1175904048 M * daniel_hozac irc6.oftc.net should work for that. 1175904129 Q * ray4 Remote host closed the connection 1175904130 J * ray4 ~ray@v6v4gw.ray.net 1175904142 M * ray4 ah better yes :) 1175904156 M * ray4 legacy-ip free irc 1175904166 N * ray4 ray6 1175904484 M * sid3windr :-) 1175904940 M * matti Good night folks :) 1175905071 M * ray6 yeah, n8,2 1175905080 M * sid3windr have a nice drinking^Wnight matti 1175905108 A * matti pokes sid3windr with a pointed stick 1175905108 M * matti ;] 1175905309 Q * slack101 Ping timeout: 480 seconds 1175908816 J * slack101 ~root@cpe-71-65-58-25.insight.res.rr.com 1175908835 M * slack101 daniel_hozac: been trying for a while here to get this .........not happening 1175908849 M * slack101 te release thing is not making sense i cant fid anything on it 1175911619 Q * rgl Ping timeout: 480 seconds 1175918649 Q * softi42 Ping timeout: 480 seconds 1175919256 J * softi42 ~softi@p549d7db4.dip.t-dialin.net 1175922685 Q * ensc Ping timeout: 480 seconds 1175923210 Q * vagrantc Quit: leaving 1175925211 J * ensc ~irc-ensc@p54B4DA58.dip.t-dialin.net 1175929985 J * dna ~naucki@191-215-dsl.kielnet.net 1175932745 Q * phreak`` Quit: leaving 1175932776 J * phreak`` ~phreak``@deimos.barfoo.org 1175935039 J * bonbons ~bonbons@83.222.38.145 1175936224 J * rgl ~Rui@84.90.10.107 1175936685 J * Blissex ~Blissex@82-69-39-138.dsl.in-addr.zen.co.uk 1175937105 Q * ensc Ping timeout: 480 seconds 1175939221 N * DoberMann_ DoberMann 1175939540 J * ensc ~irc-ensc@p54B4D11A.dip.t-dialin.net 1175939600 J * virtuoso ~s0t0na@80.253.205.251 1175940178 J * boci^ ~boci@pool-3966.adsl.interware.hu 1175940249 J * Piet hiddenserv@tor.noreply.org 1175940637 N * hardwire sspencer 1175940638 Q * sspencer Remote host closed the connection 1175940657 J * hardwire ~bip@rdbck-4271.palmer.mtaonline.net 1175941215 M * daniel_hozac slack101: http://www.nongnu.org/util-vserver/doc/conf/configuration.html 1175942090 Q * ensc Killed (NickServ (GHOST command used by ensc_)) 1175942099 J * ensc ~irc-ensc@p54B4D11A.dip.t-dialin.net 1175942469 Q * Blissex Read error: Connection reset by peer 1175943136 Q * AndrewLee Remote host closed the connection 1175943141 J * AndrewLee ~andrew@flat.iis.sinica.edu.tw 1175945258 Q * ensc Killed (NickServ (GHOST command used by ensc_)) 1175945268 J * ensc ~irc-ensc@p54B4D11A.dip.t-dialin.net 1175946812 J * onox ~onox@kalfjeslab.demon.nl 1175946848 M * onox The stack is smashed when I try to start a vserver 1175946855 M * onox is this a known issue? 1175946909 M * daniel_hozac where? 1175947015 M * onox when trying to "vserver test start" 1175947036 M * onox it says the stack smashed in main (long memory address here) 1175947040 M * daniel_hozac right, but what program, where in that program, etc. 1175947050 M * onox vserver? 1175947056 M * daniel_hozac vserver is a script... 1175947078 M * onox how can I see where it is smashed? 1175947080 M * daniel_hozac so if that's the case, your bash is to blame. 1175947089 M * daniel_hozac i have no idea. what's outputting the warning? 1175947098 M * onox stack smashed in main (value 0x00000000000kpp00) 1175947108 M * onox does vserver uses bash? 1175947116 M * daniel_hozac yes. 1175947117 M * onox what if my root shell is not bash 1175947120 M * onox does it still uses bash? 1175947122 M * daniel_hozac yes. 1175947185 M * daniel_hozac what OS/compiler/settings/etc. are you using? 1175947196 M * daniel_hozac (i.e. upload distribution + vserver-info to paste.linux-vserver.org) 1175947214 M * onox hardened gentoo 1175947481 M * onox http://paste.linux-vserver.org/1398 1175947922 M * onox daniel_hozac: does vserver's behaviour depend on the specific vserver's / dir? 1175947931 M * daniel_hozac no. 1175947964 M * onox because I used a normal (not hardened toolchain) stage4 .tar.bz2 when I build the vserver 1175948040 M * onox it seems vserver-info and vserver-stat work without a problem 1175948246 M * onox daniel_hozac: when recompiling util-vserver, the tests says: 1175948253 M * onox stack smashed in main (value 0x00000000000kpp00) 1175948258 M * daniel_hozac which test? 1175948259 M * onox FAIL: lib_internal/testsuite/sigbus 1175948310 M * daniel_hozac that's... interesting. 1175948382 M * daniel_hozac does echo 'int main(int argc, char *argv[]) { char buf[16]; strcpy(buf, "a"); printf("%s\n", buf); return 0; }' > test.c; diet -Os gcc -O2 -Wall test.c; ./a.out work? 1175948536 M * onox a.out says a 1175948581 M * daniel_hozac so it's not inherently broken at least... 1175948667 M * onox what is sigbus? 1175948710 M * daniel_hozac it tests whether your architecture sends SIGBUS when you try to read from a truncated file, IIRC. 1175948743 M * onox hmm 1175948749 M * daniel_hozac i really don't see where it'd smash the stack though. 1175948779 M * onox could grsecurity deny to send a sigbus? 1175948788 M * onox or am I talking nonsense? 1175948919 M * daniel_hozac from kernel to the program calling in to the kernel? if so, that's just crack. 1175948945 M * daniel_hozac but i know nothing of grsec... 1175948947 M * onox btw 1175948951 M * onox vserver test start 1175948962 M * onox says stack smashed... and then: Failed to start... 1175948986 M * onox so vserver script starts another program which is killed? 1175949040 M * daniel_hozac probably. 1175949072 M * daniel_hozac but it runs a lot of things. you need to find out which one is causing it. 1175949187 M * onox hmm, I recompiled bash and util-vserver to ssp, and the sigbus test now passes 1175949203 M * onox btw 1175949211 M * onox why is dietlibc used? 1175949265 M * daniel_hozac because glibc loads libraries dynamically. 1175949269 M * daniel_hozac -> insecure. 1175949342 M * onox what ELF files are installed by util-vserver? 1175949360 M * daniel_hozac quite a few. 1175949421 M * daniel_hozac do your package managers equivalent of rpm -ql util-vserver\* | while read FILE; do file $FILE | grep -q ELF && echo $FILE; done to get a list... 1175949813 M * onox how do I find out what program is causing it? 1175949819 M * onox put some echo's in vserver.start? 1175949835 M * daniel_hozac i don't know. seems strange not to have argv[0] in that error message, IMHO. 1175949934 Q * shedi Quit: Leaving 1175949949 M * onox I'll try to upgrade from 0.30.212-r2 to 0.30.213_rc6 1175950325 J * shedi ~siggi@ftth-237-144.hive.is 1175951052 Q * Aiken Quit: Leaving 1175951759 M * onox daniel_hozac: can recursive calls cause stack smashing? 1175951923 Q * derjohn Remote host closed the connection 1175951957 M * mnemoc daniel_hozac: hi, -rc6 doesn't have the 'dev' bug :D thanks 1175952288 M * daniel_hozac mnemoc: ok, thanks! 1175952322 M * daniel_hozac onox: i don't see how... 1175952362 M * onox daniel_hozac: should $VSERVER_DIR = /etc/vservers/test? 1175952367 M * onox or /vservers/test? 1175952382 M * daniel_hozac that's the configuration directory. 1175952399 M * mnemoc daniel_hozac: question, there is any plan of adding a "repair" command for broken configs? for example i backup /vservers/foo and /etc/vservers/foo but not /etc/vservers/.defaults/whatever_referencing_foo, and one restore i get a lot of reconstructable broken links 1175952406 M * onox the error occurs during mountRootFS "$VSERVER_DIR" 1175952418 M * daniel_hozac mnemoc: hmm? 1175952446 M * daniel_hozac onox: so should be caused by secure-mount, yes? 1175952459 M * onox secure-mount? 1175952477 M * daniel_hozac probably your compiler doesn't handle alloca very well. 1175952483 M * onox i'm printing lines in vserver.start 1175952511 M * onox daniel_hozac: can I use glibc instead of dietlibc? 1175952541 M * mnemoc daniel_hozac: /etc/vservers/.defaults/vdirbase/foo, /var/run/vservers/foo /etc/vservers/.defaults/cachebase/foo ... when doing a simple backup of 'foo' including only /vserver/foo and /etc/vserver/foo wont be there on restore 1175952554 M * mnemoc daniel_hozac: and vserver foo start fails 1175952555 M * daniel_hozac onox: if you don't care about security... 1175952578 M * daniel_hozac /etc/vservers/.defaults/vdirbase is a symlink to /vservers. 1175952588 M * mnemoc *blink* 1175952599 M * daniel_hozac so if you restore /vservers/foo, /etc/vservers/.defaults/vdirbase/foo will exist ;) 1175952605 M * mnemoc :D 1175952655 M * daniel_hozac onox: or functionality. there are a few things that break if you use glibc... 1175952681 M * daniel_hozac mnemoc: really, as long as your hosts are configured with the same directories, it shouldn't be a problem, IMHO. 1175952719 M * mnemoc if you say so i'll trust :) 1175952785 M * onox daniel_hozac: omg 1175952793 M * onox how did you know it was caused by secure-mount? 1175952804 M * onox error occurs at $_SECURE_MOUNT -a $xflag --chroot --fstab "$fstab" --rootfs only -n 1175952806 M * daniel_hozac because that's all mountRootFS does... 1175952830 M * daniel_hozac try to compile http://people.linux-vserver.org/~dhozac/t/tests/alloca.c 1175952840 M * daniel_hozac does that report the stack smashing too? 1175952863 M * onox using diet? 1175952867 M * daniel_hozac yes, of course. 1175952875 M * daniel_hozac using the same command line that secure-mount was built with. 1175952914 M * onox uhh how do I find that out? vserver-info? 1175952969 M * daniel_hozac i suppose. 1175953009 M * daniel_hozac mnemoc: if that's not true somewhere, please let me know... 1175953034 M * mnemoc daniel_hozac: i will :) 1175953186 M * onox it runs when compiling with diet -Os gcc -O2 -Wall alloca.c 1175953511 M * onox daniel_hozac: should /vservers/* owned by some user? 1175953539 M * daniel_hozac no. 1175953576 M * daniel_hozac did you compile it with the options from vserver-info yet? 1175953580 M * daniel_hozac (and the compiler) 1175953618 M * onox like this? CFLAGS="-mtune=athlon64 -O2 -pipe -std=c99 -Wall -pedantic -W -funit-at-a-time" x86_64-pc-linux-gnu-gcc alloca.c? 1175953672 M * daniel_hozac no, x86_64... -mtune.... alloca.c 1175953765 M * onox still runs 1175953771 M * onox how do I get it to use diet? 1175953796 M * daniel_hozac just put diet in front. 1175953855 M * onox runs 1175954147 M * daniel_hozac interesting. 1175954456 M * onox shall I try to gdb secure-mount? 1175954477 M * daniel_hozac i guess. 1175954762 Q * shedi Quit: Leaving 1175956311 M * onox daniel_hozac: I get Error accessing memory address 0x400160: Input/output error. 1175956378 N * DoberMann DoberMann[PullA] 1175956473 J * Help ~Amazigh@AVelizy-151-1-29-101.w82-124.abo.wanadoo.fr 1175956477 M * Help Hello, welcome to our new server AmazighChat try to use : /server irc.AmazighChat.net 1175956477 M * Help Hello, welcome to our new server AmazighChat try to use : /server irc.AmazighChat.net 1175956477 M * Help Hello, welcome to our new server AmazighChat try to use : /server irc.AmazighChat.net 1175956477 M * Help Hello, welcome to our new server AmazighChat try to use : /server irc.AmazighChat.net 1175956477 M * Help Hello, welcome to our new server AmazighChat try to use : /server irc.AmazighChat.net 1175956477 Q * Help Killed (FloodServ ((FloodServ) Warning, you have triggered a network protection. Stop flooding!)) 1175956820 Q * rgl Ping timeout: 480 seconds 1175956908 M * onox daniel_hozac: when I provide an unknown option to secure-mount, I get a smashed stack too 1175959187 M * onox daniel_hozac: have you found something? it seems it goes wrong when mountFstab() returns 1175959729 M * daniel_hozac oh? 1175959733 M * daniel_hozac do you have a back trace? 1175959793 M * daniel_hozac seems like it would be more interesting to focus on the unknown option one. 1175959801 M * daniel_hozac as that should be quite simple to track down... 1175959968 J * dreamind apwdsl@p548A80A8.dip0.t-ipconnect.de 1175959976 M * onox i don't have a backtrace 1175959982 M * onox gdb says it cannot set a backtrace 1175959995 M * onox but I flooded secure-mount.c with many WRITE_MSG() :p 1175960011 M * onox in main() method, mountFstab() is executed 1175960020 M * dreamind Hi folks :) 1175960038 M * daniel_hozac that's not the case you're hitting though. 1175960038 M * onox nothing is printed after mountFstab() 1175960059 M * daniel_hozac mountFstab shouldn't be executed for mountRootFS. 1175960062 M * daniel_hozac hello dreamind. 1175960072 M * dreamind Hi daniel_hozac :) 1175960113 M * daniel_hozac hmm, yes it should, nevermind me. 1175960164 M * onox so, I tried to print message in mountFstab() 1175960188 M * onox and just before the return at the end of the mountFstab() function, the smash error is printed 1175960444 M * daniel_hozac what happens if you move the char buf[len+2]; ... lines up to the beginning of the function? 1175960458 M * daniel_hozac hmm, wait, that won't work. 1175960759 M * onox is it possible to overwrite the canary information? 1175960785 M * daniel_hozac of course, that's why it's there. 1175960903 M * daniel_hozac how about if you add a do on line 581, and a while (0); on line 622? 1175960942 M * daniel_hozac (this is in 0.30.213-rc6) 1175961092 M * onox while(0) after the last }? 1175961100 M * onox (before res = true;?) 1175961291 M * daniel_hozac yep. 1175961300 M * onox nope, doesn't work 1175961304 M * onox why would that work? 1175961318 M * onox do{}while(0);? 1175961461 M * daniel_hozac well, i don't even understand why it doesn't work now, so i'm just guessing :) 1175961590 M * onox hmm 1175961616 M * onox do you know how I can detect whether an ELF file is compiled with SSP? 1175961667 M * onox maybe another option is to try to use glibc 1175961680 M * onox do I have to modify the Makefile or something else to get glibc? 1175961722 Q * dreamind Quit: dreamind 1175961932 M * onox i'll try --disable-internal-headers --disable-dietlibc 1175962151 M * onox lol 1175962183 M * onox I got rid of the stack smash error :p 1175962222 M * onox but vserver traded it for secure-mount: mount(): Operation not permitted error ^_^ 1175962842 M * onox hmm 1175962860 M * onox it seems dietlibc is the trouble maker 1175963456 M * daniel_hozac it's probably best to disable ssp. 1175963855 M * onox how? 1175963866 M * onox I tried to switch to nossp profile using gcc-config 1175963867 M * daniel_hozac -fno-stack-protector-all 1175964034 M * onox hmm, I see dietlibc is compiled with a nostackprotector patch 1175964089 M * onox btw, is it C or C++ code? 1175964100 M * daniel_hozac i don't think there's any C++ code left. 1175964115 N * DoberMann[PullA] DoberMann 1175964226 M * onox now I am really confused 1175964235 M * onox the stack error is gone 1175964239 M * onox even when using diet 1175964246 M * daniel_hozac so, what did you change? 1175964263 M * onox CFLAGS="$CFLAGS -fno-stack-protector-all" 1175964312 M * daniel_hozac well, that explains it, no? 1175964325 M * onox maybe 1175964333 M * onox i'll remerge dietlibc again 1175964345 M * onox then util-vserver with -fno-stack-protector-all 1175964663 P * tzafrir_laptop Leaving 1175964723 J * tamitall ~assmaster@gw.nettam.com 1175964857 Q * Piet Remote host closed the connection 1175964882 J * Piet hiddenserv@tor.noreply.org 1175965359 M * slack101 daniel_hozac: been doing alot of reading but still cant figure ut how to set the distro 1175965368 M * daniel_hozac "how to set the distro"? 1175965384 M * slack101 . /etc/vservers/vserver-name/uts 1175965390 M * slack101 do i make that distro ? 1175965393 M * slack101 i mean folder 1175965401 M * daniel_hozac as i said yesterday, yes. 1175965403 M * onox vserver vserver-name build? 1175965414 M * slack101 couldnt they jus change it then ? 1175965456 M * daniel_hozac what? 1175965461 M * slack101 since 1175965470 M * slack101 uts is in thier vserver couldnt they jus change it ? 1175965479 M * daniel_hozac uh, it's not. 1175965486 M * slack101 . /etc/vservers/vserver-name/uts 1175965512 M * slack101 ./etc/vservers/-thevservername-/uts 1175965549 M * daniel_hozac ... so? 1175965552 M * daniel_hozac what's your point? 1175965556 M * daniel_hozac the guest is at /vservers/. 1175965575 M * slack101 ooooooooo 1175965577 M * slack101 :( 1175965577 M * slack101 lol 1175965578 M * slack101 :P 1175965585 M * daniel_hozac also note that you're not changing the "distro", you're changing the reported kernel version. 1175965609 M * slack101 of course man 1175965619 M * slack101 anyother ways of doing it or just this way ? 1175965629 M * daniel_hozac of doing what? 1175965638 M * slack101 masking the distro or w/e 1175965653 M * slack101 The OS-release of the vserver 1175965653 M * daniel_hozac you mean changing the reported kernel? 1175965656 M * slack101 masking that 1175965664 M * daniel_hozac why would you want an other way? 1175965671 M * daniel_hozac is creating a directory really _that_ hard? 1175965681 M * slack101 jus checking 1175965695 M * slack101 i thoght maybe i could do it withnin the guest 1175965780 M * slack101 btw whats the difference between soft and hard resrouces ............soft doesnt terminate what thy are doing or what ? 1175965803 M * daniel_hozac depends. 1175965822 M * daniel_hozac for ulimits, the soft limit is the limit, but you can raise it to whatever the hard limit is. 1175965853 M * daniel_hozac for rlimits, the soft limit is only implemented for RSS, where the odds of swapping that guests pages are increased. 1175965881 M * slack101 i jus want to give each user 256 mb 1175965890 M * slack101 hard limit right ? 1175965909 M * daniel_hozac sure. 1175965943 M * slack101 and if they go over that what does it do ? 1175965973 M * daniel_hozac the OOM killer strikes. 1175965994 M * slack101 i seee 1175966004 M * slack101 The OS-version of the vserver  1175966010 M * slack101 why should they even know what for ? 1175966035 M * daniel_hozac what? 1175966105 M * slack101 the guest can see what version of verver that is running 1175966178 M * daniel_hozac that's why you can override it in the config.... 1175966228 M * slack101 FATAL: kernel too old 1175966228 M * slack101 vshelper.init: can not determine xid of vserver 'slax'; returned value was '' 1175966229 M * slack101 lol 1175966273 M * slack101 i guess i need the right format 1175966297 M * slack101 i am saying why do they have access to any thing concerining the vservr version ? 1175966312 M * daniel_hozac if you override it, they don't. 1175966322 M * slack101 yea i will 1175966328 M * slack101 seems as if they sholdnt have to do that anyways 1175966525 M * slack101 i dont know the format of this release file .......grrrrr 1175966533 M * slack101 everything i enter it says kerrnel to old 1175966940 J * shedi ~siggi@ftth-237-144.hive.is 1175967000 M * slack101 what is the vdir ? 1175967484 M * onox daniel_hozac: it seems only dietlibc needs -fno-stack-protector-all 1175967549 M * daniel_hozac slack101: it's a kernel version. what on earth are you inputting that it feels is invalid? 1175967563 M * daniel_hozac onox: oh? 1175967573 M * daniel_hozac slack101: vdir is the directory containing the guest... 1175968291 M * onox hmm dietlibc ebuild removes -fstack-protector-all 1175968306 M * waldi haha 1175968306 M * onox but I have to add -fno-stack-protector-all to get util-vserver working 1175968366 M * daniel_hozac probably because your compiler's defaults differ from the ones the ebuild was created for. 1175968374 M * daniel_hozac might want to ping phreak`` or Hollow about it. 1175968415 M * Hollow onox: do you have a hardened toolchain? 1175968425 M * daniel_hozac yes 1175968466 M * Hollow you have to wait for phreak`` then, i don't support hardened toolchains anymore 1175968469 M * Hollow i'm so sick of it 1175968477 M * daniel_hozac hehe 1175968491 M * daniel_hozac why's that? 1175968500 M * Hollow it's just horribly broken 1175968535 M * daniel_hozac hehe 1175968651 M * slack101 daniel_hozac: soo i would input in the release file would be 2.6.20 1175968686 M * daniel_hozac for example. 1175968690 M * onox Hollow: yes 1175968712 M * onox Hollow: hardened toolchain is broken? 1175968725 M * onox or dietlibc? 1175968786 M * Hollow both 1175968787 M * Hollow :) 1175968865 M * arachnis1 btw, are there any distros with hardened toolchain except for gentoo and adamantix? 1175968936 M * daniel_hozac what does it mean to have a "hardened toolchain"? 1175969158 M * arachnis1 ssp/pie-enabled gcc? 1175969176 M * arachnis1 a libc that supports ssp? 1175969224 M * daniel_hozac so, Fedora should qualify 1175969230 M * arachnis1 (dunno if that's issue with linux or gnu libc, but bsd's need(ed?) some changes to make ssp work) 1175969232 M * daniel_hozac i think Debian Etch should qualify too. 1175969390 M * onox Hollow: how do you mean horribly broken? 1175969404 M * Hollow onox: ssp breaks all the time 1175969436 M * onox because gcc-3.x is still used? 1175969471 M * onox btw, I tried to switch to nossp profile using gcc-config 1175969480 M * Hollow no, because dietlibcs ssp implementation is broken and the hardened toolchain does not work with dietlibcs stackgap (replacement for ssp) 1175969506 M * onox hmm 1175969515 M * onox then disable ssp and stackgap? 1175969550 M * onox dietlibc ebuild removes -fstack-protector-all 1175969568 M * onox but I have to do CFLAGS="-fno-stack-protector-all" emerge -avt dietlibc 1175969577 M * onox to get util-vserver working 1175969589 M * Hollow well, my plan is to wait for dietlibc-0.31, since fefe made some ssp commits some time ago .. 1175969655 M * onox my plan is to use glibc :p 1175969669 M * onox dietlibc is just another stupid dependency 1175969707 M * Hollow kind of .. 1175969709 M * onox btw 1175969719 M * onox Hollow: do you know how to fix mount(): permission denied errors? 1175969725 M * onox is it grsecurity thing? 1175969736 M * Hollow you can temporarily workaround this by using per-package cflags.. see http://dev.gentoo.org/~solar/portage_misc/bashrc 1175969746 M * Hollow onox: on shutdown of guests? 1175969767 M * onox on vserver test start 1175969773 M * Hollow (this goes in /etc/portage/bashrc) 1175969786 M * Hollow which baselayout(-vserver) inside? 1175969840 M * arachnis1 shouldn't baselayout 1.13.* be used now? 1175969850 N * arachnis1 arachnist 1175969859 M * Hollow yeah, we're slowly migrating to it :) 1175969883 M * Hollow but baselayout-1.13 will be baselayout-2 eventually 1175969885 M * onox Hollow: just a stage4 from your site 1175969897 M * Hollow onox: did you build with -d gentoo? 1175969899 M * onox but how do I fix mount() error? 1175969905 M * arachnist Hollow: btw, is anyone working on baselayout-2? gentoo/bsd guys are already playing with it 1175969906 M * onox init style? 1175969907 M * onox yes 1175969929 M * onox does the mount() error depend on the guest? 1175969932 M * Hollow no, you can specify a distribution on vserver ... build, you have to use gentoo there 1175969943 M * Hollow i think so 1175969973 M * Hollow arachnist: yes, uberlord is working on it, you can get a snapshot from yesterday at http://dev.gentoo.org/~uberlord/baselayout-1.13.99.tar.bz2 1175970010 M * onox secure-mount: mount(): Operation not permitted 1175970022 M * arachnist Hollow: yeah, i know, i already got it, 'cause i plan to bring gentoo/dfly back to life and wanted to use that 1175970023 M * onox /etc/vservers/test/fstab:1:1: failed to mount fstab-entry 1175970025 M * Hollow onox: well, that is on the host then 1175970031 M * onox on the master server 1175970038 J * mire ~mire@133-169-222-85.adsl.verat.net 1175970064 M * Hollow arachnist: i see... it should work on vservers too.. i still need to test it.. does the alpha12 ebuild work with it? 1175970080 M * arachnist dunno, haven't yet tried it 1175970098 M * arachnist but it should 1175970219 M * onox is that caused by grsecurity? 1175970234 M * Hollow i don't know 1175970263 M * Hollow grsecurity == selinux == ssp == hardened == unsupported in my case :P 1175970269 M * onox lol 1175970337 M * Hollow don't forget PIE and PaX :P 1175971255 Q * PowerKe Ping timeout: 480 seconds 1175972030 J * PowerKe ~tom@d54C13E4B.access.telenet.be 1175972624 J * jmcaricand ~kvirc@d90-144-72-173.cust.tele2.fr 1175972949 Q * jmcaricand Quit: KVIrc 3.2.4 Anomalies http://www.kvirc.net/ 1175973211 M * onox daniel_hozac: does vserver first chroot, then mount? 1175973337 M * mnemoc it mounts on the namespace from outside 1175974817 J * rgl ~Rui@84.90.10.107 1175975292 M * daniel_hozac it chroots to get to the directory where it will be mounted, then escapes the chroot to do the actual mount. 1175975369 M * daniel_hozac onox: you did follow harry's instructions on how to configure grsec to make it work with Linux-VServer, right? 1175975747 M * sid3windr :-) 1175975924 M * onox harry? 1175976030 M * daniel_hozac http://people.linux-vserver.org/~harry/_README_ 1175976247 J * daun ~jonathan@CPE0050ba43294d-CM0014e88eee24.cpe.net.cable.rogers.com 1175976367 M * daun Hello, I guess this is the official vserver irc channel? 1175976609 M * sid3windr correct 1175976705 M * slack101 daniel_hozac: this release thing is reallly not working out for me .......every single thing i put in there it comes up and says kerrnel to old 1175976898 M * Bertl_vV greetings folks! how's going? 1175976904 M * daniel_hozac hey Bertl_vV! 1175976928 M * Bertl_vV hey daniel_hozac! everything fine? 1175977000 M * daun Hello! 1175977005 M * daniel_hozac yeah, everything fine here. how's the vacation going? 1175977015 M * onox daniel_hozac: thx for the help, it works now 1175977030 M * Bertl_vV fine so far .. visited trinity site today ... quite chilly for NM :) 1175977042 M * Bertl_vV hey daun! what'sup? 1175977052 M * onox Hollow: maybe some documentation about grsecurity settings to get VServer working could be written 1175977063 M * daniel_hozac onox: you just read them. 1175977081 M * daniel_hozac harry is the person merging grsec and Linux-VServer, and that's the source for those patches.... 1175977102 M * onox hmm 1175977118 M * onox I found the grsec+vs patch on phreak``'s overlay 1175977134 M * daun Not a lot Bertl_vV, just been playing around with this vserver thingamajig and thought I'd see what was going on here :) 1175977153 M * Bertl_vV daun: ah, excellent! do you like it? 1175977167 M * daun It's really cool, you've all done some amazing stuff here! 1175977208 M * Bertl_vV thanks! glad you like it! .. feel free to hang around, and as the topic states, ask questions whenever you like... 1175977249 M * daun hehe, thanks, much appreciated 1175977260 M * meandtheshel1 Bertl_vV: hi - you're in rome? 1175977318 M * Bertl_vV meandtheshel1: not exactly :) 1175977337 M * meandtheshel1 hm ... ok :) 1175977337 M * Bertl_vV meandtheshel1: Socorro, NM, USA 1175977341 M * meandtheshel1 lol 1175977507 M * onox daniel_hozac: those docs are not in the off. docs 1175977531 M * daniel_hozac onox: that's as official as they get... 1175977583 M * onox ;| 1175977623 M * onox I meant they should be put in proj/en/hardened/grsecurity.xml 1175977878 J * vkb ~vkbftw@p5493b579.dip0.t-ipconnect.de 1175978075 P * vkb 1175978708 J * lylix ~eric@dynamic-acs-24-154-33-9.zoominternet.net 1175979656 M * Bertl_vV daniel_hozac: any issues with 2.2.0yet? 1175979669 M * Bertl_vV (note: my space bar is still not fixed :) 1175979704 M * daniel_hozac hehe. 1175979718 M * daniel_hozac one reported issue, but i wasn't able to reproduce it yet. 1175979762 M * Bertl_vV what kind of issues? 1175979774 M * daniel_hozac 2007-04-04T14:26:31 < starcode> I have upgraded from 2.6.20.3-vs2.2.0-rc19 to 2.6.20.4-vs2.2.0 yesterday and not ctrl-c is not working anymore 1175979793 M * sid3windr Bertl_vV: what are you doing in USA? :) 1175979833 M * arachnist Linux 2.6.20.1-vs2.2.0-rc15 1175979841 M * arachnist i ought to upgrade it sometime... 1175979860 M * daun daniel_hozac: Oh hey, I couldn't get the ctrl-c to work either, I've been playing with my kernel though and I think I found the itchy spot 1175979860 M * daniel_hozac sid3windr: vV == vacation ;) 1175979874 M * sid3windr oh. ;) 1175979935 M * daniel_hozac daun: oh? please enlighten us. 1175979980 M * daun sure, one second let me find my notes... *shuffles through the kernel* 1175980044 M * daun in pid.h there is a check that always fails against the console in #define do_each_pid_task 1175980045 Q * rgl Ping timeout: 480 seconds 1175980095 M * daun vx_check((task)->xid, VS_ADMIN_P|VS_IDENT) doesn't seem to work right since a vx_current_xid() returns the main context 1175980095 M * daniel_hozac okay, that's what doener though. 1175980105 M * daniel_hozac +t 1175980128 M * daun .. is what my debugging has told me at any rate 1175980186 M * daun I figured that was added as a security measure to prevent cross context problems? 1175980198 M * daniel_hozac yes. 1175980208 M * daniel_hozac thing is, we want to allow it in certain places. 1175980214 M * daniel_hozac e.g. tty signalling. 1175980261 M * daniel_hozac (note that disabling privacy for guests will also make it work) 1175980318 M * daun Well since the main context can kill whatever it wants anyway, would it be unreasonable to append that statement with a "vx_current_xid()==0 ||" to allow only the main context to communicate like that? 1175980351 M * daun I'm trying that right now myself and it seems to have fixed the ctrl-c thing... which was a result of giving the server its own terminal 1175980395 M * daniel_hozac VS_ADMIN_P will let the check pass if a) privacy is disabled, and b) the caller is in xid 0. 1175980455 M * daun I see... it makes so much more sense now... but why wasn't it working before I added my little hack to it? hmm... 1175980466 M * daniel_hozac because you have privacy enabled, most likely. 1175980586 M * daniel_hozac Bertl_vV: IMHO the only place using do_each_pid_task where it makes sense to check is kernel/signal.c:__kill_pgrp_info (fs/fcntl.c:send_sig{io,urg} seem like they should work regardless of contexts), but the pgrp is what's stopping the tty from working... 1175980735 M * daun daniel_hozac: You're right, my privacy is on, although disabling that would have other affects other than here correct? 1175980754 M * daniel_hozac daun: certainly. personally i think most of those effects are good though... 1175980797 M * daniel_hozac with privacy, xid 1 becomes somewhat useless. 1175980924 M * daun yeah, I see what you mean about xid 1.. 1175981039 M * bXi are you guys familiar with hamachi? 1175981159 M * daniel_hozac never heard of it. 1175981197 M * bXi its a 0 click vpn tunnel program 1175981352 M * sid3windr with a stolen ip range =) 1175981363 M * sid3windr and it really is 1-click, otherwise you won't get it installed :P 1175981369 M * bXi i use a keyboar 1175981371 M * bXi keyboard 1175981374 M * sid3windr ;-) 1175981376 M * bXi without clicking sounds :p 1175981378 M * sid3windr well yea, ok. 1175981384 M * sid3windr then vserver is also a 0-click install :P 1175981389 M * bXi it was 1175981392 M * sid3windr :-) 1175981417 M * bXi okay 1175981421 M * bXi no work till tuesday for me 1175981432 M * bXi i screwed up eth0 :( 1175981461 M * bXi so now my server is not connected to zah net 1175981466 M * daniel_hozac nice. 1175981530 N * DoberMann DoberMann[ZZZzzz] 1175981606 M * daniel_hozac Bertl_vV, doener: http://people.linux-vserver.org/~dhozac/p/k/delta-pid_task-fix01.diff 1175981640 M * daniel_hozac not tested yet. 1175981644 J * rgl ~Rui@84.90.10.107 1175981827 M * daniel_hozac (should be hack01, not fix01) 1175981839 M * daniel_hozac actually, i wonder if we even need the check there at all. 1175981858 M * daniel_hozac check_kill_permission is called by group_send_sig_info, and that should already do the right thing, IHMO. 1175981862 M * daniel_hozac +english 1175982013 M * daun daniel_hozac: Thanks for pointing out what the privacy was filtering to me, I hadn't really considered it and left it enabled thinking it was good for what I was doing :) 1175982097 M * daniel_hozac IMHO the privacy only makes sense if you're giving guests to people who don't trust you, in which case you'd want to combine it with removing VXF_STATE_ADMIN... 1175982130 Q * Piet Quit: Piet 1175982162 M * daun I could see it being more useful on a per guest basis, but maybe that's pointless... *shrugs* 1175982362 M * daun Anywho, it was nice meeting the lot of you! See you around 1175982438 Q * daun Quit: ircII EPIC4-2.6 -- Are we there yet? 1175982695 J * ktwilight ~ktwilight@50.98-66-87.adsl-dyn.isp.belgacom.be 1175983969 Q * meandtheshel1 Quit: Leaving. 1175984481 Q * dna Quit: Verlassend 1175984724 M * onox daniel_hozac: I get a "possible circular locking dependency" in vwait 1175984780 M * onox vwait/31390 is trying to acquire lock: (tasklist_lock) 1175984801 M * onox but task is already holding lock: (&sighand->siglock) which lock already depends on the new lock. 1175984831 M * daniel_hozac from what? 1175984831 Q * tamitall Read error: Connection reset by peer 1175984852 M * onox when I tried to stop a vserver 1175984854 J * tamitall ~assmaster@gw.nettam.com 1175984858 M * onox shall I dump the backtrace? 1175984881 M * daniel_hozac please do. 1175984886 M * daniel_hozac (to paste.linux-vserver.org) 1175985113 M * onox http://paste.linux-vserver.org/1399 1175985199 M * onox don't know if it's a bug or just hardened Linux who's yelling about nothing 1175985230 M * daniel_hozac doesn't seem to be caused by Linux-VServer code, IMHO. 1175985388 M * onox maybe it's grsecurity is too tight 1175985422 M * daniel_hozac too tight shouldn't cause locking incoherencies. 1175985429 M * daniel_hozac sounds like a bug to me. 1175985447 M * onox a bug in what? 1175985456 M * daniel_hozac grsec? the merge? i don't know. 1175986858 M * onox daniel_hozac: how can I properly remove a vserver? 1175986871 M * daniel_hozac vserver ... delete? 1175986901 M * onox hmm 1175986909 M * Bertl_vV vserver delete :) 1175986914 M * onox I think I need some sleep :p 1175986988 M * daniel_hozac Bertl_vV: opinions on the do_each_pid_task thing? 1175987019 M * onox pkgcfgbase-dir '/vservers/.pkg' does not exist or is invalid 1175987049 M * onox mkdir /vservers/.pkg solves it, but maybe vserver could automatically create it? 1175987052 M * daniel_hozac so your install of the utils is incomplete. 1175987241 J * DoberMann_ ~james@AToulouse-156-1-42-162.w90-16.abo.wanadoo.fr 1175987288 M * Hollow guess we need to keepdir /vservers/.pkg otherwise portage will remove it 1175987350 Q * DoberMann[ZZZzzz] Ping timeout: 480 seconds 1175987520 M * Bertl_vV daniel_hozac: I read it but I did not understand the issue or whatever ... 1175987582 M * daniel_hozac well, the tty code tries to send SIGINT to the process group on ctrl+c 1175987622 M * daniel_hozac that leads to __kill_pgrp_info, which uses do_each_pid_task, which checks for VS_ADMIN_P|VS_IDENT. 1175987640 Q * bonbons Quit: Leaving 1175987645 M * daniel_hozac so with privacy enabled, ctrl+c will not signal the processes in the guest. 1175987697 M * slack101 daniel_hozac: can i see an example of your release file ? 1175987733 M * daniel_hozac there are only three instances of do_each_pid_task that i could find, fs/fcntl.c:send_sig{io,urg}, and kernel/signal.c:__kill_pgrp_info. 1175987782 M * daniel_hozac the first shouldn't care about contexts IMHO, and the latter uses group_send_sig_info which calls check_kill_permission which should already do the right thing 1175987887 M * daniel_hozac slack101: echo 2.6.20 > /etc/vservers//uts/release 1175987968 M * daniel_hozac Bertl_vV: anything i'm missing/wrong on? 1175987978 M * Hollow echo 3.11 > uts/release; echo Windows > uts/sysname; 1175987989 M * daniel_hozac haha. 1175987991 M * daniel_hozac yeah. 1175987993 M * Hollow :) 1175988020 M * onox haha :D 1175988075 M * sid3windr lol 1175988147 J * Aiken ~james@ppp194-30.lns1.bne1.internode.on.net 1175988764 M * Bertl_vV daniel_hozac: ah, now I understand ... 1175988806 M * Bertl_vV daniel_hozac: yeah, well, give it a try ... not going to work on the code on my vacation :) 1175988819 M * Bertl_vV (unless absolutely necessary :) 1175988822 M * sid3windr :p 1175988858 Q * boci^ Quit: Távozom 1175988862 M * daniel_hozac well, just removing the vx_check from do_each_pid_task works fine here. 1175989041 M * daniel_hozac i just wanted to make sure i'm not removing any important checks. ;) 1175989182 Q * jkl Quit: relocating for faster rsync transfers, back up by tomorrow 1175990331 M * Bertl_vV daniel_hozac: will probably be fine