1205712287 M * nixe hey zbyniu 1205712294 M * nixe when prefixing my SSHD in the grsec policy 1205712299 M * nixe i get this error when trying to gradm -E 1205712302 M * nixe Default object not found for role default subject /vserver/hackyour/usr/sbin/sshd 1205712305 M * nixe The RBAC system will not load until you correct this error. 1205712324 M * daniel_hozac /vserver_s_/.... 1205712345 M * nixe haha whops 1205712349 M * nixe thankyou -.- :p 1205712430 M * zbyniu what flags have you got for /vservers/hackyour/usr/sbin/sshd ? 1205712475 Q * xdr Ping timeout: 480 seconds 1205712523 M * zbyniu ah, 'dpo' so add also "/ h" in this section 1205712527 M * nixe Default object not found for role default subject /vservers/hackyour/usr/sbin/sshd 1205712533 M * nixe The RBAC system will not load until you correct this error. 1205712536 M * nixe ohh 1205712566 M * nixe hrm 1205712628 M * nixe before i enable the grsec policy, ping is still dying: 1205712633 M * nixe ping: sendmsg: Operation not permitted 1205712649 M * nixe unless i have to create a policy for the vserver's ping and enalbe gradm ? 1205712807 M * zbyniu no, if with rbac disabled you have such err, it's misconfigured guest 1205712920 M * nixe hrm ok, i just tried to iptables --flush on the host box, and it looks like it the box just died -.- lol 1205712951 M * nixe lets hope it comes back up after a force reboot 1205713125 J * xdr ~xdr@136-173-96-87.cust.blixtvik.se 1205713501 M * nixe hrm i can see ping's leaving the vserver 1205713502 M * nixe 20:24:50.552524 IP 192.168.1.5 > eh-in-f99.google.com: ICMP echo request, id 5648, seq 2, length 64 1205713556 M * nixe and DNS requests 1205713556 M * nixe 20:25:42.404521 IP 192.168.1.5.32782 > cns264.schlund.net.domain: 32127+ A? www.google.com. (32) 1205713560 M * nixe 20:25:45.046077 IP 192.168.1.5.32783 > cns264.schlund.net.domain: 32888+ A? www.yahoo.com. (31) 1205713563 M * nixe must be a NATing issue still ;x 1205713572 Q * docelic Quit: http://www.spinlocksolutions.com/ 1205714086 M * nixe hey if i had: 1205714096 M * nixe ohh fsck wait a sec nvm 1205714115 M * nixe wait 1205714117 M * nixe if i had 1205714123 M * nixe eth0-74.208*.1 1205714135 M * nixe eth0:1-74.208*.50 1205714159 M * nixe and eth0:vserver 192.168.1.5 1205714170 M * nixe how should i go about its IP configuration 1205714177 M * nixe should i keep the vserver on a local subnet like 192.168.1.5 1205714190 M * nixe and then somehow NAT the eth0:1 virtual address to 192.168.1.5 ? 1205714199 M * nixe or should i just assign the vserver the eth0:1 ? 1205714831 Q * xdr Ping timeout: 480 seconds 1205715231 Q * per|away Ping timeout: 480 seconds 1205715348 Q * mrfree Ping timeout: 480 seconds 1205715353 J * ard_ ~ard@shell2.kwaak.net 1205715396 N * ard_ ard 1205716590 J * balbir ~balbir@122.167.179.23 1205717323 F * ChanServ +o Bertl 1205717338 T * Bertl http://linux-vserver.org/ |stable 2.2.0.7, devel 2.3.0.34, grsec 2.2.0.6|util-vserver-0.30.214|libvserver-1.0.2|vserver-utils-1.0.3| He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the Wiki, and we forget about the minute. 1205717346 F * Bertl -o Bertl 1205717902 Q * balbir Ping timeout: 480 seconds 1205718561 J * balbir ~balbir@122.167.207.99 1205719251 Q * nixe Quit: Lost terminal 1205724017 Q * balbir Read error: Operation timed out 1205724239 Q * mire Ping timeout: 480 seconds 1205728487 J * fatgoose ~samuel@bas5-quebec14-1242523234.dsl.bell.ca 1205730052 Q * fatgoose Quit: fatgoose 1205730924 J * balbir ~balbir@59.145.136.1 1205732071 Q * awk Ping timeout: 480 seconds 1205732385 M * Bertl okay, I'm off to bed now ... have a good one everyone! cya! 1205732390 N * Bertl Bertl_zZ 1205733096 J * C14r_ ~C14r@h58173.serverkompetenz.net 1205733320 J * [Guy] ~korn@elan.rulez.org 1205733324 J * svenk_ ~sven@213.73.89.36 1205733334 J * _Medivh ck@dolphin.serverbox.de 1205733336 J * menomc ~amery@kilo105.server4you.de 1205733344 Q * eSa| charon.oftc.net solenoid.oftc.net 1205733344 Q * ace_ charon.oftc.net solenoid.oftc.net 1205733344 Q * transacid charon.oftc.net solenoid.oftc.net 1205733344 Q * mEDI_S charon.oftc.net solenoid.oftc.net 1205733344 Q * Guy- charon.oftc.net solenoid.oftc.net 1205733344 Q * mnemoc charon.oftc.net solenoid.oftc.net 1205733344 Q * svenk charon.oftc.net solenoid.oftc.net 1205733344 Q * arthur charon.oftc.net solenoid.oftc.net 1205733344 Q * C14r charon.oftc.net solenoid.oftc.net 1205733344 Q * Adrinael charon.oftc.net solenoid.oftc.net 1205733344 Q * Medivh charon.oftc.net solenoid.oftc.net 1205733344 J * transaci1 ~transacid@transacid.de 1205733345 J * Adrinael adrinael@rid7.kyla.fi 1205733346 N * menomc mnemoc 1205733353 J * pusling pusling@77.75.162.71 1205733358 J * sannes ace@har.sagt.no 1205733372 J * arthur ~arthur@pan.madism.org 1205733402 J * esa ~esa@ip-87-238-2-45.static.adsl.cheapnet.it 1205734037 J * mEDI_S ~medi@snipah.com 1205734578 J * Patrick Patrick@Linux-Dev.org 1205736536 J * Slydder ~chuck@194.59.17.53 1205737471 J * awk ~awk@security.web.za 1205737474 M * awk moo 1205737525 J * dna ~dna@249.Red-88-27-12.staticIP.rima-tde.net 1205739186 J * per|away ~chatzilla@79.138.152.59.bredband.tre.se 1205739186 J * JonB ~NoSuchUse@0x535b270c.kjnxx10.adsl-dhcp.tele.dk 1205739468 A * harry back from skiing! 1205739488 M * harry wisk: there is a ipv6 patch on my linux-vserver page 1205739533 M * harry nkukard: http://harry.enzoverder.be/ there is a grsecurity patch for 2.6.22.something 1205739550 M * nkukard thanks harry !!!! 1205739601 M * nkukard ah, harry ... they made a change in 22.something which breaks the patch , I can try port myself, but I was wondering if you'd already tackled it? 1205739624 M * harry nkukard: been on a skiing trip 1205739634 M * nkukard np man ;) 1205739634 M * harry so no, i havent done anything yet :) 1205739641 M * harry dreamind: what problem? 1205739702 M * harry nkukard: wait... 1205739710 A * nkukard waits :) 1205739721 M * harry do you mean the kernel problem that grsec fixed a long time ago? 1205739735 M * harry which was ony just included in 22 version? 1205739744 M * harry from 2.6.22.18 to 2.6.22.19 ? 1205739773 A * harry tries to think hard 1205739788 M * nkukard well ... the latest grsec patch i have doesn't apply to latest 2.6.22 ... *also thinking hard* 1205739802 M * nkukard was a few liner change that was made iirc 1205739971 J * _bjh_ ~bjh@84.112.154.154 1205740000 M * harry arch/i386/kernel/ptrace.c 1205740002 M * harry there? 1205740297 M * nkukard rings a bell yea 1205740337 N * Patrick the-me 1205740440 Q * per|away Ping timeout: 480 seconds 1205740688 M * harry i fixed that before i went skiing yes :) 1205740694 M * harry in the vserver+grsec patch :) 1205740702 M * harry not in the grsec patch 1205740738 M * harry and off course, the vmsplice thingy is fixed in all my patches, starting from 2.6.22.18 (included ;)) 1205740913 M * nkukard ah, harry is it trivial for me to fix? 1205740921 M * nkukard (not looked at it yet) 1205740934 M * harry well... yeah 1205740946 M * harry basicly just forget about the reject ; 1205740947 M * harry ;) 1205740972 M * harry the fix they did in 2.6.22.19 kernel is the same that was in the grsecurity patch allready 1205740994 M * harry so basicly: you better stick to the kernel fix... that's less patching (and imho a bit nicer aswell) 1205741042 M * harry (i don't know how sober i was when making that patch, but i think both patches did exactly the same! 1205741080 A * harry will fix a 2.2.0.7 patch today 1205741093 M * harry now... off to work!! 1205741150 M * nkukard thanks harry 1205741444 Q * JonB Quit: Leaving 1205741545 J * JonB ~NoSuchUse@0x535b270c.kjnxx10.adsl-dhcp.tele.dk 1205742210 N * DoberMann[ZZZzzz] DoberMann 1205743794 Q * dna Quit: Verlassend 1205744402 J * mrfree ~mrfree@host1-89-static.40-88-b.business.telecomitalia.it 1205744836 Q * jsambrook Quit: Leaving. 1205744900 F * ChanServ +o daniel_hozac 1205744903 T * daniel_hozac http://linux-vserver.org/ |stable 2.2.0.7, devel 2.3.0.34, grsec 2.2.0.6|util-vserver-0.30.215|libvserver-1.0.2|vserver-utils-1.0.3| He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the Wiki, and we forget about the minute. 1205744908 F * daniel_hozac -o daniel_hozac 1205744922 M * daniel_hozac micah: ensc: Hollow: everyone: util-vserver 0.30.215. 1205744961 M * Hollow yay 1205744988 Q * balbir Ping timeout: 480 seconds 1205745056 M * phedny hmm, does somebody know which vserver version the linux-image-vserver Debian package is based on? 1205745085 M * daniel_hozac Debian etch? 2.0.2.2-rc9 1205745105 M * phedny the one in lenny too? 1205745123 M * daniel_hozac that's probably some 2.2 version, no idea which. 1205745131 M * phedny hmm, 2.0 is old? 1205745149 M * daniel_hozac check the ChangeLog. 1205745150 M * daniel_hozac yes. 1205745160 M * phedny I hoped it would be 2.3, because of IPv6 support 1205745161 M * daniel_hozac 2.0 hasn't been maintained for about a year. 1205745170 M * phedny but I should just build my own 1205745239 J * gebura ~gebura@77.192.186.197 1205745258 M * mrfree daniel_hozac, hi. to have a local isolated loopback if in each guest do I need to use 2.3?? 1205745297 M * daniel_hozac yes. 1205745348 M * mrfree ok, I think I'll start testing 2.3 on my server :) 1205745366 M * mrfree I hope it is almost stable ;) 1205745410 M * Hollow daniel_hozac: in portage :) 1205745493 M * mrfree Hollow, I'm using gentoo but I noticed in portage we have 2.3.0.29 but the latest version is 2.3.0.34 :) 1205745502 Q * virtuoso Read error: Connection reset by peer 1205745508 M * Hollow yes, i'm a bit behind wrt 2.3 1205745513 M * daniel_hozac Hollow: nice :) 1205745548 M * gebura hi 1205745667 J * ftx ~ftx@dslb-084-060-252-089.pools.arcor-ip.net 1205745695 J * jsambrook ~jsambrook@aelfric.plus.com 1205745706 J * friendly12345 ~friendly@ppp59-167-159-125.lns4.mel6.internode.on.net 1205746397 J * mire ~mire@183-175-222-85.adsl.verat.net 1205746642 M * mrfree Hollow, I noticed you are not using the patch directly available from the vserver site for the ebuild 1205746708 M * mrfree are you apply anyother patches? 1205746818 M * Hollow it is the patch from l-v.org, with gentoo specific EXTRAVERSION 1205746820 Q * friendly12345 Ping timeout: 480 seconds 1205746885 J * hparker ~hparker@linux.homershut.net 1205746964 J * friendly12345 ~friendly@ppp59-167-159-125.lns4.mel6.internode.on.net 1205747178 M * mrfree Hollow, so I suppose the "official" patch doesn't apply clearly to a gentoo-sources 1205747201 M * Hollow yes, because gentoo-sources do not use the fourth part of the kernel version 1205747240 M * Hollow and i think bertl specifically reuqested that we put -gentoo in EXTRAVERSION 1205747244 M * Hollow (just like gentoo-sources does) 1205747277 M * mrfree so I actually need to manually patch a vanilla to test the latest 2.3 version 1205747301 M * Hollow well, let me take a look 1205747323 J * balbir ~balbir@59.145.136.1 1205747325 M * Hollow the problem is that there are no genpatches for current 2.6.22 releases 1205747335 M * Hollow i already had to backport the vmsplice fix for 2.2 1205747464 J * balbir_ ~balbir@59.145.136.1 1205747808 Q * balbir Ping timeout: 480 seconds 1205748102 N * transaci1 transacid 1205748148 J * ktwilight ~ktwilight@185.126-66-87.adsl-dyn.isp.belgacom.be 1205748368 Q * ktwilight_ Ping timeout: 480 seconds