1182297601 M * Bertl *your
1182297604 M * coderanger_ Okay
1182297631 M * coderanger_ Do we need one of those?
1182297633 M * Bertl when you clear the STATE_ADMIN, the context cannot be manipulated from the host anymore
1182297644 Q * yarihm Quit: Leaving
1182297655 M * Bertl for a start, you only want to clear the STATE_SETUP
1182297748 M * Bertl (when you are done with the context setup, of course :)
1182297795 Q * bzed Quit: Leaving
1182297901 M * coderanger_ okay, we cleared that bit (and read it back to verify
1182297908 M * coderanger_ but get_task_xid still returns -1
1182297928 M * Bertl because you are inside the context
1182297952 M * coderanger_ Ahh, so inside a container you aren't supposed to know you are in a container?
1182297969 M * Bertl well, you know, but certain calls are not allowed
1182297989 M * Bertl like everything which would allow to collect data from a different context
1182298003 M * coderanger_ woot
1182298008 M * coderanger_ I think we are good now
1182298046 M * Bertl good :)
1182298118 M * coderanger_ Just was missing that startup step
1182298157 M * Bertl note, you also want to unshare/clone a few namespaces and set them as default for the context
1182298172 M * Bertl as well as wrap that in a network context as well
1182298264 M * Bertl not sure what spaces will be required for activity isolation though
1182298496 M * coderanger_ Yes
1182298505 M * coderanger_ This was just a basic test to see if things were working
1182298542 M * Bertl good, spawn a bash from that, and check what 'ps auxwww' gives you :)
1182298609 M * coderanger_ heh, no /proc
1182298624 M * Bertl that is the proc visibility
1182298639 M * Bertl it is normally configured by a runlevel script of util-vserver
1182298657 M * Bertl OLPC will need a similar one for proper setup
1182298669 M * coderanger_ Does seem to be working though
1182298681 M * coderanger_ As in ls /proc only shows the two pids it should be
1182298711 M * Bertl excellent!
1182300217 J * DoberMann_ ~james@AToulouse-156-1-134-194.w90-30.abo.wanadoo.fr
1182300323 Q * DoberMann[ZZZzzz] Ping timeout: 480 seconds
1182300419 Q * coderanger_ Ping timeout: 480 seconds
1182300673 J * fatgoose ~samuel@204.19.247.184
1182300877 N * fatgoose samueltc
1182300886 M * samueltc sam is back
1182301355 M * Bertl wb samueltc!
1182302268 M * samueltc at the countryside, with high speed internet... thanks to the bell tower of the local church!
1182302510 M * Bertl sounds good!
1182302879 Q * Guy- Ping timeout: 480 seconds
1182310624 Q * samueltc Quit: samueltc
1182310864 J * fatgoose ~samuel@204.19.247.184
1182311472 Q * fatgoose Quit: fatgoose
1182311831 J * Guy- ~korn@152.66.83.144
1182311849 Q * Spyke_ Ping timeout: 480 seconds
1182312174 J * fullsick ~bob@203.176.96.250
1182312181 M * fullsick hi all
1182312225 M * fullsick anyone know why my vservers leave their lockfiles behind in tmp when started/stopped?
1182313911 M * Bertl sounds unusual
1182313948 M * Bertl normally, /tmp (inside a guest) is tmpfs, so it will vanish when the guest is stopped, and will get recreated on startup
1182313962 M * Bertl or are we talking about /tmp on the host?
1182315437 M * Bertl okay, off to bed now ... have a good one everyone! cya!
1182315447 N * Bertl Bertl_zZ
1182316439 M * fullsick yea /tmp on the the host
1182318956 J * lylix ~eric@dynamic-acs-24-154-33-109.zoominternet.net
1182322582 J * arachnist arachnist@088156185052.who.vectranet.pl
1182322647 M * eyck none                   16M   16M     0 100% /tmp
1182322658 M * eyck srv:/etc/amavis# du -sh /tmp/*
1182322658 M * eyck 16M     /tmp/clamav-f4c7bb94a0f79022c7060dd722d5ac51
1182322720 J * pmenier ~pmenier@LNeuilly-152-22-72-5.w193-251.abo.wanadoo.fr
1182323107 N * DoberMann_ DoberMann[PullA]
1182323298 Q * sladen Ping timeout: 480 seconds
1182323611 J * dlezcano ~dlezcano@AToulouse-252-1-97-130.w86-201.abo.wanadoo.fr
1182324448 J * dna ~naucki@218-235-dsl.kielnet.net
1182325084 Q * meandtheshell Quit: Leaving.
1182325331 J * _nkukard_ ~nkukard@dsl-240-108-226.telkomadsl.co.za
1182325337 Q * Aiken Read error: Connection reset by peer
1182325461 J * Aiken ~james@ppp121-45-250-169.lns2.bne4.internode.on.net
1182326008 J * _cob ~cob@pc-csa01.science.uva.nl
1182326079 Q * Aiken Read error: Connection reset by peer
1182326137 Q * ||Cobra|| Ping timeout: 480 seconds
1182326551 J * Aiken ~james@ppp121-45-250-169.lns2.bne4.internode.on.net
1182326872 J * cedric_ ~cedric@80.70.39.67
1182327649 Q * Aiken Ping timeout: 480 seconds
1182327905 J * Punkie ~punkie@235-105-207-85.bluetone.cz
1182328015 Q * besonen_mobile Quit: Leaving
1182328156 J * chand ~chand@212.99.51.254
1182329176 J * Aiken ~james@ppp121-45-250-169.lns2.bne4.internode.on.net
1182329223 J * HeinMueck ~Miranda@host-88-217-199-211.customer.m-online.net
1182329611 J * besonen_mobile ~besonen_m@71-220-233-253.eugn.qwest.net
1182329758 Q * gerrit Ping timeout: 480 seconds
1182329914 Q * Aiken Ping timeout: 480 seconds
1182330597 J * gerrit ~gerrit@c-67-160-146-170.hsd1.or.comcast.net
1182331001 Q * FireEgl Read error: Connection reset by peer
1182331837 J * FireEgl FireEgl@4.0.0.0.1.0.0.0.c.d.4.8.0.c.5.0.1.0.0.2.ip6.arpa
1182332726 J * lilalinux ~plasma@dslb-084-058-210-126.pools.arcor-ip.net
1182334269 J * Piet hiddenserv@tor.noreply.org
1182334942 J * yarihm ~yarihm@84-75-109-39.dclient.hispeed.ch
1182335681 Q * Piet Remote host closed the connection
1182335864 J * Piet hiddenserv@tor.noreply.org
1182336479 M * waldi hmm, is there an easy way to detect if i'm in a vserver?
1182336536 M * lilalinux waldi: try do create a device node
1182336551 M * lilalinux or mount something
1182336629 M * lilalinux if your /tmp is only a 16mb ramdisk that could be a hint, too *duckandrun*
1182336855 M * ard dmesg does not work
1182336866 M * ard and other stuff in /proc is hidden
1182336962 M * lilalinux try to install a custom kernel *g*
1182337007 M * lilalinux or ask your provider ;)
1182337182 J * Aiken ~james@ppp121-45-220-241.lns2.bne1.internode.on.net
1182337901 Q * mountie Ping timeout: 480 seconds
1182338137 Q * _cob Ping timeout: 480 seconds
1182338417 J * _cob ~cob@pc-csa01.science.uva.nl
1182338478 J * mountie ~mountie@CPE0080c6fe324f-CM000a739acaa4.cpe.net.cable.rogers.com
1182338950 J * zLinux ~zLinux@88.213.24.243
1182339025 M * trippeh_ waldi: There is some info in /proc/self/
1182339045 M * trippeh_ ..somewhere
1182339361 M * lilalinux Is PHPMyAdmin too uncommon for a server system?
1182339361 Q * pmenier Read error: Connection reset by peer
1182339385 M * lilalinux or PHP in general?
1182339393 M * awk its very common
1182339408 M * lilalinux then why on earth is /tmp a 16mb ramdisk by default O_o
1182339414 M * awk and depends how you secure phpmyadmin., use htaccess files, + phpmyadmin and you could run it on another port and filter that..
1182339452 M * awk use things like mod-security, that will help tighten things too
1182339472 M * lilalinux I'm talking about the /tmp mount ;-)
1182339489 M * awk no you asked about phpmyadmin
1182339500 M * lilalinux that was a suggestive question
1182339520 M * lilalinux sry, thought that would be clear
1182340876 J * fatgoose ~samuel@204.19.247.184
1182340956 J * pmenier ~pmenier@LNeuilly-152-22-72-5.w193-251.abo.wanadoo.fr
1182340956 Q * ktwilight_ Read error: Connection reset by peer
1182341020 J * ktwilight ~ktwilight@170.69-66-87.adsl-dyn.isp.belgacom.be
1182341536 Q * chand Remote host closed the connection
1182342098 J * [BiG^BrotheR] ~Dr-DreaM@84.23.96.253
1182342104 Q * fatgoose Quit: fatgoose
1182342166 Q * Aiken Quit: Leaving
1182342169 Q * pmenier Remote host closed the connection
1182342211 J * pmenier ~pmenier@LNeuilly-152-22-72-5.w193-251.abo.wanadoo.fr
1182342686 J * DreaM[BrB] ~Dr-DreaM@84.23.96.253
1182342962 J * ema ~ema@rtfm.galliera.it
1182343020 J * fatgoose ~samuel@204.19.247.184
1182343072 Q * [BiG^BrotheR] Ping timeout: 480 seconds
1182344041 Q * Punkie Quit: Leaving
1182344833 Q * dna Quit: Verlassend
1182345039 J * [BiG^BrotheR] ~Dr-DreaM@84.23.96.253
1182345422 Q * DreaM[BrB] Ping timeout: 480 seconds
1182345809 J * DreaM[BrB] ~Dr-DreaM@84.23.96.253
1182346242 Q * [BiG^BrotheR] Ping timeout: 480 seconds
1182346659 Q * zLinux Ping timeout: 480 seconds
1182347308 J * zLinux ~zLinux@88.213.24.243
1182348473 Q * Piet Ping timeout: 480 seconds
1182348566 J * Piet hiddenserv@tor.noreply.org
1182348794 J * [BiG^BrotheR] ~Dr-DreaM@84.23.96.253
1182348832 J * nkukard__ ~nkukard@dsl-240-64-42.telkomadsl.co.za
1182349177 Q * DreaM[BrB] Ping timeout: 480 seconds
1182349257 Q * _nkukard_ Ping timeout: 480 seconds
1182349341 Q * nkukard__ Ping timeout: 480 seconds
1182349532 M * fatgoose hollow: [error] vcc: create: RPC failed at server.  handle_file(193): fchownat(./tmp): Not a directory (500)
1182349532 M * fatgoose http://paste.linux-vserver.org/2671
1182349556 M * fatgoose using testdummy
1182350517 M * lylix fatgoose: what distro + glibc version?
1182350571 M * fatgoose debian etch
1182350582 M * fatgoose glibc-2.3.6
1182350593 M * lylix might have to bump glibc
1182350604 M * fatgoose bump to?
1182350605 M * lylix in gentoo, only 2.5 works, not 2.4
1182350611 M * fatgoose ok
1182350654 M * lylix have seen this error many times, and always fixed w/ glibc bump
1182350661 M * Hollow fatgoose: looks like your vdir is not a directory... and we don't use fchownat from libc, so it shouldn't matter
1182350676 M * lylix was this recently changed?
1182350709 M * Hollow no
1182350729 M * lylix upgrading to glibc 2.5 always fixed a fchownat error in the past here, heh...
1182350746 M * fatgoose http://paste.linux-vserver.org/2672
1182350760 M * fatgoose (erased /tmp in that paste, but got the same error for ./var)
1182350777 M * Hollow ah, right ... we use those from libc if available, and some libc has broken implementations ..
1182350779 M * Hollow i remember
1182350839 M * fatgoose i'll try with 2.5
1182351066 M * Hollow we should really start to replace all libc calls :P
1182351082 M * Hollow actually, there have only been a very few left
1182351104 M * daniel_hozac dietlibc? ;)
1182351144 M * fatgoose works
1182351195 M * Hollow daniel_hozac: i mean libc calls in vcd... and lucid does a good job already at replacing libc :)
1182351206 J * DreaM[BrB] ~Dr-DreaM@84.23.96.253
1182351236 M * Hollow at least with regard to vcds needs
1182351315 M * Hollow and honestly... dietlibc just sucks.
1182351317 M * Hollow :)
1182351341 M * daniel_hozac seems to cause more problems than it solves, at least.
1182351352 M * Hollow yeah..
1182351407 M * Hollow i guess a bit more active development wouldn't hurt ;)
1182351412 M * Hollow and a sane build system *ahem*
1182351431 M * daniel_hozac hehe
1182351456 M * fatgoose hey, I should be able to start a V build w/ testdummy?
1182351466 M * Hollow not sure :)
1182351470 M * fatgoose hehe ok
1182351484 M * fatgoose try with another one
1182351499 M * Hollow i only used it for testing vx_create back then
1182351511 M * Hollow but it may start... shoudl have an init at least :)
1182351572 Q * [BiG^BrotheR] Ping timeout: 480 seconds
1182352194 M * fatgoose need to restart vcd if I want to use create again, got operation still in progress
1182352568 Q * HeinMueck Ping timeout: 480 seconds
1182352769 Q * infowolfe_ Ping timeout: 480 seconds
1182352851 J * [BiG^BrotheR] ~Dr-DreaM@84.23.96.253
1182353247 Q * DreaM[BrB] Ping timeout: 480 seconds
1182353922 J * kdean06 ~kdean06@pool-70-18-228-57.res.east.verizon.net
1182353968 J * stefani ~stefani@tsipoor.banerian.org
1182354694 J * infowolfe ~infowolfe@c-24-10-147-179.hsd1.ut.comcast.net
1182354892 Q * FireEgl Ping timeout: 480 seconds
1182355191 N * ensc Guest2334
1182355201 J * ensc ~irc-ensc@p54B4FFEA.dip.t-dialin.net
1182355308 Q * Guest2334 Ping timeout: 480 seconds
1182355417 J * DreaM[BrB] ~Dr-DreaM@84.23.96.253
1182355757 J * bonbons ~bonbons@2001:5c0:85e2:0:20b:5dff:fec7:6b33
1182355797 Q * [BiG^BrotheR] Ping timeout: 480 seconds
1182355976 N * Bertl_zZ Bertl
1182356006 M * Bertl morning folks!
1182356043 M * Bertl waldi: /proc/self/vinfo should show
1182356157 J * FireEgl FireEgl@4.0.0.0.1.0.0.0.c.d.4.8.0.c.5.0.1.0.0.2.ip6.arpa
1182356216 M * zLinux morning Bertl 
1182356535 J * HeinMueck ~Miranda@dslb-088-065-253-121.pools.arcor-ip.net
1182357209 J * Anton ~ToXa@ip-201-245-122-091.pools.atnet.ru
1182357712 M * Anton Greetings to all! How are you doing?
1182357834 P * Anton Client Exiting
1182358539 Q * pmenier Quit: pmenier
1182358968 J * marcfiu ~mef@75.7.61.185
1182359058 M * Bertl wb marcfiu!
1182360082 M * fatgoose jeez
1182360085 M * fatgoose http://forums.serverbeach.com/attachment.php?attachmentid=6&d=1182353767
1182360092 M * fatgoose http://forums.serverbeach.com/attachment.php?attachmentid=7&d=1182353767
1182360102 Q * marcfiu Ping timeout: 480 seconds
1182360696 N * hardwire` hardwire
1182361305 Q * dlezcano Quit: Leaving
1182361307 Q * cedric_ Quit: cedric_
1182361568 Q * ema Quit: leaving
1182361577 J * [BiG^BrotheR] ~Dr-DreaM@84.23.96.253
1182361967 Q * DreaM[BrB] Ping timeout: 480 seconds
1182362161 J * haxier ~haxier@eu85-84-166-67.clientes.euskaltel.es
1182362211 M * haxier Tricky question...
1182362265 M * haxier Any plan to release the 2.0.3-final version? What's left to make the release? Looks like it's frozen
1182362369 J * coderanger_ ~laptop@wireless-19-112.media.mit.edu
1182362370 M * daniel_hozac well, some more feedback i guess. we've not had many reports of people running 2.0.3 at all.
1182362384 M * daniel_hozac what difference does it make if it's called rc or final though? :)
1182362593 M * Bertl haxier: did you test 2.0.3-rc*?
1182362614 M * haxier I have 3 vservers running 2.6.16-vs2.0.3-rc2 since it was released (several months?) without any problem
1182362643 M * Bertl sounds good! why 2.0.3 and not 2.2.0, if I may ask?
1182362700 M * haxier I suffered the fs corruption bug of 2.6.17 (or was 2.6.18?) and since then I only use 'stable' 2.6.16
1182362711 M * haxier But I've readed that 2.6.20 it's ok
1182362917 M * haxier With 2.6.16.52-vs2.0.3-rc2 i have about 12 guests running all kind of services: Samba as PDC, ssh, pure-ftpd, pdns, postfix, Apache, Tomcat... everything runs perfect
1182362953 M * daniel_hozac .52?!
1182362959 M * daniel_hozac wow.
1182363024 M * haxier daniel_hozac: yes, and the vserver patch applies well (only rejects in the Makefile)
1182363109 M * haxier 2.6.20-vs2.2.0+grsec would be great żany experiences with grsec?
1182363145 M * daniel_hozac harry didn't want to make a patch for 2.6.20 since there weren't any grsec release for that.
1182363200 M * Bertl haxier: okay, maybe we should check the fixes we applied to 2.2.0 and do another 2.0.3 release for .52++?
1182363212 M * Bertl daniel_hozac: what is your opinion on that?
1182363236 M * daniel_hozac sounds good to me.
1182363250 M * haxier Bertl: that would be great!
1182363284 M * haxier I offer myself to test that patches
1182363836 M * Bertl okay, expect some later today or tomorrow ...
1182363984 M * harry ahaaaaaaa
1182363992 M * harry i here you now....
1182363998 M * harry i think i have to get cracking again...
1182364006 M * harry i'll see if there is more beer here
1182364009 M * harry then i'll start :)
1182364015 M * harry it will be a 2.6.21 patch tough...
1182364161 M * haxier Only one day? wow...  I'm amazed of your support. Thanks indeed.
1182364173 M * harry a lot of people asked for it
1182364184 M * harry i thought, wait a while for th bugs to get out of 2.6.21
1182364189 M * harry but since people can't wait
1182364196 M * harry (and it's been a while ;)) : i'll do it now
1182364198 M * haxier I'll post my experiences with that patch in the mailing list
1182364220 M * harry let me fire up some shells for the work :)
1182364791 J * cedric ~cedric@rny93-2-82-66-66-30.fbx.proxad.net
1182364862 M * Bertl wb cedric!
1182364873 M * cedric hey
1182365375 M * harry brrrrrr... patching... started!
1182365783 N * DoberMann[PullA] DoberMann
1182367181 J * bzed ~bzed@wireless-2-183.internal.dc7.debconf.org
1182367256 Q * lilalinux Remote host closed the connection
1182368042 J * DreaM[BrB] ~Dr-DreaM@84.23.96.253
1182368237 Q * cedric Quit: cedric
1182368442 Q * [BiG^BrotheR] Ping timeout: 480 seconds
1182369074 J * mire ~mire@252-171-222-85.adsl.verat.net
1182369407 J * cedric ~cedric@rny93-2-82-66-66-30.fbx.proxad.net
1182369511 M * harry Bertl: -               mm->stack_vm = mm->total_vm = vma_pages(mpnt);
1182369519 M * harry +               vx_vmpages_sub(mm, mm->total_vm - vma_pages(mpnt));
1182369519 M * harry +               mm->stack_vm = mm->total_vm;
1182369522 M * harry why's that?
1182369536 M * harry (in fs/exec.c)
1182369623 M * daniel_hozac same thing.
1182369633 A * harry thought so.... so why patch it?
1182369643 M * daniel_hozac the latter one does it for the guest as well?
1182369662 M * harry tough... i don't see a -= anywhere
1182369684 M * daniel_hozac hmm?
1182369716 M * harry which i expect in a vx_vmpages_sub function
1182369724 M * harry well... in a thing that's replace by -
1182369806 M * daniel_hozac i don't understand what you mean.
1182369824 M * harry normally, there is a nvmnd... /me stupid
1182369829 M * harry (again ;))
1182369845 M * harry what does that vx_vmpages_sub function do?
1182369866 M * Bertl subtract n pages?
1182369912 M * harry put the result in mm i asume?
1182369928 M * Bertl both, mm and the guest accounting
1182369939 M * harry aha
1182369958 M * harry the original function doesn't substract anything...
1182369963 M * harry just assigns...
1182369990 M * daniel_hozac it works out to the same thing.
1182370001 M * daniel_hozac x = x - (x - y) == x = y
1182370091 M * harry i'm having some problems with the segmexec version of this :)
1182370223 Q * HeinMueck Ping timeout: 480 seconds
1182370423 M * harry mm->total_vm += vma_pages(mpnt_m);
1182370449 M * harry would become: vx_vmpages_add(mm->total_vm, vma_pages(mpnt_m));
1182370451 M * harry then?
1182370471 M * Bertl almost
1182370482 M * Bertl vx_vmpages_add(mm, vma_pages(mpnt_m))
1182370513 M * harry why not mm->total_vm ?
1182370524 M * daniel_hozac because it works on the mm.
1182370586 A * harry gets it (i think :)
1182370690 M * derjohn hi, is there any known problem with 2.2.0 and SHM within a guest? I ugraded from 2.6.18 / 2.1.1.3 to 2.6.20 / 2.2.0 and Posgresql doesnt start due to insufficient SHM foobar. Lowering the value in postgrel made it start 'gain.
1182370722 J * nebuchad` ~nebu@zion.asgardr.info
1182370745 M * Bertl derjohn: hmm, probably you need to adjust shm max for that guest?
1182370764 J * Adrinael_ adrinael@rid7.kyla.fi
1182370803 J * opuk_ ~kupo@c213-100-138-228.swipnet.se
1182370811 M * derjohn eh? I fount the shmmax in /proc of the _host_ and adjusted it up (i wasnt clear if it is counted in pages or byte, but I tried both ...). Is there an extra shm setting for each guest ?
1182370832 Q * Adrinael Write error: connection closed
1182370832 Q * opuk Read error: Connection reset by peer
1182370832 M * Bertl since 2.6.19+ we are using ipc namespaces
1182370850 M * Bertl so the guest has a separate set of those settings (via sysctl)
1182370864 J * Radiance 6ed69905f6@halt.1984world.eu
1182370864 Q * _Radiance Read error: Connection reset by peer
1182370904 Q * virtuoso Read error: Connection reset by peer
1182370930 M * derjohn Bertl, thats nice to hear ;) Nothing to find anout it on the wiki. I'll check the GFP ...
1182370934 J * virtuoso ~s0t0na@80.253.205.251
1182370957 M * Bertl derjohn: yeah, recent tools allow to set the sysctl stuff 
1182370967 M * daniel_hozac (i.e. 0.30.213)
1182370968 M * Bertl derjohn: feel free to add something to the wiki :)
1182370994 M * derjohn i backported .213 to etch (in my debian/vserver repo). I'll add a faq ... :)
1182371028 M * daniel_hozac micah said it should be appearing on backports.org soon
1182371034 M * derjohn backport = build the lenny version for ecth ... micah BTW: Didnt you offer "backports"? Or was that only for the kernel ?
1182371037 M * derjohn race :)
1182371049 Q * nebuchadnezzar Ping timeout: 480 seconds
1182371137 M * derjohn well, I did build fine with "dpkg-buildpackage" on etch. So it shouldnt be a prob to put it on backports.org. AND: .212 has this annying "vcontext takles 400% CPU" bug, so I hope there will be a bugfix  in "etch r2" 
1182371183 M * daniel_hozac i think you should file that in the BTS.
1182371215 M * daniel_hozac (if it's not already there, i mean)
1182371277 M * derjohn daniel_hozac, good idea.
1182371322 M * derjohn i wasnt sure if it is real bug and if it appears on waldis kernels, too. (I am not even sure, which VS version he put into etch ..or which patchset )
1182371366 M * daniel_hozac 2.0.2.2-rc9
1182371378 M * daniel_hozac or whatever it is called ;)
1182371394 M * daniel_hozac but it shouldn't be kernel dependent.
1182371402 M * daniel_hozac it's a userspace race.
1182371502 M * derjohn  /etc/vservers/vserver-name/rlimits is the thing to set the shm limit ? Or /etc/vservers/vserver-name/sysctl ? And: Does the host's shmmax value have to be greater than the sum of all guests shm? or is that accounted idependently ?
1182371579 M * derjohn daniel_hozac, strange that it didnt appear in former times. And in my case i dont hit it "somestimes" but more or less on all hosts i run. It appeaers to happen faster on amd64, but probably because the boxes are faster :)
1182371722 N * opuk_ opuk
1182371813 M * daniel_hozac Bertl: have the 2.6.20.11 and 2.6.20.14 patches had any further fixes, or just rebases?
1182371839 M * Bertl no fixes, just cleanups, IIRC
1182371880 M * daniel_hozac okay.
1182372247 J * ktwilight_ ~ktwilight@33.114-66-87.adsl-dyn.isp.belgacom.be
1182372657 Q * ktwilight Ping timeout: 480 seconds
1182372679 Q * fatgoose Quit: fatgoose
1182372984 Q * kdean06 Quit: Free Software - It's about "liberty" not "price".
1182373148 M * derjohn so, here is the FAQ entry abozt SHM / SHMMAX: http://linux-vserver.org/Frequently_Asked_Questions#Since_upgrading_to_a_newer_VS_version_my_guest_doesn.27t_have_the_amount_of_shared_memory_.28SHM_.2F_SHMMAX_.2F_SHMALL_.29_as_it_had_in_the_former_version._What_changed.3F
1182373364 J * Aiken ~james@ppp121-45-220-241.lns2.bne1.internode.on.net
1182373647 J * [BiG^BrotheR] ~Dr-DreaM@84.23.96.253
1182373790 J * HeinMueck ~Miranda@dslb-088-065-255-089.pools.arcor-ip.net
1182373947 M * harry haxier: patch is allmost done
1182373973 J * sladen paul@starsky.19inch.net
1182374010 M * harry done
1182374034 M * harry daniel_hozac: how can i put patches online?
1182374040 M * daniel_hozac hmm?
1182374047 Q * DreaM[BrB] Ping timeout: 480 seconds
1182374052 M * daniel_hozac same way you always have, no?
1182374072 M * harry nevermind
1182374081 M * harry server ip changed since thje last time :)
1182374115 Q * FloodServ synthon.oftc.net services.oftc.net
1182374139 M * haxier harry: thanks! 
1182374162 M * harry haxier: in about 10 min's i'll see if it's decent
1182374426 N * DoberMann DoberMann[ZZZzzz]
1182375142 M * derjohn daniel_hozac, micah : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429877
1182375191 M * daniel_hozac so there was no previous bug report?
1182375208 M * derjohn daniel_hozac, no, i didnt find any.
1182375216 M * daniel_hozac okay.
1182375235 M * derjohn daniel_hozac, hm, but i didnt look into all closed ones.
1182375276 J * rob-84x^ rob@submarine.ath.cx
1182375284 M * derjohn but as I hit the race on my etch prodcutuion systems ... it could only be that the original debian kernel, prevenents that race in some way.
1182375304 M * derjohn aynway, ola or micah can close the bug in that case.
1182375319 M * daniel_hozac i doubt it.
1182375331 M * daniel_hozac how did you manage to trigger it so easily?
1182375352 M * derjohn i wonder why noone reported that problem ... etch is out for several weeks or months.
1182375379 M * derjohn daniel_hozac, i did nothing. i suddenly appeared with a guest that ran for days.
1182375397 M * daniel_hozac but where did it come from?
1182375402 M * derjohn and I spotted up to 4 vcontexts in the guests, but couldnt see them in the host.
1182375420 M * derjohn dunno ... you said it's a known bug :)
1182375442 M * daniel_hozac well, yes. but it was really hard to reproduce ;)
1182375447 M * derjohn hmmm
1182375449 M * derjohn really ?
1182375461 M * daniel_hozac at least with the recipe posted on the mailin g list.
1182375470 M * derjohn could I have to do with the ipv6 kheler problem ?
1182375479 M * derjohn *khelper
1182375481 M * daniel_hozac it really shouldn't.
1182375531 Q * bzed Quit: Leaving
1182375539 M * derjohn the khelper might consume 99% when probing for the iv6 stuff, maybe the machine got so slow , that I was able to trigger the vcontext easy?
1182375557 M * daniel_hozac i suppose...
1182375580 M * derjohn anyway: I disappeared with .213. And that is fine ;)
1182375608 M * derjohn did bonbons tell something about the iv6 stuff recently?
1182375637 Q * [BiG^BrotheR] Quit: ][DreaM-ScripT][
1182375644 J * EvilDin ~Snake@BSN-77-83-28.dsl.siol.net
1182375647 M * EvilDin hello
1182375679 M * derjohn daniel_hozac, BTW: what does a vcontext process do in the guest ? What is it good for ?
1182375688 M * EvilDin am do anyone here have any idea, how could i control internet traffic of VPS
1182375691 M * daniel_hozac derjohn: vlogin.
1182375709 M * derjohn A fine devilish evening, EvilDin ! :)
1182375720 M * EvilDin :)
1182375724 M * daniel_hozac EvilDin: iptables on the host?
1182375726 M * Bertl EvilDin: tc, ip and iptables?
1182375733 M * derjohn EvilDin, control = account or control = shape ?
1182375735 M * EvilDin any guide
1182375784 M * EvilDin my dedicated server have more ips, and i give user a VPs with one ip, how could i control that after 100 GB of internet traffic, would user VPS stop working
1182375818 M * derjohn EvilDin, as Bertl said: do it on a per-IP basis with the "usual suspect' tools: tc, ip and iptables.
1182375837 M * Bertl EvilDin: http://lartc.org/
1182375902 M * haxier EvilDin: perhaps you could use iptables with the connbytes helper module. There's an excellent tutorial in http://iptables-tutorial.frozentux.net/iptables-tutorial.html
1182375904 M * derjohn EvilDin, you could also use iptables to account (like openvcp does for vservers) and write a cronjob, that shuts the guest down.
1182375941 M * Bertl (or simply block the ip)
1182375969 M * EvilDin what do you think the best solution would be?
1182375984 M * Bertl depends on what your goals are
1182376016 M * Bertl if you simply want to block the guests after so and so much traffic, the cronjob + iptables is probably the easiest
1182376028 M * derjohn But it would be more 'elegant' to shape the connection down, that it can use use up to 10kbit/s or such (ssh login still works). But here you need some creativity . And let us how you solved the problem. Add the knowledge to the wiki!
1182376047 Q * bonbons Quit: Leaving
1182376053 M * Bertl if you OTOH, want to 'shape' network access to accomodate some limits, tc is the better choice
1182376166 M * EvilDin sad is only that, that i don't know iptables very well, and even i don't want to read pages and pages of specifications
1182376244 M * Bertl well, as you said, that's sad :)
1182376251 M * harry haxier: http://people.linux-vserver.org/~harry/patch-2.6.21.5-vs2.2.0-rc3-grsec2.1.10-20070620.diff
1182376259 M * haxier EvilDin: if you don't want to learn... it's gonna be a difficult task to accomplish
1182376286 M * harry haven't tested it all myself... that's for tomorrow
1182376303 M * harry but i think it won't give a lot of problems...
1182376313 M * haxier harry: Thanks, I'll give it a test in the next two weeks
1182376329 M * harry you can see by the date if it has changed ;)
1182376349 M * EvilDin i tried once, i add simple rules in iptables, just add ipis, and then there i see how many bytes were used but after some time i see that iptables didn't count as they should, but i don't know why
1182376377 M * haxier harry: I can't test it well because I don't know too much abour grsec
1182376386 M * haxier harry: I must read the docs and test
1182376398 M * harry haxier: i have a default conifg
1182376410 M * harry you can take that for starters... won't give you many problems
1182376417 M * harry will give you aslr etc...
1182376443 M * harry segmexec, mprotect stuff etc... read the help(s) ;))
1182376456 M * haxier harry: my needs are very basic, I only want to "harden" the external boxes. I'll read the helps.
1182376493 M * harry i tried to make a "default very secure but not impossible to work with"-system
1182376500 M * haxier For the internal servers I prefer the vs-2.0.3 because the 2.6.16 kernel
1182376520 M * haxier Lots of things to test!
1182376524 M * harry hehe
1182376527 M * harry fun fun :)
1182376601 M * harry there we go... all built...
1182376613 M * harry my test machine is down :(
1182376706 M * EvilDin am do iptables for sure work ok with this counting bytes of traffic: i make commands:
1182376706 M * EvilDin iptables -I INPUT -d
1182376712 M * EvilDin iptables -I INPUT -d IP
1182376724 M * daniel_hozac yep.
1182376725 M * EvilDin iptables -I OUTPUT -s IP
1182376750 M * EvilDin so if i process iptables -nvxL
1182376760 M * EvilDin info that i get from this command
1182376770 M * EvilDin and calculate
1182376789 M * EvilDin should i get total used traffic ?
1182376884 M * haxier EvilDin: if you reboot the machine you use the iptables-save and iptables-restore scripts with the '-c' option?
1182376887 J * fatgoose ~samuel@204.19.247.184
1182376979 M * EvilDin i used that
1182376990 M * EvilDin but traffic is lost with reboot, am i wrong ?
1182377025 M * EvilDin if i reboot server, iptables start to count from 0
1182377029 M * EvilDin zero
1182377035 M * haxier EvilDin: if you add the '-c' option then it will read/save all the byte counters
1182377050 M * EvilDin really
1182377058 M * EvilDin how do i do that
1182377065 M * EvilDin iptables-save -c
1182377065 M * haxier EvilDin: man iptables-save
1182377112 M * haxier EvilDin: in the network initializacion scripts (in Debian they are /etc/network/interfaces) 
1182377153 M * EvilDin yes i have added
1182377156 M * harry script it... even iptables maintainers say: don't use iptables save etc...
1182377157 M * harry :)
1182377164 M * EvilDin Virtual adresses
1182377187 M * EvilDin i have all ipis saved in interfaces
1182377210 M * EvilDin so that all VPS get then IP, when server restart
1182377246 M * haxier harry: żreally they recommend that? 
1182377247 M * EvilDin so now i just add iptables-save -c and counters will never stop counting
1182377266 M * haxier harry: it works well for me with my 'simple' iptables rules
1182377285 M * EvilDin how can i then at end of month restart counters ?
1182377314 M * haxier EvilDin: I have iptables-restore in 'pre-up'  and iptables-sabe in the 'post-down' events
1182377358 M * haxier EvilDin: perhaps a cron job that each month makes an iptables-save/restore without the '-c' flag
1182377386 M * haxier Sure there will be better solutions... my advice sounds like a hack
1182377464 M * EvilDin does anyone know any simple script that would send me mail, if some IP get total of some amount of traffic
1182377501 M * haxier no, sorry
1182377508 M * harry haxier: i'm looking for it...
1182377613 Q * HeinMueck Quit: Aah!
1182377767 M * harry can't find it anymore
1182377770 M * harry so... use it :)
1182377778 M * harry i use it too, but not for "decent" firewalls ;)
1182377800 A * harry blackadder now...
1182377805 M * harry as a reward :)
1182377854 M * haxier gonna sleep
1182377864 M * haxier bye all 
1182377867 M * haxier Thanks
1182377922 M * EvilDin am i use iptables-save -c
1182377926 M * EvilDin and restart server
1182377929 P * haxier Konversation terminated!
1182377932 M * EvilDin counters are restarted to 0
1182377966 M * harry mailed!
1182378141 M * EvilDin am any idea why counters were set to 0
1182378192 M * harry because you reinit'ed the rules
1182378198 M * EvilDin yes
1182378199 M * harry if you reset stuff, it resets
1182378219 M * EvilDin how could then i save counters
1182378243 M * EvilDin each time i restart all rules are added, just that i can see how much bytes of traffic is made
1182378251 M * EvilDin but always start with 0
1182378301 M * harry ?
1182378349 M * Bertl EvilDin: check out iptables-save/restore
1182378364 M * Bertl those are able to save/restore counters properly
1182378381 M * EvilDin problem is only in that that counters wee resteted even do i use command iptables-save -c, should i use aynthing else ?
1182378438 M * harry        iptables-save  is used to dump the contents of an IP Table in easily parseable format to STDOUT. Use I/O-redirection provided by
1182378442 M * harry        your shell to write to a file.
1182378444 M * harry        -c, --counters
1182378447 M * harry               include the current values of all packet and byte counters in the output
1182378451 M * harry hmmmm
1182378463 M * harry very weird imho
1182378497 M * EvilDin should i probably write to which file it should be saved ?
1182378500 M * coderanger_ Bertl: ping
1182378522 M * Bertl coderanger_: pong!
1182378538 Q * FireEgl Quit: Bye...
1182378644 M * coderanger_ Bertl: Okay, weird question
1182378655 M * Bertl coderanger_: shoot!
1182378707 M * coderanger_ when you use clone
1182378718 M * EvilDin ok sorry now i know what is the point of saving an then restoring iptables :)
1182378732 M * coderanger_ you need to malloc the child's stack, then you pass the top of that region to clone
1182378756 M * coderanger_ should the parent immediately free its copy of that buffer?
1182378777 M * coderanger_ I think it should, but we aren't sure
1182378782 M * Bertl coderanger_: the question should be more: do I need to do that?
1182378790 Q * yarihm Quit: Leaving
1182378817 M * Bertl coderanger_: and thinking about that, I would suggest you do not use clone at all, as unshare is probably more appropriate to your task
1182378860 M * coderanger_ so fork+unshare?
1182378862 M * Bertl coderanger_: but when you decide you need or want to use clone, then I would suggest to stick to sys_clone(2) and do not specify the stack at all (in which case it will be auto-allocated)
1182378886 M * Bertl coderanger_: as I said, depends on what you want to do
1182378909 M * Bertl btw, have a look at vcmd and how that handles clone/unshare
1182378921 M * coderanger_ Bertl: We just want to spawn something inside a new container
1182378962 M * coderanger_ so (fork+unshare|clone), ctx_create, configure the ctx, start the ctx, exec something
1182379004 M * Bertl yep, you probably also want to _wait_ for the context exit at some point
1182379033 M * coderanger_ No, we are starting things in an async manner
1182379069 M * Bertl so you are not interested when a context is disposed?
1182379101 M * coderanger_ What would we need to do?
1182379116 M * coderanger_ GTK/dbus is handling the notifications on activity shutdown 
1182379179 M * Bertl okay, no problem, can be added later when required
1182379205 M * coderanger_ So would you recommend fork+unshare over clone?
1182379205 M * Bertl but you probably want to do some smart context id assignment
1182379221 M * Bertl coderanger_: if you have to fork, then I would choose clone
1182379247 M * coderanger_ Bertl: Yes, the security daemon will be tracking and allocating those
1182379278 Q * EvilDin Quit: AnacřnĐa · "If anything can't go wrong, it will anyway"
1182379854 Q * bulkBoy Quit: Leaving
1182381044 M * micah daniel_hozac: I actually uploaded the backported package 2 days ago, i haven't been online since, so I haven't been able to tell anyone
1182381357 J * derjohn2 ~aj@e180202019.adsl.alicedsl.de
1182381798 Q * derjohn3 Ping timeout: 480 seconds
1182382442 M * stefani micah:  ! taking time out from debconf?
1182383474 P * stefani I'm Parting (the water)