1208908999 Q * bertux Remote host closed the connection 1208909037 J * bertux ~bert@abo-111-249-68.guy.modulonet.fr 1208909099 M * bertux daniel_hozac: what iptables rule would you recommend me to redirect the port 110 of my public ip to the port 110 of the private ip of my first vserver ? 1208909555 J * PowerKe ~tom@d5153A1EB.access.telenet.be 1208909779 M * bertux i'm going to bed, see you later, thanks for the help daniel_hozac ;) 1208909782 Q * bertux Quit: Ex-Chat 1208911024 Q * Infinito Quit: Leaving 1208911323 N * Guest1269 Genghis 1208911363 N * Genghis Guest1277 1208913394 Q * mire Ping timeout: 480 seconds 1208914981 N * Guest1277 Genghis 1208915013 N * Genghis Guest1284 1208915019 Q * ard6 Ping timeout: 480 seconds 1208915068 Q * daniel_hozac Read error: Connection reset by peer 1208915080 J * daniel_hozac ~daniel@ssh.hozac.com 1208915091 J * opuk ~kupo@alla.beundrar.kupo.se 1208915098 Q * opuk_ Read error: Connection reset by peer 1208916456 Q * hparker Quit: Read error: 104 (Peer reset by connection) 1208917194 Q * harry Ping timeout: 480 seconds 1208917834 J * harry ~harry@d51A461B4.access.telenet.be 1208918641 N * Guest1284 Genghis 1208918677 N * Genghis Guest1294 1208919659 M * dtbartle has anyone tested the 2.6.25 patch? 1208919710 M * dtbartle when i try to start a vserver i get "save_ctxinfo: vc_get_task_xid(): Function not implemented" 1208921749 J * ard6 ~ard@2002:d9c4:2909:1::1 1208922303 N * Guest1294 Genghis 1208922337 N * Genghis Guest1301 1208923045 J * FireEgl FireEgl@2001:5c0:84dc:1:4:ff:fe00:1 1208923660 Q * bzed Remote host closed the connection 1208923666 J * bzed_ ~bzed@devel.recluse.de 1208923681 N * bzed_ bzed 1208923686 J * Loki_muh loki@satanix.de 1208923686 Q * Loki|muh Read error: Connection reset by peer 1208923693 N * Loki_muh Loki|muh 1208925125 Q * Supaplex Ping timeout: 480 seconds 1208925797 J * cryptronic ~oli@p54A3B1C1.dip0.t-ipconnect.de 1208925964 N * Guest1301 Genghis 1208925997 N * Genghis Guest1307 1208926694 J * virtuoso_ ~s0t0na@ppp91-122-59-191.pppoe.avangarddsl.ru 1208926958 Q * virtuoso Ping timeout: 480 seconds 1208927922 J * dna ~dna@66-220-dsl.kielnet.net 1208928056 J * Slydder ~chuck@194.59.17.53 1208928501 J * virtuoso ~s0t0na@ppp91-122-186-8.pppoe.avangarddsl.ru 1208928911 Q * virtuoso_ Ping timeout: 480 seconds 1208929051 N * Bertl_zZ Bertl 1208929056 M * Bertl morning folks! 1208929111 M * Bertl daniel_hozac: gcc 4.2.3 and dietlibc 0.31 (both mandriva flavor) 1208929154 Q * dna Quit: Verlassend 1208929435 M * Bertl dtbartle: what does testme.sh give you? 1208929458 M * dtbartle [011]# failed. 1208929461 M * dtbartle i poked around some more 1208929476 M * dtbartle chcontext --secure --xid 45678 mknod /tmp/testme.sh.bJ2632/node c 0 0 is called 1208929478 M * Bertl could you upload the full output to paste.linux-vserver.org plase? 1208929483 M * dtbartle vc_get_task_xid_v13 succeeds once 1208929488 M * dtbartle then fails when called a 2nd time 1208929515 M * Bertl interesting, did you by any chance enable VSERVER_DEBUG? 1208929538 M * dtbartle yes 1208929541 M * dtbartle i enabled the sub options as well 1208929546 Q * cryptronic Quit: Leaving. 1208929553 M * Bertl anything in dmesg? 1208929563 M * dtbartle sadly no 1208929571 M * dtbartle i had to modify your patch a bit to get it to build 1208929593 M * Bertl the new_dentry, yes? 1208929614 M * dtbartle yes, i changed that to new_path.dentry iirc 1208929618 M * dtbartle it was in some struct 1208929620 N * Guest1307 Genghis 1208929620 M * dtbartle let me check 1208929628 M * Bertl yep, as I suggested to infowolfe yesterday 1208929644 M * dtbartle struct rq 1208929657 M * dtbartle needed to add some new members 1208929657 N * Genghis Guest1314 1208929662 M * dtbartle unsigned long nr_onhold 1208929664 M * Bertl hmm? 1208929699 M * dtbartle entry->q1.onhold = HARDCPU(q->nr_onhold); 1208929700 M * Bertl do you have a patch of what you changed? 1208929709 M * dtbartle in kernel/sched_mon.h 1208929723 M * Bertl ah, disable the schedmon for now, won't work anyway 1208929731 M * dtbartle i see 1208929737 M * dtbartle what it cause the problem i saw? 1208929745 M * dtbartle *would 1208929751 M * Bertl no, I don't think that's related 1208929821 M * Bertl you want to enable the syscall command debugging options 1208929827 M * Bertl (at runtime) 1208929843 M * dtbartle CONFIG_VSERVER_MONITOR is what you mean? 1208929854 M * Bertl yep, disable that for now 1208929930 M * Bertl and do 'sysctl -w vserver.debug_switch=255' 1208929953 M * Bertl then rerun the testme.sh, check the dmesg, and upload both if possible 1208930006 M * dtbartle k 1208930010 M * Bertl I suspect that the new capability array causes the issues 1208930010 M * dtbartle i see stuff in dmesg now 1208930365 M * dtbartle sent dmesg and testme output 1208930387 M * dtbartle http://paste.linux-vserver.org/12038 1208930395 M * Bertl tx 1208933138 M * grobie morning 1208933149 M * grobie Bertl: still awake? 1208933279 N * Guest1314 Genghis 1208933315 M * Bertl grobie: not still, already :) 1208933317 N * Genghis Guest1324 1208933326 M * grobie sorry ;) 1208933330 M * Bertl np 1208933334 M * grobie http://vserver.lycos-vds.com/patch-2.6.22.19-vs2.2.0.7-NFS_fix.diff 1208933453 M * Bertl okay, looks good, we can drop the block in client.c now, I guess 1208933484 M * grobie think so as well 1208934599 J * virtuoso_ ~s0t0na@ppp91-122-59-7.pppoe.avangarddsl.ru 1208934857 Q * nkukard Quit: Leaving 1208934976 J * JonB ~NoSuchUse@77.75.164.169 1208934979 Q * virtuoso Ping timeout: 480 seconds 1208935752 Q * infowolfe Ping timeout: 480 seconds 1208936615 J * bfremon ~ben@ANantes-252-1-48-32.w82-126.abo.wanadoo.fr 1208936940 N * Guest1324 Genghis 1208936977 N * Genghis Guest1336 1208937341 N * Bertl Bertl_oO 1208938571 N * DoberMann[ZZZzzz] DoberMann 1208938970 J * dna ~dna@119-217-dsl.kielnet.net 1208939406 N * zbyniu_ zbyniu 1208939407 Q * hijacker Read error: Connection reset by peer 1208939434 J * hijacker ~hijacker@213.91.163.5 1208940321 J * infowolfe ~infowolfe@c-67-160-167-96.hsd1.or.comcast.net 1208940601 N * Guest1336 Genghis 1208940638 N * Genghis Guest1344 1208940660 N * Guest1344 Genghis- 1208940763 J * mire ~mire@148-169-222-85.adsl.verat.net 1208941366 J * jsambrook ~jsambrook@anchor-internet-1-if0.router.demon.net 1208941395 Q * JonB Quit: This computer has gone to sleep 1208941805 Q * mire Ping timeout: 480 seconds 1208942046 M * grobie i noticed one more thing regarding NFS 1208942047 Q * hijacker Remote host closed the connection 1208942074 M * grobie if i run the nfs-server and -client on the same machine i see the nfsd within the guests 1208942091 M * grobie is this a problem with my configuration? 1208942125 M * grobie ok, not a common setup, but convenient for testing purposes 1208942346 J * hijacker ~hijacker@213.91.163.5 1208942682 J * sharkjaw ~gab@64.28.12.166 1208942866 J * dna_ ~dna@119-217-dsl.kielnet.net 1208942952 Q * balbir Read error: Operation timed out 1208943223 Q * dna Ping timeout: 480 seconds 1208943334 Q * bfremon Remote host closed the connection 1208943690 J * bfremon ~ben@ANantes-252-1-48-32.w82-126.abo.wanadoo.fr 1208944264 N * Genghis- Genghis 1208944297 N * Genghis Guest1351 1208944552 J * balbir ~balbir@122.167.177.163 1208944662 M * infowolfe Bertl_oO, btw, failed on test11 on new kernel 1208944675 J * JonB ~NoSuchUse@77.75.164.169 1208945040 J * yarihm ~yarihm@mtec-hg-docking-1-dhcp-6.ethz.ch 1208945339 J * dna__ ~dna@61-241-dsl.kielnet.net 1208945645 J * kajko ~kajko@hyperion.kolorz.org 1208945662 Q * kajko 1208945743 Q * dna_ Ping timeout: 480 seconds 1208945881 Q * bfremon Ping timeout: 480 seconds 1208946501 J * bfremon ~ben@ANantes-252-1-61-34.w82-126.abo.wanadoo.fr 1208947897 Q * Aiken Quit: Leaving 1208947921 N * Guest1351 Genghis 1208947957 N * Genghis Guest1360 1208948454 J * ktwilight_ ~ktwilight@127.105-67-87.adsl-dyn.isp.belgacom.be 1208948829 Q * ktwilight Ping timeout: 480 seconds 1208950106 Q * bfremon Ping timeout: 480 seconds 1208950739 J * bfremon ~ben@ANantes-252-1-16-216.w82-126.abo.wanadoo.fr 1208950749 J * mess-mate ~chatzilla@ALille-254-1-55-184.w86-196.abo.wanadoo.fr 1208950778 M * mess-mate Hi folks, i've to create a second guest. 1208950817 M * mess-mate Have i to do it with vserver build as the first one, or with a newvserver command ? 1208950884 M * Bertl_oO if you want to avoid trouble, stay away from newvserver 1208950904 Q * dna__ Quit: Verlassend 1208950943 M * mess-mate Ok, so as i did the first time, do i ? 1208950964 M * Bertl_oO or you can use the rsync or clone build method too 1208951135 M * Bertl_oO see 'vserver - build --help' for details 1208951213 M * infowolfe hi Bertl_oO ;) 1208951225 M * mess-mate That command give an invalid option 1208951251 M * Bertl_oO then your util-vserver is quite outdated 1208951263 M * Bertl_oO make sure to use at least 0.30.214 1208951554 Q * bfremon Ping timeout: 480 seconds 1208951584 N * Guest1360 Genghis 1208951617 N * Genghis Guest1371 1208952052 Q * balbir Ping timeout: 480 seconds 1208952159 J * friendly ~friendly@ppp59-167-94-13.lns2.mel6.internode.on.net 1208952331 J * bfremon ~ben@ANantes-252-1-67-73.w81-250.abo.wanadoo.fr 1208954122 Q * JonB Quit: This computer has gone to sleep 1208954460 J * balbir ~balbir@122.167.177.163 1208954493 Q * yarihm Ping timeout: 480 seconds 1208954764 Q * bfremon Ping timeout: 480 seconds 1208954802 M * grobie Bertl_oO: there seems to be still a bug in the NFS part 1208954827 M * grobie chxid isn't able to change the xid actually via NFS, but works fine on ext3 1208954990 M * daniel_hozac does it claim success, or do you get an error message? 1208955001 M * grobie it claims success 1208955016 Q * friendly Quit: Leaving. 1208955025 J * yarihm ~yarihm@mtec-hg-docking-2-dhcp-142.ethz.ch 1208955064 M * grobie may it be connected to NFS_VALID_ATTRS in fs/nfs/inode.c? 1208955089 M * daniel_hozac which NFS version? 1208955120 M * grobie should be v3, but let me check the mount options to be sure 1208955128 M * daniel_hozac yeah, that's probably it. 1208955181 M * grobie i unmounted and remounted with vers=3 to make sure, but still the same 1208955243 N * Guest1371 Genghis 1208955277 N * Genghis Guest1378 1208955292 J * JonB ~NoSuchUse@77.75.164.169 1208955428 J * bfremon ~ben@ANantes-252-1-66-190.w81-250.abo.wanadoo.fr 1208956433 N * Guest1378 Genghis- 1208956711 Q * yarihm Ping timeout: 480 seconds 1208956934 N * Bertl_oO Bertl 1208956963 M * Bertl daniel_hozac: you might want to look into the 0.30.215 issues on the priceton machine, 0.30.214 compiles and works fine there ... 1208956965 N * yangp yang 1208957000 M * daniel_hozac oh, cool. 1208957057 M * Bertl btw, I recently had a new problem, but I think that is mandriva related (reported sys_set/getpriority) missing at the link stage 1208957112 Q * sharkjaw Quit: Leaving 1208957180 M * daniel_hozac that sounds strange. util-vserver shouldn't be using that anywhere, AFAIK. 1208957220 M * Bertl yeah, I think it is related to dietlibc *sigh* 1208957249 M * daniel_hozac yeah. 1208957558 M * infowolfe Bertl, did you get my bug report on the initial patch? 1208957605 M * Bertl yep 1208957621 Q * JonB Quit: Leaving 1208958448 Q * hijacker Remote host closed the connection 1208958900 N * Genghis- Genghis 1208958920 J * dna ~dna@91-244-dsl.kielnet.net 1208958934 J * yarihm ~yarihm@vpn-global-064-dhcp.ethz.ch 1208958934 M * grobie any other ideas/suggestions about chxid problem on NFS? 1208958937 N * Genghis Guest1383 1208958963 M * daniel_hozac changing that define didn't do the trick? 1208958971 M * Bertl grobie: we should have enough debug entries in place, give it a try, see what gets logged 1208958987 M * Bertl grobie: if not, try to add a few more in sensitive places 1208959006 M * grobie all right, try it out... 1208959276 Q * _gh_ Ping timeout: 480 seconds 1208959759 N * Guest1383 Genghis- 1208960047 J * nkukard ~nkukard@196.212.73.74 1208960061 J * hijacker ~hijacker@213.91.163.5 1208960554 J * Infinito ~argos@200-140-61-213.gnace701.dsl.brasiltelecom.net.br 1208961803 Q * jsambrook Quit: Leaving. 1208962320 Q * Slydder Quit: Leaving. 1208962563 N * Genghis- Genghis 1208962597 N * Genghis Guest1389 1208962629 J * yarihm_ ~yarihm@vpn-global-dhcp3-166.ethz.ch 1208962651 Q * yarihm_ 1208962984 J * dowdle ~dowdle@scott.coe.montana.edu 1208963069 Q * yarihm Ping timeout: 480 seconds 1208964243 M * mick_work hi everyone 1208964289 M * mick_work has anyone had their vserver not be able to see their NIC card? 1208964303 M * mick_work # ifconfig eth0 1208964305 M * mick_work eth0: error fetching interface information: Device not found 1208964317 M * mick_work ifconfig -a doesn't show anything either :-/ 1208964340 M * Bertl does the guest have an IP assigned` 1208964345 M * Bertl s/`/? 1208964356 M * mick_work it used to :-/ 1208964372 M * Bertl well, double check in /proc/virtnet (on the host) 1208964425 M * mick_work # cat /proc/virtnet/40010/info 1208964427 M * mick_work ID: 40010 1208964427 M * fatgoose_ hi 1208964429 M * mick_work Info: c65f4dc0 1208964430 N * fatgoose_ samtc 1208964430 M * mick_work 0: 10.20.10.101/255.255.255.0 1208964433 M * daniel_hozac and check to make sure the address is still assigned on the host. 1208964441 M * mick_work ah ok 1208964443 M * daniel_hozac (using e.g. ip a) 1208964470 M * mick_work ok, if it has changed - how do i change it on the vserver? 1208964473 M * samtc any update on VCD ? I tried vcd last year, very interesting project... 1208964513 M * Bertl mick_work: adjust the config or use naddress 1208964517 M * mick_work can i just change it in: vim /etc/vservers/vserver-name/interfaces/0/ip 1208964524 M * Bertl yep 1208964551 M * mick_work many thanks ;) 1208964556 Q * bfremon Remote host closed the connection 1208964564 M * Bertl you're welcome! 1208964582 M * daniel_hozac then you have to use naddress --set --nid --ip to make the guest use it right away. 1208964611 M * daniel_hozac (depending on some other factors though, most likely you'll need to restart all your services either way) 1208964622 M * daniel_hozac in which case a guest restart is just easier. 1208964835 J * bfremon ~ben@ANantes-252-1-66-190.w81-250.abo.wanadoo.fr 1208964870 Q * bfremon Remote host closed the connection 1208965358 M * Bertl daniel_hozac: hmm, I'm getting a strange backtrace, which looks like from the user namespace stuff .. could you take a look at it and give me your opinion? 1208965395 M * Bertl http://paste.linux-vserver.org/12045 1208965856 M * daniel_hozac ywah. 1208965869 M * daniel_hozac i thought we fixed that? 1208965875 J * bfremon ~ben@ANantes-252-1-66-190.w81-250.abo.wanadoo.fr 1208965883 M * daniel_hozac (or, well, you fixed it :)) 1208965898 M * Bertl well, yeah, I thought so too, but it seems to be back :) 1208965913 M * daniel_hozac and that delta is still in the tree? 1208965935 M * Bertl the user allocation code is disabled in this branch 1208965950 M * Bertl as you can see, no vserver functions in the call trace 1208965988 M * daniel_hozac it seems CLONE_NEWUSER is still in the space_mask though. 1208966009 M * Bertl which should be fine, no? 1208966011 M * tam I just moved a guest from a centos4 host to a centos5 host... most things went well, but I'm using external package management, and vrpm is complaining about the rpmdb. 1208966018 M * tam rpmdb: Program version 4.3 doesn't match environment version 1208966018 M * tam error: db4 error(-30974) from dbenv->open: DB_VERSION_MISMATCH: Database environment version mismatch 1208966025 M * daniel_hozac nah, the user namespaces are broken in mainline. 1208966027 M * tam Any quick fix? 1208966034 M * daniel_hozac hallyn knows about it too ;) 1208966038 M * Bertl daniel_hozac: still broken? 1208966067 M * daniel_hozac Bertl: it's being worked on right now. 1208966077 M * daniel_hozac so maybe they'll be fixed in 2.6.26... 1208966096 M * Bertl I got the impression that they already worked (somewhat) in 2.6.24 1208966109 M * daniel_hozac tam: rm -f /vservers/.pkg//rpm/state/__db*; vrpm -- --rebuilddb 1208966123 M * daniel_hozac only if you disable sysfs. 1208966131 M * tam daniel_hozac: thank you. 1208966166 M * Bertl daniel_hozac: ah, good hint, the DEPRECATED part? 1208966174 Q * dna Ping timeout: 480 seconds 1208966197 M * daniel_hozac hmm? i think you need to completely disable sysfs. 1208966224 N * Guest1389 Genghis 1208966227 M * Bertl hmm, I don't see how this could have worked in 2.6.24 then ... 1208966235 M * tam error: temporary database /vservers//.rpmdb already exists 1208966247 M * tam if I remove the .rpmdb directory, it complains about that too. 1208966257 N * Genghis Guest1397 1208966264 M * daniel_hozac Bertl: well, as i said, you fixed it :) 1208966276 M * daniel_hozac tam: ah, right... rpm is silly... 1208966334 M * Bertl daniel_hozac: hmm, okay ... care to hint me to the diff? 1208966357 M * Bertl (feel free to use the cluebat :) 1208966397 Q * bfremon Quit: Leaving. 1208966478 M * daniel_hozac hmm, i can't find it. 1208966525 M * tam I wonder if I internalized pkgmgmt if I wouldn't have this trouble moving guests around 1208966537 M * daniel_hozac indeed. 1208966547 M * daniel_hozac internal package management is much easier to deal with when moving guests. 1208966563 M * tam sold me. :) 1208966775 P * mess-mate 1208966867 M * Bertl daniel_hozac: anyway, I'll fix it (déjà vu) by adding the xid to the entry like this %d:%d, okay? 1208966898 M * daniel_hozac yeah, i think that was it. 1208966934 M * daniel_hozac + kobject_set_name(kobj, "%p:%d", ns, up->uid); 1208966945 M * daniel_hozac (from the 2.6.24 patch) 1208967003 M * Bertl ah, nice so we are not completely delirious (yet :) 1208967010 M * daniel_hozac hehe 1208967140 J * bfremon ~ben@ANantes-252-1-66-190.w81-250.abo.wanadoo.fr 1208967469 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1208968027 M * Bertl daniel_hozac: shall we force the namespace support for 2.6.25? 1208968061 M * Bertl I think we did similar for 2.6.24.x, IIRC 1208968186 M * daniel_hozac yeah, i think so. 1208968206 M * Bertl do recent tools have any issues with any of those spaces? 1208968239 M * Bertl and how do we handle pid spaces? 1208968280 M * Bertl i.e. ca we select between a pid space and fake init/blend through/isolation? 1208968306 M * daniel_hozac yeah. 1208968318 M * daniel_hozac pid spaces need some additional support kernel-side though. 1208968329 M * daniel_hozac i.e. vc_enter_space needs to do the right thing. 1208968364 M * Bertl okay 1208969257 Q * Infinito Quit: Leaving 1208969291 J * larsivi ~larsivi@144.84-48-50.nextgentel.com 1208969568 M * Bertl daniel_hozac: do you remember why we decided to have bcaps _and_ a cap_bset in vx_info (back then)? 1208969594 M * daniel_hozac no... that always seemed a bit strange to me. 1208969611 M * Bertl okay, so you'd agree that we do not need both# 1208969642 M * daniel_hozac unless we have cap_bset virtualized, i don't see the point. 1208969655 M * daniel_hozac (i.e. so that the guest-admin can remove capabilities) 1208969670 M * Bertl well, cap_bset has been moved into the task struct recently 1208969682 M * Bertl to allow for the posix file caps 1208969693 M * daniel_hozac oh. 1208969713 M * Bertl but I still think that's no problem here 1208969736 M * Bertl because if we consequently mask the bcaps, that will be pretty orthogonal 1208969742 M * daniel_hozac indeed. 1208969761 M * Bertl so I removed cap_bset from the vx_info in 2.6.25-x 1208969778 M * Bertl but it seems that the bcaps are not in place atm 1208969797 M * Bertl previously the cap_bset what inherited from the process 1208969825 J * _gh_ ~gerrit@client-239-145.events.shownets.net 1208969834 M * Bertl *was 1208969954 J * docelic ~docelic@78.134.199.7 1208970003 N * Guest1397 Genghis 1208970037 N * Genghis Guest1408 1208970586 M * Bertl daniel_hozac: what is vc_get_task_xid()? 1208970981 J * jsambrook ~jsambrook@aelfric.plus.com 1208971355 Q * quasisane Remote host closed the connection 1208971497 M * daniel_hozac VCMD_task_xid 1208971530 M * Bertl ah, okay, so the _get_ was just added to confuse me :) 1208971543 M * daniel_hozac yes :) 1208971547 M * Bertl what I mean is, no special wrapper or so, yes? 1208971553 M * daniel_hozac nope. 1208971558 M * Bertl okay, tx 1208972023 N * DoberMann DoberMann[PullA] 1208972037 A * infowolfe recognizes that function 1208972067 M * Bertl daniel_hozac: why does 'chcontext --secure' call VCMD_46_1, but 'chcontext' doesn't? 1208972079 M * daniel_hozac which one is that? 1208972106 M * Bertl ah, no, please disregard this 1208972120 M * daniel_hozac ah, task_xid. 1208972124 M * Bertl I just missed it in the other dump 1208972124 M * infowolfe daniel_hozac, > save_ctxinfo: vc_get_task_xid(): Function not implemented 1208972153 M * Bertl but an interesting detail is the call sequence ... 1208972166 M * Bertl sec, let me upload something ... 1208972194 M * Bertl http://paste.linux-vserver.org/12046 1208972221 M * Bertl the first one is without --secure, note that the VCMD_52_2 is after the second VCMD_46_1 1208972260 M * Bertl not related to the problem, but makes me wonder ... 1208972438 M * daniel_hozac are 64-bit capabilities in 2.6.25? 1208972454 M * Bertl yes, Nx32 bit capabilities to be precise 1208972460 M * daniel_hozac right. 1208972522 J * Infinito ~argos@200-140-61-213.gnace701.dsl.brasiltelecom.net.br 1208972538 M * Bertl it seems we are dropping CAP_CONTEXT early here 1208972562 M * daniel_hozac i don't really understand how this worked in the past. 1208972584 M * Bertl simple, because the cap masking was not active at this time 1208972598 M * daniel_hozac oh, of course. 1208972608 M * daniel_hozac cap masking depends on !SETUP 1208972622 M * daniel_hozac so, why is it active now? :) 1208972638 M * Bertl hmm ... lemme check .. 1208972650 J * quasisane ~sanep@c-75-68-59-175.hsd1.nh.comcast.net 1208972707 Q * Infinito 1208972877 M * Bertl daniel_hozac: hmm, the sequence seems to drop the setup flag first, no? 1208972904 M * daniel_hozac nah, the setup flag isn't dropped until the very last thing. save_ctxinfo is way before that. 1208972918 M * Bertl (I suppose the VCMD_52_2 removes the setup, and the VCMD_46_1 hits it) 1208972957 M * Bertl will try to proof this ... 1208972962 M * daniel_hozac that's probably just setting the default flags. 1208972976 M * daniel_hozac (and with --secure, all of those) 1208973071 M * Bertl okay, let's assume the bcap set has an unwanted sideeffect (which I presume) then the 'harmless' flag setting would remove CAP_CONTEXT, but not harm the setup flags, yes? 1208973083 M * Bertl nevertheless, that would explain the observed effect, no? 1208973158 M * Bertl and I think I already know where the problem is ... 1208973163 J * hparker ~hparker@linux.homershut.net 1208973182 M * daniel_hozac oh? 1208973209 M * Bertl I introduced the caps_from_cap_t and cap_t_from_caps to handle the u64 interface we already have 1208973235 M * daniel_hozac ah. 1208973282 Q * _gh_ Ping timeout: 480 seconds 1208973317 N * virtuoso_ virtuoso 1208973438 Q * jsambrook Quit: Leaving. 1208973474 J * jsambrook ~jsambrook@aelfric.plus.com 1208973582 M * Bertl yep, seems I messed up there :) 1208973649 M * daniel_hozac wrong order, or what? 1208973684 M * Bertl no, I can't count :) 0xFFFF ~ 32bit :) 1208973697 M * daniel_hozac lol. i didn't even think of that. 1208973726 N * Guest1408 Genghis 1208973757 N * Genghis Guest1414 1208973848 N * Guest1414 Genghis- 1208974526 N * DoberMann[PullA] DoberMann 1208974802 M * Bertl daniel_hozac: hmm, yeah, we have a 'problem' :) 1208974858 M * Bertl how is the bmask in VCMD_52_10 defined from the tool side? 1208974940 M * daniel_hozac uint_least64_t 1208974954 M * Bertl ah, nevermind, another bug on my side ... 1208975424 J * mess-mate ~chatzilla@ALille-254-1-55-184.w86-196.abo.wanadoo.fr 1208975424 M * mess-mate EVENING 1208975424 M * mess-mate I've compiled util-vserver and looks good. But has installed a guest with prvious debian/util-vserver 1208975424 M * mess-mate So, seems the teh emplacement and tge config files are not the same. 1208975424 M * mess-mate Could i move something ? 1208975424 M * daniel_hozac did you configure the utils the same way they were configured before? 1208975424 M * mess-mate I prefer the installation of the files of util-vserver in /usr/local. 1208975438 M * Bertl okay, first, make sure you uninstalled all of the original (debian) utils 1208975456 M * mess-mate There was no configuration but the install of the vserver guests. Vservers dir => /vservers in the root dir. 1208975469 M * Bertl second, by default, the pathes for the guests are different (/var/lib/vservers vs /vservers) 1208975498 M * Bertl you can adjust that at compile time or in the /etc/vservers/.defaults 1208975508 M * Bertl (vdirbase, IIRC) 1208975531 M * daniel_hozac note that the default configuration path is /usr/local/etc when you build it yourself. 1208975622 M * mess-mate The config path of debian is /etc and i was afraid to remove them, an existing guest config is there. 1208975673 M * mess-mate Now it seems to be in /usr/local/etc and it's not the same. 1208975823 M * daniel_hozac so why don't you change that? 1208975884 M * mess-mate Because there is so many to change... and it seems very complicated the files are on so many places after the compile. 1208975948 M * mess-mate I compiled with the defaults, it's always the best method to refind yourself.. 1208975972 M * daniel_hozac ./configure --sysconfdir=/etc 1208975984 M * daniel_hozac (and probably --with-vrootdir=/var/lib/vservers) 1208976061 M * mess-mate i'll try it to see 1208976161 M * mess-mate Waw, an uninstall don't deinstall everything 1208976179 M * mess-mate So do it manual 1208976286 M * daniel_hozac dpkg --purge 1208976306 M * mess-mate Was purged of course :) 1208976314 M * mess-mate Deleted manually 1208976334 M * mess-mate I'll take a look at the ./configure options. 1208976577 J * Q_ ~kurt@d54C3F9BC.access.telenet.be 1208976600 M * Bertl welcome Q_! 1208976709 M * Q_ Are there any plans to have a new version that works with more recent versions of the kernel? 1208976711 M * mess-mate There is a sysconfigdir = ok, but no vrootdir; can itme changed manually after the install ? 1208976721 M * Bertl Q_: like the one for 2.6.25? 1208976726 M * mess-mate itm =it be 1208976795 M * daniel_hozac mess-mate: ./configure --help says: 1208976797 M * daniel_hozac mess-mate: --with-vrootdir=DIR place vservers under DIR (default: /vservers) 1208976817 M * Q_ Bertl: Yes, like one for 2.6.25. The latest still seems to be for 2.6.22. 1208976871 M * mess-mate danie_hozac: yes don't shoot me :) 1208976887 M * mess-mate ok let's go and see 1208976895 M * daniel_hozac Q_: http://vserver.13thfloor.at/Experimental/ says there are patches for 2.6.24 and 2.6.25... 1208976990 M * Q_ daniel_hozac: But those aren't stable (v2.2) patches. 1208977001 M * daniel_hozac because there's no way they are stable. 1208977026 M * Bertl Q_: stable means 'stable' i.e. well tested and such 1208977046 M * Q_ Bertl: Like says something one would like to use on a server? 1208977070 M * daniel_hozac 2.6.24 and 2.6.25 aren't ready by a long shot. 1208977074 M * Bertl well, on a _server_ I'd use 2.6.22.19+ 1208977096 M * Bertl Q_: OTOH, testing on 2.6.25 is appreciated :) 1208977299 M * Q_ So, let me rephrase a little: Are there any plans to have a stable (v2.2) version for kernels 2.6.24 or newer? 1208977309 M * Bertl yes, definitely 1208977325 M * infowolfe Bertl, does this mean there's a newer 2.6.25 patch? 1208977329 M * daniel_hozac not yet. 1208977332 M * infowolfe kk 1208977334 M * Bertl infowolfe: there will be shortly 1208977340 M * infowolfe sweet :) 1208977384 N * Genghis- Genghis 1208977417 N * Genghis Guest1419 1208977470 M * Q_ Bertl: Any idea if someone is working on that or when it could be available? 1208977491 M * daniel_hozac Bertl is the one working on it... 1208977508 M * Bertl and it's done when it's done :) 1208977541 M * Bertl Q_: if you want to speed up the process, feel free to contribute with time for testing/coding or money 1208977638 M * Q_ Bertl: I can wait, and have plenty of other things to do myself. It's just that Debian currently doesn't ship any kernels with vserver anymore because there isn't a patch available. 1208977677 M * Q_ In testing/unstable that is. 1208977679 M * Bertl well, debian was/is shipping the old kernels for ages .. no need to hurry now :) 1208977714 M * Bertl put the devel branch in testing/unstable .. that would be an appropriate choice 1208977897 M * Q_ Bertl: That would depend on how "experimental" that devel branch is. Things uploaded to unstable are supposed to be ready for the next stable release. 1208977921 M * Bertl usually (not atm) the devel branch is quite ready for production 1208977942 M * Bertl you might aks around, quite a number of folks use it in production for some time now 1208978218 M * infowolfe Q_, Bertl's patches are usually the least buggy portion of the kernel ;) 1208978235 M * infowolfe and have been for years now 1208978846 J * doener ~doener@i577AF369.versanet.de 1208978953 Q * doener_ Ping timeout: 480 seconds 1208979064 J * Infinito ~argos@200-140-61-213.gnace701.dsl.brasiltelecom.net.br 1208979197 Q * Infinito 1208979750 J * Infinito ~argos@200-140-61-213.gnace701.dsl.brasiltelecom.net.br 1208979756 Q * Infinito 1208979807 Q * jsambrook Quit: Leaving. 1208979843 J * jsambrook ~jsambrook@aelfric.plus.com 1208980585 J * dna ~dna@25-210-dsl.kielnet.net 1208980943 Q * dna Quit: Verlassend 1208981023 N * Guest1419 Genghis- 1208981041 N * Genghis- Genghis 1208981078 N * Genghis Guest1428 1208981130 N * Guest1428 Genghis 1208981952 J * camgirl29 ~camgirl29@d033.dhcp212-198-248.noos.fr 1208982083 Q * camgirl29 1208982251 P * mess-mate I'm not here right now. 1208983227 Q * docelic Quit: http://www.spinlocksolutions.com/ 1208984056 J * _er ~sapan@aegis.CS.Princeton.EDU 1208984070 M * _er hi all 1208984095 Q * FireEgl Ping timeout: 480 seconds 1208984509 Q * larsivi Quit: Konversation terminated! 1208984633 J * FireEgl FireEgl@2001:5c0:84dc:1:4:ff:fe00:2 1208984870 M * Bertl daniel_hozac: is there any case you can imagine where we need the 'capabilities not masked' while in setup, except for CAP_CONTEXT? 1208984912 M * daniel_hozac don't we need CAP_SYS_RESOURCE/CAP_SYS_ADMIN for some of the vserver syscalls too? 1208984971 M * Bertl yes, but we check those in switch.c 1208984995 M * Bertl I'm talking about stuff outside of Linux-VServer syscall (commands) 1208985053 M * daniel_hozac no, i think that's it. 1208985082 M * Bertl okay, then we override this in the syscall, and remove the check from the capability tests 1208985267 Q * bonbons Quit: Leaving 1208985378 M * daniel_hozac hmm. vsysctl might need some capabilities. 1208985437 M * Bertl okay, so we need to check anyways? 1208985444 M * Bertl np with that, just want to know 1208985495 M * daniel_hozac yeah, i think so. 1208985506 M * daniel_hozac it seems like the path of least resistance. 1208985601 N * DoberMann DoberMann[ZZZzzz] 1208985897 J * _gh_ ~gerrit@67.99.198.2 1208986059 Q * FireEgl Read error: Connection reset by peer 1208986482 M * PowerKe How can I write to /tmp in a guest from the host (/tmp being a tmpfs only visible in the guest)? 1208986503 M * Bertl by entering the namespace of the guest 1208986544 M * PowerKe If I want to do iptables -vL > /tmp how do I do that? (iptables running on the host and /tmp being in the guest?) 1208986576 M * daniel_hozac vnamespace -e bash -c 'iptables -vL > /tmp/file' 1208986590 M * daniel_hozac or, no. /vservers//tmp, of course. 1208986726 M * PowerKe Thanks, works like a charm 1208986754 M * Bertl hmm .. trying to narrow the vc_get_task_xid() down (after fixing quite a number of breakages :), I have arrived at this: 1208986772 M * Bertl [ 9.055011] do_set_caps( 344c05ff, ffffffffffffffff, 0, 0) 1208986839 M * Bertl this means, that the CAP_CONTEXT is dropped there (because of the mask) 1208986855 M * daniel_hozac as it should be. 1208986913 M * Bertl well, the problem is, that they are also dropped from the cap_bset of the process :) 1208986942 M * Bertl (at least it seems so to me) 1208986964 M * daniel_hozac hmm? what's doing that? 1208986981 M * daniel_hozac (i'll admit i haven't looked at the 2.6.25 patch yet) 1208986991 M * Bertl let me check a little more, I should know it shortly 1208987059 M * daniel_hozac shouldn't we set CAP_CONTEXT to 63, btw? 1208987065 J * FireEgl FireEgl@2001:5c0:84dc:1:4:ff:fe00:2 1208987078 M * Bertl well, it's 34 atm, so that should be fine 1208987096 M * Bertl but yeah, might make sense to raise it up to 63 1208987103 M * daniel_hozac i just meant as future-proofing, i assume 34 is going to be used soon. 1208987131 M * daniel_hozac not that CAP_CONTEXT is used too often, but the utils needs to know which it is so it can be removed. 1208987155 M * Bertl aha? how does that work right now in my testing? 1208987185 M * daniel_hozac something must be dropping it to 32-bit. 1208987256 M * Bertl [ 9.075011] vxD: ffff810003a16300: vc: VCMD_46_1[0], 0,0000000000000000 [1,2,0,0] 1208987259 M * Bertl [ 9.075011] cap_capable() VXF_STATE_SETUP = 100000000, raised = 0 1208987294 M * Bertl http://paste.linux-vserver.org/12047 1208987371 M * daniel_hozac that's good, right? 1208987394 M * daniel_hozac or, expected at least. 1208987395 M * Bertl well, no, as we are looking for the 'raised' capability there 1208987463 M * Bertl and as it isn't raised (in the cap_effective set of the process) 1208987497 M * Bertl the syscall bails out with Function not implemented 1208987521 M * daniel_hozac ah right, just cap_raised, not capable... 1208987597 M * daniel_hozac so what's messing with the task's capabilities? 1208987637 M * daniel_hozac and why can't we just not mask capabilities if SETUP is set anymore? 1208987658 M * Bertl we are doing that in my tree, unfortunately doesn't help 1208987681 M * Bertl because CAP_CONTEXT is gone from cap_effective at this point 1208987686 M * Bertl (for whatever reason) 1208987687 M * daniel_hozac what bits _are_ set in cap_effective? 1208987701 M * Bertl good question ... 1208987707 M * daniel_hozac (i just want to make sure it's not some user namespace side-effect that means root doesn't have all the capabilities) 1208987826 M * Bertl [ 8.663304] cap_capable() VXF_STATE_SETUP = 100000000, raised = 0, eff = 00000000:344c04ff 1208987854 M * Bertl http://paste.linux-vserver.org/12048 1208987912 M * daniel_hozac so the task's cap_bset is affected by changing the context's capabilities? 1208987990 M * Bertl looks like ... not sure though ... because the checks are fine before that call 1208988054 M * Bertl I would expect one of the cap_capable() right before that to show dropped caps 1208988078 M * daniel_hozac oh, i see. 1208988079 M * Bertl to me it looks like the caps are dropped somewhere inbetween 1208988086 M * daniel_hozac yeah, on exec. 1208988096 M * daniel_hozac cap_bprm_apply_creds 1208988106 M * Bertl right 1208988129 M * daniel_hozac do we really want to apply the context's capabilities there? don't we want to mask the capabilities on capable()? 1208988141 M * daniel_hozac (thus making it transparent to bind...) 1208988144 M * Bertl yep 1208988172 M * daniel_hozac so i think we need to revert that hunk. 1208988194 M * Bertl yeah, I'll do that, thanks! 1208988243 M * daniel_hozac np. 1208988249 J * marcfiu ~mef@aegis.CS.Princeton.EDU 1208988256 M * marcfiu hi 1208988270 M * daniel_hozac hey marc. 1208988279 M * marcfiu My colleague Andy B. may have a bug in the vserver cpu scheduler. 1208988292 M * Bertl introduced or found? 1208988301 M * marcfiu good question. :) 1208988314 M * marcfiu here is what we are seeing... 1208988326 M * marcfiu there is the following code block in schedule(){ 1208988353 M * marcfiu ... where is the cut-n-paste website again? 1208988370 M * daniel_hozac paste.linux-vserver.org 1208988399 M * marcfiu http://paste.linux-vserver.org/12049 1208988444 M * marcfiu what we are seeing what appears to be an infinite loop because vx_try_skip() returns 1 (true) but vx_try_unhold() does not actually "unhold" any tasks. 1208988505 M * marcfiu http://paste.linux-vserver.org/12050 1208988528 M * marcfiu vx_try_unhold() has a test for "if (list_empty(&rq->hold_queue)) return;" 1208988549 M * Bertl correct, nothing on the hold_queue, nothing to unhold 1208988558 M * marcfiu http://paste.linux-vserver.org/12051 1208988580 M * marcfiu and vx_try_skip() returns true 1208988597 M * marcfiu oddly enough we are not seeing the vxdprintk(list_empty(&rq->hold_queue),"hold queue empty on cpu %d", cpu); 1208988604 M * marcfiu in vx_try_skip() on the console 1208988623 M * daniel_hozac that's because debugging isn't enabled in the kernel :) 1208988626 M * marcfiu which we believe is either 'cause we don't have vserver debugging turned on 1208988628 M * marcfiu ok 1208988630 M * marcfiu daniel_hozac: thanks 1208988636 M * marcfiu so the question is 1208988665 Q * mick_work Remote host closed the connection 1208988693 M * daniel_hozac did anyone get around to testing a kernel without Andy's patch? 1208988699 M * marcfiu daniel_hozac: nope 1208988707 M * marcfiu so it could well that he introduced the bug. 1208988712 M * daniel_hozac (https://svn.planet-lab.org/browser/linux-2.6/trunk/linux-2.6-210-vserver-cpu-sched.patch being the patch in question) 1208988726 M * Bertl so maybe do that, and enable debugging in this step too? 1208988778 M * marcfiu ok... I'll talk to Andy about this tomorrow 1208988781 M * marcfiu time to head home. 1208988782 M * marcfiu cheers 1208988806 M * Bertl cya! 1208988811 P * marcfiu 1208988916 M * Bertl daniel_hozac: what do you think about this one? http://paste.linux-vserver.org/12052 1208989022 J * mire ~mire@148-169-222-85.adsl.verat.net 1208989076 M * daniel_hozac looks good, that's what we have in the older kernels, right? 1208989117 M * Bertl yes, but why? 1208989146 M * Bertl I mean, why should we disable the cap masking there? 1208989215 M * Bertl hmm, maybe I'm just confused by the cap stuff atm :) 1208989225 M * daniel_hozac oh, so root in a guest can open a tun device belonging to a user. 1208989241 M * daniel_hozac (if the tun belongs to the guest, that is) 1208989288 M * daniel_hozac i suppose it's not imperative that we keep it, it just seemed sane at the time :) 1208989543 M * Bertl okay, seems we are fine now with the cap stuff ... 1208989648 M * Bertl infowolfe: still around? 1208989656 M * infowolfe Bertl, yes i am 1208989665 M * Bertl okay, expect a new version in a minute 1208989756 M * infowolfe thank you 1208989819 M * Bertl http://vserver.13thfloor.at/Experimental/patch-2.6.25-vs2.3.0.34.5.diff 1208989822 M * Bertl you're welcome! 1208989947 M * daniel_hozac why did you revert jffs2? 1208989970 M * Bertl because there is no point in worring about it atm 1208989987 M * Bertl i.e. nobody uses tagging on jffs2 :) 1208990031 M * daniel_hozac and SO_PEERTAG? 1208990067 M * Bertl I plan to re-use SO_MARK for this functionality 1208990083 M * Bertl (again, nobody uses it atm) 1208990233 M * daniel_hozac in uids_sysfs_init, what made you go with NULL this time? 1208990251 M * Bertl just wanted to try it :) 1208990262 M * daniel_hozac heh, okay. 1208990318 J * Aiken ~james@ppp121-45-247-4.lns2.bne4.internode.on.net 1208990331 M * Bertl welcome Aiken! 1208990348 M * Aiken thanks :) 1208991856 M * infowolfe Bertl, worksforme 1208991943 M * Bertl excellent! keep me updated! 1208992321 Q * bfremon Quit: Leaving. 1208992871 M * infowolfe Bertl, if it works, hopefully you won't hear from me for a while 1208992898 M * infowolfe at least until we figure out why 2.6.25 is being stupid with scheduling (instead of combining writes, it's queueing up a pissload of them individually) 1208992908 M * Bertl well, positive feedback is appreciated too :) 1208993494 M * daniel_hozac are the initpid issues fixed? 1208993520 M * Bertl didn't check yet, do we have a good test for it? 1208993538 M * daniel_hozac a guest with plain init + ls -l /proc should trigger the bug. 1208993567 M * Bertl I'll install the kernel on the priceton machine, you can test then, okay? 1208993585 M * daniel_hozac okay. 1208993720 M * dtbartle latest patch works here too 1208993759 M * Bertl good to hear! 1208994892 J * ryker_ ~ryker@76.16.114.60 1208994892 Q * ryker Read error: Connection reset by peer 1208995069 M * infowolfe daniel_hozac, what's 'plain init' ?