1192061488 J * friendly12345 ~friendly@ppp121-44-205-137.lns3.mel4.internode.on.net 1192062152 M * Bertl daniel_hozac: somebody noticed that the changelog doesn't mention 2.2.0.4 :) 1192063517 Q * hparker Quit: peer reset by connection 1192065722 Q * Piet Quit: Piet 1192067142 Q * fb Ping timeout: 480 seconds 1192067380 J * fb fback@red.fback.net 1192067742 M * Bertl okay, off to bed now .. have a good one everyone! cya! 1192069806 M * Supaplex later Bertl 1192070243 Q * micah Remote host closed the connection 1192070272 J * oauto ~micah@micah.riseup.net 1192070278 N * oauto micah 1192070567 Q * micah Remote host closed the connection 1192070575 J * oauto ~micah@micah.riseup.net 1192070593 N * oauto micah 1192073715 Q * zLinux_ Ping timeout: 480 seconds 1192075145 J * ruskie_ ruskie@goatse.co.uk 1192075349 Q * ruskie Ping timeout: 480 seconds 1192075355 N * ruskie_ ruskie 1192075414 Q * Loki|muh Remote host closed the connection 1192075789 J * Loki|muh loki@satanix.de 1192076722 Q * mattzerah Read error: Operation timed out 1192077199 J * ruskie_ ruskie@goatse.co.uk 1192077384 Q * ruskie Ping timeout: 480 seconds 1192077414 N * ruskie_ ruskie 1192077599 J * zLinux ~zLinux@88.213.26.14 1192077793 J * mattzerah ~matt@121.50.219.188 1192078065 Q * mountie Ping timeout: 480 seconds 1192081115 Q * balbir Ping timeout: 480 seconds 1192082865 Q * the-dude Ping timeout: 480 seconds 1192083259 J * virtuoso_ ~s0t0na@ppp91-122-25-89.pppoe.avangard-dsl.ru 1192083659 Q * virtuoso Ping timeout: 480 seconds 1192084291 M * arachnist Linux 2.6.22.6-vs2.2.0.3 1192084301 M * arachnist hmm... 1192084467 J * DavidS ~david@vpn.uni-ak.ac.at 1192084798 J * Julius ~julius@p57B2742E.dip.t-dialin.net 1192085085 Q * PhatJ_ Ping timeout: 480 seconds 1192085094 J * balbir ~balbir@59.145.136.1 1192085328 J * JonB ~NoSuchUse@kg1-61.kollegiegaarden.dk 1192085340 Q * FireEgl Ping timeout: 480 seconds 1192085528 Q * ruskie Quit: Changing server... 1192085532 J * ruskie ruskie@goatse.co.uk 1192086799 N * BobR BobR_afk 1192087363 J * larsivi ~larsivi@85.221.53.194 1192087719 J * FireEgl FireEgl@4.0.0.0.1.0.0.0.c.d.4.8.0.c.5.0.1.0.0.2.ip6.arpa 1192089772 J * gebura ~gebura@173.201.101-84.rev.gaoland.net 1192089811 M * gebura hi 1192089819 M * JonB hi 1192090107 Q * ruskie Read error: Connection reset by peer 1192090203 J * ruskie ruskie@ruskie.user.oftc.net 1192090367 J * ntrs_ ~ntrs@79.125.235.161 1192090665 Q * JonB Ping timeout: 480 seconds 1192091735 J * dna ~dna@220-246-dsl.kielnet.net 1192091828 J * JonB ~NoSuchUse@130.227.63.19 1192094030 Q * larsivi Quit: Konversation terminated! 1192094178 J * larsivi ~larsivi@85.221.53.194 1192095377 J * rgl ~rgl@84.90.232.200 1192095380 M * rgl hello 1192095395 M * rgl Bertl, any news about 2.6.23 patch? :-) 1192095628 M * JonB did you try patching the one for 2.6.22.9 ? 1192095636 M * JonB --dry-run? 1192095689 M * rgl JonB, Bertl said it won't work. 1192095703 M * JonB okay 1192095722 M * rgl he also gave me a link to a 2.6.23-rc9, but it didn't compile. 1192095726 M * JonB ok 1192095744 M * Bertl rgl: will be up soon ... 1192095770 M * rgl Bertl, ok. just checking :-) 1192095773 M * Bertl 2.6.23 is _very_ different, so don't expect it tork immediately 1192095783 M * Bertl *to work 1192095833 M * rgl oh I see. no problem. 1192096198 M * Bertl rgl: but we will need testing once it's out, so please keep available :) 1192096228 M * Bertl *keep ahnging around/stay available :) 1192096265 M * rgl sure. I more-or-less are available. (I'm a user of vserver, so I won't go away ;-) 1192096315 Q * Falle Remote host closed the connection 1192097263 Q * rgl Quit: Enough 1192097870 J * rgl ~rgl@84.90.232.200 1192098577 N * virtuoso_ virtuoso 1192098769 M * daniel_hozac Bertl: i know, i'll write it up today :) 1192098972 J * Yvo yvonne@vpn049.rz.uni-mannheim.de 1192098994 M * Bertl daniel_hozac: np, take your time 1192099002 M * Bertl wb Yvo! 1192099014 M * Yvo hi :-) 1192100189 Q * rgl Quit: Enough 1192101170 Q * ntrs_ Ping timeout: 480 seconds 1192101316 J * mountie ~mountie@trb229.travel-net.com 1192101676 M * Bertl wb mountie! 1192101800 J * jmcaricand ~user@d83-179-172-170.cust.tele2.fr 1192101917 J * rgl ~rgl@84.90.232.200 1192102265 Q * Yvo Quit: Leaving. 1192102312 M * rgl hum, I'm readying about syncookies at Documentation/networking/ip-sysctl.txt (inside kernel sources), but the last statement seems to be plainly wrong: "syncookies seriously violate TCP protocol". what do you guys think? 1192102390 M * Bertl well, that seems to depend on the perspective: http://cr.yp.to/syncookies.html 1192102424 M * rgl Bertl, yeah, djb says they are not a violation :D 1192102449 Q * _gh_ Ping timeout: 480 seconds 1192102553 M * rgl you use then Bertl ? 1192102638 M * Guy- rgl: fwiw, I published some peer-reviewed papers on SYN flood defense, and I also don't think they violate the TCP protocol 1192102759 M * Guy- rgl: there is just a problem with bounce flooding and the possibility of self-DoS (if you have asymmetric bandwidth) 1192102771 M * rgl Guy-, I'm not sure about (from djb claims): "SYN cookies ``do not allow to use TCP extensions'' such as large windows. Reality: SYN cookies don't hurt TCP extensions. A connection saved by SYN cookies can't use large windows; but the same is true without SYN cookies, because the connection would have been destroyed." 1192102787 M * Guy- this statement is exactly right 1192102791 M * rgl Guy-, can I see those papers? 1192102802 M * Guy- rgl: only one of them is in English 1192102809 M * Guy- well, two 1192102822 M * rgl link please :) 1192102833 M * Guy- but this one will do for you: http://chardonnay.math.bme.hu/~korn/research/Korn,_Feher_-_RESPIRE-A_Novel_Approach_to_Automatically_Blocking_SYN_Flooding_Attacks_%5BEUNICE2004%5D.pdf 1192102835 M * rgl the others are in what lang? 1192102841 M * Guy- Hungarian :) 1192102868 M * rgl oh hehe 1192102912 M * Guy- the other English paper includes some more details about the performance of the RESPIRE algorithm described in the paper above 1192102918 M * Guy- from an analytic perspective 1192102967 M * rgl Guy-, is the RESPIRE algo used in linux? 1192102981 M * Guy- there is a linux implementation available, but it's not in the mainstream kernel 1192102989 M * Guy- http://www.mad.hu/~husky/GET/ipt_respire-20050522.tar.bz2 1192103002 M * Guy- unfortunately, it's not SMP safe 1192103002 M * rgl why isn't it on the kernel? 1192103025 M * Guy- the guy who wrote the patch promised to clean it up and submit it to the netfilter team, but never got around to it 1192103049 M * rgl ah ok. 1192103106 M * rgl you known some paper about the linux implementation? 1192103113 M * Guy- come again? 1192103119 P * friendly12345 1192103158 M * rgl in your paper you talk about the RESPIRE implementation, correct? 1192103172 M * Guy- no, about the algorithm, in an abstract way 1192103181 M * Guy- there is no separate paper about the implementation 1192103203 M * Guy- it's a proof-of-concept; I used to run it on one of the Hungarian IRCNet servers (it experienced synfloods quite frequently) 1192103226 M * Guy- it worked well, but then we upgraded the hardware and now it's an SMP box, so it's no longer safe to run this particular RESPIRE implementation on it 1192103277 M * rgl ok. 1192103300 M * rgl I was asking if you known one that talks about the algo that is used in linux :-D 1192103303 M * Guy- the implementation uses linked lists where the paper talks about 256-ary trees, so it sacrifices some processing power for memory efficiency 1192103318 M * Guy- mainstream linux only has syncookies 1192103334 M * rgl ah ! 1192103342 M * Guy- they are good as long as you don't mind sending out a synack flood that has the same magnitude as the incoming syn flood 1192103381 M * Guy- the RESPIRE algorithm actually identifies the flooding subnet(s) and blocks them, so you don't respond to their SYNs anymore 1192103395 M * Guy- if you don't need this, syncookies are fine 1192103414 M * rgl interesting :D 1192103503 M * Guy- I think this is off-topic for #vserver though 1192103517 M * Guy- feel free to msg me if you'd like to talk about it more, but now I must be off 1192103523 M * rgl where is this ontopic? :) 1192103536 M * rgl Guy-, ok. thx for the tips! 1192103541 M * Guy- you're welcome 1192103542 M * Guy- bbl 1192103548 M * rgl Guy-, and explanations. I'll read the paper this weeked :-) 1192104672 J * Piet ~piet@tor.noreply.org 1192104707 M * daniel_hozac Bertl: hmm, i'm not seeing the POSIX timer fix in 2.6.22.9-vs2.2.0.4? 1192104767 M * daniel_hozac checking the other 2.2.0.4's now.. 1192104798 M * daniel_hozac the others do have it. 1192104804 M * Bertl interesting ... 1192104834 M * Bertl indeed, will update in place 1192105303 J * ntrs_ ~ntrs@79.125.239.214 1192105328 M * daniel_hozac let me know when it's done so i can update ftp.linux-vserver.org 1192105343 M * Bertl it's done :) 1192105351 M * daniel_hozac heh, oka. 1192105996 M * daniel_hozac changelog updated too. 1192106022 M * Bertl excellent! thanks! 1192106155 Q * balbir Ping timeout: 480 seconds 1192107134 Q * rgl Ping timeout: 480 seconds 1192107147 J * ema ~ema@rtfm.galliera.it 1192107800 J * hparker ~hparker@linux.homershut.net 1192107848 J * _gh_ ~gerrit@c-67-169-199-103.hsd1.or.comcast.net 1192108184 J * sannes ace@har.sagt.no 1192108232 M * sannes okay, what does the new CONFIG_USER_NS in 2.6.23 mean ? 1192108252 M * daniel_hozac user namespaces have been merged in mainline. 1192108266 M * Bertl it means that you can have more than one user space 1192108333 M * sannes hm, .. how is this different from earlier namespaces ? 1192108378 M * daniel_hozac it's for users rather than mounts, IPC or uts information? :) 1192108408 M * Bertl sannes: there are no 'earlier' user namespaces :) 1192108536 M * sannes okay, so it is a namespace for users, .. and I still can't wrap my heads around it, is it for statistics per uid or what? Since I thought that the kernel really don't care much for users except for checking the current->uid against other permissions .. 1192108545 M * sannes -heads +head :P 1192108558 M * Bertl it is a namespace to contain users 1192108580 M * Bertl basically uid becomes user-space-id:uid 1192108608 M * sannes aha, so when I get a kernel messages saying uid did something it is now possible to say uid in namespace X did it :P 1192108634 M * Bertl more than that, it is possible to have uid=0 in more than one instance 1192108677 M * daniel_hozac this is something we've been doing for a long time. 1192108697 Q * Aiken Quit: Leaving 1192108723 M * sannes so it is the functionality that makes it possible to have a namespace aware security check more or less? 1192108748 M * sannes the part that makes it possible to modify procfs to only show processes in that namespace .. 1192108756 M * daniel_hozac no. 1192108756 M * Bertl no, it is the basic functionality to have multiple root accounts 1192108759 M * daniel_hozac that's the pid namespace. 1192108896 M * sannes ah, .. right, of course, pid namespace.. somehow I was crossing this with some patches I played around with earlier .. hm .. 1192108964 M * sannes so you can have two users with the same uid but different namespaces, and you can differ between them .. 1192109145 M * sannes hm, I'm not trying to be difficult or anything, I'm just trying to grasp the difference, I mean I can easily create two root accounts earlier with uid=0, altought they would seem to be the same from the kernels perspective in 2.6.22 (when not using vserver that is) .. 1192109194 M * daniel_hozac yep. 1192109232 M * sannes I think it is really cool that vserver virtualization parts/stuff/ideas are getting into mainline :) 1192109329 M * sannes Will the vserver become a little bit smaller each time things like these get in? :P 1192109342 M * sannes -vserver +vserver-patch 1192109369 M * daniel_hozac well, it usually depends on the specific implementation. 1192109378 M * daniel_hozac sometimes using the namespaces may actually require more code. 1192109434 M * sannes would you consider it better or worse, from a design perspective? 1192109500 M * daniel_hozac what? 1192109503 M * sannes hm, maybe more userspace code aswell? 1192109532 M * sannes well, would you consider it a good thing that things are getting into vanilla? 1192109578 M * daniel_hozac sure, as long as it's not over-engineered or causes too much overhead. 1192109846 Q * DavidS Quit: Leaving. 1192110079 Q * JonB Ping timeout: 480 seconds 1192110130 Q * larsivi Quit: Konversation terminated! 1192110240 Q * mountie Quit: LUNCK! 1192110265 M * Bertl lunck sounds interesting ... 1192110304 A * hparker hopes it's not making any noises, prefers his dead 1192110728 J * mountie ~mountie@trb229.travel-net.com 1192111534 J * ntrs ~ntrs@79.125.239.214 1192111534 Q * ntrs_ Read error: Connection reset by peer 1192112513 J * pmenier ~pmenier@LNeuilly-152-22-72-5.w193-251.abo.wanadoo.fr 1192112559 Q * Piet Ping timeout: 480 seconds 1192113158 J * Piet ~piet@tor.noreply.org 1192113981 J * dowdle ~dowdle@scott.coe.montana.edu 1192114018 Q * faheem Quit: Lost terminal 1192114527 J * lungpu ~gmaluf@202.31.80.200.host.ifxnw.com.ar 1192114552 M * Bertl wb dowdle! pmenier! 1192114556 M * Bertl welcome lungpu! 1192114639 Q * lungpu 1192114656 M * dowdle Good evening Bertl. 1192114667 J * lungpu ~gmaluf@202.31.80.200.host.ifxnw.com.ar 1192114826 M * Bertl lungpu: problems with your client? 1192114908 M * lungpu why? what does appear? 1192114934 M * Bertl lungpu: ah, just wondering because you come and go without saying anything 1192114966 M * lungpu ou... sorry, I didn't know what your nick was 1192114989 M * lungpu yes, I had problems with my client 1192115043 M * lungpu I haven't use irc for a while, and this client I installed now asks for the channels list upon connect 1192115069 M * lungpu In a bandwith limited environment.. its not nice :) 1192115081 M * lungpu you're Herbert? 1192115113 M * Bertl yep 1192115131 M * lungpu nice to meet u 1192115138 M * Bertl the pleasure is mine ... 1192115140 M * lungpu thanks for your answer yesterday 1192115149 M * lungpu I'm Gustavo 1192115160 M * lungpu I'm on the vserver maillist too 1192115168 M * Bertl ah, ic 1192115211 Q * jmcaricand Remote host closed the connection 1192115213 M * Bertl so, do we have version numbers and/or something in the dmesg output? 1192115248 M * lungpu dmesg doesn't log anything 1192115250 M * lungpu (about my vservers) 1192115263 M * lungpu but version is not the problem, I think 1192115272 M * Bertl okay, that is usually a good sign, unless you have the warnings disabled :) 1192115292 M * daniel_hozac (which it would be on older kernels) 1192115304 M * daniel_hozac e.g. the Debian etch kernl. 1192115307 M * lungpu It used to work, but maybe in the middle of some of my tests, it crashed 1192115329 M * daniel_hozac showattr -d / /etc /etc/vservers /etc/vservers/ 1192115341 M * lungpu no, I'm using Debian etch stable 1192115354 M * daniel_hozac yeah, so that doesn't have the warnings :) 1192115368 M * lungpu give me a moment.. I'll give you version numbers 1192115391 M * Bertl yeah, take your time ... 1192115401 M * lungpu I did, they're blank, no special attribs on there 1192115407 M * lungpu *in there 1192115430 M * daniel_hozac blank? 1192115438 M * daniel_hozac -------? 1192115461 M * Bertl lungpu: note that showattr != lsattr :) 1192115462 M * lungpu yep 1192115485 M * lungpu ah... yeah, you're right 1192115499 M * pmenier Hello 1192115501 M * lungpu let me check 1192115504 M * lungpu linux-image-2.6.18-4-vserver-k7 2.6.18.dfsg.1-12etch2 1192115511 J * Yvo ~yvonne@91.64.217.106 1192115518 M * Bertl wb Yvo! 1192115525 M * lungpu util-vserver 0.30.212-1 1192115527 M * Bertl lungpu: that looks really old :) 1192115536 M * lungpu vserver-debiantools 0.3.4 1192115536 M * lungpu that's what I've installed 1192115537 M * pmenier what is the difference beetween Bui and bui while i run showattr -d /opt/vservers ? 1192115554 M * Bertl lungpu: but it should work (modulo the errors fixed over the last year) 1192115570 M * daniel_hozac pmenier: B means the barrier is set. 1192115582 M * pmenier okay thanks 1192115608 M * Bertl pmenier: http://wiki.linux-vserver.org/Secure_chroot_Barrier 1192115619 M * lungpu I think here is the problem... I completely forgot about showattr :( 1192115626 M * lungpu ---bui- /etc 1192115628 M * lungpu ---Bui- /etc/vservers/ 1192115634 M * Bertl ah, here we go :) 1192115635 M * daniel_hozac there you go. 1192115660 M * Bertl setattr --barrier 1192115668 M * Bertl setattr --~barrier /etc/vservers/ 1192115679 M * lungpu yeah, it's old... you know how the debian mantainers work... 1192115698 M * daniel_hozac it's not really the maintainers' fault. 1192115701 M * lungpu they don't release a package as stable until almost god tested it :) 1192115702 M * Bertl lungpu: no, never seen one ... just kidding :) 1192115727 M * daniel_hozac from what i understand, it's Debian policy to never update packages in stable :) 1192115730 M * lungpu no, I know, is the way the distro is aimed to work 1192115738 M * Bertl yeah, there are quite good debian maintainers like micah for example 1192115757 M * Bertl thus we have recent packages in backports 1192115810 M * lungpu yeah, something like that... 1192115840 M * lungpu the policy of Debian is that stable packages have often months of tests 1192115907 M * lungpu and first they are on Unstable, then are passed to Testing, and when they were there for a good while, when there is a version release, the testing packages are upgraded to stable 1192115925 J * js_ ~js@222.85.220.223 1192115926 M * lungpu thats why generally stable packages are old 1192115933 M * lungpu (on debian) 1192115950 M * js_ hi 1192115962 M * lungpu it works! 1192115963 M * lungpu thanks 1192115998 M * daniel_hozac you're welcome! 1192116002 M * lungpu when you told me, Daniel, about showattr I remembered I was making some tests with attributes 1192116051 M * lungpu in my work happens often I have to hold a project or investigative task when there's something more important to solve that day 1192116088 M * lungpu it's not weird to think that happened: I left the test half done and forgot when resumed 1192116098 M * daniel_hozac hehe 1192116157 M * Bertl hey js_! 1192116221 M * js_ what 1192116319 M * Bertl a good start for a question ... let's hear the rest :) 1192116347 M * lungpu hehe... 1192116370 M * lungpu sorry, I dont know what was that 1192116391 M * lungpu some sticky feature of my irc client maybe :P 1192116419 M * lungpu I have something could be interesting for the project... 1192116462 M * lungpu I think I mentioned it on the list 1192116537 M * lungpu I made some scripts for myself to work with the vservers 1192116553 M * lungpu automate some tasks and so 1192116594 M * lungpu If you think it can be useful, I send it :) 1192116616 M * Bertl sure, go ahead, what kind of tasks did you automate? 1192116665 M * lungpu some very simple 1192116675 M * lungpu some others a bit more complex 1192116699 M * lungpu like get the context nr. from a vserver name\ 1192116716 M * Bertl that is already available via util-vserver 1192116719 M * lungpu I dont know really if that feature didn't exist but didnt find anything 1192116745 M * pmenier vserver-stat no ? 1192116756 M * daniel_hozac vserver-info ID 1192116776 M * lungpu a clone script that copies a vserver conf dir to another and changes the conf according 1192116794 M * lungpu nope 1192116820 M * Bertl that is available too, as 'vserver - build -m clone' 1192116820 M * lungpu vserver-stat gives you the complete list 1192116841 M * daniel_hozac Bertl: well, it actually doesn't copy the config (yet). 1192116852 M * daniel_hozac it's one of things that depends on the configuration library. 1192116863 M * lungpu I only wanted the translation name -> ctx num. 1192116871 M * Bertl vserver-info ID 1192116878 M * daniel_hozac ah, sorry, it's CONTEXT. 1192116879 M * lungpu its really a very simple script 1192116899 M * Bertl okay, then vserver-info CONTEXT 1192116920 M * Bertl daniel_hozac: btw, what about vserver-info XID|NID|TAG ? 1192116923 M * lungpu doesnt work for me, maybe a feature added later? remember I'm using an old version of util-vserver 1192116932 M * lungpu what I'm seriously thinking in upgrade 1192116940 Q * js_ Ping timeout: 480 seconds 1192116946 M * daniel_hozac vserver-info has been around forever. 1192116972 M * daniel_hozac Bertl: already exist :) 1192116982 M * daniel_hozac Bertl: don't do what you expect them to though, i think. 1192116991 M * daniel_hozac they return the xid/nid/tag of a given pid. 1192116991 Q * gebura Quit: Quitte 1192116992 M * lungpu yeah, it works 1192117021 M * lungpu as I said... maybe there was that funtionality, I didnt find 1192117022 M * daniel_hozac but yes, a way to get the nid and tag of a given guest should be added. 1192117038 M * Bertl daniel_hozac: I just realized that vserver-info seems to be missing from the rpm packages? 1192117045 M * daniel_hozac hmm? 1192117057 M * daniel_hozac # rpm -qf `type -p vserver-info` 1192117058 M * daniel_hozac util-vserver-core-0.30.214-0.1.el5.centos 1192117059 M * Bertl (or is it just hidden somewhere out of the 'usual' path?) 1192117076 M * lungpu hmm, I remember now I made some fine fixes on scripts packed on debian 1192117108 M * Bertl daniel_hozac: nevermind, already found it 1192117122 M * daniel_hozac hehe, okay. 1192117123 M * lungpu maybe they were fixed on more recent versions 1192117131 M * lungpu _I have to upgrade to testing_ 1192117188 M * lungpu let me think if some other was added too or may help :) 1192117213 M * lungpu does exist a script for changing a vserver ip? 1192117225 M * daniel_hozac while it's running? 1192117237 M * lungpu doesn't matter 1192117244 M * Bertl lungpu: hmm, define changing ... that can be quite complicated 1192117264 M * daniel_hozac (and might involve restarting all the services) 1192117266 M * lungpu I say... without changing the file manually on /etc/vservers//interfaces//ip 1192117285 M * daniel_hozac vserver ... config is also depending on the configuration library. 1192117307 M * weasel Bertl: no .23 patch yet? :) 1192117318 M * lungpu yeah, I took some assumpions because initially I made those scripts for this environment (work) specific usage 1192117339 M * Bertl lungpu: like: change_ip guest eth0:10.0.0.1/22->eth1:10.1.0.2/24 or so? 1192117353 M * lungpu yep 1192117360 M * Bertl weasel: well, there is a pre version which will apply 1192117369 M * Bertl weasel: but it won't compile yet :) 1192117373 M * weasel hah 1192117379 M * pmenier yes i tested it this afternoon : it works 1192117430 J * balbir ~balbir@122.167.92.66 1192117575 M * Bertl weasel: I'm investigating the CFS scheduler now 1192117721 J * julius_ ~julius@p57B25702.dip.t-dialin.net 1192117744 Q * ensc Ping timeout: 480 seconds 1192117845 M * daniel_hozac Bertl: did you look at Srivatsa's group scheduler code? 1192118119 M * lungpu Bertl... does exist that kind of utility? 1192118160 Q * Julius Ping timeout: 480 seconds 1192118212 M * Bertl lungpu: no, AFAIK, not for arbitrary changes of ip addresses ... 1192118222 M * Bertl daniel_hozac: yes, at least to some degree 1192118392 M * lungpu if I'm not wrong, mine does change the 'ip' file, and updates hosts file 1192118392 M * lungpu something like that 1192118392 M * lungpu meanwhile.. I'm making some changes to upgrade to testing 1192118392 M * lungpu I just want to check the util-vserver version on each branch on Debian 1192118495 M * lungpu I'm using 212-1 1192118501 M * lungpu latest is 214, right? 1192118535 M * lungpu i'm back in a minute... 1192118571 M * dowdle lungpu: I think latest version numbers can be find in the channel topic. 1192118691 M * lungpu I read them ;) 1192118872 M * lungpu I see, I'm many months old... 1192118919 M * lungpu i'm upgrading to the backport version right now 1192119264 M * m_stone Bertl: heya! 1192119284 M * Bertl hey m_stone! how's going? 1192119296 M * m_stone Bertl: 1192119682 J * bonbons ~bonbons@2001:960:7ab:0:20b:5dff:fec7:6b33 1192120190 M * m_stone Bertl: have you spoken to neuralis recently? 1192120191 J * the-dude ~martijn@senturparks.xs4all.nl 1192120216 M * Bertl m_stone: yes, but nothing terribly important 1192120233 M * Bertl m_stone: what's up? 1192120583 Q * dna Quit: Verlassend 1192120604 M * lungpu guys... 1192120617 M * lungpu there is an issue in the init script of util-vserver 1192120633 M * lungpu I found it in 212 and is still here 1192120662 M * lungpu it's only a typo I think but better to fix it :) 1192120665 M * daniel_hozac the Debian package has its own initscript, so you'll have to talk to micah. 1192120685 M * matti ;] 1192120688 M * matti Bertl, daniel_hozac :) 1192120690 M * lungpu oh.. I c 1192120691 M * daniel_hozac hey matti 1192120701 M * lungpu where can I find micah? 1192120758 M * daniel_hozac right here? :) 1192120762 M * daniel_hozac i guess filing a bug would work too. 1192120911 M * lungpu I'm very new in this of "bug reporting"... sorry 1192120974 M * lungpu but I'll do 1192121011 Q * FireEgl Quit: Bye... 1192121809 Q * pmenier Quit: pmenier 1192122145 Q * ema Quit: leaving 1192122557 Q * zLinux Remote host closed the connection 1192122725 Q * michal_ Ping timeout: 480 seconds 1192122893 P * Yvo 1192122900 Q * julius_ Ping timeout: 480 seconds 1192123186 J * michal_ ~michal@www.rsbac.org 1192123377 N * bastiaan VaagBMerkBastiaan 1192123567 M * Red_Devil pommmmmmmmm 1192123575 M * Red_Devil ohw, wrong window 1192123576 M * Red_Devil ;) 1192123697 M * Bertl :) 1192124377 J * Piet_ ~piet@tor.noreply.org 1192124725 Q * Piet Ping timeout: 480 seconds 1192125417 M * lungpu I leave now... I've some work to finish ;) 1192125417 M * lungpu thanks a lot! see u.. 1192125425 M * Bertl cya! 1192125824 J * JonB ~NoSuchUse@kg1-61.kollegiegaarden.dk 1192126053 J * jmcaricand ~user@d83-179-172-170.cust.tele2.fr 1192126307 Q * lungpu Quit: Abandonando 1192126758 J * sglines ~chatzilla@mail.is-cs.com 1192126768 M * Bertl welcome sglines! 1192126813 M * sglines lo all - I'm trying to install vserver on a centos system - install looked OK but barfs on vserver build command 1192126842 M * Bertl what versions and could you upload the output somewhere? 1192126845 M * dowdle sglines: What bild method you using? 1192126852 M * dowdle sglines: er... build method 1192126852 M * Bertl (e.g. paste.linux-vserver.org) 1192126904 M * sglines vserver test build -m yum --context 4040 --hostname vserver.is-cs.com --interface eth0:10.0.3.200 -- -d fc4 1192126905 M * sglines chcontext: vc_new_s_context(): Function not implemented 1192126907 M * sglines rpm-fake-resolver: vc_new_s_context(): Function not implemented 1192126908 M * sglines rpm-fake.so: failed to initialize communication with resolver 1192126934 M * Bertl you sure you booted a Linux-VServer kernel? 1192126945 M * dowdle sglines: You really want to build a Fedora Core 4 VPS? 1192127095 M * Bertl dowdle: why not? 1192127100 Q * JonB Quit: This computer has gone to sleep 1192127129 M * Bertl sglines: give the testme.sh script a try, it probably will tell you that the kernel support is missing 1192127148 M * sglines I'm trying to build anything that'll work 1192127150 J * yarihm ~yarihm@84-75-130-73.dclient.hispeed.ch 1192127155 M * dowdle Bertl: Well, FC4 is currently 3 releases behind and updates for it are no longer available. Unless he has some FC4 specific need (which is doubtful), using a newer Fedora (or CentOS for server usage) would be more advisable. 1192127176 M * Bertl sglines: http://vserver.13thfloor.at/Stuff/SCRIPT/testme.sh-0.17 1192127180 M * sglines I tried centos42 also 1192127189 M * dowdle Bertl: And less of the Fedora mirrors carry FC4 for packages. 1192127243 M * sglines Linux-VServer Test [V0.17] Copyright (C) 2003-2006 H.Poetzl 1192127245 M * sglines chcontext: vc_new_s_context(): Function not implemented 1192127246 M * sglines chcontext failed! 1192127248 M * sglines chbind: vc_set_ipv4root(): Function not implemented 1192127249 M * sglines chbind: vc_set_ipv4root(): Function not implemented 1192127251 M * sglines chbind failed! 1192127252 M * sglines Linux 2.6.9-55.0.9.EL #1 Thu Sep 27 18:10:45 EDT 2007 i686 1192127254 M * Bertl dowdle: well, in general, we do not patronize folks in regard of their guest choice ... 1192127254 M * sglines Ea 0.30.210 273/glibc (DSa) 1192127255 M * sglines VCI: (Tn) 1192127260 M * Bertl (please use paste.linux-vserver.org for everything longer than 3 lines) 1192127264 M * dowdle sglines: uname -a please 1192127293 M * sglines Linux mail.is-cs.com 2.6.9-55.0.9.EL #1 Thu Sep 27 18:10:45 EDT 2007 i686 i686 i386 GNU/Linux 1192127307 Q * duckx Remote host closed the connection 1192127314 M * Bertl sglines: as you can see, no Linux-VServer support in that kernel 1192127321 M * sglines I guess "yum install kernel" didn't work 1192127338 M * dowdle Bertl: Yeah... understood. If you saw someone trying to install an ancient, no longer supported version of Debian wouldn't you at least ask why? 1192127344 M * Bertl sglines: well, maybe it got installed, but you booted the wrong one? 1192127351 J * duckx ~Duck@tox.dyndns.org 1192127364 M * sglines I did this: 1192127366 M * Bertl dowdle: no, that person has probably a good reason ... 1192127366 M * sglines n order to install the necessary packages, you will have to add the repository containing them to your yum configuration. Paste the following in /etc/yum.repos.d/dhozac-vserver.repo 1192127368 M * sglines [dhozac-vserver] 1192127370 M * sglines name=Linux-VServer related packages for CentOS $releasever - $basearch 1192127371 M * sglines baseurl=http://rpm.hozac.com/dhozac/centos/$releasever/vserver/$basearch 1192127373 M * sglines gpgkey=http://rpm.hozac.com/conf/keys/RPM-DHOZAC-GPG-KEY 1192127378 M * dowdle Bertl: In this case he didn't. :P~~~ :) 1192127381 M * Bertl sglines: (please use paste.linux-vserver.org for everything longer than 3 lines) 1192127383 M * sglines and then yum - but I don't see another kernel 1192127413 M * Bertl sglines: are you using grub or lilo? 1192127419 M * sglines grub 1192127432 M * dowdle sglines: rpm -qa | grep kernel | grep vs 1192127437 M * Bertl check /boot/grub/menu.lst then for any kernels 1192127472 M * Bertl but you probably want to install some kernel-vserver 1192127494 M * sglines Ah - nada 1192127516 M * daniel_hozac sglines: CentOS 4? 1192127528 M * dowdle sglines: If that rpm command didn't yield any output, you don't have a Linux-VServer kernel installed... which would be why you don't have it in your bootloader menu. 1192127535 M * daniel_hozac i don't have any kernels for that at this point. 1192127557 M * sglines i figured that out - where do I get such a kernel? 1192127570 M * sglines why didn't yum install one? 1192127576 M * daniel_hozac you'll probably have to build one yourself. 1192127587 M * daniel_hozac because there are none for yum to install? 1192127598 M * sglines grrrr 1192127629 M * sglines the docs say there is one *sheelish grin* 1192127636 M * daniel_hozac for CentOS 5. 1192127638 M * sglines that's sheepish 1192127639 M * dowdle Yeah, I don't see any kernel packages under: http://rpm.hozac.com/dhozac/centos/4/ 1192127656 M * sglines Ah centos5 hrumph 1192127686 M * dowdle Look, kernels: http://rpm.hozac.com/dhozac/centos/5/vserver/i386/ :) 1192127690 M * sglines guess it's worth upgrading to centos 5 - a few months ago it looked messy 1192127743 M * dowdle sglines: I'm sure they'd prefer you to compile your own kernel for CentOS 4.x... but if you want to stick with the binary package route... yeah you can upgrade or do a fresh install. 1192127794 M * sglines it's my production system - I really don't want to bring it to its knees while I compile 1192127803 M * daniel_hozac you can compile elsewhere... 1192127811 M * daniel_hozac it's what i do :) 1192127811 M * dowdle sglines: How well upgrading from CentOS 4 to 5 goes depends on a few factors... like if you have any third-party packages installed... but there's a way to do it if you must. I prefer clean installs and data migration from one major version to another. 1192127814 M * sglines I might stop the flow of spam - we can't let that happen 1192127865 M * sglines I prefer it too but can't take the time and I don't have any free boxes right now 1192127871 M * dowdle sglines: Yeah, better not. :) 1192127896 M * dowdle sglines: You better back it up before you do an upgrade just in case. 1192127900 M * sglines I guess I'll try upgrading to 5 tomight when everyone goes home 1192127928 M * sglines I have an rsync that runs at 7PM to a netap box so I'm safe that way 1192127961 M * sglines I guess I better start sucking CD's from centos 1192127973 M * sglines thanks all - with luck I won't be back ;) 1192127989 M * Bertl you're welcome! feel free to hang around! 1192127997 M * dowdle sglines: I believe there is an upgrade guide someone wrote so hunt that down before you do the deed. 1192128007 M * sglines thanks 1192128021 M * sglines I think I will hand around - I might find a clue. ;) 1192128099 M * dowdle sglines: I'm asking folks in #centos on freenode about the yum upgrade guide. 1192128113 M * sglines thanks 1192128128 M * Bertl dowdle: for your information, compared to most other virtualization techniques, Linux-VServer is not only used for hosting scenarios 1192128149 Q * sglines Quit: ChatZilla 0.9.78.1 [Firefox 2.0.0.7/2007091417] 1192128155 M * Bertl dowdle: so it isn't really uncommon, that folks use it for testing backward compatibility or untypical setups 1192128228 M * dowdle Bertl: I didn't think so either... but for curiousity sake... I wanted to hear why he would want to use FC4. It wasn't a negative question... and it doesn't hurt to ask, right? 1192128240 M * dowdle Bertl: I totally agree with you and didn't think otherwise. 1192128331 M * Bertl okay, sounded like you wanted to convince him that this is a bad idea :) 1192128346 M * dowdle Bertl: Well, it would be a bad idea unless he had a good reason. 1192128370 M * dowdle Upgrade guide for 4.4 to 5: http://wiki.centos.org/HowTos/MigrationGuide/ServerCD_4.4_to_5 1192128379 T * daniel_hozac http://linux-vserver.org/ | latest stable 2.2.0.4, 2.0.3-rc3, devel 2.3.0.27, stable+grsec 2.0.2.1, 2.2.0.3 | util-vserver-0.30.214 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the Wiki, and we'll forget about the minute ;) 1192128394 M * daniel_hozac 2.3.0.27 1192129401 N * VaagBMerkBastiaan bastiaan 1192129581 Q * rob-84x^ Quit: That's it for today 1192130311 J * JonB ~NoSuchUse@kg1-61.kollegiegaarden.dk 1192132311 Q * JonB Quit: This computer has gone to sleep 1192132319 M * Bertl okay, off for now .. back later ... 1192132327 N * Bertl Bertl_oO 1192132863 J * fatgoose ~samuel@76-10-156-251.dsl.teksavvy.com 1192132863 Q * fatgoose_ Read error: Connection reset by peer 1192133427 J * Piet__ ~piet@tor.noreply.org 1192133769 Q * Piet_ Ping timeout: 480 seconds 1192133949 J * Piet_ ~piet@tor.noreply.org 1192134023 Q * Piet_ Remote host closed the connection 1192134374 Q * Piet__ Ping timeout: 480 seconds 1192134783 J * dna ~dna@227-206-dsl.kielnet.net 1192135489 J * insitu ~user@abailly.pck.nerim.net 1192135497 M * insitu hello 1192135608 M * daniel_hozac hi insitu 1192135625 Q * fatgoose Ping timeout: 480 seconds 1192135627 M * insitu I have a question which may not be entirely related to vserver: I would like to proxy a http server running inside a vserver behind a https server running on host. I tried various configurations but it does not seem to work. I vaguely remember things about the HTTPS protocol working on the TCP layer which may not be appropriate for proxying 1192135630 J * fatgoose ~samuel@76-10-156-251.dsl.teksavvy.com 1192135691 M * daniel_hozac i.e. you want to access https://..., which would internally fetch http://guest/? 1192135748 M * insitu yes. I want https://my.guest.com --> apache on host --> http://my.guest.com --> apache on guest 1192135750 J * Aiken ~james@ppp121-45-206-11.lns1.bne1.internode.on.net 1192135787 M * insitu the idea is to encapsulate authentication within https or even to delegate authentication using certificates to the host 1192135799 M * daniel_hozac should work fine, what kind of problem are you running in to? 1192135865 Q * ntrs Ping timeout: 480 seconds 1192136016 Q * fatgoose Quit: fatgoose 1192136051 M * insitu If I setup vhost in apache on host, with ProxyPass / http://guest , I get errors like [11/Oct/2007:22:54:25 +0200] "\x16\x03\x01" 401 556 1192136079 M * daniel_hozac hmm. tried using mod_rewrite instead? 1192136124 M * insitu no, but I just saw sthing about a ProxySSLEngine directive. I am going to investigate, this is ovbviously an apache related thing. 1192136222 M * insitu BTW, I am really happy with what I have got managed to do with vserver. My next step is to try using git for managing changes to the vserver. Does anybody have experiences with that ? I had reference about someone (http://garden.dachary.org) using mercurial but it may be important to be able to track symlinks too. 1192136257 M * daniel_hozac you mean, using git to track changes to configuration files? 1192136293 M * insitu to track change to the whole vserver image (excluding obviously things like tmp or var) 1192136342 M * daniel_hozac i don't recall anyone doing that. 1192136372 M * insitu the idea is to have a master, track changes in it with git or stgit, then use patches to propagate changes to clones. Sort of poorman's package management... 1192136411 M * daniel_hozac yeah, i just use regular package management :) 1192136506 M * insitu sure. but when you tweak your configuration files... Or when you install things not tracked by your package management tool... 1192136533 M * daniel_hozac i only install packages. 1192136581 M * insitu I want to use vserver to host java webapps, a world where apt-get does not rule :) 1192136608 M * daniel_hozac ouch. 1192136615 M * daniel_hozac i'm sorry. 1192136621 M * insitu :)) 1192136659 M * insitu I think I know what you mean... 1192136725 M * insitu BTW, looks like SSLProxyEngine and Co. is what I need. 1192136936 M * insitu bye (and thanks for helping) 1192136938 Q * insitu Quit: ERC Version 5.1.4 (IRC client for Emacs) 1192137140 J * ensc ~irc-ensc@p54B4FCB6.dip.t-dialin.net 1192137644 Q * bonbons Quit: Leaving 1192137910 Q * dna Quit: Verlassend 1192138339 M * micah what version created nsproxy and moved the NodeName from cvirt to there? 1192138375 M * daniel_hozac 2.6.19. 1192138430 M * micah cool, thanks 1192138431 M * daniel_hozac you can check for VCI_SPACES. 1192138480 M * micah what was the purpose of it? 1192138521 M * daniel_hozac of what? 1192138581 M * micah of creating nsproxy and moving things around? 1192138601 M * micah VCI_SPACES would be in /proc somewhere? 1192138604 M * daniel_hozac mainline created nsproxy when the IPC and uts spaces were created. 1192138622 M * daniel_hozac part of the VCIKernel field in /proc/virtual/info 1192138637 M * micah ah, I see 1192138649 M * micah ok, so I need to translate 03000771 1192138703 M * micah or just check for the existence of the nsproxy file 1192138812 M * micah well thats per guest, so i guess its better to figure out how to read the VCIKernel value 1192138822 M * daniel_hozac it's just a bit-field. 1192138842 M * micah yeah, what features are enabled 1192138846 M * daniel_hozac VCI_SPACES is bit 10. 1192139159 M * micah i have to convert the VCIKernel number to binary first? 1192139194 M * daniel_hozac hmm? 1192139210 M * daniel_hozac you might want to look at testme, it converts all the values. 1192139611 M * micah alright I will 1192139618 M * micah thanks 1192140528 J * Piet_ ~piet@tor.noreply.org 1192141080 J * Alien_Freak ~sfaci2@dhcp-230-200.eastdorm.uic.edu 1192141896 Q * yarihm Quit: Leaving 1192142090 M * micah I feel like I am reading ksh when i try to figure out this testme ;) 1192142695 M * daniel_hozac hehe 1192142865 Q * Alien_Freak Ping timeout: 480 seconds 1192143406 J * Alien_Freak ~sfaci2@dhcp-230-200.eastdorm.uic.edu 1192144230 Q * Alien_Freak Remote host closed the connection 1192145315 J * wUaPuRa_PuRa ~polarison@201.226.151.34 1192145342 P * wUaPuRa_PuRa 1192145596 J * FireEgl FireEgl@Sebastian.Atlantica.DollarDNS.Net