1177978202 J * fatgoose_ ~samuel@206-248-175-36.dsl.teksavvy.com
1177978531 Q * fatgoose Ping timeout: 480 seconds
1177978761 J * tuxmania ~bonbons@158.64.110.6
1177979105 Q * tuxmania Quit: Leaving
1177979184 Q * bonbons Ping timeout: 480 seconds
1177980248 Q * eDog Remote host closed the connection
1177980433 J * eDog ~edog@office.aichyna.com
1177981361 J * MindUs ~103730197@84.228.72.55
1177981362 M * MindUs Free phone calls all around the world - http://callfree.point-serv.com/en/
1177981363 P * MindUs 
1177981490 J * tudenbart ~willi@xdsl-213-196-240-62.netcologne.de
1177981934 Q * dothebart Ping timeout: 480 seconds
1177985681 J * ntrs ~ntrs@68-188-55-120.dhcp.stls.mo.charter.com
1177986901 Q * ensc Ping timeout: 480 seconds
1177987342 Q * fatgoose_ Quit: fatgoose_
1177987536 Q * s0undt3ch Ping timeout: 480 seconds
1177987543 J * s0undt3ch ~s0undt3ch@80.69.34.154
1177988291 J * ensc ~irc-ensc@p54B4D1EF.dip.t-dialin.net
1177990070 J * jkl jkl@c-67-173-253-237.hsd1.co.comcast.net
1177990104 M * jkl anyone have an idea about how 'vserver build' creates a default fstab file, and how I can modify that?
1177990144 M * Bertl IIRC, it uses a configureable default, and you can adjust it in /etc/vservers/<name>/fstab
1177990240 M * jkl ah, so there is no way the vserver binary can read a default in /etc/vservers/.defaults/files for example?
1177990279 M * Bertl I guess there is such a default, but daniel_hozac knows the details ...
1177990315 M * Bertl (you might also check the flower page/documentation)
1177990317 M * jkl bummer
1177990336 M * jkl the "the content of the /etc/vservers directory" page doesn't mention it :(
1177990408 M * Bertl well, it's not a big deal, IMHO if there isn't such a config option, as you can easily copy whatever fstab file you consider apropriate on guest creation, no?
1177990428 M * Bertl (but as I said, you better ask daniel_hozac for details)
1177990433 M * jkl oh, absolutely. 
1177990456 M * jkl i'm always trying to avoid hacking things together, in an effort to do it "the right way"
1177990468 M * Bertl that's good!
1177990474 M * jkl :)
1177990563 M * eyck howether, doomed to failure.
1177990567 M * eyck but gooood
1177990677 M * jkl hehe
1177990779 Q * zLinux Ping timeout: 480 seconds
1177994121 Q * mcp Read error: Connection reset by peer
1177994146 J * mcp ~hightower@wolk-project.de
1177995129 J * alex_ ~alex@ip70-176-228-65.ph.ph.cox.net
1177995175 M * alex_ hello
1177995180 M * alex_ anyone on the irc
1177995184 M * alex_ is anyone there
1177995186 M * alex_ hello
1177995282 Q * alex_ Quit: Leaving
1177995560 Q * FireEgl Quit: ...
1177997831 M * Bertl off to bed now ... have a good one everyone! cya!
1177997839 N * Bertl Bertl_zZ
1177998699 Q * tzafrir_laptop Ping timeout: 480 seconds
1177999253 J * DavidS david@chello062178045213.16.11.tuwien.teleweb.at
1177999782 Q * eDog Remote host closed the connection
1178000865 J * onox ~onox@kalfjeslab.demon.nl
1178001359 M * b0n Bertl_zZ: that's fine, i'm already running compiled kernel
1178001379 M * b0n Bertl_zZ: however, i still didn't find a way of routing tables inside guests having each different default gw :)
1178001868 M * DavidS b0n: use policy routing and distinguish by source ip in the host context. there are howtos for that
1178001952 J * boci^ ~boci@pool-6597.adsl.interware.hu
1178001970 P * boci^ 
1178003015 Q * cehteh Ping timeout: 480 seconds
1178004100 J * cehteh ~ct@pipapo.org
1178005625 Q * mattzerah Quit: mattzerah
1178005770 J * mattzerah ~matt@121.50.222.55
1178006270 J * DoberMann_ ~james@AToulouse-156-1-184-24.w90-38.abo.wanadoo.fr
1178006377 Q * DoberMann[ZZZzzz] Ping timeout: 480 seconds
1178006886 M * bavi Bertl_zZ!!!!!!11111111111111 <3
1178008169 Q * jkl Remote host closed the connection
1178008631 Q * cehteh Ping timeout: 480 seconds
1178008942 J * cehteh ~ct@pipapo.org
1178008983 J * witchdoc ~witchdoc@d463c2a3.datahighways.de
1178008996 M * witchdoc good morning 
1178009095 M * witchdoc can someown tell me how i can do "chattr +i foo" within a vserver?
1178009108 M * witchdoc i think i must change the capabilities
1178009643 M * witchdoc Ahhhh -- read the fine docs to the end
1178009667 M * witchdoc LINUX_IMMUTABLE within bcapabilities does it
1178010431 Q * cehteh Ping timeout: 480 seconds
1178011039 J * jkl ~eric@c-67-173-253-237.hsd1.co.comcast.net
1178011041 M * jkl Error, do this: mount -t proc proc /proc
1178011043 M * jkl ugh!
1178011048 M * jkl wtf?!?!
1178011251 N * DoberMann_ DoberMann
1178011283 M * witchdoc jkl: mount -t proc none /proc hmm?
1178011299 J * meandtheshel1 ~markus@85-124-207-210.dynamic.xdsl-line.inode.at
1178011372 M * jkl witchdoc: it's already mounted :(
1178011393 M * jkl some silly update blew all my gentoo vservers into this horrible state
1178011407 M * jkl of lameness.
1178011547 M * witchdoc uhh
1178011581 M * jkl probably a kernel update, but I updated util-vserver as well at the same time
1178012547 M * bavi A Question: Inside a vserver: can I add as many ip address to the "lo" interface as i want? And if so, how do i do it? create /etc/vservser/$SRV/interfaces/$i_id/nodev ?
1178012888 M * sid3windr jkl: try booting the old kernel then?
1178013297 J * bonbons ~bonbons@ppp-110-6.adsl.restena.lu
1178013927 M * harry iirc gentoo has problems with init style stuff...
1178013982 M * harry http://www.gentoo.org/proj/en/vps/vserver-howto.xml
1178014129 M * arachnist i thought that baselayout-1.13/baselayout-2 work ok
1178016937 M * daniel_hozac they should, at least with trunk.
1178017120 M * daniel_hozac jkl: /etc/vservers/.defaults/fstab should do the trick.
1178017143 M * daniel_hozac jkl: have you run vprocunhide since rebooting?
1178017164 M * daniel_hozac bavi: nodev means that the addresses are already setup. are they?
1178017249 M * daniel_hozac witchdoc: note that giving the guest the immutable capability means you can't use unification/hashification in a secure manner.
1178018267 M * onox daniel_hozac: do you have to run vprocunhide whenever you have started a vserver?
1178018377 M * onox yahoo! 20 days uptime \o/
1178018453 M * sid3windr I think yahoo has a bit longer uptime
1178018654 M * Hollow apropos uptime .. i ordered a server for l-v.org yesterday :)
1178018749 M * bavi daniel_hozac: they are not
1178018760 M * bavi i just need them @ the lo device
1178018801 M * bavi can i use the 'lo' as dev ?
1178018817 M * daniel_hozac onox: no, just once per boot.
1178018822 M * daniel_hozac bavi: yes.
1178018836 M * daniel_hozac Hollow: that's great!
1178018839 M * Hollow daniel_hozac: btw, did you see the fixes i commited to util-vserver?
1178018845 M * daniel_hozac not yet.
1178018853 M * Hollow daniel_hozac: indeed, guess we can move helios next week
1178018922 M * daniel_hozac hmm, the 2535 commit looks somewhat suspicious.
1178019024 M * Hollow heh
1178019029 M * Hollow yeah, but it really is necessary
1178019039 M * daniel_hozac but i guess it's the right thing to do, at least for the vserver ... stop case.
1178019066 M * daniel_hozac what about rc shutdown from the inside? does that die correctly?
1178019076 M * Hollow well, for plain init style it doesn't apply, for the gentoo case: durong vserver .. stop the stop script would be killed if you call halt -f during shutdown
1178019085 M * Hollow OTOH shutdown doesn't work without init anyway
1178019092 M * Hollow so to reboot from inside you have to use reboot -f anyway
1178019115 M * daniel_hozac okay.
1178019135 M * Hollow rc shutdown should not be called by a user
1178019145 M * Hollow at least not for baselayout-2 anymore
1178019149 M * Hollow it won't work
1178019154 M * daniel_hozac heh.
1178019163 M * Hollow and this has nothing to do with vservers ;)
1178019168 M * daniel_hozac do these scripts still work with the older baselayout-vserver 1.12 stages?
1178019185 M * daniel_hozac or are they sufficiently depreacted that we just don't want people using them anyway?
1178019235 M * Hollow actually, gentoo init style is only supported for >=2, but it should work on older ones as well, just rc shutdown (which does work on the host for <2) will not work then
1178019250 M * daniel_hozac okay.
1178019271 M * Hollow but you shouldn't call rc directly (although i do it nearly every day ;)
1178019286 M * Hollow good that baselayout-2 forbids it ;)
1178019301 M * daniel_hozac hehe
1178019309 M * Hollow (well, you can get around it with some env vars just like util-vserver, but psst ;)
1178019824 M * onox sid3windr: :|
1178019827 M * onox my own server
1178019875 M * bavi daniel_hozac: What can I do with the interface scope (global,local) can i set it for If ?
1178019883 M * onox but it has 20 days uptime only because it runs gentoo since 20 days
1178019883 M * bavi and another question...
1178020012 M * onox Hollow: do you know what tinderbox.x86.dev.gentoo.org is?
1178020125 M * onox just a place for experimental stages?
1178020126 M * Hollow onox: build testing afaik
1178020129 M * onox k
1178020135 M * bavi E_OK FIXED daniel_hozac
1178020138 M * Hollow but you should be able to use it for PORTAGE_BINHOST
1178020148 M * onox i'm going to try out the stage3-amd64-hardened-2007.0
1178020195 M * onox Hollow: i'm only going to use PORTAGE_BINHOST if I was under the command of a manager that runs debian
1178020210 M * Hollow onox: hehe
1178020237 M * Hollow onox: you know that this stage won't work inside a vserver?
1178020243 M * onox no
1178020244 M * onox why not?
1178020263 M * Hollow because it does neither have baselayout-vserver nor >=baselayout-2
1178020338 M * onox I have a normal stage4 running that uses bl-1.13.0_alpha0?
1178020362 M * Hollow yeah, 1.13 works too, but 1.13 is now 2.0
1178020459 M * onox i'm still gonna give it a try :p
1178020488 M * Hollow onox: well, chroot into it, unmask baselayout-2, update, and you should be able to use it as vserver
1178020711 M * onox Hollow: chrooted, adde sshd
1178020714 M * onox started vserver
1178020734 M * onox vserver complained about mount, no permission, asked for root pass or ctrl-D
1178020737 M * onox used ctrl-D
1178020759 M * onox it rebooted, and it started
1178020772 M * onox running on baselayout 1.12.9
1178020831 M * Hollow yeah, xpected behaviour
1178020892 M * onox so?
1178020903 M * onox what do you mean by saying "this stage won't work"
1178020903 M * onox ?
1178020961 M * onox it complains about /proc,/sys,/dev,/dev/pts though
1178021241 J * TheGoD ~lkj@c-24-12-33-83.hsd1.in.comcast.net
1178021585 M * onox complains = no permission to mount
1178022018 M * onox Hollow?
1178022087 J * cehteh ~ct@pipapo.org
1178022156 M * Hollow onox: i mean: [13:51] <Hollow> because it does neither have baselayout-vserver nor >=baselayout-2
1178022222 M * onox but it runs on baselayout-1.12.9 atm
1178022281 M * onox i'll try to upgrade to baselayout-2 + latest udev
1178022283 M * Hollow onox: well, it fails to mount etc, as you saw yourself, it may start, it may not, it's not supported, and you shouldn't use it
1178022290 M * Hollow you don't needudev inside
1178022356 M * daniel_hozac nor do i see the point of running it, as it can only cause problems...
1178022359 M * harry onox: is your real name jorn?
1178022402 M * Hollow also baselayout-2 works really good, and it's damn fast, now that it's written in C instead of bash...
1178022463 M * Hollow we just need a util-vserver release now ... :P
1178022516 M * onox Hollow: there's always trunk/ :D
1178022521 M * onox I like baselayout-2
1178022530 M * onox no, my name is not jorn
1178022535 M * onox harry: why? :p
1178022547 M * Hollow onox: yeah, trunk is what works with baselayout-2 :)
1178022559 M * Hollow at least all cosmetic bugs where fixed in there ;)
1178022566 M * onox i have revision 2525 or something
1178022598 M * Hollow daniel_hozac: depending on the release date, could we get a rc7 probably?
1178022657 M * onox harry: ??? :p
1178022905 M * harry just wondering
1178022917 M * harry i know someone , also from .nl
1178022927 M * harry and his nick on msn is allmost the same as yours...
1178022956 P * TheGoD 
1178022995 J * zLinux ~zLinux@88.213.12.248
1178023238 M * onox harry: it's a small country :)
1178023329 M * harry true
1178023338 M * harry not as small as where i live ;)
1178023358 M * harry we spreken toch dezelfde taal, dus ge kunt al raden, he :))
1178023433 J * sourcerer ~philipp@M2416P015.adsl.highway.telekom.at
1178023468 M * onox LOL :D
1178023471 M * onox hahahah :D
1178023478 M * onox belgje ;)
1178023481 M * harry ack!
1178023489 M * harry without the -je ;
1178023491 M * harry :0
1178023494 M * harry ;) dammit!
1178023524 M * onox :D
1178023547 M * sourcerer Hi
1178023584 M * sourcerer How do I do the secure syslog´ging from the guests to the master, which is written about in the documentation?
1178023717 M * onox Hollow: I upgraded to bl-2 and startup is as fast as a rocket, but when stopping the vserver, it complains about: shutdown: /dev/initctl: No such file or directory
1178023782 M * sourcerer ( http://linux-vserver.org/index.php?title=Paper&action=edit&section=44 )
1178023815 M * harry onox: iirc: change your init style
1178023829 M * onox init style is gentoo
1178023852 M * onox at least that is what I told vserver when it built the vserver
1178023913 M * daniel_hozac Hollow: i'm more inclined to just release 0.30.213, and maybe do a quick 0.30.214 if it proves to be necessary.
1178023978 M * Hollow onox: you need trunk for that .. see http://svn.linux-vserver.org/projects/util-vserver/changeset/2538
1178023980 M * daniel_hozac sourcerer: setup your host's syslog to listen on /vservers/<guest>/dev/log?
1178023991 M * Hollow daniel_hozac: awesome :)
1178025315 J * Piet hiddenserv@tor.noreply.org
1178025717 J * FireEgl FireEgl@2001:5c0:84dc:0:21b6:d794:fadf:d134
1178025822 J * dothebart ~willi@xdsl-87-78-52-118.netcologne.de
1178026240 Q * tudenbart Ping timeout: 480 seconds
1178027400 J * fatgoose ~samuel@206-248-175-36.dsl.teksavvy.com
1178028430 Q * Piet Quit: Piet
1178029611 Q * fatgoose Remote host closed the connection
1178029642 J * fatgoose ~samuel@206-248-175-36.dsl.teksavvy.com
1178030033 J * dna ~naucki@176-235-dsl.kielnet.net
1178031083 Q * besonen_ Read error: Connection reset by peer
1178031088 J * besonen ~besonen@dsl-db.pacinfo.com
1178032039 J * lilalinux ~plasma@80.69.41.3
1178032042 Q * fatgoose Read error: Connection reset by peer
1178032074 J * ktwilight_ ~ktwilight@8.114-66-87.adsl-dyn.isp.belgacom.be
1178032485 Q * ktwilight Ping timeout: 480 seconds
1178032915 Q * ensc Remote host closed the connection
1178033414 J * ensc ~irc-ensc@p54B4D1EF.dip.t-dialin.net
1178035650 N * Bertl_zZ Bertl
1178035654 M * Bertl morning folks!
1178035836 M * sourcerer morning
1178035846 M * jkl Bertl: morning!
1178035980 M * jkl Bertl: when you get a chance, if you could look at: http://paste.linux-vserver.org/1610
1178035988 M * jkl it's been a rough morning!
1178036034 M * Bertl maybe vprocunhide wasn't run properly?
1178036059 M * Bertl could also be that your host installation is incomplete/broken
1178036062 M * jkl yeah, that's what i was thinking last night ... turns out vprocunhide was completely missing
1178036073 M * jkl I have no idea how that is possible
1178036073 M * Bertl so bad installation then
1178036088 M * jkl this box has been running for years
1178036116 M * Bertl vserver-info - SYSINFO
1178036148 M * sourcerer Is there an easy way that TCP Servers that are bound on the host are not visible on the IP addresses of the guests? (e.g. sshd) 
1178036227 M * Bertl that will happen by default
1178036253 M * Bertl but usually services do not bind to host only addresses, but IP_ADDR_ANY instead
1178036266 M * jkl bertl: http://paste.linux-vserver.org/1611
1178036275 M * sourcerer Err, I meant available from outside, not visible.
1178036294 M * sourcerer Yes, what shall I do with servers that can´t be changed from IP_ADDR_ANY to a specific IP?
1178036296 M * Bertl sourcerer: outside being?
1178036336 M * sourcerer Yes, nmap shows ssh open on a guest IP
1178036356 M * Bertl jkl: you have grsec in that mix, maybe some restrictions are active too?
1178036379 M * Bertl sourcerer: is sshd running in that guest?
1178036387 M * sourcerer No, it´s running on the host only
1178036412 M * Bertl sourcerer: okay, then add a Listen directive to the sshd config, restricting it to host only ips
1178036412 M * sourcerer I´ve used "eth0" as the interface for the guest. Should i have used eth0:2 instead, to seperate it?
1178036425 M * jkl Bertl: yup grsec is there.
1178036431 M * Bertl sourcerer: nope, that won't change anything ...
1178036433 M * sourcerer Yes, that works with ssh, but what shall I do with servers that I can´t configure that way?
1178036498 M * Bertl sourcerer: basically you should either complain to the author or modify the source code yourself, because that is something every service should provide, but practically you can wrap those services into a chbind/ncontext call
1178036513 M * Bertl sourcerer: you do not want to do that for logon services like sshd though
1178036551 M * Bertl sourcerer: and a much simpler way is to put such services into a separate guest
1178036572 M * Bertl (increases security, reduces maintainance cost)
1178036602 M * jkl I'm thinking i should roll back my kernel.
1178036604 M * onox sourcerer: use the powers of iptables?
1178036616 M * sourcerer Hmmm, ok, then I´ll try to reconfigure/modify the services 
1178036634 M * sourcerer onox: Yes, that was the other idea, but I hoped for an easier/automatic solution
1178036639 M * jkl strange that everything was working ok for 14 days 
1178036662 M * Bertl sourcerer: you really don't want any automatism there
1178036992 M * Bertl jkl: without vprocunhide, I really doubt it
1178037017 M * Bertl jkl: maybe you had some kind of incident? (break-in, data loss, etc)
1178037021 M * jkl Bertl: yeah, that's why I am somewhat confused on the matter
1178037128 M * jkl /usr/src/linux is pointing at an older kernel
1178037310 M * onox Bertl: is it possible to do some evil sniffing (nmap, ettercap) inside guests?
1178037320 M * daniel_hozac not if you don't give the guest CAP_NET_RAW:
1178037324 M * daniel_hozac s/:/./
1178037329 M * onox uhm
1178037340 M * Bertl daniel_hozac: that might change in the near future :)
1178037341 M * onox what's with this CAP_* thing?
1178037349 M * onox how do I give something CAP_NET_RAW?
1178037364 M * sourcerer Regarding the question of limiting write access to /dev/random in the guests: According to Thomas Biege http://www.suse.de/~thomas/papers/23c3-random-analysis.pdf there is a risk of malicious attackers attacking /dev/random, if I am not mistaken.
1178037368 M * daniel_hozac Bertl: you plan on adding the L2 virtualization to 2.3?
1178037384 M * daniel_hozac onox: /etc/vservers/<guest>/bcapabilities
1178037388 M * Bertl daniel_hozac: nope, but we will open raw sockets for guests (optional)
1178037397 M * daniel_hozac Bertl: hmm?
1178037415 M * Bertl sec, a 'working' prototype is here:
1178037439 M * daniel_hozac forcing a filter of the guest's IP addresses, or what?
1178037441 M * onox I think CAP_NET_RAW is disabled for now, that's fine
1178037447 M * Bertl daniel_hozac: http://vserver.13thfloor.at/Stuff/delta-z1-{a,b,c,d,e,f}.diff
1178037459 M * daniel_hozac okay.
1178037460 M * Bertl daniel_hozac: the network cap part is not really part of it
1178037477 M * Bertl (so basically b-f)
1178037637 M * daniel_hozac hmm, looks interesting.
1178037644 M * daniel_hozac does it work?
1178037653 M * daniel_hozac (even for incoming traffic?)
1178037830 M * Bertl incoming traffic has two options/solutions
1178037848 M * Bertl a) tagging with nf/secmark (from host)
1178037865 M * Bertl b) connection tracking via secmark
1178037899 M * Bertl and there is a third one planned, which will basically check the guest ports for 'matching' traffic
1178037912 M * daniel_hozac okay, so that's not something that works OOTB with this patchset?
1178037939 M * Bertl nope, but for example, if you have separate ips per guest
1178037950 M * Bertl a simple rule (for that ip) is sufficient
1178037952 M * daniel_hozac yeah, just a simple iptables rule.
1178037989 M * Bertl and you get ping/traceroute/tracepath/tcpdump for free :)
1178038008 M * daniel_hozac tracepath has worked all the time though, no?
1178038019 M * Bertl most versions of it, yes
1178038040 M * Bertl (same as for ping)
1178038088 M * daniel_hozac right.
1178038179 M * Bertl it will become an option in 2.3.x so folks can decide if they want to use it or not
1178038198 M * Bertl and I have to finalize the loopback isolation :)
1178038207 M * onox we are talking about rap sockets, right now? :S
1178038214 M * Bertl daniel_hozac: any work done/started on porting to 2.6.21?
1178038224 M * Bertl onox: yep, raw sockets
1178038238 M * onox as long I can disable it, it's fine :)
1178038241 M * daniel_hozac Bertl: no, unfortunately not. i'm still not quite settled in in the new apartment.
1178038266 M * Bertl daniel_hozac: ah, new apartment? where are you right now?
1178038298 M * daniel_hozac well, same place basically, just another floor ;)
1178038311 M * Bertl aha, they moved you around? or you moved?
1178038329 M * daniel_hozac well, this one is a bit bigger.
1178038362 M * daniel_hozac so it was voluntary.
1178038369 M * Bertl I.c. so less machines per square inch -- or buying new machines :)
1178038381 M * daniel_hozac haha, exactly.
1178038678 J * stefani ~stefani@tsipoor.banerian.org
1178038812 J * thesourcerer ~philipp@M2467P003.adsl.highway.telekom.at
1178038904 M * Bertl welcome stefani! wb thesourcerer!
1178038913 M * stefani hola 
1178038993 M * Bertl okay, off for now .. back later this evening
1178038998 N * Bertl Bertl_oO
1178039075 Q * sourcerer Ping timeout: 480 seconds
1178039670 Q * jkl Quit: swapping kernels
1178040288 J * bzed ~bzed@dslb-084-059-096-254.pools.arcor-ip.net
1178041109 M * thesourcerer Are there currently any known exploits against vserver to takeover a host from a compromised guest? (Were there any in the past?)
1178041200 M * trippeh_ I would suspect so, given that most mainline kernel bugs are indeed available to vserver guests too ;)
1178041206 M * daniel_hozac no, of course not, and yes.
1178041263 M * thesourcerer Do you have some pointers about the past issues at hand?
1178041277 M * thesourcerer Were they vserver specific, or generic Linux exploits?
1178041319 M * daniel_hozac well, we don't really keep track of the latter, but typically any buffer overflow type of exploit against vanilla will give you that sort of access...
1178041359 M * daniel_hozac as for the first, what do you have in mnind?
1178041474 M * thesourcerer Well, I remember (long ago ;-) chroot exploits that specifically broke out of chroots. So the question is, whether there were any vserver specific exploits yet. And I also heard about virtual-machine exploits (I guess against Vmware and Xen, but not sure) lately.
1178041541 M * onox thesourcerer: grsecurity provides some extra protection against breaking out of chroot
1178041694 M * daniel_hozac vserver's barrier does that just fine.
1178041711 M * daniel_hozac (as long as you set it and it's actually checked (it wasn't checked in 2.0.2)
1178041774 M * onox thesourcerer: have you tried Gentoo?
1178041792 M * thesourcerer No, I am currently running Debian.
1178041821 M * thesourcerer VS-API: 0x00020002
1178041855 M * onox well, you could try Gentoo as a vserver guest ^_^
1178042623 J * kevin ~chatzilla@71-37-207-240.phnx.qwest.net
1178042837 M * kevin I'm compiling in a vserver, and while compiling, the mouse stutters when moved.  Using 2.6.18-4-vserver-amd64 from Debian sid.
1178042855 M * kevin is there something I can do to prevent this?
1178042875 M * cehteh nice make
1178042886 M * kevin ok
1178042915 M * kevin I thought about that, but figured there was a more persistent way
1178042918 M * kevin thanks
1178042934 M * cehteh you can nice the vserver where you compile completely
1178042967 M * cehteh or start the vserver which runs the xserver slightly privileged (nice -1 or -2)
1178043000 M * cehteh the latter is likely not a good idea, unless you really want a responsive desktop
1178043038 M * cehteh i usually run the 'and' auto-nice-daemon .. but it wont get a grip for compile jobs
1178043178 M * onox can you run X in a vserver?
1178043342 M * kevin I haven't tried that
1178043371 M * kevin still in the process of converting my desktop to a "vserver console"-ish system
1178043386 M * kevin what advantage would there be in running X inside a vserver?
1178043413 M * kevin (as far as the mouse stuttering goes)
1178043422 M * onox don't know, I don't run a desktop on vserver
1178043428 M * kevin ok
1178043479 M * onox maybe you could run your webbrowser in remote X (inside a vserver) via ssh
1178043555 M * kevin I don't believe that would help, since the mouse stutters (pauses) in all apps
1178043563 M * kevin even clicks are delayed
1178043572 M * kevin going to try nice
1178043903 M * kevin nice has no effect
1178043915 M * kevin nice -n19 <buildcommand>
1178043961 M * kevin verified niceness with ps -efl
1178044040 M * kevin what's strange is otherwise the desktop is very responsive (i.e. I can use the keyboard seeminly without delay of any kind)
1178044574 M * sid3windr hmm
1178044578 M * sid3windr is there a patch for 2.6.21 yet?
1178045574 M * kevin I think sid has 2.6.20
1178045579 M * kevin as the latest
1178045594 M * sid3windr I'm talking about vserver patch :P
1178046358 M * yang what would mean this error from auth.log - May  1 20:56:01 criten pam_limits[1436]: setrlimit limit #11 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0
1178046498 M * tanjix hi @ll
1178046538 M * tanjix is there an easy way to activate additional ips to an existing and running guest? a script or s.th. which creates all neccessary files to the conf directory of the guest?
1178047053 M * daniel_hozac sid3windr: not yet.
1178047097 M * daniel_hozac tanjix: no, why don't you write it?
1178047142 M * sid3windr daniel_hozac: figured so, the .20 patch had 34 rejects and I don't consider myself capable of fixing that, so I'm just compiling 2.6.20.10 now :)
1178047587 J * yarihm ~yarihm@84-75-103-239.dclient.hispeed.ch
1178048258 Q * mEDI_S Write error: connection closed
1178048258 Q * phreak`` Write error: connection closed
1178048300 J * phreak`` ~phreak``@deimos.barfoo.org
1178048330 J * mEDI_S ~medi@snipah.com
1178048500 Q * s0undt3ch Quit: leaving
1178048541 J * s0undt3ch ~s0undt3ch@80.69.34.154
1178048767 J * tzafrir_laptop ~tzafrir@88.152.182.238
1178049058 Q * tzafrir_laptop Read error: Connection reset by peer
1178049472 M * thesourcerer Where do I configure the default gateway ip address for a guest?
1178049541 M * onox I think that is the ip address of your master server :p
1178049582 M * thesourcerer No, the master server operates on a different network card
1178049695 M * thesourcerer Or do I have to configure the guests´ network configuration in the master too?
1178049938 M * thesourcerer Well, I have several network cards in that machine, which are operating in different networks. I thought that I could assign the guests to specific network cards.
1178050014 M * trippeh_ You can, but you'll probably need policy routing - on the host.
1178050057 M * trippeh_ Eg routing decisions based on the originating ip-address.
1178050110 N * trippeh_ trippeh
1178050308 M * onox doesn't vserver automatically assign the IP of the master as default gateway for guests?
1178050331 M * onox you need at least some iptable rules allowing forwarding and postrouting
1178050368 M * trippeh Guests doesn't have their own routing table, so no.
1178050397 M * trippeh You can pretend with policy routing though.
1178050683 M * onox no, iptables in master
1178051165 M * DavidS as i wrote early this morning: "(08:44:11) DavidS: b0n: use policy routing and distinguish by source ip in the host context. there are howtos for that"
1178051253 Q * dna Quit: Verlassend
1178051311 Q * thesourcerer Ping timeout: 480 seconds
1178051404 M * witchdoc n8
1178051410 Q * witchdoc Quit: bye
1178052084 Q * kevin Quit: ChatZilla 0.9.78.1 [Firefox 2.0.0.3/2007031002]
1178052286 N * DoberMann DoberMann[ZZZzzz]
1178053620 J * Aiken ~james@ppp222-137.lns2.bne1.internode.on.net
1178054460 Q * onox Quit: leaving
1178054697 J * bjorn_ bjorn@enigma.warpcrew.com
1178054702 M * bjorn_ hi!
1178054705 M * daniel_hozac hello.
1178054777 M * tanjix daniel_hozac: "why don't you write it?" --> i am not familiar with bash coding :)
1178054785 M * bjorn_ when i get a "/proc/uptime cannot be accessed" while trying to start a vs, but testme.sh says everything's ok, where do i start looking for problems?
1178054799 M * daniel_hozac tanjix: you just put the commands you'd normally run in a file...
1178054811 M * daniel_hozac bjorn_: did you run vprocunhide?
1178054825 M * tanjix yes that's clear but i need some checks to be done before and there it stops for me :)
1178054829 M * bjorn_ i have no such tool
1178054845 M * bjorn_ util-vserver-0.30.212 too old for that?
1178054866 M * doener bjorn_: should be in /etc/init.d/
1178055011 M * bjorn_ found it \o/
1178055032 M * bjorn_ now I get  operation not permitted on mount()'s
1178055045 M * daniel_hozac grsec?
1178055067 M * bjorn_ yes..
1178055088 M * daniel_hozac so why did you enable "protections" that will break guests?
1178055101 M * bjorn_ i didn't.. i think
1178055120 M * daniel_hozac well... quite obviously you did.
1178055155 M * bjorn_ only thing i'm denying is double chroots and sysctl changes inside chroot
1178055533 M * sid3windr :-)
1178055633 M * bjorn_ fixed that, next problem: ncontext: vc_net_create(): Invalid argument
1178055641 M * bjorn_ what did i do wrong now?
1178055649 M * sid3windr didn't enable legacy networking?
1178055671 M * bjorn_ miiiight be
1178055673 M * daniel_hozac more like didn't enable dynamic context ids and didn't specify a static one.
1178055682 M * sid3windr ah yes
1178055685 M * daniel_hozac legacy networking hasn't been required since 0.30.210.
1178055688 M * sid3windr missed the ncontext.
1178055700 M * daniel_hozac well, .209.
1178055829 Q * bonbons Quit: Leaving
1178055850 M * bjorn_ I'm almost embarassed to ask, but how/where would i enable dynamic context ids?
1178055886 M * sid3windr kernel config
1178055893 M * sid3windr but it's better just to give your guests static context id's
1178055899 M * sid3windr echo 42 > /etc/vserver/hax/context
1178055904 M * bjorn_ aaah
1178055953 M * bjorn_ now it outputs nothing but "failed to start server"
1178055968 M * sid3windr try vserver --debug thingy start
1178055972 M * sid3windr maybe it says something useful
1178056052 M * bjorn_ very little
1178056683 M * bjorn_ blah, let's try to create another server
1178057900 N * Bertl_oO Bertl
1178057911 M * Bertl greetings folks!
1178058273 M * sid3windr heya
1178058283 M * Bertl bjorn_: having troubles?
1178058474 M * bjorn_ naah, not anymore it seems
1178058474 M * bjorn_ :)
1178058496 M * bjorn_ i trashed the readymade slack image and made my own arch one
1178058502 M * bjorn_ works like h*ll \o/
1178058532 M * Bertl ah, good! congrats then!
1178058559 M * sid3windr works like hull!
1178058604 M * Bertl that was hill, like in un*x :)
1178058629 M * bjorn_ :D
1178058668 M * sid3windr it's *nix usually isn't it? :P
1178058712 M * Bertl ah, k, then it must be hull, my fault *G*
1178058717 M * bjorn_ it should be called *n*x imo, so you could match linux or even anux
1178058718 M * sid3windr :-)
1178058727 M * sid3windr anux sounds gross
1178058757 M * sid3windr bjorn_: it still doesn't match solaris or bsd btw
1178058762 A * bjorn_ memos to himself the new name of his planned distro
1178058775 M * bjorn_ sid3windr: hmm...how about... *?
1178058781 M * bjorn_ let's call it *
1178058782 M * sid3windr a * box, yup
1178058787 M * sid3windr but that's asterisk, the open source pbx
1178058812 M * bjorn_ hmmm
1178058815 M * bjorn_ blerh
1178058818 M * sid3windr =)
1178058922 M * bjorn_ hmm
1178058967 M * bjorn_ Bcast:0.0.0.0  Mask:255.255.255.255
1178058969 A * bjorn_ wonders why 
1178059107 Q * yarihm Quit: Leaving
1178059223 Q * djbclark charon.oftc.net oxygen.oftc.net
1178059223 Q * nebuchadnezzar charon.oftc.net oxygen.oftc.net
1178059223 Q * svenk charon.oftc.net oxygen.oftc.net
1178059223 Q * glut charon.oftc.net oxygen.oftc.net
1178059223 Q * bXi charon.oftc.net oxygen.oftc.net
1178059223 Q * Bertl charon.oftc.net oxygen.oftc.net
1178059223 Q * eyck charon.oftc.net oxygen.oftc.net
1178059223 Q * harry charon.oftc.net oxygen.oftc.net
1178059239 J * svenk ~sven@pulsar.digital.udk-berlin.de
1178059239 J * Bertl herbert@IRC.13thfloor.at
1178059239 J * eyck ~eyck@nat.nowanet.pl
1178059239 J * bXi bluepunk@irssi.co.uk
1178059239 J * djbclark dclark@opensysadmin.com
1178059239 J * nebuchadnezzar ~nebu@zion.asgardr.info
1178059239 J * harry ~harry@d54C2508C.access.telenet.be
1178059239 J * glut glut@no.suid.pl
1178059325 M * bjorn_ wtf :|
1178059738 M * bjorn_ http://rafb.net/p/qGB9sb44.html someone explain that to me?
1178060337 M * bjorn_ anyway i'm going to bed, i'll but you about it again tomorrow i guess
1178060383 M * Bertl bjorn_: did you try with prefix?
1178060429 M * bjorn_ prefix is 24
1178060475 M * Bertl so you are setting mask/prefix and bcast?
1178060523 M * bjorn_ not at tne same time ofcourse
1178060540 M * bjorn_ but it gave the same results
1178060559 M * Bertl okay, could be a bug, what kernel/patch version?
1178060571 M * bjorn_ hold on
1178060592 M * bjorn_ 2.6.19.7-grsec2.1.10-vs2.2.0
1178060641 M * bjorn_ after changing stuff in /etc/vservers/*/*, is there anything else to be done other than restarting the vserver?
1178060853 M * Bertl nope
1178060878 M * Bertl on the host, what do you get from ifconfig |grep inet\ addr
1178061023 M * bjorn_           inet addr:172.30.0.10  Bcast:172.30.0.255  Mask:255.255.255.0
1178061061 M * Bertl so that gets overwritten by a 255.255.255.255 mask in your case?
1178061070 M * bjorn_ yes
1178061169 M * Bertl interesting ... sec
1178061216 M * Bertl seems to work perfectly fine here .. double checking now
1178061284 M * Bertl yep, positive ... you might try without grsec patches, just to make sure it is not grsec related
1178061293 M * bjorn_ gah
1178061296 M * bjorn_ tomorrow then.
1178061301 M * Bertl okay
1178061354 P * stefani I'm Parting (the water)
1178061899 J * toidinamai__ ~frank@i59F713BC.versanet.de
1178061932 M * Bertl wb toidinamai__!
1178062329 Q * toidinamai_ Ping timeout: 480 seconds
1178062615 Q * meandtheshel1 Quit: Leaving.