1184112187 Q * onox Quit: zZzZ 1184112468 Q * bzed Quit: Leaving 1184112589 M * Bertl sorry, we had a local emergency here, but I'm back now (reading up) 1184112624 M * flea np 1184112689 M * Bertl yes, the mapping sounds reasonable, but it doesn't work for guest-space administration (at least not out of the box) 1184112738 M * Bertl also we have a limited number of tables available to assign to guests (granted, in typical setups those should suffice) 1184112759 M * flea that depends... if you patch the syscalls used by "route" and "ip" to take in consideration that mapping it might 1184112773 M * flea 250 tables at least 1184112797 M * flea a VPS isp may share most of the tables between guests 1184112811 M * Bertl and finally, if we allow to map several guests into the same routing table (for example) we still need to handle isolation between them and more important, direct the packages to that routing table in the first place 1184112833 M * flea but now you can do that with ip route 1184112860 M * Bertl so as I suggested, let's first look at basics 1184112869 M * flea ok... lead me :D 1184112874 M * Bertl i.e. forget about multiple tables for a few minutes 1184112887 M * flea "their gone..." 1184112888 M * flea :D 1184112889 M * Bertl do you have a test guest at hand? 1184112906 M * flea sort of...since it's a guest server i'm workin on for other stuff :S 1184112916 M * flea whats your idea? 1184112922 M * Bertl okay, but you have access to the host there? 1184112926 M * flea yap 1184112950 M * Bertl okay, for a start, compare the output of 'route' and 'ip route ls' between host and guest 1184112972 M * flea they're very close ...can I paste it here? 1184112980 M * flea this is a good example since I have special cases 1184112981 M * Bertl (please use paste.linux-vserver.org for everything longer than 3 lines) 1184112981 M * flea here 1184112990 M * flea ok 1184113061 M * flea check it: 1184113061 M * flea http://paste.linux-vserver.org/4380 1184113065 M * flea thats host side 1184113099 M * flea http://paste.linux-vserver.org/4381 1184113105 M * flea thats guest side 1184113143 M * Bertl no iproute2 inside the guest? :) 1184113163 M * flea nope, already merging 1184113164 M * Bertl okay, what we see is that the interface not related to the guest ip becomes '*' 1184113167 M * flea 2mins 1184113204 M * flea yap also I dont want it to see the public interface 1184113213 M * flea altough they share the same physical iface 1184113221 M * Bertl this is the result from the ip isolation, which includes checks like 'does that interface carry guest ips?' 1184113221 M * flea look here 1184113250 M * flea misslazy log # ip route show table vs2 1184113251 M * flea default via 192.168.1.254 dev eth1 1184113272 M * flea thats the table I'm enforcing to the guest system trough ip filter 1184113297 M * Bertl and that actually works? 1184113312 M * flea yap :D 1184113313 M * Bertl I mean, aren't you missing the route to 192.168.1.254 itself? 1184113314 M * flea no problem 1184113341 M * Bertl so what I think happens here is that the main table is used as fallback for your case 1184113382 M * flea whats happening here is that if I don't apply a filter table I cant access directly to those ifaces 1184113393 M * Bertl so, what you actually want to see inside a 'sane' guest would be: 1184113396 M * flea because the iface is shared 1184113402 M * Bertl 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 1184113412 M * Bertl default via 192.168.1.254 dev eth1 1184113416 M * flea yap at least 1184113422 M * flea or only the default 1184113430 M * Bertl so, and that is where the problem beginns 1184113431 M * flea if I wish everything to be filtered with a firewall 1184113453 M * flea the problem isn't only that 1184113471 M * flea for me that's the problem...but I resolved with other tweekings 1184113480 M * flea I think the bigger problem here is a disclosure issue 1184113492 M * Bertl that is something I agree with you 1184113494 M * flea since the guest system can see all routes in the host system 1184113514 M * Bertl and that also is something we should look at and try to fix 1184113535 M * Bertl (regardless of multiple tables or not) 1184113554 M * flea yap regardless to that :D 1184113576 M * flea I guess the best thing we wished to acomplish is: 1184113579 M * Bertl to solve that, we have to decide _what_ routes should/must be shown to the guest (or find a way to delegate that decision) 1184113587 M * flea 1) specify a routing table to the guest system 1184113601 M * flea 2) that system only can only see that table 1184113618 M * flea 3) depending on the configuration the guest may or may not manage that table 1184113626 M * Bertl once again, we are not doing a 'specialized hack'. period. 1184113657 M * Bertl I'm not against utilizing multiple routing tables (not at all) 1184113678 M * flea yap I understand that... doing it, lets do it good 1184113679 M * Bertl I'm also not against giving more (controlled) 'power' to the guests 1184113698 M * Bertl and I'm not against useful features ... so don't get me wrong 1184113711 M * flea no no Bertl I'm a very open minded person :D 1184113735 M * flea I wasn't saying about multiple routes.... 1184113752 M * Bertl but we have to handle all cases (including the single routing table case ) unless we find a very good reason _why_ we need multiple tables unconditionally 1184113753 M * flea I was purely viewing it on the funcionality side... 1184113764 M * flea "If I'm an admin...if I'm a guest admin what do I need" 1184113792 M * flea Bertl, but see one thing... multiple routes are already used by default in the current kernel 1184113795 M * flea the suport is there. 1184113804 M * Bertl to simplify, you basically get assigned an IP, and you can bind or not-bind services to that ip 1184113821 M * flea you already have multiple routing tables from the beginning 1184113822 M * Bertl flea: as you figured, they are _not_ used by default 1184113828 M * flea they are 1184113831 M * flea you have 3 tables at least 1184113838 M * Bertl flea: without advanced router and IP_MULTIPLE_TABLES no go 1184113838 M * flea you only manage the main one 1184113856 M * Bertl trust me, the code is completely different 1184113880 M * flea Bertl, I was using them withou that... the only problem was that they were locked only to those 3 tables. 1184113894 M * Bertl you 'thought' you were using them :) 1184113905 M * Bertl because the interface (userspace API) looks identical 1184113913 M * flea I see... 1184113927 M * flea at least the ip route let me inspect the 3 tables 1184113928 M * flea 255 local 1184113928 M * flea 254 main 1184113928 M * flea 253 default 1184113933 M * Bertl but the routing tables are of no relevance to your primary goal 1184113965 M * flea we're brainstorming here :D 1184113973 M * Bertl they might be the icing on the cake, but the problem needs a solution elsewhere 1184113995 M * Bertl yeah, I'm fine with that :) just don't assume that multiple routing tables are present 1184114012 M * Bertl there are good reasons to actually disable them on certain setups 1184114023 M * Bertl (just think embedded systems) 1184114028 M * flea memory 1184114049 M * flea but do you run virtual servers on embedded systems? 1184114060 M * flea it's a goal of the vserver project? 1184114063 M * Bertl quite a number of folks do that 1184114068 M * flea interesting... 1184114077 M * flea for what purpose? isolation ? 1184114085 M * Bertl after all, Linux-VServer is _very_ lightweight and supports alll Linux archs 1184114108 M * Bertl yes, security, activity/service isolation for example 1184114120 M * flea yap :) what I guessed... 1184114122 M * Bertl or just simplicity of management 1184114144 M * flea but see one thing Bertl 1184114159 M * flea managing tables should be the same with 1 or 255 tables 1184114170 M * flea and one more thing... 1184114175 M * flea I believe that if you use only 1 table 1184114188 M * flea you want that table to be unmutable inside the guest system 1184114197 M * flea since its shared with the host one 1184114204 M * flea no? 1184114208 M * Bertl not necessarily :) 1184114233 M * Bertl first, there could be cases where the guest _should_ manage the host table 1184114248 M * Bertl second, if some policy can be applied, sharing is not that bad 1184114273 M * Bertl but to get back on course :) we should look at the code which hands out the routing tables ... 1184114278 M * flea but that policy must be implemented by the vserver patch right? 1184114293 M * Bertl not necessarily, could be userspace policy 1184114322 M * flea you can give the capabalities to change the routing table 1184114329 M * flea but or do you change it all or nothing 1184114330 M * flea no? 1184114337 M * Bertl no :) 1184114348 M * flea Hmmm never saw that implementation 1184114353 M * Bertl I can imagine a bunch of solutions inbetween :) 1184114355 M * flea you can lock routes? 1184114368 M * flea Bertl, I'm talking actually 1184114374 M * Bertl I could easily tag routes with xid numbers 1184114375 M * flea if the vanilla kernel aready suports it 1184114375 M * flea ? 1184114403 M * Bertl then I could, for example, forbid removing routes not owned by your guest :) 1184114422 M * Bertl (i.e. not tagged with the guest's context) 1184114449 M * flea ok thats what I was saying... if we implement a routing entry policy schema , it's on the vserver's patch side 1184114466 M * flea the actual vanilla code doesn't have support for anything like that 1184114472 M * flea like a locking bit or something 1184114530 M * flea your idea was for instance tagging the route entry with the contex id's that have permissions to handle that specific route? 1184114542 M * Bertl was just an example :) 1184114580 M * flea thats even more flexibility 1184114616 M * flea for embedded systems you could still use multiple routing tables to easy up the implementation 1184114624 M * flea if you we're able to tune the number of tables 1184114627 M * flea instead of 255 tables 1184114633 M * Bertl nope 1184114634 M * flea you could setup 4 or 5 1184114650 M * Bertl the difference is in the network stack 1184114667 M * flea hmmmm.... it's to heavy in the stack? 1184114670 M * Bertl it's not 3 or 255 tables, it's actually no tables or tables 1184114675 M * flea adds up too munch complexity? 1184114691 M * Bertl no tables _looks_ like 3 tables, because two of them are handled special anyways 1184114703 M * flea yap 1184114767 M * flea Bertl, but see one thing 1184114784 M * flea those are 2 solutions with 2 very diferent cases 1184114790 M * flea they're valid to implement 1184114811 M * AStorm Bertl, I think people would kill for a lighter VServer patch - e.g. w/o that scheduling mess ;> 1184114814 M * flea since on solution helps you to police the entrys on ONE routing table 1184114834 M * Bertl AStorm: hmm? 1184114834 J * DoberMann_ ~james@AToulouse-156-1-50-193.w90-16.abo.wanadoo.fr 1184114834 M * flea and the other lets you handle multiple routing tables 1184114856 M * AStorm Bertl, w/o the additional scheduler, you know 1184114886 M * Bertl flea: feel free to branch Linux-VServer and implement either or both of them :) 1184114899 M * Bertl AStorm: you can disable almost all of the TB scheduler 1184114913 M * flea Bertl, no branch... I'm against branching 1184114916 M * flea :D 1184114923 M * flea Im pro of good solutions 1184114933 M * AStorm I know, but I was talking about a lighter patch, not the lighter code 1184114941 Q * DoberMann[ZZZzzz] Ping timeout: 480 seconds 1184114946 M * flea branching only meets other purposes 1184114967 M * Bertl flea: good then let's look at the good solutions we can get with restricting the route query API 1184114987 M * Bertl (actually ABI :) 1184115018 M * Bertl flea: first thing, you need a test system you can hack on 1184115037 M * flea Bertl, I'm actually finishing a job here.... but tomorrow I'll have all day to discuss it and look at it with you! and I'd be glad to help... 1184115059 M * Bertl flea: I would also suggest to setup QEMU, as it is much easier for kernel testing than real hardware :) 1184115059 M * flea do you mind if we postpone hack on's today? :D ehehe 1184115069 M * AStorm Bertl, Xen? ;> 1184115076 M * Bertl flea: sure, no problem 1184115079 M * AStorm but then QEmu is simpler to set up 1184115102 M * Bertl AStorm: Xen, not really, it's missing all the instrumentation QEMU has 1184115103 M * flea QEMU? for kernel hacking I normaly use UML 1184115118 M * Bertl flea: well, you are going to love QEMU then :) 1184115122 M * AStorm :> 1184115130 M * flea eheheheh :D 1184115137 M * flea no problem for me... 1184115142 M * flea I like to try new things :D 1184115143 M * AStorm kgdb 4 ever ;-) 1184115161 M * flea well, now I must get back to work ok ppl? 1184115170 M * Bertl okay, cya! 1184115192 M * flea tomorrow I'll help you finding this 1184115200 M * Bertl excellent! :) 1184115216 M * flea sorry, here is 2 PM and I still have a vserver to configure with a lot of stuff :S 1184115227 M * flea I really really must get back to work ehehe 1184115236 M * flea oops 1184115236 M * Bertl and you want to leave at 3pm, I understand :) 1184115239 M * flea 2 PM = 2 AM 1184115275 M * flea it's 2 AM and I would like to leave at.... 4 AM eheh 1184115298 M * Bertl k, understood ... 1184115299 M * flea tomorrow is another day :D 1184115307 M * Bertl you mean, today :) 1184115316 M * flea yap... today, tomorrow.... same thing 1184115316 M * flea :D 1184115336 M * flea we meet eachother somewere in the midle of our timezone 1184115337 M * flea eheheh 1184115338 M * flea :D 1184115406 M * flea see you tomorrow ppl 1184115408 M * flea [[]] 1184115410 Q * flea Quit: Leaving 1184117590 J * FireEgl FireEgl@4.0.0.0.1.0.0.0.c.d.4.8.0.c.5.0.1.0.0.2.ip6.arpa 1184122737 Q * Piet Quit: Piet 1184125567 M * Bertl okay, off to bed now ... have a good one everyone! 1184125574 N * Bertl Bertl_zZ 1184129065 J * Vudumen ~vudumen@perverz.hu 1184129143 Q * Vudu Ping timeout: 480 seconds 1184129418 Q * rob-84x^ Ping timeout: 480 seconds 1184130648 J * Vudu a5e73c4cd0@perverz.hu 1184130808 Q * Vudumen Ping timeout: 480 seconds 1184131066 J * meandtheshell ~markus@85.127.117.84 1184131097 Q * Vudu Read error: Connection reset by peer 1184132405 J * Vudu ~vudumen@perverz.hu 1184132820 J * Vudumen ~vudumen@perverz.hu 1184132896 Q * Vudu Ping timeout: 480 seconds 1184132957 J * ktwilight_ ~ktwilight@164.101-66-87.adsl-dyn.isp.belgacom.be 1184133067 J * _[PUPPETS]Gonzo gonzo@langweiligneutral.deswahnsinns.de 1184133074 J * FaUl_ immo@shell.chaostreff-dortmund.de 1184133088 J * mact_ ~sithkemm@i9a018.informatik.uni-erlangen.de 1184133123 Q * AStorm galapagos.oftc.net arion.oftc.net 1184133123 Q * ktwilight galapagos.oftc.net arion.oftc.net 1184133123 Q * blizz galapagos.oftc.net arion.oftc.net 1184133123 Q * phedny galapagos.oftc.net arion.oftc.net 1184133123 Q * FaUl galapagos.oftc.net arion.oftc.net 1184133123 Q * kir galapagos.oftc.net arion.oftc.net 1184133123 Q * badari1 galapagos.oftc.net arion.oftc.net 1184133123 Q * ||Cobra|| galapagos.oftc.net arion.oftc.net 1184133123 Q * mact galapagos.oftc.net arion.oftc.net 1184133123 Q * [PUPPETS]Gonzo galapagos.oftc.net arion.oftc.net 1184133123 Q * Bertl_zZ galapagos.oftc.net arion.oftc.net 1184133123 Q * waldi galapagos.oftc.net arion.oftc.net 1184133123 Q * sladen galapagos.oftc.net arion.oftc.net 1184133123 Q * ag- galapagos.oftc.net arion.oftc.net 1184133124 J * phedny_ ~mark@ip56538143.direct-adsl.nl 1184133126 J * blizz ~stephan@evilhackerdu.de 1184133133 J * Bertl_zZ herbert@IRC.13thfloor.at 1184133144 J * ag- ~ag@fedaykin.roxor.cx 1184133153 J * sladen paul@starsky.19inch.net 1184133364 Q * Vudumen Read error: Connection reset by peer 1184133755 J * ||Cobra|| ~cob@pc-csa01.science.uva.nl 1184133766 J * AStorm ~astralsto@host-81-190-179-124.gorzow.mm.pl 1184133780 J * kir ~kir@swsoft-mipt-nat.sw.ru 1184133817 J * waldi ~waldi@bblank.thinkmo.de 1184133873 J * badari ~badari@bi01p1.co.us.ibm.com 1184134054 J * Vudumen ~vudumen@perverz.hu 1184134415 N * DoberMann_ DoberMann 1184134780 J * Vudu ~vudumen@perverz.hu 1184134873 Q * Vudumen Ping timeout: 480 seconds 1184135716 Q * Vudu Ping timeout: 480 seconds 1184135716 N * DoberMann DoberMann[PullA] 1184135901 J * Vudumen 1cd59699ef@perverz.hu 1184136392 Q * Vudumen Ping timeout: 480 seconds 1184136668 J * Vudumen ~vudumen@perverz.hu 1184136837 J * rgl ~Rui@84.90.10.107 1184136846 Q * rgl 1184137211 Q * Vudumen Ping timeout: 480 seconds 1184137308 J * rob-84x^ rob@submarine.ath.cx 1184137328 J * HeinMueck ~Miranda@dslb-088-064-013-226.pools.arcor-ip.net 1184137334 J * Vudumen ~vudumen@perverz.hu 1184137531 Q * eSa| Ping timeout: 480 seconds 1184137571 J * dna ~naucki@115-224-dsl.kielnet.net 1184137938 Q * Vudumen Ping timeout: 480 seconds 1184138376 J * Vudu e807f69474@perverz.hu 1184138566 J * LaZaR ~bla@141.12.66.238 1184138596 M * LaZaR hello, i got a really stupid question, is it possible to have vserver AND vmware in the kernel and use both at the same time ? 1184138708 M * mugwump yes, that works 1184138727 M * mugwump but not recommended for production... hard to trace faults 1184138734 M * LaZaR cool ! would you recommend it as stable ? 1184138744 M * LaZaR well if there are no faults ? :o) 1184138763 M * arachnist i use a combo like that on my desktop 1184138769 M * mugwump for desktops, sure 1184138770 M * arachnist but as i said, it's a desktop 1184138781 M * mugwump running vserver inside vmware is OK 1184138787 M * arachnist (working also as a router, but still) 1184138787 M * mugwump just inefficient 1184138819 M * LaZaR no i mean not inside vmware but at the same level 1184138827 M * LaZaR both in physical machines kernel 1184138948 M * LaZaR i would like to have vmware server for windows machines and vserver for linux machines. both should be running on identical hardware and drbd should replicate active/passive . not if one fails it would be great to have both virtualisation techniques on one node 1184139527 M * mugwump not a good idea, because one will bring the other down 1184139564 M * LaZaR the both virtualisation techniques ? 1184139574 M * mugwump sure. Go for only one at each level 1184139580 M * LaZaR ok 1184139983 J * Vudumen eb8828376d@perverz.hu 1184139985 M * harry fuck! 1184139986 Q * Vudu Read error: Connection reset by peer 1184139988 M * harry fuck! 1184139993 M * harry fuck! fuck fuck fuck fuck! 1184139998 M * LaZaR not me 1184140002 M * harry (yes, i said it... the f word ;)) 1184140029 M * arachnist that brings back some memories 1184140039 M * arachnist "the italian man, who went to malta" ^_^ 1184140044 A * ard wanted it brought back some memories 1184140089 M * harry net.ipv4.conf.all.promote_secondaries 1184140097 M * harry wasn't on on a VERY important server! 1184140112 J * esa ~esa@ip-87-238-2-45.adsl.cheapnet.it 1184141433 M * Supaplex wa that do? 1184141497 M * arachnist http://qdb.us/97413 1184141653 J * bzed ~bzed@dslb-084-059-120-182.pools.arcor-ip.net 1184141675 M * harry Supaplex: was that a q to me? 1184141685 M * Supaplex harry: yes. 1184141701 M * harry Supaplex: if you have multiple vservers on 1 interface 1184141706 M * harry guests... 1184141720 M * harry and no primary ip address on that interface on the host itself 1184141739 M * harry (i have a management interface for the vserver host) all the guests are on a different interface 1184141750 M * harry with no ip adress of the host itself 1184141761 M * harry so... if i start a guest with an ip on an interface 1184141768 M * harry later on, i start 5 more on that interface 1184141777 M * harry and i shut down the first guest 1184141791 M * harry it says: primary ip adress of this interface is gone... i' 1184141797 M * harry ll shut down the interface 1184141807 M * harry so... all the ip adresses of the other guests are gone too 1184141819 M * harry if you set net.ipv4.conf.all.promote_secondaries to 1 1184141828 M * harry it will choose another ip adress to be the primary 1184141833 M * harry and NOT shut down the interface 1184141834 M * Supaplex does this have anything to do with aliases? 1184141859 M * Supaplex it's 2am here. I'm so tired. :) 1184141878 M * harry http://arstechnica.com/news.ars/post/20070710-criminals-confused-about-how-to-get-the-job-done-google-to-the-rescue.html 1184141881 M * harry lol 1184141887 M * harry yes 1184141895 M * harry brb 1184142006 J * Vudu ~vudumen@perverz.hu 1184142073 Q * Vudumen Read error: Connection reset by peer 1184142100 M * Supaplex nite. 1184142385 Q * FireEgl Quit: Bye... 1184143040 J * DavidS ~david@p57A49EC0.dip0.t-ipconnect.de 1184143126 J * rgl ~Rui@84.90.10.107 1184143131 A * rgl waves 1184143598 J * cedric ~cedric@80.70.39.67 1184143964 N * mact_ mact 1184144952 M * meebey morning 1184144976 M * meebey finally I managed to get IRC at work... so now I can give details about the klogd issues with vserver 1184144986 M * meebey strace says: 1184144988 M * meebey syslog(0x2, 0x804d6a0, 0x1000) = -1 EPERM (Operation not permitted) 1184144988 M * meebey write(2, "klogd: Error return from sys_syc"..., 65 1184144997 M * meebey and that in a loop maing 100% CPU usage 1184145025 M * meebey thats on linux 2.6.18 1184145072 M * meebey oh and can I set the shutdown timeout to a higher value? it seems to be like 1 or 2 minutes, way too low for my vmwares shutting down, windows is not _that_ fast :) 1184145101 M * meebey "A timeout occured while waiting for the vserver to finish and it will..." \_ /bin/sh /etc/rc6.d/K08vmware stop 1184145768 J * _mcp ~hightower@wolk-project.de 1184145865 Q * mcp Read error: Connection reset by peer 1184145867 N * _mcp mcp 1184146804 M * harry http://www.eu.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.1 1184146805 M * harry lol 1184146895 Q * ||Cobra|| Remote host closed the connection 1184147211 J * ||Cobra|| ~cob@pc-csa01.science.uva.nl 1184147769 M * harry ` 1184148091 J * ktwilight ~ktwilight@230.200-66-87.adsl-static.isp.belgacom.be 1184148147 N * _[PUPPETS]Gonzo [PUPPETS]Gonzo 1184148502 Q * ktwilight_ Ping timeout: 480 seconds 1184149770 J * lilalinux ~plasma@dslb-084-058-221-108.pools.arcor-ip.net 1184151289 J * Piet hiddenserv@tor.noreply.org 1184154735 Q * meandtheshell Quit: Leaving. 1184154781 J * Piet_ hiddenserv@tor.noreply.org 1184154863 J * pmenier ~pmenier@LNeuilly-152-22-72-5.w193-251.abo.wanadoo.fr 1184154878 Q * Piet Ping timeout: 480 seconds 1184155057 J * meandtheshell ~markus@85.127.103.255 1184155734 Q * Aiken Quit: Leaving 1184156969 J * FireEgl FireEgl@FireEgl.CJB.Net 1184158435 J * ktwilight_ ~ktwilight@12.104-66-87.adsl-dyn.isp.belgacom.be 1184158774 Q * ktwilight Ping timeout: 480 seconds 1184159205 Q * pmenier Read error: Connection reset by peer 1184159453 J * pmenier ~pmenier@LNeuilly-152-22-72-5.w193-251.abo.wanadoo.fr 1184159724 J * ema ~ema@rtfm.galliera.it 1184159743 Q * kaner Remote host closed the connection 1184159805 M * AStorm Hmm, guys 1184159816 M * AStorm I'm having a problem with /dev/initctl not being created 1184159943 M * AStorm at least not properly 1184160592 Q * rgl Ping timeout: 480 seconds 1184160706 M * ktwilight_ AStorm, you idea on splitting up SYS_ADMIN into CAP_SYS_LIMIT, CAP_SYS_ATTR, CAP_SYS_MOUNT and CAP_SYS_LIMIT_OVERRIDE is really good. though am not sure what it can implies 1184160710 M * ktwilight_ s/implies/imply 1184160841 M * ktwilight_ now i find that having glusterfs in Guest can have serious security issues 'cuz i have to enable SYS_ADMIN :/ 1184160851 M * AStorm ktwilight_, it implies adding another syscall or extending the flag space in some other way 1184160872 M * AStorm ktwilight_, mount it outside the guest is the easiest answer 1184160875 M * ktwilight_ any performance hit or whatever disadvantages? 1184160890 M * AStorm or do you expect that the FS is so insecure, it might be a hole? 1184160891 M * ktwilight_ yes it is, but it's the same isn't it? 1184160903 M * ktwilight_ well, i don't expect that, but having varying levels of security is always nice ;) 1184161071 M * daniel_hozac meebey: so your klogd is retarded, just don't run it in the guest. 1184161082 M * daniel_hozac meebey: or, enable VXC_SYSLOG. 1184161127 M * daniel_hozac meebey: as for the timeout, put it in /etc/vservers/.defaults/apps/vshelper/sync-timeout 1184161169 M * daniel_hozac AStorm: should /dev/initctl be created at all? i.e. are you using the plain initstyle? 1184161281 M * AStorm daniel_hozac, nope 1184161293 M * AStorm it should be, because otherwise the system will cry on shutdown call 1184161304 M * daniel_hozac no, it shouldn't. 1184161308 M * daniel_hozac there's no init to control. 1184161314 M * AStorm hmm 1184161314 M * daniel_hozac ergo, no initctl socket. 1184161326 M * AStorm daniel_hozac, it's a Gentoo init style 1184161335 M * AStorm but I don't want to destroy the real system 1184161343 M * AStorm maybe I didn't copy something :P 1184161354 M * daniel_hozac what? 1184161405 M * AStorm some shutdown.sh or something 1184161442 M * daniel_hozac you should use -d gentoo when you install gentoo guests. 1184161452 M * daniel_hozac the initpost script will set everything up properly. 1184161493 M * AStorm it's not a guest, I don't trust vserver command to not destroy my real system :P 1184161512 M * AStorm I'll check what it does 1184161514 M * daniel_hozac huh? 1184161565 M * daniel_hozac yeah, we just have thousands of users with destroyed systems, none of whom have complained, all in a conspiracy to destroy yours... 1184161596 M * AStorm :> 1184161616 M * AStorm So, how should I convert it to run with vserver then? 1184161623 M * daniel_hozac convert what? 1184161635 M * daniel_hozac i told you my psychic abilities aren't what they used to be. 1184161645 M * daniel_hozac you have to actually ask complete questions to get answers. 1184161647 M * trippeh_ An existing Gentoo installation, doh! :) 1184161662 M * AStorm Yep, doh! 1184161676 M * daniel_hozac it's d'oh ;) 1184161677 M * trippeh_ <- psychic 1184161679 M * AStorm it runs somewhat after I've copied some files, but still doesn't shutdown properly 1184161689 M * daniel_hozac because you didn't use -d gentoo. 1184161699 M * AStorm daniel_hozac, with which command?! 1184161701 M * AStorm build? 1184161705 M * daniel_hozac vserver .. build, of course. 1184161707 M * AStorm there is no -m convert 1184161711 M * AStorm :P 1184161715 M * daniel_hozac there is -m rsync. 1184161728 M * AStorm which will copy 1184161731 M * AStorm I _don 1184161737 M * AStorm I don't want that to happen 1184161745 M * daniel_hozac so what _do_ you want to happen? 1184161751 M * daniel_hozac again, complete questions please. 1184161757 M * AStorm Change the existing installation to work with VServer too 1184161776 M * daniel_hozac so you want to what, share the host's install with the guest? 1184161780 M * AStorm No 1184161781 M * trippeh_ Without screwing it up for real hardware? 1184161784 M * AStorm it's a separate one 1184161787 M * AStorm trippeh_, yes 1184161823 M * daniel_hozac well, that's never going to work right. you'll have to accept the ugly error messages. 1184161841 M * AStorm daniel_hozac, maybe it would, if I kicked the scripts enough 1184161846 M * AStorm some pointers where I have to poke? 1184161854 M * AStorm *on 1184161878 M * daniel_hozac sure, you can conditionalize everything. 1184161883 M * AStorm Exactly. 1184161890 M * daniel_hozac not exactly ideal.... 1184161900 M * AStorm It doesn't have to be - it only has to work :P 1184161935 M * AStorm startup works ok after I copied init-vserver.sh and some other files 1184161941 M * AStorm but shutdown is still wrong 1184162044 M * AStorm ah yes 1184162059 M * AStorm /etc/init.d/{shutdown,reboot}.sh have to be modified 1184162071 M * AStorm Now, the question is - how to know if I'm running in a vserver :P 1184162076 M * AStorm I'll find it out 1184162086 M * AStorm that /dev/initctl might be a good hint 1184162116 M * daniel_hozac is_vps_sys. 1184162136 M * daniel_hozac (on baselayout2 anyway) 1184162374 M * AStorm Mhm 1184162381 M * AStorm it's in functions.sh, right? 1184162418 M * daniel_hozac i'd guess so, but i'm not a Gentoo-person. 1184162452 M * AStorm hmm, that too, and I have to make it not try to remount the pre-mounted fses 1184162540 M * arachnist what are you doing? :> 1184162615 M * AStorm #gentoo-vserver :P 1184162623 M * AStorm converting a real baselayout2 system to a vserver 1184163133 M * derjohn daniel_hozac, when I do a "free -m" in a guest I dont see any swap memory, if i set a rlimit to AS and RSS. Is that normal behavior ? Doesnt that guest use swap at all? 1184163161 M * daniel_hozac do you have different rss.hard and rss.soft limits? 1184163172 M * daniel_hozac rss.hard - rss.soft is what appears as swap. 1184163215 M * derjohn daniel_hozac, ufff ... i only set sched/rss ... this is hard ? 1184163238 M * daniel_hozac it's both hard and soft. 1184163249 M * daniel_hozac (assuming s/sched/rlimits/ :)) 1184163264 M * derjohn eh, yes, rlimits ;) 1184163299 M * derjohn amavis takes unusual memory within that guest (100 - 300 MB) instead of about 70 what i see on other hosts. 1184163352 M * daniel_hozac same configuration and data files? 1184163360 M * derjohn hm, if the guest pushes something in swap, it only appears to guest that it is swap, right? the kernel not necessarily uses that swap. 1184163405 M * daniel_hozac yeah, actually, anything that is in swap shouldn't count against the guest's swap, IMHO. 1184163415 M * derjohn daniel_hozac, configs might differ slightly, but basically identical. Maybe amavis/perl does mem alloc differntly if it sees no swap ? 1184163447 M * derjohn k, i simply try to change the limit to a hard/soft one. 1184163581 M * meebey daniel_hozac: ah thanks for the infos 1184163741 M * meebey daniel_hozac: klogd wasn't retarded with 2.4 vserver... is that a known problem? it doesnt always happen, but often 1184163765 M * daniel_hozac you'd have to check klogd's source as to why it would try again. 1184163776 M * daniel_hozac i have never seen that happen. 1184163852 M * meebey allowing the vserver syslog access, has that security impacts? 1184163860 M * daniel_hozac no, it's a virtualized syslog. 1184163863 M * daniel_hozac it's always empty. 1184163867 M * meebey ah ok :) 1184163877 M * meebey maybe that was default with 2.4? 1184163887 M * daniel_hozac it didn't exist in 2.4 :) 1184163892 M * meebey hm k 1184164008 J * rgl ~Rui@84.90.10.107 1184164012 M * meebey daniel_hozac: where do I need to put that VXC value? 1184164069 M * daniel_hozac /etc/vservers//ccapabilities 1184164093 M * meebey ah ic 1184164246 M * meebey daniel_hozac: not possible to set .defaults/ccapabilities? 1184164255 M * daniel_hozac no. 1184164258 M * meebey hmpf 1184164272 M * daniel_hozac should be coming to a util-vserver near you soon though... 1184164305 A * meebey creates 29 ccapabilities files 1184164336 M * meebey daniel_hozac: probably not possible to set ccapabilities in the old config files? 1184164342 M * daniel_hozac no. 1184164358 M * meebey k, I was upgrading to the current config layout anyhow 1184164371 M * meebey starting with 2.6.21 the old configs refused to start any vserver 1184164417 M * daniel_hozac oh really? 1184164425 M * daniel_hozac grep VSERVER .config 1184164512 M * meebey hm? 1184164525 M * derjohn daniel_hozac, the swap shows up as expected ;) 1184164530 M * derjohn thx 1184164577 M * daniel_hozac meebey: what does that return, when executed in your kernel tree? 1184164595 M * daniel_hozac meebey: are LEGACY and DYNAMIC_IDS =y? 1184164600 M * daniel_hozac if so, that's a bug... 1184164632 M * meebey oh kernel config you mean, let me check /boot/*.config 1184164735 M * meebey # CONFIG_VSERVER_LEGACY is not set 1184164742 M * meebey grrrrr damnit package maintainer 1184164747 M * daniel_hozac well, that'd be why :) 1184164766 A * meebey blames debian's kernel package maintainers 1184164779 M * daniel_hozac ah, well, they just take the defaults. 1184164838 M * meebey daniel_hozac: thanks for the clarification 1184164896 M * meebey daniel_hozac: http://paste.debian.net/32505 1184164932 M * meebey daniel_hozac: that looks suspicious 1184164943 M * meebey umount hanging? 1184164956 M * daniel_hozac does that guest have any capabilities? 1184164964 M * meebey nope 1184164972 M * daniel_hozac dmesg? 1184164982 M * meebey I have also sometimes problems with hwclock hanging 1184164999 M * meebey daniel_hozac: nothing in dmesg 1184165010 M * daniel_hozac okay, what does strace say? 1184165044 M * meebey how can I strace that? 1184165056 M * meebey strace doesnt work across contexts AFAIK 1184165084 Q * FloodServ Service unloaded 1184165094 M * daniel_hozac nope, thus chcontext --xid strace -p ... ;) 1184165138 M * meebey the process is not running afterwards 1184165146 M * meebey at least according to vserver foo enter 1184165160 J * FloodServ services@services.oftc.net 1184165161 M * meebey or is it in a half-shutdown state? 1184165183 M * meebey ah right, vps shows them 1184165343 M * meebey daniel_hozac: doesn't seem to be reproducible 1184165343 Q * emtty Read error: Connection reset by peer 1184165378 M * meebey daniel_hozac: I started the vserver again believing it was not running, stopping it 2 times brought all processes down and the umount was not hanging anymore 1184165646 M * daniel_hozac well, that's good, i guess. 1184165775 M * micah waldi: why did the util-vserver build fail on s/390 when the dependency is "modutils|module-init-tools"? 1184165970 M * pusling micah: isn't it a sbuild cannot resolve such build dependencies issues ? 1184166020 M * micah pusling: I dont know much about sbuild, but it seems that is what happened... although i agree that modutils can be removed from a dependency now 1184166031 M * daniel_hozac definitely. 1184166039 M * micah I'm actually not sure I remember what the point of having it in there is 1184166098 M * pusling micah: there at least was a sbuild issue about not being able to figure out using the second dependency in foo|bar - I don't know if it is fixed though. 1184166144 M * waldi micah: for stability reasons, sbuild never considers alternative build-deps 1184166525 J * emtty ~eric@dynamic-acs-24-154-33-109.zoominternet.net 1184166561 M * micah makes sense, I've removed it from svn 1184166787 M * daniel_hozac Bertl_zZ: i finally found it, too obvious i missed it the first time around... http://people.linux-vserver.org/~dhozac/p/k/delta-ext-dlimit-fix01.diff 1184167902 J * stefani ~stefani@flute.radonc.washington.edu 1184169672 N * ensc Guest8 1184169673 Q * cedric Read error: Connection reset by peer 1184169682 J * ensc ~irc-ensc@p54B4EF5C.dip.t-dialin.net 1184169735 J * cedric ~cedric@80.70.39.67 1184169791 Q * Guest8 Ping timeout: 480 seconds 1184170624 J * lilalinux_ ~plasma@80.69.41.3 1184170633 J * bonbons ~bonbons@2001:5c0:85e2:0:20b:5dff:fec7:6b33 1184171003 Q * lilalinux_ Remote host closed the connection 1184171061 Q * lilalinux Ping timeout: 480 seconds 1184171174 J * lilalinux ~plasma@dslb-084-058-221-108.pools.arcor-ip.net 1184172399 Q * pmenier Quit: pmenier 1184173024 Q * cedric Quit: cedric 1184173980 N * phedny_ phedny 1184175303 Q * lilalinux Remote host closed the connection 1184175487 J * lilalinux ~plasma@dslb-084-058-221-108.pools.arcor-ip.net 1184175793 J * lilalinux_ ~plasma@dslb-084-058-250-031.pools.arcor-ip.net 1184176168 Q * lilalinux Ping timeout: 480 seconds 1184176643 Q * ema Quit: leaving 1184176981 N * DoberMann[PullA] DoberMann 1184177071 N * Bertl_zZ Bertl 1184177082 M * daniel_hozac morning Bertl! 1184177088 M * Bertl morning folks! daniel_hozac! 1184177101 M * Bertl so the dlimit issue is fixed for ext3? 1184177106 M * daniel_hozac and ext4. 1184177113 M * Bertl excellent! good work! 1184177132 M * Bertl what kernels are affected? 1184177202 M * daniel_hozac at least 2.6.19+, AFAICT. 1184177224 M * harry hmm... how "serious" is it? 1184177228 M * harry when are you affected? 1184177304 M * daniel_hozac it doesn't happen all the time, i don't know enough about how ext3 to predict how often it might happen. 1184177310 M * daniel_hozac +works 1184177324 M * harry what are symptoms/problems? 1184177325 M * daniel_hozac Bertl: looks like 2.6.17+. 1184177327 M * harry fs corruption? 1184177334 M * daniel_hozac it's just disk limits. 1184177381 M * daniel_hozac one more block being freed than allocated. 1184177401 M * harry so if you don't use limits 1184177407 M * daniel_hozac no effect at all. 1184177421 M * harry you're not affected (i'm upgrading a server tomorrow, i have to know if this is critical to me ;)) 1184177481 J * kaner kaner@strace.org 1184177528 M * Bertl wb kaner! 1184177740 Q * lilalinux_ Remote host closed the connection 1184179600 J * jmcaricand ~kvirc@d90-144-31-150.cust.tele2.fr 1184179606 M * daniel_hozac Bertl: uh, weird thing, http://paste.linux-vserver.org/4484 1184179634 M * daniel_hozac why would every test number with a 2 in it output nothing but the two? :) 1184179841 M * AStorm Heads up :-) 1184179848 M * AStorm 2.6.23 will have CFS in 1184179864 M * AStorm so you should start really porting the VServer scheduler to its infrastructure 1184179873 M * AStorm or drop it entirely 1184180597 M * Bertl daniel_hozac: looks really interesting :) 1184180620 M * Bertl daniel_hozac: maybe a very weird env variable? 1184180709 M * daniel_hozac yeah, that was my idea. i don't see anything though. weirdest part is that just quoting $ret and $id on line 43 seems to "fix" it. 1184180744 M * Bertl put a 'set >/tmp/some.log' before and after that 1184180824 M * Bertl maybe something like $-2 or so gets misinterpreted 1184180868 M * daniel_hozac hmm. 1184180880 M * daniel_hozac it appears to have been caused by the presence of a file named 2 in the current directory. 1184180900 M * Bertl ah, shell completion 1184180904 M * daniel_hozac indeed. 1184180918 M * Bertl is that supposed to happen on normal assignments? 1184180934 M * Bertl (smells like a bash bug?) 1184180935 M * daniel_hozac i think it's happening in the call to ececho. 1184180948 M * Bertl ah, okay that would be fine 1184180958 M * daniel_hozac i'm testing it now. 1184180960 M * Bertl so in this case, quoting the arguments is correct 1184180965 M * daniel_hozac yeah. 1184180973 M * daniel_hozac quoting in ececho didn't change anything. 1184181701 Q * jmcaricand Quit: KVIrc 3.2.4 Anomalies http://www.kvirc.net/ 1184182763 Q * derjohn Ping timeout: 480 seconds 1184183569 Q * DavidS Quit: Leaving. 1184184694 M * daniel_hozac Bertl: what happens to disk limits when you unmount the filesystem? do they disappear? if you mount it again, will they still be there? 1184185051 P * stefani I'm Parting (the water) 1184185208 J * derjohn ~derjohn@80.69.41.3 1184185822 M * Bertl daniel_hozac: they were designed to be persistent, but I'm not sure that is still true for mounts 1184185848 M * Bertl it is definitely true for contexts 1184185949 M * daniel_hozac yeah, that i know. 1184185990 M * Bertl as they are device bound, I would assume they are for devices which stay the same across mounts :) 1184186019 M * daniel_hozac but they use the superblock pointer, which i assume changes? 1184186102 M * AStorm Bertl, go port VServer to 2.6.23-* 1184186126 M * daniel_hozac there's not even an -rc1 out yet. 1184186132 M * daniel_hozac so there's no such thing. 1184186138 M * AStorm daniel_hozac, I mean git tree 1184186142 M * AStorm there is such a thing :P 1184186149 M * AStorm it will become -rc1 soon 1184186162 M * AStorm the most important is to port that scheduler :> 1184186169 M * AStorm I'm not able enough to do it 1184186174 M * Bertl daniel_hozac: correct, so they should probably be purged on superblock destruction or take a reference 1184186186 M * daniel_hozac no, there are no 2.6.23 tags in Linus' tree. 1184186206 M * Wonka not _yet_ :) 1184186222 M * Wonka two weeks to -rc1, usually 1184186222 M * daniel_hozac Bertl: yeah, that's what i was thinking... right now i assume they're just leaked on umount. 1184186235 M * daniel_hozac Wonka: right, but then there's no way to do it _now_ :;) 1184186243 A * waldi waits for xen ... 1184186253 M * AStorm waldi, that will be some time - it's in -mm 1184186274 M * waldi i know 1184186301 A * Wonka wants that hpet-force-stuff 1184186333 M * AStorm Wonka, I did a patchset with it 1184186337 M * AStorm interested? 1184186345 M * AStorm (also with dynticks-x86-64) 1184186359 M * AStorm (and VServer) 1184186362 M * daniel_hozac that's not ready yet :) 1184186370 M * daniel_hozac (according to davej) 1184186377 M * AStorm daniel_hozac, well, it works :P 1184186406 M * Wonka AStorm: for 2.6.22, without vserver? sure. 1184186425 M * AStorm With VServer. :> 1184186429 M * Wonka i downloaded the 7 patches from June 22nd, and they wouldn't apply cleanly on .22 1184186442 M * AStorm Wonka, these were minor rejects, I've fixed them 1184186453 M * Wonka these weren't minor at all 1184186462 M * AStorm minor minor 1184186466 M * AStorm some function was split 1184186473 M * Wonka heavy changes in arch/i386/kernel/hpet.c 1184186474 M * AStorm read history next time too 1184186519 M * AStorm it works here, heh 1184186557 Q * bonbons Quit: Leaving 1184186575 M * Wonka hm. might try again. 1184186614 M * Wonka http://lkml.org/lkml/2007/6/28/41 1184186618 M * AStorm Wonka, well, I have a patchset now :P 1184186628 M * Wonka after that, i hoped it would get into vanilla quite fast... 1184186631 M * Wonka AStorm: where? 1184186647 M * AStorm Wonka, if you want it, I'll publish 1184186651 M * AStorm Do you? 1184186653 M * Wonka *want* 1184186661 M * AStorm Ok, wait a while... 1184187107 M * AStorm Wonka, http://astralstorm.bounceme.net/patches/2.6.22-electric1 1184187200 M * Wonka *wget* 1184187225 M * AStorm apply to 2.6.22 of course 1184187256 M * AStorm the VServer patch isn't totally ok, it whines about some nr_running < 0 on context exit 1184187260 M * AStorm but it works 1184187266 M * AStorm even the scheduler :P 1184187278 M * AStorm (correctly limits CPU) 1184187279 M * daniel_hozac "but it works"... 1184187294 M * daniel_hozac i'd say that's a sign of not working :) 1184187298 M * Bertl AStorm: so you are missing some task accounting/activation :) 1184187298 M * AStorm daniel_hozac, I don't know why, but it works :P 1184187308 M * AStorm Bertl, other way around 1184187317 M * AStorm there's one more deactivate_task probably 1184187323 M * AStorm or the BUG_ON is in the wrong place 1184187335 M * AStorm the numbers are randomly < 0 1184187350 M * rgl is there any iconvenient in using quotas inside guests? like described at http://linux-vserver.org/Standard+non-shared+quota ? 1184187367 M * AStorm rgl, well, these should work correctly 1184187396 M * Bertl rgl: except for not having the benefit of unified space, no 1184187430 M * rgl Bertl, what does that mean? having a unified space? :D 1184187445 M * AStorm rgl, it means the quota will be only for that VServer :P 1184187454 M * rgl Bertl, like, a partition that is shared between several guests? 1184187467 M * Bertl rgl: if you put guests on a shared partition, then you will benefit from unification 1184187484 M * rgl ah, ok. I don't want unification :D 1184187491 M * Bertl i.e. less resource usage (disk space and memory), higher performance and density 1184187512 M * rgl but, if I want unification, can I still have good old quotas inside a guest? 1184187542 M * daniel_hozac no. 1184187544 M * Bertl definitely not with 2.2 1184187552 M * rgl or they will be shared between all guests? like, the users id are shared between all guests in regards to quota? 1184187576 M * rgl so, in unification, the "only" quota is the global vserver disk limit? 1184187589 M * Bertl yep 1184187642 M * rgl I see thx! as of now, I use a lvm per vserver guest. 1184187657 M * rgl (I wonly have 3 guests in my box *G*) 1184187685 M * rgl what can happen if I don't use the vroot device? 1184187701 M * daniel_hozac you've basically given your guest root access. 1184187723 M * AStorm vroot? what is that? :P 1184187732 M * rgl root access into the host? 1184187745 M * daniel_hozac yes, pretty much. 1184187778 M * AStorm Yep, wrt filesystem at least (if vroot is what I think it is) 1184187783 M * rgl humm, I definately don't want that hehe 1184187786 M * Bertl AStorm: vroot is a quota proxy for guests 1184187825 M * Bertl (to allow for safe quota ioctl on real devices) 1184187853 M * rgl is that light proxy? or does it have an noticiable impact on performance? 1184187866 M * Bertl no noticeable impact 1184187872 M * daniel_hozac performance of what? quotaon? 1184187883 M * Bertl quotarep e.g. :) 1184187907 M * AStorm Bertl, well, shouldn't just setting the quota once, then removing the privileges work? 1184187915 M * rgl I don't known how the quota works. but I'd guess, it has some impact on file IO, or not? 1184187938 M * Bertl AStorm: that works too, if you don't want the guest to administrate the quota :) 1184187954 M * Bertl rgl: no, look, the quota system is quite ancient 1184187967 M * Bertl rgl: quota tools usually do strange things on the device 1184187983 M * Bertl rgl: like for example reading the filesystem at low level, etc 1184187998 M * Bertl rgl: we cannot allow a guest to have raw access to the filesystem 1184188019 M * Bertl rgl: thus the 'essential' interfaces (quota ioctls) are proxied for the guest system 1184188033 M * Bertl rgl: this does not even touch normal I/O or filesystem stuff 1184188100 M * rgl Bertl, ancient == bad? 1184188125 M * rgl are there alternatives? like, native ext3 quota support, or so? 1184188130 M * Bertl not as good as it could be (with a better design) 1184188149 M * Bertl yes, native ext3 journaled quota is transparent 1184188159 M * Wonka AStorm: 1184188160 M * Wonka --22:51:42-- (try: 4) http://astralstorm.bounceme.net/patches/2.6.22-electric1 1184188163 M * Wonka Connecting to astralstorm.bounceme.net|81.190.179.124|:80... failed: Connection timed out. 1184188166 M * Wonka Retrying. 1184188181 M * AStorm Huh 1184188192 M * AStorm My connection is slow, maybe the IP has changed 1184188193 M * AStorm checking 1184188205 M * rgl Bertl, how do I enable that? I mean, the quotatool automaticaly detect that I have ext3 with quota? 1184188214 M * AStorm No, it's correct 1184188239 M * AStorm Wonka, lol, I forgot to start the server :P 1184188247 M * Wonka hrhr 1184188252 M * AStorm Wonka, now it's there :P 1184188253 M * Bertl rgl: for ext3, it is a mount option 1184188265 M * Wonka AStorm: still no connect 1184188271 M * Wonka AStorm: packet filter? 1184188282 M * rgl Bertl, I remember you says that quotatool didn't like jornaled quota, did you change your mind? 1184188285 M * AStorm Wonka, blah, my local IP is different 1184188288 M * AStorm BRB 1184188297 M * rgl Bertl, or they gor fixed? :D 1184188387 J * AstralSt ~astralsto@host-81-190-179-124.gorzow.mm.pl 1184188407 M * AstralSt Wonka, try now 1184188410 M * Bertl rgl: no, never said that the journaled quota has better userspace tools :) 1184188422 M * Bertl rgl: don't forget, the quotatools are even more ancient :) 1184188430 N * AStorm Guest30 1184188431 N * AstralSt AStorm 1184188443 M * rgl Bertl, humm, so I got my notes wrong. sorry about that :-( 1184188452 M * AStorm ls 1184188455 M * Wonka AStorm: 1184188455 M * Wonka AStorm: 23:03:06 (29,4 KB/s) - `astralstorm.bounceme.net/patches/2.6.22-electric1/index.html' saved [38931/38931] 1184188464 M * AStorm Wonka, uhm, it's a directory 1184188473 M * Wonka AStorm: aargh ;) 1184188476 M * AStorm get the series and use your shell-fu to grab the files 1184188530 M * AStorm example: { while read x; do wget http://astralstorm.bounceme.net/patches/2.6.22-electric1/$x; done } < series 1184188535 M * Wonka AStorm: i see 9 hpet-* patches... 1184188545 M * AStorm Wonka, yes 1184188549 M * AStorm from -mm 1184188568 M * Wonka AStorm: aah. on lkml, there were 7 1184188568 M * AStorm ich-force-hpet 1184188569 M * AStorm :> 1184188654 M * rgl should I modify the guest mtab from "ext3" to "ufs", or thats no longer relevant? 1184188654 M * arachnist that electric looks almoast broken-up mm ;> 1184188701 M * AStorm rgl, it can be anything 1184188721 M * AStorm arachnist, because it almost is 1184188732 M * AStorm it has the FS work required for ext4 1184188745 M * AStorm that's the most patches, the next is dynticks 1184188751 M * rgl AStorm, from my notes: "ufs" is a hack needed to stop the quota tools from being too smart! 1184188758 M * Wonka AStorm: same sort of rejects as the patches from lkml. 1184188759 M * AStorm rgl, maybe 1184188762 M * Bertl daniel_hozac: for the case you are working on a patch to fix the dlimit leakage, I think I'd prefer to purge the dlimits from the hash on superblock destruction 1184188766 M * AStorm Wonka, hmm 1184188777 M * AStorm maybe it's because it has to be patched on top of some parts of -mm :P 1184188784 M * rgl Bertl, is the note ""ufs" is a hack needed to stop the quota tools from being too smart!" still relevant? 1184188784 M * Wonka maybe. 1184188786 M * AStorm grab the whole series wrt hpet 1184188788 M * AStorm and apply that 1184188792 Q * Guest30 Ping timeout: 480 seconds 1184188795 M * Bertl rgl: usually yes 1184188806 M * daniel_hozac Bertl: yeah, that's what i've been leaning to as well. i haven't started patching yet though. 1184188807 M * AStorm Notice my series file 1184188811 M * Wonka AStorm: i got all the ich-force-hpet-* 1184188820 M * AStorm Wonka, that's not enough :P 1184188827 M * rgl Bertl, how do I known if I need it? :) 1184188839 M * Bertl try it out 1184188843 M * Wonka AStorm: aargh. which else do I need? 1184188873 M * AStorm probably the clockevents work 1184188905 M * AStorm start from this patch: nohz-fix-nohz-x86-dyntick-idle-handling.patch 1184188921 M * AStorm end with this: x86_64-dynticks-disable-hpet_id_legsup-hpets.patch 1184188972 M * Wonka hrm. too much work now. 1184188972 M * AStorm dynticks work great, BTW 1184189016 M * Wonka here, it hangs sometimes. especially when hibernating or resuming. 1184189213 M * AStorm heh, here not (my HPET works) 1184189221 M * AStorm (and PM-Timer does too) 1184189242 M * AStorm hibernation works flawlessly, suspending leaves video blank, but the system working :/ 1184189298 M * rgl should I add the quota stuff into the guest mtab or fstab? 1184189341 M * daniel_hozac what quota "stuff"? 1184189354 M * daniel_hozac you should modify both, IIRC. 1184189424 M * rgl daniel_hozac, eg: the /dev/hdv1 / ufs rw,usrquota,grpquota 0 0 line 1184189431 M * daniel_hozac that'd be the mtab. 1184189461 M * rgl but I also have a line like that on the fstab 1184189488 M * rgl should I modify both? 1184189492 M * daniel_hozac by fstab, do you mean /etc/fstab in the guest, or /etc/vservers//fstab? 1184189495 J * Aiken ~james@ppp121-45-220-241.lns2.bne1.internode.on.net 1184189500 M * daniel_hozac (or whereever you're mounting the filesystem from) 1184189528 M * rgl oh, I'm sorry. I mean the /etc/vserver//fstab 1184189539 M * rgl that will mount the guest LVM. 1184189580 M * rgl so, I'm not sure why do I need a /etc/vservers//apps/init/mtab 1184189601 Q * HeinMueck Quit: Aah! 1184189654 M * daniel_hozac that's copied to the guest's /etc/mtab when you start it. 1184189667 M * daniel_hozac the guest's fstab should just have the usrquota,grpquota options added to it. 1184189681 M * daniel_hozac i.e. you want the real device, and the real filesystem there ;) 1184189729 M * rgl ah, so I only need it on the fstab? 1184189738 M * rgl err on /etc/vserver//fstab 1184189812 M * daniel_hozac huh? 1184189862 M * ktwilight_ hm, so i can't screen inside a screen from a guest. 1184189917 M * daniel_hozac why not? 1184189935 A * ktwilight_ shrugs 1184189937 M * ktwilight_ it gives /var/run/screen/S-root/2395.pts-0.musmo: No such file or directory 1184189947 M * ktwilight_ which is the original screen outside of guest 1184189979 M * AStorm ktwilight_, does that exist in vserver's filesystem view? :P 1184189994 M * AStorm still, it won't have access to that pts 1184190011 M * AStorm passing vserver barrier like that is not possible :P 1184190016 M * ktwilight_ aw :( 1184190019 M * daniel_hozac ktwilight_: wait, so you run screen, enter a guest, and _then_ try to run screen? 1184190024 M * ktwilight_ yea 1184190029 M * ktwilight_ to create a new screen in the guest 1184190032 M * daniel_hozac yeah, that's not going to work. 1184190035 M * ktwilight_ ouch 1184190040 M * ktwilight_ any solutions around it? 1184190049 M * daniel_hozac "don't do it?" :) 1184190055 M * ktwilight_ oh noooo~ :'( 1184190075 M * ktwilight_ k, that means i have to install ssh on the guest, and ssh in then screen? 1184190104 M * daniel_hozac or just vserver .. enter, screen ,(i.e. without the first screen) 1184190139 M * ktwilight_ hm. true. 1184190441 M * ktwilight_ oooo nice, so i need to have another terminal open. yay :) 1184190567 M * rgl daniel_hozac, I need to modify the guest fstab, and the apps/init/mtab too. or else the guest doesn't see the quota options. 1184190586 M * daniel_hozac right. 1184191115 M * rgl it seems to be working now. thx :) 1184191173 M * rgl do I need to run vrsetup at boot? or the config was saved somewhere? 1184191196 M * daniel_hozac you need to run it at boot. 1184191527 Q * dna Quit: Verlassend 1184191650 M * rgl daniel_hozac, can I do it in the pre-init script of the guest? 1184191665 M * daniel_hozac sure, that's where i'd do it. 1184191674 M * daniel_hozac (with removal in post-stop) 1184191692 M * rgl is there a way to see which ones are active? 1184191738 M * daniel_hozac no. 1184191908 M * rgl ok. 1184191929 M * rgl daniel_hozac, is the prepre-start scriplet the right place to run vrsetup? 1184192010 M * daniel_hozac you probably want initialize in this case. 1184192025 M * rgl oh. I can run vrsetup -d /dev/vroot0 while the guest is running? 1184192048 M * rgl is that expected/safe? 1184192050 M * daniel_hozac well, yes, but it won't be able to do any quota stuff anymore. 1184192112 M * rgl humm, but I have configured the guest fstab to use /dev/vroot0. does that mean, /dev/vroot0 still works, but without the quota interception (eg: if transparent mode)? 1184192137 M * daniel_hozac what? surely you didn't put /dev/vroot0 in the fstab? 1184192160 M * daniel_hozac you need to have the real device there. 1184192164 M * rgl daniel_hozac, I did. I have this: /dev/vroot0 / ext3 rw,noatime,usrquota,grpquota,dev 0 0 1184192206 M * daniel_hozac as i said, the fstab needs to have the real deal. 1184192212 M * rgl humm why did it work? 1184192213 M * daniel_hozac the mtab is the one you fake. 1184192226 M * daniel_hozac it shouldn't have... 1184192228 M * rgl but /dev/vroot0 isn't a normal device? 1184192241 M * rgl but that intercepts the quota ioctl? 1184192278 M * daniel_hozac no, it _only_ allows quota ioctls. 1184192305 M * rgl that can't be right. or else, how did this work? :/ 1184192354 M * daniel_hozac that's a really good question. 1184192451 M * rgl oh, I'm sorry. I goofed. I've added /dev/vroot0 into my notes, but didn't actually used that on the real file! 1184192463 M * rgl and indeed, with vroot0 it does not work at all. 1184192469 M * rgl sorry :-( 1184192565 M * Bertl np, quota stuff is quite complex ... 1184192584 M * Bertl (mainly because there is absolutely no useful feedback :) 1184192726 M * rgl indeed. the scary part is the vrsetup thing needs to be setup before starting the guest. 1184192748 M * rgl which is something that is not described in the wiki :( 1184192778 M * Bertl well, update it :) 1184192793 M * Bertl btw, you can do it on guest startup in the proper scripts too 1184192815 M * rgl which means, there might be ppl out there that are running this in an insecure way. like you said before, witout vroot, the guest can obtain root somehow. 1184192837 M * rgl I will update it :D 1184192847 Q * Baby Ping timeout: 480 seconds 1184192926 J * slack101 ~default@cpe-65-31-15-111.insight.res.rr.com 1184192933 M * slack101 oye 1184192953 M * rgl Bertl, yes. daniel_hozac said I should do it in the initialize script (I though it was better to do in prepre-start. 1184192988 M * Bertl hmm, why? 1184193007 M * daniel_hozac really, it doesn't matter. initialize is just meant to setup the root mount, so it seemed proper. 1184193009 M * rgl mainly because there is no "finalize" 1184193025 M * rgl but there is a postpost-stop 1184193026 M * daniel_hozac that's because post-stop is when everything's done. 1184193031 M * daniel_hozac right, postpost. 1184193052 M * daniel_hozac start and stop don't do the same things, so the stages aren't really equivalent 1184193067 M * daniel_hozac thus, the required hooks aren't equivalent either. 1184193070 M * rgl I my mind, having something in initialize, and in postpost-stop is odd. 1184193102 M * rgl humm, so initialize is done only once for the lifetime of the host? 1184193121 M * daniel_hozac no. 1184193136 M * rgl why is there an initialize at all? 1184193149 M * daniel_hozac as i just said, to setup the root filesystem. 1184193159 M * Bertl because _I_ needed something before root gets mounted :) 1184193216 M * rgl humm, so what are the directories in the prepre-start description: "and the directories are mounted." 1184193250 M * daniel_hozac root filesystem. 1184193280 M * rgl so, I can run vroot set in the prepre-start scriptlet? 1184193326 M * daniel_hozac or post-start, or pre-start. it doesn't matter. 1184193343 M * daniel_hozac just as long as you do it before the guest wants to do anything quota related. 1184193422 M * rgl ah. so I'll do it prepre-start and postpost-stop, because it seems coerent too me. 1184193466 M * daniel_hozac just as long as you know it's not :) 1184193518 M * rgl but, in this case, its fine? 1184193532 M * daniel_hozac sure. 1184193568 M * rgl uff :) 1184193575 M * rgl just one last thing (I hope :) 1184193592 M * rgl when I stop the guest, quotaoff seems to barf this: 1184193593 M * rgl * Turning off quotas... quotaoff: quotactl on /dev/hdv1 [/]: No such process 1184193607 M * rgl can I ignore that? 1184193627 M * Bertl and /dev/hdv1 is the configured vroot device? 1184193707 N * DoberMann DoberMann[ZZZzzz] 1184193793 M * rgl Bertl, it is. I have this inside /etc/vserver//mtab: 1184193793 M * rgl /dev/hdv1 / ufs rw,noatime,usrquota,grpquota 0 0 1184193815 M * rgl and inside the /etc/vservers/ocelot/fstab I have: 1184193820 M * rgl /dev/main/ocelot / ext3 rw,noatime,usrquota,grpquota,dev 0 0 1184193866 M * rgl oh, and I did: 1184193867 M * rgl cp -af /dev/vroot0 /etc/vservers/ocelot/vdir/dev/hdv1 1184193895 M * rgl I just need to do the last line once, correct? 1184193909 M * rgl eg: not everytime I start the guest. 1184193971 M * daniel_hozac right. 1184194018 Q * meandtheshell Quit: Leaving. 1184194048 M * daniel_hozac Bertl: initial first hack draft of disk limit testing for testfs: http://people.linux-vserver.org/~dhozac/p/m/delta-dlimit-feat01.diff 1184194069 M * daniel_hozac btw, did i ever answer your question about vsysctl? 1184194205 M * daniel_hozac if i didn't, i think that error would be due to a missing /proc/sys. 1184194230 M * daniel_hozac (which admittedly shouldn't keep the guest from starting) 1184194269 M * Bertl ah, from cpuset setup? 1184194278 M * daniel_hozac hmm? 1184194298 M * rgl sorry, but how about my quotaoff error/warning message? can it be ignored? 1184194323 M * Bertl daniel_hozac: the /proc/sys or what stumbled over the missing /proc/sys? 1184194332 M * daniel_hozac vsysctl 1184194345 M * Bertl ah, right 1184194353 M * rgl Humm, the page at http://linux-vserver.org/Standard+non-shared+quota cannot be edited :( 1184194356 M * daniel_hozac it's a bug, it tries to chdir to /proc/sys before it checks if there's any reason to. 1184194364 M * rgl "The page you have tried to edit is locked due to migration to our new wiki relocation" 1184194364 M * daniel_hozac rgl: it's on the old wiki. it should be migrated. 1184194365 M * Bertl rgl: sounds wrong - i.e. sounds like your guests cannot do quota stuff 1184194382 M * daniel_hozac no such process? sounds like it might've already been removed to me. 1184194406 M * rgl Bertl, humm, I can use quota. and repquota -a, and see it change while I create files and stuff. 1184194422 M * daniel_hozac but can you set the quotas? 1184194436 M * rgl yes. and see them work. 1184194456 M * Bertl well, then I would ignore it (and/or update the quotatools :) 1184194458 M * rgl ie, not allowing me to extend the file length. 1184194520 M * daniel_hozac Bertl: well, i gotta run, but if you could just take a quick glance at the testfs patch, i'd appreciate it. 1184194527 M * daniel_hozac cya! 1184194590 M * Bertl okay, doing so rtight now 1184194596 M * rgl bye daniel_hozac 1184194597 M * Bertl *right 1184194626 M * rgl Bertl, ok. I'll see how it goes when it actually has users hammering the thing *G* 1184194744 M * rgl Bertl, can I abort the start from a scriplet? 1184194755 M * rgl from the prepre-start scriptlet that is. 1184194775 M * rgl eg: ig vrsetup fails, I don't want to start the guest at all. 1184194950 M * Bertl not sure return values are checked, but I would expect an error code 8as return value) will make the startup fail 1184195020 M * rgl Bertl, indeed. it works :D 1184195040 M * rgl Bertl, placing a exit 200 prevents it from starting :) 1184195235 M * Bertl excellent! 1184195295 M * rgl :) 1184195306 M * rgl Bertl, when are you going to start using 2.6.22 :) 1184195308 M * rgl ? 1184195358 M * Bertl actually I am using it since (hmm, 3 days now?) 1184195384 M * Bertl no, two days and 6 hours :) 1184195386 M * rgl are you using vserver-2.2.0-rc5? 1184195393 M * Bertl yep 1184195408 M * rgl cool :D 1184195453 M * rgl how does -rc5 mutates into stable? 1184195479 M * Bertl by getting a bunch of reports and doing some tests 1184195595 M * rgl how do you account that? :) 1184195608 M * Bertl (reports = feedback like: "hey, I have it running for a week, works fine here") 1184195642 M * Bertl rgl: the tests are simpler to validate, but the feedback is gut feeling 1184195658 M * rgl I see. 1184195672 M * rgl how do you validate them Bertl ? got a test suite? 1184195672 M * Bertl i.e. when we 'feel' that it is stable, then it is declared stable :) 1184195700 M * Bertl unfortunately a fully automated test suite hasn't been done yet 1184195725 M * Bertl but there is a number of tests we did to trigger certain issues, and those get exercised on new kernels 1184195756 M * rgl oki. 1184195765 M * rgl where are they? :) 1184195786 M * Bertl if you know what changed in mainline, it's not that hard to guess what can break in Linux-VServer 1184195832 M * Bertl they are sitting in various places/scripts/text files on various devel machines 1184195843 M * rgl for me its hard even be reading the mainline changelog *G* 1184195875 M * rgl but, that does mean, you known where its breaks... so is it broken? :) 1184196039 M * Bertl if it was that simple, then the kernel developers would not have to fix bugs :) 1184196054 M * Bertl but let me give an example: 1184196085 M * Bertl when I forward port a Linux-VServer patch to a new kernel, then there will be certain files/patches which do not apply perfectly 1184196101 M * Bertl (i.e. offsets, fuzz, rejects ...) 1184196124 M * Bertl those will 'suggest' certain changes which affect Linux-VServer 1184196150 M * Bertl now looking them up in the mainline changelog or git tree, will give an idea what has changed 1184196188 M * Bertl and thus, the changes can be adapted, and the affected subsystems will get specific testing 1184196310 M * rgl humm, even if the patch applies, can you be sure its doing the right thing? I mean, its possible for a patch to apply, but not actually work? 1184196324 M * Bertl yes, that is possible 1184196351 M * Bertl but usually those get caught by the basic tests 1184196398 M * rgl ah ok. 1184196446 M * rgl it would be really nice to have a test suite. but you known that for sure ;-) 1184196506 M * Bertl definitely, and given enough time (or volunteers to hack on that) we will do that as one of the firstthings 1184196537 M * rgl I was looking at the linux testing suite http://ltp.sourceforge.net/. maybe that can help getting it rolling. 1184196611 M * Bertl well, if you like to hack on it, be my guest ... 1184196734 M * rgl I'll have to get used to the ltp project first :D 1184197152 M * rgl gag. so late. I gtg. 1184197161 M * rgl have a nice night Bertl :D 1184197163 M * rgl vya. 1184197166 M * rgl cya. 1184197204 Q * rgl Quit: Leaving