1182125069 Q * DreaM[BrB] Quit: ][DreaM-ScripT][ 1182125743 Q * rob-84x^ Read error: Connection reset by peer 1182126525 M * mugwump anyone know where the util-vserver in lenny puts the /etc/vservers/* files ? 1182126582 Q * bXi Ping timeout: 480 seconds 1182127361 J * DoberMann_ ~james@AToulouse-156-1-54-214.w90-16.abo.wanadoo.fr 1182127470 Q * DoberMann[ZZZzzz] Ping timeout: 480 seconds 1182127791 Q * MooingLemur Quit: Leaving 1182128381 J * bXi bluepunk@irssi.co.uk 1182128452 M * Bertl okay, kind of tired ... so off to bed now ... have a good one everyone! cya! 1182128457 N * Bertl Bertl_zZ 1182128503 M * Bertl_zZ linux 1182129459 Q * infowolfe_ Ping timeout: 480 seconds 1182131458 J * finlay ~finlay@202.78.240.7 1182131486 M * finlay Hi, I m having trouble with a debian installation 1182131512 M * finlay trouble is that debian installs conf in /etc/vservers 1182131539 M * finlay but something is looking in /usr/local/etc/vservers 1182131541 M * finlay any ideas ? 1182132267 M * finlay hello ? 1182132577 Q * finlay Read error: Connection reset by peer 1182132628 J * finlay ~finlay@leibniz.catalyst.net.nz 1182132732 M * finlay ok 1182132753 M * finlay problem resolved, I had a pre existing installation in /usr/local/lib :-( 1182133424 P * finlay 1182133787 J * finlay ~finlay@leibniz.catalyst.net.nz 1182135632 Q * lylix Remote host closed the connection 1182139696 Q * Rich_Estill resistance.oftc.net synthon.oftc.net 1182139696 Q * mugwump resistance.oftc.net synthon.oftc.net 1182139696 Q * hallyn resistance.oftc.net synthon.oftc.net 1182139696 Q * mstrobert resistance.oftc.net synthon.oftc.net 1182139696 Q * micah resistance.oftc.net synthon.oftc.net 1182139696 Q * dilinger resistance.oftc.net synthon.oftc.net 1182139696 Q * Aiken resistance.oftc.net synthon.oftc.net 1182139696 Q * AndrewLee resistance.oftc.net synthon.oftc.net 1182139696 Q * phreak`` resistance.oftc.net synthon.oftc.net 1182139696 Q * hardwire resistance.oftc.net synthon.oftc.net 1182139696 Q * jkl resistance.oftc.net synthon.oftc.net 1182139696 Q * FloodServ resistance.oftc.net synthon.oftc.net 1182139710 J * Rich_Estill ~restill@c-24-11-195-139.hsd1.mi.comcast.net 1182139710 J * dilinger ~dilinger@mail.queued.net 1182139710 J * mugwump ~samv@watts.utsl.gen.nz 1182139710 J * mstrobert ~mstrobert@wkstn.wycliffe.ca 1182139710 J * micah ~micah@micah.riseup.net 1182139710 J * hallyn ~xa@adsl-75-0-158-74.dsl.chcgil.sbcglobal.net 1182139710 J * Aiken ~james@ppp121-45-250-169.lns2.bne4.internode.on.net 1182139710 J * FloodServ services@services.oftc.net 1182139710 J * jkl jkl@c-67-173-253-237.hsd1.co.comcast.net 1182139710 J * hardwire ~bip@rdbck-3765.palmer.mtaonline.net 1182139710 J * phreak`` ~phreak``@deimos.barfoo.org 1182139710 J * AndrewLee ~andrew@flat.iis.sinica.edu.tw 1182141609 P * finlay 1182142586 J * hallyn_ ~xa@adsl-75-0-146-157.dsl.chcgil.sbcglobal.net 1182142969 Q * hallyn Ping timeout: 480 seconds 1182144734 Q * ruskie Read error: Connection reset by peer 1182145336 N * DoberMann_ DoberMann 1182146293 J * lylix ~eric@dynamic-acs-24-154-33-109.zoominternet.net 1182146641 J * sharkjaw ~gab@158.36.45.236 1182146670 N * Bertl_zZ Bertl 1182146674 M * Bertl morning folks! 1182146940 M * neuralis morning bertl 1182147068 M * Bertl hey neuralis! how's going? 1182147146 J * infowolfe ~infowolfe@c-24-10-147-179.hsd1.ut.comcast.net 1182147154 M * neuralis eh, just flew back into town on a late flight, and then it took 1.5 hrs for the airline to establish they've lost my luggage and have *no* idea what happened to it. i've had better days :) 1182147193 M * Bertl been there, done that, didn't bother to get the t-shirt :) 1182147215 M * Bertl luckily for me, they found it the next day ... 1182147404 M * neuralis these guys are so painfully disorganized that i'm not particularly hopeful :/ 1182147449 M * Bertl ah, well, let's hope for the best ... 1182147795 N * DoberMann DoberMann[PullA] 1182148108 J * infowolfe_ ~infowolfe@c-76-23-11-30.hsd1.ut.comcast.net 1182148238 J * _jthm_ ~infowolfe@c-76-23-11-30.hsd1.ut.comcast.net 1182148238 Q * infowolfe_ Read error: Connection reset by peer 1182148249 Q * _jthm_ 1182148544 Q * infowolfe Ping timeout: 480 seconds 1182149034 J * dna ~naucki@21-196-dsl.kielnet.net 1182149106 J * infowolfe ~infowolfe@c-76-23-11-30.hsd1.ut.comcast.net 1182149253 Q * infowolfe 1182149326 J * infowolfe ~infowolfe@c-24-10-147-179.hsd1.ut.comcast.net 1182150039 Q * dlezcano1 Ping timeout: 480 seconds 1182150074 Q * infowolfe Ping timeout: 480 seconds 1182150155 J * infowolfe ~infowolfe@c-24-10-147-179.hsd1.ut.comcast.net 1182150291 Q * infowolfe 1182150315 J * infowolfe ~infowolfe@c-76-23-11-30.hsd1.ut.comcast.net 1182150357 J * ruskie ruskie@ruskie.user.oftc.net 1182150373 Q * sladen Ping timeout: 480 seconds 1182150493 J * bonbons ~bonbons@2001:5c0:85e2:0:20b:5dff:fec7:6b33 1182150580 J * dlezcano1 ~dlezcano1@AToulouse-252-1-12-52.w82-125.abo.wanadoo.fr 1182151011 J * chand ~chand@ATuileries-151-1-95-40.w90-24.abo.wanadoo.fr 1182151045 Q * chand 1182151313 J * sladen paul@starsky.19inch.net 1182151777 J * chand ~chand@212.99.51.254 1182152683 Q * meandtheshell Quit: Leaving. 1182153614 Q * dna Ping timeout: 480 seconds 1182154323 J * dna ~naucki@114-223-dsl.kielnet.net 1182156200 M * awk bonjour ? 1182156220 M * Bertl hey awk! 1182157442 M * Bertl nap attack ... back later ... 1182157454 N * Bertl Bertl_zZ 1182158582 J * infowolfe_ ~infowolfe@c-76-23-11-30.hsd1.ut.comcast.net 1182158582 Q * infowolfe Read error: Connection reset by peer 1182158590 N * infowolfe_ infowolfe 1182159949 Q * ktwilight_ Remote host closed the connection 1182160020 J * ktwilight ~ktwilight@57.75-66-87.adsl-dyn.isp.belgacom.be 1182160423 J * pmenier ~pmenier@LNeuilly-152-22-72-5.w193-251.abo.wanadoo.fr 1182160743 J * Piet hiddenserv@tor.noreply.org 1182164598 Q * Piet Ping timeout: 480 seconds 1182164953 J * Piet hiddenserv@tor.noreply.org 1182166376 Q * pmenier Read error: Connection reset by peer 1182167022 J * lilalinux ~plasma@dslb-084-058-192-061.pools.arcor-ip.net 1182168161 Q * Piet Remote host closed the connection 1182168237 J * pmenier ~pmenier@LNeuilly-152-22-72-5.w193-251.abo.wanadoo.fr 1182168246 J * Piet hiddenserv@tor.noreply.org 1182169394 Q * Aiken Quit: Leaving 1182170288 Q * Piet Ping timeout: 480 seconds 1182170479 J * Piet hiddenserv@tor.noreply.org 1182170651 J * infowolfe_ ~infowolfe@c-76-23-11-30.hsd1.ut.comcast.net 1182171056 Q * infowolfe Ping timeout: 480 seconds 1182172590 Q * sharkjaw Quit: Leaving 1182172800 J * ema ~ema@rtfm.galliera.it 1182174645 J * Piet_ hiddenserv@tor.noreply.org 1182174663 Q * Piet Remote host closed the connection 1182175730 J * mfischer ~chatzilla@mail.netcare.at 1182175734 M * mfischer hi 1182175747 M * mfischer hmmm 1182175803 M * mfischer I'm trying to start syslog-ng inside a vserver but always get: Error opening file /proc/kmsg for reading (Operation not permitted) 1182175825 M * mfischer This system acually works when used from within a chroot, any ideas what could be wrong? 1182175840 M * mfischer The permissions are: -r-------- 1 root root 0 Jun 18 15:27 /proc/kmsg 1182175948 A * mfischer wonders whether he's the last man on this er^H^Hchannel 1182176035 M * bonbons mfischer: disable the line in syslog-ng config that asks it to read kernel messages 1182176112 M * bonbons access to kernel messages is denied from within a guest, read it from host 1182176121 M * mfischer bonbons: but won't I miss (maybe) important information? The line reads: source src { unix-stream("/dev/log"); internal(); file("/proc/kmsg" log_prefix("kernel: ")); }; , so I would just remove file(..kmsg); ? 1182176135 Q * Piet_ Remote host closed the connection 1182176188 M * mfischer bonbons: does it make sense anyway to read the messages within a guest? 1182176196 J * Piet_ hiddenserv@tor.noreply.org 1182176253 M * bonbons from withing a guest it makes sense to read userspace messages, but not kernel messages. Kernel messages are handled by the host. 1182176318 M * bonbons the reason is that kernel messages may contain sensitive information that belongs to some guest and thus should not be exposed to a random guest 1182176343 M * mfischer alright. I think I got it. I probably never thought about that when setting up the chroots. thanks! 1182176558 M * bonbons you're welcome 1182177233 J * fatgoose ~samuel@76-10-151-95.dsl.teksavvy.com 1182177239 N * fatgoose samueltc 1182177252 M * mfischer Did I already mention that vserver is awesome? The only comment I've: 16mb /tmp space is damn small. I've almost always ran into troubles because it's too low :) 1182177279 M * samueltc you can change it in etc/vservers//fstab 1182177313 M * mfischer yup, I know. I just managed to almost always forgot it *before* starting the vservers ... 1182177642 Q * FireEgl Ping timeout: 480 seconds 1182177695 J * sauron ~zeus16384@12.20.4.100 1182177703 M * sauron hi all 1182177764 M * sauron does anyone know of a way to control load on a vserver'd machine? I mean I overloaded it and I can't get control back. was wonderng if there is a way to give priority to the host machine so it can always kill stuff that overloads everything? 1182177806 M * samueltc maybe that can help: http://oldwiki.linux-vserver.org/vsched+explained 1182177832 J * kdean06 ~kdean06@pool-70-18-228-57.res.east.verizon.net 1182177862 Q * bonbons Ping timeout: 480 seconds 1182177946 M * sauron thanks I check. some memory killer (oom) started to kill my proc's one by one finally but I am looking for a more elegant way to control resources 1182178437 Q * mfischer Quit: ChatZilla 0.9.78.1 [Firefox 2.0.0.4/2007051502] 1182178472 J * bonbons ~bonbons@ppp-111-220.adsl.restena.lu 1182178526 M * sauron later 1182178532 P * sauron 1182178712 M * kdean06 I'm attempting to migrate a physical server to a vserver and when attempting to start I get a message about /etc/rc.d/rc 3 failing, which recommends appending true to the file. This didn't help, so I checked the mailing list. It tells me to chroot into the guest but when i try it can't find /bin/bash which I've confirmed exists... Can anyone help me get this working? 1182178794 J * yarihm ~yarihm@whitehead2.nine.ch 1182178839 J * FireEgl FireEgl@Atlantica.Inet6.Info 1182178873 Q * bonbons Quit: Leaving 1182178878 J * bonbons ~bonbons@2001:5c0:85e2:0:20b:5dff:fec7:6b33 1182179051 M * kdean06 Oh, I think I have the problem... 1182179529 J * markus__ ~chatzilla@mail.netcare.at 1182179670 M * markus__ Hi, me again :) I was wondering where I've to put what so that the vservers I specify get automatically started at boot time? I looked into /etc/vserver 1182179675 M * markus__ but found nothing 1182180124 M * bonbons markus__: echo default > /etc/vservers/${guest}/apps/init/mark 1182180147 M * markus__ oh 1182180148 M * bonbons that should tell the util-vserver init-script to start it automatically 1182180180 M * markus__ I found some hints that it would be /etc/vservers/.conf containing ONBOOT but at the same time the information looked outdated 1182180182 M * bonbons all content of /etc/vservers/${guest}/ should be described on the great flower page (is also on the wiki) 1182180237 M * markus__ http://www.nongnu.org/util-vserver/doc/conf/configuration.html gives error500, the link is from http://linux-vserver.org/Frequently_Asked_Questions#What_is_the_.22great_flower_page.22.3F 1182180337 N * Bertl_zZ Bertl 1182180337 J * stefani ~stefani@flute.radonc.washington.edu 1182180350 M * Bertl back again ... 1182180384 M * Bertl hey stefani! 1182180391 M * stefani hey. 1182180405 M * Bertl markus__: sounds like a savannah problem ,sec 1182180565 M * Bertl markus__: yep, either that or the docs were moved around somehow, I guess daniel_hozac and/or ensc will look into that when they return 1182180625 M * Bertl kdean06: problem resolved? 1182180662 M * kdean06 Bertl, Not exactly, but I think I know what it was. I messed up the rsync. I'm redoing it now and hopefully it'll work. 1182180690 M * bonbons markus__: see also http://linux-vserver.org/util-vserver:Documentation 1182180705 M * Bertl kdean06: you probably lost suid stuff, yes? 1182180776 M * Bertl dilinger: anything you need, or is everything fine? 1182180781 M * kdean06 I messed up a lot. :) So the answer there is "probably". 1182181294 M * Bertl okay, rsync -axHP is a good start 1182181317 M * Bertl kdean06: note that recent tools have an rsync build option too 1182181387 Q * ruskie Read error: Connection reset by peer 1182181698 M * markus__ Thanks to everyone for helping :) bye 1182181713 M * Bertl markus__: cya! 1182181723 Q * markus__ Quit: ChatZilla 0.9.78.1 [Firefox 2.0.0.4/2007051502] 1182182533 Q * ensc Ping timeout: 480 seconds 1182183931 M * yarihm i've seen that there is a line "$_ENV -i "${OPTS_ENV[@]}" in /usr/lib/util-vserver/vserver.start . In order to get OpenSuSE to work, i'll have to set "$_ENV -i -- PREVLEVEL="N" RUNLEVEL="$RUNLEVEL_START"" ... is there a way to do that without patching? it seems to me that the content of the environment is customizable, but when trying to edit /etc/vservers/opensuse/apps/init/environment and setting those two Vars it does not work. any pointers? daniel 1182183931 M * yarihm _hozac maybe? 1182183961 M * yarihm daniel_hozac, sorry, your name was just wrapped, i doubt that highlights 1182184873 M * sid3windr :p 1182185131 M * Bertl yarihm: IIRC, that was discussed yesterday .. and it is considered a missing feature/bug? in util-vserver 1182185161 M * Bertl yarihm: daniel_hozac should be back later today, I guess, maybe check out the SVN? 1182185329 J * ruskie ruskie@ruskie.user.oftc.net 1182185867 Q * pmenier Quit: pmenier 1182185997 M * yarihm i'll ask him directly then, i'll be back later today as well. thanks for the hint 1182186007 M * yarihm cu guys 1182186008 Q * yarihm Quit: Leaving 1182186253 M * matti HI Bertl 1182186323 M * Bertl hey matti! everything fine? 1182186362 M * matti Yes! How are you? 1182186507 Q * lilalinux Remote host closed the connection 1182186524 M * Bertl fine fine .. lot of work but I'm used to that :) 1182186612 M * matti :) 1182186623 M * matti I have just started driving lessons ;p 1182186647 M * matti I was a bit confused today ;p Driving on the "other" siede of the road is a fun :) 1182186734 M * Bertl hehe, yeah I'm sure that is funny :) 1182186761 M * matti Yeah... especially when you tried to change gear with right hand ;p 1182186792 M * matti I hope, I will use to it ;p 1182186793 M * matti ;] 1182187345 Q * ruskie Read error: Connection reset by peer 1182187472 M * Guy- I spent two weeks driving through the UK last year, but in my own, steering-left car :) 1182187493 M * Guy- they have so many roundabouts there that even after getting back I had to stop myself going left in roundabouts :) 1182187909 M * matti Hahaha. 1182187913 M * matti That's true. 1182187913 M * matti ;] 1182187928 Q * chand Quit: chand 1182188055 J * duckx ~Duck@tox.dyndns.org 1182188150 Q * dna Quit: Verlassend 1182188593 J * huiz ~gerrit@bi01p2.co.us.ibm.com 1182188599 N * huiz gerrit 1182188953 M * Bertl Guy-: roundabouts were cheap in austria a few years ago too .. so we have quite a number of them :) 1182188972 M * Guy- Bertl: trust me on this. The British have more. :) 1182189000 M * Guy- almost every crossroads almost everywhere is a roundabout, often with just a white dot in the middle to drive around :) 1182189004 M * Bertl yeah, I know ... 1182189105 M * Guy- some towns in Hungary that are doing well for some reason are investing their money in roundabouts too, and the density of roundabouts there is actually comparable to the British average :) 1182189126 M * Guy- (but still below it, I guess :) 1182189146 M * Guy- and nowhere else have I seen a system of roundabouts (only in the UK) 1182189179 M * Guy- a big intersection of, I don't know, 7 or 9 roads, with a system of small roundabouts forming a big roundabout 1182189187 M * Guy- talk about confusing... 1182189233 M * Guy- but it was fun :) 1182189647 Q * FireEgl Ping timeout: 480 seconds 1182189848 Q * bonbons Ping timeout: 480 seconds 1182190354 Q * ema Quit: leaving 1182190448 J * ruskie ruskie@ruskie.user.oftc.net 1182190451 J * FireEgl FireEgl@4.0.0.0.1.0.0.0.c.d.4.8.0.c.5.0.1.0.0.2.ip6.arpa 1182190454 J * bonbons ~bonbons@ppp-111-220.adsl.restena.lu 1182191186 M * matti Guy-: I think, that Japan is also filled with roundabouts. 1182191200 M * Guy- and they also drive on the left, I think 1182191204 M * Guy- coincidence? :) 1182191492 M * matti Of course ;-p 1182191494 M * matti :))))) 1182191528 M * matti The funniest thing I saw is.... 1182191547 M * matti One roundabout passing you to another... that ends with ANOTHER :) 1182191575 M * matti How bizzare is that? :) 1182192287 M * mstrobert at that point they're just giving you the roundabout. or is that run-around. 1182192625 J * ensc ~irc-ensc@p54B4E7A8.dip.t-dialin.net 1182193022 J * Solaris ~satan@89.155.106.6 1182193212 M * Bertl wb Solaris! 1182193222 M * Solaris hello 1182193484 J * [BiG^BrotheR] ~Dr-DreaM@84.23.96.253 1182193515 M * Bertl wb [BiG^BrotheR]! 1182193522 M * [BiG^BrotheR] ty 1182193763 Q * Piet_ Ping timeout: 480 seconds 1182193916 J * Piet_ hiddenserv@tor.noreply.org 1182193936 J * ema ~ema@rtfm.galliera.it 1182194458 Q * sladen Ping timeout: 480 seconds 1182195301 J * sladen paul@starsky.19inch.net 1182195506 N * DoberMann[PullA] DoberMann 1182195734 M * Hollow any idea why my clock jumps back one second every few seconds/minutes? 1182195757 M * Hollow dovecot complains all day.. :/ 1182195760 M * Bertl ntpd? 1182195778 M * Hollow well, i enabled it now, but it didn't solve it 1182195877 M * bonbons Hollow: does your kernel remember some too large drift? 1182195906 M * Hollow don't know.. how do i find out? :) 1182195924 M * Hollow this is what dovecot says alot: 1182195925 M * Hollow Jun 18 21:45:04 keto dovecot: imap-login: Time just moved backwards by 1 seconds. I'll sleep now until we're back in present. 1182195946 M * bonbons hmm... let me try to remember... a few weeks ago I fixed such a kernel (in a VMWare guest) 1182196010 J * DreaM[BrB] ~Dr-DreaM@84.23.96.253 1182196021 M * Hollow i can even watch the clock jump with "watch -n.1 date" 1182196144 M * Bertl Hollow: by default, the kernel does never set the clock back 1182196163 M * Bertl so you definitely have some userspace app doing that, or a kernel bug 1182196171 M * bonbons ah, the magic tool was: adjtimex 1182196317 J * Darkness12 ~Dr-DreaM@84.23.96.253 1182196352 M * bonbons adjtimex -p to print kernel time-keeping information (value of status indicats kernel time state) 1182196381 Q * [BiG^BrotheR] Ping timeout: 480 seconds 1182196444 M * Hollow ok, i'll try 1182196526 Q * DreaM[BrB] Ping timeout: 480 seconds 1182196552 M * Hollow status: 1 1182196561 M * Hollow (PLL update enabled) 1182196568 M * Hollow whatever that is 1182196673 M * bonbons that looks like correct status... at least it's the same I have on correctly synchronized machines (with ntpd running) 1182196695 M * bonbons does ntpd write something to the logs? 1182196742 M * Hollow i have started it again now.. 1182196743 M * Hollow Jun 18 21:58:38 erebos ntpd[5084]: kernel time sync status 0040 1182196743 M * Hollow Jun 18 21:58:38 erebos ntpd[5084]: frequency initialized 0.000 PPM from /var/lib/ntp/ntp.drift 1182196760 M * Hollow and now status: 64 1182196883 M * samueltc hollow: hey, which version of lucid are you using to compile VCD? 1182197038 M * Hollow samueltc: trunk 1182197059 M * samueltc using trunk i've got a mem_freeall not found 1182197062 J * coderanger_ ~laptop@wireless-19-111.media.mit.edu 1182197063 N * coderanger_ coderanger 1182197098 M * Hollow samueltc: yeah, use the revision before that.. i stopped doing other things to lucid, because i want to branch it first, without the malloc changes 1182197117 M * samueltc ok thanks! 1182197190 M * samueltc how mature is vcd? 1182197237 Q * ema Quit: leaving 1182197296 M * bonbons Hollow: status 64 is for unsynchronized, see: http://www.die.net/doc/linux/man/man8/adjtimex.8.html 1182197443 M * dilinger Bertl: i'm confused; what's the proper version of this patch? EXTRAVERSION is -rc5-vsOLPC.0.4.1; so it's 0.4.1? previous stable was called 2.2.0... 1182197457 M * samueltc hollow: thanks! rev. 189 works 1182197543 M * Hollow samueltc: well, setting up vcd is not really documented nor automated yet, but it works quite well already 1182197571 Q * mountie Ping timeout: 480 seconds 1182197627 M * samueltc hollow: vxdb.sql is not on the repository 1182197729 M * Hollow samueltc: yeah, the database is already setup automagically if it doesn't exist 1182197735 M * samueltc ok cool 1182197908 J * yarihm ~yarihm@84-75-109-39.dclient.hispeed.ch 1182197948 M * yarihm hi everyone 1182197956 M * yarihm daniel_hozac: around? 1182198178 J * tuxmania ~bonbons@ppp-111-106.adsl.restena.lu 1182198499 Q * bonbons Ping timeout: 480 seconds 1182198954 J * cruser ~chatzilla@72.242.194.162 1182198965 Q * kdean06 Quit: Free Software - It's about "liberty" not "price". 1182199388 Q * duckx Quit: Client exiting 1182199396 J * meandtheshel1 ~markus@85-125-230-243.dynamic.xdsl-line.inode.at 1182199814 J * chand ~chand@m167.net81-64-156.noos.fr 1182200151 P * cruser 1182200457 M * Bertl dilinger: I started a new branch for OLPC, so this cannot be compared with vs2.2.0 or vs2.3.0 1182200462 Q * tuxmania Quit: Leaving 1182200485 M * Bertl dilinger: it is basically vs2.2.0 + some 2.3.0 stuff - unused vs2.x stuff 1182200561 M * Bertl dilinger: you can _name_ it whatever you like, all I need for updates is the 0.4.1 version sumber 1182200564 M * Bertl *number 1182200899 M * dilinger Bertl: ok, so we can't just update to 2.4.0 when it's released, since we've got custom stuff? 1182200922 N * DoberMann DoberMann[ZZZzzz] 1182200940 M * Bertl dilinger: well, you could, but you probably don't want to :) 1182201022 M * Bertl dilinger: i.e. you have to make up your mind .. if you want to take the full patch, that is fine for me too, but it is not required, especially the other filesystems and stuff like quota is quite intrusive, and not used in OLPC 1182201064 M * dilinger i see 1182201071 M * Bertl dilinger: you will get updates/patches from me for this OLPC specific branch 1182201098 M * Bertl dilinger: means: whenever we add something relevant for this branch, or fix something, you get the updates 1182201116 Q * infowolfe_ Quit: Leaving 1182201190 M * dilinger neuralis: ping 1182201196 M * neuralis pong 1182201266 M * neuralis dilinger: what's up 1182201318 M * dilinger ok, so; we're using a custom patch. i was under the impression that this was due to ipv6 and other stuff that's not in 2.2.0 1182201346 M * dilinger so we pulled the experimental bits that we actually need from 2.3.0 1182201351 M * dilinger are we also dropping bits from 2.2.0, though? 1182201372 M * dilinger in which case, the code we're using strays further and further from vserver mainline 1182201396 M * neuralis hm 1182201412 M * Bertl which, IMHO shouldn't be a problem 1182201453 M * Bertl AFAIK, your aim is to get as much as possible upstream, so I wouldn't bother with stuff not required for OLPC 1182201471 M * dilinger Bertl: that assumes we succeed in getting stuff upstream ;) 1182201519 M * Bertl yeah, well, if you do not succeed, you can always switch to vserver mainline :) 1182201537 M * neuralis dilinger: so, i think i'll defer to your judgment on this. my personal feeling is that staying minimally invasive is important, at least at this stage, and warrants deviating from vs mainline. 1182201549 M * dilinger Bertl: right, i just want to make sure it's a possibility 1182201581 M * dilinger Bertl: that mainline (2.4.x) will a) have all the stuff we need, and b) won't have stuff that conflicts w/ our usage of vserver 1182201601 M * Bertl for sure, but 2.4 is something not even being discussed right now 1182201618 M * Bertl i.e. far in the future, we just recently released 2.2 1182201630 M * Bertl and the next release will be something like 2.2.1 :) 1182201677 M * Bertl dilinger: I don't plan to put stuff into your branch which will conflict with vserver mainline 1182201709 M * Bertl but the OLPC branch for sure will get 'experimental' stuff (related to OLPC) earlier than 'stable' vserver mainline 1182201782 J * [BiG^BrotheR] ~Dr-DreaM@84.23.96.253 1182201868 J * Aiken ~james@121.45.250.169 1182201991 M * dilinger ok 1182202083 M * Bertl and of course, all mainline coding style related changes (so far) haven been incorporated in mainline vserver too 1182202186 Q * Darkness12 Ping timeout: 480 seconds 1182202284 J * Darkness12 ~Dr-DreaM@84.23.96.253 1182202646 Q * [BiG^BrotheR] Ping timeout: 480 seconds 1182203363 J * dna ~naucki@223-245-dsl.kielnet.net 1182203533 Q * Piet_ Remote host closed the connection 1182203654 J * Piet_ hiddenserv@tor.noreply.org 1182203751 Q * Piet_ Remote host closed the connection 1182203779 J * Piet_ hiddenserv@tor.noreply.org 1182204734 Q * Greek0 Ping timeout: 480 seconds 1182204918 M * coderanger ensc: Ping 1182204959 Q * dna Quit: Verlassend 1182205108 M * Bertl hey coderanger! how's going? 1182205125 M * coderanger Bertl: I have an XO booted on the vserver kernel in front of me :) 1182205192 M * Bertl excellent! 1182205208 M * coderanger Now we need to get libvserver on here 1182205372 M * yarihm gn8 everzone 1182205378 M * yarihm everyone that is 1182205382 Q * yarihm Quit: Leaving 1182205407 M * coderanger daniel_hozac: How comfortable would you be with cutting a v214 soon so we can get it pacakged and in the f7 repos? 1182206999 M * coderanger Bertl: Ping 1182207052 M * Bertl coderanger: pong? 1182207067 M * coderanger So this dietlibc vs. glibc thing 1182207072 M * coderanger Is this still a problem? 1182207087 M * Bertl no, you just want to use dietlibc :) 1182207091 M * coderanger Will we need to force things to relink against dietlibc if they run in a chroot? 1182207097 M * coderanger As that will get hilarious 1182207113 M * Bertl nah, seriously, the thing is this: 1182207141 M * Bertl you want to avoid (at all costs) that when you enter a complete guest, glibc loads modules 1182207188 M * coderanger hrmm 1182207198 M * Bertl this is nothing vserver specific, you want the same for chroot envs 1182207218 Q * gerrit Ping timeout: 480 seconds 1182207219 M * coderanger Is there a standard way of doing this? (other than rebuilding everything against !glibc) 1182207274 M * Bertl I'm no glibc expert, but compiling static executables is a way to do that for sure 1182207303 M * Bertl for the OLPC laptops, I would in general think about ditching glibc 1182207306 M * coderanger We can't aford that kind of memory waste 1182207323 M * Bertl i.e. replace it by dietlibc or uClibc 1182207324 M * coderanger hrmm, duoble plus ungood 1182207333 M * coderanger I'll talk to the system guys 1182207363 M * Bertl yes, note that the glibc module loading is a security issue in isolated environments 1182207413 M * coderanger There is no way we can rebuild everything 1182207441 M * coderanger Unless we can convince fedora to drop glibc ... 1182207455 M * Bertl AFAIK, you are starting activities via python, no? 1182207461 J * cjb ~cjb@pullcord.laptop.org 1182207464 M * coderanger Yes 1182207469 M * Bertl wb cjb! 1182207491 M * Bertl coderanger: so making sure that python doesn't load any glibc stuff would suffice 1182207504 M * cjb Hi. :) So, what's going on? vserver/chroots get used all the time with glibc-linked binaries, surely? 1182207519 M * coderanger Bertl: Not all activities are python based, nor can we realisitically maintain a custom build of python 1182207546 M * cjb what coderanger said. we use glibc binaries everywhere, as surely does everyone using vserver. 1182207550 M * Bertl cjb: inside it is no problem 1182207560 M * cjb okay, that's news to me. 1182207566 M * cjb when is it a problem? 1182207567 M * Bertl cjb: we are just talking about the process creating/entering the chroot 1182207580 J * infowolfe ~infowolfe@c-76-23-11-30.hsd1.ut.comcast.net 1182207587 M * Bertl cjb: basically the problem is this: 1182207599 M * Bertl glibc is modular, e.g. think resolver 1182207624 M * Bertl now you enter a potentially hostile guest to start something there 1182207643 M * Bertl and for whatever reason, glibc is loading _another_ module 1182207656 M * Bertl which will now travel back to the host system, with malicious code 1182207674 M * cjb Ah. 1182207694 M * cjb What kind of processes create/enter the chroots? Just util-vserver? 1182207720 M * coderanger libvserver via vc_ctx_migrate, no? 1182207743 M * Bertl cjb: whatever maintains the guests, yes 1182207754 M * coderanger But that is loaded in memory in Python via ctypes 1182207757 M * Bertl cjb: if you use util-vserver, then that will be it 1182207762 M * cjb ok. why were you guys talking about python? 1182207765 M * cjb coderanger: why? 1182207766 M * coderanger We don't use util-vserver 1182207781 M * coderanger We just use libvserver (or util-vserver-lib in RPMspeak) 1182207802 M * coderanger The maintenance program is a python-based security daemon 1182207828 M * cjb ah. and will that daemon need to link against glibc? 1182207842 M * Guy- Bertl: any news on the xfs link breaking file corruption patch? :) 1182207843 M * coderanger Well it is written in python, and presumably python does 1182207903 M * Bertl Guy-: no news yet, but we are working on it (slowly :) 1182207930 M * Guy- OK, thanks :) 1182207937 M * coderanger Bertl: So this isn't an issue for us 1182207946 M * coderanger Nothing ever leaves a container 1182207959 M * Bertl how so? 1182207964 M * coderanger The security daemon builds the container, enters it, and execs something 1182207980 M * coderanger The process that enters the new context never goes back 1182207981 M * Bertl yes? 1182208002 M * coderanger So if it loads a hostile module, it can't leak into hte host (or any other) context 1182208003 M * Bertl but the glibc might have mapped the code before the exec 1182208019 M * coderanger It will still only be hostile in its own container 1182208022 M * Bertl I'm just saying: be careful! :) 1182208052 M * Bertl I would suggest having a longer chat with ensc 1182208085 M * coderanger The alternative for us would probably be to make a small binary linked (statically?) against diet/ulibc and libvserver the does the migrate/exec step of building the container 1182208093 M * Bertl he should be able to tell you which cases might be problematic and what you can do without killing security :) 1182208108 M * coderanger Bertl: Okay, thanky 1182208206 M * Bertl but you might give it serious thought, if you do not want to compile central stuff like the python interpreter with a lightweight libc ... would probably speed up performance and reduce resource consumption quite a lot 1182208257 Q * infowolfe Quit: Leaving 1182208258 M * coderanger Bertl: Thats a bigger issue re: pacakge maintenance, and how much we want to keep on our own vs. use the fedora pacakges 1182208321 M * Bertl yeah, sure, but as I said, for some components it might be worth the efford 1182208332 J * [BiG^BrotheR] ~Dr-DreaM@84.23.96.253 1182208353 J * infowolfe ~infowolfe@c-24-10-147-179.hsd1.ut.comcast.net 1182208692 Q * Darkness12 Ping timeout: 480 seconds 1182209184 Q * Piet_ Quit: Piet_ 1182209237 Q * ruskie Ping timeout: 480 seconds 1182209752 J * infowolfe_ ~infowolfe@c-24-10-147-179.hsd1.ut.comcast.net 1182210154 Q * infowolfe Ping timeout: 480 seconds 1182210853 Q * mnemoc Ping timeout: 480 seconds 1182210948 Q * arachnist Read error: Connection reset by peer 1182211166 J * mnemoc ~amery@kilo105.server4you.de