1184717642 N * arachnis1 arachnist
1184718593 Q * slack101 Ping timeout: 480 seconds
1184718614 J * slack101 ~rwer@cpe-65-31-15-111.insight.res.rr.com
1184718640 Q * onox Quit: zZzZ
1184718746 Q * bzed Quit: Leaving
1184719353 M * blizz are ext3 ACLs in guests possible?
1184719377 M * Bertl yes, I'd assume so
1184719390 M * blizz to answer your question: i used muh (i think it's miau now) and i liked it. anyway, now i prefer irssi over ssh
1184719421 M * Bertl yeah, I'm using irssi (over ssh) too, but a friend of mine uses pidgin
1184719436 M * blizz ahh, i see
1184719438 M * Bertl and AFAIK, miau is a branch of muh
1184719451 M * blizz afaik irssi has a proxy mode which can be used to bounce
1184719454 M * Bertl I'm looking into bip right now, sounds very promising
1184719691 J * DoberMann_ ~james@AToulouse-156-1-51-33.w90-16.abo.wanadoo.fr
1184719798 Q * DoberMann[ZZZzzz] Ping timeout: 480 seconds
1184719966 Q * ema Ping timeout: 480 seconds
1184722374 M * slack101 dammit networking is not working inside my of vserver
1184722375 M * slack101 wtf ?
1184722410 M * micah slack101: what is your interfaces configured to?
1184722905 Q * slack101 Ping timeout: 480 seconds
1184722926 J * slack101 ~rwer@cpe-65-31-15-111.insight.res.rr.com
1184723018 M * Supaplex rr.com must be the suck. ;)
1184723061 M * Bertl how so?
1184723081 M * Supaplex slack101 keeps dropping off
1184723100 M * slack101 lol
1184723107 M * slack101 this is what you get in Miami 
1184723116 M * slack101 its good connection
1184723123 M * slack101 when theres not tropical storms ouside 
1184723174 M * Supaplex o
1184723194 M * slack101 is the nameserver the same onthe host / guest ? 
1184723200 M * slack101 sorry just never had this problem before 
1184723218 M * Supaplex that's ideal
1184723249 M * Supaplex and /etc/resolv.conf applies to each host and guest. the guest should have it setup to.
1184723305 J * ema ~ema@rtfm.galliera.it
1184723348 M * slack101 this iptables crap is driivng me crazy everytime i start it 
1184723380 M * slack101 INPUT rules already exists for 69.xx.xx.xxx, skipping
1184723380 M * slack101 OUTPUT rule already exists for 69.xx.xx.xx, skipping
1184723392 M * slack101 i know you said Bertl  thats its not wring that but hmmmm
1184723449 M * slack101 wow i cant ping domain names wtf
1184723459 M * slack101 but the resolv.etc is right i think its that iptbales crap
1184723484 M * Supaplex uh /etc/resolv.conf ? there is no .etc
1184723495 M * slack101 thats what i meant 
1184723514 M * slack101 anyways yea thats right 
1184723534 M * slack101 o shiti  know hwy 
1184723536 M * slack101 dammit 
1184723626 M * Supaplex ewps
1184723898 M * slack101 but again
1184723905 M * slack101 i think its writing those rules for that iptables 
1184723997 M * emtty (host) # iptables -L
1184724021 M * emtty more useful than speculation
1184724092 M * slack101 yea it wrote the rule for sure 
1184724095 M * slack101 to the host
1184724113 M * slack101 ummm is this a problem 
1184724129 M * slack101 it just wrote it for that IP though if that matters 
1184724179 M * slack101 ekkkkkk"?
1184724190 M * slack101 Bertl, you lied :P 
1184724210 M * Bertl slack101: how so?
1184724212 M * emtty no, your caps are prob set to allow it
1184724221 M * slack101 hmmm
1184724230 M * slack101 casue a user can set the iptables 
1184724233 M * slack101 guest
1184724237 M * slack101 should i change this ? 
1184724247 M * slack101 can they mess up anything more then their own ip ? 
1184724415 M * Supaplex iptables-save | less
1184724418 M * Bertl AFAIK, a guest is not able to mess with iptables
1184724433 M * Bertl (with the default set of capabilities, that is)
1184724573 M * slack101 Bertl, i jus compield it with the recomendations 
1184724590 M * slack101 damn
1184724615 M * slack101 so now one of my users can dump another persons iptables ?
1184724652 M * Supaplex have you replicated the issue?
1184724660 M * slack101 or is it safe to keep as is ?
1184724670 M * Bertl slack101: you mean, read it, yes, as the iptable rules are host specific (so shared)
1184724704 M * emtty whats in /etc/vservers/<vserver>/bcapabilities for the guest in question?
1184724722 M * slack101 im saying from inside a guest if i do iptables -L could it just read what it has done for its IP or the whole server all everyones ip[ ?
1184724725 M * Bertl slack101: but if you have some evidence that guest root (without additional capabilities) can modify iptables entries, then this is considered a bug and will be fixed
1184724760 M * Supaplex hysteria-- evidence++
1184724802 M * Bertl Supaplex: you probably don't remember the time of the 'root escape explots' do you?
1184724809 M * Bertl *exploits
1184724811 M * Supaplex no =)
1184724831 M * Bertl that was really fun ... some guy created an exploit to escape from the chroot
1184724847 M * slack101 how did that work ?
1184724850 M * Supaplex hehe
1184724853 M * Bertl which actually worked (because we had not forseen this specific case)
1184724873 M * Bertl nevertheless, the issue was fixed within a day
1184724898 M * Bertl the funny part is the following: the code did write a few lines of meaningless data
1184724907 M * Bertl and then reported "the exploit worked"
1184724928 M * Bertl unfortunately it did so regardless of the actual success or failure
1184724930 M * slack101 hmm i have no bcapabilities file 
1184724956 M * Supaplex that's normal
1184724961 M * slack101 oh?
1184724968 M * slack101 i never had to mess with any of thisbefore 
1184724977 M * Supaplex it implies no bcap*
1184724977 M * Bertl thus for the next 6 months (or maybe even longer) we had people showing up here, claiming that the chroot exploit worked on the 'fixed' kernels
1184724979 M * slack101 most likely becasue i never messed with iptables from within a guest 
1184724997 M * slack101 Supaplex, s how is my guest writing to the iptables ;)
1184725009 M * Bertl slack101: is it?
1184725022 M * slack101 yes
1184725057 M * Bertl could you upload (paste.linux-vserver.org) the output of 'cat /proc/virtual/<xid>/status'?
1184725071 M * Bertl replace <xid> with your guest's context number
1184725104 M * slack101 i ddint specify a context number wen i made it 
1184725115 M * emtty vserver-stat -> CTX column
1184725146 M * Bertl or /etc/vservers/<name>/context
1184725161 M * slack101 BCaps:  00000000344c04ff
1184725166 M * slack101 is that all you need to know ?
1184725166 A * Supaplex runs iptables -A INPUT -s $me -j ACCEPT ; iptables -A INPUT -j DROP
1184725168 M * Supaplex ;)
1184725208 M * Bertl slack101: no, as I said, I'm interested in the complete output :)
1184725215 M * Bertl (please use paste.linux-vserver.org for everything longer than 3 lines)
1184725240 M * slack101 http://phpfi.com/250459
1184725283 M * Bertl looks good to me ...
1184725341 M * slack101 lol ?
1184725350 M * slack101 is writing to the host 
1184725355 M * slack101 im prolly not doing something right 
1184725440 A * Supaplex wipes out the 15k lines of iptables rules
1184725447 M * slack101 hmmmmmmmm
1184725491 M * slack101 i already assumed that it wouldnt work
1184725580 M * slack101 Bertl, any ideas ?
1184725588 M * Bertl what kernel?
1184725604 M * slack101 im about to get bitched at soon i think :P users are going ot be wondering where their iptables are going 
1184725607 M * slack101 newest one 
1184725609 M * Supaplex his own incarnation ;)
1184725620 M * Bertl so, 2.6.22.1 then .. good choice
1184725634 M * slack101 well
1184725657 M * slack101 2.6.21.5-vs2.2.0
1184725685 M * Bertl so not the latest then, not even the latest 2.6.21 kernel
1184725688 M * Bertl okay, np
1184725739 M * slack101 i just odwnloaded latest stable thing form kernel .org
1184725745 M * slack101 and got a patch for it lol
1184725748 M * slack101 like 2 weeks ago 
1184725765 M * slack101 Bertl, so why is the guest writing to the iptables and its working 
1184725769 M * Bertl yeah, you know, they update that page sometimes :)
1184725787 M * Bertl I'm going to test that here now (in a few minutes)
1184725794 M * AStorm Bertl, could you provide split 2.6.22 patch?
1184725804 M * slack101 well i dont want to to through  trouble 
1184725811 M * slack101 if its just something stupid i am not doing 
1184725834 M * Bertl AStorm: not without good reason (use one of the older splits to remove the scheduler code)
1184725874 M * AStorm Bertl, hmm, ok. Is the new quota code inside v2.2.0.1-rc1? (or what's it called)
1184725918 M * Bertl no v2.2.0.2-rc1 does not contain shared quota
1184725932 M * slack101 bte Bertl when i compiled my kernel i had legacy networking api enables could that be the problem ?
1184725942 M * Bertl nope
1184725993 M * slack101 damn man :P
1184725994 M * Bertl slack101: but please upload the output from: 'grep VSERVER .config' to a pastebin (inside your kernel tree)
1184726057 M * slack101 http://phpfi.com/250462
1184726060 M * slack101 theres that
1184726062 M * slack101 and this sucks 
1184726076 M * slack101 now i jus hope my users dont find about about this bug 
1184726113 M * Supaplex I won't abuse it. :)
1184726159 M * slack101 actually this is interesting 
1184726160 A * Supaplex hunts down an early sslstuff.com schema
1184726214 M * slack101  Could not load /lib/modules/2.6.21.5-vs2.2.0-rc3/modules.dep: No such file or directory
1184726313 M * Bertl slack101: what tools are you using?
1184726330 M * slack101 what do you mean what tools ?
1184726340 M * Bertl util-vserver 0.30.xxx?
1184726346 M * slack101 ah
1184726374 M * AStorm slack101, modules-update
1184726380 M * AStorm or depmod (the same)
1184726388 M * slack101 vserver 0.30.212 -- manages the state of vservers
1184726421 M * Bertl slack101: why on earth did you enable 'Show a Legacy Version ID'?
1184726446 M * slack101 i ddint mean too :P
1184726450 M * slack101 that was kinda random 
1184726454 M * AStorm slack101, disable that ASAP :P
1184726462 M * slack101 is that bad ?
1184726466 M * Bertl slack101: when you enter the guest, could you do 'cat /proc/self/status' and upload that somewhere too?
1184726547 M * slack101 http://phpfi.com/250463
1184726580 M * Supaplex gah. init 1 remotely = bad.
1184726621 A * slack101 cries 
1184726626 M * slack101 whats the prob here :P
1184726752 J * agryppa ~kb2qzv@cab-dr-cas2-38.dial.airstreamcomm.net
1184726766 M * Bertl slack101: hmm, I would say you are shooting yourself in the foot :)
1184726827 M * Bertl slack101: it is probably a tool issue, but I doubt anybody cares, as this is a completely unusual setup
1184726841 M * Bertl slack101: nevertheless I will check this too
1184726864 M * Bertl slack101: with all the legacy stuff enabled, you basically prepared your system for util-vserver 0.30
1184726874 M * Bertl (which is several? years old)
1184726927 M * Bertl by additionally using dynamic contexts (which are deprecated for some years now) you are getting a setup, where your context shifts with every enter
1184726969 M * agryppa 32bit guest ubuntu on 64bit gentoo host: ssh -X ubuntu@ubuntu asks for password. what to do to get through? 
1184726997 M * Bertl agryppa: most likely, type the correct password?
1184727010 M * agryppa I knew you'd answer like that :-)
1184727056 M * agryppa would you help me to pinpoint the problem, though?
1184727091 M * Bertl slack101: I would suggest (I think I did exactly that the last N times) to install latest tools (0.30.213) and remove all/most of the legacy configs from the kernel (the defaults should be more than fine for you)
1184727093 M * Supaplex why would you use ubuntu on gentoo? hehe.
1184727106 M * agryppa "vserver ubuntu enter" lets me in without any problem
1184727116 M * Supaplex naturally.
1184727117 M * Bertl agryppa: sure, try to enter the guest and start sshd with -d (debug)?
1184727132 M * Bertl then ssh to it and look for clues?
1184727142 M * Supaplex agryppa: in the guest, does id ubuntu say anything?
1184727143 M * agryppa I'll try. tnx
1184727180 Q * slack101 Ping timeout: 480 seconds
1184727200 M * Bertl Supaplex: yeah, rr.com sucks ...
1184727201 J * slack101 ~rwer@cpe-65-31-15-111.insight.res.rr.com
1184727217 M * agryppa no such user (but I tried to login as root@ubuntu, too with no effect)
1184727251 M * Supaplex agryppa: did you create a root password in the guest? Is ssh listening in the guest? Don't assume, use netstat - if it's not working, see the faq on ssh.
1184727273 M * Bertl agryppa: on most distros, the root user is not allowed to logon via ssh
1184727277 M * Supaplex and yes, you'll have to create a user in the guest to. it's totally isolated.
1184727358 M * agryppa Supaplex: I didn't create a password for root in ubuntu guest. ssh is listening on port 22. nmap -Sv ubuntu says so.
1184727389 M * Supaplex agryppa: that's not what I asked. if you read the ssh faq, it's possible for the host to steal the guest ssh port.
1184727410 M * agryppa Bertl: my gentoo guest lets me in as root via ssh with no additional config.
1184727430 M * Bertl s/steal/block/
1184727435 M * Supaplex like Bertl said. it varies on distro.
1184727528 M * agryppa when sshd -d is launched, then login from host shows this:ssh root#ubuntu
1184727528 M * agryppa ssh: root#ubuntu: Name or service not known
1184727568 M * agryppa /etc/init.d/ssh start works better because I get refusals from some authentications service
1184727642 M * agryppa Permission denied (publickey,password,keyboard-interactive).
1184727665 M * Supaplex you're not making a whole lot of sense.
1184727684 M * agryppa sorry. I am little warn out
1184727716 M * Supaplex if you stop ssh on the guest, does nmap still see it?
1184727733 M * agryppa Do you suggest I create a user in ubuntu and then Try to login as that user form host via ssh?
1184727740 M * agryppa wait.
1184727794 M * agryppa no nmpa says there is no service at port 22 anymore
1184727827 M * Supaplex that's good. it's a guest issue then.  what's the guest distro?
1184727863 M * agryppa ubuntu 
1184727917 M * agryppa I think the probelm may be somewhere in the sshd_config on the guest.
1184727929 M * Supaplex ok, I'd ask #ubuntu
1184727936 M * agryppa ha ha.
1184727948 M * Supaplex or man sshd_config
1184727961 M * agryppa yea, right.
1184728852 M * Bertl slack101: you received my messages? if not, please check the IRC log
1184729285 M * Supaplex I don't think swift likes vserver. :(
1184729596 M * Supaplex grrr
1184729703 M * Bertl how so? 
1184729719 M * Supaplex it's eatting 100% cpu, and it never completes
1184729737 M * Supaplex strace just shows endless read calls that don't get data. it's from a text file though.
1184729803 M * Bertl so it is reading from a text file?
1184729865 M * Supaplex I'm going to get a better strace on it.
1184729892 M * Bertl maybe it has a debug/verbose switch?
1184729897 M * Bertl also check guest logs
1184729952 M * Supaplex it might
1184730569 M * Supaplex connect(13, {sa_family=AF_INET, sin_port=htons(1480), sin_addr=inet_addr("127.0.0.1")}, 16) = 0
1184730572 M * Supaplex send(13, "\0\0\0\0", 4, 0)              = 4
1184730575 M * Supaplex recv(13, "", 4, 0)                      = 0
1184730575 M * Supaplex I suspected something like this.
1184730603 M * Supaplex i don't have the source to swift. it's closed source. is there a ld_preload lib I can fake this with?
1184730619 M * Bertl hmm, what do you want to fake?
1184730633 M * Supaplex remap localhost?
1184730643 M * Supaplex isn't this the same issue samba has?
1184730652 M * slack101 Bertl, well im not really worried since users cant use iptables etc etc they get an error its just when it starts up it adds it to the host system
1184730670 M * slack101 when you start the guest from the host 
1184730789 M * Bertl slack101: with the combo you did choose, I'm not surprised you run into issues (and there will be more, I guess)
1184730807 M * slack101 thanks ;)
1184730992 M * Supaplex http://downloads.cepstral.com/cepstral/i386-linux/Cepstral_David-8kHz_i386-linux_4.2.0.tar.gz
1184731485 Q * slack101 Ping timeout: 480 seconds
1184731506 J * slack101 ~rwer@cpe-65-31-15-111.insight.res.rr.com
1184731540 M * Supaplex ah pits. same issue with 4.2.0
1184731908 M * Bertl Supaplex: you can try to change the remap source address, and/or try a vs2.3 setup with loopback address
1184732044 M * slack101 damn
1184732360 N * Bertl rop
1184732361 Q * FireEgl Read error: Connection reset by peer
1184732376 N * rop Bertl
1184732589 M * agryppa may I ask why /proc/cmdline is missing on guest gentoo? Does it have to do with virtualization?
1184732624 M * Bertl it is hidden by default (vprocunhide)
1184732639 M * Bertl because it basically contains host-only information
1184732682 M * agryppa then the xdm script that I want to use on the guest won't work, right?
1184732702 M * Bertl no idea, what does it do with the kernel command line?
1184732785 M * agryppa well the script has this in it:  for opt in $(</proc/cmdline); do
1184732800 M * agryppa and it fails
1184732832 M * Bertl well, still the question is, what does the xdm script do with kernel command line options?
1184732871 M * agryppa I have no idea.
1184732871 M * Bertl besides that, it should not fail if the file doesn't exist, i.e. I consider this a bug in the script 
1184732892 M * agryppa ok.
1184733331 J * FireEgl FireEgl@Sebastian.Atlantica.CJB.Net
1184733671 M * AStorm Bertl, wrt ripping out scheduler: which error code should I return in vc_*_sched* functions if they aren't supported?
1184733716 M * Bertl just remove them from the switch (or comment them out)
1184733720 M * AStorm Mhm.
1184733737 M * Bertl note, that a patch must support them for compatibility reasons
1184733749 M * Bertl (i.e. backward compatibility)
1184733827 M * AStorm I see, that's why I'm asking about the error code :-)
1184733875 M * Bertl so in this case, no error code :)
1184733973 M * Bertl but as I said, for testing purposes you can simply remove them
1184734363 M * Bertl okay, off for today ... have a good one everyone! cya!
1184734370 N * Bertl Bertl_zZ
1184734690 M * AStorm well, if these are lacking, and proc is lacking, I guess the tools regarding them will just fail with "unsupported operation"
1184734728 M * AStorm (due to that nice -ENOSYS)
1184735161 M * slack101 i wonder if i hsould re install vserver or if its ok reguardless the few probs i had 
1184735943 Q * agryppa Remote host closed the connection
1184736109 M * Supaplex sweet. load avg is 0.09 with one client in use. yay vserver. :)
1184738083 N * DoberMann_ DoberMann
1184739639 M * AStorm Bertl_zZ, once you wake up, I've got another heads up - sendpage should go away - there are splicing functions now and also generic_splice_sendpage
1184739987 J * meandtheshell ~markus@85.127.105.7
1184740030 M * AStorm sendfile went away too (it's done using splice r/w now)
1184740098 Q * Johnnie Ping timeout: 480 seconds
1184740173 M * AStorm also, there is a new FILESTREAM flag that has taken your barrier designation
1184740182 M * AStorm that's why you should've picked some higher flag
1184740313 N * DoberMann DoberMann[PullA]
1184740448 M * AStorm uhm, xfs ran out of flag space in its structure...
1184740556 M * AStorm Do you have any idea on how to implement barriers and iunlink for it now?
1184740563 M * AStorm xattrs?
1184740876 J * dna ~naucki@253-247-dsl.kielnet.net
1184740903 M * AStorm hmm, maybe use that pad space available?
1184741510 M * AStorm or, extend XFS2 inode with another field
1184741513 M * AStorm (non-core)
1184742244 M * AStorm Hmm, or store it in the data fork
1184744359 Q * slack101 Ping timeout: 480 seconds
1184744380 J * slack101 ~rwer@cpe-65-31-15-111.insight.res.rr.com
1184744428 A * Supaplex laughs at slack101's sad sad saaaad internets pipe
1184744433 M * Supaplex poor guy :)
1184745310 J * Piet hiddenserv@tor.noreply.org
1184748106 J * DavidS cool@helios.uni-ak.ac.at
1184748134 N * DavidS DavidS|Wien
1184748649 Q * slack101 Ping timeout: 480 seconds
1184748672 J * slack101 ~rwer@cpe-65-31-15-111.insight.res.rr.com
1184748818 J * cohan ~cohan@koniczek.de
1184748977 J * cedric ~cedric@80.70.39.67
1184748999 Q * Hollow Ping timeout: 480 seconds
1184749105 J * Hollow ~hollow@proteus.croup.de
1184749492 Q * DavidS|Wien Quit: Leaving.
1184752666 Q * complexmind Quit: using sirc version 2.211+KSIRC/1.3.12
1184752945 Q * slack101 Ping timeout: 480 seconds
1184752970 J * slack101 ~rwer@cpe-65-31-15-111.insight.res.rr.com
1184757238 Q * slack101 Ping timeout: 480 seconds
1184757259 J * slack101 ~rwer@cpe-65-31-15-111.insight.res.rr.com
1184758771 Q * phreak`` Quit: leaving
1184758798 J * phreak`` ~phreak``@deimos.barfoo.org
1184759984 J * TheSeer ~theseer@border.office.nonfood.de
1184759988 M * TheSeer heya :)
1184760017 M * TheSeer Error: Error accessing directory /vservers/mx/../../../../../../../../../../../..//etc/vservers/.defaults/vdirbase/.pkg/mx/yum/cache/core/headers, [Errno 2] No such file or directory: '/vservers/mx/../../../../../../../../../../../..//etc/vservers/.defaults/vdirbase/.pkg/mx/yum/cache/core/headers'
1184760072 M * TheSeer what is that trying to tell me when i use "vserver mx build -m yum --hostname=... --interface mx0=eth0:...../28 -- -d fc6
1184760211 J * HeinMueck ~Miranda@dslb-088-064-022-137.pools.arcor-ip.net
1184761320 Q * Piet Ping timeout: 480 seconds
1184761529 Q * slack101 Ping timeout: 480 seconds
1184761550 J * slack101 ~rwer@cpe-65-31-15-111.insight.res.rr.com
1184761613 J * EtherNet_ ~EtherNet@OL240-101.fibertel.com.ar
1184762069 J * Piet hiddenserv@tor.noreply.org
1184763523 Q * Aiken Remote host closed the connection
1184764365 Q * Hollow Remote host closed the connection
1184764380 J * Hollow ~hollow@proteus.croup.de
1184764488 J * cluk ~cluk@p5B17EC81.dip.t-dialin.net
1184765744 M * daniel_hozac TheSeer: a) you're not using a patched yum, and b).... well, i don't know. are there no errors before that?
1184765777 M * TheSeer i came to the conclusion of a) myself and try to build a patched yum myself ;)
1184765818 M * TheSeer the first couple of seem to work ;)
1184765822 M * TheSeer it's a yum 3.2.0
1184765825 Q * slack101 Ping timeout: 480 seconds
1184765846 J * slack101 ~rwer@cpe-65-31-15-111.insight.res.rr.com
1184767899 M * daniel_hozac should be fine.
1184767946 M * TheSeer yeah, there just is no prepatched rpm
1184767958 M * TheSeer and i didn't have build tools on the box ;)
1184768074 M * TheSeer You are using a version of yum which current status is unknown to vyum.
1184768074 M * TheSeer Just to be sure, 'vyum' will use dirty hacks which might not work when
1184768074 M * TheSeer the vsrever is running and local DOS attacks are possible.
1184768075 M * TheSeer hmm
1184768097 M * TheSeer it worked though
1184768288 N * Bertl_zZ Bertl
1184768294 M * daniel_hozac morning Bertl!
1184768295 M * Bertl morning folks!
1184768586 M * blizz moin
1184768624 M * Bertl AStorm: feel free to submit patches (regarding splicing/sendfile)
1184768815 M * EtherNet_ Bertl, morning!
1184768869 M * AStorm Bertl, doing that
1184768884 M * AStorm but in the meantime, I've to ask devs what to do with XFS di_flags
1184768894 M * AStorm because VServer ones don't fit now
1184768909 M * AStorm BTW, sendfile needs no patching it seems
1184768934 M * AStorm it's supported everywhere now (generic support is available)
1184768970 M * daniel_hozac you mean, in-kernel copy is supported?
1184769007 M * AStorm mhm
1184769021 M * daniel_hozac or that XFS is using generic_file_sendfile?
1184769037 M * AStorm no, all are using generic_splice_{read,write}
1184769044 M * AStorm do_sendfile and vfs_sendfile use that
1184769063 M * AStorm also, there is generic_splice_sendpage
1184769109 M * AStorm anyway, the patch is outdated for -git tree
1184769120 M * AStorm and XFS is lacking space in its di_flags field
1184769146 M * AStorm (which is what stopped my porting attempt for a while - asking on LKML what to do with it)
1184770149 Q * slack101 Ping timeout: 480 seconds
1184770170 J * slack101 ~rwer@cpe-65-31-15-111.insight.res.rr.com
1184770790 J * Johnnie ~jdlewis@c-67-163-142-234.hsd1.pa.comcast.net
1184770915 J * complexmind ~mark@87.124.128.71
1184771323 M * Roey HI!  I'm running Linux magneto 2.6.18.1-vs2.1.1-rc41 #1 SMP PREEMPT Thu Oct 19 16:16:34 EDT 2006 x86_64 GNU/Linux.  Have there been any significant enhancements to VServer since then?
1184771409 M * daniel_hozac umm, yeah.
1184771431 M * Bertl hey Roey!
1184771520 M * AStorm For the time being, I'll drop barrier support from XFS
1184771529 M * AStorm until I get word from its devs
1184771833 M * complexmind hi bertl, I'm just wondering is there a length limit for the number of lines being pasted into the pastebin?
1184771860 M * complexmind unusually I'm having a few build problems I wanted to show you
1184771890 M * Bertl probably there is, but it should be sufficiently large, do you encounter any issues?
1184771907 M * complexmind yes, I was trying to paste my config.log and make log
1184771913 M * complexmind it seems to have truncated it
1184771928 M * complexmind I'll paste the main part of the error, if you want to see more I can try again
1184771947 M * complexmind would you mind taking a quick look at the error and let me know if it is anything obvious?
1184771965 M * Bertl no
1184772024 M * complexmind thanks log here http://paste.linux-vserver.org/4611
1184772036 M * complexmind i don't usually have any problems building util-vserver
1184772065 M * complexmind this is on a Centos5 host, dietlibc 0.30 (built from diet cources)
1184772170 Q * Johnnie Ping timeout: 480 seconds
1184772177 M * daniel_hozac it looks like your diet is trying to use glibc hedaers.
1184772182 M * daniel_hozac +english
1184772219 M * complexmind ah right :) perhaps I didn't install it properly, this is the first time I have had to build diet, it seems to have been dropped from centos5
1184772223 M * daniel_hozac how did you install dietlibc? just ./configure, make, make install?
1184772249 M * complexmind no, I made a package
1184772313 M * daniel_hozac did you use the FE package as a source, or did you make it yourself?
1184772349 M * complexmind i downloaded the dietlibc-0.30 sources, it's not an srpm from fedora 
1184772377 M * complexmind is it best to rebuild ffc5 package?
1184772430 M * daniel_hozac FE6 would probably be best.
1184772442 M * complexmind ok, I'll try that and report back, thanks!
1184772464 M * daniel_hozac but how did you get the RPM? is there a specfile in the tarball, or what?
1184772477 M * daniel_hozac (or did you just write it yourself?)
1184772561 M * harry 17:26 <@wim> harry: dien vserver rules dus :-)
1184772569 M * harry another satisfied vserver user :)
1184772589 M * harry also a sysadmin somewhere @ KULeuven
1184772596 M * Bertl what did he say?
1184772611 M * harry i helped him a bit setting up vservers
1184772629 M * harry he now can change his machine park to only 2 servers
1184772634 M * harry 1 linux machine, 1 windows :)
1184772641 M * Roey Hey Bertl!
1184772645 M * Roey and harry and daniel_hozac and complexmind 
1184772652 M * harry heya Roey 
1184772655 Q * slack101 Quit: Leaving
1184772661 M * Roey Bertl:  so, anything new in VServer since 2.1.1?
1184772676 M * Roey Bertl:  ooh, ooh, like openvpn working?
1184772676 M * Bertl Roey: a new stable release?
1184772678 M * daniel_hozac you don't even have 2.1.1
1184772692 M * Roey <Roey> HI!  I'm running Linux magneto 2.6.18.1-vs2.1.1-rc41 #1 SMP PREEMPT Thu Oct 19 16:16:34 EDT 2006 x86_64 GNU/Linux. 
1184772697 M * Roey it's the RC
1184772714 M * daniel_hozac yes. != final
1184772719 M * Roey aye
1184772723 M * Roey So what's the current version?
1184772728 M * daniel_hozac 2.2.0.2
1184772729 M * Roey 2.2.01
1184772733 M * Roey oh
1184772741 M * Roey latest stable 2.2.01 says /topic
1184772743 M * Roey hmm
1184772767 T * Bertl http://linux-vserver.org/ | latest stable 2.2.0.2, 2.0.3-rc3, devel 2.3.0.12, stable+grsec 2.0.2.1, 2.2.0 | util-vserver-0.30.213 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the Wiki, and we'll forget about the minute ;)
1184772787 M * Roey :) cool
1184772901 M * Roey Bertl:  is there a CHANGES document anywhere?
1184772944 M * complexmind daniel_hozac: yes I started with the specfile in contrib/ but obviously did a very bad job of writing the rest of the specfile :)
1184772955 M * daniel_hozac http://linux-vserver.org/ChangeLog-2.2
1184772958 M * Bertl Roey: http://wiki.linux-vserver.org/Feature_Matrix
1184772970 M * complexmind it builds fine with a rebuilt diet based on fc6 srpm
1184772972 M * complexmind :D
1184772980 M * complexmind thanks very much :)
1184773049 M * daniel_hozac you're welcome!
1184773071 J * tzanger ~tzanger@gromit.mixdown.ca
1184773076 M * tzanger good morning
1184773108 M * tzanger I've got a brand new debian etch install that I installed vserver on to, and then used the newvserver command to create a debian etch virtual server
1184773124 M * tzanger vserver host is .251, vserver guest is .28
1184773131 M * tzanger when I ssh to .28 from outside, I get the host
1184773135 M * tzanger did I do something wrong?
1184773139 M * harry interdiff: Error applying patch1 to reconstructed file
1184773155 M * tzanger ifconfig on the machine I ssh'd to shows .251, even though I ssh'd to 28
1184773164 M * daniel_hozac tzanger: http://linux-vserver.org/Frequently_Asked_Questions#When_I_try_to_ssh_to_the_guest.2C_I_log_into_the_host.2C_even_if_I_installed_sshd_on_the_guest._What.27s_wrong_here.3F
1184773177 M * tzanger ooh that's in the faq
1184773182 M * tzanger I apologise
1184773203 M * Bertl tzanger: in general, please stay away from newvserver
1184773274 M * tzanger Bertl: oh?
1184773280 M * tzanger the documentation says to use it
1184773282 M * Bertl daniel_hozac: blino will submit 'preliminary' urpmi support shortly
1184773298 M * Bertl daniel_hozac: could you have a look at it and include that?
1184773308 M * daniel_hozac sure.
1184773309 M * harry newvserver?
1184773311 M * harry what's that?
1184773318 M * Bertl daniel_hozac: also, could we get a new 0.30.214? release in the near future?
1184773320 M * tzanger http://linux-vserver.org/Installation_on_Debian
1184773335 M * daniel_hozac Bertl: hmm, what for?
1184773349 M * harry config:/usr/local/config/kernel# interdiff -p 1 patch-2.6.21.5-vs2.2.0.diff.1 patch-2.6.21.6-vs2.2.0.2.diff
1184773355 M * harry what's wrong with that command?
1184773360 M * daniel_hozac harry: different base kernels.
1184773366 M * Bertl okay, back after dinner ...
1184773369 M * daniel_hozac tzanger: yeah, that page needs an update.
1184773370 N * Bertl Bertl_oO
1184773372 M * harry daniel_hozac: that's what the p1 should handle
1184773386 M * daniel_hozac harry: no, the Makefile hunk won't apply.
1184773393 M * tzanger is newvserver buggy?  What problems might I expect?
1184773396 M * harry aha
1184773412 M * daniel_hozac tzanger: it likely overwrites your host's /etc/motd?
1184773421 M * daniel_hozac s/?/./
1184773424 M * harry fixed! :)
1184773677 M * AStorm I've a question why does VServer patch modify fs/namespace.c option setter so aggresively :>
1184773683 M * AStorm replacing loops where it's not needed
1184773782 J * stefani ~stefani@tsipoor.banerian.org
1184773961 Q * cluk Quit: Ex-Chat
1184774025 M * harry bleh
1184774036 M * harry how can i surf to the place where i can update the webpage patch part?
1184774087 P * tzanger 
1184774116 N * Bertl_oO Bertl
1184774214 M * daniel_hozac harry: http://linux-vserver.org/Template:CurrentPatchTable click edit
1184774227 M * harry mkay
1184774234 M * harry but how do i get there through the webpage?
1184774280 M * daniel_hozac recent changes -> click on it? :)
1184774311 M * harry kinky :)
1184774320 M * harry not the best way... but it works :)
1184774323 M * harry bookmarked it now :)
1184774345 T * harry http://linux-vserver.org/ | latest stable 2.2.0.2, 2.0.3-rc3, devel 2.3.0.12, stable+grsec 2.0.2.1, 2.2.0.2 | util-vserver-0.30.213 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the Wiki, and we'll forget about the minute ;) 
1184774592 Q * FireEgl Read error: Connection reset by peer
1184774660 Q * ensc Ping timeout: 480 seconds
1184774869 M * harry Bertl, daniel_hozac : what's changed in 2.2.0 and 2.2.0.2 ?
1184774885 M * daniel_hozac you have the interdiff, you tell us :)
1184774969 M * harry daniel_hozac: some filesystem stuff
1184774972 M * harry and cleanups ?
1184774974 M * harry that's it?
1184774999 M * daniel_hozac i guess that's one way to put it.
1184775056 M * Bertl okay, I updated the debian page (non intrusive)
1184775116 M * daniel_hozac great, thanks.
1184775125 J * bonbons ~bonbons@2001:5c0:85e2:0:20b:5dff:fec7:6b33
1184775146 M * Bertl I think I will finally get around doing the guest installations now, at least fc* should work now with the dynamic rpm
1184775220 M * daniel_hozac centos* as well, i guess.
1184775229 M * Bertl daniel_hozac: as it seems, slack101 was testing a special case
1184775238 M * AStorm Hmm, nfs also lacks space in its NFS_MOUNT flags
1184775239 M * Bertl daniel_hozac: which might need some investigations
1184775244 M * AStorm for tagged mount
1184775244 M * daniel_hozac oh?
1184775259 M * daniel_hozac which case?
1184775269 M * Bertl he compiled his kernel (the last one :) with all legacy stuff enabled he could possibly find
1184775299 M * daniel_hozac and it worked? i would've thought we broke legacy since the last time we tried it :)
1184775315 M * Bertl and it seems the guests created with 0.30.212 (not tested with 0.30.213) started fine, but the are not secure
1184775361 M * daniel_hozac you sure? from the log it seemed to have the right capabilities.
1184775364 M * Bertl so we should either make sure that 0.30.214 (if not already done so) does refuse to run with that setup
1184775373 Q * cedric Remote host closed the connection
1184775392 M * daniel_hozac i'm somewhat inclined to believe that was virtuatables or similar... :)
1184775404 M * Bertl I will check that shortly
1184775441 J * FireEgl FireEgl@Sebastian.Tcldrop.Com
1184775442 M * Bertl but at least dynamic network contexts will give some confusion I guess
1184775447 M * daniel_hozac definitely.
1184775518 M * AStorm Oh, fortunately, nfs mount has more space for flags
1184775546 M * harry Bertl: what's wrong with those setups?
1184775552 M * harry (so that i can fix it ;))
1184775580 M * daniel_hozac just remove CONFIG_VSERVER_LEGACY ;)
1184775589 M * harry done that long time ago :)
1184775595 M * daniel_hozac or make it depend on !CONFIG_VSERVER_SECURITY or something.
1184775602 M * daniel_hozac so, you're good to go.
1184775613 M * harry wiiiiiiii... /me rules :)
1184775624 M * harry btw. would be nice to update the changelog if you update the patches...
1184775634 M * harry i don't konw if i should update to 2.2.0.2
1184775641 M * AStorm harry, yes, you should
1184775642 M * harry because i see the patch diff...
1184775645 M * harry but i don't know why
1184775666 M * harry AStorm: i'd like to decide that for myself
1184775670 M * AStorm from which version?
1184775671 M * harry if i iknow what the diff is
1184775673 M * harry 2.2.0
1184775680 M * AStorm ah, that, only some bugfixes
1184775683 M * harry i'm running 2.6.21.6 with 2.2.0 now
1184775695 M * harry problem is... i don't know if they are relevant
1184775703 M * harry i use it on quite a lot of production servers
1184775718 M * harry so i can't just reboot them if the impact is 0 on that machine
1184775725 M * harry if there are serioius reasons... no prob
1184775734 M * harry without a changelog, i can't tell
1184775770 M * daniel_hozac you use COW?
1184775784 M * harry since i don't do those updates, i 'm not the one who should do that
1184775787 M * harry daniel_hozac: no
1184775801 M * daniel_hozac then you probably don't care.
1184775803 M * harry but saying it here doesn't solve the problem for other users :)
1184775812 M * daniel_hozac yes, i will update the changelog.
1184775817 M * harry tnx :)
1184775838 M * harry i update my changelog every time :)
1184775850 M * harry but... i tend to only update what I changed
1184775931 A * harry stops working... time to head home!:)
1184775934 M * harry cya'll! :)
1184776727 M * Bertl daniel_hozac: what is the status of post installation scripts for 0.30.213?
1184776738 M * Bertl (and what is the status in HEAD/TRUNK?)
1184776941 M * Roey Thanks, Bertl :)
1184776961 M * Bertl np, (whatever for :)
1184777093 M * Roey Bertl:  the feature matrix ;)
1184777101 M * Bertl ah, k :)
1184777108 M * Roey Bertl:  hmm, I see maybe one or two features added since my version
1184777118 M * Roey <Roey> HI!  I'm running Linux magneto 2.6.18.1-vs2.1.1-rc41 #1 SMP PREEMPT Thu Oct 19 16:16:34 EDT 2006 x86_64 GNU/Linux. 
1184777129 M * Bertl more important, it became a _stable_ release 
1184777133 M * Roey oh :)
1184777139 M * Bertl compared to your 'development release candidate'
1184777146 M * Roey Bertl:  hmm... what about openvpn, is that any time soon?
1184777159 M * Roey Herbert, I've been using this without problems :)
1184777171 M * Roey even your development releases seem stable :)
1184777172 M * Bertl works fine here (with a preconfigured tun device)
1184777181 M * AStorm daniel_hozac, are the CoW fixes there in vs2.2.0.1-rc1 for 2.6.22?
1184777182 M * Roey Bertl:  hmm, that's with ngnet yes?
1184777194 M * Bertl Roey: no, not really required
1184777196 M * Roey AStorm:  the CoW is for which filesystem under VServer?
1184777203 M * Roey *for VServer guests
1184777206 M * Roey Bertl:  hmm, ok.
1184777211 M * AStorm Roey, any
1184777217 M * Bertl AStorm: 2.2.0.2-rc1 yes
1184777252 J * ensc ~irc-ensc@p54B4F770.dip.t-dialin.net
1184777292 M * Roey AStorm:  oh? how does that work?!??
1184777302 M * Roey AStorm:  I thought it's not virtualized
1184777308 M * Roey *that disk access isn't virtualized
1184777311 M * AStorm Roey, it isn't
1184777315 M * Roey ok
1184777322 M * AStorm Copy-on-Write is done using a special attribute
1184777325 M * Roey oh
1184777326 M * Roey ok
1184777331 M * AStorm and hard links
1184777344 M * Roey ok
1184777353 M * AStorm it's an autobreakable hard link, for all purposes
1184777371 M * Roey what do you mean by autobreakable
1184777373 M * Roey under which conditions
1184777374 M * Roey ?
1184777409 M * AStorm file write, chmod, chown
1184777418 M * AStorm not file rename
1184777516 M * AStorm Bertl, so I'm going to grab that 2.2.0.2-rc1 and create an interdiff between it and 2.2.0.1-rc1
1184777847 M * Roey ok
1184777861 M * Roey any ideas for 2.4.x ?
1184777869 M * Roey like, what the next big features in mind are?
1184777877 M * Roey [x] domination
1184777890 M * Roey [x] inclusion into main-line kernel
1184777895 M * AStorm World domination, yes
1184777898 M * Roey :)
1184777906 M * Bertl inclusion into main-line kernel: is already happening
1184777908 M * AStorm Bertl, they added user namespaces to 2.6.22-git, even
1184777918 M * Roey Bertl:  oh!??!
1184777919 M * AStorm though the containers are on hold and in -mm
1184777922 M * Roey Bertl:  that's wonderful
1184777943 M * Bertl Roey: well, as usual, it is getting bloated
1184777946 M * Roey Bertl:  and user namespaces is something that originated with the VServer project?
1184777957 M * Roey Bertl:  (the kernel, or VServer?)
1184777988 J * cruser ~chatzilla@72.242.194.162
1184777988 M * Bertl all mainline virtualization is re-engineered
1184778006 M * Roey Bertl:  btw, I love vserver.  People ask me about kernel-level vulnerabilities though.. they want separate boxes for separate functions
1184778010 M * AStorm yes, because they don't like non-generic fast code ;P
1184778027 M * Roey dobre dzien btw
1184778039 M * Roey (I can't spell it right..)
1184778042 M * AStorm Roey, hmm, most vulnerabilities require full root caps
1184778049 M * AStorm Roey, good day to you too
1184778052 M * Roey :)
1184778067 M * Roey AStorm:  but theoretically it's still possible, no?
1184778070 M * AStorm or at least CAP_SYS_ADMIN
1184778072 M * Roey ah
1184778075 J * bzed ~bzed@dslb-088-068-221-088.pools.arcor-ip.net
1184778076 M * Roey well I don't allow that on mine
1184778082 M * ray6 Roey: for kernel level vulnerabilities you can use xen. then you just have to worry about xen-level vulnerabiliies :) vserver runs nicely inside xen :)
1184778088 M * Roey ;)
1184778097 M * AStorm Roey, yes, but then the other kernels are still vulnerable
1184778098 M * Roey ray6:  well I thought there were issues with the both of them together
1184778103 M * Roey ray6:  back when I used 2.1.x
1184778111 M * AStorm so that doesn't change anything, except that it's a bit easier to break to another VM
1184778117 M * Roey hmm, ok
1184778126 M * ray6 roey: compiling them together needed about 1 manual fix one year ago... 
1184778131 M * Roey AStorm:  I suppose it's impossible to break out of a fully emulated (i.e. bochs) kernel
1184778138 M * Roey ray6:  ah
1184778146 M * AStorm Roey, it is very hard
1184778162 M * Bertl Roey: well, think 6 physical servers with a vulnerable kernel?
1184778163 M * Roey AStorm:  well there'd be no way since guest code never touches the metal
1184778170 M * Roey Bertl:  aye
1184778173 M * AStorm (and requires bochs vuln as well as top level vuln)
1184778173 M * Roey Bertl:  understood
1184778174 M * ray6 roey: and that was an easy one. Debian for example offer(s/ed) xen+vserver kernels
1184778183 M * Roey oh they do?  
1184778188 M * harry Bertl: 1 difference
1184778190 M * AStorm xen + vserver sounds weird
1184778195 M * Roey what's the point of xen if kvm is already thre?
1184778195 M * harry if you run 1 webserver with a vulnerable kernel
1184778198 M * AStorm why would one need vserver if there is xen? :P
1184778200 M * ray6 Bertl: most kernel vulnerabilities are only exploitable from the inside
1184778204 M * harry you can't access the other 5
1184778206 M * AStorm Roey, xen has more features
1184778216 M * ray6 roey: for xen+linux you don't need AMD-V/I-VT
1184778218 M * harry if you first get an account through the webserver app
1184778219 M * Roey what does inside mean if you attack a user-level http server.
1184778229 M * Roey then any web attack is "comes from the inside"
1184778229 M * Bertl ray6: yes, but you have to worry about 6 machines and update each of them separately :)
1184778263 M * Roey Bertl:  I'd like to know how that works with VServer... a common, shared filesystem such that I don't have to update all of guests every time I update
1184778272 M * Roey Bertl:  and in that case, what that means for security
1184778292 M * harry with 6 different servers, if 1 guest gets compromised and you find a kernel bug, you have all 6 machines owned
1184778293 M * Roey Bertl:  the fact that one guest might potentially be able to modify /usr/bin/ binary files of another
1184778299 M * daniel_hozac mount --bind -o ro /vservers/shared /vservers/<guest>
1184778303 M * harry if you have 6 psysical servers, you don't
1184778310 M * ray6 I think basically you always have to update all VMs. When they are nice similar installations this shouldn't be a problem on real machines, v-server or xen hosts
1184778311 M * Roey daniel_hozac:  is this the CoW you guys were talking about?
1184778315 M * daniel_hozac Roey: no.
1184778331 M * ray6 just run for i in machines; do ssh $i yum update -y; done :)
1184778336 M * Roey the way we use it here at work is one vserver per small service
1184778341 M * Roey dns, smtp, apache.
1184778357 M * AStorm Roey, good approach
1184778368 M * Roey I would have put on openvpn as another instance, too, but I didn't want to take the hassle of the openvpn-on-2.1.x a year ago
1184778369 M * AStorm it means that a break in one shouldn't affect the other
1184778389 M * AStorm (unless the kernel is broken too)
1184778398 M * AStorm (and then it's usually 2 steps)
1184778415 M * Roey AStorm:  then one coworker last week started some argument that kernel-level vulnerabilities with VServer may potentially allow one guest to break the kernel for all the other guests.
1184778418 M * Roey (running kernel)
1184778436 M * Roey for me, vserver is a jail-on-steroids
1184778445 M * Roey and even then I wonder if I should be using jail inside it
1184778447 M * AStorm that's exactly what it is
1184778458 M * AStorm no, you don't have to if the capabilities aren't elevated
1184778461 M * Roey ok
1184778464 M * Roey well one cap was
1184778469 M * AStorm NET_BIND?
1184778469 M * Roey I'm trying to remmeber which one.
1184778473 M * Roey lemme see.
1184778476 M * Roey where are they specified again?
1184778482 M * AStorm man capabilities
1184778494 M * daniel_hozac /etc/vservers/<guest>/?capabilities
1184778496 M * Roey nono I mean in the 
1184778498 M * Roey daniel_hozac:  yeah
1184778499 M * Roey one sec
1184778529 M * AStorm probably CAP_NET_BIND, to get access to low-numbered ports
1184778547 M * Roey cat /etc/vservers/guest01/bcapabilities
1184778547 M * Roey CAP_SYS_RESOURCE
1184778558 M * AStorm uh, why?
1184778561 M * Bertl definitely not required
1184778563 M * AStorm that shouldn't be required
1184778563 M * harry to set limits
1184778571 M * harry i needed it for some software
1184778572 M * AStorm harry, set limits from the outside instead
1184778589 M * daniel_hozac AStorm: CAP_NET_BIND_SERVICE is given by default.
1184778591 M * harry AStorm: some stupid software (otrs i think) needs to set limits
1184778592 M * harry or fails
1184778592 M * Roey that's for our DNS server
1184778600 M * Roey is CAP_SYS_RESOURCE.
1184778601 M * harry to start
1184778603 M * Roey I think 'bind' wanted it
1184778605 M * AStorm daniel_hozac, heh, :-)
1184778606 M * Roey why?
1184778621 M * AStorm Roey, hmm, for file handles probably
1184778625 M * Roey with bind??
1184778627 M * AStorm that can be disabled AFAICR
1184778639 M * daniel_hozac Roey: you don't need that since 2.1.
1184778639 M * Roey what does bind do that is so grand as to demand that cap??
1184778645 M * Roey it wasn't working
1184778648 M * Roey that's why I put that in there
1184778650 M * daniel_hozac (2.1.1-rc18)
1184778654 M * Roey hmm:
1184778667 M * Roey Linux  2.6.18.1-vs2.1.1-rc41 #1 SMP PREEMPT Thu Oct 19 16:16:34 EDT 2006 x86_64 GNU/Linux
1184778678 M * daniel_hozac that works around BIND's problemss.
1184778686 M * Roey didn't do it for me
1184778687 M * Roey at least
1184778704 M * Roey I came here complaining and one of you suggested I put that in there... it worked
1184778713 M * Roey now, 'capabilities' or 'bcapabilities' ?
1184778719 M * daniel_hozac ?capabilities.
1184778721 M * Roey oh
1184778722 M * Roey oh ok
1184778727 M * daniel_hozac there are three types, b, c and n.
1184778736 M * Roey what do they cover?
1184778743 M * Roey n is numeric
1184778744 M * Roey b is binary
1184778747 M * Roey c is character?
1184778755 M * daniel_hozac no.
1184778757 M * Roey like, a bcapability file would list RESOURCE=nnnn
1184778757 M * Roey ?
1184778757 M * harry i would definately want that on some website... with clear simple explanation
1184778758 M * Bertl close, but no banana
1184778761 M * Roey *definitely
1184778762 M * daniel_hozac http://linux-vserver.org/Capabilities_and_Flags
1184778764 M * harry and... "normal" examples
1184778767 M * Roey thankye :) :)
1184778790 A * harry shuts up
1184778926 M * daniel_hozac Bertl: as for post-install scripts, I assume you're referring to Debian? Hollow got a script for etch into 0.30.213.
1184778945 M * AStorm filesystem caps may also soon be merged
1184778950 M * AStorm are considered for 2.6.23
1184778981 M * Bertl daniel_hozac: what about other distros/flavors?
1184779021 M * daniel_hozac such as?
1184779021 M * Bertl AStorm: sounds like 2.6.23 is going to be a virtualization nightmare :)
1184779030 M * AStorm ;>
1184779343 M * phedny hmm, everybody knows about the (in)famous "rm -rf /"
1184779355 M * phedny just tried it inside a vserver
1184779367 M * AStorm it will work, why not?
1184779377 M * Bertl phedny: and? did you enjoy it?
1184779380 M * phedny well, I just wondered what the real effect was
1184779383 M * phedny like: are all files gone?
1184779388 M * phedny answer is no
1184779393 M * phedny there still is a /dev/pts
1184779395 M * AStorm :P
1184779408 M * phedny /proc is alive (which could be expected)
1184779411 M * Bertl phedny: which is a virtual filesystem like proc
1184779412 M * daniel_hozac of course. you cannot remove mount points.
1184779415 M * AStorm that's why users are still useful inside vservers
1184779431 M * phedny Bertl: hmm, I didn't know that
1184779446 M * phedny but there are also a lot of files left in /etc
1184779484 M * Bertl maybe your rm didn't finish then :)
1184779503 M * daniel_hozac Bertl: http://svn.linux-vserver.org/projects/util-vserver/changeset/2566 look okay to you, btw?
1184779531 M * phedny rm: `//proc/self' changed dev/ino: Operation not permitted
1184779540 M * phedny that was the last error message :)
1184779570 M * Bertl daniel_hozac: hey, didn't know we had such a fancy svn viewer ...
1184779585 M * Roey Does VServer work well with KVM?
1184779601 M * harry if it doesn't, it's kvm's fault :)
1184779603 M * Bertl Roey: I would assume so, but nobody tested it yet AFAIK
1184779614 M * Bertl ray6: any comments on that?
1184779614 M * Roey oh.. ok
1184779621 M * Roey my favorite Linux projects are probably XFS, VServer and KVM
1184779634 P * cruser 
1184779640 M * Bertl XFS as in the font server?
1184779641 M * daniel_hozac you call XFS a Linux project?
1184779663 M * Roey XFS the filesystem
1184779668 M * Roey daniel_hozac:  nah but it's ported to Linux
1184779668 M * Roey  :)
1184779674 M * Bertl ah, well, that is facing hard times actually
1184779675 M * Roey I use these things
1184779678 M * Roey (aside from KVM)
1184779688 M * Roey what is, XFS the filesystem
1184779688 M * daniel_hozac you don't want to use COW then :)
1184779691 M * Roey ?
1184779694 M * Bertl yep
1184779694 M * Roey daniel_hozac:  how so?
1184779698 M * Roey Bertl:  How so!??!
1184779700 M * Roey oh no
1184779701 M * Roey :(
1184779712 M * Bertl well, first, they had to 'invent' their own sendfile
1184779713 M * Hollow Roey: i feel with you
1184779719 M * Roey Bertl:  ok
1184779722 M * Bertl Roey: which breaks CoW support
1184779725 M * Roey ok
1184779747 M * Bertl Roey: no it seems they are using up all the on-disk inode flags
1184779761 M * Bertl Roey: which will break barrier support 
1184779767 M * Roey thems fightin words.  I wonder what the XFS devs in irc://irc.freenode.org/#xfs would say about it (xfs seemed to me much more compliant, than, say, reiser4)
1184779792 M * Bertl but we will work around that eventually
1184779821 M * Bertl daniel_hozac: yep, looks good to me
1184779837 M * Guy- Roey: xfs is not practical in a vserver environment because it's difficult to resize when it's only mounted in a guest
1184779845 M * Guy- Roey: I'd go with JFS
1184779858 M * Bertl daniel_hozac: could you make me a tar of current trunk for testing?
1184779869 M * Roey hmm
1184779871 M * Roey Guy-:  :)
1184779876 M * Roey they're crying now
1184779877 M * Bertl daniel_hozac: i.e. something which can be easily built as rpm
1184779878 M * Roey I told them
1184779891 M * Roey <phantasm_> Ack, more speak of inodes
1184779891 M * Roey * phantasm_ cries
1184779939 M * Guy- Roey: but that xfs developers actually care about anything, that's news to me :)
1184779943 M * daniel_hozac Bertl: sure.
1184779958 M * Guy- Roey: I submitted a bugreport like two years ago in the bugzilla with an URL pointing to more logs and stuff
1184779968 M * Guy- Roey: and nobody downloaded that, ever
1184779975 M * Bertl daniel_hozac: I plan to test the various guest installations and fix them where necessary (and/or at least report the issues)
1184779994 M * Guy- Roey: (it was a reproducible memory corruption, oops, panic type of bug)
1184779996 M * daniel_hozac oh, sounds great!
1184780109 M * Roey hmm
1184780127 M * Roey could a couple of you go there with me?
1184780137 M * Roey irc://irc.freenode.org/#xfs
1184780144 M * Bertl daniel_hozac: did you receive anything from blino yet?
1184780146 M * Roey I'm interested in seeing you at least talk it over
1184780153 M * daniel_hozac Bertl: no.
1184780154 M * Roey since I /use/ XFS *with* VServer
1184780234 M * Roey em
1184780243 M * Roey anyone interested in coming to #xfs?
1184780265 M * Roey (irc://irc.freenode.org/#xfs)
1184780274 M * Roey Particulary Guy- 
1184780304 M * Guy- OK
1184780310 M * Roey thank you
1184780329 M * daniel_hozac Bertl: http://people.linux-vserver.org/~dhozac/t/uv-testing/util-vserver-0.30.214-pre2567.tar.bz2
1184780360 M * Bertl tx
1184780382 M * Roey Bertl:  can you join too?
1184780390 M * Roey (I don't mean to be annoying about it ;)
1184780395 M * Bertl Roey: where?
1184780406 M * Roey irc://irc.freenode.org/#xfs
1184780711 M * ray6 bertl: regarding kvm, sorry, haven't got time to test that so far. But should be no problem should it? I'll have a kvm capable machine at the weekend, possibly we'll try :)
1184781094 Q * ema Quit: leaving
1184781136 M * daniel_hozac ensc: ping?
1184781148 Q * TheSeer Quit: Client exiting
1184781924 M * Bertl ray6: would be nice, please keep me updated
1184781972 M * AStorm Bertl, guess we'll have to use xattrs for barrier and iunlink and swallow the overhead :P
1184782002 M * Bertl xattrs are optional, I think we will use some of the padding space
1184782014 M * AStorm di_pad is 6 chars total
1184782023 M * Bertl so plenty of room left :)
1184782023 M * daniel_hozac more than enough.
1184782030 M * AStorm :>
1184782060 M * Bertl but I also think we will hide this fact in the low level wrappers :)
1184782073 M * Bertl i.e. in memory di_flags will become 32bit
1184782090 M * Bertl (consisting of 8+16 bit or so)
1184782119 M * daniel_hozac makes sense.
1184782192 M * Bertl daniel_hozac: you ahve a test case for the xfs sendfile issues, yes?
1184782205 M * Bertl daniel_hozac: I mean, a test setup and can easily test it?
1184782262 M * AStorm Well, that will bring wrath from XFS devs ;P
1184782268 M * AStorm I think.
1184782279 M * AStorm We'll be using the field in an unintended way
1184782291 M * AStorm I wonder if the pad is zeroed
1184782293 M * Bertl well, we do so for tagging anyway
1184782312 M * Bertl (at least I think we have native tagging for xfs :)
1184782335 M * Bertl         __uint16_t      di_tag;         /* context tagging */
1184782338 M * Bertl yep, we do :)
1184782499 M * daniel_hozac Bertl: sure.
1184782528 M * Bertl well, discussing the sendfile issue on #xfs gave this:
1184782569 J * jmcaricand ~kvirc@d83-179-218-11.cust.tele2.fr
1184782583 M * Roey Bertl:  I'm so glad this is bearing ruit
1184782584 M * Roey *fruit
1184782621 M * daniel_hozac i guess we might want to add this to testfs as well.
1184782655 M * Bertl 19:48 < sandeen> it just takes XFS_IOLOCK_SHARED around the generic_file_sendfile() call it seems
1184782657 M * daniel_hozac i.e. create file, checksum, touch it, checksum.
1184782659 M * Bertl 19:53 < sandeen> well for all the reasons above, though I'm not certain about the inode locking
1184782687 M * Bertl would be interesting to remove the locking for this in xfs, and check if that helps?
1184782720 M * Bertl except for accounting and similar, it should be identical to calling generic sendfile (according to #xfs)
1184782763 M * Bertl daniel_hozac: ah, yes, can you integrate your tests and upload a new testfs.sh (new version)
1184782778 M * Bertl I'll move/copy it into the usual place then
1184782806 M * daniel_hozac okay.
1184783024 N * DoberMann[PullA] DoberMann
1184783684 M * Bertl daniel_hozac: pleas feel free to extend the copyright :)
1184783847 M * daniel_hozac http://people.linux-vserver.org/~dhozac/t/testfs.sh-0.15.4
1184783923 M * daniel_hozac i got some... interesting results on the kernel my test machine was currently running. XFS and reiserfs report disk limit failures, while JFS oopsed :)
1184783933 M * daniel_hozac it's an older kernel though, so that's somewhat expected.
1184783933 M * AStorm :>
1184783943 M * Bertl nice, will test shortly on 2.6.21.6
1184783969 M * AStorm Bertl, I see no sendfile in new file_operations struct
1184783978 M * daniel_hozac oh, i forgot to update the version inside the file.
1184783987 M * AStorm it seems that it went away and there's do_splice_direct instead
1184784007 M * AStorm do_sendfile uses it
1184784042 M * AStorm and vfs_sendfile now complains about missing member after VServer patch... I'll have to revert that part
1184784050 M * AStorm any expected breakage?
1184784159 M * AStorm I'll have to make fs/namei.c use do_sendfile instead of vfs_sendfile, probably
1184784224 M * AStorm or directly do_splice_direct
1184784506 M * Bertl Hollow, daniel_hozac: how can I show all pages in the wiki? (PageList?)
1184784682 M * daniel_hozac yeah.
1184784682 Q * FireEgl Read error: Connection reset by peer
1184784692 M * daniel_hozac http://linux-vserver.org/Special:Allpages
1184784710 M * daniel_hozac but IIRC, it only lists pages in that category or whatever it's called.
1184784723 M * daniel_hozac namespace :)
1184784769 J * ema ~ema@rtfm.galliera.it
1184784828 M * AStorm ok, do_splice_sendfile should work
1184784834 M * AStorm uhm, do_splice_direct
1184785402 M * meebey daniel_hozac: reproducible deleting /dev/rtc solves the hwclock hanging at shutdown problem
1184785425 M * daniel_hozac meebey: well... guests shouldn't have /dev/rtc in the first place.
1184785459 M * Bertl meebey: and as far as I know, they don't have it :)
1184785461 M * meebey I agree, but it shouldn't hang... probably a kernel or hwclock bug though
1184785543 M * meebey older vserver templates I have had a complete /dev directory, but now I am cleaning them
1184785571 M * meebey what is really needed in /dev inside a guest was not well known back then when I started with vserver ;)
1184785586 M * Bertl meebey: you started with 0.x?
1184785618 M * meebey not sure with which version, something with kernel 2.4... stuff before util-vserver
1184785623 M * Bertl but your customers probably appreciate if you give them a full /dev tree :)
1184785638 M * meebey nah, they dont need it
1184785660 J * FireEgl FireEgl@2001:5c0:84dc:1:4::
1184785667 M * Bertl meebey: but this way, they can (re)use  your entire host
1184785673 M * meebey there were not scripts that would create a minimal vserver neither documentation what /dev needs to be at least to get a working vserver
1184785683 M * meebey Bertl: :)
1184785693 P * EtherNet_ Leaving
1184785708 M * meebey vservers are not used for customers, but to encapsulate daemons
1184785719 M * meebey at least thats how we use it
1184785724 M * Bertl ah, right ... I forgot ...
1184785728 M * meebey (the company I work for)
1184785736 J * Solaris ~satan@85.138.105.2
1184785768 M * Bertl wb Solaris!
1184785775 M * Solaris hello
1184785800 M * ray6 Oh, yes, solaris... wanted to try opensolaris in xen also... so much to do, so little time... :)
1184785911 M * Roey oh that's the opposite of me
1184785914 M * Roey so little to do
1184785915 M * Roey so much time
1184785919 M * Roey answer: go on IRC
1184785930 M * Roey so much time -> so little time
1184786062 M * Bertl daniel_hozac: yep, confirmed, jfs oopses with mutex_lock_nested
1184786074 M * daniel_hozac heh, nice.
1184786082 M * daniel_hozac i thought it was just my old kernel.
1184786130 M * AStorm Bertl, I'll carve another 16 bits from XFS pad for flags
1184786139 M * AStorm di_flags2
1184786177 M * daniel_hozac didn't we come to that conclusion hours ago?
1184786217 M * AStorm yep
1184786282 M * Roey heh
1184786301 M * Roey AStorm:  so vserver has fs-specific flags?
1184786312 M * Roey i.e. it has to handle the filesystem layer in a special way relative to its type?
1184786317 M * Roey s/relative/depending
1184786322 M * Bertl daniel_hozac: can ksymoops be used for anything nowadays?
1184786340 M * AStorm Roey, yes and no
1184786348 M * Roey hmm ok
1184786350 M * AStorm it has some flags
1184786356 M * Roey (that's what you referred to is it?)
1184786377 M * Roey (and vserver works across more than just x86, correct?)
1184786381 M * Roey *bbiab
1184786387 M * AStorm Yes, it isn't dependent on arch
1184786418 M * daniel_hozac Bertl: doesn't seem like it.
1184786446 J * ktwilight ~ktwilight@217.121-66-87.adsl-dyn.isp.belgacom.be
1184786448 M * Bertl just wondered if that was just me ...
1184786794 Q * ktwilight_ Ping timeout: 480 seconds
1184787186 M * Bertl okay, time to make a script-wrapper for addr2line (fixed) I guess :)
1184788096 Q * jmcaricand Quit: KVIrc 3.2.4 Anomalies http://www.kvirc.net/
1184788651 Q * mcp Remote host closed the connection
1184791236 J * mcp ~hightower@lokalhorst.wolk-project.de
1184791757 Q * AStorm Quit: Bye
1184792889 Q * HeinMueck Quit: Aah!
1184792958 Q * meandtheshell Quit: Leaving.
1184793076 J * AStorm ~astralsto@host-81-190-179-124.gorzow.mm.pl
1184793140 J * Aiken ~james@ppp121-45-220-241.lns2.bne1.internode.on.net
1184793171 M * Bertl morning Aiken!
1184793190 Q * bonbons Quit: Leaving
1184793214 Q * dna Quit: Verlassend
1184793216 M * Aiken hello
1184793282 M * AStorm hmm, my port attempt to 2.6.22-git is botched
1184793289 M * AStorm due to new user_namespace stuff :|
1184793299 M * AStorm I'd have to dig some more
1184793333 M * AStorm at least, the kernel works
1184793345 M * Bertl works == doesn't panic on boot (I presume :)
1184793360 M * AStorm Bertl, no, works == everything except vserver
1184793370 M * AStorm vserver nicely oopsed
1184793390 M * Bertl wow, you tested everything? not too shabby :)
1184793404 M * AStorm Bertl, heh, everything I use here, and it's quite a lot :P
1184793413 M * AStorm 4 filesystems
1184793422 M * AStorm ALSA
1184793438 M * AStorm wifi subsystem (mac80211)
1184793440 M * AStorm etc.
1184793448 M * AStorm dm_crypt
1184793509 M * AStorm I can't test RAID, unfortunately.
1184793520 M * AStorm (at least, not on this machine)
1184793562 M * AStorm I'll better extract that XFS upgrade
1184793570 M * AStorm (for VServer)
1184793608 M * AStorm and instead of using whole 2.6.22-git, just parts of it (w/o user_namespace stuff, maybe?)
1184793620 M * AStorm but then, you're to port it
1184793632 M * AStorm I expect vserver port when 2.6.23-rc2 is out :D
1184795298 J * derjohn_mobil ~aj@80.69.41.3
1184795345 Q * derjohn_mobil 
1184795349 J * derjohn_mobil ~aj@80.69.41.3
1184795366 Q * derjohn_mobil 
1184795872 P * stefani I'm Parting (the water)
1184797000 Q * kwowt Ping timeout: 480 seconds
1184797218 M * Bertl okay, off for tonight ... have a good one everyone! cya!
1184797226 N * Bertl Bertl_zZ
1184797538 P * Solaris satan made me do it
1184797663 J * ahuman ~oem@ool-18b8b7f4.dyn.optonline.net
1184799336 N * DoberMann DoberMann[ZZZzzz]
1184799765 J * Solaris ~satan@85.138.105.81
1184800654 Q * Piet Quit: Piet
1184800970 M * Solaris so vs2.2.0.2-rc1 is not ready to use?
1184801025 M * daniel_hozac depends. it should be fine, but we're not certain yet.
1184801057 M * Solaris it gives me alot of errors...
1184801062 M * Solaris kernel.. etc..
1184801118 M * daniel_hozac what?
1184801151 M * daniel_hozac paste.linux-vserver.org, please.
1184801155 M * Solaris ill paste it...
1184801157 M * Solaris ok..
1184801649 Q * Solaris Ping timeout: 480 seconds
1184802718 J * Solaris ~satan@85.138.105.27
1184802735 M * Solaris http://paste.linux-vserver.org/4612 ...well..
1184802751 M * Solaris what i could salvage..
1184802759 M * Solaris before this blew up..
1184802765 M * Solaris i mean.. after..
1184802836 M * daniel_hozac well, your kernel is tainted.
1184802844 M * Solaris the commando vserver ... start.. gives me like 2 pages of errors.. but could not save it..
1184802903 M * Solaris tainted like? using nvidia drivers?
1184802934 M * daniel_hozac yes.
1184802947 Q * complexmind Remote host closed the connection