1189470172 Q * FireEgl Quit: Bye... 1189471512 N * Bertl_zZ Bertl 1189471517 M * Bertl back now ... 1189471541 J * friendly12345 ~friendly@ppp59-167-90-160.lns1.mel6.internode.on.net 1189471690 Q * Johnnie Ping timeout: 480 seconds 1189472224 J * Johnnie ~jdlewis@c-67-163-142-234.hsd1.ct.comcast.net 1189473515 J * Skram ~mark@HERCULES.sentiensystems.net 1189473928 J * FireEgl FireEgl@4.0.0.0.1.0.0.0.c.d.4.8.0.c.5.0.1.0.0.2.ip6.arpa 1189475179 J * hparker ~hparker@linux.homershut.net 1189475238 M * Bertl wb hparker! Skram! 1189475256 M * Skram .... Hi ;) 1189475266 M * hparker hehe... Gotta remember to add this channel to autojoin on my desktop : 1189475272 M * hparker :P 1189475372 P * friendly12345 1189475437 J * coderanger_ ~coderange@c-65-96-210-168.hsd1.ma.comcast.net 1189477231 Q * hparker Quit: *burp*.. It's broke 1189477717 J * virtuoso ~s0t0na@pppoe-125.58.110.89-adsl.spbnit.ru 1189478122 Q * virtuoso_ Ping timeout: 480 seconds 1189478343 Q * derjohn Ping timeout: 480 seconds 1189478501 J * derjohn ~derjohn@80.69.41.3 1189478528 J * dennis ~dennis@dslb-088-068-192-057.pools.arcor-ip.net 1189478579 M * dennis hi! i installed debian etch + vserver-kernel. any debian installation was easy - but how i can install a gentoo linux as virtual server? it is possible? 1189478765 M * Bertl sure 1189478782 M * Bertl first, forget about the debian specific tools 1189478798 M * Bertl all you want to use is a recent util-vserver to build guests 1189478823 M * Bertl a gentoo guest is usually created from a tarball with the -m template build option 1189478864 M * Bertl http://www.gentoo.org/proj/en/vps/vserver-howto.xml 1189478878 M * Bertl (has an example at the middle) 1189478898 M * dennis ah! i see "Start stage3 installation" 1189478902 M * dennis thanks a lot 1189478908 M * dennis i'll try it! :) 1189478922 M * Bertl most package based distros can be bootstrapped from the net 1189478992 M * Bertl e.g. if you want to install a fedora guest, you do it in a similar way, and given that you have rpm/yum, the tools will fetch the packages for you 1189479014 M * Bertl (similar as for debian guests) 1189479042 M * dennis ah. i understand! :) 1189479047 M * dennis its really easy! :) 1189479061 Q * derjohn Ping timeout: 480 seconds 1189479074 M * Bertl yeah, that's the idea behind that ... 1189479167 M * Supaplex there's even a 'debootstrap' nickname for the rpm/yum one, I think 1189479339 J * derjohn ~derjohn@80.69.41.3 1189479471 M * dennis ohh... the vserver-template for gentoo isn't available under debian host. 1189479515 M * Bertl the template is host distro independant 1189479534 M * Bertl http://people.linux-vserver.org/~hollow/stages/ 1189479555 M * Bertl just get one of those and use it with 'vserver build -m template ... 1189479616 M * dennis yes, i tried this statement, but it doesn't works, because 'template' doesn't exists on debian. 1189479700 M * Bertl update your util-vserver to at least 0.30.213 1189479700 M * dennis http://rafb.net/p/0zVVm236.html 1189479705 M * Bertl (better 0.30.214) 1189479726 M * Bertl debian has those tools in sid and backports 1189479772 M * Bertl and you need the 'file' tool :) 1189479787 M * dennis its only this one package? so i can download the deb-file and install it with dpkg? 1189479796 M * dennis okay. two files. ;) 1189479964 M * Bertl most dpkgs have dependancies, so yes, if those are met 1189480050 M * dennis the new versions of util-vserver required a new version of libc6. :-/ 1189480078 M * Bertl check backports, you should at least have 0.30.213 there 1189480225 M * dennis yeah ha... i think, it runs!! :) 1189480257 M * Bertl that's the problem with debian stable, it's always outdated :) 1189480357 M * dennis but, its stable! ;) 1189480582 M * dennis it is possible to share an mysql-socket (/var/run/mysqld/mysqld.sock) to many virtual-servers? 1189480867 M * Bertl yes, although you should be aware of the security implications 1189480900 M * Bertl i.e. a network connection might be easier to control 1189480932 M * dennis oh okay... thats right! 1189480958 M * dennis so i use the network + iptables. :) 1189480969 M * Bertl and networking between host-local guests is almost as fast as a socket 1189481118 M * dennis perfect 1189481142 M * dennis would you install postfix/dovecot + mysql on the same vserver-instance? 1189481157 M * Bertl regarding iptables note: guest-guest and guest-host traffic will use 'lo' 1189481170 M * dennis postfix/dovecot uses the mysql database to storing auth-data. 1189481188 M * Bertl well, if you use the mysql only for that, then why not 1189481210 M * dennis thanks for the note! :) 1189481245 M * Bertl np 1189481344 M * dennis a web-interface to administrate the user-data for mail-server is a security problem. :-/ 1189481399 M * Bertl well, you can break it up into several guests too, and just share necessary data 1189481510 M * dennis maybe a good idea to use postgres as rdbms and use only stored procedures to communicate with the webfrontend. 1189481531 M * Bertl for example 1189481612 M * dennis so it isn't possible to read the password-column or so. 1189481681 M * Bertl well, a properly configured database should not allow that anyways 1189481779 M * dennis dovecot needs the password. :( 1189481844 M * dennis if i save the passwords as hash many login-/auth-procedures doesn't available. 1189481870 M * Bertl yeah, I guess those which use plaintext passwords :) 1189482019 M * dennis thats right. its already possible to store the passwords as md5-hash, but so are only md5-login-procedures available. 1189482079 M * Bertl which causes problems with system which do not have md5 like ... ? 1189482156 M * dennis the users are the problem! ;) 1189482180 M * Bertl hehe :) 1189482197 M * dennis they doesn't understand "the problem of unsecured connection". :-/ 1189482210 M * dennis *don't 1189482232 M * Bertl well, then they probably do not care about their password security either :) 1189482246 Q * Medivh Ping timeout: 480 seconds 1189482443 M * dennis ohh sorry, what do you mean? i don't understand. 1189482487 M * dennis i am afraid my english is a bit rusty. ;) 1189482605 M * Bertl if they do not understand the problem of insecure connections ... it is unlikely they care about their password being secure 1189482660 M * Bertl (but it was more a joke) 1189482684 M * dennis ahh... now i understand! :) 1189482686 M * dennis sorry! =) 1189482867 M * mugwump hey, random question re: sysctl stuff... 1189482886 M * mugwump should shmmax etc work on vs2.2.0.3 ? 1189482898 M * Bertl should I provide a random answer too? :) 1189482908 A * mugwump pushes the 8-ball 1189482916 M * Bertl outlook not so goo :) 1189482920 M * Bertl *good 1189482948 M * Supaplex 42! 1189482960 M * Bertl yes, shmmax works properly with recent tools (capable of handling the ipc namespaces) 1189482975 M * mugwump aha... ipc namespaces 1189483000 M * Bertl shmmax per guest that is :) 1189483069 M * mugwump so where does the default 32mb come from? 1189483084 M * mugwump I suppose that's a mainline question now 1189483085 M * Bertl I would assume that this is the host default? 1189483100 M * mugwump well, the person changed it on the host, but the vserver didn't see it. they are using old tools 1189483110 M * mugwump (old being the ones in debian etch) 1189483114 M * Bertl not unexpected then :) 1189483139 M * Bertl but entering the proper ipc namespace and changing it there for the guest should work 1189483767 M * dennis what do you think: is the stable apache-/php-/mysql-version in debian portage more secure/stable as an already actual gentoo-installation with the same server-software? 1189483871 M * Bertl hard to say, I prefer mainstream releases containing fixes above distro specials 1189483988 M * mugwump I'd trust the debian versions of those particular packages more myself 1189484025 M * dennis mhh... 1:1 :-D 1189484052 M * mugwump unless the gentoo maintainers are reviewing the patches that the other distros are generating... 1189484229 M * dennis AFAIK: a new software version will put into gentoo portage. if in X week no bugs reported, the software gets the stable status. 1189484266 M * dennis but it exists an special maintainer team, too. 1189484271 M * dennis *a 1189484296 M * Bertl and in debian, it stays in stable for X weeks, even if bugs are reported :) 1189484319 M * Bertl note: I'm not a gentoo user :) 1189484320 M * dennis lol 1189484321 M * mugwump ok, well look at it this way. php4 in etch has 45 patches that aren't upstream 1189484337 M * mugwump many of these will be security fixes 1189484338 M * Bertl mugwump: how do you know? 1189484370 Q * quasisane Ping timeout: 480 seconds 1189484398 M * Bertl mugwump: maybe all of them are fixed in php 5.2.4? 1189484445 M * mugwump you heard about the hardened php thing, right? 1189484466 M * mugwump ok so maybe php is a bad example, it's an app where upstream basically ignores security fixes 1189484574 M * dennis php is a good example, because it have many security leaks! 1189484617 M * dennis fixes debian the security leaks from mopb? 1189484627 M * mugwump in general no, there is no difference as Bertl alludes to. In fact the precompiled options are slightly easier to break because you have a known image for stack smashing 1189484697 M * dennis thats a good argument! 1189484797 M * mugwump ok, only 18 of those 45 patches fix CVS-* security alerts 1189484802 M * mugwump s/CVS/CVE/ 1189484892 M * dennis i think, i'll using gentoo as base for the web-server software. ;) 1189485161 Q * jmcaricand Quit: KVIrc 3.2.4 Anomalies http://www.kvirc.net/ 1189485326 J * quasisane ~user@c-76-118-191-64.hsd1.nh.comcast.net 1189486413 M * dennis so, i go to bed. thanks for your help! have a nice day / night. ;) 1189486420 M * Bertl you're welcome! 1189486422 M * Supaplex laters dennis 1189486466 Q * dennis Remote host closed the connection 1189487561 M * micah what is the capability that I need in order to read/write to a device file (/dev/zap/pseudo)? 1189487592 M * Bertl usually no capabilities are required for accessing devices 1189487601 M * Bertl (only proper permissions) 1189487619 M * Bertl note: specific device drivers might require additional capabilities 1189487664 M * micah hmm, I'm getting a permission denied when i try to access it, but the device modes are 777 1189487689 M * Bertl strace -fF for a start? 1189487697 M * Bertl also check the dmesg logs 1189487787 M * micah yeah, I need to do some more debugging 1189488943 M * micah not very interesting in strace: 17483 open("/dev/zap/pseudo", O_RDWR|O_LARGEFILE) = -1 EACCES (Permission denied) 1189488967 M * daniel_hozac tag? 1189489092 M * micah ah I got it 1189489114 M * micah I had tried to make device nodes from the host incorrectly 1189489127 M * Bertl hehe 1189489308 M * micah always a typo... 1189489820 J * DavidS ~david@vpn.uni-ak.ac.at 1189490353 J * dna ~dna@131-209-dsl.kielnet.net 1189492056 J * prashanth ~Prashanth@59.145.136.1 1189492810 M * Bertl welcome prashanth! 1189492826 M * Bertl okay, I'm off to bed for today ... have a good one everyone! 1189492848 N * Bertl Bertl_zZ 1189492876 M * prashanth Bertl: thanks ;) 1189492908 Q * _nkukard_ Quit: Leaving 1189493293 J * nkukard ~nkukard@dsl-241-41-162.telkomadsl.co.za 1189495299 P * prashanth Leaving 1189495361 J * meandtheshell ~markus@85.127.111.224 1189495620 J * ktwilight ~ktwilight@187.209-66-87.adsl-static.isp.belgacom.be 1189495809 J * yarihm ~yarihm@84-75-130-73.dclient.hispeed.ch 1189495934 J * friendly12345 ~friendly@ppp59-167-90-160.lns1.mel6.internode.on.net 1189495934 Q * ktwilight Read error: Connection reset by peer 1189495988 J * ktwilight ~ktwilight@201.207-66-87.adsl-static.isp.belgacom.be 1189496020 M * friendly12345 Hi, I've got a quick noob/RTFM question regarding vserver: 1189496028 Q * ktwilight_ Ping timeout: 480 seconds 1189496070 M * friendly12345 Say, if I wanted to have vserver accounting of network traffic - for example determine how much bandwidth is being used by each vserver - is this non-trivial to do? 1189496151 M * daniel_hozac no, just use iptables, or anything like that. 1189496224 M * friendly12345 so, it's rather difficult? 1189496235 M * daniel_hozac no, not at all. 1189498063 Q * coderanger_ Quit: coderanger_ 1189498387 J * FloodServ services@services.oftc.net 1189498397 N * Johnnie Guest7 1189498950 J * ktwilight_ ~ktwilight@197.114-66-87.adsl-dyn.isp.belgacom.be 1189498950 Q * ktwilight Read error: Connection reset by peer 1189499709 J * jmcaricand ~user@d83-179-189-134.cust.tele2.fr 1189500653 Q * ktwilight_ Ping timeout: 480 seconds 1189500700 Q * Guest7 Ping timeout: 480 seconds 1189500815 Q * yarihm Quit: This computer has gone to sleep 1189501258 J * Johnsie ~jdlewis@c-67-163-142-234.hsd1.ct.comcast.net 1189501291 Q * svenk Ping timeout: 480 seconds 1189501590 J * yarihm ~yarihm@whitehead2.nine.ch 1189502613 Q * bzed Ping timeout: 480 seconds 1189502627 Q * ag- Remote host closed the connection 1189502776 J * bzed ~bzed@devel.recluse.de 1189503410 J * BenG ~ben@82-45-23-100.cable.ubr03.azte.blueyonder.co.uk 1189504155 J * ag- ~ag@fedaykin.roxor.cx 1189504403 Q * meandtheshell Quit: Leaving. 1189505068 J * meandtheshel1 ~markus@85-127-116-52.dynamic.xdsl-line.inode.at 1189505317 M * BenG hi everyone, here's a line from vserver-stat: 3009 63 15.9+ 1G 1h25m07 20m40s65 12h46m46 titania 1189505333 M * BenG the 15.9+ bit, what does that mean? 1189506110 N * esa eSa| 1189506176 M * daniel_hozac overflow :) 1189506645 M * matti Hi daniel_hozac 1189506688 M * daniel_hozac hey matti 1189507855 J * lilalinux ~plasma@dslb-084-058-222-004.pools.arcor-ip.net 1189507898 J * Medivh ck@paradise.by.the.dashboardlight.de 1189509881 J * svenk ~sven@213.73.89.36 1189510228 Q * arachnist Quit: Leaving 1189510239 J * arachnist ~arachnist@088156189068.who.vectranet.pl 1189510326 J * Borg- borg@aprogas.student.utwente.nl 1189512706 Q * Aiken_ Quit: Leaving 1189514125 P * BenG 1189514132 J * BenG ~ben@82-45-23-100.cable.ubr03.azte.blueyonder.co.uk 1189514322 M * BenG yeah, the 15.9+ seems to appear somewhere after 2.0G 1189514620 M * ard Is there an easy way to see the amount of vdiskfree from a rootserver? 1189514643 M * ard (as in: needed for graphing) 1189514668 J * ema ~ema@fw.galliera.it 1189514730 M * daniel_hozac vdlimit 1189514750 M * daniel_hozac BenG: interesting, i'll investigate... 1189515245 M * ard Hmmmm.... /me did indeed read not the help correctly... 1189515617 J * Julius ~julius@p57B269DA.dip.t-dialin.net 1189517081 J * gregor ~gregor@rotes244.wohnheim.uni-kl.de 1189517094 M * gregor Hi 1189517328 M * gregor I've got a problem with my vserver. When I enter w/ "vserver testing enter", I don't get the SIGWINCH-Signal. So if I change the dimensions of my terminal, they won't be released into my testing-vserver. Is there a work-a-round? 1189517404 M * nkukard gregor, if worst comes to worst you can always ssh into it ;) 1189517513 M * gregor that's right... but I wouldn't like to run any server on it :-( 1189517672 M * gregor I've searched a bit the internet and found several hits with "vlogin". Does it realate with my sigwinch-problem? I don't have a binary called vlogin on my host. 1189517685 M * gregor (sorry for my english ^^) 1189517717 M * Hollow gregor: yes, it is vlogin related, which is compiled into vcontext 1189517751 M * Hollow i experienced the same problem, but i looked at the source again, but couldn't find any bug in the SIGWINCH handling 1189517905 M * gregor Hollow: Hi... I've asked you already in the gentoo-vserver-channel :) . I guess, I'll give up and install a sshd, which only accept the IP of my host. :-/ 1189517930 M * Hollow ah, right, i remember :) 1189517958 M * igraltist hi 1189517983 M * igraltist how far is this vs2.3.0.18 ? 1189517992 M * igraltist is it working 1189518058 M * gregor vs2.3.0.18? ... I use util-vserver 0.30.214 1189518222 M * igraltist this is the patch for the kernel 1189518228 M * igraltist i mean the version 1189518256 M * zbyniu igraltist: CONFIG_IPV6=m is not ready ie 1189518274 M * igraltist ok this i do not use 1189518307 M * igraltist i read that this support than the loopback in the guest? 1189518443 M * zbyniu i saw changes in kernel, but i didn't test it 1189518571 Q * michal` Ping timeout: 480 seconds 1189518587 J * michal` ~michal@www.rsbac.org 1189518644 M * ard Hollow : daniel_hozac had a fix for that 1189518654 M * Hollow ah? 1189518658 M * ard delta-pid_task-fix01.diff 1189518661 M * ard fixed it for me 1189518724 M * Hollow ah, a kernel problem after all 1189518729 M * ard (from his experimental stuff) 1189518745 M * ard But that was a fix for 2.2.0 1189518762 M * Hollow still running 2.2.0 on this machine :) 1189518793 M * Hollow somehow the newer alsa drivers lost my PCM channel :) 1189518861 M * ard With 2.2.0.3 and a 2.6.22.6 kernel I get a good SIGWINCH 1189518925 M * matti Hi Hollow 1189518941 M * Hollow hi matti 1189519271 Q * michal` Ping timeout: 480 seconds 1189519645 J * michal` ~michal@www.rsbac.org 1189520553 Q * friendly12345 Quit: Leaving. 1189521161 J * fatgoose_ ~samuel@206-248-128-12.dsl.teksavvy.com 1189521309 J * pmenier ~pmenier@LNeuilly-152-22-72-5.w193-251.abo.wanadoo.fr 1189521495 Q * fatgoose Ping timeout: 480 seconds 1189521935 Q * jmcaricand Remote host closed the connection 1189522941 M * daniel_hozac Hollow: yeah, it's a problem in the kernel's tty code, we isolated the part that would handle it... 1189522975 M * Hollow hehe 1189523003 M * gregor YEAH! ... I've installed the kernal as ard tells and now everything works fine :) 1189523380 Q * nkukard Quit: Leaving 1189524114 M * ard gregor : but you forgot to also install the ipv6 patch 1189524122 N * Bertl_zZ Bertl 1189524124 M * ard only then everything works fine :-) 1189524130 M * Bertl morning folks! 1189524142 M * ard hmmzz... 17:22 is not morning! 1189524161 M * Bertl ard: depends on the patch version, no? 1189524162 M * ard although I would gladly start at 17:00 :-) 1189524253 M * ard Bertl : I've tried the 2.2.0.3 with the ipv6 patch from bonbons 1189524262 M * ard it seems to work ;-) 1189524324 J * balbir ~balbir@122.167.75.103 1189524330 M * Bertl well, 2.3.0.19 has ipv6 support 1189524348 M * Bertl (so you don't need a patch for that :) 1189524420 M * ard I would love to test that. In combination with 2.6.23 once that is stable :-) 1189524433 M * ard (and does not panic on me 3 times in a row) 1189524434 M * Wonka Bertl: any known bugs in that one? 1189524450 M * Wonka 2.6.23 is not out yet 1189524454 M * Wonka only -rc6 1189524467 M * Bertl no known bugs in 2.3.0.19 so far 1189524542 M * Bertl the 2.6.23 patch will have some bugs when released (because of certain kernel changes) 1189524543 M * Wonka cool 1189524572 M * Wonka i'll get a new box to migrate some vservers to in the next days... 1189524599 M * sid3windr you think it's cool to have bugs on release Wonka ? :P 1189524611 A * ard was just thinking that 1189524614 Q * FireEgl Read error: Connection reset by peer 1189524634 M * Wonka sid3windr: i meant the "no known bugs yet" 1189524635 M * ard what kind of function is c00l to run in the vserver without getting a horde of angry people 1189524660 M * Wonka ard: tor node. on an IP that's used for nothing else. 1189524668 A * ard still wants to run his desktop inside a vserver 1189524676 J * coderanger_ ~coderange@c-65-96-210-168.hsd1.ma.comcast.net 1189524679 M * Bertl ard: go ahead ... 1189524693 M * Bertl ard: many folks before you have done that :) 1189524703 M * ard Wonka : I pay (a lot) for my bandwidth :-( 1189524707 M * Bertl okay, off for now ... back later 1189524713 N * Bertl Bertl_oO 1189524716 M * ard o/~ 1189524767 A * ard only wonders what's better: run the X-server in xid 0, or run the X-server in the same xid as the desktop, or run the X-server in a seperate xid. 1189524782 M * ard And what happens with DRI 1189524788 M * Wonka ard: :/ 1189524818 M * ard X in 0, and desktop in vserver is working for me... 1189524835 M * ard (just hardlink the /tmp/X0 stuff) 1189525397 M * daniel_hozac Bertl_oO: 2.3.0.19 does have known bugs, -o tag doesn't work :) 1189525525 J * FireEgl FireEgl@4.0.0.0.1.0.0.0.c.d.4.8.0.c.5.0.1.0.0.2.ip6.arpa 1189526046 M * Bertl_oO daniel_hozac: how so? 1189526077 M * daniel_hozac it's removed in __dx_parse_tag, and as such not passed to the superblock parsers which enable it... 1189526209 M * Bertl_oO hmm, okay, the CONFIG_PROPAGATE ended up in the wrong place 1189526223 M * Bertl_oO it was supposed to go right after notagcheck 1189526236 M * Bertl_oO will fix that up in 2.3.0.20 today 1189526294 M * Bertl_oO daniel_hozac: do you agree that this should fix it? 1189526299 M * daniel_hozac yes. 1189526554 Q * gregor Quit: Ciao! 1189526851 J * bonbons ~bonbons@2001:960:7ab:0:20b:5dff:fec7:6b33 1189527216 J * jmcaricand ~jmcarican@d77-216-145-6.cust.tele2.fr 1189527292 Q * coderanger_ Quit: coderanger_ 1189527752 M * bXi can i see the context id inside a vserveR? 1189527921 M * Bertl_oO bXi: depends on the config, but usually yes 1189527940 T * Bertl_oO http://linux-vserver.org/ | latest stable 2.2.0.3, 2.0.3-rc3, devel 2.3.0.20, stable+grsec 2.0.2.1, 2.2.0.3 | util-vserver-0.30.214 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the Wiki, and we'll forget about the minute ;) 1189527945 M * Bertl_oO *2.3.0.20 1189528429 Q * yarihm Quit: This computer has gone to sleep 1189528821 M * Supaplex :) 1189528867 J * ensc ~irc-ensc@p54B4E7BB.dip.t-dialin.net 1189529337 M * bXi Bertl_oO: easy 1189529345 M * bXi i first need to compile .18 and .19 :P 1189529812 M * Julius hey, i just reinstalled my server and I'm going to put everything into vservers :) 1189529917 J * fatgoose ~samuel@206-248-128-12.dsl.teksavvy.com 1189529917 Q * fatgoose_ Read error: Connection reset by peer 1189530016 Q * pmenier Quit: pmenier 1189530309 Q * jmcaricand Quit: KVIrc 3.2.4 Anomalies http://www.kvirc.net/ 1189531360 J * coderanger_ ~coderange@wireless-19-97.media.mit.edu 1189531865 P * BenG 1189532189 Q * ema Quit: leaving 1189532392 M * Julius do i have to create multiple interface labels for different ips or can i simply pass them to newvserver 1189532902 M * ard newvserver is a debian thing 1189532927 M * ard Do you really want ip labels? 1189532956 M * ard newvserver just accepts the ip , and it will work. 1189533391 M * Julius i dont want ip labels 1189533398 M * Julius thats why i asked :) 1189533479 M * ard ah 1189533500 M * ard in that case: you don't need to do anything :-). Just --ip 1189533584 M * Julius fine :) 1189533909 Q * zbyniu Quit: Lost terminal 1189533938 Q * transacid Remote host closed the connection 1189534000 J * zbyniu ~zbyniu@host13-188.crowley.pl 1189534278 Q * lilalinux Remote host closed the connection 1189534425 M * Julius nice 1189534458 J * transacid ~transacid@transacid.de 1189534533 M * Julius next stop -> firewall 1189534574 M * Julius i guess i have to use the user id if ich want to match packet owners 1189534925 Q * hijacker Read error: Connection timed out 1189535323 M * ard depends on what you do :-) 1189535345 M * ard Just matching IP's work fine 1189535378 M * ard I think matching user-id won't work because you don't know the vserver it comes from 1189535438 M * Julius well 1189535445 M * Julius i mean the numeric id 1189535468 M * Julius thats something the kernel should know 1189535507 M * ard yes... But I think the group+user+context only works on filesystems 1189535516 M * daniel_hozac but you can have uid 500 in several different guests at the same time... 1189535522 M * ard Internally those are 3 seperate fields... 1189535542 M * Supaplex and sockets are files to 1189535580 A * ard would love a contex-id test in xfilter 1189535593 M * ard and it shouldn't be that hard if it already can test for uid 1189535595 M * daniel_hozac i have patches for that... 1189535602 M * ard w00t 1189535605 M * daniel_hozac not updated recently though. 1189535668 M * Julius ^^ 1189535710 M * Julius i dont think there will be any confusion about UIDs when i seperate the traffic of the vservers into several chains 1189535723 M * ard true... 1189536035 J * wilmer_ ~mark@ip56538143.direct-adsl.nl 1189536084 M * ard Hmmmm, as a test I put 7:23:respawn:/bin/sleep 3600 1189536088 M * ard in /etc/inittab 1189536095 M * ard Now I realise there is no init. 1189536214 A * ard reads something about fakeinit 1189536438 Q * phedny Ping timeout: 480 seconds 1189536511 M * zbyniu daniel_hozac: patches for owner-{n,x}id are not updated, but works fine :) 1189536575 M * zbyniu daniel_hozac: why not in vserver mainstream? 1189536609 M * daniel_hozac because they're not _that_ useful. 1189536664 M * zbyniu hmmm? 1189536700 M * daniel_hozac -m owner only works for outgoing packets. 1189536771 M * zbyniu ach 1189536823 M * zbyniu btw, there were some patches for owner in INPUT 1189536824 M * ard Is set_ipv4root(unsigned long ip) 1189536826 M * ard current? 1189536836 M * daniel_hozac hell no. 1189536845 A * ard sighs... 1189536850 M * daniel_hozac that's as legacy as it gets. 1189536869 M * ard it's in the debian version: util-vserver-0.30.213/doc/intro.txt 1189536908 M * ard But seems to be in the main 213 tar... 1189536918 A * ard can't find it in the package diff 1189536933 M * daniel_hozac that's a really old paper, AFAICT. 1189536948 M * ard it talks about fakeinit and stuff :-) 1189536973 A * ard thinks it's time to repackage util-vserver 1189536992 M * daniel_hozac hmm? 1189537075 M * ard there are too many obsolete things in the package like vserver-copy 1189537102 M * ard util-vserver-0.30.214/doc/intro.txt 1189537104 M * ard Hmmmm :-) 1189537125 M * ard I mean re-dpkg-ing it ;-) 1189537141 A * Supaplex would like a fresh up to date .deb of it to 1189537154 M * daniel_hozac i don't know why the Debian-package insists on not using the split the RPMs use. 1189537236 M * ard what split is in the rpm? 1189537264 A * ard is almost in favor of deleting intro.txt 1189537268 M * ard except for the intro :-) 1189537283 M * Supaplex so you're left with .txt instead? ;) 1189537289 M * ard LOL 1189537293 M * daniel_hozac main, core, lib, sysv, legacy and build. 1189537299 M * ard ah 1189537324 M * Supaplex is -dev == -build ? 1189537358 M * ard no... 1189537365 M * ard it is the making of a vserver image 1189537390 M * ard vserver build I guess 1189537415 M * daniel_hozac ah, and -devel, of course. 1189537419 M * daniel_hozac i knew i was forgetting one :) 1189537427 A * ard guesses the rpm-guy had a better understanding of the innerworks of util-vserver 1189537457 M * daniel_hozac well, ensc only wrote it... :) 1189537467 M * ard I've been busy since january or so, and I am still busy trying to grasp the stuff :-) 1189537467 M * Bertl_oO Julius: if you want to do yourself (and us) a favor ... forget about newvserver :) 1189537491 M * ard Bertl_oO : it actually does some good... 1189537501 M * daniel_hozac such as? 1189537528 M * daniel_hozac and what of that is not covered by vserver ... build? 1189537555 M * ard eh, the removing of a lot of hardware controlling packages :-) 1189537577 M * Bertl_oO is better done with vserver - build :) 1189537597 A * ard must admit he has never used vserver .... build except for clone and stuff 1189537628 M * ard That's something I've discovered on this channel a few weeks back... :-( 1189537710 A * ard now knows why the rpms are better: %changelog * Mon Jun 25 2007 Daniel Hokka Zakrisson - 0.30.214-0 1189537712 M * ard :-) 1189537736 M * daniel_hozac nah, ensc has done all that work. 1189537746 M * daniel_hozac i've just made a couple of updates. 1189538126 M * ard 21:09 /me is going home 1189538135 M * ard 0/~ 1189538886 P * coderanger_ 1189539057 M * matti Hi B. 1189539057 Q * bonbons Read error: Connection reset by peer 1189539137 J * bonbons ~bonbons@2001:960:7ab:0:20b:5dff:fec7:6b33 1189540279 J * ktwilight ~ktwilight@124.82-66-87.adsl-dyn.isp.belgacom.be 1189540485 J * dennis ~dennis@dslb-088-068-223-035.pools.arcor-ip.net 1189541012 Q * DavidS Quit: Leaving. 1189541087 J * yarihm ~yarihm@84-75-130-73.dclient.hispeed.ch 1189541741 Q * nox Ping timeout: 480 seconds 1189541771 J * nox ~nox@static.88-198-17-175.clients.your-server.de 1189542261 Q * meandtheshel1 Quit: Leaving. 1189542407 Q * daniel_hozac Ping timeout: 480 seconds 1189542741 J * daniel_hozac ~daniel@c-051472d5.08-230-73746f22.cust.bredbandsbolaget.se 1189542995 Q * bonbons Quit: Leaving 1189543223 Q * Julius Remote host closed the connection 1189543722 Q * fatgoose Quit: fatgoose 1189544207 Q * ktwilight Ping timeout: 480 seconds 1189544705 J * coderanger_ ~coderange@wireless-19-97.media.mit.edu 1189545165 Q * rorem- Read error: Connection reset by peer 1189545277 J * Aiken ~james@ppp121-45-250-174.lns2.bne4.internode.on.net 1189545532 P * coderanger_ 1189545927 J * rorem- ~roremtank@bzq-219-46-202.isdn.bezeqint.net 1189546217 Q * duckx Remote host closed the connection 1189546576 J * hijacker ~hijacker@213.91.163.5 1189548010 N * Bertl_oO Bertl 1189548020 M * Bertl back now ... 1189548120 M * Supaplex so soon? :) 1189548134 A * Supaplex processes some rebates 1189548350 J * Ashsong ~mstone@1cc-dhcp-93.media.mit.edu 1189548357 M * Ashsong Bertl: 'afternoon. 1189548407 Q * arachnist Ping timeout: 480 seconds 1189548879 M * Bertl hey Ashsong! how's going? 1189548892 M * Ashsong Bertl: good. I'm working on networking support today. 1189548904 M * Ashsong I had a question and a comment. 1189548914 M * Bertl let's hear ... 1189548935 M * Bertl ah, had? 1189548980 M * Ashsong Well, still experiencing minor confusion. 1189548999 M * Ashsong Does util-vserver-0.30.214 support the v1 network interfaces? 1189549015 M * Bertl yes, as far as I know, it does 1189549062 M * Ashsong Hmm. The vc_net_create() described in lib/vserver.h doesn't appear to take any flags. 1189549123 M * Ashsong VCMD_net_create (VNET, 1) takes flags, though; doesn't it? 1189549133 M * Ashsong or rather, (VNET, 1, 1) 1189549154 M * Bertl yes, that one takes flags (the initial flag set) 1189549186 M * Ashsong so does util-vserver's vc_net_create() supply default flags when it actually makes the syscall? 1189549209 M * Bertl could be, you are asking the wrong person here :) 1189549217 M * Bertl daniel_hozac: ping? 1189549243 M * Ashsong Bertl: it's not a big deal; I just noticed it along the way. 1189549274 M * Ashsong Question 2: Should we be turning of VC_VXF_STATE_ADMIN and VC_NXF_STATE_ADMIN when we start process and network contexts? 1189549289 M * Ashsong (i.e. when we turn of the appropriate *_SETUP flag?) 1189549300 M * Ashsong s/of/off/ 1189549304 M * Bertl probably not, unless you distrust the host context 1189549331 M * Ashsong okay, we'll leave them on. 1189549333 M * Bertl the admin state flag allows you to administrate (handle) the guest context 1189549341 M * Ashsong but only from xid 0. 1189549344 M * Ashsong correct? 1189549345 M * Bertl yes 1189549358 M * Ashsong Good. Just verifying that I understand. :) 1189549364 M * Bertl np 1189549372 M * Ashsong Okay, finally, I wanted to make sure that I've got the network sequence correct. 1189549400 M * Ashsong working from the ncontext commands you supplied: 1189549401 M * Ashsong ncontext --create --nid 42 -- naddress --add --ip 18.85.19.92/23 -- ncontext --migrate-self -- bash 1189549405 M * Ashsong ncontext --create --nid 42 -- naddress --add --ip 2001:4830:2446:ff00:217:c4ff:fe05:2734/64 -- ncontext --migrate-self -- bash 1189549409 M * Ashsong (for example) 1189549416 M * Ashsong the calls I want to make are something like 1189549428 M * Ashsong vc_net_create(42) 1189549438 M * Ashsong vc_net_add_ipv4/6(42, ...) 1189549477 M * Ashsong then turn off the VC_NXF_STATE_SETUP flag that I was supposed to supply to the call to vc_net_create() ? 1189549480 M * Ashsong Is that it? 1189549494 M * Bertl yep, then chroot/fork/exec 1189549497 M * Ashsong right. 1189549499 M * Ashsong great. 1189549531 M * Bertl but again, it won't hurt to double check that sequence with daniel_hozac too (or just look at the --debug output of a guest startup) 1189549549 M * Ashsong Sure. 1189549567 M * Ashsong Alright, well that's all of my questions for the moment. 1189549575 M * Ashsong Is there anything you need/want from me? 1189549576 M * Bertl yep, it seems that 0.30.214 is using the v0 create, but the v1 add stuff 1189549590 M * Ashsong Bertl: good; my eyes weren't deceiving me. 1189549603 M * Bertl no, I (think I) got everything I need from you ... 1189549629 M * Ashsong oh, good. 1189549637 M * Ashsong is life treating you well otherwise? 1189549661 M * Bertl got a minor cold last week, so not 100% but everything else is fine 1189549676 M * Ashsong heh; sorry to hear that. 1189549704 M * Ashsong I'm glad to hear that you're surviving in spite of it, though. 1189549721 M * Ashsong How is jffs2 accounting? 1189549745 M * Bertl I got the patches off the machine right before the weekend, so not much happened there yet 1189549764 M * Ashsong indeed. I was just curious if your thinking had progressed since we last talked. 1189549765 M * Bertl but I think we should be good at the end of the week, at least for testing 1189549774 M * Ashsong cool! 1189549775 M * Ashsong :) 1189549784 M * Bertl yeah, have a few ideas just have to implement them 1189549793 M * Ashsong of course. 1189549809 M * Ashsong well, we have a speaker who has just arrived, so I'm going to disappear now. 1189549811 M * Ashsong take care! 1189549822 M * Bertl cya! have fun! 1189549843 N * Ashsong Ashsong|away 1189550226 M * matti Hi B. 1189551168 M * Bertl hey matti! 1189551178 P * glen_ 1189551285 M * dennis hey! :) 1189551324 M * Bertl hey dennis! 1189551416 M * dennis whats the difference between the both debian kernel-images: linux-image-2.6-vserver-amd64 and linux-image-vserver-amd64? 1189551435 M * dennis is the latest one a meta-package? 1189551444 M * Bertl no idea, what does the description say? 1189551480 M * Wonka both are meta packages 1189551491 M * Wonka the latter one depends on the former one 1189551500 M * dennis ah... linux-image-vserver-amd64: "This package depends on the latest binary image for Linux kernel on all 64bit single- and multiprocessor AMD and Intel machines." 1189551505 M * Wonka and the former one on the current linux-image-2.6.xxx-vserver-amd64 1189551517 M * Bertl Wonka: ah, thanks for the info! 1189551529 M * dennis Wonka: thanks! :) 1189551563 M * Wonka np 1189552768 M * matti Hi Wonka 1189552953 J * arachnist arachnist@088156189068.who.vectranet.pl 1189553085 M * Bertl wb arachnist! 1189553096 M * arachnist hey 1189553194 Q * FireEgl Ping timeout: 480 seconds 1189553751 M * matti Hi arachnist 1189553763 M * arachnist hi 1189553769 M * arachnist and g'night 1189555026 Q * michal` Ping timeout: 480 seconds 1189555166 Q * arachnist Read error: Connection reset by peer 1189555177 J * arachnist arachnist@088156189068.who.vectranet.pl