1179015380 J * jordi ~jordi@115.Red-213-96-69.staticIP.rima-tde.net 1179015532 Q * Guest126 Quit: Guest126 1179015913 M * jordi hey, let's see what people think bout this problem 1179015946 M * jordi I have this server, on a domain I don't control and with a single public IP address 1179015974 M * jordi I've started to migrate the old all-services-on-host to a vserver setup, little by little 1179016011 M * jordi I want a vserver for mail handling, but the box users are still on the hosts 1179016081 M * jordi the guest would have lists and postfix, and optimally would have no local users 1179016151 M * jordi the problem: how to make user mail hit the host's postfix, but have list mail be processed on the guest (and then re-sent to the hosts), having in mind I cannout use subdomains or anything, I just have on "real" hostname? 1179016186 M * jordi I had thought of redirecting port 25 to the guest, and then hacking around to get user mail back to the host 1179016202 M * jordi but I'm not sure if this is the easiest or if it'll be a mess 1179016219 M * daniel_hozac wouldn't it be easier to just move all of the mail handling to the guest? 1179016285 M * jordi Ie, the guest being the shell + mail vhost? 1179016303 M * jordi I wanted to have lists on one side and shell accounts on another 1179016319 Q * pmenier Ping timeout: 480 seconds 1179016324 M * jordi but if handling user mail is going to be messy, I can reconsider 1179016370 M * daniel_hozac well, having the first server forward to the list server which forwards back to the users just seems like a lot of steps. 1179016382 M * jordi yes 1179016388 M * jordi still, that'd be temporary 1179016413 M * jordi the final plan is that the host will have no services 1179016440 Q * edog Quit: ... 1179016442 M * jordi but yes, my idea involved a few hops between shell and mail 1179016459 M * jordi maybe I should reconsider for now 1179016481 M * daniel_hozac well, if you don't mind the hopping, i don't really see a problem with it. 1179016491 M * jordi it's not a big problem 1179016497 M * jordi it's local hops anyway 1179016528 M * jordi now, how to implement that? 1179016584 M * jordi ie, what's a good way of telling postfix "accept mail for these users that don't exist here, and then forward it to this other host"? it's not a simple $relay_domains job I guess 1179016605 M * daniel_hozac i have absolutely no idea. 1179016606 M * jordi does anyone here have a setup like this? 1179016631 M * daniel_hozac you might want to try #postfix at irc.freenode.net. 1179016698 M * jordi yeah 1179016700 M * jordi thanks daniel 1179016814 M * daniel_hozac you're welcome. 1179016823 M * transacid jordi: maybe doing it with a mysql db which contains the usernames 1179016852 M * jordi transacid: i guess a hashed text file would do too 1179016859 M * jordi we never add new users here anyway 1179016861 J * FireEgl FireEgl@Sebastian.Atlantica.US.TO 1179016867 M * jordi or maybe once every... 2 years 1179016894 M * transacid jordi: maybe, i dun have much experience with that, all i know is that postfix works well with mysql 1179017033 M * jordi nod 1179017632 Q * ktwilight_ Read error: Connection reset by peer 1179017698 J * ktwilight_ ~ktwilight@140.88-66-87.adsl-dyn.isp.belgacom.be 1179019072 Q * ktwilight_ Ping timeout: 480 seconds 1179019131 J * ktwilight ~ktwilight@114.112-66-87.adsl-dyn.isp.belgacom.be 1179019139 Q * bzed Remote host closed the connection 1179019976 J * ktwilight_ ~ktwilight@223.94-66-87.adsl-dyn.isp.belgacom.be 1179020275 Q * ktwilight Ping timeout: 480 seconds 1179020890 J * FCOJ ~mordur@dsl-201-4.hive.is 1179021107 J * ktwilight ~ktwilight@65.95-66-87.adsl-dyn.isp.belgacom.be 1179021133 Q * FCOJ 1179021148 J * FCOJ ~mordur@dsl-201-4.hive.is 1179021504 Q * ktwilight_ Ping timeout: 480 seconds 1179021531 Q * FCOJ Quit: Leaving 1179021546 J * FCOJ ~mordur@dsl-201-4.hive.is 1179021636 Q * FCOJ 1179021650 J * FCOJ ~mordur@dsl-201-4.hive.is 1179022414 J * ktwilight_ ~ktwilight@51.81-66-87.adsl-dyn.isp.belgacom.be 1179022704 Q * ktwilight Ping timeout: 480 seconds 1179023551 J * ktwilight ~ktwilight@96.94-66-87.adsl-dyn.isp.belgacom.be 1179023649 N * ensc Guest142 1179023659 J * ensc ~irc-ensc@p54B4E47C.dip.t-dialin.net 1179023767 Q * Guest142 Ping timeout: 480 seconds 1179023905 Q * ktwilight_ Ping timeout: 480 seconds 1179024727 J * ktwilight_ ~ktwilight@230.119-66-87.adsl-dyn.isp.belgacom.be 1179025109 Q * ktwilight Ping timeout: 480 seconds 1179025396 J * weasel_ weasel@asteria.debian.or.at 1179025397 Q * ktwilight_ Read error: Connection reset by peer 1179025421 J * ktwilight_ ~ktwilight@162.120-66-87.adsl-dyn.isp.belgacom.be 1179025469 Q * weasel Ping timeout: 480 seconds 1179025470 N * weasel_ weasel 1179025951 Q * ktwilight_ Remote host closed the connection 1179025988 J * ktwilight_ ~ktwilight@162.120-66-87.adsl-dyn.isp.belgacom.be 1179026800 N * micah_ micah 1179027158 J * ktwilight ~ktwilight@89.65-66-87.adsl-dyn.isp.belgacom.be 1179027251 Q * micah Remote host closed the connection 1179027260 J * micah ~micah@micah.riseup.net 1179027262 Q * micah Remote host closed the connection 1179027282 J * micah ~micah@micah.riseup.net 1179027512 Q * ktwilight_ Ping timeout: 480 seconds 1179028329 J * ktwilight_ ~ktwilight@128.124-66-87.adsl-dyn.isp.belgacom.be 1179028648 Q * FCOJ Quit: Leaving 1179028709 Q * ktwilight Ping timeout: 480 seconds 1179029530 J * ktwilight ~ktwilight@114.117-66-87.adsl-dyn.isp.belgacom.be 1179029914 Q * ktwilight_ Ping timeout: 480 seconds 1179030351 Q * micah Quit: leaving 1179030368 J * micah ~micah@micah.riseup.net 1179030787 J * ktwilight_ ~ktwilight@24.126-66-87.adsl-dyn.isp.belgacom.be 1179030885 M * Bertl off to bed now ... have a good one everyone! 1179030891 N * Bertl Bertl_zZ 1179031084 Q * ktwilight Ping timeout: 480 seconds 1179031920 J * ktwilight ~ktwilight@104.126-66-87.adsl-dyn.isp.belgacom.be 1179032287 Q * ktwilight_ Ping timeout: 480 seconds 1179032564 J * ktwilight_ ~ktwilight@54.192-66-87.adsl-static.isp.belgacom.be 1179032917 Q * ktwilight Ping timeout: 480 seconds 1179033137 J * ktwilight ~ktwilight@248.120-66-87.adsl-dyn.isp.belgacom.be 1179033517 Q * ktwilight_ Ping timeout: 480 seconds 1179034689 Q * ktwilight Ping timeout: 480 seconds 1179034706 J * ktwilight ~ktwilight@89.194-66-87.adsl-static.isp.belgacom.be 1179035890 Q * ktwilight Ping timeout: 480 seconds 1179038833 J * ktwilight ~ktwilight@132.199-66-87.adsl-static.isp.belgacom.be 1179039134 J * ktwilight_ ~ktwilight@210.201-66-87.adsl-static.isp.belgacom.be 1179039514 Q * ktwilight Ping timeout: 480 seconds 1179040058 J * ktwilight ~ktwilight@121.95-66-87.adsl-dyn.isp.belgacom.be 1179040116 Q * ktwilight_ Ping timeout: 480 seconds 1179040445 Q * FireEgl Ping timeout: 480 seconds 1179042196 A * sid3windr hits ktwilight 1179045111 Q * DavidS Ping timeout: 480 seconds 1179046260 Q * lyli1 Ping timeout: 480 seconds 1179046978 J * bonbons ~bonbons@ppp-110-95.adsl.restena.lu 1179047677 N * weasel test 1179047679 N * test weasel 1179049979 J * juuva juuva@89.236.101.141 1179053947 M * waldi hmm, i can't set io nice levels within a vserver? 1179053949 J * ema ~ema@rtfm.galliera.it 1179053965 M * waldi SYS_251(0x1, 0, 0x6007, 0, 0x2) = -1 EPERM (Operation not permitted) 1179054117 M * bonbons waldi: you can just reduce priority... (increase nice-ness) this unless you changed something to guest's BCAPS 1179054154 M * waldi i want to set the class to idle. which reduces the priority as the default is best-efort 1179054571 M * bonbons that should work 1179054615 M * waldi at least not with this version 1179054654 M * bonbons check the mailinglist archive and irc log, nice-ness problems were already discussed... (just don't remember when it was) 1179055304 J * rgl ~Rui@84.90.10.107 1179055980 Q * click_ Ping timeout: 480 seconds 1179056011 M * rgl good morning 1179056053 J * click click@ti511110a080-0476.bb.online.no 1179056081 M * rgl you known how to build ubuntu edgy (6.10) bind9 inside a guest? I've disabled the threads, and the linux caps, but it fails to create the binary package :( 1179056411 J * bzed ~bzed@dslb-084-059-108-031.pools.arcor-ip.net 1179060562 M * daniel_hozac rgl: how come? 1179060573 Q * ema Quit: leaving 1179060866 J * phedny_ ~mark@ip56538143.direct-adsl.nl 1179061264 Q * phedny Ping timeout: 480 seconds 1179061281 Q * rgl Ping timeout: 480 seconds 1179061649 M * daniel_hozac waldi: you need CAP_SYS_ADMIN to set it to idle. 1179061840 M * waldi hmm 1179061847 M * waldi this is bad 1179061895 M * daniel_hozac yes, it is. 1179061913 M * daniel_hozac but i'm sure mainline has some sort of reason for that. 1179062501 J * FireEgl FireEgl@4.0.0.0.1.0.0.0.c.d.4.8.0.c.5.0.1.0.0.2.ip6.arpa 1179063756 M * waldi hmm, it seems that nfs4 even survive an ip change 1179063917 J * rgl ~Rui@84.90.10.107 1179063946 M * rgl hi daniel_hozac 1179063962 M * rgl daniel_hozac, http://id.ruilopes.com/typescript.txt 1179063973 M * rgl daniel_hozac, I get that error when building it :( 1179063985 M * rgl daniel_hozac, I'll try using pbuilder. 1179064015 M * rgl I can't even build the unchanged bind9 package. 1179064421 N * Bertl_zZ Bertl 1179064432 M * Bertl good morning! 1179064602 Q * meandtheshel1 Remote host closed the connection 1179064634 M * waldi daniel_hozac: the best-effort prio is directly mapped from the cpu nice level 1179064644 J * meandtheshell ~markus@85-124-36-228.dynamic.xdsl-line.inode.at 1179064658 M * waldi but no sign why idle needs admin 1179064673 M * Bertl idle? 1179064688 M * daniel_hozac ioprio class idle requires CAP_SYS_ADMIN. 1179064701 M * Bertl ah 1179065960 M * waldi Don't allow normal users to set idle IO priority 1179065960 M * waldi 1179065960 M * waldi It has all the normal priority inversion problems. 1179066022 M * Bertl so you know now :) 1179066037 M * waldi yep 1179066845 N * phedny_ phedny 1179067332 M * rgl oh, pbuilder does not work inside a guest. I'm stuck... can't recompile bind9 :( 1179067979 M * Bertl what is pbuilder? 1179068163 M * rgl Bertl, is a software that create a chroot for building debian packages in a clean/minimal environment 1179068204 M * rgl Bertl, I'm trying to use it to build bind9. which is not builing using the normal dpkg-buildpackage tool :( 1179068258 J * yarihm ~yarihm@84-74-20-183.dclient.hispeed.ch 1179068283 Q * meandtheshell Remote host closed the connection 1179068285 M * Bertl where does chroot building fail? 1179068319 M * rgl I can't tell :( 1179068321 M * rgl I: Extracting zlib1g... 1179068321 M * rgl pbuilder: debootstrap failed 1179068321 M * rgl -> Aborting with an error 1179068323 M * waldi it wants to mount proc AFAIK 1179068329 M * waldi uh, sarge? 1179068345 M * rgl thats the message it shows. it doesn't show any error at all, just that "abort with an error" thing 1179068369 M * rgl actually, I'm using ubuntu edgy (6.10) 1179068398 M * Bertl well, ubuntu is very strange :) 1179068408 M * waldi ubuntu is too broken to be supported 1179068441 M * rgl "strange", "broken", what you guys mean? 1179068462 M * Bertl well, ubuntu was not even able to compile the tools correctly IIRC 1179068472 M * Bertl because the compiler ignores certain switches :) 1179068502 M * rgl thats is odd. its the normal gcc. 1179068508 M * waldi no, patched 1179068522 M * Bertl yeah, quite some patches 1179068549 J * meandtheshell ~markus@85-124-36-228.dynamic.xdsl-line.inode.at 1179068552 M * rgl so they added a patch to remove features? that sound even stranger 1179068591 M * Bertl as I said, ubuntu is weird ... 1179068646 A * waldi goes back documenting debian infrastructure ... 1179068661 M * rgl ok. but that really does not solve my problem hehe 1179068695 M * Bertl rgl: well, first, try to figure _what_ fails 1179068720 M * Bertl could be a proc mount or something completely different 1179068722 M * waldi Bertl: mount -t proc none $chroot/proc 1179068739 M * waldi it is one 1179068741 M * Bertl that could be given for a certain guest 1179068800 M * rgl Bertl, I'm trying to figure it out. so far no luck :/ 1179068839 M * Bertl rgl: enable the logging/debug facility of your pbuilder tool? 1179068841 M * waldi Bertl: hmm, what was the setting to ignore the priority setup from bind= 1179068864 M * Bertl waldi: shouldn't be necessary anymore (--disable-linux-caps or so) 1179068885 M * waldi not if i don't want to recompile bind 1179068985 M * Bertl hmm? 1179069078 J * lylix ~eric@dynamic-acs-24-154-33-109.zoominternet.net 1179069180 M * daniel_hozac waldi: you don't have to. 1179069185 M * waldi hmm 1179069204 M * daniel_hozac bind9 just works OOTB with 2.1.1+ 1179069229 M * waldi okay 1179070182 Q * meandtheshell Quit: Leaving. 1179070262 J * meandtheshel1 ~markus@85-124-36-228.dynamic.xdsl-line.inode.at 1179073872 Q * ktwilight Quit: dead 1179073979 J * dna ~naucki@235-212-dsl.kielnet.net 1179074403 J * {marcz} ~marc@lns-bzn-47f-81-56-187-30.adsl.proxad.net 1179075181 Q * ag- Quit: Moving to another host... 1179075216 J * ag- ~ag@fedaykin.roxor.cx 1179078019 Q * shedi Quit: Leaving 1179079034 J * rgl_ ~Rui@84.90.10.107 1179079419 Q * rgl Ping timeout: 480 seconds 1179080362 M * nebuchadnezzar hi 1179080364 M * {marcz} Abeginner question: How to use a soundcard in vserver (no dev -> no sound!), I cannot find any doc? 1179080379 M * daniel_hozac how do you use it on the host? 1179080381 M * daniel_hozac ALSA? 1179080395 M * {marcz} Yes alsa 1179080409 M * daniel_hozac so, just cp -a /dev/snd /vservers//dev on the host. 1179080533 M * {marcz} Thanks I try, is it a safe way for devs? I have many problem with it, example: /dev/console 1179080559 M * daniel_hozac any device node you add adds a potential security risk. 1179080562 J * shedi ~siggi@ftth-237-144.hive.is 1179080567 M * daniel_hozac why would you give a guest /dev/console? 1179080709 M * {marcz} Because some init scripts write to it (in ubuntu), and It would need otherwise to check the scripts one by one, I don't need to give access to /dev/console but I would like to redirect /dev/console to a pipe to logger 1179080774 M * daniel_hozac so just create a pipe there? 1179080929 M * {marcz} What do you mean, to create a pipe named /vservers//dev/console, but I would also need some daemon, or may be it is possible with syslog-ng to declare it as source? 1179080945 M * daniel_hozac yep. 1179081242 M * {marcz} For the sound, I have tried with dsp (because I did not have yet installed alsa in guest) and it works, thanks daniel. 1179081849 M * nebuchadnezzar kernel sparce nfsd is ok inside a vserver ? according to http://www.paul.sladen.org/vserver/archives/200408/0071.html 1179081921 M * daniel_hozac i don't think so 1179081924 M * daniel_hozac but try it. 1179081939 M * daniel_hozac (i'd assume it tries to create kernel threads though, which is disallowed inside a guest) 1179081994 M * mjt and the reason to run knfsd "in" a guest is? 1179082112 M * nebuchadnezzar mjt: running less services on the host ? ;-) 1179082135 M * mjt knfsd is in kernel, and with vserver, there's only one kernel 1179082138 M * daniel_hozac it'd still be running in kernel space, and thus have privileged access. 1179082159 M * nebuchadnezzar ok 1179082169 M * mjt vserver guest/non-guest separation is about userspace, not kernelspace 1179082186 M * mjt well 1179082191 M * mjt i wonder 1179082204 M * mjt which filesystem namespace is used for kernel threads? :) 1179082212 M * {marcz} What about nfs client? 1179082222 M * daniel_hozac kernel threads cannot be spawned from inside a guest anyhow. 1179082227 M * mjt ditto for client {marcz} 1179082240 M * mjt daniel_hozac: it was a more generic question ;) 1179082285 M * mjt with all the namespace games, it becomes far less obvious where knfsd (and other kernel threads) is... ;) 1179082513 M * mjt heh 1179082540 M * mjt creating a new namespace, mounting a directory within it, and exporting that directory -- knfsd doesn't see it. 1179082577 M * daniel_hozac as is to be expected. 1179084646 M * mjt i don't entirely agree it's expected 1179084674 M * mjt two points 1179084692 M * daniel_hozac kernel threads ought to run in the initial namespace. 1179084700 M * daniel_hozac +s 1179084713 M * mjt first, when exporting the dir, knfsd knows from which namespace the directory has been exported 1179084727 M * mjt and it can use that info 1179084760 M * mjt second, there are two different cases: starting knfsd while in this new namespace, or starting it before entering this namespace 1179084783 M * mjt in any way, that's one of "corner cases" 1179084795 M * daniel_hozac either way, kernel threads shouldn't care about the namespaces of the caller. 1179084818 M * mjt heh. depends on who you ask. 1179084853 M * mjt if you're asking a guy who can't figure out why his exports done in a separate namespace doesn't work... ;) 1179084884 M * daniel_hozac so how would you handle multiple exports done from separate namespaces? 1179084897 M * mjt confusing it is somewhat, and funny. And useful. And questionable. 1179084918 M * daniel_hozac you're just getting yourself into a terrible mess by caring about the caller. 1179084937 M * mjt see above: knfsd can keep both exported directory AND the namespace it has been exported from in its export list. 1179084949 M * mjt yes 1179084955 J * ema ~ema@rtfm.galliera.it 1179084970 M * mjt i'm not suggesting it SHOULD be done this way - not at all. Just one possibility. 1179084998 M * mjt (and i don't know how it's done now, to start with ;) 1179085013 M * mjt (nor do i care.. for now :) 1179085035 M * mjt exec su - 1179085038 M * mjt err 1179085130 Q * ema 1179086005 Q * meandtheshel1 Quit: Leaving. 1179086662 J * rgl ~Rui@84.90.10.107 1179086843 M * rgl oh well, I was able to build the bind9 package in the host. itdoesn't build inside the guest. 1179087034 Q * rgl_ Ping timeout: 480 seconds 1179087474 J * rgl_ ~Rui@84.90.10.107 1179087584 Q * rgl Ping timeout: 480 seconds 1179087744 Q * Hollow Ping timeout: 480 seconds 1179087775 Q * phreak`` Ping timeout: 480 seconds 1179087971 M * {marcz} My chbind does not work, answer chbind: kernel does not provide network virtualization 1179087990 M * {marcz} Do you know what I missed in kernel config? 1179087991 M * daniel_hozac what kernel? 1179088002 M * {marcz} 2.6.20 1179088009 M * daniel_hozac did you enable the legacy version id? 1179088017 M * {marcz} No 1179088037 M * daniel_hozac so what does vserver-info say? 1179088042 M * {marcz} It is said obsolete 1179088045 M * daniel_hozac (paste to paste.linux-vserver.org) 1179088245 M * {marcz} Ok: http://paste.linux-vserver.org/1791 1179088696 M * daniel_hozac what does cat /proc/virtual/info say? 1179088742 M * {marcz} $ cat /proc/virtual/info 1179088743 M * {marcz} VCIVersion: 0002:0200 1179088743 M * {marcz} VCISyscall: 273 1179088743 M * {marcz} VCIKernel: 030007f1 1179088811 M * daniel_hozac what does strace vserver-info say? 1179088960 M * {marcz} I compile strace, then I answer ! 1179089004 M * daniel_hozac looks like the utils aren't able to make syscalls though 1179089176 M * {marcz} Sorry I'm stupid, I have mistaken the console where I did the test, this error was on a non root user! 1179089203 M * {marcz} The proper error message is ncontext: vc_net_create(): Invalid argument 1179089242 M * daniel_hozac that just means you didn't specify a static context id. 1179089401 M * {marcz} Yes it works with --nid, the error was with --ip 1179089436 M * {marcz} chbind --ip 192.168.1.17 echo foo 1179089462 M * {marcz} ncontext: vc_net_create(): Invalid argument 1179089728 M * {marcz} daniel_hozac: But It is ok to use nid, thank you very much, I beg your pardon for my previous erroneous error 1179089957 Q * dna Quit: Verlassend 1179089987 J * Aiken ~james@121.45.222.137 1179090074 J * ktwilight ~ktwilight@121.95-66-87.adsl-dyn.isp.belgacom.be 1179090405 J * tuxmania ~bonbons@158.64.111.44 1179090713 Q * tuxmania Quit: Leaving 1179090827 Q * bonbons Ping timeout: 480 seconds 1179090924 Q * {marcz} Quit: bye 1179091560 J * Hollow ~hollow@styx.xnull.de 1179095512 J * ema ~ema@rtfm.galliera.it 1179095557 Q * ema 1179096103 M * Bertl Hollow: ping? 1179098066 J * comfrey ~comfrey@adsl-065-013-221-124.sip.rdu.bellsouth.net 1179099137 Q * bzed Quit: Leaving