :-) ) 1172054370 Q * Beuc_ Quit: cya 1172054681 Q * DavidS Quit: Leaving. 1172055516 Q * ntrs_ Server closed connection 1172055529 J * ntrs_ ~ntrs@68-188-55-120.dhcp.stls.mo.charter.com 1172055999 M * matti Is there anybody from UK here? 1172056003 M * matti Working as a sys-admin? 1172056138 Q * kir Server closed connection 1172056157 J * kir ~kir@swsoft-mipt-nat.sw.ru 1172056185 Q * almak Server closed connection 1172056187 J * almak ~almak@willers.employees.org 1172056542 Q * daniel_hozac Server closed connection 1172056554 J * daniel_hozac ~daniel@c-091472d5.010-230-73746f22.cust.bredbandsbolaget.se 1172057072 T * * http://linux-vserver.org/ | latest stable 2.0.2.1, 2.0.3-rc1, 2.2.0-rc13.1/pre4, devel 2.3.0.10, stable+grsec 2.0.2.1, 2.2.0-rc13.1 | util-vserver-0.30.212 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the Wiki, and we'll forget about the minute ;) 1172057072 T * Bertl - 1172057715 Q * virtuoso Server closed connection 1172057752 J * virtuoso ~s0t0na@80.253.205.251 1172058022 J * electrolinux ~electroli@LPuteaux-151-41-2-6.w217-128.abo.wanadoo.fr 1172059471 P * electrolinux Quitte 1172062545 M * mjt hmm. Is there a way to pass an argument to guest vserver? The idea is to be able to have common image but pass `task' (what to do) as an argument. 1172062593 M * mjt i used to use /proc/cmdline for that, but it doesn't work. Alternative is to mount a tmpfs and put a file in there... but it's ugly. 1172062836 Q * vasko Ping timeout: 480 seconds 1172062889 Q * Johnnie Server closed connection 1172062908 J * Johnnie ~jdlewis@jdlewis.org 1172062933 M * cehteh mjt: vserver foobar exec command... 1172062943 M * cehteh (or suexec) 1172063124 M * mjt i mean, at vserver foobar start time 1172063149 M * mjt like, to choose which process(es) to run at startup 1172063200 Q * mcp Server closed connection 1172063218 J * mcp ~hightower@wolk-project.de 1172063234 J * vasko ~vasko@unreal.rainside.sk 1172063234 A * vasko is gone. Gone since Wed Sep 20 15:44:00 2006 1172063290 J * borgfish ~bla@141.12.67.98 1172063293 M * borgfish hello 1172063337 M * mjt maybe like just passing an argument to /etc/init.d/rc - something specific, not the default `3' 1172063346 M * mjt hi borgfish 1172063554 Q * gerrit Read error: Operation timed out 1172063571 M * mjt also, is there a way to make the guest root filesystem read-only, but keep it rw on host? 1172063623 M * mjt (i can remount it ro on host) 1172063627 M * Loki|muh i think a bind mount would do that 1172063640 M * mjt bind-mount cant change rw/ro attributes 1172063649 M * mjt at least not yet 1172063676 M * mjt (some patches to address that has been posted to LKML, but man, they're HUGE) 1172063703 M * Loki|muh ops 1172063727 M * daniel_hozac mjt: sure they can. 1172063730 M * mjt currently bind-mount works pretty much like a symlink 1172063739 M * daniel_hozac BME have been part of Linux-VServer patches since 2.0.2. 1172063756 M * mjt bme?\ 1172063762 M * daniel_hozac bind mount extensions. 1172063773 M * daniel_hozac adding support for ro etc. to bind mounts. 1172063783 M * mjt ahha. 1172063797 M * mjt aha! 1172063802 M * daniel_hozac as for passing arguments, see apps/init/cmd.start on the flower page. 1172063811 M * mjt so my first question becomes more important.. 1172063814 M * mjt aha!! ;) 1172063851 M * mjt i've seen it mentioned in `bash -x' output of vserver start. Silly me. 1172063901 J * DavidS ~david@pnsgw1-client008.demo.tuwien.ac.at 1172063940 M * mjt i wonder why all this stuff is so damn complex. The scripts, that is. Why all those defaults, various places for configuration etc, instead of having 2 or 3 scripts like that init/cmd.start in each vserver dir? 1172063963 J * ph1l0r ~phil@pD95049BE.dip0.t-ipconnect.de 1172063965 M * ph1l0r hi there 1172063979 M * ph1l0r i kinda have the impression my setup is kinda wrong 1172063985 M * daniel_hozac because having stuff Just Work(tm) is preferred by the larger userbase? 1172063994 M * daniel_hozac ph1l0r: why's that? 1172064005 M * ph1l0r when i type ifconfig in a guest i see two interfaces 1172064012 M * ph1l0r one eth0, one eth0:2 both with the same ip 1172064016 M * ph1l0r once with the correct subnet mask 1172064021 M * ph1l0r and once with a "wrong" one 1172064024 M * daniel_hozac mjt: and what do you mean by various places for configuration? it's at most a two-level configuration. 1172064042 M * mjt ie, instead of /etc/vservers/$foo/ulimits and ../$foo/interfaces/*, have a script /etc/vservers/$foo/run that has the whole command-line with all the parameters? 1172064047 M * daniel_hozac ph1l0r: any particular reason you're using aliases? 1172064057 M * ph1l0r my server has four ip's? 1172064068 M * daniel_hozac aliases have not been required for multiple IP addresses for years. 1172064071 M * mjt daniel_hozac: it's looking for legacy, old and current config styles ;) 1172064074 M * daniel_hozac use ip addr. 1172064083 M * ph1l0r my server has only one network card 1172064094 M * daniel_hozac mjt: that's the most user unfriendly configuration i've ever heard of... 1172064098 M * mjt daniel_hozac: most distros don't support "aliassless" IPs 1172064107 M * daniel_hozac mjt: and there's a _lot_ of pre/post-start stuff. 1172064112 M * ph1l0r debian etch if that makes a difference 1172064128 M * daniel_hozac ph1l0r: are you assigning the addresses through util-vserver? 1172064145 M * daniel_hozac if so, just removing /etc/vservers//interfaces/*/name should do the trick. 1172064153 M * daniel_hozac mjt: what's "old" config? 1172064161 M * ph1l0r mh. when i created the vserver is gave it an ip 1172064178 M * daniel_hozac i only know of legacy and new-style, and legacy is really only there to give people time to migrate. 1172064178 M * ph1l0r my other vserver is ok and only has one network interface 1172064202 M * daniel_hozac ph1l0r: which one is that? 1172064236 M * daniel_hozac ph1l0r: if you could paste the output of ip a on the host and ifconfig in the guests to paste.linux-vserver.org, i guess figuring out what might be "wrong" would be a lot easier. 1172064251 M * daniel_hozac mjt: doesn't really matter, as util-vserver does. 1172064337 M * daniel_hozac (usually you don't want to give the host a bunch of addresses, but the guests) 1172064378 M * ph1l0r http://paste.linux-vserver.org/1190 1172064399 M * ph1l0r i read that the host is doing the network business for vservers 1172064404 Q * lylix Remote host closed the connection 1172064426 M * ph1l0r and thought that i can only use ip's in guests the host "controls" 1172064427 M * daniel_hozac ph1l0r: you notice you have the same addresses assigned with different netmasks, right? 1172064433 M * ph1l0r jepp 1172064451 M * mjt daniel_hozac: can't find it (that "old style" thing) now - i think i've seen it somewhere in `bash -x' output, where it tried to parse NAME=VALUE stuff from a file in /etc/vservers/$foo/namevars, and failing that, tried ../$foo/$NAME file directly. 1172064480 M * ph1l0r the docs advised to use /8 if unsure. 1172064520 M * daniel_hozac ph1l0r: what docs? and really, the netmask is very specific to your setup... apparently you should use a /21. 1172064538 M * ph1l0r some howto/tutorial 1172064579 M * ph1l0r http://linux-vserver.org/Installation_on_Debian 1172064583 M * ph1l0r when in doubt use /8 1172064612 M * daniel_hozac ... that's just plain wrong... 1172064621 M * mjt daniel_hozac: re config style: with configuration-as-commandfile it all is at least understandable (each command has a manpage after all, and it's a simple sequence of command invocations). With current scheme, there are so many "hidden" places... ;) 1172064645 M * daniel_hozac all of the configuration is documented on the flower page. 1172064660 J * gerrit ~gerrit@c-67-160-146-170.hsd1.or.comcast.net 1172064665 M * daniel_hozac at least, it's supposed to be. i went through all of the config stuff to make sure of that not too long ago. 1172064849 M * mjt blah. firefox just crashed on me trying to display that flower page ;) 1172064859 M * ph1l0r fixed it 1172064862 M * daniel_hozac it's nice now. 1172064864 Q * [Guy] Server closed connection 1172064871 M * ph1l0r i had to create a mask file in interfaces/0 etc 1172064873 M * daniel_hozac the previous stylesheet blinked and stuff. 1172064874 J * Guy- bFxIOTMAIz@chardonnay.math.bme.hu 1172064884 M * ph1l0r the 2nd interface is gone now after i restarted the vserver 1172064889 M * daniel_hozac s/stylesheet/default stylesheet/ 1172065072 M * mjt wug. Mounting guest root read-only procudes tons of error messages ;) 1172065082 M * mjt chroot-sh: open("/etc/mtab"): Read-only file system 1172065087 M * mjt etc 1172065130 M * daniel_hozac what do you expect? 1172065168 M * daniel_hozac are any distributions able to run without write access to their filesystem? 1172065183 M * mjt i don't really care about distributions :) 1172065187 M * borgfish funyy ideas 1172065218 M * mjt but i once ran debian on ro root 1172065285 M * borgfish i got bad tcp checksums with my newest vserver i guess it cannot be upto the vserver but the host sys ? 1172065299 M * borgfish think its only elated to my ldap client there 1172065361 M * mjt borgfish: which kernel version? 1172065371 M * borgfish 2.6.17.13 1172065380 M * mjt ahh.. dunno. 1172065399 M * mjt there was a prob with 2.6.19..2.6.19.2 with tcp checksums, fixed in 2.6.19.3 1172065484 M * mjt daniel_hozac: by the way, using ro root is quite easy in fact. In some (very few) cases it wants to write something during startup, but switching it to ro as the last step is mostly ok. 1172065500 M * mjt we do that since years - r/o root and /usr 1172065632 Q * FireEgl Quit: ... 1172065737 M * mjt here, i'm experimenting with minimal "busybox-distro" (just a libc + busybox, all startup scripts etc are written by me) - so only stuff that touches root fs is vserver scripts. 1172065850 M * mjt also, it's quite common to have /etc/mtab to be a symlink to /proc/mounts - even in this case vserver start tries to update mtab. 1172065999 Q * mnemoc Server closed connection 1172066011 J * mnemoc ~amery@kilo105.server4you.de 1172066013 Q * yang Server closed connection 1172066027 J * yang ~yang@cpe-213-157-253-172.dynamic.amis.net 1172066125 Q * nebuchadnezzar Server closed connection 1172066131 J * nebuchadnezzar ~nebu@zion.asgardr.info 1172066251 M * borgfish i wonder why i got those bad checksum stuff with my apache mod_ldap client. tried apache 2 and 2.2 now maybe its upto gentoo or some kernel config ? 1172066265 M * borgfish or maybe its the tcpdump running on the host sys ? 1172066277 M * mjt where to send patches to? ;) 1172066335 M * mjt borgfish: by the way, if you're running tcpdump on the same machine and it reports incorrect checksums for outgoing packets -- try running it on intermediate or receiving host 1172066373 M * mjt when hardware IP checksumming offloading is in effect, tcpdump WILL show incorrect checksums. 1172066449 M * borgfish yes where would i check that ? is the option in my kernel config ? 1172066479 M * mjt check what? IP checksum offloading? 1172066497 M * mjt it's a driver/hardware thing, not an option (it's enabled by default) 1172066505 M * mjt to check, see ethtool 1172066545 M * mjt but it's really simpler in most cases to run tcpdump on another host. 1172066611 M * mjt hmm. 1172066630 M * mjt bash does `test -w' etc wrongly. 1172066641 M * mjt it should use access(2), not stat(2) 1172066671 M * mjt ditto for dash. Oh well. 1172067154 M * daniel_hozac mjt: yes, writing to mtab is unconditional at this point. 1172067170 M * mjt it's conditional really 1172067183 M * mjt but the condition doesn't work because of POSIX stupidity. 1172067199 M * mjt test -w /some/file returns true even if /some is readonly 1172067216 M * mjt ditto with the presence of ACLs and other such things. 1172067240 M * mjt so that test in vserver.functions is useless. 1172067266 M * mjt note that `test -w' will never return false as we're running as root. 1172067375 M * mjt the workaround is to add an option to secure-mount -- similar to -n -- to stop it from complaining only if it ither got EROFS or mtab is a symlink (probably EACCESS as well) 1172067384 M * mjt or even make it the default behaviour 1172067570 J * ema ~ema@lart.galliera.it 1172067587 M * mjt ok. adding a test for -L /etc/mtab fixed some ugliness. 1172067598 M * mjt the only left one is from chroot-sh 1172067672 Q * mEDI_S Server closed connection 1172067734 M * mjt and adding [ -L etc/mtab ] || in front of chroot-sh truncate /etc/mtab fixes the last remaining one. 1172067744 J * mEDI_S ~medi@snipah.com 1172068088 J * lilalinux ~plasma@80.69.41.2 1172068621 M * ph1l0r mh. i better read up on prefix and stuff hehe 1172068640 M * ph1l0r i had all that stuff in a class like 2,5 years ago. amazing how fast one forgets hehe 1172068735 Q * ard Server closed connection 1172068738 J * ard ~ard@82-197-200-127.dsl.cambrium.nl 1172068850 Q * lilalinux Remote host closed the connection 1172069148 Q * quiksilv Server closed connection 1172069166 Q * mjt Remote host closed the connection 1172069274 Q * Hollow Remote host closed the connection 1172069379 N * Bertl_zZ Bertl 1172069428 J * Hollow ~hollow@styx.xnull.de 1172069482 Q * phreak`` Remote host closed the connection 1172069493 J * phreak`` ~phreak``@deimos.barfoo.org 1172069554 Q * Hollow 1172069751 J * Hollow ~hollow@styx.xnull.de 1172069860 Q * Hollow 1172069874 J * Hollow ~hollow@styx.xnull.de 1172069964 M * Bertl morning folks! 1172069974 M * Hollow morning Bertl 1172069979 M * daniel_hozac morning Bertl! 1172069997 M * Hollow some network problems here it seems .. 1172070002 J * mjt ~mjt@nat.corpit.ru 1172070123 M * Bertl Hollow: Linux-VServer related? 1172070155 M * Hollow no 1172070221 M * Bertl okay, then! 1172070230 M * Hollow :) 1172070240 M * Hollow will try the sched fix in a second 1172070245 M * Bertl excellent! 1172070449 Q * gab Quit: Leaving 1172070868 Q * dna Quit: Verlassend 1172070965 M * mjt is it ok to specify root entry in /etc/vservers/$name/fstab ? 1172070991 M * daniel_hozac certainly. 1172071000 M * mjt i'm trying unionfs mount for root, it works when mounted before vserver start, but not when specified in vserver's fstab 1172071027 M * mjt hmm. it explicitly adds a `nodev' it seems 1172071031 M * daniel_hozac yes. 1172071042 M * Bertl for security reasons 1172071056 M * mjt ok, worked after added `dev' 1172071197 M * mjt yay. it all works!.. ;) 1172071275 M * mjt now to add proper limits and tight security checks and i'm done... ;) 1172071486 M * Hollow Bertl: is it intended that the "global bucket" (i.e. the interval,fillrate,min,max values shown beside those for each cpu in /proc/virtual/*/sched/) always shows the last updated cpu? 1172071549 M * Bertl yes, because that is the value used to update 1172071570 M * Bertl basically it works like a store-forward system 1172071599 M * Bertl if you set some values, they get moved to the buffer, and then copied to the cpus 1172071613 M * Bertl if you set a single cpu, that buffer will contain this setting 1172071641 M * Hollow ok, but for SMP this bucket is not used for calculation right? (except on the cpu you set it of course) 1172071662 M * Bertl or the CPUs you set :) 1172071678 M * Bertl and no, it's not used for calculations, neither on UP nor SMP 1172071687 M * Hollow can i set multiple cpus with one syscall? 1172071697 M * Bertl in theory, yes 1172071712 M * Bertl currently the interface allows for 1 and ALL 1172071721 M * Hollow yeah .. 1172071737 M * Bertl but the next revision might pass a cpu mask too 1172071739 M * Hollow ok, works as expected then :) 1172071766 M * Bertl you should also check the following special cases 1172071776 M * Bertl - lazy update on different cpu 1172071803 M * Bertl (i.e. set cpu A, without force, then set cpu B with and w/o force) 1172071827 M * Bertl with and without a cpuhog running on cpuA/B 1172071890 M * Bertl - setting all CPUs to some value (no force), updating a single CPU to a new value (without guest load) 1172071893 M * Hollow ok, the set operation works as expected.. trying cpuhog now.. have to get th threaded version first 1172072071 M * Hollow Bertl: http://paste.linux-vserver.org/1193 1172072168 M * Bertl -1, 1, 3? 1172072194 M * Hollow -1 is used for all cpus in the database 1172072245 M * Hollow how can i see the load on different cpus? 1172072255 M * Hollow top seems rather limited for this purpose 1172072303 M * Bertl I don't think there is per cpu load 1172072316 M * Bertl (at least not exposed to userspace) 1172072395 M * Hollow quite difficult to check if it works correctly then, no? 1172072425 M * daniel_hozac you could keep an eye on the token buckets. 1172072425 M * Bertl hmm? 1172072447 M * Bertl yes, the sys/user/hold times are there 1172072470 M * Bertl in theory, you could calulate a load from that 1172072490 M * Bertl well, not exactly what the 'normal' load gives 1172072498 M * Hollow ok, i'll use these then .. ;) 1172072526 M * Hollow on a quad, cpuhog -n4 should do it, right? 1172072551 M * Bertl once the task distribution has setteled, yes 1172072899 M * Hollow Bertl: ah.. top even shows 400% load with 4 cpus.. nice 1172072904 M * Hollow ehm 1172072905 M * Hollow not load 1172072911 M * Hollow cpu% 1172072975 M * Bertl press '1' 1172073023 M * Hollow ah, that's what i was looking for 1172073030 M * Bertl :) 1172073064 Q * meandtheshel1 Quit: Leaving. 1172073133 M * Hollow yeah, seems to work like a charm :) 1172073167 M * Hollow even with lazy updates 1172073312 J * meandtheshel1 ~markus@85-124-39-201.dynamic.xdsl-line.inode.at 1172074204 M * pusling where is it set wether or not a vserver is started on machine boot up ? 1172074250 M * Bertl in the 'mark' entry 1172074347 M * pusling is it just wether or not apps/init/mark is present - or does it need to contain something ? 1172074366 M * Bertl it contains the 'mark' used in the runlevel script 1172074376 M * Bertl i.e. you can have more than one runlevel script 1172074383 M * Bertl (with different marks there) 1172074389 M * Bertl the default is 'default' 1172074396 M * pusling ah. 1172074416 M * Bertl so, IIRC, echo 'default' >.../init/mark should do it 1172074466 M * Hollow Bertl: fyi, we have tested nearly all configurations vcd supports, with 2.2, and it seems pretty fine now, scheduler was the last outstanding issue :) 1172074487 M * Bertl sounds good, so we will have a vcd release with 2.2.x? 1172074489 M * Hollow only thing that would be nice for 2.2 are xfs disk limits 1172074492 M * Hollow yep 1172074511 M * Bertl well, I'm pretty sure now, the xfs limits will not make it 1172074513 M * Hollow will do some rcs after 2.2.0 has been released so it gets some more testing, then we'll see 1172074519 M * Hollow too bad 1172074522 M * Bertl I had a deep look at it, and it needs a lot of work 1172074543 M * Bertl xfs does weird things and has a lot of special casing there 1172074554 M * Bertl basically an inode allocation is done like this: 1172074567 M * Bertl - create a transfer struct with the change (+1) 1172074578 M * Bertl - add that to the journaling mechanism 1172074592 M * Bertl - once executed, it increments a per cpu counter 1172074614 M * Bertl - at a later time, the cpu counters are balanced and fed back to the superblock 1172074638 Q * ntrs_ Remote host closed the connection 1172074681 M * Bertl this is even more complicated by the fact that there are different procedures for SMP and UP 1172074799 M * Hollow ok, have to compile other filesystems in my kernels for testing then :P 1172074829 M * Hollow hope we can see it in 2.2.1 or so .. 1172074845 M * Bertl yes, I'm confident I'll figure a way to handle it :) 1172074867 M * Hollow :) 1172074870 J * Piet hiddenserv@tor.noreply.org 1172074872 M * Hollow i'm ready to test :) 1172074898 M * Hollow afk for a bit now 1172074994 M * mjt "find: WARNING: Hard link count is wrong for /proc/virtnet: this may be a bug in your filesystem driver. [...]" 1172075014 M * mjt i wonder... all other /proc dirs are ok... 1172075082 M * Bertl that is correct, it seems your find? or whatever is checking that 1172075112 M * Bertl most proc entries are not showing the correct counts there, although we might fix that at some point 1172075133 M * Bertl (but it is a consmetic issue, like the entry size itself) 1172075134 M * mjt shouldn't proc_mkdir() do the right thing? 1172075151 M * Bertl just that we cannot mkdir there, as we have dynamic entries 1172075160 M * mjt ah. 1172075171 M * mjt sure it's cosmetic 1172075189 M * Bertl actually, we could fix up the virt* dirs quite easily 1172075204 M * Bertl as we have all counters in place to tell how many entries there are 1172075218 M * Bertl would you be willing to test a patch for that? 1172075279 M * mjt sure why not? 1172075295 M * mjt i wonder if your find doesn't complain... ;) 1172075299 M * mjt s/if/why/ 1172075302 M * Bertl okay, let me prepare something then ... 1172075330 M * mjt # find --version 1172075331 M * mjt GNU find version 4.2.28 1172075331 M * mjt Features enabled: D_TYPE O_NOFOLLOW(enabled) LEAF_OPTIMISATION 1172075343 J * stefani ~stefani@flute.radonc.washington.edu 1172075351 M * mjt that's probably that LEAF_OPTIMISATION thing 1172075409 M * Bertl welcome stefani! 1172075458 Q * DavidS Quit: Leaving. 1172075507 J * niol ~niol@sousmonlit.dyndns.org 1172075515 M * Bertl welcome niol! 1172075522 M * niol hi again 1172075554 M * niol I finally found some time to investigate more on my ulimit problem 1172075586 M * Bertl excellent ... let's hear then ... 1172075612 M * niol and I don't understand why the default 'ulimit -H -n' is 1024 on the host but 1024^2 in a guest 1172075642 M * Bertl what tool version? 1172075701 M * niol debian box, util-vserver is 0.30.211-6 1172075732 M * Bertl hmm, hard to tell what version that actually is ... 1172075739 M * Bertl but there are two options: 1172075756 M * Bertl a) the guest sets its own limits (if permitted) 1172075777 M * Bertl b) the tools remove or replace the limits according to the config 1172075887 M * niol I haven't set anything in /etc/vservers/myguest/rlimits/nofile 1172075893 Q * stefani Ping timeout: 480 seconds 1172075975 M * niol so I think it means that pam behaves differently when in a guest 1172076021 M * Bertl could be, what does the pam log say? 1172076051 J * stefani ~stefani@tsipoor.banerian.org 1172076317 M * niol pam doesn't complain in the logs 1172076434 M * niol this is driving me crazy 1172076458 M * Bertl and you are sure you have the same settings on the host and guest? 1172076492 M * Bertl if so, why not add a bunch of 'ulimit -H -n' to interesting places 1172076500 M * niol the settings are those of debootstrap 1172076512 M * Bertl like, the runlevel script, or the bash/profile 1172076538 M * niol I know how to fix the issue, but I just wanted to understand what is behaving differently when in a guest 1172076568 M * Bertl nothing actually 1172076577 M * niol the exact same thing happens on a friend's gentoo box 1172076612 M * Bertl I mean, of course something will be different, but unless you have certain limits set, it will look like the host 1172076821 M * Hollow Bertl: will there be a rc14 today/tomorrow? 1172076853 M * Bertl probably 1172077128 J * bored2sleep ~bored2sle@66.111.53.150 1172077177 Q * Loki|muh Ping timeout: 480 seconds 1172077188 M * mjt pam_limits, when it finds no limit, sets it to unlimited, instead of keeping the current one 1172077188 M * mjt dunno how it translates to nofiles 1172077223 M * mjt 1024^2 ? 1172077234 M * Bertl might be that this is the 'upper limit' for files? 1172077235 M * mjt that's 1048576? 1172077259 M * ema Hi, I've got a system in chroot, I'd like to make a vserver out of it. Which is the easiest way to do that? 1172077269 M * mjt "finds no limit" in /etc/../limits, that is 1172077311 M * mjt limits.conf, even 1172077358 Q * tzafrir Ping timeout: 480 seconds 1172077389 M * mjt ema: create a new vserver as usual and change/rename the directory to point to your existing chroot dir? 1172077422 M * mjt the only thing to do really is to create a bunch of dirs/symlinks in /etc/vservers for it 1172077439 M * mjt ..and small files, too 1172077452 M * Bertl ema: basically the skeleton build method is what you want 1172077467 M * mjt hmm what's that? 1172077478 M * Bertl ema: vserver build -m skeleton --context --ip ... 1172077489 M * mjt aha! 1172077492 M * Bertl it build an empty dir (except for /tmp and /dev) 1172077511 M * Bertl and you can copy the chroot (excluding dev) to that then 1172077522 M * ema Bertl: Cool! Is it documented somewhere? 1172077526 M * Bertl note: the coonfig options are the same as for a normal guest build 1172077535 J * Loki|muh loki@satanix.de 1172077538 M * Bertl ema: try 'vserver - build --help' 1172077586 M * ema Bertl: Yay! Thanks :) 1172077594 M * Bertl you're welcome! 1172077616 M * mjt --context ... the static context of the vserver [default: none; a dynamic context will be assumed] 1172077626 M * mjt it doesn't work anymore, does it? 1172077630 M * Bertl old tools I guess 1172077644 M * niol I think I have no limits either on the guest or on the host 1172077646 M * Bertl (or missing update to the help :) 1172077662 M * mjt Version: 0.30.212-1 1172077687 M * Bertl yep, seems that this might need an update 1172077690 M * mjt (from debian). Looks like the latter ;) 1172077699 M * Bertl (just verified, with 0.30.213-rc2) 1172077721 M * mjt i was forced to create /etc/vservers/$foo/context file as per FAQ 1172077756 M * Bertl yes, static context are mandatory now (well, at least without the legacy stuff enabled) 1172077787 M * Bertl maybe somebody feels like making a 'guest build page' on the wiki? 1172077804 M * Bertl listing all the different build methods with actual real world examples 1172077804 M * mjt just don't let me do that.. ;) 1172077828 M * mjt (with my way of doing things it will be even more confusing ;) 1172077842 M * Bertl I am volunteering to check them personally, and add comments/corrections if necessary ... 1172077919 M * mjt (the last time i was using installer is when i installed a debian system for the first time - debian potato it was. Since that, I was using debootstrap about 5 times... And installed about 1000 systems ;) 1172077982 J * tzafrir ~tzafrir@62.90.10.53 1172078022 M * Bertl welcome tzafrir! 1172078133 M * Bertl mjt: http://vserver.13thfloor.at/Experimental/delta-proc-fix05.diff 1172078133 J * bonbons ~bonbons@83.222.38.57 1172078160 N * DoberMann DoberMann[PullA] 1172078239 M * Bertl evening bonbons! 1172078354 M * bonbons evening Bertl! 1172078458 A * mjt tries it... 1172078517 J * yarihm ~yarihm@84-74-16-109.dclient.hispeed.ch 1172078683 M * niol checked in the kernel source, RLIM_INFINITY is not 1048576 1172078699 M * mjt wug. It tries to recompile everything, for whatever reason... :( 1172078708 M * mjt RLIM_INFINITY is -1 1172078857 M * mjt "In the next lesson I will talk about OpenVPN's server mode, which can deal with with multiple clients connecting to one IP and one port. [...] Contributions welcome. :)" 1172078860 M * mjt heh. 1172078919 M * mjt the only thing i come with here is to setup a virtual interface with a real netmask, and use it in guest (with CAP_NET_ADMIN) 1172078940 M * mjt but that's a bit too much, isn't it? 1172079010 M * Bertl persistant tun device and a bunch of ips should do it without CAP_NET_ADMIN 1172079057 M * mjt $ ip l | grep -c ': tp-' 1172079061 M * mjt 4334 1172079096 M * mjt that's 4334 tunnels (what a nice number ;) 1172079127 M * mjt all are in the same /16 (10.x.x.x) 1172079535 Q * ema Quit: bye 1172079857 M * mjt hmm. grsecurity adds 'CONFIG_GRKERNSEC_MODSTOP' option. I wonder how it's different from revoking CAP_SYS_MODULE? 1172079972 M * Bertl check the code or ask the grsec folks :) 1172080043 N * DoberMann[PullA] DoberMann 1172080476 M * daniel_hozac niol: however, it's impossible to set the nofile limit to anything greater than that. 1172080560 M * daniel_hozac Bertl: about the --context help message, you want generated instead of assumed, or what? 1172080583 M * niol see you guys, thanks for the advices, my problem is fixed (i.e. python dup2 slow in cgi) and I nearly understood why, so for now, i'll set limits in /etc/security/limits.conf 1172080633 M * bored2sleep is yum known to be funky? I applied the suggested patch, but it seems to always re-download and re-install every package every time... 1172080642 J * dna ~naucki@204-195-dsl.kielnet.net 1172080645 M * daniel_hozac Bertl: i.e. "a static one will be generated for you" 1172080652 M * mjt by the way, the fact that you can raise the limits in pam mean your guest isn't restricted. 1172080655 M * daniel_hozac bored2sleep: for different guests? yes. 1172080788 M * bored2sleep daniel_hozac: on the same guest 1172080818 M * daniel_hozac and what are you running that makes you think that? 1172080880 M * mjt niol: I just checked -- by default, ulimit -H for nofiles is that 1024*1024 in a guest. I don't know why. 1172080894 M * daniel_hozac mjt: that's the maximum. 1172080904 M * mjt on a host, it's 1024. 1172080911 M * bored2sleep during the build -m yum process, it downloads the packages and deps listed in pkgs/04 (or whatever) and installs them, then 05 it does them again, and then when I enter the guest and do "rpm -qa" it returns nothing (and if I try to add a package, it redownloads them again). 1172080936 M * daniel_hozac bored2sleep: please show some output. 1172080951 M * daniel_hozac bored2sleep: rpm -qa is not supposed to output anything inside a guest until you've internalize package management. 1172080957 M * daniel_hozac try vrpm -- -qa 1172080963 M * bored2sleep ok 1172081000 M * bored2sleep ah, ok, that works correctly 1172081011 M * bored2sleep thanks 1172081040 M * bored2sleep so vyum and vrpm always, instead of vserver exec etc 1172081063 M * daniel_hozac at least until you internalize package management, if you choose to do so. 1172081086 M * niol mjt: thanks for checking, you've got the same thing, as on my box 1172081109 M * daniel_hozac niol: how are you checking? vserver ... enter? 1172081226 M * niol daniel_hozac: either by sshing into the vserver, with vserver enter or with a cgi python script that prints the value 1172081263 M * daniel_hozac ssh is probably the only one that would care about pam limits. 1172081334 M * niol so what I need to do is adding a line somewhere in the init that says ulimit -H -n 1024? 1172081359 M * mjt niol: how about /etc/vserver/.default/rlimit/nofile ? 1172081390 M * daniel_hozac it's ulimits, and they don't support .defaults. 1172081416 M * niol yep that's why I couldn't do that 1172081419 M * mjt and .defaults, and vservers ;) 1172081425 M * daniel_hozac so echo 1024 > /etc/vservers//ulimits/nofile.hard 1172081442 M * mjt docs says it's rlimits (for 2.6), ulimits is for 2.4 1172081469 M * niol the bible is the weed page 1172081485 M * daniel_hozac for per-guest limits, yeah. the ulimits directory is used on 2.6 to set the default ulimits. 1172081521 M * daniel_hozac and what docs are you referring to? 1172081525 M * mjt but it's already /etc/vservers/$FOO/... - ie, per-guest 1172081551 M * mjt http://linux-vserver.org/util-vserver:Documentation 1172081568 M * daniel_hozac that's outdated and will be removed once i have an idea what to replace it with. 1172081593 M * mjt well, it's a nice page 1172081595 M * daniel_hozac http://www.nongnu.org/util-vserver/doc/conf/configuration.html 1172081618 M * mjt the one that crashe{s,d} my firefox ;) 1172081687 M * mjt what's the difference between system and context capabilities? 1172081692 M * ph1l0r hehe works for me in ffox 2 1172081706 M * ph1l0r but removing the style sheet helps readability a lot 1172081817 M * daniel_hozac http://linux-vserver.org/Capabilities_and_Flags#Context_flags_.28cflags.29 1172081840 M * daniel_hozac ph1l0r: really? i think the current stylesheet improves readability. 1172081877 M * niol yeah, I remember the old one... 1172082130 M * Bertl mjt: the capabilities are the ones used with Linux 1172082151 M * Bertl mjt: the context capabilities, are additional capabilities which apply to the context as whole 1172082170 M * Bertl mjt: similar is true with the ulimits and rlimits 1172082197 M * Bertl i.e. the ulimits are 'per user/process group' while the rlimits are 'per guest' 1172082347 M * ph1l0r daniel_hozac http://www.nongnu.org/util-vserver/doc/conf/configuration.html is erm hard to read. at least for my taste 1172082369 M * daniel_hozac how so? 1172082380 M * ph1l0r cachebase run.rev color on white background is tough 1172082403 M * Bertl ph1l0r: looks fine here ... 1172082409 M * ph1l0r enviroment 1172082426 M * ph1l0r it says style "weedpage" for me 1172082460 M * Bertl yup, same here ... I agree that the cyan could be changed to something a little darker though 1172082479 M * ph1l0r handler* color is too bright too 1172082493 M * ph1l0r not a biggie. one click and the stylesheet is gone ;-) 1172082504 M * Bertl but compare it to the flower stylesheet 1172082526 M * Bertl (which was the default until recently :) 1172082541 M * ph1l0r whoever did the flower stylesheet enjoyed plenty of the plants pictured when crafting it... 1172082568 M * Bertl hmm, we have to ask ensc about that :) 1172082648 M * mjt aha. 1172082701 M * mjt so rlimits.nofile is like /proc/sys/fs/file-max, and ulimits.nofile is usual unix per-process limit... right? 1172082715 M * Bertl yep, precisely 1172082858 M * mjt rlimits.nproc is total max per-context, while ulimits.nproc is per-uid inside that context.. or per whole system? 1172082877 M * Bertl as it is currently handled on Linux 1172082896 M * mjt so it's global per-system. 1172082899 M * Bertl i.e. same behaviour for ulimits inside as outside 1172082905 M * mjt funny 1172082936 M * mjt so unless i lower rlimits.nproc, a guest can DoS the host ;) 1172082947 M * Bertl yes 1172082962 M * daniel_hozac s/lower/set/ 1172082972 M * Bertl same is true for the ~10 other limits 1172083019 M * mjt hm. they're per-process (like nofile), not per-uid? 1172083026 M * mjt (except of nproc) 1172083059 M * mjt maxmem, stack, locks, ... - that's all per-process 1172083060 M * Bertl I'm talking about the 'per context' limits 1172083105 M * Bertl i.e. all limits we have there correspond to some kind of DoS 1172083120 M * Bertl (except for the AS limit I guess) 1172083168 M * mjt most interesting limit is probably the CPU one 1172083191 M * Bertl the scheduler, yes, not the cpu rlimit 1172083204 M * mjt but in order to stop a guest from taking too much CPU, scheduling params can be manipulated somehow... 1172083232 M * Bertl the cpu rlimit is not implemented btw :) 1172083250 M * mjt heh 1172083297 M * mjt and that $FOO/sched/* stuff is umm... very understandable too ;) 1172083317 M * niol thanks guys for everything, I posted a summary of my solution on debian-user, perhaps it'll help someone in the future. I need to go, so cheers 1172083323 Q * niol Quit: leaving 1172083332 M * Bertl mjt: well, if you find a good use for the CPU rlimit, we'll implement it ... 1172083345 M * daniel_hozac mjt: that's what http://linux-vserver.org/CPU_Scheduler is for. 1172083368 M * mjt ;) 1172083374 M * mjt found it already :) 1172083379 M * mjt what's vcmd? 1172083413 M * daniel_hozac it's basically syscalls from the shell. 1172083429 M * daniel_hozac http://vserver.13thfloor.at/Experimental/TOOLS/vcmd-0.08-pre2.tar.bz2 1172083927 M * Bertl mjt: vcmd is a hack tool I maintain to exercise all the syscall commands relevant for Linux-VServer 1172087171 Q * yarihm Quit: This computer has gone to sleep 1172087281 J * jmcaricand ~jmcarican@d83-179-215-156.cust.tele2.fr 1172087599 M * Bertl welcome jmcaricand! 1172087654 M * jmcaricand Hi Bert! 1172088060 M * daniel_hozac Bertl: http://people.linux-vserver.org/~dhozac/p/uv/experimental/delta-context-help.diff look okay to you? 1172088276 M * Bertl looks good, even better if that is true too :) 1172088305 M * daniel_hozac http://svn.linux-vserver.org/projects/util-vserver/changeset/2478 1172088310 M * Bertl i.e. did you get around doing the 'dynamic in userspace' for the config? 1172088313 M * daniel_hozac been true for all of 0.30.213-rc* :) 1172088327 M * Bertl wow, great work! didn't know that! tx! 1172088762 M * phedny for vhashify to work, all the vservers must be on the same filesystem? 1172088773 M * daniel_hozac yes. 1172088778 M * daniel_hozac it uses hardlinks. 1172088779 M * phedny and /etc/vservers/.defaults/apps/vunify/hash/root must be a symlink to a dir on that same filesystem? 1172088827 M * daniel_hozac yep. 1172089450 Q * nou Ping timeout: 480 seconds 1172089787 N * neuralis_ neuralis 1172090354 Q * jmcaricand Quit: KVIrc 3.2.4 Anomalies http://www.kvirc.net/ 1172090502 J * ntrs ~ntrs@68-188-55-120.dhcp.stls.mo.charter.com 1172091114 J * neuralis_ ~krstic@solarsail.hcs.HARVARD.EDU 1172091127 J * DreamerC_ ~dreamerc@125-225-98-182.dynamic.hinet.net 1172091160 J * UukGoblin ~jaaa@sr-fw1.router.uk.clara.net 1172091162 Q * DreamerC osmotic.oftc.net scorpio.oftc.net 1172091162 Q * HobGoblin osmotic.oftc.net scorpio.oftc.net 1172091162 Q * neuralis osmotic.oftc.net scorpio.oftc.net 1172091162 Q * eyck osmotic.oftc.net scorpio.oftc.net 1172091162 Q * brcc osmotic.oftc.net scorpio.oftc.net 1172091167 M * mjt Bertl: that patch (linkcount on /proc/virtnet/) seems to work 1172091168 J * eyck eyck@kuszelas.com 1172091236 M * mjt (not sure why i tested it -- it's trivial to check by verifying link count using `ls'.. but i re-compiled the kernel anyway so why not...) 1172091291 J * Aiken ~james@ppp126-23.lns2.bne4.internode.on.net 1172091333 M * Bertl mjt: guess it is still reporting wrong for the xid entries though :) 1172091348 M * mjt where? 1172091371 M * daniel_hozac they have no subdirectories, do they? 1172091385 M * mjt (i haven't used that option yet, and don't yet know what it is ;) 1172091395 M * Bertl hmm, right, so that should be fine 1172091418 M * daniel_hozac (and even if they did, they wouldn't be dynamic so we could just set the right link count...9 1172091437 M * Bertl that'd be a little trickier :) 1172091585 M * mjt /proc/virtual/$n/info -- here it has `Info:' field - is that `cflags' from `Capabilities_and_Flags' page? 1172091593 M * daniel_hozac no. 1172091622 M * mjt aha. it's in status 1172091626 M * daniel_hozac http://oldwiki.linux-vserver.org/HowTo+read+ProcFS 1172091634 M * mjt flags, bcaps, ccaps 1172091643 M * daniel_hozac (has that been migrated yet?) 1172091664 M * Bertl I don't think so ... 1172091683 M * Bertl limits need a new example too 1172091715 M * daniel_hozac i guess all of those need to be updated. 1172091741 M * mjt ls /proc/sys/vserver/ 1172091742 M * mjt er 1172091765 M * daniel_hozac oh, it has. http://linux-vserver.org/ProcFS 1172091769 M * mjt ..which is not there anyway 1172091777 M * mjt (no debugging it seems) 1172091955 Q * Aiken Read error: Connection reset by peer 1172092042 Q * tokkee Server closed connection 1172092057 J * tokkee tokkee@casella.verplant.org 1172092545 J * yarihm ~yarihm@84-75-123-221.dclient.hispeed.ch 1172093134 J * quiksilv Linden@203.176.96.250 1172093701 Q * bonbons Quit: Leaving 1172093757 M * Bertl okay, off for now ... back later ... 1172093762 N * Bertl Bertl_oO 1172094280 J * xp_prg2 ~xp_prg2@ftp.microvu.com 1172094301 M * xp_prg2 I try to start my vserver with vserver john1 start and I get: 1172094310 M * xp_prg2 find: var: No such file or directory fakerunlevel: open("/var/run/utmp"): No such file or directory 1172094314 M * xp_prg2 anyone know how to fix that? 1172094984 M * mjt you don't have proper vserver root directory 1172094997 M * mjt in particular, /var is missing 1172095232 M * xp_prg2 vserver john1 build --hostname john1 --interface john1=eth1:172.16.1.12/24 -m rsync -- -d etch --source carrots.devel:/etc/vservers/callab 1172095250 M * xp_prg2 I executed this in an attempt to use an existing vserver as a model of a new vserver 1172095265 M * daniel_hozac uh, you realize you're trying to use the configuration from one guest as the root directory of another? 1172095279 M * daniel_hozac remove the /etc and you might have more luck. 1172095297 M * mjt lol 1172095299 M * xp_prg2 no, this is my first time doing this, all I really want to do is copy a vserver and use it for something else, is that possible? 1172095344 M * daniel_hozac as i said, remove the /etc. 1172095356 M * mjt .. on host ;) 1172095370 M * daniel_hozac (assuming you have your guests in /vservers) 1172095394 M * xp_prg2 /var/lib/vservers/john1# rm -Rf etc 1172095417 M * xp_prg2 vserver john1 start chroot-sh: open("/etc/mtab"): No such file or directory find: var/lock: No such file or directory 1172095431 M * daniel_hozac delete the entire guest. 1172095447 M * xp_prg2 delete john1? 1172095450 M * daniel_hozac remove /etc from your command. 1172095452 M * daniel_hozac rebuild. 1172095474 M * xp_prg2 my command doesn't have /etc 1172095507 M * daniel_hozac so what do you call the /etc in ... --source carrots.devel:/etc/vservers/callab? 1172095533 M * xp_prg2 how do I remove it from the command? 1172095545 M * mjt wug 1172095550 M * daniel_hozac i like using the arrow keys and backspace... 1172095567 M * xp_prg2 is there a command to remove a guest? 1172095573 M * daniel_hozac yes, vserver ... delete 1172095601 M * xp_prg2 so I have this: vserver john1 build --hostname john1 --interface john1=eth1:172.16.1.12/24 -m rsync -- -d etch --source carrots.devel:/etc/vservers/callab 1172095608 M * xp_prg2 your saying to remove /etc from it 1172095628 M * daniel_hozac yep. 1172095641 M * xp_prg2 I am not clear how to remove /etc from it, can you help me to know this? 1172095663 M * daniel_hozac you know how the backspace key works? 1172095681 M * daniel_hozac it removes the character before the cursor. 1172095683 M * mjt daniel_hozac: hey, stop mocking at xp_prg2 ;) 1172095695 M * daniel_hozac honestly, i don't know what else to say 1172095700 M * xp_prg2 oh man I feel dumb 1172095707 M * mjt xp_prg2: you're rsyncing /etc/vservers/collab, but you want to rsync /vservers/collab 1172095719 M * xp_prg2 oh ok 1172095724 M * mjt not the vserver config dir, but vserver root dir 1172095747 M * xp_prg2 now I understand 1172095756 M * mjt but you'd better tar+copy it instead of rsync 1172095766 M * xp_prg2 why mjt? 1172095803 M * daniel_hozac hmm? rsync should be better than template, IMHO. 1172095805 M * mjt because rsync needs quite some options to preserve attributes, mtimes etc yadda 1172095826 M * daniel_hozac of course, clone beats them both. 1172095847 M * xp_prg2 daniel_hozac I could use clone instead of this command? 1172095869 M * Radiance what does context 42 mean ? 1172095877 M * daniel_hozac only if you have 0.30.213* 1172095896 M * daniel_hozac Radiance: hmm? 1172095915 M * xp_prg2 how can I tell what version I have? 1172095927 M * Radiance i remember some example showing how to build a vserver and they used something like context 42 or 43 i believe 1172095937 M * mjt hmm. i want to mount a tmpfs over /dev in guest. but it complains it can't mount /dev/pts - i need to mkdir it before it tries to mount it... The question is obviously... how? :) 1172095939 M * Radiance with the build command 1172095956 M * mjt Radiance: nothing in particular 1172095956 M * xp_prg2 of course the rsync allows you not to be local, does the clone allow you not to be local? 1172095979 M * daniel_hozac mjt: mount /dev with a prepre-start script. 1172095983 M * daniel_hozac xp_prg2: no. 1172095995 M * daniel_hozac Radiance: it's just an id for the guest. 1172095999 M * Radiance ah ok 1172096001 M * Radiance thanks 1172096003 M * daniel_hozac Radiance: it needs to be unique and between 2 and 49151. 1172096007 M * mjt Radiance: it's sorta like asking what uid=42 means.. in your particular distribution it can be, say, bin or uucp. 1172096008 Q * gerrit Ping timeout: 480 seconds 1172096013 M * Radiance mjt, perhaps makedev ? 1172096054 M * mjt daniel_hozac: 2 isn't special? 1172096059 M * daniel_hozac no. 1172096069 M * daniel_hozac (that between is inclusive) 1172096112 M * Radiance but i assume if no specific context is given and one keeps building vservers they still get some unique (random?) id ? 1172096146 M * mjt you now have to assign the context 1172096149 M * daniel_hozac Radiance: really recent tools will generate one for you, while older ones will require kernel legacy support for dynamic contexts. 1172096176 M * mjt hmm. prepare-start? You mean apps/init/cmd.prepare? 1172096184 M * Radiance ah i guess because of the legacy support i didn't bump into a conflict hehe 1172096200 M * daniel_hozac mjt: no, scripts/prepre-start. 1172096282 M * mjt not mentioned on the flowers page :) 1172096304 M * daniel_hozac uh, yes it is. 1172096348 M * mjt arr.. prepre, not prepare ;) 1172096523 M * almak Hi 1172096653 N * Bertl_oO Bertl 1172096656 M * Bertl back now 1172096709 M * almak I am seeing a problem with disk limit. Using 2.6.14.3 kernel + Vserver 2.0.1 and raiser file system. 1172096735 M * Bertl hmm, what kind of issue? 1172096753 M * almak I have setup disk limit but vdlimit shows space_used = 0 and inodes_used = 0 1172096774 M * Bertl did you mount the partition with tagxid? 1172096814 M * almak humm.. no what command should I use? 1172096828 M * Bertl mount -o tagxid ... /vservers 1172096977 M * almak does each vserver context need to mount it's own or a host command? 1172096983 N * neuralis_ neuralis 1172097118 M * mjt ok. this prepre-start has to mount the guest root filesystem AND guest /dev. So neither can be listed in $vserver-config/fstab. Oh well. 1172097207 M * Bertl almak: no, the disk limits are only relelvant if you put guests on a shared partition 1172097216 M * almak bertl: ok found the wiki page on tagxid 1172097224 M * Bertl almak: and you have to mount _that_ partition with the tagxid 1172097246 M * Bertl if you have a separate partition per guest, you do not need the disk limits :) 1172097272 M * Bertl mjt: there is also a script called 'initialize' 1172097367 J * Lars ~chatzilla@cp676338-a.landg1.lb.home.nl 1172097384 N * Lars DotHack 1172097401 M * DotHack hi iall 1172097401 M * Bertl welcome DotHack/Lars! 1172097416 M * DotHack hi have a really stupid question 1172097418 M * almak Bertl: you are right! my dumb question :) 1172097425 M * Bertl DotHack: see topic 1172097433 M * DotHack haha 1172097472 M * DotHack well i have set up a remote box with a vserver root and 3 vserver running in it with all of them external ip adresses 1172097482 M * DotHack it all works smooth 1172097489 M * Bertl sounds good 1172097490 M * DotHack no i want to set up fiewalling 1172097496 N * DoberMann DoberMann[ZZZzzz] 1172097508 M * DotHack i use shorewall on de root server 1172097523 M * DotHack now i've locked myself out of the box 1172097577 M * DotHack i thought i had set it up rigth but something is wrong. Does any of you guys have some experience with vserver icw shorewall? 1172097606 M * Bertl I guess it is not really Linux-VServer related (your issue) 1172097622 M * Bertl but I'm sure somebody here has done that already 1172097636 M * Bertl basically you have to be careful about two things with firewalls 1172097649 M * Bertl 1) host-guest and guest-guest traffic use 'lo' 1172097669 M * Bertl 2) there is no forwarding or so for guests, they basically look like host traffic to the firewall 1172097697 Q * ph1l0r 1172097699 Q * yarihm Quit: Leaving 1172097710 M * DotHack how is internet-guest traffic seen then? 1172097727 M * DotHack eth0->lo or so? 1172097728 M * Bertl like it would be host traffic with the guest ip 1172097740 M * Bertl let me make an example: 1172097751 M * Bertl host: ip=192.168.0.1 1172097764 M * Bertl guest: ip=192.168.1.17 1172097781 M * Bertl now if you start apache on the host, with Listen to 0.0.0.0 1172097805 M * Bertl it will bind both addresses, if you use Listen 192.168.1.17 it will just bind the guest ip 1172097825 M * Bertl the latter case is how it will look if you start apache inside the guest 1172097856 M * DotHack yep 1172097892 M * DotHack that was all working superb until i activated my firewall configuration 1172097916 M * DotHack now i have to go to the data centre 1172097928 M * DotHack foolish me 1172097938 J * brcc bruce@i.am.someasshole.com 1172097948 M * Bertl DotHack: no serial console or so? 1172097958 M * DotHack nopee 1172097965 M * Bertl DotHack: maybe next time you should add a cron job to take down the firewall? 1172097973 M * nebuchadnezzar that's the reason I let ssh from my host at the top of the firewall script :-) 1172097997 M * Bertl nebuchadnezzar: ah, good to know :) 1172098006 M * DotHack nebuchadnezzar: i used shorewall iand i thought i set it up to absulety allow all ssh traffic to the host 1172098013 M * DotHack but i was wrong 1172098023 M * nebuchadnezzar I use /bin/sh :-) 1172098052 M * DotHack nebuchadnezzar: hehe 1172098059 M * mjt sh -c 'sleep 300; iptables -F; iptables -X' & -- before doing something... ;) 1172098108 M * mjt (if chain policy isn't set to drop ;) 1172098297 M * DotHack yeah i did set some policy to drop 1172098549 M * DotHack mm now i see there is a shorewall safe-start command, wich will clear the firewall in 60 seconds when a prompt is not anwered 1172098594 M * DotHack why didnt i see that before i started it 1172098621 M * Bertl daniel_hozac: tx for moving the tools :) 1172098685 M * DotHack doe anyone of you guys have a scrambled screen sometimes when sshing into a vserver? 1172098881 M * Bertl hmm, no? 1172098901 M * Bertl do you use a windows machine? that might not be supported :) 1172099297 J * dna_ ~naucki@204-195-dsl.kielnet.net 1172099361 Q * dna Ping timeout: 480 seconds 1172099601 J * Piet_ hiddenserv@tor.noreply.org 1172099602 Q * Piet Remote host closed the connection 1172099766 P * stefani I'm Parting (the water) 1172099896 M * DotHack i use putty 1172100060 M * mjt wug. I wonder how much time has been spent for all the scripts in util-vserver... 1172100099 M * mjt when /proc in a guest isn't mounted, it's... difficult to stop it ;) 1172100163 M * mjt `vserver stop' tries to run ps inside vserver, complains that it can't parse ps's output, and removes /var/run/vservers/$name, finally telling the vserver isn't running ;) 1172100290 Q * DotHack Quit: Chatzilla 0.9.77 [Firefox 2.0.0.1/2006120418] 1172100351 Q * ensc Killed (NickServ (GHOST command used by ensc_)) 1172100361 J * ensc ~irc-ensc@p54B4DB7F.dip.t-dialin.net 1172100420 M * Radiance is it no problem to install for example a vserver running fedora on a debian host ? 1172100431 M * mjt no problem 1172100493 M * Radiance ok thanks 1172100662 M * mjt by the way, all current linux ulimits are in bytes, not pages 1172100860 Q * dna_ Quit: Verlassend