1176164407 M * flock- hum, the error I seem to be getting in dmesg is just "dynamic contexts disabled" 1176165113 M * flock- okay, seems like it is failing because my toolchain is requesting a dynamic context for my vserver, I am looking at kernel/vserver/network.c:__create_nx_info 1176165129 M * flock- maybe the --context flag will help, lets try:) 1176165299 M * flock- cant seem a way to specify it... 1176165960 M * flock- \o/ 1176165961 M * flock- success 1176166000 M * flock- it seems like the current util-vserver isnt getting along nicely with the removed dynamic contexts support 1176168641 Q * bzed Quit: Leaving 1176169243 Q * infowolfe Quit: Leaving 1176170230 Q * virtuoso Ping timeout: 480 seconds 1176170235 J * virtuoso ~s0t0na@80.253.205.251 1176170413 J * infowolfe ~infowolfe@c-67-164-195-129.hsd1.ut.comcast.net 1176170972 Q * DreamerC_ Quit: leaving 1176170989 J * DreamerC ~dreamerc@125-225-105-70.dynamic.hinet.net 1176172847 Q * arachnist Remote host closed the connection 1176173982 Q * Piet_ Quit: Piet_ 1176174311 J * besonen_mobile ~besonen_m@71-220-225-182.eugn.qwest.net 1176174523 J * ktwilight_ ~ktwilight@179.83-66-87.adsl-dyn.isp.belgacom.be 1176174884 Q * ktwilight Ping timeout: 480 seconds 1176178331 Q * softi42 Ping timeout: 480 seconds 1176178942 J * softi42 ~softi@p549D5707.dip.t-dialin.net 1176179828 J * meandtheshel1 ~markus@85-124-233-123.work.xdsl-line.inode.at 1176180313 J * DjMeTRaL ~sad@164.77.205.235 1176180589 J * someone_else7957 ~pirulairc@200.21.137.78 1176180589 J * someone_else9792 ~TeQuiEro@200.195.174.50 1176180589 J * someone_else1827 ~looks@200-158-120-75.dsl.telesp.net.br 1176180589 J * someone_else3184 ~TiRoTiTi@222.124.30.19 1176180589 J * someone_else9983 ~TeQuiEro@222.109.87.96 1176180589 J * someone_else5996 ~Mcc@125.243.98.54 1176180589 J * someone_else8152 ~root@210.0.209.108 1176180589 J * someone_else3802 ~moresby@203.115.71.204 1176180589 J * someone_else5758 ~sc-rlz@210.102.52.15 1176180589 J * someone_else6282 ~TeFoLLeN@61.168.222.180 1176180589 J * someone_else8110 ~melonezz@203.200.187.170 1176180589 J * someone_else5131 ~nuncamax@dsl-200-67-31-247.prod-empresarial.com.mx 1176180589 J * someone_else9071 ~iRC@203.130.202.85 1176180589 J * someone_else8937 ~melonezz@61.191.22.46 1176180589 J * someone_else4735 ~TeFoLLeN@203.115.71.204 1176180589 J * someone_else3614 ~looks@200-158-120-75.dsl.telesp.net.br 1176180589 J * someone_else9977 ~melonezz@61.51.17.28 1176180589 J * someone_else4312 ~GOD@125.244.249.3 1176180589 J * someone_else8639 ~root@200.118.113.210 1176180589 J * someone_else1555 ~mirito@210.222.178.89 1176180589 J * someone_else5696 ~zumbado@61.191.22.46 1176180589 J * someone_else7100 ~Mesias7.1@201.216.218.73 1176180589 J * someone_else3909 ~moresby@85.185.64.131 1176180589 J * someone_else338 ~underme@201.216.218.73 1176180589 J * someone_else5034 ~GuiLy@124.56.15.5 1176180589 J * someone_else1086 ~TeFoLLeN@210.222.178.89 1176180589 J * someone_else5759 ~Mesias7.1@222.110.112.154 1176180589 J * someone_else435 ~diablo@200.146.119.50.static.gvt.net.br 1176180589 J * someone_else6383 ~lolest@203.115.71.204 1176180589 J * someone_else9896 ~melonezz@S0106001109843a8c.ok.shawcable.net 1176180589 J * someone_else5711 ~mirito@203.130.202.85 1176180590 J * someone_else588 ~iRC@222.117.161.234 1176180590 J * someone_else2442 ~PhAnATiC@125.137.50.120 1176180590 J * someone_else436 ~GOD@61.51.17.28 1176180590 J * someone_else9712 ~GuiLy@210.0.209.108 1176180590 J * someone_else1479 ~lolest@85.185.64.131 1176180590 J * someone_else7886 ~PhAnATiC@63.146.40.33 1176180590 J * someone_else5653 ~sc-rlz@211.192.20.172 1176180590 J * someone_else4773 ~looks@203.200.187.170 1176180590 J * someone_else1723 proxy@212.124.62.126 1176180590 J * someone_else1450 ~TeFoLLeN@212.62.97.21 1176180590 J * someone_else4177 ~TeFoLLeN@222.124.30.19 1176180590 J * someone_else9515 ~V0V0@125.244.249.3 1176180590 J * someone_else178 ~iRC@210.102.52.15 1176180590 J * someone_else6951 ~skinnerz@222.109.87.96 1176180590 J * someone_else1829 ~diablo@61.32.4.36 1176180590 J * someone_else45 ~GuiLy@201.210.192.40 1176180590 J * someone_else5289 ~TeFoLLeN@222.117.161.234 1176180590 J * someone_else263 ~melonezz@85.185.64.131 1176180590 J * someone_else8703 ~pirulairc@200.118.113.210 1176180590 J * someone_else5566 ~Mcc@200.118.113.210 1176180590 J * someone_else2895 ~skinnerz@210.212.198.69 1176180590 J * someone_else4505 ~GZ@200.69.185.3 1176180591 J * someone_else6514 ~PhAnATiC@200.117.254.62 1176180591 J * someone_else643 ~GuiLy@61-220-149-146.HINET-IP.hinet.net 1176180592 J * someone_else5521 ~looks@61-220-149-146.HINET-IP.hinet.net 1176180592 J * someone_else1741 ~iRC@200-161-200-163.dsl.telesp.net.br 1176180592 J * someone_else2194 ~TiRoTiTi@ks34664.kimsufi.com 1176180594 J * someone_else7801 ~root@200.117.254.62 1176180594 J * someone_else2376 ~Mcc@201.210.192.40 1176180597 F * ChanServ +o daniel_hozac 1176180600 M * someone_else9792 Lammers IRC Canales Clon bot Chile-. 1176180600 M * someone_else3184 Lammers IRC Canales Clon bot Chile-. 1176180600 M * someone_else9983 Lammers IRC Canales Clon bot Chile-. 1176180600 M * someone_else1827 Lammers IRC Canales Clon bot Chile-. 1176180600 M * someone_else5758 Lammers IRC Canales Clon bot Chile-. 1176180600 M * someone_else5131 Lammers IRC Canales Clon bot Chile-. 1176180601 Q * someone_else1827 Killed (FloodServ ((FloodServ) Warning, you have triggered a network protection. Stop flooding!)) 1176180601 M * someone_else8152 Lammers IRC Canales Clon bot Chile-. 1176180601 M * someone_else435 Lammers IRC Canales Clon bot Chile-. 1176180601 M * someone_else8937 Lammers IRC Canales Clon bot Chile-. 1176180601 M * someone_else5996 Lammers IRC Canales Clon bot Chile-. 1176180601 M * someone_else6282 Lammers IRC Canales Clon bot Chile-. 1176180601 M * someone_else8110 Lammers IRC Canales Clon bot Chile-. 1176180601 M * someone_else1555 Lammers IRC Canales Clon bot Chile-. 1176180601 Q * someone_else9792 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 M * someone_else5696 Lammers IRC Canales Clon bot Chile-. 1176180601 Q * someone_else3614 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 Q * someone_else6951 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 M * someone_else1086 Lammers IRC Canales Clon bot Chile-. 1176180601 Q * someone_else3184 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 M * someone_else6383 Lammers IRC Canales Clon bot Chile-. 1176180601 M * someone_else5759 Lammers IRC Canales Clon bot Chile-. 1176180601 Q * someone_else4773 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 Q * someone_else1086 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 Q * someone_else8110 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 Q * someone_else6282 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 Q * someone_else5996 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 M * someone_else4505 Lammers IRC Canales Clon bot Chile-. 1176180601 M * someone_else9071 Lammers IRC Canales Clon bot Chile-. 1176180601 Q * someone_else9983 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 Q * someone_else4177 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 Q * someone_else178 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 Q * someone_else5758 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 Q * someone_else3802 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 Q * someone_else5759 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 Q * someone_else5711 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 M * someone_else588 Lammers IRC Canales Clon bot Chile-. 1176180601 Q * someone_else9712 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 Q * someone_else5131 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 Q * someone_else5289 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 Q * someone_else8152 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 Q * someone_else8937 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 Q * someone_else5696 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 Q * someone_else435 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 Q * someone_else4505 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 Q * someone_else1555 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 M * someone_else1723 Lammers IRC Canales Clon bot Chile-. 1176180601 M * someone_else7886 Lammers IRC Canales Clon bot Chile-. 1176180601 M * someone_else9515 Lammers IRC Canales Clon bot Chile-. 1176180601 Q * someone_else4735 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 Q * someone_else4312 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 Q * someone_else9515 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 M * someone_else7100 Lammers IRC Canales Clon bot Chile-. 1176180601 Q * someone_else588 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 Q * someone_else338 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 Q * someone_else1723 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 Q * someone_else7100 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 Q * someone_else6383 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 Q * someone_else7886 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 J * someone_else7938 ~sc-rlz@125.252.95.232 1176180601 M * someone_else7938 Lammers IRC Canales Clon bot Chile-. 1176180601 M * someone_else45 Lammers IRC Canales Clon bot Chile-. 1176180601 Q * someone_else7938 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 M * someone_else263 Lammers IRC Canales Clon bot Chile-. 1176180601 Q * someone_else45 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 Q * someone_else2376 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 Q * someone_else1479 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 Q * someone_else3909 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 Q * someone_else263 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180601 M * someone_else5034 Lammers IRC Canales Clon bot Chile-. 1176180601 Q * someone_else5034 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180602 Q * someone_else9071 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180602 F * daniel_hozac +i 1176180603 M * someone_else2194 Lammers IRC Canales Clon bot Chile-. 1176180603 Q * someone_else2194 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180603 M * someone_else8639 Lammers IRC Canales Clon bot Chile-. 1176180603 Q * someone_else8703 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180603 Q * someone_else5566 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180603 Q * someone_else8639 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180603 M * someone_else7801 Lammers IRC Canales Clon bot Chile-. 1176180604 Q * someone_else7801 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180604 Q * someone_else6514 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180604 M * someone_else7957 Lammers IRC Canales Clon bot Chile-. 1176180604 M * someone_else7957 Lammers IRC Canales Clon bot Chile-. 1176180604 Q * someone_else7957 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180604 M * someone_else1741 Lammers IRC Canales Clon bot Chile-. 1176180604 M * someone_else1741 Lammers IRC Canales Clon bot Chile-. 1176180604 M * someone_else1450 Lammers IRC Canales Clon bot Chile-. 1176180604 M * someone_else1450 Lammers IRC Canales Clon bot Chile-. 1176180604 Q * someone_else1741 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180604 Q * someone_else1450 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180609 M * someone_else643 Lammers IRC Canales Clon bot Chile-. 1176180609 M * someone_else643 Lammers IRC Canales Clon bot Chile-. 1176180609 M * someone_else643 Lammers IRC Canales Clon bot Chile-. 1176180609 Q * someone_else643 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180609 Q * someone_else5521 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180609 M * someone_else436 Lammers IRC Canales Clon bot Chile-. 1176180609 M * someone_else436 Lammers IRC Canales Clon bot Chile-. 1176180609 M * someone_else436 Lammers IRC Canales Clon bot Chile-. 1176180609 Q * someone_else436 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180609 Q * someone_else9977 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180611 M * someone_else2895 Lammers IRC Canales Clon bot Chile-. 1176180611 M * someone_else2895 Lammers IRC Canales Clon bot Chile-. 1176180611 M * someone_else2895 Lammers IRC Canales Clon bot Chile-. 1176180611 Q * someone_else2895 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180619 M * someone_else1829 Lammers IRC Canales Clon bot Chile-. 1176180619 M * someone_else1829 Lammers IRC Canales Clon bot Chile-. 1176180619 M * someone_else1829 Lammers IRC Canales Clon bot Chile-. 1176180619 Q * someone_else1829 autokilled: (FloodServ) You have triggered a network protection Text/Flood. Please stop flooding! (2007/4/10 04.50) 1176180619 F * daniel_hozac +m 1176180662 F * daniel_hozac -im 1176180668 M * someone_else9896 Lammers IRC Canales Clon bot Chile-. 1176180668 M * someone_else9896 Lammers IRC Canales Clon bot Chile-. 1176180668 M * someone_else9896 Lammers IRC Canales Clon bot Chile-. 1176180668 P * someone_else9896 1176180717 M * DjMeTRaL wow 1176180726 M * someone_else5653 Lammers IRC Canales Clon bot Chile-. 1176180726 M * someone_else5653 Lammers IRC Canales Clon bot Chile-. 1176180726 M * someone_else5653 Lammers IRC Canales Clon bot Chile-. 1176180726 P * someone_else5653 1176180740 K someone_else2442 daniel_hozac flooder 1176180766 F * daniel_hozac -o daniel_hozac 1176180781 M * Bertl_vV some folks are just too dumb :) 1176180794 M * daniel_hozac flock-: current util-vserver gets along fine with it, you just have to specify the context yourself (with util-vserver <0.30.213). 1176180802 M * daniel_hozac Bertl_vV: indeed... 1176180839 M * Bertl_vV how'sgoing? everything fine except for the annoyances? 1176180842 M * daniel_hozac Bertl_vV: btw, should we do a 2.2.0.1 for the ctrl+c issue? 1176180852 M * daniel_hozac or wait to see if anything else pops up first? 1176180868 M * Bertl_vV signal propagation across contexts, yes? 1176180875 M * daniel_hozac right. 1176180885 M * Bertl_vV more precisely from host to guest context 1176180889 M * daniel_hozac well, my test box died the day before yesterday, so i've been trying to fix that rather than testing util-vserver... 1176180898 M * daniel_hozac well, tty signalling to be exact. 1176180913 M * daniel_hozac it's SEND_SIG_PRIV. 1176180947 M * Bertl_vV the test box died because of that? 1176180957 M * daniel_hozac no, i tried to add a SCSI-card to it :) 1176180959 J * q3533 ~Homer@70.89.242.145 1176180959 J * u6693 ~GZ@161-231-126-200.fibertel.com.ar 1176180959 J * c2750 ~root@24-179-163-201.dhcp.dlth.mn.charter.com 1176180959 J * z6575 ~skinnerz@124.56.176.154 1176180959 J * s2712 ~GOD@222.112.228.107 1176180959 J * y3731 ~TeQuiEro@58.141.219.223 1176180959 J * someone_else5653 ~sc-rlz@211.192.20.172 1176180959 J * someone_else2442 ~PhAnATiC@125.137.50.120 1176180959 J * p3347 ~lolest@217.218.242.196 1176180959 J * j4146 ~GZ@222.46.16.130 1176180959 J * someone_else9896 ~melonezz@S0106001109843a8c.ok.shawcable.net 1176180962 P * q3533 1176180963 P * c2750 1176180963 P * z6575 1176180963 P * s2712 1176180963 P * someone_else5653 1176180963 P * j4146 1176180963 P * someone_else2442 1176180963 P * u6693 1176180963 P * y3731 1176180964 P * p3347 1176180965 P * someone_else9896 1176180990 J * someone_else2383 ~root@24-179-163-201.dhcp.dlth.mn.charter.com 1176180990 J * someone_else9857 ~GZ@161-231-126-200.fibertel.com.ar 1176180990 J * someone_else3101 ~melonezz@S0106001109843a8c.ok.shawcable.net 1176180990 J * someone_else1117 ~skinnerz@124.56.176.154 1176180990 J * someone_else8920 ~GOD@222.112.228.107 1176180990 J * someone_else7325 ~Homer@70.89.242.145 1176180990 J * someone_else4583 ~PhAnATiC@125.137.50.120 1176180990 J * someone_else56 ~sc-rlz@211.192.20.172 1176180990 J * someone_else1027 ~lolest@217.218.242.196 1176180992 J * someone_else8455 ~GZ@222.46.16.130 1176180994 J * someone_else9881 ~TeQuiEro@58.141.219.223 1176180994 P * someone_else7325 1176180994 P * someone_else9857 1176180994 P * someone_else2383 1176180994 P * someone_else1117 1176180994 P * someone_else8920 1176180994 P * someone_else4583 1176180994 P * someone_else56 1176180994 P * someone_else8455 1176180994 P * someone_else3101 1176180994 P * someone_else1027 1176180995 P * someone_else9881 1176180997 J * someone_else2346 proxy@196.34.229.2 1176180997 P * someone_else2346 1176181000 J * someone_else1117 ~skinnerz@124.56.176.154 1176181000 J * someone_else9857 ~GZ@161-231-126-200.fibertel.com.ar 1176181000 J * someone_else7325 ~Homer@70.89.242.145 1176181000 J * someone_else8920 ~GOD@222.112.228.107 1176181000 J * someone_else2383 ~root@24-179-163-201.dhcp.dlth.mn.charter.com 1176181000 J * someone_else9881 ~TeQuiEro@58.141.219.223 1176181000 J * someone_else56 ~sc-rlz@211.192.20.172 1176181000 J * someone_else4583 ~PhAnATiC@125.137.50.120 1176181000 J * someone_else8455 ~GZ@222.46.16.130 1176181000 J * someone_else1027 ~lolest@217.218.242.196 1176181001 P * someone_else9857 1176181001 P * someone_else2383 1176181001 P * someone_else8455 1176181001 P * someone_else7325 1176181001 P * someone_else1117 1176181001 P * someone_else8920 1176181001 P * someone_else56 1176181002 P * someone_else9881 1176181002 P * someone_else4583 1176181003 P * someone_else1027 1176181007 J * someone_else2346 proxy@196.34.229.2 1176181007 P * someone_else2346 1176181010 J * someone_else1117 ~skinnerz@124.56.176.154 1176181010 J * someone_else7325 ~Homer@70.89.242.145 1176181010 J * someone_else9857 ~GZ@161-231-126-200.fibertel.com.ar 1176181010 J * someone_else8920 ~GOD@222.112.228.107 1176181010 J * someone_else2383 ~root@24-179-163-201.dhcp.dlth.mn.charter.com 1176181010 J * someone_else9881 ~TeQuiEro@58.141.219.223 1176181010 J * someone_else56 ~sc-rlz@211.192.20.172 1176181010 J * someone_else4583 ~PhAnATiC@125.137.50.120 1176181010 J * someone_else1027 ~lolest@217.218.242.196 1176181010 J * someone_else3101 ~melonezz@S0106001109843a8c.ok.shawcable.net 1176181010 P * someone_else3101 1176181010 J * someone_else8455 ~GZ@222.46.16.130 1176181011 P * someone_else1117 1176181011 J * someone_else2346 proxy@196.34.229.2 1176181011 P * someone_else8920 1176181011 P * someone_else9881 1176181011 P * someone_else8455 1176181011 P * someone_else56 1176181011 P * someone_else1027 1176181012 F * ChanServ +o daniel_hozac 1176181013 P * someone_else2383 1176181014 P * someone_else9857 1176181015 J * someone_else9857 ~GZ@161-231-126-200.fibertel.com.ar 1176181016 J * someone_else2383 ~root@24-179-163-201.dhcp.dlth.mn.charter.com 1176181016 F * daniel_hozac +i 1176181016 P * someone_else4583 1176181016 J * someone_else9881 ~TeQuiEro@58.141.219.223 1176181016 P * someone_else9857 1176181016 P * someone_else2383 1176181017 P * someone_else9881 1176181018 P * someone_else2346 1176181021 P * someone_else7325 1176181023 M * daniel_hozac guess we'll keep that for a while... 1176181034 M * Aiken what is mode +i? 1176181039 M * daniel_hozac invite only. 1176181043 M * Aiken ah 1176181049 M * Bertl_vV yep, let's get rid of the left overs too 1176181063 M * Bertl_vV (while you are still +o :) 1176181079 M * daniel_hozac hmm, which ones? 1176181094 M * Bertl_vV no someone_* left? 1176181101 M * daniel_hozac not AFAICS. 1176181111 M * Bertl_vV okay, should be fine then 1176181164 M * Bertl_vV daniel_hozac: you can test with the princeton machine 1176181173 M * daniel_hozac yeah, i'll do that. 1176181182 F * daniel_hozac -o daniel_hozac 1176181207 M * daniel_hozac just bugs me when hardware stops working for no apparent reason ;) 1176181238 M * Bertl_vV I don't know what exactly the CTRL-C issue is and/or what causes it, but the signal passing behaviour across contexts is not really well defined 1176181268 M * Bertl_vV nevertheless, we currently try to keep it as natural as possible 1176181294 M * Bertl_vV (which probably means that signals from xid=0/1 should be delivered to xid>1 too) 1176181301 M * daniel_hozac well, the problem is caused by the changes to do_each_pid_task. 1176181314 M * Bertl_vV ah, for the signalling, yes 1176181351 M * Bertl_vV you did revert that for this specific case and rely on the signal function checks, right? 1176181366 M * daniel_hozac right. 1176181370 M * Bertl_vV i.e. send_siginfo (or whatever it is called) is still checking 1176181378 M * daniel_hozac check_kill_permission 1176181385 M * Bertl_vV okay 1176181398 M * daniel_hozac http://people.linux-vserver.org/~dhozac/p/k/delta-pid_task-fix01.diff 1176181400 M * Bertl_vV what are the impacts of not having that fix? 1176181415 M * daniel_hozac ctrl+[cz] don't work in vserver ... enter 1176181446 M * daniel_hozac (if you have privacy enabled) 1176181468 M * Bertl_vV okay, I think we can live with that for now 1176181487 M * Bertl_vV I'm not even sure that this is really unwanted behaviour :) 1176181533 M * Bertl_vV privacy enabled means only the kernel config, not actually the admin flag removed, yes? 1176181540 M * daniel_hozac right. 1176181548 M * daniel_hozac (the check is VX_ADMIN_P) 1176181554 M * daniel_hozac s/VX/VS/ 1176181555 M * Bertl_vV which *_P check is causing tat? 1176181561 M * Bertl_vV *that 1176181562 M * daniel_hozac http://people.linux-vserver.org/~dhozac/p/k/delta-pid_task-fix01.diff 1176181575 M * daniel_hozac i.e. the one in do_each_pid_task 1176181580 M * Bertl_vV okay 1176181588 M * Bertl_vV what if we change that to VS_ADMIN 1176181599 M * Bertl_vV ? 1176181740 M * daniel_hozac well, do we want the check there at all? 1176181779 M * Bertl_vV not sure, was just an idea ... 1176181805 M * Bertl_vV will have a closer look later this month 1176181817 M * daniel_hozac for kill_pgrp_info, it's already checked by check_kill_permission, for send_sig{io,urg}, i don't think checking makes sense... 1176181835 M * daniel_hozac (only three places it's used) 1176181865 M * Bertl_vV yes, the thing is more that upcoming pid spaces will do similar 1176181910 M * Bertl_vV and we probably will have to bend the rules there unless we drop enter functionality 1176181928 M * Bertl_vV or figure a way to work around that in userspace (i.e. signal relaying or so) 1176181936 Q * DjMeTRaL Quit: leaving 1176181966 F * ChanServ +o daniel_hozac 1176181969 F * daniel_hozac -i 1176181971 F * daniel_hozac -o daniel_hozac 1176181988 M * daniel_hozac yeah. 1176182303 M * Bertl_vV okay, keep up the good work, and do whatever you consider appropriate ... 1176182316 M * Bertl_vV I'm off to bed now ... 1176182342 M * daniel_hozac okay, good night, and enjoy your vacation! 1176182945 N * DoberMann_ DoberMann 1176184577 Q * virtuoso Ping timeout: 480 seconds 1176184580 J * virtuoso ~s0t0na@80.253.205.251 1176185865 M * harry daniel_hozac: so that's the answer to the latest q on the ml ? 1176186343 J * sharkjaw ~gab@158.36.45.236 1176186651 N * DoberMann DoberMann[PullA] 1176189637 Q * dghill Quit: Weeeeee! 1176189638 J * dghill dghill@office.mel.illuminate.com.au 1176189970 Q * phreak`` Quit: leaving 1176189997 J * phreak`` ~phreak``@deimos.barfoo.org 1176190445 J * dna ~naucki@127-201-dsl.kielnet.net 1176191958 J * spyke ~jonas@pc19.hip.fi 1176194594 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il 1176194865 Q * flock- Ping timeout: 480 seconds 1176194950 J * DavidS ~david@chello062178045213.16.11.tuwien.teleweb.at 1176195081 J * bzed ~bzed@dslb-084-059-106-018.pools.arcor-ip.net 1176195241 M * spyke hi, are there any known problems with util-vserver-0.30.212 and a bit older kernels, say 2.6.14.3? I keep getting vnamespace: vc_set_namespace(): Operation not premitted when starting my vservers, testme.sh does not report any errors 1176195441 M * harry i don't know if that has something to do with it 1176195448 M * harry but do you use static context ids? 1176195467 Q * flock Ping timeout: 480 seconds 1176195504 M * harry if you don't use static context id's... try using them! :) 1176195551 M * spyke ok, sorry gotta run to school 1176195564 M * spyke but thanks i will try :) 1176195861 M * Hollow daniel_hozac: ping? 1176196325 Q * ensc Ping timeout: 480 seconds 1176197175 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il 1176197451 J * gypsymauro ~Io@84.18.151.77 1176197454 M * gypsymauro hi 1176197584 M * gypsymauro I'm using vserver on debian I saw that there is a /etc/vservers/.defaults/vdirbase that is a link to /var/lib/vservers, I've two questions: one, can I remove that link and copy all the /var/lib/vservers? how I can otherwise backup that? I'm always afraid when using tar with links.. 1176197589 J * zLinux ~zLinux@88.213.58.119 1176197699 M * flock thanks daniel_hozac 1176197705 P * flock Leaving 1176197715 M * DavidS gypsymauro: if you want to backup your /etc, copy the symlink as is , If you want to backup /var/lib/vservers do that separately, if that doesn't answer your question I didn't understand it 1176198120 M * gypsymauro DavidS: I simply want to backup all mi vserver environment so I hope there are not other hidden simlinks :) 1176198230 M * DavidS the are a few "hidden" directories within /etc/vservers and /var/lib/vservers; you can see them with ls -a; but his two directories should be everything you need 1176198844 N * bzed bzed|afk 1176199120 J * lilalinux ~plasma@80.69.41.3 1176199134 M * gypsymauro and.. the best way to delete a vserver? rm -rf /etc/vservers/vservername and rm -rf /var/lib/vservers/vservername it's enough? 1176199164 M * spyke harry, the static context id didn't help 1176200681 Q * cehteh Ping timeout: 480 seconds 1176200716 Q * gypsymauro Quit: leaving 1176200736 Q * hardwire Ping timeout: 480 seconds 1176200909 Q * Aiken Quit: Leaving 1176201216 Q * DavidS Quit: Leaving. 1176203648 J * Piet hiddenserv@tor.noreply.org 1176204478 Q * lilalinux Remote host closed the connection 1176204506 J * lilalinux ~plasma@80.69.41.3 1176206720 J * DavidS ~david@pnsgw3-client236.demo.tuwien.ac.at 1176208099 J * ema ~ema@rtfm.galliera.it 1176209629 J * onox ~onox@kalfjeslab.demon.nl 1176209656 N * bzed|afk bzed 1176209917 J * cruser ~chatzilla@72.242.194.162 1176210284 M * cruser Hi, I am looking to join the vserver list but http://list.linux-vserver.org/ is not resolving for me. Does anyone know if this url should resolve? 1176210399 M * Borg- host name : list.linux-vserver.org 1176210400 M * Borg- address : 66.98.205.98 1176210578 M * sid3windr apache is dead though on there 1176210644 M * Hollow mailto:vserver-request@list.linux-vserver.org?subject=subscribe 1176210661 M * Hollow cruser: ^ 1176210665 M * cruser hollow: thanks 1176211517 J * ensc ~irc-ensc@p54b4f803.dip.t-dialin.net 1176211593 J * SoftIce ~phil@vc-196-207-45-253.3g.vodacom.co.za 1176211773 J * inshadow ~Miranda@port190.ds1-trg.adsl.cybercity.dk 1176213448 M * SoftIce hi when running asterisk i'm gettig this 1176213449 M * SoftIce Apr 10 13:59:24 WARNING[16788]: chan_skinny.c:3141 reload_conf 1176213449 M * SoftIce ig: Unable to get our IP address, Skinny disabled 1176213463 M * SoftIce this is in avserver, any idea why asterisk wouldn't be able to get the ip address? 1176213542 J * shedi ~siggi@tolvudeild-195.lhi.is 1176213669 M * DavidS SoftIce: does the vserver HAVE a IP? 1176213728 Q * sharkjaw Quit: Leaving 1176213855 J * Vudumen ~vudumen@217.20.138.14 1176213855 Q * Vudu Read error: Connection reset by peer 1176214089 Q * inshadow Read error: Connection reset by peer 1176214238 M * SoftIce DavidS ye 1176214244 M * SoftIce i can see it in ifconfig too 1176214566 M * mjt what's the best place to do custom mounts for a vserver? scripts/prepare-start? 1176214606 M * mjt or maybe it's possible to over-write mounting of root, too? 1176214662 M * mjt all that stuff to process fstab* for a vserver - is there a way to replace it w/o editing scripts? 1176214841 M * harry mjt: why not /etc/vservers//fstab ? 1176214844 M * harry mjt: why not /etc/vservers//fstab.remote ? 1176214848 M * harry one of those :) 1176214880 Q * shedi Quit: Leaving 1176214910 M * mjt because it'd be much more difficult to manage dozens of those 1176214938 M * mjt they're all standard here. 1176214943 Q * ruskie Read error: Connection reset by peer 1176214948 M * mjt with only minor differences 1176214956 J * ruskie ruskie@ruskie.user.oftc.net 1176215038 J * thessy nK5nsxaY@nat-1.rz.uni-karlsruhe.de 1176215046 M * mjt most entries are the same (root bind-mounted from /vs/common to /vs/$name; devpts, devfs, /var/run, /tmp and the like), and some bind-mounts for individual vservers 1176215112 M * mjt it'd be best to replace mounting of root too (due to that $name thing - in a script it's one line, or dozens of similar lines in fstabs) 1176215166 M * mjt also, i had to edit a bunch of scripts to stop secure-mount from complaining about read-only /etc/mtab with is a symlink to /proc/mounts anyway 1176215201 M * mjt so replacing "standard" procedure (mounting root) with a script will be the best solution 1176215353 P * cruser 1176215701 M * mjt ditto for IP addresses, by the way 1176215706 M * mjt hmm 1176215732 M * mjt I think I've seen someone mentioned a simple script to start/stop vservers 1176215757 Q * thessy Remote host closed the connection 1176215818 M * SoftIce DavidS: hm, it was missing a hosts file 1176215821 M * SoftIce :) 1176215846 M * mjt scripts/post-start - in which context it's executed? 1176217693 Q * SoftIce 1176217796 Q * DavidS Quit: Leaving. 1176218902 M * daniel_hozac Hollow: pong 1176218921 M * daniel_hozac Hollow: i saw your patch, i just want to go through it more thoroughly before i comment. 1176218932 M * Hollow ok :) 1176219021 M * mjt blah. How freeVPS.com is related to linux-vserver, if at all? 1176219051 M * mjt or is it just another similar solution? 1176219280 M * daniel_hozac forked very early on. 1176219356 M * sid3windr well fork them back! :> 1176219365 M * mjt aha 1176219376 M * mjt -ETOOMANYVSERVERS 1176219406 M * mjt daniel_hozac: was it you who mentioned a simple script to start/stop vservers? 1176219408 M * Bertl_vV mjt: well, they branched from us, and we tried several times to combine both branches in the past 1176219427 M * mjt ..or was it Bertl? :) 1176219427 M * sid3windr we is both or we as in vserver team? 1176219436 M * Bertl_vV mjt: didn't work for political reasons (the company behind FreeVPS) 1176219448 M * mjt 'hwell 1176219458 M * Bertl_vV sid3windr: the Linux-VServer folks ... 1176219463 M * sid3windr ah :) 1176219496 M * mjt it's like with many other subsystems and solutions 1176219520 M * mjt i once looked at iSCSI stuff for linux. Linux-iscsi, open-iscsi, free-iscsi, something else... 1176219544 M * mjt forks, forks, forks, partial merges, forks, political issues, more forks... 1176219560 M * waldi open-iscsi is in the kernel, stgt is in the kernel 1176219562 M * sid3windr kde, gnome... 1176219562 M * sid3windr :p 1176219570 M * waldi so we have target and initiator now 1176219575 M * Bertl_vV yeah, sometimes forrking makes sense, sometimes not really ... 1176219590 M * mjt but ok 1176219592 M * waldi (and no, iscsi over adsl is no good idead ...) 1176219609 M * mjt iscsi is not a good idea in the first place, it seems. 1176219616 M * Bertl_vV daniel_hozac: did you read the CTRL-C ML reply? it seems it isn't present with certain tools, or did I misread that? 1176219617 M * mjt er 1176219633 M * waldi mjt: it is faster than rdma scsi on my power machines 1176219635 M * daniel_hozac Bertl_vV: i was just about to reply to that, as that just seems... bizarre. 1176219659 M * Bertl_vV okay, keep investigating ... 1176219695 M * mjt hmm. please remind me what's the issue with Ctrl+C -- how to reproduce? 1176219698 M * daniel_hozac i suppose vlogin might work around the issue. 1176219719 M * daniel_hozac vserver ... enter; sleep 10; ctrl+c 1176219733 M * mjt that works here 1176219752 M * mjt but there was some other command which didn't 1176219765 M * daniel_hozac with 2.6.20.4-vs2.2.0, and privacy enabled? 1176219769 M * mjt ie, vserver enter always worked for me. chcontext maybe? 1176219795 M * mjt #2.6.19.7-grsec2.1.10-vs2.2.0 1176219805 M * mjt and with privacy enabled 1176219818 M * mjt but it works with 2.6.20 too 1176219882 M * daniel_hozac what if you mkdir -p /etc/vservers/.defaults/apps/vlogin; touch /etc/vservers/.defaults/apps/vlogin/disable? 1176219943 M * mjt ok to do it for /etc/vservers/foo/apps/login instead of .defaults? 1176219950 M * mjt er vlogin 1176219955 M * daniel_hozac no. vlogin is a global thing. 1176219964 M * mjt aha 1176219986 M * mjt aha 1176219992 M * mjt doesn't work with vlogin disabled 1176220101 M * mjt well 1176220115 M * mjt Ctrl+C doesn't work on linux console before init 1176220129 M * mjt like, when you request shell from initramfs 1176220138 M * daniel_hozac so either the people who have reported the issue have really old utils (thank you Debian sarge), or something weird is going on... 1176220139 M * waldi no controlling terminal? 1176220182 M * mjt and i remember there was some discussion about that... Must be a session leader or somesuch... 1176220188 M * mjt but can't find it 1176220203 M * daniel_hozac you have to be in the process group of the tty. 1176220227 M * daniel_hozac (and have set the break code for it with stty or similar) 1176220238 M * mjt break code is set 1176220249 M * mjt intr 1176220251 M * Bertl_vV so if it works correctly with vlogin, it is a non-issue IMHO 1176220269 M * mjt where that vlogin comes from? 1176220277 M * mjt there's no `vlogin' binary.. :) 1176220279 M * Bertl_vV util-vserver 1176220329 M * daniel_hozac vcontext --vlogin 1176220346 M * daniel_hozac or maybe it's just --login. 1176220348 M * daniel_hozac i can never remember. 1176220382 M * mjt --vlogin it is 1176220387 M * mjt src/vlogin.c 1176220413 M * mjt ..or not :) 1176220495 M * daniel_hozac Bertl_vV: the thing that got me interested in the first place was that the first reporter claimed an upgrade from -rc19 to final was what started causing the issue.. 1176220499 M * mjt oh well. so it creates pty, and passes all data in/out to it 1176220526 M * daniel_hozac yep. 1176220534 M * Bertl_vV daniel_hozac: could match, as rc19 didn't have all the checks IIRC 1176220673 M * daniel_hozac Bertl_vV: -rc15 added the checks in do_each_task_pid/do_each_pid_task. 1176220894 M * Bertl_vV hmm, okay ... strange 1176220929 M * daniel_hozac indeed... will have to investigate further. 1176221380 M * mjt hmm. fun. Not that it's entirely news for me but still. Looks like there's no difference between assigning an additional IP address to any of physical interfaces or to loopback. 1176221385 J * bonbons ~bonbons@83.222.38.145 1176221419 M * mjt that IP is accessible still - from both inside the given machine and from "outside" 1176221529 M * daniel_hozac Bertl_vV: ah, the first reporter had disabled vlogin. 1176221657 M * daniel_hozac didn't get enough details from the second one. 1176221888 J * onox_ ~onox@82.161.3.211 1176221888 Q * onox Read error: Connection reset by peer 1176222823 M * mjt what's vcmd? 1176222929 J * stefani ~stefani@flute.radonc.washington.edu 1176222983 M * mnemoc a wrapper 1176223012 M * daniel_hozac think of it as vserver syscalls from bash. 1176223183 J * pattieja ~pattieja@kr.structure.northwestern.edu 1176223208 J * FireEgl Atl-NA@adsl-61-136-122.bhm.bellsouth.net 1176223258 M * pattieja hello 1176223260 M * daniel_hozac hi 1176223262 M * mjt found it 1176223295 M * pattieja I was attempting to get Zimbra Collaberation Server running under a vserver 1176223321 M * pattieja I found and followed the wiki article on Zimbra's site concerning installation inside a vserver 1176223333 M * daniel_hozac oh? 1176223343 M * daniel_hozac but? 1176223356 M * pattieja However, many of the services, specifically the tomcat service would not launch 1176223374 M * daniel_hozac how come? 1176223393 M * pattieja In the error logs, and the scripts that are used to install and run some of these services, they hardcode localhost 1176223412 M * pattieja and I think localhost is embedded in the java byte code, therefore 1176223436 M * pattieja so, these java programs are attempting to access 'localhost' services that do not launch 1176223451 M * daniel_hozac should be fine... 1176223466 M * pattieja daniel_hozac, ehh? It completely stops it from working 1176223483 M * pattieja administrative interface does not work 1176223500 M * daniel_hozac well, i meant the localhost part. 1176223507 M * daniel_hozac why aren't the services starting? 1176223513 M * pattieja don't know 1176223519 M * pattieja something to do with localhost 1176223523 M * daniel_hozac seems like a good idea to find out, no? :) 1176223534 M * pattieja yes 1176223542 M * pattieja but, I made it work a different way 1176223584 M * pattieja I found on the vserver mailing lists that someone was able to create an 'lo' interface (which did not exist in my vserver when I type ifconfig or ip addr list) 1176223617 M * pattieja so, I assigned my 'lo' interface the IP address 127.0.0.2 and in my vserver changed /etc/hosts to be 127.0.0.2 localhost.localdomain localhost 1176223623 M * daniel_hozac well, the lo interface is already used for any local traffic. 1176223626 M * pattieja at that point, all the services worked and came up 1176223636 M * daniel_hozac most likely, just editing /etc/hosts would've sufficed. 1176223654 M * pattieja daniel_hozac, to change localhost to 127.0.0.2? 1176223663 M * daniel_hozac no, to the primary IP address of the guest. 1176223683 M * pattieja I had already done that 1176223684 M * mjt by the way, it seems it's related to my earlier question (a few days ago) -- connecting to 127.0.0.1 from vs doesn't work 1176223692 M * daniel_hozac (although, anything that doesn't handle it without editing /etc/hosts is broken, as 127.0.0.1 is already rewritten to the guest's first IP) 1176223699 M * daniel_hozac mjt: sure it does. 1176223720 M * mjt if not rewriting source 127.0.0.1 to the first guest ip 1176223743 M * pattieja daniel_hozac, my question now is what are the security implications of running an 'lo' interface in the guest instance? 1176223753 M * pattieja I'm seeing that 127.0.0.2 is bound to the host's eth0 interface 1176223762 M * daniel_hozac hmm, why did you add it there? 1176223763 M * pattieja not the host's lo interface 1176223782 M * mjt # CONFIG_VSERVER_REMAP_SADDR is not set 1176223784 M * daniel_hozac mjt: what does connecting mean in this instance? 1176223789 M * pattieja daniel_hozac, I added it to /etc/vservers/mx/interfaces/0/dev 1176223800 M * pattieja actually interfaces/1/dev, sorry 1176223804 M * daniel_hozac eth0? 1176223832 M * pattieja /etc/vservers/mx/interfaces/dev = eth0 1176223837 M * pattieja /etc/vservers/mx/interfaces/1/dev = lo 1176223850 M * daniel_hozac interesting... 1176223851 M * pattieja notice that 'dev' above == eth0 is the default entry 1176223860 M * daniel_hozac what utils are you using? 1176223869 M * pattieja 'dev' for interface 1 overrides the default and makes it 'lo' 1176223872 M * mjt say, ping 127.0.0.1 from within a guest never see a reply. Yet tcpdump on host shows both requests and replies (both with 127.1) are coming. Pinging 127.2 works, and tcpdump shows 127.2<=>guest_ip. That's how "does not work" 1176223880 M * daniel_hozac mjt: ping is broken. 1176223885 M * mjt no 1176223888 M * daniel_hozac yes, it is. 1176223899 M * mjt ok. netcat is better when ping i assume? 1176223908 M * daniel_hozac yes, because it actually uses TCP/UDP. 1176223918 M * daniel_hozac (which are rewritten) 1176223920 M * mjt it shows exactly the same behaviour 1176223922 M * pattieja daniel_hozac, dpkg -l util-vserver = 0.30.212-1 1176223953 M * pattieja daniel_hozac, mjt, I can ping 127.0.0.1 from inside the guest (as well as 127.0.0.2) 1176223953 M * daniel_hozac pattieja: you sure you had the dev file there the whole time? 1176223962 M * pattieja daniel_hozac, yes 1176223976 M * pattieja started out that way from the beginning 1176223983 M * pattieja of the install of vserver 1176224001 M * daniel_hozac mjt: works fine here... 1176224003 M * pattieja then, when I did 'vserver mx build ...' I specified eth0 as the dev 1176224015 M * daniel_hozac pattieja: i meant the interfaces/1/dev file. 1176224019 M * pattieja and it put dev == eth0 at /etc/vservers/mx/interfaces/dev 1176224030 M * pattieja daniel_hozac, no 1176224046 M * pattieja but it was there the last time I rebooted the vserver 1176224048 M * pattieja guest 1176224057 M * pattieja that's when things started working 1176224059 M * mjt daniel_hozac: note it's not ping which is broken. Ping works this way: it first tries to open udp socket, "connecting" it to a destination, and issues getsockname() on it to get local address. Next it uses that local address as source in ping packets. 1176224072 M * mjt getsockname() returns 127.1 1176224085 M * daniel_hozac did you ever start the guest without the dev file? 1176224122 M * daniel_hozac mjt: ergo it doesn't excercise the paths where the address is rewritten. 1176224133 M * pattieja daniel_hozac, yes 1176224150 M * pattieja mjt, CONFIG_VSERVER_REMAP_SADDR does not exist in my /boot/config-... file 1176224170 J * Piet_ hiddenserv@tor.noreply.org 1176224176 M * mjt pattieja: this option is quite old 1176224198 M * pattieja mjt, I wouldn't put it past debian kernels, though 1176224204 M * daniel_hozac pattieja: i mean, with the interfaces/1/ directory, just not the dev file. 1176224213 M * pattieja daniel_hozac, yes 1176224246 M * daniel_hozac pattieja: so, that's why you have it on eth0 then :) 1176224251 M * mjt daniel_hozac: but the thing is: connecting a udp socket TO 127.1 results in 127.1 source address (from getsockname). To *ANY* other address (including 127.2) - getsockname returns guest IP. Looks like it's a bug in vserver kernel part. 1176224256 M * pattieja daniel_hozac, I guess I'm just concerned that 127.0.0.2 is bound to my external interface, and what the security implications might be 1176224272 M * daniel_hozac mjt: it's not. 1176224278 M * daniel_hozac mjt: that's intentional. 1176224297 J * hardwire ~bip@rdbck-4595.wasilla.mtaonline.net 1176224301 M * daniel_hozac pattieja: so, remove it. 1176224317 M * pattieja but then won't services stop functioning inside the guest? 1176224323 M * daniel_hozac pattieja: if you have lo in the dev file now, the address should be bound there as well. 1176224334 M * daniel_hozac (assuming you've restarted the guest since adding it) 1176224368 M * pattieja whoah! The 'lo' interface on the host is now set to 127.0.0.2/8 1176224375 M * pattieja didn't notice that before 1176224384 M * mjt it doesn't really matter 1176224385 M * pattieja and 127.0.0.1 is nowhere to be found 1176224395 M * pattieja why not? 1176224407 M * mjt because the whole 127/8 is on your lo 1176224430 M * pattieja but I can still ping 127.0.0.1 from the host??? 1176224437 M * mjt because of that reason 1176224439 M * pattieja how does that work? 1176224445 M * mjt try ping 127.2.3.5 for example 1176224457 M * mjt or any other 127.* 1176224464 M * pattieja ehh? 1176224475 M * pattieja how come that works? 1176224477 M * mjt again: the whole 127/8 is on your lo 1176224499 M * pattieja hmm. 1176224515 M * mjt that's how lo interface works 1176224524 Q * Piet Ping timeout: 480 seconds 1176224540 M * pattieja daniel_hozac, so, are you suggesting that I reboot the vserver guest? 1176224546 M * mjt # ip a add 192.168.100.1/24 dev lo 1176224549 M * mjt # ping 192.168.100.2 1176224552 M * mjt 64 bytes from 192.168.100.2: icmp_seq=1 ttl=64 time=0.158 ms 1176224557 M * daniel_hozac pattieja: no, just remove the address. 1176224557 M * pattieja weird 1176224564 M * pattieja daniel_hozac, from where? 1176224566 M * daniel_hozac e.g. ip addr del 127.0.0.2/8 dev eth0 1176224569 M * pattieja k 1176224578 M * mjt the whole NETWORK you add to lo will be here 1176224598 M * pattieja whoah! 127.0.0.1 is on host's eth0??? 1176224608 M * mjt lol 1176224609 M * pattieja didn't notice that before either 1176224620 M * daniel_hozac why did you put it there? :) 1176224631 M * pattieja I NEVER DID!! 1176224638 M * mjt LOL 1176224689 M * pattieja so, should I shut down the guest and figure out which addresses to remove and then let it startup again and see what happens? 1176224699 M * pattieja should I remove the guest 'lo' interface? 1176224700 M * mjt speaking of security implications and stuff. What's wrong - at least one example - of using `lo' in vservers/*/interfaces/*/dev, and 32 in */mask ? 1176224702 M * pattieja or leave it? 1176224710 M * mjt there's no "guest" interface 1176224720 M * mjt you have only one set of interfaces 1176224735 M * mjt only some of them are visible in guests 1176224777 M * daniel_hozac (the ones which have available addresses assigned to them) 1176224782 M * mjt in other words: you have only one lo 1176224811 Q * ema Quit: leaving 1176224854 M * mjt hmm 1176224869 M * mjt interesting 1176224885 M * mjt i just removed 127/8 from one host, and tried to ping 127.1 from it. 1176224900 M * mjt packets went out according to the default route 1176224911 M * mjt and arrived at gateway 1176224915 M * mjt but gateway didn't reply 1176224924 M * mjt i wonder why 1176224958 M * mjt when i add some other network to gw's lo interface, it answert to pings to that network/address 1176224971 M * mjt but not 127/8 1176224977 M * mjt answers* 1176224995 M * mjt aha 1176225000 M * mjt rp_filter in action 1176225010 N * DoberMann[PullA] DoberMann 1176225044 M * mjt deactivating rp_filter allows pinging/connecting_to 127.0.0.1 from another machine 1176225202 M * mjt can one use chbind for a single process? 1176225274 M * daniel_hozac of course, that's the idea. 1176225309 M * mjt # chbind --ip 127.0.0.1/8 /bin/bash 1176225310 M * mjt ncontext: vc_net_create(): Invalid argument 1176225429 M * daniel_hozac you have a kernel without dynamic context ids, and didn't specify one. 1176225460 M * mjt VSERVER_LEGACY is not set ;) 1176225508 M * pattieja ok. I shutdown the guest and rearranged all the IP addresses on eth0 and lo to go back the way they should be 1176225524 M * pattieja now, when I start the guest, it assigns IP addresses to the proper interfaces 1176225547 M * pattieja and services in the guest have started properly, also 1176225558 M * pattieja testing applications... 1176225602 J * Koffa jkohvakk@aulis.sange.fi 1176225658 M * mjt hmm. but is there a way to hide other interfaces after chbind, like in real vserver? 1176225659 M * pattieja seems to be working fine 1176225890 M * daniel_hozac mjt: for now you need a process context. 1176225912 M * daniel_hozac i think... 1176225924 M * daniel_hozac yeah. 1176225960 M * daniel_hozac so, chbind --... vcontext --flag hide_netif ... 1176226032 M * mjt wug 1176226063 M * daniel_hozac (2.3 already has this as a network flag) 1176226123 M * mjt in vserver .. start, i see: 1176226130 M * mjt /usr/lib/util-vserver/exec-ulimit /etc/vservers/ns/ulimits \ 1176226132 M * mjt ... 1176226136 M * mjt /usr/sbin/vlimit --dir /etc/vservers/ns/rlimits --missingok -- \ 1176226142 M * mjt what's the difference here/ 1176226143 M * mjt ? 1176226151 M * mjt er 1176226155 M * mjt scratch that.. got it 1176226185 M * Koffa do you keep any records (in wiki or elsewhere) about how 'well' each distribution support vserver? 1176226215 M * daniel_hozac Koffa: not AFAIK, but i guess in theory you could just look at the distribution install guides. 1176226250 M * daniel_hozac any specific reason you're asking? 1176226345 M * Koffa daniel_hozac: just getting to know this vserver-stuff myself and should decide whether I want to use debian (pre-compiled vserver-enabled kernels) or go for ubuntu (afaik I'd have to patch the kernels myself, which might be a problem if the patches are made for vanilla-kernels) 1176226380 M * daniel_hozac well, Ubuntu is generally problematic. 1176226382 M * Koffa I don't mind patching and compiling, but trying to figure out a patch gone wrong is where I draw the line :) 1176226385 M * Hollow debian too 1176226391 M * daniel_hozac dietlibc is more or less broken there. 1176226402 M * Koffa in debian there is 2.6.18-4-vserver-686 1176226403 M * Hollow spent the whole friggin day with debian dependency hell ... f*ck it 1176226405 M * daniel_hozac Debian uses the old stable release. 1176226410 Q * lilalinux Remote host closed the connection 1176226412 M * mjt still not clear.. both ulimits and rlimits are being set.. it's the same thing, isn't it? 1176226418 M * daniel_hozac no. 1176226426 M * daniel_hozac ulimits are what you'd set with ulimit. 1176226431 M * daniel_hozac rlimits are the per-guest limits. 1176226500 M * mjt standard unix syscall is setrlimit(). so this name is.. confusing alot 1176226504 M * mjt i'd call it 'vlimit' 1176226547 M * Hollow you can also set ulimits as rlimits :) 1176226582 M * Hollow e.g. RLIMIT_RSS 1176226587 M * Koffa daniel_hozac: is there something wrong with old stable if all I need is some mail/dns/web -services on a dual-xeon? 1176226590 M * Hollow works in ulimit and rlimit 1176226599 M * daniel_hozac Koffa: bind9 for DNS? 1176226607 M * Koffa yes 1176226611 M * daniel_hozac then yes :) 1176226633 M * mjt due to capabilities usage in bind9? 1176226634 M * daniel_hozac you'd have to either give that guest CAP_SYS_RESOURCE, or recompile bind. 1176226653 M * mjt ahh.. due to rlimits ;) 1176226654 M * daniel_hozac with 2.2, it's not a problem as the capabilities are masked at check-time. 1176226664 M * Koffa :/ 1176226673 M * Koffa well dns isn't a must 1176226696 M * Koffa it can remain on the old servers, no load there 1176226754 M * daniel_hozac well, if none of the other 2.2 features sound appealing to you, i'd say go for it. 1176226860 M * mjt speaking of rlimits: are my changes in http://linux-vserver.org/util-vserver:Documentation#.2Fetc.2Fvservers.2Fvserver-name.2Frlimits right? 1176226893 M * mjt (this part: "A directory with resource limits for a given vserver. Each limit applies to the whole vserver.") 1176226928 M * daniel_hozac please don't modify that, send patches for the XML instead. 1176226940 M * mjt wug 1176226944 M * daniel_hozac (yes, it's going away as soon as i have something to replace it with) 1176226972 M * mjt any howto about that? (where that XML is to be found etc) 1176226987 M * daniel_hozac doc/configuration.xml 1176227027 M * Koffa daniel_hozac: thanks for your time... I'll try that pre-compiled one first and try to figure out the basics :) 1176227029 M * mjt There is currently no text in this page 1176227050 M * daniel_hozac hmm? 1176227078 M * mjt ahh. in the source 1176227117 M * mjt i was thinking about http://linux-vserver.org/doc/configuration.xml ;) 1176227431 M * mjt bah. vserver start fails on read-only root 1176227531 M * Bertl_vV inside te guest? or on the host? 1176227546 M * mjt err.. no. 1176227551 M * mjt it was read-only /var ;) 1176227560 M * mjt remounted the wrong fs ;) 1176227625 M * Bertl_vV ah :) 1176227674 M * mjt why can't the context info be stored in /proc somewhere? 1176227680 M * mjt s/info/name 1176227703 M * mjt why /var/run/vservers{,.rev}/ are used for that? 1176227738 M * daniel_hozac it is stored in /proc, IIRC. 1176227756 M * daniel_hozac .rev is only used on 2.4 kernels, where that's not possible. 1176227847 M * mjt # ls /proc/virtual/104/ 1176227847 M * mjt cacct cvirt info limit nsproxy sched status 1176227861 M * mjt no name. Yes there's nsproxy (uname stuff), but it's different 1176227867 M * daniel_hozac yeah, seems it's not exported to proc. 1176227897 M * daniel_hozac vuname -g --xid context works fine though. 1176227940 M * mjt so that /var/run/vservers* stuff can be removed now 1176227949 M * pattieja thanks for the help daniel_hozac, mjt 1176227993 M * daniel_hozac no, /var/run/vservers is still needed for the guest to xid mapping. 1176228072 M * mjt /etc/vservers/$guest/context ;) 1176228106 M * mjt or the same vuname thing 1176228114 M * mjt (extending one a bit0 1176228117 M * mjt s/0/) 1176228136 M * daniel_hozac how would you suggest that works, without iterating over all of the guests? 1176228170 M * mjt kernel has all the info about all the guests 1176228175 M * mjt running 1176228195 M * mjt int sys_get_xid(char *name) 1176228209 M * daniel_hozac would still need to iterate over all the running contexts.... 1176228226 M * mjt yes - list_for_each() 1176228335 M * daniel_hozac that's broken. 1176228376 M * mjt not more broken than maintaining stuff in /var/run ;) 1176228407 M * daniel_hozac how is that broken? 1176228411 M * daniel_hozac ever heard of pid files? 1176228435 M * mjt pid files are inherently broken 1176228440 M * Hollow list_for_each is broken? 1176228560 M * daniel_hozac iterating over all of the contexts to find the right one is broken. 1176228570 M * mjt speaking of pid files, djb daemontools is what i call non-broken (in this very context) 1176228578 A * Hollow vomits 1176228595 M * Hollow djb .. *giggle* 1176228618 M * Hollow I#ve even come to the conclusion that qmail sucks 1176228625 M * mjt it keeps track of *current* situation 1176228634 M * mjt pid files and the like are not 1176228647 M * mjt that's the difference, and i mean only this difference 1176228671 M * mjt another example of non-broken thing is stuff running from /etc/inittab (with respawn flag) 1176228676 M * Hollow daniel_hozac: why is iterating over contexts broken? 1176228684 M * mjt not scalable 1176228705 M * daniel_hozac because it's a hash and it would be a very expensive operation. 1176228719 M * daniel_hozac (which would (AFAIK) require taking the hash lock for the duration of it) 1176228720 M * mjt list_for_each is only an example 1176228735 M * Hollow ah right .. it's an array not a list .. 1176228749 M * mjt i mean, to have a way to ask kernel for the mapping name->xid - the principle 1176228756 M * mjt it can be another hash after all 1176228764 M * mjt details doesn't matter here 1176228776 M * Hollow anyway.. this is userspace stuff imo 1176228803 M * Hollow we just iterate over all running contexts and lookup the uts CONTEXT field 1176228803 M * mjt and is very minor thing, too 1176228805 M * daniel_hozac but the kernel doesn't really know nor care about the names. 1176228816 M * Hollow we == vcd 1176228829 M * daniel_hozac it's just a random string that userspace can set. 1176228831 M * mjt -bash: vcd: command not found 1176228852 M * daniel_hozac Hollow: hmm, shouldn't you be able to keep track of the running contexts yourself? 1176228860 M * Hollow yeah, but we don't do 1176228862 M * Hollow :) 1176228869 M * Hollow no symlinkn hell 1176228870 M * Hollow :P 1176228884 M * mjt that's why i asked in the first place - that symlinking hell 1176228890 M * Hollow (yeah, we could save it in the db etc) 1176228893 M * mjt which tends to go out of date etc 1176228902 M * mjt out of sync even 1176228913 Q * pattieja Ping timeout: 480 seconds 1176228916 M * daniel_hozac what symlink hell? 1176228927 M * Hollow util-vservers mapping symlink hell 1176228941 M * Hollow run run.rev 1176228943 M * daniel_hozac "symlink hell" == a couple of symlinks? 1176228955 M * mjt i once managed to screw /var/run/vserver* by improperly setting up some var in /etc/vservers/$foo.. and had.. difficult time to even STOP a vserver 1176228977 M * mjt vserver $foo enter etc complained that foo isn't running 1176229004 M * daniel_hozac "Doctor, doctor, it hurts when I poke myself in the eye!" 1176229005 M * mjt what's vcd? 1176229032 M * Hollow well, given that you probably won't run that many vservers on a production box, the effort to iterate and lookup uts fields is very little 1176229036 M * Hollow vserver control daemon 1176229048 M * daniel_hozac hmm, production boxes are exactly the ones that would run lots of guests... 1176229061 M * daniel_hozac a couple of hundred seems like standard operation. 1176229067 M * Hollow not really 1176229095 M * Hollow i have 14 vservers running on my production host now, and i really don't want to add more 1176229108 M * daniel_hozac obviously depends on the guests... 1176229111 M * mjt aaaargh... XML... 1176229132 M * Hollow daniel_hozac: 4 apaches and 1 spamassassin kills nearly all mem :P 1176229143 M * mjt heh 1176229149 M * mjt add more mem? ;) 1176229153 M * daniel_hozac exactly ;) 1176229163 M * Hollow sure, just ship it to my whois address ;) 1176229186 M * mjt i have a bunch of unused 16megs SIMMs ;) 1176229194 M * mjt about 50 of them :) 1176229237 M * Hollow even if there were a hundred guests, so what? if you have enough resources to run 100 guests, i'd assume that you also have the resources to iterate&lookup once every 6 months you need to do it 1176229253 M * daniel_hozac every 6 months? 1176229262 M * mjt heh yes 1176229263 M * daniel_hozac you never restart guests? 1176229267 M * Hollow well, when do you need to look it up? start/stop? 1176229271 M * mjt it's not that frequent operation 1176229286 M * daniel_hozac stop/enter/exec/etc. 1176229300 M * sid3windr I have 8 vservers on a 2G RAM box 1176229312 M * sid3windr I added an extra gig because the 8 vservers were eating 1G + then some 1176229312 M * sid3windr :) 1176229374 M * mjt original q was about whenever it's possible to stop using /var/run/vservers* dirs for mapping running guest names <=> xids. Doing that in kernel is non-issue. 1176229402 M * mjt after all, vps | grep will do it 1176229408 M * Hollow hm, the more i think about it i guess we do no mapping at all in vcd 1176229416 M * mjt (if there's such a vps) 1176229425 M * daniel_hozac mapping is only needed if you allow dynamic contexts. 1176229429 M * daniel_hozac you don't, do you? 1176229440 M * Hollow right .. 1176229450 M * mjt and if your /etc/vservers/*/context reflects the reality 1176229461 M * Hollow doesn't apply to vcd :) 1176229483 M * Hollow actually, in vcd there is no such thing as context id (at least from the users pov) 1176229483 M * mjt ok 1176229511 M * mjt i want to document all the stuff happening during vserver start -- all the steps being done, and what for. 1176229526 M * Hollow http://people.linux-vserver.org/~hollow/manual.pdf 1176229532 M * Hollow draft of the vcd manual 1176229539 M * Hollow (no pics unfortunately in draft mode) 1176229561 M * mjt vcd does all the same stuff as util-vserver utils do? 1176229570 M * Hollow in general, yes 1176229577 M * mjt i mean, vcd substitutes vcontext, chbind etc 1176229582 M * Hollow yeah 1176229608 M * mjt util-vserver is huuuuuuuuge mess to my taste 1176229622 M * daniel_hozac how so? 1176229627 M * Hollow here are the pics for start/stop: http://home.xnull.de/work/vserver/vcd/doc/manual/intro/vshelper-shutdown.pdf http://home.xnull.de/work/vserver/vcd/doc/manual/intro/vshelper-startup.pdf 1176229709 M * mjt Hollow: what's the font used for headings in manual.pdf? 1176229750 M * mjt (the first thing i noticied after opening that .pdf is that font used for headings is.. not good ;) 1176229766 M * Hollow well, it looks better in print .. 1176229773 M * Hollow i have to use two fonts.. 1176229816 M * mjt it's not the font itself that is "bad", but the combination (text font and headings font don't look nicely near each other) 1176229856 M * mjt i think it's due to serifs and no-serifs (in text and headings) 1176229884 Q * duckx Quit: Client exiting 1176229885 M * Hollow trust me.. it looks good in print ;) 1176229909 M * Hollow but i will switch back to latex standard font for the screen edition 1176229951 J * duckx ~Duck@tox.dyndns.org 1176229992 Q * duckx 1176230029 M * mjt system time virtualisation is optional, isn't it? 1176230049 M * mjt in "2.4.8. Virtual Host Information" 1176230067 M * Hollow yep 1176230086 M * Hollow most virtualization is optional (cpu, load, mem, uptime) 1176230104 M * mjt (i wonder how well ntpd will operate in a guest with virtualized system time... ;) 1176230151 M * mjt "Therefore, the Linux-VServer kernel implements an own set of filesystem attributes for 1176230155 M * mjt most vanilla file systems" 1176230172 J * duckx ~Duck@tox.dyndns.org 1176230176 M * mjt are this attributes uses the same place as, say, ext[234] chattr? 1176230187 M * mjt just more bits? 1176230232 M * daniel_hozac yes. 1176230284 M * mjt so a (modified) chattr (with more flags+bits) will do 1176230330 M * daniel_hozac no. 1176230388 M * mjt hmm. that's.. confusing again 1176230419 M * mjt if it uses the same fields (just previously-unused bits), why adding those bits to chattr/lsattr will not do the thing? 1176230441 M * daniel_hozac because they're not exported through the ioctl interface. 1176230477 M * mjt well. i meant with corresponding necessary kernel-side changes for lsattr/chattr 1176230741 M * mjt what vshelper is used for? 1176230844 M * daniel_hozac starting/stopping/restarting guests when they want to. 1176231087 M * mjt but is it used if only vserver start and vserver stop are used to manage vservers? 1176231098 M * mjt ie, no reboot/shutdown from within vserver? 1176231107 M * daniel_hozac no. 1176231128 M * Hollow actually the other way round :) 1176231138 M * mjt hmm 1176231148 M * Hollow vshelper is called when reboot is invoked from inside 1176231159 M * Hollow (for vcd vshelper is also called if you start from outside) 1176231230 M * mjt i'd just disallow reboots... and let init (inside guests) to restart itself 1176231249 M * mjt but ok 1176231324 M * daniel_hozac except init doesn't know how to do that. 1176231331 M * daniel_hozac and requiring modifications of the guests is just ugl. 1176231333 M * daniel_hozac +y 1176231366 M * mjt that init process is already specia 1176231370 M * mjt +l 1176231378 M * mjt it has fake pid=1 1176231389 M * daniel_hozac so? 1176231411 M * daniel_hozac that's precisely for the reason to now have to modify guests... 1176231416 M * daniel_hozac s/now/not/ 1176231430 M * mjt so upon reboot() syscall, the kernel can clean up all the stuff and respawn that process instead 1176231442 M * mjt re-exec it 1176231463 M * daniel_hozac except the parameters are long lost. 1176231463 M * mjt inside the same context 1176231477 M * daniel_hozac and what about the init-less guests? 1176231494 M * mjt init-less? 1176231501 M * daniel_hozac as is the default. 1176231507 M * daniel_hozac guests that do now have an init 1176231512 M * mjt # vserver ntp enter 1176231512 M * mjt sh-3.1# ps afx 1176231515 M * mjt 1 ? Ss 0:02 init [2] 1176231523 M * mjt i didn't run that process 1176231536 M * daniel_hozac it's a phony, blending through from the host. 1176231584 M * mjt phony it is, right 1176231593 M * mjt 'h well 1176231627 M * mjt (there's no corrseponding process in vps listing) 1176231665 M * mjt hmm 1176231708 M * mjt Hollow: you mentioned your manual.pdf when I said i want to document all the steps done during vserver start. I wonder... why. Those steps aren't outlined in that manual ;) 1176231727 M * mjt or rather, why you mentioned it in this context ;) 1176231808 M * daniel_hozac it was more in reference to vcd, i think. 1176231983 M * Hollow mjt: they are .. 1176232070 M * mjt http://paste.linux-vserver.org/1403 -- can someone answer those questions? 1176232092 M * mjt that's the stuff from vserver start which i don't understand 1176232101 M * mjt the rest is pretty much obvious 1176232115 M * daniel_hozac vnamespace --set sets the filesystem namespaces. 1176232123 M * daniel_hozac so they can be entered later. 1176232130 M * mjt sets to.. what? 1176232161 M * daniel_hozac to the spaces of current, of course. 1176232163 M * mjt we already have our own namespace after vnamespace --create 1176232174 J * asd ~fox@ool-18b99080.dyn.optonline.net 1176232174 M * mjt (omitted in paste) 1176232191 M * Hollow but you don't know to which context it belongs 1176232203 M * Hollow btw, the start/stop is explained in 2.5.4 1176232205 M * Hollow 3.5.4 1176232215 M * mjt aha. so it assigns the current namespace to xid 1176232220 M * daniel_hozac --migrate-self migrates the process into the contexts it's in. 1176232239 M * daniel_hozac --endsetup removes the SETUP flag, so it's unprivileged. 1176232245 M * daniel_hozac --chroot is to the current directory. 1176232257 M * mjt --endsetup -- like "locks the context from further mods" 1176232262 P * asd 1176232286 M * daniel_hozac from inside, yes. 1176232293 M * daniel_hozac can still be modified from outside. 1176232293 M * Hollow but only from inside.. the setup flag does not prevent the host admin to change things 1176232309 M * Hollow we're too redundant, i keep silent now :) 1176232338 M * daniel_hozac hehe, you probably explain it better than i do ;) 1176232343 M * mjt looks like i lack understanding of some basic concepts 1176232353 M * Hollow we all do :) 1176232378 M * mjt this statement: "--migrate-self migrates the process into the contexts it's in" - it's like saying "oil is oil", isn't it? 1176232402 M * mjt if a process is in context, how it can be migrated to that same context? 1176232417 M * daniel_hozac it's in setup mode. 1176232426 M * daniel_hozac --migrate-self will drop capabilities etc. 1176232455 M * daniel_hozac to make sure it's in the context as it would be if it had been entered. 1176232534 M * mjt ghrm 1176232589 M * mjt vnamespace --enter 104 -- vcontext --silent --migrate --chroot --xid 104 --uid 0 --vlogin -- /bin/sh 1176232604 M * mjt not --migrate-self? 1176232694 M * mjt also, on vserver enter (above is from it), i see chbind --nid XX --ip YYY - but aren't the two redundrand now as nid has been already created? 1176232713 M * mjt isn't it sufficient to call chbind --nid XX? 1176232725 A * mjt guesses.... 1176232728 M * mjt -ETOOMANYQUESTIONS 1176232729 M * mjt ;) 1176232753 M * Hollow wasn't chbind replaced by ncontext? 1176232794 M * mjt 0.30.212 here 1176232817 M * Hollow seems not all scripts use it (yet) 1176232839 M * mjt ah. i do have ncontext too 1176232937 J * shedi ~siggi@ftth-237-144.hive.is 1176232978 M * mjt but it doesn't allow one to set up ip addresses etc as chbind does 1176233027 M * Hollow that's what naddress is for 1176233052 M * daniel_hozac chbind is just a wrapper script. 1176233053 M * mjt wug 1176233074 Q * besonen Read error: Connection reset by peer 1176233088 J * besonen ~besonen@dsl-db.pacinfo.com 1176233107 M * daniel_hozac and yes, it is enough to do chbind --nid XY, _on a recent kernel_. 1176233129 M * daniel_hozac note: the utils are supposed to work on everything from really ancient 2.4 kernels to current... 1176233139 M * Koffa hmm... for some reason I get to the hosts sshd no matter what I do :/ 1176233152 M * mjt Koffa: it's a FAQ 1176233169 M * mjt Koffa: specify ListenAddress in host's sshd_config 1176233197 M * Koffa yeah that's what I figured - just can't do it :/ 1176233206 M * Koffa adsl with dhcp 1176233236 M * mjt but you sure want your sshd to listen on the external IP? 1176233264 M * Koffa the ext IP may change 1176233270 M * Koffa not often, but still 1176233284 M * mjt i understand, but my question was entirely different 1176233301 M * Hollow let it listen on the internal network and DNAT from the public ip? 1176233303 M * Koffa if you could do 'ListenAddress !10.0.0.0/8' it wouldn't be a problem :) 1176233322 M * Koffa that's a solution... 1176233327 M * mjt if DNAT is really necessary, too 1176233350 M * sid3windr sed -i s/ListenAddress.*$/ListenAddress `ifconfig ppp0|grep inet|awk '{print $2}' |cut -d: -f2`/g /etc/ssh/sshd_config && /etc/init.d/ssh restart 1176233354 M * sid3windr :> 1176233366 M * mjt wug 1176233374 M * Koffa mjt: the hosts sshd has to listen on all IP's other than this one for the 'guest' 1176233377 M * sid3windr warning untested, just made that up ;) 1176233394 Q * teukka Ping timeout: 480 seconds 1176233404 M * sid3windr but if you put that in your ifup.d that should work, no? ;) 1176233406 M * mjt it's really simpler to do what Hollow said 1176233411 M * mjt and safer 1176233413 M * sid3windr yup 1176233414 M * sid3windr ;) 1176233442 M * Koffa actually both the ext ip's can change... 1176233455 M * mjt so bind it to 127.0.0.1 1176233482 M * mjt and use DNAT on "both the ext ip's" 1176233494 M * mjt using interface name in iptables rules 1176233584 M * mjt speaking of sshd on the host... 1176233605 M * mjt we've static addresses. but neverless, i've set it up to not allow connections from outside 1176233630 M * mjt so i've host sshd listening on a private address, but have a vserver with sshd running 1176233649 M * mjt so in order to get to host, i have to login to vserver first, and next - from it - login to host 1176233675 M * mjt (but that doesn't work well with dynamic addresses either) 1176233706 M * Koffa this won't be a problem in production, only while testing 1176233728 M * harry your naked corpse is as beautiful as the dawn when it comes with the first sunray 1176233751 M * harry but is was your peeled bleached bones, that really took my heart away! 1176233801 M * Hollow harry: you alright? :) 1176233809 M * harry Hollow: listening to marduk :) 1176233816 M * Hollow i see ;) 1176233831 M * sid3windr to what? 1176233831 M * harry very slow... very hard metal :) 1176233844 M * trippeh Hrm, one of our servers really dislikes 2.6.20. Probably not vservers fault though, as it works fine with 2.6.20 on other servers. 1176233854 M * harry http://www.lyrics007.com/Marduk%20Lyrics/Bleached%20Bones%20Lyrics.html 1176233893 M * trippeh First thing after login prompt it locks up, no keyboard, no output, no serial. Then the hardware watchdog kicks in and resets the server. 1176233897 M * trippeh Very easy to debug ;) 1176233925 M * harry http://www.darklyrics.com/lyrics/marduk/worldfuneral.html 1176233928 M * harry mega good cd! 1176233932 M * harry now: castrum doloris 1176233941 M * harry (those who speak latin, know what that means :) 1176233988 M * mjt Hollow: reading 3.5.4 (manual.pdf) 1176233990 M * mjt The daemon then queries the database for initial configuration, like capabilities, network addresses or scheduler values, issues the approriate system calls to set these configuration values on the network and process context and returns the absolute path to the init binary relative to the virtual servers root filesystem to the helper. 1176233997 M * mjt that's basically it ;) 1176234014 M * Hollow yeah, it's not too technical ;) 1176234056 M * mjt I've read it in the first pass 1176234064 M * matti :) 1176234065 M * sid3windr harry: "the pain of castration" ? ;) 1176234073 M * matti Hi Hollow 1176234074 M * daniel_hozac trippeh: no magic sysrq? 1176234079 M * matti Hi harry 1176234081 M * matti daniel_hozac: :) 1176234084 A * Hollow hugs matti 1176234085 M * Hollow :P 1176234087 M * daniel_hozac hey matti 1176234089 M * trippeh daniel_hozac: Dead. 1176234103 A * matti hugs Hollow 1176234104 M * matti :) 1176234128 M * sannes trippeh: you don't happen to load modules for certain hardware on do you? 1176234133 M * mjt those contexts - can they exist without any process(es) "bound" to them? 1176234141 M * daniel_hozac mjt: yes. 1176234163 M * Hollow in fact, vcd uses empty contexts during startup 1176234164 M * trippeh sannes: I could try selectively blacklist hardware in udev.. Sometimes I hate autoloading :) 1176234220 M * sannes trippeh: it just reminds me of a symtom I had with a driver that deadlocked when used with udev .. heh 1176234233 M * Hollow mjt: contrary to util-vserver, vcd does all setup from outside .. i.e. create a persistent context and set all configuration ... in util-vserver you chain all setup commands, you have no persistent context and there fore need the SETUP flag 1176234237 M * mjt in that case (empty contexts possible), is there a reason for stuff like --migrate-self? I mean, one can create context, set all the parameters, and enter it, using command sequence instead of command chain 1176234246 M * trippeh 2.6.19 is okay though. Shouln't be loading any other drivers, albeit bugs can be introduced in them ;) 1176234250 M * Hollow the persistent contexts were introduced for vcd 1176234255 M * daniel_hozac mjt: because persistent contexts were introduced in 2.0.2. 1176234260 M * mjt aha 1176234267 M * daniel_hozac mjt: and again: util-vserver works on pretty much any kernel. 1176234276 M * mjt yes i understand 1176234291 M * mjt "old compatibility cruft" :) 1176234313 M * sannes trippeh: remote server or local one? does it lock up if you just run a shell for init ? 1176234325 M * Hollow mjt: that's why i started vcd ;) 1176234328 M * trippeh sannes: I'm in nydalen now ;) 1176234336 M * trippeh So currently local, hehe. 1176234344 M * mjt (filesystem namespaces in vanilla linux disappears when last process bound to them exits) 1176234356 M * sannes trippeh: ah, I see :) 1176234361 M * trippeh I need to watch another console's ckhdisk (aaagh, win32!) for a while for errors before debugging further. 1176234388 M * trippeh sannes: You still have stuff here? 1176234401 M * mjt ok, now things makes MUCH more sense. 1176234532 M * trippeh Watching chkdsk to see if it spews any errors is SO fun. 1176234541 M * trippeh 60 minutes and counting 1176234549 M * mjt watching chkdsk or fsck is always fun ;) 1176234571 M * mjt esp. after a good crash 1176234608 M * trippeh I think this server is totally busted. Some smart ass figured running some 3rd party defrag utility on C: was a brilliant idea on a production server ;) 1176234630 M * mjt but it was really brilliant, wasn't it? 1176234631 M * sannes from remote? :P 1176234688 M * mjt hmm 1176234722 M * mjt ok, contexts etc.. but how to set things like nice value and rlimits, from outside? 1176234732 M * daniel_hozac nice value is inherited. 1176234736 M * mjt i mean unix limits 1176234746 M * daniel_hozac ulimits too. 1176234751 M * mjt inherited, yes 1176234758 M * mjt from vcd? 1176234781 M * mjt or from a process that created xid? 1176234788 M * mjt s/^or // 1176234790 M * daniel_hozac probably from the init. 1176234818 M * daniel_hozac (does vcd support init-less guests now?) 1176234829 M * mjt init of what? 1176234835 M * daniel_hozac of the guest, of course. 1176234842 M * mjt init runs within the guest 1176234856 M * mjt but with util-vserver, those limits are set outside 1176234874 M * daniel_hozac yes, and inherited by init, which passes it on to the rest of its children... 1176234888 M * mjt nice xx exec-ulimit yyy vcontext --create ... 1176234907 M * mjt even more 1176234912 M * mjt nice xx exec-ulimit yyy vcontext --create ....... /sbin/init 1176234970 M * mjt here it's obvious where they're inherited from 1176235001 M * mjt but not that obvious in case of vcd 1176235010 M * mjt guess it's vshelper which should do that 1176235044 M * mjt but those values aren't set when entering a context, it seems 1176235075 M * mjt ahh they're being set 1176235090 M * mjt (ulimits, not nice) 1176235131 M * bXi after extensive testing with hamachi andvserver i can tell you it works nicely 1176235141 M * daniel_hozac cool. 1176235148 M * daniel_hozac how? 1176235148 M * mjt i assume it's not possible to raise them inside a guest, if no CAP_SYS_RESOURCE is granted, yes? 1176235164 M * bXi hamachi creates a tun device (ham0 in this case) 1176235175 M * bXi and you add that as interface 1176235182 M * bXi and you run hamachi on the host 1176235191 M * bXi poof instant vpn tunneling 1176235212 M * daniel_hozac mjt: right. 1176235257 M * daniel_hozac bXi: so, it doesn't really have anything to do with vserver ;) 1176235261 M * mjt bXi: what's hamachi, btw? ;) 1176235275 M * mjt hamachi.cc? 1176235283 M * trippeh Good thing I have a laptop with super mega extended primary battery and a extra bay battery. This will take some time ;) 1176235292 M * bXi daniel_hozac: not exactly but it doesnt give any extra issues at all 1176235296 M * bXi mjt: yeah 1176235333 M * daniel_hozac trippeh: no power outlets? 1176235339 M * mjt That's... good statement: "Hamachi is secure." 1176235368 M * trippeh daniel_hozac: Ditched the adapter at home. Figured if I'll be stuck for 9 hours I'll probably be better off giving up anyway ;) 1176236271 Q * neuralis Remote host closed the connection 1176236279 M * daniel_hozac Debian lenny? 1176236302 M * mjt it's a new testing 1176236311 M * daniel_hozac yeah. 1176236323 M * daniel_hozac just... not the kind of name i was expecting. 1176236331 M * mjt will be debian 5.0 someday ;) 1176236369 M * mjt that name has been assigned to it long time ago 1176237587 M * onox_ Hollow: alive? 1176238548 Q * fs Ping timeout: 480 seconds 1176238573 Q * bonbons Quit: Leaving 1176238650 J * Aiken ~james@ppp194-30.lns1.bne1.internode.on.net 1176238705 N * Roey WorkRoey 1176238798 Q * meandtheshel1 Quit: Leaving. 1176238804 J * fs fs@213.178.77.98 1176239136 Q * Aiken Quit: Leaving 1176239310 Q * FireEgl Quit: ... 1176239593 J * _fs fs@213.178.77.98 1176239648 Q * fs Ping timeout: 480 seconds 1176239762 M * Hollow onox_: yes? 1176239802 M * Hollow daniel_hozac: lenny sounds like a dog, no? :P 1176239903 N * _fs fs 1176239932 M * onox_ Why don't the stage3's work with vserver? 1176240021 M * onox_ when building the vserver, it says I have to add a syslog/cron 1176240024 M * onox_ why's that? 1176240311 M * Hollow because there is no process that would start otherwise and therefore the guest dies immediately after startup 1176240343 M * Hollow you should use a stage4, it has syslog-ng preinstalled 1176240544 J * FireEgl FireEgl@2001:5c0:84dc:0:41b1:e5eb:a80e:29c6 1176240567 M * onox_ i don't understand 1176240575 M * onox_ syslog is just a regular service? 1176240699 M * Hollow sure 1176240738 M * onox_ then why does vserver crash at the end of the start proces? 1176240805 M * onox_ Hollow: if I remove syslog and cron from the running stage4 vserver 1176240820 M * onox_ will it then crash too if I restart the vserver? 1176240834 M * Hollow because no process is left inside 1176240858 Q * FireEgl Quit: Bye... 1176241055 J * Aiken ~james@ppp194-30.lns1.bne1.internode.on.net 1176241224 M * mjt i wonder... why util-vservers is all statically linked? 1176241226 M * onox_ Hollow: but stage4 will crash too then in that case? 1176241240 M * mjt is there some real reason for that, or is it done just for fun? 1176241252 J * boci^ ~boci@pool-3966.adsl.interware.hu 1176241596 M * Hollow mjt: it is said that nss functions in glibc do not reliably work in chroots 1176241613 M * Hollow onox_: no, because the stage4 already has syslog-ng added to the default runlevel 1176241629 M * mjt but do any of the utils actually use nss functions in chroots? 1176241688 M * Hollow yep, exec does iirc 1176241691 M * matti :) 1176241699 M * mjt exec? 1176241717 M * onox_ Somebody seen this error: start-stop-daemon: open pidfile /var/run/randomservicehere.pid: No such file or directory 1176241724 N * onox_ onox 1176241753 M * mjt do you have /var/run ? 1176241856 M * onox yes 1176241860 M * onox Unable to control the kernel logging device: Operation not permitted 1176241862 M * onox Unable to bind sockets - aborting 1176241864 M * Hollow mjt: vserver ... exec 1176241864 M * onox (metalog) 1176241872 M * onox could it be caused by the firewall? 1176241979 M * mjt no 1176242060 M * mjt vserver $foo suexec $bar /bin/sh 1176242077 M * mjt ... vcontext --silent --migrate --chroot --xid XXX --uid $bar -- /bin/sh 1176242110 Q * boci^ Quit: Távozom 1176242127 M * mjt yes that will fail randomly with nss 1176242137 M * onox nss? 1176242152 M * mjt onox: it's not related to your issues/questions :) 1176242173 M * mjt (you have more than one of those ;) 1176242269 M * mjt onox: wrt that metalog thing - disable kernel logging in metalog (don't ask me how - i dunno), it should start after that 1176242283 M * onox hmm 1176242291 M * onox grsecurity dmesg = 0 solves the problem too 1176242307 M * onox but I rather try to disable metalog's kernel logging 1176242307 M * mjt it's not 1176242322 Q * transacid Remote host closed the connection 1176242329 M * mjt it solves the sympthom, not the problem 1176242413 M * mjt also, you've another problem 1176242424 M * mjt you have to clean up your /dev in guest. almost all of it 1176242442 M * mjt or else guest can access all your disks 1176242494 M * Hollow vsserver-build takes care of /dev-sanity nowadays 1176242505 M * onox mjt: what /dev devices? 1176242514 M * mjt Hollow: looks like it didn't in this case 1176242523 M * mjt onox: almost all of them 1176242526 M * Hollow util-vserver version? 1176242533 M * onox mjt: I only have "full log null ptmx pts random tty urandom zero" 1176242577 M * mjt that's the content of /dev I have in guests (that's all of it): 1176242581 M * mjt crw-rw-rw- 1 root root 1, 7 2006-06-22 16:57 full 1176242581 M * mjt crw-rw-rw- 1 root root 1, 3 2006-06-22 16:57 null 1176242581 M * mjt crw-rw-rw- 1 root tty 5, 2 2005-11-05 21:32 ptmx 1176242581 M * mjt drwxr-xr-x 2 root root 2048 2006-06-22 16:28 pts/ 1176242581 M * mjt crw-rw-rw- 1 root root 1, 8 2006-06-22 16:57 random 1176242584 M * mjt crw-rw-rw- 1 root tty 5, 0 2006-06-22 16:57 tty 1176242586 M * mjt cr--r--r-- 1 root root 1, 9 2006-06-22 16:57 urandom 1176242589 M * mjt crw-rw-rw- 1 root root 1, 5 2006-06-22 16:57 zero 1176242597 M * mjt 8 entries total, incl. pts/ subdir 1176242601 M * onox so? 1176242608 M * onox I don't see any disks 1176242612 M * onox what's the problem? 1176242651 M * mjt well. maybe i'm wrong guessing 1176242672 M * mjt "Unable to control the kernel logging device: Operation not permitted" 1176242680 M * Hollow this is /proc/kmsg 1176242719 M * Hollow err 1176242728 M * Hollow no, right .. 1176242733 M * Hollow the dmesg thing is sth different 1176242737 M * onox ? 1176242744 M * mjt dmesg uses syscall 1176242748 M * onox if I disable grsecurity's dmesg restriction 1176242751 M * onox metalog starts 1176242775 M * blizz how would i create a debian-guest on a non debian system? 1176242782 M * mjt and all your guests can control log level on your console 1176242786 M * Hollow vserver .. build -m debootstrap 1176242788 M * mjt and stuff like that 1176242795 M * blizz Hollow, doesnt need any tools? 1176242809 M * mjt debootstrap is usually needed ;) 1176242813 M * Hollow it needs debootstrap, but afaik it will download it if not in $PATH 1176242826 M * blizz nice. thanks 1176242832 M * blizz didnt think it was that easy 1176242841 M * mjt it's not ;) 1176242844 M * blizz lol 1176242875 M * Hollow well, if my patch gets into svn it will be a lot less PITA to install an etch guest 1176242894 M * Hollow http://home.xnull.de/work/vserver/util-vserver/distrib-etch-feat01.diff 1176242923 M * Hollow daniel_hozac: btw, the first hunk is crap .. 1176243028 M * Hollow daniel_hozac: maybe it would be a good idea to source the pre* scripts instead of executing them, since we wouldn't need to pass all those arguments 1176243237 J * transacid ~transacid@transacid.de 1176243278 M * onox what's etch? 1176243287 M * mjt why vc_net_nx struct uses vcNET_* constants instead of AF_* constants? 1176243293 M * mjt onox: it's debian version 1176243354 M * mjt debian version 4.0 codename etch 1176243368 M * blizz are there problem with installing etch without the patch? 1176243460 M * Hollow well, a plain debootstrap install is broken, no matter if etch or sarge 1176243470 M * blizz crap :) 1176243474 M * Hollow debian 1176243485 M * Hollow :) 1176243487 M * Hollow *scnr* 1176243499 M * mjt can i query vserver name from within a guest, similar to what vuname does? 1176243508 M * Hollow no 1176243527 M * Hollow at least if you are talking about the CONTEXT uname field 1176243536 M * Hollow all other fields can be viewed with uname inside 1176243668 M * mjt i wonder 1176243691 M * mjt why can't nodename be set by default to vserver name 1176243705 M * mjt if no vservers/$foo/uts/nodename is set 1176244155 Q * nebuchadnezzar Read error: Connection reset by peer 1176244159 J * nebuchad` ~nebu@zion.asgardr.info 1176244234 N * DoberMann DoberMann[ZZZzzz] 1176245042 J * hillary___ ~as@85.102.181.145 1176245044 Q * hillary___ Excess Flood 1176245180 M * mjt wow. that's a alot of indirections/wrappers in the utils 1176245190 M * mjt levels of wrappers even 1176245688 Q * mcp Remote host closed the connection 1176245722 M * blizz Hollow, soo. the plain debootstrap install will work with your patch applied? :) 1176245745 J * mcp ~hightower@wolk-project.de 1176245761 M * Hollow it does work without too, but you have a lot of cosmetic bugs 1176245768 M * Hollow _a lot_ 1176245782 M * trippeh Yay, on my way home :) 1176245789 A * trippeh is IRC'ing from the taxi 1176245812 M * trippeh How nerdy is that.. 1176245856 M * blizz Hollow, i hate cosmetic bugs ;-) 1176245862 M * Hollow exactly :) 1176246024 M * blizz which version does it apply to? any of the reent? i ahve 0.30.212 1176246191 M * Hollow trunk :) 1176246216 M * Hollow but well, it just adds two files and the hunk in vserver-build.debootstrap should work in amost any recent release 1176246345 M * blizz ok, good enough 1176246964 M * mjt why all this compatibility layering and remapping in util-vserver? 1176247031 M * mjt so it works with all versions? 1176247037 M * mjt of kernel i mean 1176247082 M * Hollow mjt: yep 1176247097 M * Hollow most wrapper stuff is just ugly legacy cruft :) 1176247120 M * mjt vcd also uses this technique? 1176247134 J * FireEgl Proteus@adsl-61-136-122.bhm.bellsouth.net 1176247139 M * Hollow no 1176247139 M * mjt wug, even syscall is implemented (assembly). 1176247158 M * Hollow well, there is no vserver syscall in glibc :) 1176247176 M * mjt but there are headers defining _syscall*() macros 1176247184 M * mjt in linux 1176247206 M * Hollow but you need kernel headers for that iirc, or you have to use the combined syscall() function in glibc 1176247220 M * Hollow not sure if diet'd support this 1176247275 M * mjt it doesn't 1176247287 M * mjt but does 1176247297 M * Hollow yeah, but these are kernel headers 1176247307 M * Hollow you usually don't build programs against kernel headers 1176247307 M * mjt yup 1176247335 M * mjt yeah, you usually copy stuff from kernel headers into programs.. that works better ;) 1176247347 M * Hollow yeah, that's what we do 1176247352 M * Hollow except for the syscall macros :) 1176247370 M * mjt including syscall macros 1176247462 M * mjt $ ./configure --help 1176247462 M * mjt --disable-alternative-syscalls 1176247462 M * mjt do not use the alternative _syscallX macros provided 1176247462 M * mjt by Herbert Poetzl (default: use them) 1176247605 M * mjt in vserver kernel headers i see the structure names ends with one or another version suffix -- like struct vcmd_vhi_name_v0 or vcmd_ctx_caps_v1. So we assume the interfaces WILL change for sure? 1176247656 Q * Aiken Remote host closed the connection 1176247707 M * mjt version number is even encoded into vserver syscall argument 1176247741 Q * onox Quit: leaving 1176247763 M * mjt some are up to v5 already -- vcmd_sched_v5 1176247829 J * Aiken ~james@ppp194-30.lns1.bne1.internode.on.net 1176247945 P * stefani I'm Parting (the water) 1176247945 M * mnemoc daniel_hozac: do you know any trick to use dev/console as unix domain socket, or pipe i can attach using screen? 1176247955 M * mnemoc hi! ,-9 1176247957 M * mnemoc ,-) 1176248002 M * Hollow mnemoc: you get a free beer if you solve this problem :) 1176248013 M * mnemoc :D 1176248030 M * mnemoc hi Hollow :) 1176248034 M * Hollow i already suggested sth. like a virtual console that can be attached to 1176248055 M * Hollow but i guess the implementation is rather non-trivial 1176248073 M * mnemoc have you looked into http://dtach.sourceforge.net/ ? 1176248093 M * Hollow well, attach/detach is not the real problem i guess :) 1176248114 M * mjt how about using a pty as /dev/console? 1176248123 M * mnemoc that is a simplified version, using a unix domain socket for a single terminal, afaik 1176248141 M * mnemoc *blink* 1176248154 M * mjt unix domain socket is not a tty - and some programs checks for that 1176248195 M * Hollow well, you could just create a new pseudo-terminal, but how do you create that on the host prio to starting guests init? 1176248211 M * Hollow while making it still accessible in vservers 1176248221 M * Hollow (remember: host cannot see guests pts devices) 1176248241 M * mjt create the pty pair on guest and bind-mount the slave device? 1176248257 M * mjt s/guest/host/ 1176248289 M * mjt but i've almost 0 knowlege on the vserver internals 1176248300 M * mjt bind-mounting /dev/log seems to work 1176248326 M * mnemoc /dev/log is a fifo 1176248328 M * mjt dunno about pty devices and stuff around them in vserver kernel space 1176248354 M * mjt /dev/log is usually a unix-domain socket 1176248361 M * Hollow well, if you start mounting file descriptors from host to guest you end up with a nifty chroot whole 1176248363 M * mjt but doesn't matter - it sure isn't a tty/pty 1176248382 M * mjt file descriptors? 1176248400 M * Hollow terminal, fd, console .. whatever 1176248403 M * mjt it's a namespace thing 1176248421 M * mjt yes it becomes.. funny with chroots 1176248465 M * Hollow mjt: http://linux-vserver.org/Secure_chroot_Barrier#Transferring_file_descriptors_with_SCM_RIGHTS 1176248482 M * mjt i know that trick 1176248504 M * Hollow not sure, but i guess this could apply to the pts case as well 1176248519 M * Hollow anyway, off to bed now 1176248522 M * mjt (you have to actually pass the right filedescriptor there - which is umm.. not easy ;) 1176248539 M * mnemoc what was wrong on copying the node corresponding to a pts allocated on the host during pre-start into dev/console? 1176248565 M * mjt it's not a simple device node 1176248578 M * mnemoc :( 1176248580 M * mjt well.. it might be, or may be not 1176248601 M * mjt if it's /dev/pts/somehing, you can't do anything wiht it without the devpts filesystem 1176248602 M * mnemoc c 136, x ... 1176248611 M * mnemoc :( 1176248637 M * mjt if it's /dev/ptyXX (the old BSD pts - I usually turn them off in kernel configs) - it should work 1176248670 M * mjt but bind-mounting a single file works too 1176248696 M * mjt by the way, almost all the ways to break out of chroot on that page are.. moot 1176248700 M * mnemoc what's weak on bind-mounting a tty? 1176248721 M * mnemoc :( 1176248767 M * mjt most talk is about chroot without chdir - it's definitely not an issue - just do the damn chdir and don't use broken chroot command 1176248832 M * mjt passing a filedescriptor over unix-domain socket - go find the socket (ok, /dev/log counts), and go force the server listening on that socket (running outside the chroot) to send you the damn filedescriptor 1176248866 M * mjt syslog just doesn't know how to do that 1176248905 Q * bzed Quit: Leaving 1176248948 M * mjt (not that it's impossible to find a buffer overflow in syslogd and force it to run some code... but in that case there's no need to 'break out of chroot', you can run a command outside using that syslog vulnerability) 1176249074 M * mjt all the papers/discussions saying "there ARE ways to break out of chroot" don't actually mention any WORKING method 1176249110 M * mnemoc :( 1176249127 M * mjt (and it seems that "Secure chroot barrier" doesn't make it any harder or simpler) 1176249134 M * mnemoc doh 1176249319 M * mjt well. copying /dev/pts/$N might work too 1176249328 J * DoberMann_ ~james@AToulouse-156-1-34-68.w81-49.abo.wanadoo.fr 1176249405 M * mnemoc mjt: uhm? 1176249417 M * mjt to the guest's /dev/console 1176249430 Q * DoberMann[ZZZzzz] Ping timeout: 480 seconds 1176249508 M * mnemoc mjt: and should that be somehow easier than playing with filedescriptors? 1176249584 M * mjt it Just Works (tm)