1194134549 Q * eSa| Ping timeout: 480 seconds 1194134735 M * daniel_hozac igraltist: huh? 1194134753 M * igraltist ja 1194134754 M * daniel_hozac snooze: chroot double will fail if you run e.g. bind chrooted in a guest... 1194134825 M * daniel_hozac snooze: and if chroot chmod does what i think it does, that doesn't sound good at all... 1194134879 M * snooze changing modes inside the guest works though 1194134906 M * igraltist daniel_hozac, if you have a running kernel with vserver and pax, i like to have those patches :) 1194134934 M * zbyniu phrost: rbac + vservers work ok 1194134943 M * daniel_hozac igraltist: i don't run any of that stuff, http://people.linux-vserver.org/~harry/ has the grsec patches. 1194134974 M * igraltist this i know but without working pax 1194135026 M * daniel_hozac how does it not work? 1194135031 M * igraltist pax ans vserver does modify the same part of some file, what i remember and when i ask in pax how to fix they say ask vserver 1194135078 M * daniel_hozac so with harry's patch, which AFAIK includes PaX, you get rejects? 1194135087 M * igraltist the Bertl_zZ give some help, but iam not enough expert 1194135120 M * igraltist hmm i was not intessted on grsec only on pax 1194135130 M * igraltist because i use the rsbac 1194135147 M * phrost vserver supports rsbac? 1194135151 M * phrost wow, that'd be one hell of a patch 1194135169 M * daniel_hozac it's one policy per host, not one per guest. 1194135212 M * igraltist yes patch the kernel with vserver and then rsbac is difficult 1194135233 M * daniel_hozac michal used to have some patches for that, IIRC. 1194135243 M * daniel_hozac (notice his hostname ;)) 1194135258 M * igraltist i know him from #rsbac 1194135301 M * phrost i wish some of these virt projects would support enhanced security.. vserver's the most advanced i've seen with grsec 1194135309 M * phrost but i bet it still doesn't compare to SELinux / RSBAC 1194135323 M * daniel_hozac i've been meaning to look in to adding support for a per-guest policy with SELinux. 1194135364 M * bzed eww. selinux :\ 1194135379 M * daniel_hozac it's in the kernel, thus something i can work with. 1194135387 M * bzed igraltist: why don;t you use the vserver+grsecurity patch? it comes with rbac. 1194135424 M * igraltist because ther has the pax no functionality and rbac i dont need 1194135450 M * daniel_hozac can't you just disable all of grsec? 1194135451 M * igraltist rsbac give me more i think, than rbac 1194135485 M * igraltist i had try it, but no success 1194135510 M * daniel_hozac no success meaning what, exactly? i'm sure harry would be happy to get some feedback... 1194135515 M * phrost i 1194135518 M * phrost typo 1194135534 M * phrost i'm pretty sure SEL/RSBAC have much more rbac functionality than grsec.. just a guess 1194135568 M * igraltist i was aslo think add the grsec patch to vserver and disable grsec and use only pax but it was not going so 1194135611 M * daniel_hozac "not going"? 1194135616 M * daniel_hozac details, please. 1194135626 A * phrost waits impatiently for freebsd cvsup 1194135629 M * zbyniu phrost: yea, but rbac/grsec rules ie for vservers take one evening, selinux - one year :-p 1194135634 M * igraltist hmm it was for 2 or 3 mounths 1194135669 M * daniel_hozac zbyniu: i'm curious, what makes rbac so much easier? 1194135670 M * snooze daniel_hozac: you can disable grsec even with the grsec patch 1194135685 M * snooze with it applied i mean 1194135798 M * zbyniu daniel_hozac: different idea, limits per process, context (grsec/rbac exec context) not per file 1194135849 M * phrost require ext3 for FS labeling? 1194135854 M * phrost (for grsec rbac) 1194135859 M * daniel_hozac file contexts are just one part of SELinux though. 1194135881 M * zbyniu phrost: no, there is no fs labeling in grsec 1194136772 M * phrost so does grsec have a host only configuration or can you configure it per virtual enviroment too? 1194136955 M * zbyniu phrost: what is virtual enviroment? 1194136981 M * daniel_hozac OpenVZ-speak for guest ;) 1194137164 M * phrost solaris zone would be a VE too.. so would xen domU, at least the way I think about it 1194137168 M * phrost i've used all 3 1194137170 M * phrost lol 1194137188 M * daniel_hozac Xen is in another league though. 1194137377 M * zbyniu phrost: in xen u can have full virtualized rbac rules 1194137395 M * daniel_hozac not can, must. 1194137406 M * daniel_hozac such are the requirements for running separate kernels... 1194137421 M * zbyniu yes, can & must :) 1194137423 M * phrost i only have ~2 systems capable of running xen and guests though 1194137423 M * phrost lol 1194137481 M * zbyniu vserver is process/network separation, so u must/can have only one big policy 1194137506 M * daniel_hozac (without making the rule system guest-aware) 1194137537 M * phrost kinda pointless to run rbac on the host system though 1194137548 M * phrost because all sub-services should be inside the virtual system 1194137548 M * daniel_hozac the rules apply to all the guests. 1194137556 M * phrost hrm 1194137572 M * daniel_hozac there's one policy, it just applies all over the place. 1194137676 M * zbyniu no, policy can be per proces per guest 1194137710 M * zbyniu for grsec processes in vservers are just processes in chroot 1194137736 M * daniel_hozac but you can only define it once, no? 1194137781 M * zbyniu daniel_hozac: once? 1194137793 M * igraltist i give up xen , because xen is to complex 1194137820 M * igraltist there is no pax support and no poversave and to old kernel 1194137876 M * igraltist for me is now the kvm the favorit, because all patch do not disturbed the kvm 1194137880 M * zbyniu daniel_hozac: you can change role to adminstrative, change rule set, and reload policy online 1194137885 M * daniel_hozac zbyniu: you can't define per-guest policies, can you? i.e. have the guests manage their own policy. 1194137933 M * zbyniu daniel_hozac: no, policy is only one per host 1194137961 M * daniel_hozac which is what i was saying :) 1194138053 M * zbyniu but processes 'inside' can be controlled per vserv 1194138132 M * zbyniu igraltist: I just build and start vserver on kernel with vserver+grsec+pax 1194138151 M * zbyniu igraltist: but it is not harry's patch 1194138168 M * igraltist and only vserver + pax? 1194138202 M * zbyniu igraltist: didn't try run 1194138324 M * zbyniu and I don't remember that paches are ready :) 1194138478 M * igraltist oi, i try the kernel 2.6.22.10 with vserver patch 1194138509 M * igraltist and for testing i apply the pax-patch and it apply clean 1194138686 M * igraltist they had done nice work :) 1194138962 M * snooze hmm.. 'shutdown -h now' inside my guest works good, but vserver guest stop timeouts 1194138997 M * snooze any idea what might cause that? .. and using initstyle plain 1194139057 M * daniel_hozac init has a tendency to not want to stop. 1194139099 M * snooze ah 1194139110 M * snooze annoying 1194139139 M * snooze doesnt matter much tho :) 1194139149 Q * Yvo Quit: Leaving. 1194139322 M * phrost only thing i don't get about stuff like vserver and openvz is the userids 1194139330 J * Yvo ~yvonne@91.64.217.106 1194139343 M * phrost something in a guest running as root runs as uid 0 on the host.. so if there was some security 'glitch' somewhere... whoops. 1194139410 M * daniel_hozac hmm? 1194139501 M * dowdle phrost: uid0 on guest can't get to host node. Users on the host node have access to processes though... so for that reason, access to host node is supposed to be as restricted as possible. 1194139536 M * daniel_hozac users on the host can't do anything. the vserver syscall requires CAP_CONTEXT. 1194139622 M * dowdle daniel_hozac: That would be a feature over OpenVZ then... because as I understand it, for example, uid 500 no host node could access processes run by uid 500 on VPSes. 1194139626 M * phrost suppose the chroot or something broke though, then everything running as uid 0 on the guest would be in uid 0 on the host? 1194139636 M * dowdle daniel_hozac: Does root on host node have access? 1194139645 M * daniel_hozac have access to what? 1194139662 M * dowdle phrost: "suppose chroot or something broke" is like saying... supposed an asteroid hit the earth. 1194139675 M * phrost lol 1194139688 M * phrost i guess that's where rbac on the host would come in 1194139694 M * dowdle daniel_hozac: Have access to all processes on the system... including the VPS? They certainly do on the filesystem. 1194139804 M * dowdle phrost: Doesn't matter as root though since root can vserver {VPS} enter and then do the damage. 1194139893 M * igraltist oh i forgot to apply the vserver patch and was thinking the pax patch work now 1194139905 M * igraltist time to finish and go sleep :) 1194139932 M * daniel_hozac dowdle: no, processes aren't shown in xid 0. you can migrate to the spectator though... 1194139937 J * friendly12345 ~friendly@ppp59-167-134-217.lns3.mel6.internode.on.net 1194139964 M * daniel_hozac dowdle: note that if you remove the STATE_ADMIN flag and enable guest privacy, the guests are pretty well protected from the host... 1194139971 M * dowdle phrost: I think the OpenVZ folks have added grsec to at least one of their kernel trees but I don't recall which one. 1194139982 M * dowdle daniel_hozac: Wow, that's good to hear. 1194140019 M * daniel_hozac the host is essentially limited to killing all the processes in the guest. 1194140036 Q * zLinux Remote host closed the connection 1194140070 M * dowdle phrost: Opps, let me clarify, they have added "TPE grsecurity feature" 1194140103 M * zbyniu igraltist: I'have pax-linux-2.6.22.6-test26.patch with vserver related changes 1194140150 M * daniel_hozac what's the point of using things like PaX on kernels with known local-root exploits? :) 1194140181 M * dowdle daniel_hozac: I'm not sure of what you speak. 1194140188 M * dowdle What's TPE anyway? 1194140200 M * daniel_hozac i was talking to zbyniu... 1194140225 M * zbyniu daniel_hozac: but this patch works on 2.6.22.11 too 1194140263 M * zbyniu with vserver 2.3.0.28 1194140306 M * zbyniu dowdle: TPE - anti trojan 1194140329 M * dowdle Trusted Path Execution 1194140352 M * zbyniu dowdle: posible run execs owned to root or you 1194140376 M * dowdle Ok, I have a better idea now but not really. 1194140403 M * zbyniu without group +w access etc. 1194140473 M * daniel_hozac why would you need +w anything to execute? 1194140542 M * zbyniu daniel_hozac: if I'm atacker which want put trojaned code to someone? who knows... 1194141466 J * igraltista ~jens@p4FD265EB.dip.t-dialin.net 1194142151 M * AStorm zbyniu: TPE is not effective against attacker with root 1194142153 M * AStorm I suggest tripwire instead 1194142269 M * AStorm daniel_hozac: wouldn't it be nice to list all files that aren't COW? 1194142270 M * AStorm (which means - they're regular) 1194142279 M * daniel_hozac huh? 1194142305 M * AStorm to detect trojan attempts 1194142309 M * AStorm and reduce burden of tripwire 1194142315 M * zbyniu AStorm: of course, because it make posible exec files owned by _root_ or you 1194142341 M * daniel_hozac AStorm: that assumes you know all files are good at the time of hashification though. 1194142361 M * AStorm daniel_hozac: yes I do. 1194142361 M * AStorm those that will hashify are 1194143317 M * daniel_hozac it should be trivial to add that to find. 1194143388 M * daniel_hozac the tagging support i wrote ages ago is a 103 line patch. 1194145682 Q * mire Ping timeout: 480 seconds 1194147998 M * snooze 40016 3 4.4M 1.5M 0m00s24 0m00s57 9m01s71 1194148004 M * snooze how would it be possible to kill a ghost like that? 1194148363 M * zbyniu snooze: vkill -c 40016 1194148541 M * snooze worked with -s 9, thanks :) 1194148604 M * zbyniu :) 1194151814 Q * Blissex Remote host closed the connection 1194152664 J * igraltista_ ~jens@p4FD265EB.dip.t-dialin.net 1194152977 Q * igraltista Ping timeout: 480 seconds 1194153474 J * igraltista ~jens@p4FD265EB.dip.t-dialin.net 1194153792 Q * igraltista_ Ping timeout: 480 seconds 1194154924 Q * igraltista Read error: Connection reset by peer 1194156195 P * friendly12345 1194158810 Q * mountie Ping timeout: 480 seconds 1194159032 N * ensc Guest416 1194159042 J * ensc ~irc-ensc@p54B4CD83.dip.t-dialin.net 1194159149 Q * Guest416 Ping timeout: 480 seconds 1194159354 J * wenchien ~wenchien@59-105-176-102.adsl.static.seed.net.tw 1194159832 J * mountie ~mountie@trb229.travel-net.com 1194160276 Q * hparker Quit: g'nite 1194163917 J * DLange ~dlange@p57A314CA.dip0.t-ipconnect.de 1194164475 Q * mountie Ping timeout: 480 seconds 1194165626 J * mountie ~mountie@trb229.travel-net.com 1194166370 Q * mountie Ping timeout: 480 seconds 1194166610 J * bonbons ~bonbons@2001:960:7ab:0:20b:5dff:fec7:6b33 1194166826 J * JonB ~NoSuchUse@kg1-98.kollegiegaarden.dk 1194167381 J * mountie ~mountie@trb229.travel-net.com 1194168345 Q * AStorm Remote host closed the connection 1194168427 J * AStorm ~astralsto@tor-irc.dnsbl.oftc.net 1194169775 J * fxiny ~fxiny@host217-58-dynamic.1-87-r.retail.telecomitalia.it 1194169982 Q * toidinamai Quit: Leaving 1194170722 J * derjohn_mobil ~aj@e180206050.adsl.alicedsl.de 1194171270 Q * mountie Ping timeout: 480 seconds 1194171542 J * mountie ~mountie@trb229.travel-net.com 1194172768 Q * AStorm Remote host closed the connection 1194172844 J * AStorm ~astralsto@tor-irc.dnsbl.oftc.net 1194173023 J * Sa|vador ~Guest@pc-144-22-104-200.cm.vtr.net 1194173041 Q * Sa|vador 1194173645 Q * mountie Ping timeout: 480 seconds 1194174126 J * aj_ ~aj@e180221241.adsl.alicedsl.de 1194174313 Q * arachnist Quit: brb/bbl 1194174542 Q * derjohn_mobil Ping timeout: 480 seconds 1194174704 J * mire ~mire@114-168-222-85.adsl.verat.net 1194174753 J * mountie ~mountie@trb229.travel-net.com 1194175120 M * matti :) 1194175254 Q * AStorm Remote host closed the connection 1194175263 J * arachnist arachnist@088156184167.who.vectranet.pl 1194175305 J * AStorm ~astralsto@tor-irc.dnsbl.oftc.net 1194175532 Q * Aiken Quit: Leaving 1194176300 Q * mountie Ping timeout: 480 seconds 1194176354 Q * JonB Quit: This computer has gone to sleep 1194176488 J * meandtheshell ~markus@85.127.102.148 1194177042 Q * AStorm Quit: ET calling home 1194177333 J * mountie ~mountie@trb229.travel-net.com 1194177736 N * Bertl_zZ Bertl_oO 1194177774 M * daniel_hozac Bertl_oO: http://people.linux-vserver.org/~dhozac/p/k/delta-signal-fix01.diff 1194177961 J * JonB ~NoSuchUse@kg1-98.kollegiegaarden.dk 1194178890 Q * JonB Quit: This computer has gone to sleep 1194179013 J * FireEgl FireEgl@4.0.0.0.1.0.0.0.c.d.4.8.0.c.5.0.1.0.0.2.ip6.arpa 1194179047 Q * aj_ Ping timeout: 480 seconds 1194179135 Q * mountie Ping timeout: 480 seconds 1194180154 J * JonB ~NoSuchUse@kg1-98.kollegiegaarden.dk 1194180210 J * mountie ~mountie@trb229.travel-net.com 1194181020 Q * mountie Ping timeout: 480 seconds 1194181089 J * esa ~esa@ip-87-238-2-45.adsl.cheapnet.it 1194181090 N * esa eSa| 1194182065 J * mountie ~mountie@trb229.travel-net.com 1194182226 J * camgirl29 ~camgirl29@ANantes-257-1-169-2.w86-195.abo.wanadoo.fr 1194182226 Q * camgirl29 1194182506 Q * mire Ping timeout: 480 seconds 1194182514 Q * derjohn Ping timeout: 480 seconds 1194182517 J * derjohn ~derjohn@dslb-084-059-007-161.pools.arcor-ip.net 1194182802 Q * eSa| Remote host closed the connection 1194182916 J * esa ~esa@ip-87-238-2-45.adsl.cheapnet.it 1194182935 Q * mountie Ping timeout: 480 seconds 1194183896 Q * JonB Quit: This computer has gone to sleep 1194183959 Q * esa Ping timeout: 480 seconds 1194183999 J * mountie ~mountie@trb229.travel-net.com 1194184970 J * mire ~mire@114-168-222-85.adsl.verat.net 1194185014 J * zLinux ~zLinux@88.213.16.62 1194185085 Q * mountie Ping timeout: 480 seconds 1194185227 M * blizz hiho 1194185369 Q * bonbons Quit: Leaving 1194185618 J * JonB ~NoSuchUse@kg1-20.kollegiegaarden.dk 1194186099 Q * JonB Ping timeout: 480 seconds 1194186109 J * JonB ~NoSuchUse@kg1-98.kollegiegaarden.dk 1194186114 J * mountie ~mountie@trb229.travel-net.com 1194186950 Q * mountie Ping timeout: 480 seconds 1194187061 J * lilalinux ~plasma@80.69.41.3 1194187490 J * lilalinux_ nas@80.69.42.51 1194187586 N * Bertl_oO Bertl 1194187592 M * Bertl greetings folks! 1194187618 M * JonB hey Bertl 1194187646 M * JonB Bertl: do you think it?s possible to run vserver on a nokia 770 internet tablet? 1194187665 M * JonB Bertl: it runs some sort of debian 1194187667 M * Bertl if it runs a 2.4 or 2.6 kernel, why not? 1194187699 M * JonB okay 1194187929 Q * lilalinux Ping timeout: 480 seconds 1194187945 J * mountie ~mountie@trb229.travel-net.com 1194188451 Q * mountie Ping timeout: 480 seconds 1194188559 Q * lilalinux_ Remote host closed the connection 1194188661 M * fxiny Bertl: hi , i was here yesterday asking about etch vserver cache symlink . i'm using dupvserver bash script from vserver-debiantools package to clone , but there is something strange with it 1194188692 M * Bertl yes, we know, that is why vserver-debiantools is deprecated 1194188708 M * Bertl if you want to avoid trouble, stay away from it :) 1194188746 M * fxiny Bertl: yes ? good : it hangs when cloning a previous cloned vserver and it makes new vserver bigger ? 1194188799 M * Bertl all kind of strange things can happen, it's not really maintained since ... hm, like two years or so 1194188821 M * Bertl well, officially it is maintained, but the maintainer really sucks 1194188890 M * fxiny thats' bad cause from say 156MB it makes up to 159MB 1194188920 M * fxiny and can't get eth aliases righ 1194188939 M * fxiny right* 1194189552 M * fxiny add non-free to your sources.list 1194189555 M * fxiny ops 1194189558 J * mountie ~mountie@trb229.travel-net.com 1194190180 Q * mountie Ping timeout: 480 seconds 1194190317 M * matti Hi Bertl :) 1194190603 M * Bertl fxiny: usually you do not use aliases anymore 1194190629 M * Bertl fxiny: that is something 'newvserver' did use, but with util-vserver there is no need for aliases anymore 1194190629 M * fxiny Bertl: dummy0 ? 1194190647 M * Bertl no, just a secondary ip on the normal interface 1194190658 M * Bertl looks like eth0 inside the guest 1194190670 M * fxiny Bertl: i noticed it brings up dummy0 with different ip 1194190702 M * Bertl if you specify any dummy0 ip, then yes, by default addresses on eth0/eth1 ... are sufficient 1194190714 M * fxiny Bertl: i've checked eth0 yes :) 1194190728 M * fxiny Bertl: pretty wierd :) 1194190743 M * Bertl hmm? 1194190766 M * fxiny Bertl: it the sense it brings up eth0 with a guest ip 1194190787 M * Bertl inside the guest, yes 1194190788 M * fxiny Bertl: it confuees me so i use eth0:1 and so on 1194190802 M * Bertl hehe, well, if you prefer that, why not :) 1194190811 M * fxiny Bertl: i mean ifconfig from the host shows that 1194190850 M * Bertl ifconfig is very old, don't use it, use 'ip addr ls' 1194190867 M * bXi hmmm i'm having an issue with a debian guest 1194190872 M * fxiny Bertl: i use something like ...V0 > eth0:0 192.168.5.10 ..V1 > eth0:1 192.168.5.11 and so on 1194190873 M * bXi mail:/# ping 10.0.0.1 1194190875 M * bXi connect: Invalid argument 1194190931 M * fxiny Bertl: yes yes : i prefere ip addr :) 1194190968 M * Bertl bXi: works fine here :) 1194190996 M * bXi hmmm 1194191010 M * bXi its a debian guest which has issues 1194191014 M * bXi rest is all gentoo 1194191017 M * bXi (without issues) 1194191032 M * Bertl bXi: hint, maybe your network setup is slightly different than mine? 1194191076 M * bXi ah hah 1194191077 M * bXi solved it 1194191085 M * bXi the vserver had a lo interface 1194191169 J * hparker ~hparker@linux.homershut.net 1194191179 M * Bertl bXi: glad you solved it! 1194191222 J * mountie ~mountie@trb229.travel-net.com 1194191228 M * bXi it sucks when you create and configure a vserver so it works 1194191237 M * Bertl wb hparker! mountie! 1194191237 Q * derjohn Ping timeout: 480 seconds 1194191260 M * hparker Morning Bertl... How goes? 1194191262 M * bXi then some time (2 months) later you update vserver then some time later again find out the vserver is broken 1194191277 J * derjohn ~derjohn@80.69.41.3 1194191284 M * Bertl fxiny: you can use (up to 15 chars including the eth0:) names for the aliases too, if you want to make it more readable 1194191447 M * fxiny Bertl: nice ! 1194191549 M * fxiny Bertl: on a newvserver install line how can i tell to use eth0:0 ? it gets things wrong , i'm trying to figure how to escape : 1194191642 M * Bertl no idea, as I said, newvserver is deprecated, we all use util-vserver's 'vserver build' for that 1194191662 M * Bertl there you simply do: 1194191690 M * Bertl vserver build ... --interface 0=eth0:/ ... 1194191712 M * Bertl or if you want named aliases: --interface =eth0:/ 1194191815 Q * mountie Ping timeout: 480 seconds 1194191816 M * fxiny Bertl: if i use ... --interface eth0:0 i get eth0:0 in dev so name file at all , only trouble 1194191838 M * fxiny i will do vserver build next :) 1194191960 M * fxiny Bertl: that's why i clone it up : resolv.conf is wrong so it gives "warning i cannnot conect to debian security bla bla ", i had to edit and update , i just clone a "master" and start from there 1194191983 M * Bertl you can simply put the resolv stuff into the .defaults (config) 1194191993 M * Bertl it will be installed properly for each new guest 1194192005 M * fxiny Bertl: yes ? good one again :) 1194192058 M * fxiny anyway if the way is build i do build next 1194192092 M * Bertl makes life easier, at least in our experience :) 1194192158 M * fxiny Bertl: that damned 127.0.0.1 resolv.conf f* up the first time i instaled it : i spent half an hour looking for docs : i thougt it was buggy :) 1194192188 M * fxiny i'm still laughing 1194192327 J * GyrosGeier ~richter@cl-1808.ham-01.de.sixxs.net 1194192330 M * GyrosGeier hi 1194192335 M * Bertl welcome GyrosGeier! 1194192362 M * GyrosGeier how can I tell the vserver stuff that it is okay if a certain vserver does not have a process running? 1194192380 M * GyrosGeier I'd like to use the vserver patch as a glorified chroot 1194192398 M * GyrosGeier however I cannot execute commands or a shell in a "stopped" vserver 1194192418 M * Bertl depends on the version, starting with vs2.2.x, you can have persistant contexts 1194192439 M * Bertl i.e. contexts which do not disappear even when there is no process using it 1194192547 A * GyrosGeier tries 1194192602 M * Bertl http://linux-vserver.org/Capabilities_and_Flags 1194192634 M * GyrosGeier ideally, I'd like to generate a context on demand, run a set of commands in it, and when that finishes, the context is completely destroyed, all processes in it are killed if any remain (it is an error for processes to remain, so I'd like to know about that), and the directory removed 1194192668 M * Bertl well, you can build the context yourself with the modular util-vserver tools 1194192682 M * Bertl simplest case is with 'vcontext' 1194192714 M * Bertl but if you build a 'normal' guest (e.g. debian etch or so) and start it with --debug, then you'll see how all the commands are chained 1194192737 M * Bertl you can then pick your subset for your purpose 1194192758 M * GyrosGeier the host box is a Debian etch with more modern debootstrap 1194192820 M * GyrosGeier there is a short shell script that auto-builds packages by creating a chroot and building the package inside that 1194192837 J * mountie ~mountie@trb229.travel-net.com 1194192844 M * GyrosGeier I'd like to move that to a vserver, so a broken package build can do less damage 1194192864 M * GyrosGeier the vserver should not have Internet access etc. 1194192971 M * Bertl the simplest approach is to make a 'normal' guest for that (without internet access) and simply use that for building 1194193010 M * Bertl but as I said, the do-it-yourself shell script version will work too 1194193025 M * GyrosGeier well 1194193039 M * GyrosGeier the guest should be rebuilt from scratch every day 1194193080 M * Bertl 'vserver build -m clone ...' 1194193445 Q * mountie Ping timeout: 480 seconds 1194194481 J * mountie ~mountie@trb229.travel-net.com 1194194539 J * larsivi ~larsivi@101.84-48-201.nextgentel.com 1194194802 Q * larsivi Remote host closed the connection 1194194830 J * larsivi ~larsivi@101.84-48-201.nextgentel.com 1194195031 Q * mountie Ping timeout: 480 seconds 1194195849 Q * JonB Quit: This computer has gone to sleep 1194196043 J * mountie ~mountie@trb229.travel-net.com 1194196349 J * pmenier ~pmenier@ACaen-152-1-41-170.w83-115.abo.wanadoo.fr 1194196960 M * igraltist how is the audio support in a guest? 1194197335 Q * mountie Ping timeout: 480 seconds 1194197406 M * Bertl igraltist: if you have a working device inside the guest, it should be fine 1194197525 J * dna ~dna@61-236-dsl.kielnet.net 1194198377 J * mountie ~mountie@trb229.travel-net.com 1194199240 M * fxiny Bertl: i've done a vserver build , then i've saved all debs but i cannot get right the line to a local dpkg-scanpackaged dir . what i need just after "-d etch -m" instead of http://ftp.debian.org/debian/ ? file:/path/localdir/ does not work nor deb file:/path ./ 1194199303 M * Bertl fxiny: check with daniel_hozac, he probably knows how to specify that 1194199310 Q * mountie Ping timeout: 480 seconds 1194199321 M * fxiny Bertl: ok 1194199334 M * Bertl basically all debootstrap options should work 1194199344 M * Bertl (but I have no idea what debootstrap can take :) 1194199386 M * fxiny Bertl: vserver build is better then newvserver : no pass for root and user 1194199417 M * fxiny Bertl: i've tried also apt-cacher but no luck 1194199550 M * fxiny daniel_hozac: hello : could you tell me please what i need to build an etch vserver using local scanpackaged debs just after "-d etch -m" ? i've tried file:/path/localdir/ and deb file:/path ./ 1194199576 M * fxiny Bertl: ;) 1194199591 M * Bertl he is most likely away atm, so be patient ... 1194199597 M * fxiny np 1194199629 M * fxiny Bertl: i believe Supaplex is not in as well ;) 1194199655 J * yang yang@yang.netrep.oftc.net 1194199657 M * Bertl what does the manpage from debootstrap say? 1194199757 M * fxiny Bertl: the man page ? i've not read it : i use local dir since ever and apt-cacher . ther is a tut on debian-administratio whic says -m http://192.168.254.1/debian . but they use debmirror and i do not like debmirror i prefere apt-cacher 1194199819 M * Bertl well, if you _know_ the options for debootstrap, you can just use them 1194199845 M * fxiny Bertl: i'll read tfm :) 1194199890 J * mountie ~mountie@trb229.travel-net.com 1194199941 M * fxiny Bertl: hahaah >> file:///PATH_TO_LOCAL_MIRROR/debian lemme check 1194199997 J * virtuoso_ ~s0t0na@ppp91-122-171-32.pppoe.avangard-dsl.ru 1194200035 M * fxiny no way 1194200089 M * fxiny i think i know where to ask :) 1194200338 N * Patrick the-me 1194200404 Q * virtuoso Ping timeout: 480 seconds 1194200580 Q * mountie Ping timeout: 480 seconds 1194201096 J * bonbons ~bonbons@2001:960:7ab:0:20b:5dff:fec7:6b33 1194201600 J * mountie ~mountie@trb229.travel-net.com 1194202406 Q * mountie Ping timeout: 480 seconds 1194202936 J * Aiken ~james@ppp59-167-115-173.lns3.bne4.internode.on.net 1194203491 J * mountie ~mountie@trb229.travel-net.com 1194204046 J * toidinamai ~frank@svenska.toidinamai.de 1194204295 Q * mountie Ping timeout: 480 seconds 1194205092 Q * michal Ping timeout: 480 seconds 1194205324 J * mountie ~mountie@trb229.travel-net.com 1194205446 J * michal ~michal@www.rsbac.org 1194206009 P * fxiny 1194206135 Q * mountie Ping timeout: 480 seconds 1194206399 Q * pmenier Quit: Konversation terminated! 1194206452 J * JonB ~NoSuchUse@kg1-98.kollegiegaarden.dk 1194206544 Q * FireEgl Quit: Bye... 1194206972 J * FireEgl FireEgl@Sebastian.Atlantica.US.TO 1194207279 J * mountie ~mountie@trb229.travel-net.com 1194207279 Q * FireEgl Read error: Connection reset by peer 1194207607 Q * michal Ping timeout: 480 seconds 1194207826 Q * mountie Ping timeout: 480 seconds 1194207861 Q * JonB Quit: This computer has gone to sleep 1194208022 J * michal ~michal@www.rsbac.org 1194208113 J * FireEgl FireEgl@Sebastian.Atlantica.US.TO 1194208817 J * mountie ~mountie@trb229.travel-net.com 1194209507 J * fatgoose ~samuel@76-10-149-199.dsl.teksavvy.com 1194209553 M * Bertl okay, off for today ... have a good one everyone! cya! 1194209557 N * Bertl Bertl_zZ 1194209660 Q * mountie Ping timeout: 480 seconds 1194209686 N * ace_ sannes 1194210677 J * mountie ~mountie@trb229.travel-net.com 1194211580 Q * mountie Ping timeout: 480 seconds 1194211848 Q * DLange Quit: Bye, bye. Hasta luego. 1194212013 J * mountie ~mountie@trb229.travel-net.com 1194212095 J * derjohn_mobil ~aj@p5B23E842.dip.t-dialin.net 1194212398 Q * yarihm Quit: Leaving 1194213314 Q * bonbons Quit: Leaving 1194215645 J * Blissex ~Blissex@82-69-39-138.dsl.in-addr.zen.co.uk 1194219102 Q * meandtheshell Quit: Leaving. 1194219344 Q * dna Quit: Verlassend 1194219347 Q * GyrosGeier Quit: .zZ 1194220178 Q * fatgoose Quit: fatgoose 1194220235 J * AStorm ~astralsto@tor-irc.dnsbl.oftc.net 1194220369 J * fatgoose ~samuel@76-10-149-199.dsl.teksavvy.com 1194220372 Q * fatgoose