1182730626 M * slack101 back to setting up Vserver 1182730630 M * slack101 going to get this donetoday 1182730804 M * slack101 kerrnel processes dont show in vserver do they ? 1182730898 M * Bertl no, usually not, but if yes, then it is a bug :) 1182730987 M * slack101 just chekcing Bertl 1182730989 Q * [BiG^BrotheR] Quit: ][DreaM-ScripT][ 1182731297 J * ||Cobra|| ~cob@pc-csa01.science.uva.nl 1182732253 J * DoberMann_ ~james@AToulouse-156-1-46-224.w90-16.abo.wanadoo.fr 1182732355 Q * DoberMann[ZZZzzz] Ping timeout: 480 seconds 1182733836 Q * Piet Quit: Piet 1182735991 Q * slack101 Quit: Leaving. 1182736926 Q * ||Cobra|| Ping timeout: 480 seconds 1182737416 J * slack101 ~Administr@cpe-71-74-77-84.insight.res.rr.com 1182738808 M * slack101 anyone here ever use debootstrap 1182738928 M * Bertl not directly, just via the tools 1182738989 M * slack101 Bertl: yea im using it directly 1182739002 M * Bertl why? 1182739014 M * slack101 getting a base default install for my host system 1182739050 M * Bertl ah, interesting ... 1182739062 M * Bertl always installed debian via network install 1182739088 M * Bertl I mean, via some install floppy/cd/netboot image 1182739406 M * slack101 Bertl: netboot image ? 1182739414 M * slack101 i think debian is the best distro lol 1182739421 M * slack101 fast small and easy 1182739433 M * slack101 all the reasons i like slackware and it has good package management 1182739665 M * Bertl well, when I installed it (so far) I used a small installer image which could be booted over network 1182739681 M * Bertl (as most machines I installed it on, didn't have a floppy or cdrom drive) 1182739996 M * slack101 this is a remote server 1182740003 M * slack101 a installer iamge ? 1182740009 M * slack101 you got any links of anyting about this ? 1182740020 M * Bertl shouldn't be hard to find .. sec 1182740091 M * Bertl http://ftp.debian.org/debian/dists/sarge/main/installer-sparc/current/images/sparc64/netboot/ 1182740095 M * Bertl (just one example) 1182740430 M * slack101 i wonder if thats better then the 1182740438 M * slack101 deboostrapp 1182740464 Q * Johnnie Ping timeout: 480 seconds 1182740486 M * Bertl well, it will use debootstrap too :) 1182740505 M * slack101 ooo? 1182740530 M * Bertl but wrapped in a nice installer :) 1182740596 M * slack101 so 1182740609 M * slack101 i can jus put that on my server andf it will automatically install it ? 1182740619 M * slack101 i would need a remote console for that though corect ? 1182740646 J * ||Cobra|| ~cob@pc-csa01.science.uva.nl 1182740683 M * Bertl yep 1182740698 M * Bertl but a serial one is sufficient for debian 1182741011 J * Johnnie ~jdlewis@c-67-163-246-136.hsd1.pa.comcast.net 1182741514 Q * Johnnie Ping timeout: 480 seconds 1182742062 J * Johnnie ~jdlewis@c-67-163-246-136.hsd1.pa.comcast.net 1182742201 Q * Wonka Remote host closed the connection 1182742502 J * Wonka produziert@chaos.in-kiel.de 1182742906 M * Bertl okay, off to bed now .. have a good one everyone! 1182742912 N * Bertl Bertl_zZ 1182746517 J * meandtheshell ~markus@85.127.102.3 1182748186 J * lylix ~eric@dynamic-acs-24-154-33-109.zoominternet.net 1182748616 M * slack101 is /dev the same on all guest ? 1182748634 M * slack101 like is it set in the kerrnel exaclty which stuff they have access too ? 1182748823 M * coderanger /dev isn't managed by the kernel 1182748891 M * slack101 sorry 1182748895 M * slack101 wrong use of words 1182748908 M * lylix what you see is what they get... 1182748924 M * slack101 i was jus curious 1182748935 M * slack101 how hte /dev is made 1182748948 M * slack101 i know how its made but who / what decides what hardware to include 1182748963 M * lylix there is a minimalist tarball around that is generally all that is needed... 1182748982 M * slack101 i use skeleton mode 1182748988 M * slack101 so it gets created 1182748997 M * slack101 so it only has access to certain parts of the kerrnel but yea 1182749007 M * lylix http://mirrors.sandino.net/vserver/images/dev.tar.gz 1182749036 M * lylix idk, dont use skeleton, but it prob sets the mins 1182749042 M * slack101 well it was a stupid question 1182749050 M * slack101 why not use skeleton mode ? 1182749068 M * lylix i dont use util-vserver ;) 1182749104 M * slack101 oooooo 1182749116 M * slack101 so you dont have vserver-stat or nothing ? 1182749124 M * lylix nope 1182749641 M * slack101 lylix: how do you keep track and know and see what vservers you are running ? 1182749893 M * lylix there are other tools w/ the software we're using 1182750113 M * lylix but i usually write shell wrappers to get the info i want, ie. vls = vserver-stat 1182750156 M * lylix w/ ability to sort wach column, ie. by rss usage, xis, et. al 1182750165 M * lylix xis=>xid 1182750367 M * slack101 lylix: why not jsut use vserver-stat ? 1182750448 M * lylix it doesn't exist... ~~~ 1182751022 Q * Johnnie Ping timeout: 480 seconds 1182751175 J * DavidS ~david@p54810930.dip0.t-ipconnect.de 1182751217 N * DavidS DavidS|Vechta 1182751586 J * Johnnie ~jdlewis@c-67-163-246-136.hsd1.pa.comcast.net 1182751650 M * slack101 lylix: its in util vserver i would think 1182751684 M * slack101 also a question i never asked is how is iptables managed in linux vsserver i see it uses isolation 1182751701 M * lylix from the host 1182751706 J * phedny ~mark@ip56538143.direct-adsl.nl 1182752553 M * slack101 lylix: but how are things seperated ? by ip's ? 1182753707 M * lylix yep 1182753808 M * lylix if you want iptables control within the vserver, thats a different beast 1182753839 M * lylix there is a php daemon & shell script client set floating around that handles this 1182753897 M * lylix and supposedly some other kernel level patchset in the works (?) 1182754395 J * ktwilight ~ktwilight@165.197-66-87.adsl-static.isp.belgacom.be 1182754718 J * dna ~naucki@189-235-dsl.kielnet.net 1182754745 Q * ktwilight_ Ping timeout: 480 seconds 1182754757 J * ktwilight_ ~ktwilight@221.68-66-87.adsl-dyn.isp.belgacom.be 1182754809 N * DoberMann_ DoberMann[PullA] 1182755016 Q * ktwilight Ping timeout: 480 seconds 1182756969 Q * ||Cobra|| Remote host closed the connection 1182756975 J * andrew ~andrew@linux3.cc.ntu.edu.tw 1182757027 Q * AndrewLee Quit: leaving 1182757429 J * ||Cobra|| ~cob@pc-csa01.science.uva.nl 1182758246 J * bzed ~bzed@10-205-116-85.dsl.manitu.net 1182758419 M * awk hmm, vserver-copy doesn't work anymore? 1182758436 M * awk it states that /etc/vservers/name.conf doesn't exsist? 1182758938 M * DavidS|Vechta the latter is (very) old legacy stuff ... don't know about -copy though 1182759049 M * awk well i have done the copy by hand 1182759053 M * awk where do I set the context though ? 1182759059 M * awk cant find it in /etc/vservers.... 1182759064 J * AndrewLee ~andrew@flat.iis.sinica.edu.tw 1182759079 Q * andrew Quit: leaving 1182759106 J * AndrewLe1 ~andrew@flat.iis.sinica.edu.tw 1182759110 Q * AndrewLe1 1182759161 M * awk never mind, all working 1182759215 M * DavidS|Vechta echo $UNIQUE_RANDOM > /etc/vservers/$NAME/context # IIRC 1182759525 M * awk 1 last question if you don't mind. 1182759546 M * awk what capabilities needs to be added for within a vserver to have a certain device? 1182759550 M * awk I need /dev/zap in my vserver 1182759566 M * awk it's allready loaded in the host 1182760213 M * awk root@pbx:/# zttool 1182760213 M * awk Unable to open /dev/zap/ctl: No such file or directory 1182760236 M * awk as you can see I can view the modules with lsmod but I need that /dev/zap/* to be passed to the vserver 1182760430 M * DavidS|Vechta awk: just copy them in / mknod them 1182760434 M * DavidS|Vechta (from outside 1182762983 Q * bzed Quit: Leaving 1182763001 J * HeinMueck ~Miranda@host-88-217-199-211.customer.m-online.net 1182763890 M * awk DavidS|Vechta: so add something say to rc.local on the host? so as to have them in on each reboot 1182764184 M * awk DavidS|Vechta: how would a symbolic work? 1182764189 J * pmenier ~pmenier@LNeuilly-152-22-72-5.w193-251.abo.wanadoo.fr 1182764300 M * awk root@pbx:/# zttool 1182764301 M * awk Unable to open /dev/zap/ctl: Too many levels of symbolic links 1182764304 M * awk that doesn't work... 1182764421 M * lylix symbolic wouldnt work, in the chroot it would just point to itself :) 1182764433 M * awk ye I see 1182764440 M * DavidS|Vechta you can add hook scripts into the vserver config ... read the flower page for details 1182764462 M * lylix do as DavidS says, make the device nodes 1182764480 N * DavidS|Vechta Simo1 1182764491 N * Simo1 DavidS|Vechta 1182764492 M * DavidS|Vechta ;) 1182764562 M * awk mkdir -p /dev/zap && mknod /dev/zap/ctl c 196 0 && mknod /dev/zap/timer c 196 253 &&mknod /dev/zap/channel c 196 254 && mknod /dev/zap/pseudo c 196 255 1182764565 M * awk that seems to do the job 1182764567 M * lylix not sure why you want to mess w/ init/script/hooks... ince they're there, they are persistent 1182764575 M * lylix ince=once 1182764578 M * awk so i'll just add that to an rc script from within the vserver 1182764615 M * awk least now I can read the zap channels, etc 1182764641 M * lylix wont work in an rc script 1182764680 M * lylix mknod does work unless you give the vserver the right caps... and as mentioned, no need... unless you are purposely wiping the nodes on halt 1182764689 M * lylix does=doesnt... its late :/ 1182764707 M * awk lylix I have allready gave it mkdir caps 1182764716 M * awk err mknod, as I stated earlier its all working.. thanks 1182764722 M * lylix still dont see the point :/ 1182764736 M * lylix your doing alot of extra that isnt required, heh 1182764753 M * awk lylix so how do I get the devices in /dev/zap in your opinion? 1182764785 M * awk everything is scripted now, so its no extra work anymore. 1182764790 M * lylix add them to the /vserver/$NAME/dev/zap/ directory from the host... 1182764800 M * lylix do it once and its done, no need to redo 1182764808 M * awk lylix oh 1182764809 M * lylix trust me, ive done it 1000X 1182764810 M * awk let me try 1182764820 M * lylix ++ 1182764824 M * awk but if done from within the vserver its allready there 1182764831 M * awk so I can just now remove the caps mknod ? 1182764835 M * lylix why give it the caps though... 1182764837 J * chand ~chand@212.99.51.254 1182764885 M * awk you miss what I said,I said so I can remove the caps now? 1182764893 M * lylix unless you have complete control of the vserver, thats dangerous 1182764896 M * lylix yes 1182764926 M * awk great, let me remove it 1182765099 M * lylix same concept works for other apps... ie hylafax, et. al. 1182765138 M * DavidS|Vechta yeah, malicious vservers with CAP_MKNOD can break your system 1182765166 M * DavidS|Vechta e.g. mknod hda && cat /dev/zero > hda 1182765176 M * DavidS|Vechta or read /dev/kmem 1182765244 M * awk what do you mean by malicious vservers? 1182765269 M * DavidS|Vechta awk: clients, crackers, script kiddies 1182765291 M * DavidS|Vechta not necessarily in that order 1182765309 M * awk ahh but nobody has access to the vserver except me 1182765327 M * awk but I guess 1 less piece of control over the system is all that much better if it does get ./0dayed 1182765454 M * DavidS|Vechta you got the right there 1182766793 J * cedric ~cedric@80.70.39.67 1182766894 M * eSa| do some has util-vserver0.30.213 compiled for etch i386? 1182767075 Q * AndrewLee Ping timeout: 480 seconds 1182767187 J * AndrewLee ~andrew@flat.iis.sinica.edu.tw 1182768047 M * eSa| I've found one here which seems up-to-date 1182768049 M * eSa| http://www.zbla.net/debian/ 1182768643 Q * eSa| Ping timeout: 480 seconds 1182768874 N * pmenier pmenier_off 1182770109 J * ktwilight ~ktwilight@36.220-66-87.adsl-static.isp.belgacom.be 1182770171 J * bonsaikitten dreeevil@dev.gentooexperimental.org 1182770179 M * bonsaikitten hey people ... it's me again :-) 1182770188 M * bonsaikitten got a really weird issue now 1182770213 N * Bertl_zZ Bertl 1182770215 M * bonsaikitten within the vserver sshd accepts one connection, then falls into a coma. Also sudo hangs 1182770217 M * Bertl morning folks! 1182770240 M * bonsaikitten I'm not sure, but I assume it's a lack of usable /dev/pty devices 1182770245 M * bonsaikitten Bertl: good morning! 1182770248 M * Bertl bonsaikitten: probably exhausted entropy pool :) 1182770288 M * bonsaikitten no, it connects, but then hangs with "Entering interactive session" 1182770348 M * Bertl well, do you have a problem to start screen on the host? 1182770356 M * bonsaikitten the host works well 1182770371 M * bonsaikitten I can even enter the vservers from the host without problems 1182770396 M * Bertl with enter, but not ssh I presume? 1182770401 M * bonsaikitten screen as root within the vserver works also 1182770413 M * bonsaikitten yes, vserver foo enter, that works 1182770415 M * Bertl then it cannot be the ptys 1182770425 M * Bertl because screen will allocate one 1182770444 M * bonsaikitten ok, so why do ssh and sudo fail? :-) 1182770447 M * Bertl check 'cat /proc/sys/kernel/random/entropy_avail' on the host 1182770462 M * bonsaikitten 604 1182770469 M * Bertl not very much :) 1182770492 M * bonsaikitten should be enough for one ssh session!? ;-) 1182770495 M * Bertl wait until it reaches 1200+ 1182770516 Q * ktwilight_ Ping timeout: 480 seconds 1182770548 J * lilalinux__ ~plasma@dslb-084-059-028-208.pools.arcor-ip.net 1182770549 M * bonsaikitten that might take some time 1182770558 M * bonsaikitten seems to be oscillating between 400 and 700 1182770579 M * Bertl see, something is using up your entropy 1182770584 J * ktwilight_ ~ktwilight@246.220-66-87.adsl-static.isp.belgacom.be 1182770596 M * Bertl probably an sshd key generation or so 1182770622 M * Bertl get a good entropy source to add ... 1182770630 M * bonsaikitten also weird ... load seems to go up continuously 1182770650 M * Bertl because more and more processes get stuck waiting for entropy 1182770667 M * Bertl did you create a number of guests recently? 1182770674 M * bonsaikitten I added two or three 1182770680 M * Bertl debian? 1182770683 M * bonsaikitten ah, found the bugger ... cron goes crazy 1182770685 M * bonsaikitten no, all gentoo 1182770711 M * Bertl with sshd each, I presume? 1182770753 Q * ktwilight Ping timeout: 480 seconds 1182770753 M * bonsaikitten yes 1182770754 M * sid3windr hehe 1182770769 M * Bertl you might consider increasing the pool size before you do entropy intensive stuff 1182770770 M * sid3windr the idea of using the motion sensors in thinkpads is really cool 1182770779 M * sid3windr "please shake your laptop to generate your ssh key" 1182770791 M * Bertl (especially on servers which have no good entropy source) 1182770792 M * bonsaikitten sid3windr: that might be difficult with a rackmounted server 1182770798 M * sid3windr etch-a-sketch style ;) 1182770807 M * bonsaikitten "please trigger an earthquake for key generation" 1182770808 M * sid3windr "please kick over the rack" 1182770819 M * sid3windr "keep removing floortiles until collapse" 1182770842 M * Bertl what works quite nicely for servers is to attach a microphone :) 1182770851 M * bonsaikitten hmmm, entropy gets depleted quite fast 1182770853 J * Piet hiddenserv@tor.noreply.org 1182770863 M * Bertl the noise in rack rooms are a good entropy source :) 1182770877 M * Bertl s/are/is/ 1182770889 M * Bertl bonsaikitten: vps | grep key 1182770906 J * lilalinux ~plasma@dslb-084-058-245-221.pools.arcor-ip.net 1182770915 M * bonsaikitten Bertl: nothing 1182770921 Q * lilalinux_ Ping timeout: 480 seconds 1182770943 M * Bertl bonsaikitten: hmm, maybe you have something else draining entropy? 1182770958 M * Bertl bonsaikitten: like a copy/dd from /dev/random? 1182770970 M * bonsaikitten unlikely 1182770995 M * Bertl ipsec or vpn? 1182771010 M * bonsaikitten possibly vpn 1182771028 M * sid3windr Bertl: extra entropy when a raid array is failing! beep.. beep.. beep.. :) 1182771063 M * Bertl actually the beep has less entropy than the white noise :) 1182771071 M * sid3windr yesh 1182771080 M * sid3windr but beep+varying noise ! 1182771081 M * sid3windr =) 1182771082 M * sid3windr hehe 1182771111 M * Bertl :) 1182771112 M * DavidS|Vechta good point with the microphone .. I always wondered, why all those server machines have on board sound :) 1182771127 M * Bertl yeah, it's aprefect match :) 1182771129 M * DavidS|Vechta i guess one then needs egd or so? 1182771153 M * Bertl for most sound systems, yes 1182771162 M * DavidS|Vechta that'd be a nifty gadget: microphone integrated into the plug :) 1182771197 M * Bertl not hard to do, costs you about 2 EUR :) 1182771201 J * rgl ~Rui@84.90.10.107 1182771203 M * rgl hello 1182771208 M * Bertl welcome rgl! 1182771225 Q * lilalinux__ Ping timeout: 480 seconds 1182771225 M * rgl hi :) 1182771246 P * DavidS|Vechta 1182771257 M * rgl have you guys built the server using ubuntu/debian make-kpkg to produce .deb files? 1182771262 J * DavidS|Vechta ~david@p54810930.dip0.t-ipconnect.de 1182771272 M * DavidS|Vechta damn ^W 1182771279 M * Bertl rgl: hmm? 1182771295 M * bonsaikitten Bertl: hmmm, I wonder ... I can ssh to the host, but not the vserver. Thus unlikely that it's only entropy related ... 1182771296 M * rgl errr, s,server,kernel 1182771367 M * Bertl bonsaikitten: try to chroot into a guest and start the sshd there (for the guest) then see if it works better ... 1182771378 M * bonsaikitten Bertl: no, that does not help 1182771396 M * rgl Bertl, I'm fuzzing with having the root FS (/) on LVM2 stripped in two disks, but when I build the vanilla kernel, it fails to boot unless I supply a initrd, which seems to do some vudu to make it work. so, I'll want to also create an initrd for this vanilla+vserver kernel :D 1182771400 M * Bertl bonsaikitten: then it is not Linux-VServer related either :) 1182771408 M * bonsaikitten :-( 1182771413 M * bonsaikitten well, thanks for the support 1182771422 M * Bertl bonsaikitten: you're welcome! 1182771426 M * bonsaikitten I'll have to figure out what's wrong on my own :-) 1182771466 M * Bertl rgl: doesn't your distro provide 'mkinitrd' or 'mkinitramfs'? 1182771491 M * Bertl bonsaikitten: I would definitely check where the entropy is bein used up .) 1182771517 M * sid3windr DavidS|Vechta: you have server machines with onboard sound? 1182771518 M * rgl Bertl, *shrug* but oh, there is http://linux-vserver.org/Installation_on_Ubuntu which is using mkinitramfs :) 1182771556 M * sid3windr hmm, yesh - usb plug with sound2usb with built-in microphone, 2x1x0.5cm entropy generator 1182771826 M * Bertl well, a really good source ca be built with a fire detector and a web cam :) 1182771834 M * Bertl *can 1182771837 M * rgl Bertl, oh so sweet, it worked. thx for putting up with my lameness ;-) 1182771847 M * Bertl rgl: np 1182771865 M * sid3windr a fire detector? 1182771940 M * Bertl yeah, well, US fire detectors have a small radiation source 1182772003 M * DavidS|Vechta sid3windr: 00:1b.0 Audio device: Intel Corporation 82801H (ICH8 Family) HD Audio Controller (rev 02) 1182772025 M * DavidS|Vechta which, i have to admit, is a custom built "server" 1182772058 M * DavidS|Vechta all my mini-ITX i use as firewalls also have on-board sound too, though i'd hardly call _them_ servers ;) 1182772063 M * sid3windr :) 1182772069 M * sid3windr mini itx are rather all-purpose ;) 1182772084 M * DavidS|Vechta but, missing hdd activity, they really need more entrop y:) 1182772109 M * sid3windr hmm 1182772116 M * sid3windr mine don't seem to have trouble with that 1182772123 M * sid3windr don't they get entropy from network traffic? 1182772148 M * DavidS|Vechta i checked (didn't look for a long time) and after adding the hw-rng it looks quite good: http://www.edv-bus.at/munin/edv-bus.at/fw-schmidg.edv-bus.at-entropy.html 1182772179 M * DavidS|Vechta it does depend on the machine though: http://www.edv-bus.at/munin/mariatreu.at/fw-maria.mariatreu.at-entropy.html 1182772192 M * DavidS|Vechta (both the same hw and basic config) 1182772202 M * rgl humm, whats the advised user program do use? util-vserver or vserver-utils? :D 1182772230 J * ema ~ema@rtfm.galliera.it 1182772409 Q * ema 1182772438 M * bonsaikitten aha, I think I have narrowed it down 1182772446 M * DavidS|Vechta rgl: util-vserver 1182772469 M * bonsaikitten looks like /dev/pts has bad permissions, can run screen as root, but not as normal user 1182772471 M * rgl DavidS|Vechta, thx. you known if there is a ubuntu package for it? 1182772541 M * Loki|muh wasn't there a command line switch to enable debugging output to vserver xy start? 1182772545 J * dna_ ~naucki@86-218-dsl.kielnet.net 1182772556 M * DavidS|Vechta rgl: no idea 1182772556 M * Bertl Loki|muh: --debug ? 1182772561 M * rgl DavidS|Vechta, oh there is. nm :) 1182772751 M * Loki|muh Bertl: oops, sorry, thank you 1182772784 M * Bertl Loki|muh: np 1182772953 Q * dna Ping timeout: 480 seconds 1182774316 M * rgl gag.. util-vserver segfaults :( 1182774384 J * gerrit gerrit@host661461325d.prpl.res.tor.fcibroadband.com 1182774441 J * ema ~ema@rtfm.galliera.it 1182775090 Q * gerrit Ping timeout: 480 seconds 1182775195 M * rgl btb. later guys. 1182775196 P * rgl Leaving 1182776166 N * dna_ dna 1182776566 Q * HeinMueck Ping timeout: 480 seconds 1182776820 M * bonsaikitten hah, I fix0r! 1182776832 M * bonsaikitten it was a hanging metalog that blocked a few things 1182776839 M * bonsaikitten using syslog-ng ssh works again 1182776848 A * bonsaikitten headdesks 1182776863 M * Bertl m4s70r fix0r0r! :) 1182776869 M * bonsaikitten y0 1182776880 M * bonsaikitten well, you learn something new every day ... 1182776888 M * Bertl yep, my words ... 1182776900 J * gerrit ~gerrit@fw54.torolab.ibm.com 1182776948 M * bonsaikitten silly power failure has cost me ~8h to fix everything 1182776955 M * bonsaikitten that'll teach me to test more :-) 1182777010 M * Bertl derjohn: ping? 1182777126 M * derjohn Bertl, hello ! 1182777183 N * pmenier_off pmenier 1182777218 M * Bertl derjohn: hey, I have a patch for the diskio accounting (almost) ready 1182777268 M * derjohn Bertl, an own one? or adapted the atop ! 1182777288 M * Bertl well, a vserver patch based on the aatop accounting 1182777368 Q * dna Ping timeout: 480 seconds 1182777405 M * bonsaikitten that sounds wicked 1182777483 M * Bertl derjohn: http://vserver.13thfloor.at/Experimental/delta-ioacc-feat01.diff 1182777508 M * Bertl (needs some decent testing on a real world scenario) 1182777509 M * derjohn fine, I had a look into atop itself and saw that it doesnt apply to a vserver prepatched kernel. ( In sched etc.), did you simply make that fit? Or did you change more? Can I use atop userspace ? where can I find that patch? 1182777515 M * derjohn race ... 1182777529 M * derjohn ah, you called it a new vserver feature :) 1182777530 M * Bertl you don't need any userspace 1182777539 M * derjohn even better. 1182777550 M * Bertl i.e. the values (per guest) will show up in proc for now 1182777559 M * derjohn it should work an all $arch? I'll try on amd64 first. 1182777574 M * Bertl yep, as usual, we support all archs :) 1182777578 J * dna ~naucki@86-218-dsl.kielnet.net 1182777592 M * DavidS|Vechta "support"? *g* 1182777627 M * Bertl well, "support" hear means: we code for all archs and with all archs in mind :) 1182777632 M * Bertl *here 1182777651 M * DavidS|Vechta good :) 1182777675 M * Bertl contrary to other projects (Xen, OVZ, ...) which only "support" a few archs :) 1182778321 Q * bonsaikitten Quit: thanks and bye-bye! 1182778540 M * meandtheshell Bertl: and that is good because 1182778540 M * meandtheshell Specialization is for Insects. 1182778540 M * meandtheshell -- Robert A. Heinlein 1182778545 M * meandtheshell ;-] 1182778675 M * Bertl lol 1182779166 Q * Aiken Quit: Leaving 1182779853 Q * sladen Ping timeout: 480 seconds 1182779886 J * sladen paul@starsky.19inch.net 1182780223 J * HeinMueck ~Miranda@host-88-217-199-211.customer.m-online.net 1182781469 M * Bertl nap attack ... back later ... 1182781478 N * Bertl Bertl_zZ 1182781543 Q * HeinMueck Quit: Aah! 1182781552 J * HeinMueck ~Miranda@host-88-217-199-211.customer.m-online.net 1182782211 Q * arachnist Quit: bbl 1182783462 M * jkl good morning everyone 1182783500 M * jkl does anyone know how to increase the size of /tmp within a vserver w/o restarting? 1182783536 M * daniel_hozac vnamespace -e guest mount -n -o remount,size=32m /vservers//tmp or something like that. 1182783759 A * ard has 2 versions: 1182783769 Q * pmenier Read error: Connection reset by peer 1182783770 M * ard either: vnamespace --enter vactest mount -t tmpfs -o remount,size=512m,mode=1777 none tmp 1182783776 M * jkl mount: can't find /tmp in /etc/fstab or /etc/mtab :( 1182783784 M * ard morfoh: vnamespace --enter vacacc chroot ./ mount -o remount,size=512m /tmp 1182783799 M * ard both in /var/lib/vservsers/ 1182783825 M * jkl ah, thanks let me try those. 1182783827 M * ard the latter wil use the /etc/mtab of the vserver 1182783836 M * ard the first will assume you know everything 1182783865 J * ninou ~sylvain_f@bredele.imag.fr 1182783872 M * ard so, it's what daniel_hozac said+ "-t tmpfs" and a bogus device "none" 1182783873 M * ninou hi 1182783879 M * ard hi\ 1182783936 M * jkl ard: first one completed w/o error, but tmp is still mounted as having only 32m 1182783945 M * ninou why have i to put the host + the guest in /etc/exports for NFS when i just want to mount in the guest only ? 1182783963 M * daniel_hozac jkl: df says that? 1182783971 M * daniel_hozac ninou: are you using fstab.remote? 1182783976 M * ninou yes 1182784003 M * jkl ard: ha, the second command you gave me now shows this in 'mount' 1182784005 M * jkl none on /tmp type tmpfs (rw,size=32m,mode=1777,size=128m) 1182784028 M * jkl daniel_hozac: I'm checking mount 1182784031 M * ninou but if i not put host in exports, when starting the vserver, it returns '/etc/vservers/scm-timc/fstab.remote:5:1: failed to mount fstab-entry' 1182784171 J * DavidS ~david@p548103A2.dip0.t-ipconnect.de 1182784353 M * daniel_hozac jkl: mount lies. 1182784382 M * daniel_hozac jkl: use df or cat /proc/mounts to get a view of the real world... 1182784598 Q * DavidS|Vechta Ping timeout: 480 seconds 1182784894 J * jesusch ~jesusch@bjoern.schiebtsich.net 1182785467 J * stefani ~stefani@flute.radonc.washington.edu 1182785514 J * tanjix ~tanjix@office.star-hosting.de 1182785527 M * tanjix vps023:~# chcontext --xid 49152 kill -9 2929 1182785528 M * tanjix vcontext: vc_ctx_migrate(): Invalid argument 1182785536 M * tanjix what is wrong here` 1182786224 M * jkl daniel_hozac: yep, you're right. df reports the size correctly. thanks! 1182786329 Q * ninou Quit: Chatzilla 0.9.67+ [Iceape 1.0.9/2007051000] 1182787165 J * arachnist ~arachnist@088156185052.who.vectranet.pl 1182787356 Q * ensc Ping timeout: 480 seconds 1182787710 Q * HeinMueck Quit: Aah! 1182787990 J * bonbons ~bonbons@ppp-110-252.adsl.restena.lu 1182788072 J * bzed ~bzed@dslb-084-059-098-045.pools.arcor-ip.net 1182788438 N * DavidS DavidS|Vechta 1182788448 J * ensc ~irc-ensc@p54B4D56E.dip.t-dialin.net 1182788960 J * click_ click@ti511110a080-0461.bb.online.no 1182789060 Q * click Ping timeout: 480 seconds 1182789710 J * click click@ti511110a080-5534.bb.online.no 1182789815 Q * click_ Ping timeout: 480 seconds 1182790318 M * jesusch bonbons: hi 1182790337 M * bonbons jesusch: hi 1182790338 M * jesusch I just have a general question 1182790344 M * bonbons go ahead 1182790361 M * jesusch why aren't your IPv6 patches in the main-branch of vserver? 1182790511 Q * chand Ping timeout: 480 seconds 1182790544 M * bonbons there are plans to get them into 2.3 series of patches, but nobody pushed enough to make Bertl think about including them earlier 1182790633 M * jesusch :/ 1182790642 M * jesusch bonbons: thnx for the info 1182790690 M * bonbons those using it don't care that much about one patch more or less, there are so many patches for their kernels anyhow 1182790731 M * jesusch bonbons: I'm using debian stock kernel and I will stick to it 1182790779 M * bonbons isn't the ipv6 patch included in the debian vserver kernel? (at least the one that derjohn maintains) 1182790802 M * jesusch bonbons: but it would have been great if that patch would have been included before 2.6.18 :( 1182790821 M * jesusch bonbons: to be honest I don't know 1182790846 M * jesusch haven't tried it (as I thought I would need a extra kernel) 1182790857 M * jesusch is there any way to check? 1182790907 M * derjohn bonbons, I am in no way an official DD. The -vserver kernel flavor is maintained by waldi. It does not include the vp patch. basically ist a 2.2.0rc9 what is in the etch kernel. 1182790929 Q * cedric Quit: cedric 1182790964 M * bonbons hm, that's already old ;) 1182790981 M * derjohn jesusch, on linux-vserver.derjohn.de you find a debian repo with my kernels. check blog.derjohn.de for further infos if interested. I worte some snips about the kernel. 1182790988 M * bonbons but I don't look that much at distro kernels, building vanilla+patches anyhow 1182791028 M * derjohn bonbons, yes I build from vanilla, too. Debian lacks e.g. several blob firmware (Tigen cards etc.) for copyright doubts. 1182791052 M * bonbons always optimize the kernel config for my setup (not compiling all those unneeded drivers, building in what I need to mount the / filesystem as I dislike initrds) 1182791079 M * derjohn jesusch, no, there is no ipv6 patch for vserver in debian. Also no capabilty masking. Take my kernel as a drop-in replacement for debian etch. 1182791127 M * jesusch derjohn: thnx for the info - I'm starting to read :) 1182791138 M * derjohn bonbons, funny, I build as much modular as possible, so i dont have to compile the kernel more than once. at least after you manage some dozem machines, you'll begin to like it ;) 1182791274 M * daniel_hozac jesusch: Debian is using 2.0 anyway. it would never have been merged there. 1182791308 M * derjohn jesusch, ok, thx. give my blog a link, if you run a blog or a site ;) YOu can also grab the sources and build the kernel of even the dpatch set an patch the vanilla tree yourself. 1182791309 M * bonbons that depends, for the number of kernel I compile that's not an issue anyhow, ontime config that gets adjusted at each kernel upgrade with make oldconfig 1182791313 Q * ema Quit: leaving 1182791325 M * bonbons and for similar/identical machines the configs are reused 1182791349 M * derjohn daniel_hozac, did you tell me debian uses 2.2.0rc9 ? I didnt check changelogs myself (as I only rarely use the etch kernels) 1182791361 M * daniel_hozac derjohn: 2.0.2.2-rc9. 1182791384 M * derjohn ah ;(, because above you wrote: 2.0 , not 2.2.0 .... 1182791397 M * derjohn oh 1182791407 A * derjohn rubs his eyes ... 1182791428 M * derjohn ey, 2.0.2 .. thats long ago ... 1182791855 J * click_ click@ti511110a080-5717.bb.online.no 1182791970 Q * click Ping timeout: 480 seconds 1182792338 N * Bertl_zZ Bertl 1182792342 M * Bertl back now ... 1182792366 M * daniel_hozac morning Bertl! 1182792418 J * marcfiu ~mef@aegis.CS.Princeton.EDU 1182792426 M * Bertl wb marcfiu! 1182792561 M * derjohn jesusch, you might also check the PDF/article i wrote about vserver if you want to know about capabilties (I think you can read german language) 1182792831 M * Bertl derjohn: modularity can also cost you quite some performance 1182792870 M * Bertl i.e. a 30-50% speedup (kernel side) is not that unusual, if you compare a mostly monolithic and optimized kernel to a distro kernel :) 1182792875 M * derjohn Bertl, example? (except maybe things like "number of cpu") 1182792896 M * Bertl ah, not just CPU stuff, think bridge and raw tables for example 1182792913 M * Bertl if you don't use them, the hooks are just slowing you down 1182792929 M * derjohn really? incredible! I thought a loaded module vs a statically compiled in should not make much difference after it's loaded. 1182792931 M * Bertl (not to speak of cache misses for much bigger structures) 1182792954 M * Bertl no, it's like this: 1182792960 M * derjohn why should there be more cache misses with a module that is loaded ? 1182792963 M * Bertl modular: A -> B 1182792982 M * Bertl is actually A->stub->B 1182793000 M * Bertl while monolithic makes it a direct call 1182793023 M * Bertl the stub often has cache indirections, where directly compiled in code is often inlined 1182793037 M * derjohn that means, I can accelerate by boxes by 30% on system level (e.g. nertwork io, maybe disk io ...) if I build monolitic kernels ? 1182793041 M * Bertl that aside, if you don't use the code, the stub is just dead code 1182793081 M * Bertl yep, kernel side operations (not the disk or network I/O itself, but the kernel processing required) can gain 30-50% 1182793107 M * Bertl and regarding the cache misses, it's quite simple: 1182793128 M * Bertl just think struct wossname 1182793134 M * derjohn well, the disk example is not very good as the controllers itself are the bottleneck ... 1182793155 M * Bertl if it needs to hold data for ipv4, ipv6, etc ... you need more space 1182793174 M * Bertl OTOH, if you say, ipv4 it is. period. only that space will be used up 1182793199 M * Bertl note: the space in struct wossname will have the ipv6 data even if the ipv6 module is not loaded :) 1182793299 M * derjohn Bertl, ok, thx. I havo leave now, see you l8ter ! 1182793313 M * Bertl cya 1182793362 N * DoberMann[PullA] DoberMann 1182793568 Q * click_ Ping timeout: 480 seconds 1182793932 Q * slack101 Read error: Connection reset by peer 1182793963 J * slack101 ~Administr@cpe-71-74-77-84.insight.res.rr.com 1182793972 M * slack101 ey 1182793975 M * slack101 anyone up :P 1182794001 M * Bertl nope, everybody is sleeping ... 1182794008 J * HeinMueck ~Miranda@dslb-088-065-042-032.pools.arcor-ip.net 1182794011 M * slack101 i wonder if its possible to ever let customers see the actual start up 1182794042 M * slack101 or is that kind of pointl;ess hmmm 1182794043 M * Bertl if you use sysv init stryle, sure, why not 1182794067 M * Bertl even with playin init style you could do that, but it's a little trickier 1182794068 M * slack101 im saying some how give them a remote console ;) 1182794073 M * slack101 so they could change distros 1182794082 M * daniel_hozac uh, in the guest? 1182794087 M * Bertl that is simpler done via a web frontend 1182794087 M * slack101 yes 1182794095 M * slack101 yea i know 1182794105 M * slack101 but having that would give the real features of a real server kinda 1182794114 M * daniel_hozac you realize you can't use _any_ installers inside a guest, right? 1182794127 M * Bertl slack101: if you want a real server, you buy a real one :) 1182794179 M * Bertl slack101: we could, for example, delay a guest startup by 60 seconds or so, so that it looks more real :) 1182794201 M * slack101 well no its just gicing the customer more full control 1182794221 M * slack101 maybe give them ftp access to that directory 1182794221 M * Bertl no, a read only console log gives no real control 1182794222 M * slack101 ;) 1182794241 M * slack101 so they could change anything they wanted too 1182794241 M * Bertl ftp access is something worth considering 1182794261 M * slack101 so when the vserver is off they could change anytning 1182794265 M * Bertl even allowing to 'upload' your own guest template could be interesting 1182794288 M * slack101 hmm i will do this 1182794291 M * slack101 sftp of course 1182794300 M * slack101 or FTPS 1182794318 M * slack101 also is iptales rules per guest os supported yet ? 1182794335 M * Bertl if you configure them on the host, yes 1182794361 M * Bertl inside the guest, you are not allowed to manipulate the tables 1182794457 M * slack101 i mena is there ever gonna be a way to change iptables inside of the guest Bertl 1182794501 M * Bertl we had a few attempts on that, but it seems it fell into the low interest category like the quota stuff 1182794512 M * slack101 quota ? 1182794526 M * slack101 quota's for what ? 1182794527 M * Bertl shared user/group quota 1182794564 M * slack101 theres still individual quota for each vserver correct ? 1182794594 M * Bertl disk limits on shared filesystems and user/group quota on separate filesystems 1182794632 M * slack101 ah 1182794634 M * slack101 well 1182794639 M * slack101 whats high on the list ? 1182794653 M * Bertl ipv6 1182794661 M * slack101 is that done yet :P ? 1182794668 M * Bertl yep, basically 1182794681 M * slack101 i understand ipv6 is just an add on to the regular ip system now correct ? 1182794703 M * Bertl well, no, ipv6 is the second? generation ip after ipv4 :) 1182794709 M * slack101 btw what is the mac address of each vserver ? 1182794713 M * daniel_hozac sixth generation, obviously. :) 1182794721 M * slack101 ah' 1182794725 M * Bertl daniel_hozac: ah, no, actually not :) 1182794733 M * slack101 does each vserver have a different mac or no ? 1182794740 M * tanjix vps023:~# chcontext --xid 49152 kill -9 2929 1182794741 M * tanjix vcontext: vc_ctx_migrate(): Invalid argument 1182794742 M * Bertl daniel_hozac: ipv5 was already taken for something else, IIRC :) 1182794743 M * tanjix what is wrong here` 1182794755 M * daniel_hozac tanjix: is 49152 running? 1182794757 M * Bertl tanjix: the dynamic xid 1182794765 M * tanjix daniel_hozac: yes,it is 1182794776 M * Bertl slack101: no, only the host has MACs 1182794800 M * slack101 so everyone uses the same MAC ? 1182794803 M * tanjix i have some processes under this context 1182794808 M * tanjix hoe can i kill them? 1182794903 M * daniel_hozac tanjix: vkill? 1182795005 M * Bertl slack101: no, hopefully other machines use different MACs :) 1182795009 M * slack101 how could that work if every ip uses the same MAC address 1182795030 M * Bertl MAC is layer 2, IP is layer 3 1182795039 M * slack101 what if one ip gets banned via mac address from some service now everyone is blocked ? 1182795049 M * slack101 on that mac 1182795064 M * Bertl such a banning would not make sense 1182795085 M * Bertl slack101: note on a router, every IP passing through has the same (the router's) mac :) 1182795108 M * Bertl slack101: and the MAC changes every hop too :) 1182795131 M * slack101 every hop ? 1182795142 M * Bertl yep :) 1182795147 M * slack101 so whats the purpose of a mac address then just for the ISP ? 1182795165 M * Bertl the mac address is the 'physical' identifier for your network card 1182795203 M * Bertl so that switches and router can send packets to you 1182795237 M * slack101 but lets say a service blocks the mac address connected to it 1182795239 M * Bertl in linux, you can change the MAC quite easily 1182795243 M * slack101 every vserver would become affected ? 1182795251 M * slack101 of every ip ? 1182795259 M * slack101 or just per neetwork card 1182795265 M * Bertl yes, if you lose layer 2 connectivity, all your servers are unreachable 1182795282 M * Bertl very similar to the case when your upstream router stops working :) 1182795306 M * Bertl (or when you pull the ethernet cable :) 1182795378 M * slack101 lol 1182795526 M * slack101 so its impossible for each user to have a different mac 1182795540 M * Bertl no, just a little more complicated 1182795578 M * Bertl one option is to have a network card per guest :) 1182795625 M * slack101 Bertl: your kidding :P 1182795633 M * slack101 is there any other way ? 1182795640 M * slack101 it would jus make it more like a true vserver 1182795649 M * Bertl true vserver? 1182795839 M * slack101 Bertl: jus play along 1182795842 M * slack101 :P 1182795861 M * slack101 how exactly could each person have thier own Mac without having diff network cards 1182796044 M * Bertl if you add another layer of indirection, making the networking slower, you can put a virtual MAC (like Xen or VMWare do it) on the virtual network card 1182796059 M * Bertl then you can bridge that (adding even more overhead) to your router 1182796162 M * slack101 Bertl: no other options ? :P 1182796175 M * Bertl not really :) 1182796250 M * slack101 so i would have to viertulize it Bertl ? 1182796261 M * bonbons slack101: but what's the advantage of individual mac addresses for each guest? Are the guests LAN-only, as soon as you leave your local LAN (cross a router) the guest's own MAC address is replaced by the one of the last router the packet(s) crossed 1182796563 Q * Hunger Ping timeout: 480 seconds 1182797670 J * Hunger Hunger@Hunger.hu 1182798550 J * _markus__ ~chatzilla@chello213047089232.17.14.vie.surfer.at 1182798555 M * _markus__ hi 1182798636 M * _markus__ Back when I was using chroots inside my server, I had the fine option to easily share files (given that I take care of uid/gids) between my chroots by mounting directories accross the chroots. I'm having trouble doing this with vservers. I usually to mount --bind /source /var/lib/vservers/vserv01/test but when I enter vserv01 and look into /test/ it appears still empty 1182798738 M * Bertl works there too 1182798770 M * Bertl just put it in the guest's fstab, and it will be mounted on startup, or if you want temporary mounts, use vnamespace 1182798780 M * bonbons _markus__: you need to bind-mount before starting the guest (or in the guest's config fstab) 1182798787 M * _markus__ ah .. ok, mom 1182798797 M * Bertl bonbons: won't work with recent tools, they do cleanups :) 1182798841 M * bonbons do they clean everything that is below target root and not in fstab in guest's config? 1182798863 M * Bertl daniel_hozac has the details for what is cleaned up 1182798881 M * _markus__ bonbons: great, works! 1182798970 M * daniel_hozac anything below the guest's root is left alone. 1182798989 M * _markus__ I'm confused now with your comments, Bertl. How can I put a directory to be mounted inside my guests fstab when it is physically outside ... ? 1182798992 M * bonbons that makes sense 1182799022 M * bonbons _markus__: it's the vserver utils that do the mounting, not the guest's init scripts 1182799033 M * _markus__ ah ;) 1182799035 M * Bertl _markus__: the config fstab has different source than destination pathes 1182799173 M * _markus__ Bertl: achso, you mean /etc/vservers/vserv01/fstab ? 1182799179 M * _markus__ (for example) 1182799183 M * daniel_hozac yes. 1182799199 M * _markus__ ok, I now got that. Thanks 1182799287 M * _markus__ I guess when we've the new infrastructure in our company running it's time to donate some money to that ueber-cool project 1182799324 M * _markus__ vservers help me making me more important by drawing even more important network plans with even more vservers ;-) 1182799396 Q * lilalinux Remote host closed the connection 1182799553 M * Bertl _markus__: feel free to do so :) 1182799694 M * _markus__ :) 1182799707 M * _markus__ good night and, as always, many thanks to the quick responses! 1182799713 M * Bertl you're welcome! 1182799826 Q * _markus__ Quit: ChatZilla 0.9.78.1 [Firefox 2.0.0.4/2007051502] 1182799953 Q * Johnnie Quit: G'bye! 1182799962 M * slack101 Bertl: that ftp access thing is a good idea 1182799974 J * Johnnie ~jdlewis@c-67-163-246-136.hsd1.pa.comcast.net 1182800012 M * slack101 a good idea for recovery 1182800050 J * rgl ~Rui@84.90.10.107 1182800053 M * rgl hi 1182800073 A * rgl has is new box on his hands *G* 1182800110 M * slack101 Bertl: so whats the best way to have each vserver be able to setup thier own iptables ? 1182800445 M * slack101 is a web frontend the only way Bertl ? 1182800486 M * daniel_hozac only? no. the PHP scripts lylix mentioned to you earlier should work as well. 1182800536 M * slack101 i didnt see what he said 1182800559 M * daniel_hozac you might want to start reading the responses to your questions then... 1182800572 M * slack101 well 1182800579 M * slack101 php script could clasify as a web frontend 1182800595 Q * meandtheshell Quit: Leaving. 1182800608 M * daniel_hozac that's only because you haven't looked at it, at all. 1182800627 M * slack101 lol 1182800638 M * slack101 not in a good mood huh ? :P 1182800681 M * daniel_hozac well, it's getting rather annoying when you ask the same things, over and over... 1182800691 M * slack101 well i admit i have asked that a few times 1182800692 M * slack101 but 1182800710 M * slack101 i have a bad habit of asking and leaving and not checking 1182800720 M * daniel_hozac so? 1182800725 M * daniel_hozac start checking. 1182800728 M * jkl slack101: how's it going ? 1182800735 M * slack101 still means you shouldnt trsat me like a dog ;) 1182800750 M * slack101 jkl: pretty well ....... 1182800769 M * slack101 i will just finish integrating my iptables front end 1182800783 M * slack101 i am suprised no one has never made a patch for iptables 1182800802 M * daniel_hozac that does what, exactly? virtualizes it? 1182800830 M * slack101 well no 1182800834 M * jkl slack101: yeah, I was surprised to hear you asking about having a separate firewall per vserver 1182800853 M * slack101 huh ? 1182800854 M * slack101 well 1182800867 M * jkl slack101: it would be tedious to maintain that :) my single firewall on the host does a great job 1182800877 M * slack101 i dont think it should have a seperate firewall but something to manage your ip/chain within the guest would be good 1182800888 M * daniel_hozac ... which is what exists. 1182800896 M * slack101 where ? 1182800904 M * daniel_hozac 21:41 < daniel_hozac> only? no. the PHP scripts lylix mentioned to you earlier should work as well. 1182800912 M * daniel_hozac seriously. 1182800914 M * slack101 im sorry i dont have logs atm ;) 1182800922 M * daniel_hozac that's... 7 minutes ago. 1182800925 M * bXi thats about 20 lines up 1182800929 M * slack101 no no 1182800934 M * slack101 what lylix said 1182800948 M * slack101 i heard you about php scripts 1182800950 M * daniel_hozac besides, all the logs are at http://irc.13thfloor.at/LOG/ 1182800954 M * slack101 but where are they is what i was asking ? 1182800989 M * daniel_hozac google virtuatables. 1182801424 M * slack101 hmmm 1182801432 M * slack101 not having very good luck finding them except for logs 1182801453 M * slack101 you would think this would have been implemented into the kerrnel but yea 1182801464 M * daniel_hozac why? it's a userspace feature. 1182801592 M * slack101 you said that in the logs not me ;) 1182801598 M * slack101 i was just agree'ing with you 1182801607 M * slack101 or did your mind change ? 1182801613 M * jkl hehe 1182801655 J * haxier ~haxier@eu85-84-166-67.clientes.euskaltel.es 1182801666 M * Bertl welcome haxier! 1182801667 M * jkl hello haxier! 1182801671 M * haxier hi! 1182801737 M * slack101 also it seems this thing uses some iffy way of doing it 1182801807 M * slack101 change the variable IPTABLES_SERVER_IP to match the IP of your host server. 1182801807 M * slack101 change IPTABLES_SERVER_PORT to match localport defined in virtuatables.php. 1182801833 M * slack101 looks if you put a different ip in the guest one that is not the guest true ip it will still change the iptables 1182801868 M * jkl well that's a neat feature 1182801895 M * slack101 per say your ip is x.x.x.x.5 and the person puts x.x.x.x.6 it will change the other persons iptables ;) 1182801923 M * slack101 seems like my web front end of iptables kills that idea ;) 1182801944 M * jkl slack101: personally, I shudder at the thought of having php scripts mess with iptables ... *especially* if the php script is form based and allows arbitrary user input 1182802002 M * jkl but I'm sure it is perfectly safe ;) 1182802071 M * slack101 it allows the guest to put their own ip in it ;) 1182802079 M * slack101 what was this person thinking 1182802085 M * daniel_hozac i highly doubt that. 1182802101 M * slack101 http://www.virtuaserver.com.br/forum/viewtopic.php?p=215 1182802114 M * slack101 maybe the instructions of the author is lying 1182802142 M * Bertl what do you think you see there? 1182802164 M * slack101 download it 1182802207 M * Bertl file not found 1182802211 M * slack101 i see it says server ip so thier not deciding thier ip but i am more owrried about the daemon 1182802282 M * slack101 it just using netcat to send commands 1182802350 M * slack101 really sounds like an iffy thing 1182802427 M * slack101 would prefer it to be a compiled app also not a shell script where they can clesrly see whats going on 1182802475 M * daniel_hozac why is that? objdump is perfectly capable of showing you what a binary does... 1182802583 M * Bertl security by obfuscation (pending micro$oft patent :) 1182802741 M * slack101 well 1182802749 M * slack101 makes it much much harder then just using a shell script 1182802850 M * daniel_hozac really? i don't think so. 1182802874 M * daniel_hozac even if you assume your users don't know asm, the source is going to be available online. 1182803139 M * Bertl slack101: you can write a small bash obfuscator, which converts any script into binary :) 1182803272 M * slack101 Bertl: good point 1182804583 J * chand ~chand@m167.net81-64-156.noos.fr 1182804662 J * tuxmania ~bonbons@2001:5c0:85e2:0:20b:5dff:fec7:6b33 1182804978 Q * bonbons Ping timeout: 480 seconds 1182805404 J * coderanger_ ~laptop@wireless-118.media.mit.edu 1182805452 M * Bertl wb coderanger_! 1182805507 M * coderanger_ Yo 1182805536 M * coderanger_ Bertl: Something michael was mentioning this morning, is rate-limiting and other such disk magic implemented for jffs2? 1182805586 M * Bertl partially, I still need to have a logner chat with dwmw2 1182805708 M * Bertl but the dlimit interface will be used for disk limits 1182805724 M * Bertl and for the bandwidth limits we still ahve to define an interface 1182805748 M * daniel_hozac network? or disk? 1182805764 M * Bertl actually, nand reflash cycles :) 1182805777 M * daniel_hozac ah, interesting. 1182805807 M * Bertl but it might boil down to disk ops, as jffs2 cannot really separate the nand write per guest 1182805851 M * Bertl that is why I still need to chat with David 1182805869 J * Aiken ~james@ppp121-45-220-241.lns2.bne1.internode.on.net 1182805883 M * Bertl greetings Aiken! 1182805991 M * Aiken hello 1182806017 M * coderanger_ Bertl: Okay, we'll just try to ignore it for now 1182806269 M * Bertl coderanger_: you can test and implement the dlimits with ext3 1182806301 M * slack101 Bertl: how do you control bandwidth ? 1182806345 M * Bertl usually with token buckets 1182806521 M * coderanger_ Bertl: Not really 1182806534 M * coderanger_ Bertl: We are doing basically all of this on an XO 1182806548 M * coderanger_ Bertl: But dealing with dlimits is a fair bit down the path 1182806559 M * Bertl coderanger_: a simple 2GB sdcard will do nicely 1182806590 M * daniel_hozac i usually run my tests on a 100 MiB loopback mount. 1182806688 Q * tuxmania Quit: Leaving 1182807007 M * Bertl dilinger: btw, how is the new git branch called? 1182807059 M * Bertl dilinger: (or which branch contains the vserver patches?) 1182807733 M * neuralis Bertl: http://dev.laptop.org/git?p=olpc-2.6;a=shortlog;h=vserver 1182807744 Q * DavidS|Vechta Quit: Leaving. 1182807795 M * Bertl neuralis: hmm, how do I check that out? 1182807865 M * neuralis git clone git://dev.laptop.org/olpc-2.6 vserver; cd vserver; git checkout origin/vserver; git checkout -b vserver 1182807890 N * DoberMann DoberMann[ZZZzzz] 1182807898 M * neuralis (you'll want to be using git 1.5) 1182807929 M * Bertl grml 1182807942 M * Bertl is 1.4.2 not goot enough :) 1182807947 M * Bertl *good 1182807959 M * Bertl what is the origin/vserver ? 1182807970 M * neuralis so 1.4 pulls in remote branches by default, 1.5 doesn't 1182807982 M * slack101 Bertl: you say you have used debootstrap right or something ? 1182808002 M * neuralis if you're using 1.4, clone and then 'git checkout vserver' should just work 1182808004 M * Bertl neuralis: I have the olpc-2.6 branch here 1182808012 M * slack101 o nevermind you use netboot 1182808027 M * neuralis olpc-2.6 is not a branch, it's a tree 1182808030 M * neuralis vserver is a branch in that tree 1182808034 M * neuralis slack101: what do you need? 1182808035 M * Bertl sorry, tree 1182808035 M * slack101 i am wondering if i make a debootstrap distro on one system will it be ok for another different system 1182808051 M * Bertl neuralis: the problem is, it says it doesn't know a vserver branch? 1182808087 M * neuralis is this after cloning fresh or with an existing tree? 1182808105 M * Bertl existing tree, do I have to clone it from new every time? 1182808114 M * neuralis no, you just need to pull in the new branch 1182808135 M * Bertl isn't 'git fetch' supposed to do that? 1182808145 M * slack101 i have a remote console a network booted distro ....i have access to the server ....but if i do a deboostrap then i think it will make the dev and stuff for this recovery system 1182808158 M * slack101 maybe if i chroot then make it using debootstrap 1182808166 M * neuralis Bertl: it won't pull in new branches by default, afaik 1182808239 M * neuralis try 'git-fetch origin vserver:vserver' 1182808260 A * neuralis profoundly hates whoever designed git's CLI 1182808267 M * Bertl second that! 1182808278 M * Bertl Cannot fetch into the current branch. 1182808291 M * neuralis ugh 1182808302 M * neuralis that exceeds my git expertise, then. dilinger might know more. 1182808327 M * Bertl ah, what the hack, I check it out from scratch 1182808337 M * Bertl will take a few hours though ... 1182808372 M * neuralis hm 1182808381 M * neuralis try 'git-fetch -f origin vserver:vserver' first 1182808421 M * neuralis oh 1182808426 M * neuralis actually, git-fetch might be the wrong way to do it altogether 1182808436 M * neuralis according to the (convoluted) docs 1182808457 M * Bertl forget it, don't spend any time on it ... this part of git really sucks :) 1182808461 M * neuralis yeah 1182808487 M * neuralis there are three poeple in the world who understand git branching. one is linus, and another two are tibetan monks that haven't been seen in over 16 years. 1182808498 M * Bertl lol 1182808535 M * Bertl I would be fine with pasky in my left pocket :) 1182808546 M * neuralis heh, true 1182808854 Q * gerrit Ping timeout: 480 seconds 1182809229 M * slack101 so when you start a vserver it just starts the init correct ? 1182809240 M * slack101 since all the kerrnel stuff is already started 1182809243 M * daniel_hozac depends on the initstyle. 1182809247 M * Bertl if you use the plain init style, yes 1182809255 M * slack101 how does it do it other ways 1182809256 M * slack101 ? 1182809276 M * daniel_hozac it executes the rc script directl. 1182809277 M * daniel_hozac +y 1182809294 M * slack101 i seee 1182809306 M * slack101 so really theres no point for a remote console 1182809313 M * slack101 for guest 1182809329 M * Bertl nope, not really :) 1182809346 M * slack101 and if i offer ftp access as a recovery system i think that will be sweet ? 1182809359 M * slack101 so they can see the errors if it doesnt start 1182809360 M * Bertl could be nice 1182809371 M * slack101 and they can still change a whole distro to thier own custom distro etc 1182809376 P * marcfiu 1182809379 M * slack101 oooo wooo im excited 1182809418 M * slack101 my little recovery ftp thingy + my web interface with iptables + i will use openVCP == i will own the VPS market 1182809445 M * Bertl definitely :) 1182809464 M * slack101 that dude that makes 120 k a month i know his shit sucks compared to this 1182809478 M * slack101 and he got slow connection 1182809479 M * Bertl watch your language :) 1182809481 M * slack101 i got a 100mbit 1182809485 M * slack101 sorry 1182809486 M * slack101 :P 1182809800 Q * dna Quit: Verlassend 1182809976 Q * chand Read error: Connection reset by peer 1182810905 M * slack101 Bertl: might be getting alot of donations soon :P 1182810912 M * Bertl great! 1182810932 M * slack101 i told a bunch of vserver people to donate 1182810951 M * slack101 and i will donate too :P 1182811051 J * _mcp ~hightower@wolk-project.de 1182811055 M * Bertl neuralis: regarding the defconfig, you might want to change to internal tagging, otherwise jffs2 will not me tagged 1182811080 M * Bertl neuralis: and I'm not sure the guest privacy is of any interest to you 1182811150 M * Bertl CONFIG_TAG_NFSD is obviously a leftover ... i.e. we will remove that as it is not present in this branch 1182811259 Q * mcp Read error: Connection reset by peer 1182811509 Q * HeinMueck Quit: Aah! 1182811538 M * rgl omg. I've installed ubuntu, but when it tries to boot from HD nothing happens... can you guys help me out troubleshoot this? 1182811561 M * Bertl in a guest? 1182811570 M * rgl in the host 1182811585 M * Bertl then probably #ubuntu is a better place, no? 1182811599 M * rgl no one answers there :-( 1182811612 M * daniel_hozac maybe you chose the wrong distro? :) 1182811617 M * Bertl rgl: shows how good ubuntu support is :) 1182811644 M * rgl :-( 1182811663 M * Bertl rgl: I can help you with Mandriva :) 1182813226 M * Bertl okay, off to bed now .. have fun! 1182813237 N * Bertl Bertl_zZ 1182813294 M * rgl Bertl_zZ, bye. 1182813299 M * rgl no fun at all... :/ 1182814169 M * slack101 mandriva hasa server distro lol ? 1182814173 M * slack101 as*