1200269024 Q * jescheng Remote host closed the connection 1200269034 J * jescheng ~jescheng@proxy-sjc-1.cisco.com 1200271247 J * mugwump ~samv@watts.utsl.gen.nz 1200271314 M * mugwump does any util-vserver support the 2.6.24 network namespaces? 1200271325 M * mugwump and greetings, all :) 1200271369 M * mugwump And... does it appear to vserver just like "ngnet" did ? 1200271574 M * Bertl_oO well, basically all clone/unshare-able spaces are supported nowadays 1200271605 M * Bertl_oO but there is no specific network support (like creating interfaces or assigning ips/routes) 1200271629 M * mugwump ok, so presumably I just need to set a flag to get an unshare on startup? 1200271644 M * Bertl_oO correct 1200271655 M * mugwump How does the routing work? 1200271668 M * Bertl_oO don't ask me, check with mainline :) 1200271671 M * mugwump heh 1200271722 M * michiel` good evening 1200271759 M * michiel` Bertl_oO: I checked the patch, it works 1200271790 M * Bertl_oO which one? 1200271796 N * Bertl_oO Bertl 1200271798 M * michiel` oh sorry, the netlink one 1200271810 M * michiel` daniel gave it to me, earlier today 1200271815 M * Bertl ah, excellent! 1200271823 M * michiel` yes :) 1200271863 M * Bertl good we'll add it to the next release round 1200271874 M * michiel` great to hear that! 1200271881 M * Bertl thanks for testing it! 1200271887 M * michiel` you're welcome 1200271921 Q * undefined Quit: Closing object 1200271944 M * michiel` I'll hang around for I while I think, so perhaps speak with you later 1200271978 M * Bertl great, feel free to hang around whenever you like ... 1200272220 J * undefined ~undefined@adsl-68-94-190-217.dsl.rcsntx.swbell.net 1200272227 M * Bertl welcome undefined! 1200272229 M * michiel` I will 1200273193 J * vserver ~Administr@cpe-71-74-78-38.insight.res.rr.com 1200273237 M * vserver how can i mount something from another vserver to another vserver 1200273274 M * Bertl that's tricky, but usually not necessary .. what do you want to achieve? 1200273290 M * vserver here for one 1200273294 N * vserver slack101 1200273297 M * slack101 how ya doing 1200273297 M * slack101 now 1200273303 M * slack101 i got a program in a vserver 1200273330 M * Bertl you mean guest :) 1200273331 M * slack101 i want ot mount the /var/lib to a vserver 1200273371 M * mugwump you can put mount --bind in the vserver's pre-start script 1200273373 M * slack101 so i cnasee all the user stuff from inside the vserver 1200273384 M * Bertl well, as this directory exists in the host namespace too, it's simply an entry in the 'other' guest's configuration (fstab) 1200273390 M * slack101 i did a mount --bind and in the vserver the dir was empty 1200273407 M * Bertl not unexpected 1200273409 M * mugwump it needs to happen at the right time - either in pre-start, or the fstab 1200273421 M * slack101 whats the best way ? 1200273423 M * Bertl pre start is not a good place :) 1200273445 M * Bertl just put it in the 'other' guest'S config (fstab) as I said 1200273482 M * mugwump Ok. Listen to bertl, I usually keep using the way that worked on the earliest version of vserver I tried it on ;)( 1200273512 M * slack101 ok 1200273524 M * mugwump out of interest, why is pre-start wrong? the FS namespace has already been setup then 1200273525 Q * undefined Quit: Closing object 1200273539 M * slack101 ive never mseed with any fstab concerning vserver but yea 1200273542 M * Bertl mugwump: yes, but I don't know when the namespace cleanup happens 1200273542 M * slack101 never had a reason too 1200273555 M * Bertl slack101: now you have :) 1200273568 M * slack101 yea 1200273597 M * slack101 ok all good n fixed 1200273607 M * slack101 any new cool features super things coming out ? 1200273608 M * slack101 just curious 1200273641 M * Bertl probably not right now .. but once mainline has stabilized ... 1200273667 M * slack101 i mena its fine icant think of anythin i would want ot be added just curious 1200273703 M * Bertl probably X11 will get a little more support 1200273729 M * slack101 i dont think one person on the server uses x11 1200273732 M * slack101 :P 1200273747 M * slack101 well dont do anything stupid ;) 1200273748 M * Bertl and we still have the device mapping planned ... 1200273755 M * slack101 dont virtulize the network card or emulate it w/e 1200273768 M * slack101 i want to keep that full speed :D 1200273806 M * Bertl nah, don't worry, mainline is doing that .. so it will become an option (if you like the slow path) but IP isolation will remain 1200273828 M * slack101 mainline ? 1200273849 M * Bertl as in kernel.org kernels 1200273869 M * slack101 so your actually adding that virtulized network stuff ? 1200273890 M * slack101 atleast make it better then openvz's ;) 1200273898 M * slack101 i'll stick to isolation though 1200273915 M * Bertl well, once it is available and working, we will support it, no question, but in addition to IP isolation of course, not a s replacement 1200273923 M * slack101 your not messing with the ram though are you ? takingaaway cache ? adding burstable stuff ? 1200273977 M * slack101 btw when i mounted it its theren ow mount work but when i try to cd into that dir it says permission denied any idea ? 1200274039 M * Bertl well, first check that you did mount the guest dir and not the host one, i.e. that your first path (in the fstab) contains the full path to the guest 1200274075 M * slack101 im tyring ot moutn a dir from the host to the guest 1200274146 M * Bertl check that it doesn't have a barrier flag set 1200274164 M * slack101 wheres that ? :P 1200274173 M * slack101 sorry i havent really done all the inner working stuff 1200274185 M * slack101 default for the most part always kinda did it for me 1200274249 J * undefined ~undefined@adsl-68-94-190-217.dsl.rcsntx.swbell.net 1200274258 M * Bertl showattr -d /path/to/dir 1200274405 M * slack101 and about the ram thats all still staying good right ? 1200274417 M * Bertl yep, as I said 1200274422 M * slack101 agh sorry 1200274430 M * slack101 btw which dir we loking for ? 1200274436 M * slack101 guest or host ? 1200274446 M * Bertl the one you are trying to mount :) 1200274526 M * slack101 ok i feel stupid hold on 1200274552 M * slack101 im trying ot mount on the host /var/lib/vservers to a guest 1200274576 M * Bertl that won't work, because of the barrier 1200274586 M * slack101 no way around it ? 1200274596 M * Bertl but you can mount /var/lib/vservers/guestA into guestB 1200274605 M * Bertl (or some subdirectory) 1200274622 M * slack101 but i can't mount the whole tree exlcuding the guest where its getting mounted ? 1200274643 M * Bertl nope, because the barrier is on that dir, and that is special 1200274654 M * Bertl the mount works, but it will become inaccessible 1200274662 M * mugwump oh is that what the barrier does 1200274668 M * Bertl yep 1200274674 M * mugwump that's a bit paranoid 1200274682 M * mugwump I like it 1200274763 M * slack101 ok so i gotta mount individual guest dir's into the guest i need it then 1200274805 M * mugwump you can turn off the barrier 1200274808 M * mugwump I think 1200274814 Q * hparker Read error: No route to host 1200274837 M * slack101 you can ? 1200274847 M * slack101 i mean it doesnt bother me ot od it individually 1200274847 M * Bertl yes, but that isn't advised, as it will allow guest root to escape the guest :) 1200274864 M * slack101 individual it will be ;) 1200275002 M * mugwump Bertl: but, only within that filesystem, right? The rest have been cleaned up 1200275062 J * hparker ~hparker@linux.homershut.net 1200275087 M * Bertl mugwump: yes, but that is usually enough 1200275290 Q * aj_ Ping timeout: 480 seconds 1200275640 Q * ViRUS Quit: Leaving 1200279505 M * Bertl okay, off to bed now .. have a good one everyone! cya! 1200279509 N * Bertl Bertl_zZ 1200281371 J * jasond ~chatzilla@61.29.125.10 1200281401 J * julius_ ~julius@p57B272EE.dip.t-dialin.net 1200281564 M * jasond Hi, I'm using vserver2.2.0.5. How do I assign multiple ipaddresses to a single vserver/interface? 1200281639 M * jasond I follow the instructions on the wiki and get mutiple INTERFACES which is not what I want 1200281712 M * mnemoc just add more entries in /etc/vservers/foo/interfaces/ 1200281780 M * jasond Hi mnemoc, did that got 1 ip per interface despite specifying all ip's on the one interface. 1200281829 M * mnemoc uhm... uhm... 1200281830 Q * Julius Ping timeout: 480 seconds 1200281909 M * jasond eg /etc/vservers/foo/interfaces/0/dev = eth0, /etc/vservers/foo/interfaces/0/ip = 192.168.1.1, .../interfaces/1/dev = eth0, ../interfaces/1/ip =192.168.1.2 1200281952 M * jasond so, supposed to give me 2 ip addresses on eth0, but I get one on eth0 and one on eth1 1200282079 M * undefined works here 1200282087 M * undefined ifconfig won't display but the first ip 1200282093 M * undefined but 'ip addr' will list both 1200282102 M * undefined just tried it on a test guest 1200282137 M * undefined (never done it before so i was curious, though all of my guests, like the host, are dual-homed, so they have multiple ip address, but 1 per interface) 1200282173 M * mnemoc may be a bug on his version of util-vserver? 1200282274 M * undefined util-vserver 0.30.214-5~bpo40+2 1200282300 M * undefined kernel 2.6.22.14-vs2.2.0.5 1200282303 M * undefined (for reference) 1200282472 M * jasond hmmm, I just redid the config. Now on the host i can see the addresses with "ip addr ls" and they are assigned to the correct physical interface 1200282569 M * jasond guest doesnt have "ip" command... any ideas for package name (ubuntu) 1200282576 M * undefined iproute 1200282595 M * undefined (i had to install that into my debian guest just a minute ago to perform my test) 1200282629 M * undefined btw, if you have it install on the host and its a debian-derivative: dpkg -S $(which ip) 1200282638 M * jasond cheers, ok that works! I can see my interfaces configured in the vserver.... 1200282642 M * mnemoc ifconfig got deprecated like 10 years ago an still used by default on most distribution :( 1200282651 M * mnemoc that sucks 1200282783 M * jasond thanks all, I can now ping all ip's from external machine. 1200282799 M * mnemoc :) 1200283146 J * bored2sleep ~bored2sle@66-111-53-150.static.sagonet.net 1200283537 Q * julius_ Remote host closed the connection 1200283777 Q * hparker Ping timeout: 480 seconds 1200284150 J * hparker ~hparker@linux.homershut.net 1200290152 J * sharkjaw ~gab@shell.ormset.no 1200290402 Q * jescheng Remote host closed the connection 1200290412 J * jescheng ~jescheng@proxy-sjc-1.cisco.com 1200291622 J * DLange ~dlange@p57A315E6.dip0.t-ipconnect.de 1200291913 P * jasond 1200293270 Q * DLange Quit: Bye, bye. Hasta luego. 1200293426 J * meandtheshel1 ~sa@85.127.102.217 1200297958 J * JonB ~NoSuchUse@kg1-68.kollegiegaarden.dk 1200298060 J * gebura ~gebura@77.192.186.197 1200298177 J * Punkie ~Punkie@goc.coolhousing.net 1200298458 M * gebura hi 1200298745 Q * larsivi_ Quit: Konversation terminated! 1200299481 J * friendly12345 ~friendly@ppp59-167-130-239.lns3.mel6.internode.on.net 1200300330 P * undefined 1200300380 J * aj_ ~aj@p5B23CDB5.dip.t-dialin.net 1200300382 Q * NoPride 1200300642 Q * jkl Read error: Operation timed out 1200301316 J * jkl ~eric@c-75-71-95-125.hsd1.co.comcast.net 1200301547 N * virtuoso_ virtuoso 1200302120 J * larsivi ~larsivi@85.221.53.194 1200302465 Q * aj_ Ping timeout: 480 seconds 1200303107 J * dna ~dna@117-219-dsl.kielnet.net 1200303866 J * rgl ~rgl@84.90.10.245 1200303868 M * rgl hi 1200304212 J * lilalinux ~plasma@80.69.41.3 1200306949 Q * ensc Ping timeout: 480 seconds 1200307002 Q * pmjdebruijn Ping timeout: 480 seconds 1200307385 Q * mugwump Ping timeout: 480 seconds 1200307902 Q * JonB Quit: This computer has gone to sleep 1200307928 Q * mick_work Ping timeout: 480 seconds 1200308017 J * mugwump ~samv@watts.utsl.gen.nz 1200308335 J * ensc ~irc-ensc@77.235.182.26 1200308895 J * JonB ~NoSuchUse@kg1-68.kollegiegaarden.dk 1200308911 J * mick_work ~clamwin@adsl-068-157-089-099.sip.bct.bellsouth.net 1200309830 N * Bertl_zZ Bertl 1200309833 M * Bertl morning folks! 1200309853 Q * ex Ping timeout: 480 seconds 1200309855 M * hparker Morning Bertl! 1200309940 M * michiel` good day! (past noon here) 1200310864 M * matti Hi Bertl 1200311084 J * ex ex@valis.net.pl 1200311459 J * mattzerah ~matt@121.50.222.139 1200311764 Q * friendly12345 Quit: Leaving. 1200312399 Q * Aiken Remote host closed the connection 1200312415 Q * JonB Quit: This computer has gone to sleep 1200312766 M * Bertl okay, off for now ... bbl 1200312892 N * Bertl Bertl_oO 1200313027 Q * hparker Remote host closed the connection 1200313164 J * zLinux ~zLinux@88.213.28.172 1200314143 J * _bjh_ ~bjh@84.112.154.154 1200314518 N * mattzerah mattzerah`afk 1200315373 Q * meandtheshel1 Quit: Leaving. 1200315596 Q * larsivi Quit: Konversation terminated! 1200315657 Q * esa Quit: Coyote finally caught me 1200315688 J * marcel ~marcel@wc-50.r-195-35-150.atwork.nl 1200316102 Q * Hunger Ping timeout: 480 seconds 1200316344 Q * mattzerah`afk Quit: GONE! 1200316738 J * JonB ~NoSuchUse@kg1-68.kollegiegaarden.dk 1200317166 J * meandtheshell ~sa@85.127.102.217 1200318050 J * Hunger Hunger.hu@213.163.11.138 1200318052 Q * ensc Read error: Connection reset by peer 1200318241 J * esa bip@ip-87-238-2-45.adsl.cheapnet.it 1200318720 J * ensc ~irc-ensc@p54B4D6E6.dip.t-dialin.net 1200319058 Q * sharkjaw Quit: Leaving 1200319109 Q * JonB Quit: This computer has gone to sleep 1200319873 J * JonB ~NoSuchUse@kg1-68.kollegiegaarden.dk 1200319962 J * ftx__ ~ftx@dslb-084-060-252-101.pools.arcor-ip.net 1200320655 J * Julius ~julius@p57B272EE.dip.t-dialin.net 1200320752 J * doener ~doener@i577BBA8D.versanet.de 1200320931 M * ard6 is config VSERVER_PRIVACY intended between all vservers or only between ctx=0 and ctx!=0 ? 1200320993 Q * doener_ Read error: Connection reset by peer 1200321014 Q * sid3windr Ping timeout: 480 seconds 1200321412 M * ard6 if I read the source code right it's indeed between ctx=0 and the remainder... 1200321414 Q * ensc Read error: Connection reset by peer 1200321415 J * sid3windr luser@bastard-operator.from-hell.be 1200321432 M * ard6 When VSERVER_PRIVACY is N, ctx=0 will be able to strace processes? 1200321438 M * ard6 and signal and such 1200321548 J * ensc ~irc-ensc@77.235.182.26 1200321838 N * ensc Guest3126 1200321838 Q * Guest3126 Read error: Connection reset by peer 1200321848 J * ensc ~irc-ensc@77.235.182.26 1200322139 N * ensc Guest3127 1200322139 Q * Guest3127 Read error: Connection reset by peer 1200322149 J * ensc ~irc-ensc@77.235.182.26 1200322324 J * ftx_ ~ftx@dslb-084-060-226-116.pools.arcor-ip.net 1200322655 Q * ftx__ Ping timeout: 480 seconds 1200322954 Q * JonB Quit: This computer has gone to sleep 1200323182 Q * mire Ping timeout: 480 seconds 1200323924 J * JonB ~NoSuchUse@kg1-68.kollegiegaarden.dk 1200324130 Q * esa Ping timeout: 480 seconds 1200324234 J * pmenier ~pme@LNeuilly-152-22-72-5.w193-251.abo.wanadoo.fr 1200324580 Q * _bjh_ Quit: leaving 1200324626 Q * ard6 Ping timeout: 480 seconds 1200325115 J * dowdle ~dowdle@scott.coe.montana.edu 1200325198 Q * mick_work Quit: ChatZilla 0.9.79 [Firefox 2.0.0.8/2007100401] 1200325885 Q * sid3windr Ping timeout: 480 seconds 1200326105 Q * Punkie Quit: Odcházím 1200326324 J * sid3windr luser@bastard-operator.from-hell.be 1200326385 Q * gebura Quit: Quitte 1200326653 Q * JonB Quit: This computer has gone to sleep 1200327305 Q * marcel Read error: Connection reset by peer 1200327980 J * ard6 ~ard@gw-office.telegraaf.net 1200328364 Q * mnemoc Ping timeout: 480 seconds 1200328680 M * daniel_hozac mugwump: util-vserver 0.30.215 will support the net/pid namespaces. 1200328792 M * Bertl_oO hey daniel_hozac! the netlink patch was exactly what I had in mind, thanks! 1200328881 M * daniel_hozac great! 1200328918 M * daniel_hozac i guess we should extend the groups to cover RTNLGRP_IPV6_IFADDR too. 1200329091 M * Bertl_oO yes, good idea 1200329103 J * mnemoc ~amery@kilo105.server4you.de 1200329330 M * nebuchadnezzar is patch-2.6.22.10-vs2.3.0.29.diff a good choice ? or should I wait 2.6.24 serie ? 1200329388 M * daniel_hozac 2.6.24 is probably gonna take some time. 1200329394 M * daniel_hozac before it's stable. 1200329413 M * daniel_hozac i've been running 2.3.0.29 + some deltas for quite some time now. 1200329472 A * ard6 too 1200329481 M * ard6 only the ipv6 route patch 1200329522 M * daniel_hozac you probably want http://people.linux-vserver.org/~dhozac/p/k/delta-nsproxy-fix01.diff too. 1200329531 M * ard6 ah :-) 1200329533 M * ard6 hmmm :-( 1200329546 A * ard6 just compiled a new kernel already :-( 1200329549 M * daniel_hozac heh. 1200329549 M * nebuchadnezzar should I take all the delta from http://vserver.13thfloor.at/Experimental/ after 2.3.0.29 ? 1200329579 M * ard6 look at least if it's for 2.6.24 or not :-) 1200329581 M * daniel_hozac keydep and percpu. 1200329607 M * daniel_hozac i think http://people.linux-vserver.org/~dhozac/p/k/rpms/patch-2.6.22.15-vs2.3.0.29.1.diff has all the pertinent fixes. 1200329634 M * nebuchadnezzar daniel_hozac: yes, I was looking at thoses ones 1200329645 M * nebuchadnezzar daniel_hozac: great, thanks a lot 1200329645 M * ard6 aaargh :-( 1200329669 A * nebuchadnezzar will compile a test kernel on it's sparc 1200329671 A * ard6 just compiled 2.6.22.15 1200330517 J * JonB ~NoSuchUse@192.38.8.25 1200331410 J * virtuoso_ ~s0t0na@ppp91-122-186-237.pppoe.avangard-dsl.ru 1200331411 Q * virtuoso Read error: Connection reset by peer 1200331508 Q * JonB Ping timeout: 480 seconds 1200331615 J * Hollow_ ~hollow@proteus.croup.de 1200331736 J * martindk_ ~chatzilla@203.19.141.34 1200331852 J * tam_ ~tam@gw.nettam.com 1200331872 J * mugwump_ ~samv@watts.utsl.gen.nz 1200331900 Q * mugwump osmotic.oftc.net xenon.oftc.net 1200331900 Q * bored2sleep osmotic.oftc.net xenon.oftc.net 1200331900 Q * martindk osmotic.oftc.net xenon.oftc.net 1200331900 Q * hardwire osmotic.oftc.net xenon.oftc.net 1200331900 Q * tam osmotic.oftc.net xenon.oftc.net 1200331900 Q * Hollow osmotic.oftc.net xenon.oftc.net 1200331900 Q * mountie osmotic.oftc.net xenon.oftc.net 1200331900 Q * brc osmotic.oftc.net xenon.oftc.net 1200331909 N * martindk_ martindk 1200331998 J * hardwire ~bip@rdbck-2087.wasilla.mtaonline.net 1200332193 J * dreamind ~dreamind@C2107.campino.wh.tu-darmstadt.de 1200332228 M * dreamind Hi folks 1200332230 N * dreamind Guest3151 1200332252 N * Guest3151 dreamind 1200332299 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1200332595 J * mountie ~mountie@trb229.travel-net.com 1200332603 J * bored2sleep ~bored2sle@66-111-53-150.static.sagonet.net 1200332935 J * FaUl immo@shell.chaostreff-dortmund.de 1200332937 M * FaUl huhu 1200332952 M * FaUl how can i disable lo-virtualisation for one particular vserver? 1200332961 Q * pmenier Quit: Konversation terminated! 1200333062 M * daniel_hozac in 2.3? 1200333086 M * daniel_hozac disable the lback_remap nflags for that guest. 1200333122 M * FaUl ah, i remember 1200333139 M * FaUl i asked that once before ;-) 1200333339 J * JonB hidden-use@192.38.9.151 1200333346 M * Bertl_oO nap attack ... back later ... 1200333351 N * Bertl_oO Bertl_zZ 1200333434 M * FaUl daniel_hozac: ok, just noticed this one is different - last time i asked how to enable it to a particular vserver 1200333440 M * FaUl this time is how to remove it 1200333452 M * FaUl as it is enabled by default on this sys 1200333602 Q * JonB 1200333607 Q * jescheng Remote host closed the connection 1200333627 J * jescheng ~jescheng@proxy-sjc-1.cisco.com 1200333888 J * virtuoso ~s0t0na@ppp78-37-177-60.pppoe.avangarddsl.ru 1200333925 J * JonB hidden-use@192.38.9.151 1200334002 M * FaUl any hints how to disable some specific flags? 1200334053 M * daniel_hozac ~ in the appropriate file. 1200334076 M * nebuchadnezzar I often have a gcc -dumpmachin which bloc on my test machine when building a new kernel :-/ 1200334095 M * nebuchadnezzar that's not the first time I speak about it 1200334106 M * nebuchadnezzar I can not kill it, what ever I do 1200334297 Q * virtuoso_ Ping timeout: 480 seconds 1200335033 Q * lilalinux Remote host closed the connection 1200335176 T * * http://linux-vserver.org/ | latest stable 2.2.0.5, 2.0.3-rc3, devel 2.3.0.29, stable+grsec 2.2.0.5 | util-vserver-0.30.214 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the Wiki, and we'll forget about the minute ;) 1200335176 T * harry - 1200335185 J * meebey meebey@booster.qnetp.net 1200335214 J * snooze ~o@1-1-4-40a.gkp.gbg.bostream.se 1200335364 J * ||Cobra|| ~cob@pc-csa01.science.uva.nl 1200335455 J * Adrinael adrinael@rid7.kyla.fi 1200335455 J * wibble wibble@vortex.ukshells.co.uk 1200335456 J * click click@ti511110a080-2160.bb.online.no 1200335465 J * nox ~nox@static.88-198-17-175.clients.your-server.de 1200335467 J * glen ~glen@elves.delfi.ee 1200335483 J * michiel` ~michiel@145.33.144.200 1200335641 J * hparker ~hparker@linux.homershut.net 1200336430 J * marcel ~marcel@lt3.xs4all.nl 1200336999 Q * mnemoc Ping timeout: 480 seconds 1200337119 Q * JonB Ping timeout: 480 seconds 1200337198 J * JonB hidden-use@192.38.9.151 1200337245 J * mnemoc ~amery@kilo105.server4you.de 1200337732 M * FaUl daniel_hozac: ah, that was to obvious 1200339297 J * brc bruce@megarapido.cliquerapido.com.br 1200339950 Q * slack101 Quit: Leaving. 1200340233 J * Infinito argos@201-2-76-203.gnace701.dsl.brasiltelecom.net.br 1200340863 J * Piet ~piet@tor.noreply.org 1200341446 Q * dreamind Quit: dreamind 1200341648 J * Aiken ~james@ppp121-45-194-143.lns1.bne1.internode.on.net 1200342614 Q * Infinito Quit: Quitte 1200342840 Q * Piet Ping timeout: 480 seconds 1200343465 Q * JonB Ping timeout: 480 seconds 1200343686 Q * marcel Read error: Connection reset by peer 1200343808 J * Piet ~piet@tor.noreply.org 1200343938 J * ema ~ema@rtfm.galliera.it 1200344293 J * ViRUS ~mp@p57A6EC2C.dip.t-dialin.net 1200345089 Q * ftx_ Ping timeout: 480 seconds 1200345136 Q * meandtheshell Quit: Leaving. 1200345585 J * mire ~mire@227-170-222-85.adsl.verat.net 1200345696 J * JonB ~NoSuchUse@kg1-68.kollegiegaarden.dk 1200345798 Q * bonbons Quit: Leaving 1200345915 Q * ViRUS Quit: Leaving 1200346068 J * yarihm ~yarihm@84-75-125-120.dclient.hispeed.ch 1200346080 M * s0undt3ch hello ppl 1200346098 M * s0undt3ch how can I enable mount/umount inside a vserver? 1200346119 M * daniel_hozac depends on the filesystem. 1200346233 M * s0undt3ch ext3 1200346245 Q * rgl Quit: Enough 1200346254 M * daniel_hozac the secure_mount ccap should suffice then. 1200346333 M * s0undt3ch echo secure_mount > /etc/vservers//ccaps? 1200346356 M * s0undt3ch daniel_hozac: is that it? 1200346403 M * daniel_hozac ccapabilites, yes. 1200346405 M * s0undt3ch my problem might actually another one because I have zimbra inside a vserver and that's part of the output of one of it's stats scripts 1200346418 M * s0undt3ch k, trying that 1200346427 M * daniel_hozac why is it trying to mount stuff? 1200346475 M * s0undt3ch it ain't it's telling me to mount /proc 1200346476 M * s0undt3ch :) 1200346539 M * daniel_hozac uh, if you don't have /proc mounted in a guest, you've done something horribly wrong. 1200346605 M * s0undt3ch daniel_hozac: well, I do have /proc inside the guest, and it does have contents inside it -> ls -lah /proc/uptime 1200346608 M * s0undt3ch -r--r--r-- 1 root root 0 2008-01-14 21:34 /proc/uptime 1200346648 M * s0undt3ch I just don't know why it's complaining, the only stats I don't have are disk stats 1200346852 M * s0undt3ch hmm, some more info 1200346853 M * s0undt3ch Warning: Not possible to monitor process stats 1200347139 Q * JonB Quit: This computer has gone to sleep 1200347378 N * Bertl_zZ Bertl 1200347400 M * Bertl s0undt3ch: maybe it is trying to access specific parts of proc which are still hidden? 1200347491 M * s0undt3ch Bertl: probably 1200347497 M * s0undt3ch Bertl: dunno what :\ 1200347509 J * Kiu ~Miranda@dslb-084-056-242-060.pools.arcor-ip.net 1200347538 M * Kiu hi 1200347547 M * s0undt3ch Bertl: processes statistics? where would one get that from!? 1200347576 J * aj_ ~aj@e180203048.adsl.alicedsl.de 1200347665 M * Kiu need some help with vserver and iptables 1200347680 M * Bertl welcome Kiu! 1200347720 M * Bertl s0undt3ch: no idea, does 'top' work inside the guest? 1200347741 M * Bertl Kiu: what's the problem? 1200347763 M * s0undt3ch Bertl: yes, it does 1200347782 M * Bertl then it must be something more than just the ordinary process statistics :) 1200347799 M * Kiu somebody knows what i have to do do get a connection from a vserver to another on the same machine? get a "connection refused" if i try, not the "invalid agrument" as in the faq 1200347803 M * Bertl s0undt3ch: best strace -fF it and see what it is looking for 1200347848 M * Kiu can't find anything usefull on the net about that 1200347857 M * Bertl Kiu: connection refused means that you actually connect to the other guest (or maybe the host) but guest/host config (usually hosts.allow) does not permit your IP 1200347887 M * Bertl Kiu: so most likely, your problem is not with iptables at akk 1200347889 M * Bertl *all 1200347950 M * Bertl best check the logs on the target (guest or host) and see for messages 1200348060 M * Kiu no errors in the logs and apache ignores such files afaik 1200348084 M * Bertl ah, so you get that on port 80? 1200348108 M * Kiu http, ftp, smtp - always got an connection refused 1200348113 M * Kiu apache, exim, pureftpd 1200348136 M * Bertl okay, do you have a firewall running on the host? 1200348173 M * Kiu if you want to call iptables a firewall... then yes 1200348194 M * Bertl well, it is :) are you blocking traffic on 'lo'? 1200348210 M * Kiu all policies are "accept", so that should not be the problem, or is there a trick? 1200348233 M * Bertl if you don't have other rules, then that should be fine 1200348255 M * s0undt3ch Bertl: think I found the culprit 30524 open("/proc/vmstat", O_RDONLY) = -1 ENOENT (No such file or directory) 1200348258 M * s0undt3ch 30524 write(2, "Error: /proc must be mounted\n T"..., 178) = 178 1200348282 M * Kiu just a few nat rules, but they are just for addess translation internal ip <-> external ip 1200348303 M * Bertl Kiu: let's start with a few simple tests then, please get netcat and tcpdump inside two of your guests (origin and target) as well as the host 1200348303 M * daniel_hozac so are you trying to connect to the external or internal IP? 1200348310 M * s0undt3ch Bertl: is there a way to unhide /proc/vmstat? 1200348325 M * Bertl s0undt3ch: yes, but you don't want to give that to guests 1200348349 M * Bertl s0undt3ch: well, not a security issue, but why should a guest process be able to read virtual memory statistics 1200348353 M * s0undt3ch Bertl: I don't? why? 1200348365 M * Kiu bertl: k 1200348383 M * Bertl Kiu: tcpdump only on the host 1200348426 M * s0undt3ch Bertl: well, good point 1200348435 M * s0undt3ch lemme see if I find more of those errors 1200348447 M * Kiu just a moment, gentoo needs some time to install ;-) 1200348464 M * Bertl np, take your time 1200348576 M * s0undt3ch Bertl: those are the errors I've grep'ed -> http://paste.ufsoft.org/14 1200348666 M * s0undt3ch Bertl: any issues about un-hiding /proc/diskstats? /proc/partitions? 1200348677 Q * aj_ Ping timeout: 480 seconds 1200348680 M * s0undt3ch since those are the stats my zimbra install is not getting? 1200348822 M * Kiu ok, got a fresh cup of coffee and the programms installed, now what should i do? 1200348838 M * s0undt3ch Bertl: can I unhide per vserver guest? 1200348857 M * daniel_hozac s0undt3ch: no. 1200348889 M * s0undt3ch :\ 1200348912 M * s0undt3ch daniel_hozac: and those 2 proc items, are they considered security risks? 1200349079 M * Bertl s0undt3ch: well, they will give away host information and, at least in theory, could be used to DoS your system, would be better to change those checks in zimbra? 1200349109 M * Bertl (and/or disable this feature, whatever it may be :) 1200349156 M * Bertl Kiu: first, a simple one, use netcat to connect to a port which isn't bound (from the host and from the guest) 1200349172 M * Bertl e.g. 1234 1200349181 M * s0undt3ch Bertl: well, those are only to get file io stats I think 1200349212 M * Bertl well, they get vm and disk io stats, but why would zimbra need that? 1200349262 M * Bertl I mean, groupware and vm/disk stats? 1200349296 M * Kiu bertl: got "(UNKNOWN) [192.168.0.11] 12345 (?) : Connection refused" 1200349321 M * s0undt3ch Bertl: it actually more "(mail/calendar/tasks)ware" 1200349325 M * s0undt3ch *it's 1200349351 M * Bertl Kiu: better stay with 4 digit port numbers (to avoid hitting a random port), but looks good, both on host and guest? 1200349360 M * s0undt3ch zimbra is a mailserver ware, so those disk stats are regarding the mail server 1200349387 M * Bertl and how would a mailserver need/user disk I/O stats? 1200349391 M * Bertl *use 1200349417 M * Bertl I know for sure that neither postfix nor sendmail need them :) 1200349423 M * Kiu jepp 1200349454 M * Bertl Kiu: okay, let's bind something (with netcat in listen mode) on the host, to port 1234 now, and try again from host and guest 1200349492 M * Bertl Kiu: if you get a connection, check if you can transmit data in both directions 1200349540 M * Kiu seems to work 1200349660 M * Bertl okay, again from host and guest, yes? 1200349667 M * Kiu yes 1200349695 M * Bertl now let's move the 'server' netcat to a guest 1200349712 M * Bertl this time, try from host, the same guest and a different guest 1200349719 Q * dna Quit: Verlassend 1200349830 M * s0undt3ch Bertl: there's no need to, it's just aditional info, so not that needed 1200350029 M * Bertl s0undt3ch: alternatively, if you don't like to modify zimbra/config, you could change the kernel slightly to provide empty files for guests there 1200350049 M * Kiu hm, ok, now i got the C/R error, i tryed to connect the host (192.168.0.1) from a guest - hm 1200350063 M * Bertl I think I probably would even consider such a patch for inclusion 1200350149 M * Kiu oh, the first try i made was from guest to guest, not to host... thats why it worked at the first try, sry 1200350174 M * Bertl hmm, so guest to guest worked already? 1200350182 M * s0undt3ch Bertl: well, touching kernel isn't my thing :) and empty files won't make those progs work, they're just emtpy, zimbra won't stop working because of that, it just won't output stats 1200350187 M * Kiu ok, host -> guest good, guest -> guest good, guest -> host bad 1200350210 M * Bertl Kiu: and the server netcat is running where now? 1200350233 M * Kiu on the host, 192.168.0.1 1200350259 M * Bertl the server is running on the host, and guest->guest works, but guest->host fails? 1200350280 M * Kiu yes 1200350312 M * Bertl okay, please remove your iptables setup and repeat the test 1200350419 M * Kiu doesn't change anything 1200350460 M * Bertl okay, then let's repeat the 'server on host', guest tries to connect and fails test with tcpdump running on the host 1200350469 M * Bertl something like 'tcpdump -vvnei lo' 1200350493 M * Bertl and please upload the output to paste.linux-vserver.org 1200350860 M * Kiu http://paste.linux-vserver.org/11665 1200350992 M * Bertl well, that looks like a successful connect to me, but let's get strace inside a guest too, and strace the connecting netcat 1200351089 M * Bertl do you have any security features active besides Linux-VServer? i.e. SELinux or grsec? 1200351099 M * Kiu ok, should i post the complete output, or just something special? 1200351113 M * Bertl complete output is probably best 1200351146 M * Kiu http://paste.linux-vserver.org/11666 1200351255 M * Bertl okay, please upload the output of 'ip addr ls' and 'ip route ls' (from the host) too (feel free to anonymize public ips, but do it in a traceable way) 1200351462 J * geektopia ~geektopia@61.29.125.10 1200351469 M * Bertl welcome geektopia! 1200351511 M * geektopia Hi Bertl 1200351512 M * Kiu hm, can't find "ip" on the server or a package - google says that it is a part of openwall... 1200351532 M * geektopia Kiu, install iproute 1200351544 M * Bertl Kiu: nah, the host must have it already installed (part of iproute2, required by util-vserver) 1200351589 M * Kiu hm, gentoo doen't think its required, but found it... 1200351613 M * Bertl that's unusual, as util-vserver needs it to start the guests properly :) 1200351642 M * Bertl (which might be related to your issues ...) 1200351714 M * Kiu dump for guest,host or both? 1200351776 M * Bertl host only 1200351841 M * Kiu http://paste.linux-vserver.org/11667 1200351893 Q * sladen Ping timeout: 480 seconds 1200351899 J * undefined ~undefined@adsl-68-94-190-217.dsl.rcsntx.swbell.net 1200351961 Q * ema Quit: leaving 1200352052 M * Bertl Kiu: after starting the server netcat process on the host, could you run 'lsof -ni :1234' and upload that too? 1200352160 J * sladen paul@starsky.19inch.net 1200352168 M * Kiu http://paste.linux-vserver.org/11668 1200352434 M * Bertl okay, looks normal to me ... what does /proc/virtnet//info and /proc/virtnet//status contain (nid is the network id of your guest) 1200352555 M * Kiu id=1011, info = f662d5c0, 0=192.168.0.11/255.255.255.0 1200352611 M * Kiu UseCnt: 17 | Tasks: 11 | Flags: 0000000402000000 | NCaps: 0000000000000100 1200352624 M * Kiu first was info, second status 1200352631 M * Bertl so all seems fine, unless you have some security mechanisms in place, I don't know why you would get a permission denied when connecting to the host (192.168.0.1) from the guest (192.168.0.11) 1200352661 M * Bertl in any case, check the dmesg output on the host for further clues 1200352667 M * Bertl btw, what kernel is this? 1200352710 M * Kiu 2.6.20-vs2.2.0-gentoo 1200352807 M * Bertl no idea, daniel_hozac anything? 1200352915 M * Kiu hm, maybe the init scripts do something which could not be done while ip was missing? will restart all vserver to test 1200352941 M * Bertl the netcat isn't affected by any init scripts 1200353065 M * Kiu maybe, but now netcat works 1200353072 M * Kiu dont ask me why... 1200353120 M * Bertl okay, then try the stuff you originally wanted to do 1200353158 M * Kiu i tried... telnetting the ftp server on the vhost by ip is working now 1200353230 M * Bertl so everything working now, after you installed iproute? 1200353243 M * Kiu with locals ip's - yes 1200353263 M * Bertl okay, for the public ip part, you need to activate the iptable NAT-ing 1200353287 M * Bertl but you should report the missing 'iproute' dependancy to the gentoo folks 1200353431 M * Kiu k 1200353489 M * Kiu hm, ok, if i try to connect to the servers by internal ips, everything is fine 1200353489 M * Kiu if i try from the net to connect the servers by their external ip, that works, too 1200353511 M * daniel_hozac what util-vserver version? 1200353570 M * Kiu 0.30.214 1200353584 M * Kiu the only thing that doesn't work is to connect to the servers from a guest by the public ips 1200353604 M * daniel_hozac that depends on sys-apps/iproute2. 1200353617 M * Bertl Kiu: which is kind of expected, unless you have nat rules for 'lo' 1200353650 M * Bertl Kiu: i.e. the originating IP will be dubious and likely be rejected 1200353718 Q * Piet Quit: Piet 1200353781 M * Kiu so i have to change the internal ip to an external ip of the client guest whit a rule, or the target external ip to the internal ip of the target host? 1200353876 M * Bertl precisely, or adjust the 'connect' rules of the server, whatever is preferable 1200354493 M * Kiu ok, tnx for your time 1200354499 M * Bertl you're welcome!