1209686417 M * Bertl okay, off to bed now ... have a good one everyone! 1209686422 N * Bertl Bertl_zZ 1209686513 Q * dowdle Remote host closed the connection 1209687886 N * Guest2644 Genghis 1209687918 N * Genghis Guest2648 1209687981 Q * quasisane Quit: ERC Version 5.3 (IRC client for Emacs) 1209689879 Q * FireEgl Quit: Leaving... 1209690123 Q * Piet Quit: Piet 1209691547 N * Guest2648 Genghis 1209691578 N * Genghis Guest2657 1209692849 J * wibble_ wibble@vortex.ukshells.co.uk 1209692849 Q * wibble Read error: Connection reset by peer 1209694404 Q * hparker Quit: Read error: 104 (Peer reset by connection) 1209694424 J * dowdle ~dowdle@71-221-12-64.blng.qwest.net 1209695218 N * Guest2657 Genghis 1209695255 N * Genghis Guest2663 1209698875 N * Guest2663 Genghis 1209698915 N * Genghis Guest2675 1209701052 Q * dowdle Remote host closed the connection 1209701069 Q * larsivi Ping timeout: 480 seconds 1209702162 J * balbir ~balbir@122.167.223.223 1209702536 N * Guest2675 Genghis 1209702574 N * Genghis Guest2683 1209704475 J * JonB ~NoSuchUse@0x573501a3.kjnxx10.adsl-dhcp.tele.dk 1209704830 J * esa bip@ip-87-238-2-45.static.adsl.cheapnet.it 1209704846 Q * esa` Ping timeout: 480 seconds 1209706006 Q * virtuoso Ping timeout: 480 seconds 1209706198 N * Guest2683 Genghis 1209706234 N * Genghis Guest2687 1209707193 Q * infowolfe Read error: Connection reset by peer 1209707202 J * infowolfe ~infowolfe@c-67-160-167-96.hsd1.or.comcast.net 1209707794 J * FireEgl FireEgl@adsl-61-147-191.bhm.bellsouth.net 1209708152 Q * balbir Ping timeout: 480 seconds 1209708370 J * Slydder ~chuck@194.59.17.53 1209708370 J * quasisane ~sanep@c-75-68-59-175.hsd1.nh.comcast.net 1209708402 M * Slydder morning all 1209708433 M * JonB hi 1209708439 M * Mark17 morning Slydder 1209709388 Q * JonB Quit: This computer has gone to sleep 1209709857 N * Guest2687 Genghis 1209709894 N * Genghis Guest2691 1209710008 J * virtuoso ~s0t0na@ppp92-101-3-65.pppoe.avangarddsl.ru 1209710532 J * JonB ~NoSuchUse@0x573501a3.kjnxx10.adsl-dhcp.tele.dk 1209710686 J * aj__ ~aj@e180221239.adsl.alicedsl.de 1209710703 J * balbir ~balbir@59.145.136.1 1209710821 Q * mire Ping timeout: 480 seconds 1209711326 J * pisco ~pisco@tor.noreply.org 1209712205 Q * pisco Quit: leaving 1209713519 N * Guest2691 Genghis 1209713554 N * Genghis Guest2698 1209713676 Q * aj__ Ping timeout: 480 seconds 1209714119 Q * tobifix_ Quit: Leaving 1209714307 Q * AndrewLee Remote host closed the connection 1209714309 J * AndrewLee ~andrew@flat.iis.sinica.edu.tw 1209714918 J * doener ~doener@i577B81D4.versanet.de 1209715281 M * nkukard darn ... i don't spose there will be a patch for 2.6.24 soon? ... got a network card driver i need in that release 1209715350 J * yarihm ~yarihm@whitehead2.nine.ch 1209715636 Q * virtuoso Ping timeout: 480 seconds 1209715919 Q * AndrewLee Quit: leaving 1209716272 J * AndrewLee ~andrew@flat.iis.sinica.edu.tw 1209717054 M * Slydder http://www.linearpublishing.com/RhinoStory.html 1209717175 N * Guest2698 Genghis 1209717214 N * Genghis Guest2702 1209717737 J * ddub ~ddub@213.219.163.165.adsl.dyn.edpnet.net 1209718040 J * virtuoso ~s0t0na@ppp92-101-20-85.pppoe.avangarddsl.ru 1209719182 Q * balbir Ping timeout: 480 seconds 1209720102 J * balbir ~balbir@59.145.136.1 1209720493 Q * virtuoso Ping timeout: 480 seconds 1209720839 N * Guest2702 Genghis 1209720874 N * Genghis Guest2706 1209721259 N * Bertl_zZ Bertl_oO 1209722622 M * ddub Hello all 1209722628 M * ddub Sorry for that stupid question, but i'm not sure on how to do it properly 1209722636 M * ddub I would like to keep all guest logs into the host. syslog-ng forwards everything to the host, but for programs like apache who log directly in /var/log? 1209722655 J * _Keks_ ~keks@80.64.184.134 1209722665 M * _Keks_ hi 1209722745 M * mjt ddub: you can bind-mount certain dirs from host to guests 1209722801 M * ddub thanks mjt 1209722804 M * mjt so that, say, /var/log/apache on guest will be /var/log/apache on host 1209722991 Q * balbir Ping timeout: 480 seconds 1209723463 J * balbir ~balbir@59.145.136.1 1209723664 M * Bertl_oO ddub: sharing log dirs is not a so good idea ... 1209723709 M * Bertl_oO ddub: probably the best way is to rsync the log files when they are rotated (or shortly after) 1209723714 M * Bertl_oO ddub: but there is probably a way to make apache log over network too 1209723841 M * Bertl_oO http://www.oreillynet.com/pub/a/sysadmin/2006/10/12/httpd-syslog.html 1209724497 N * Guest2706 Genghis 1209724534 N * Genghis Guest2712 1209724592 M * _Keks_ good morning Bertl_oO 1209724592 M * ddub Bertl: Thanks a lot! 1209724683 M * _Keks_ do you know anything about vserver stop kills the host too? 1209724744 Q * Aiken Quit: Leaving 1209724821 M * _Keks_ brb, check the console for any error messages 1209725094 N * Guest2712 Genghis- 1209725202 M * _Keks_ the last message i see is: "will now restart" 1209725247 M * _Keks_ after that the cursor stops blinking 1209725407 Q * bXi Remote host closed the connection 1209725409 J * bXi bluepunk@irssi.co.uk 1209725880 Q * JonB Quit: This computer has gone to sleep 1209726500 M * Bertl_oO _Keks_: no, vserver - stop will not kill the host, unless the kernel isolation is broken 1209726539 M * Bertl_oO _Keks_: or you explicitely allowed the guest to reset/reboot the host (Which I think isn't even possible anymore) 1209726952 J * JonB ~NoSuchUse@0x573501a3.kjnxx10.adsl-dhcp.tele.dk 1209727481 M * yarihm Bertl_oO, did you make any progress with the "fair swapping"-Project? I'm sorry to always come up with this on friday, but that's actually the day I'm working on this :) 1209727491 M * yarihm or, at least, should be working on this 1209727660 M * mjt hmm Why sharing log isn't good idea? 1209727675 M * mjt Bertl_oO: you made me curious... ;) 1209727716 M * mjt it really depends on how it's done. Sure I wont let different guests write into the same directory (or make it visible to different guests) 1209727736 M * mjt yes one guess can fill up the log dir (if no quota mechanism is in place) 1209727741 M * mjt s/guess/guest/ 1209727765 M * mjt but it's still not a reaon to not place all logs into the same place... 1209727843 J * virtuoso ~s0t0na@ppp92-101-30-95.pppoe.avangarddsl.ru 1209728155 N * Genghis- Genghis 1209728194 N * Genghis Guest2717 1209728331 M * _Keks_ is there a way to check kernel isolation is intact? 1209728701 J * larsivi ~larsivi@static216-54.adsl.no 1209728738 Q * JonB Quit: This computer has gone to sleep 1209729743 Q * bzed Remote host closed the connection 1209729750 J * bzed ~bzed@devel.recluse.de 1209731819 N * Guest2717 Genghis 1209731854 N * Genghis Guest2722 1209732193 N * Bertl_oO Bert 1209732195 N * Bert Bertl 1209732226 M * Bertl yarihm: yep, I have a fairly good idea now how this can be done and I will start a prototype implementation today or tomorrow 1209732271 M * Bertl mjt: well, first, putting the logs into the same place might allow different guests to peek into the other logs (unless you have them on a tagged filesystem) 1209732482 M * yarihm ok 1209732578 M * Bertl mjt: also a shared and writeable partitin increases the chance for cross guest attacks and exploits 1209732584 M * Bertl *partition 1209732614 M * Bertl mjt: a secure setup is if you --bind mount the guest partitions read-only somewhere in the host 1209732826 M * mjt well, that will work too\ 1209733202 J * hparker ~hparker@linux.homershut.net 1209733839 P * _Keks_ Kopete 0.12.7 : http://kopete.kde.org 1209733909 M * Bertl daniel_hozac: I'm missing a context check in netlink_seq_next(), is that a new bug or a known issue? 1209734039 Q * ard6 Ping timeout: 480 seconds 1209734333 J * mire ~mire@140-173-222-85.adsl.verat.net 1209735477 N * Guest2722 Genghis 1209735514 N * Genghis Guest2729 1209735946 Q * mire Ping timeout: 480 seconds 1209736199 J * Piet ~piet@tor.noreply.org 1209736201 J * JonB ~NoSuchUse@0x573501a3.kjnxx10.adsl-dhcp.tele.dk 1209736207 Q * Slydder Quit: Leaving. 1209737599 Q * JonB Ping timeout: 480 seconds 1209737878 J * JonB ~NoSuchUse@0x573501a3.kjnxx10.adsl-dhcp.tele.dk 1209738378 Q * balbir Ping timeout: 480 seconds 1209738668 J * mrfree ~mrfree@host197-183-dynamic.19-79-r.retail.telecomitalia.it 1209738791 Q * JonB Quit: This computer has gone to sleep 1209739135 N * Guest2729 Genghis 1209739174 N * Genghis Guest2739 1209739273 Q * mrfree Quit: Leaving 1209740434 J * dowdle ~dowdle@scott.coe.montana.edu 1209740734 Q * dtbartle Ping timeout: 480 seconds 1209740734 Q * mspang Ping timeout: 480 seconds 1209740956 Q * ensc Ping timeout: 480 seconds 1209741180 Q * brag Ping timeout: 480 seconds 1209742798 N * Guest2739 Genghis 1209742817 J * JonB ~NoSuchUse@0x573501a3.kjnxx10.adsl-dhcp.tele.dk 1209742835 N * Genghis Guest2748 1209744075 Q * yarihm Quit: Leaving 1209746457 N * Guest2748 Genghis 1209746494 N * Genghis Guest2754 1209746824 J * [d]dub ~ddub@213.219.163.165.adsl.dyn.edpnet.net 1209747031 Q * ddub Ping timeout: 480 seconds 1209747772 J * pmenier ~pmenier@ACaen-152-1-38-14.w83-115.abo.wanadoo.fr 1209748281 Q * larsivi Ping timeout: 480 seconds 1209748317 J * mspang mspang@artificial-flavours.csclub.uwaterloo.ca 1209748773 J * ensc ~irc-ensc@77.235.182.26 1209748986 J * larsivi ~larsivi@static216-54.adsl.no 1209749500 Q * JonB Quit: This computer has gone to sleep 1209750117 N * Guest2754 Genghis 1209750154 N * Genghis Guest2763 1209751446 J * ktwilight ~ktwilight@213.67-66-87.adsl-dyn.isp.belgacom.be 1209751719 Q * ktwilight_ Ping timeout: 480 seconds 1209752465 J * JonB ~NoSuchUse@0x573501a3.kjnxx10.adsl-dhcp.tele.dk 1209753779 N * Guest2763 Genghis 1209753814 N * Genghis Guest2773 1209753839 Q * virtuoso Ping timeout: 480 seconds 1209754908 Q * kumi Ping timeout: 480 seconds 1209756287 Q * doener Read error: Connection reset by peer 1209756482 J * doener ~doener@i577AC8CF.versanet.de 1209757439 N * Guest2773 Genghis 1209757474 N * Genghis Guest2782 1209758000 Q * JonB Quit: This computer has gone to sleep 1209758163 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1209758174 J * JonB ~NoSuchUse@0x573501a3.kjnxx10.adsl-dhcp.tele.dk 1209758182 Q * JonB 1209758457 J * fatgoose_ ~samuel@76-10-149-199.dsl.teksavvy.com 1209758457 Q * fatgoose Read error: Connection reset by peer 1209759209 J * mire ~mire@140-173-222-85.adsl.verat.net 1209759767 J * JonB ~NoSuchUse@0x573501a3.kjnxx10.adsl-dhcp.tele.dk 1209760379 J * Beuc ~yo@82.238.35.175 1209760391 M * Bertl welcome Beuc! 1209760406 M * Beuc Hi 1209760654 J * Medivh ck@dolphin.serverbox.de 1209760871 Q * JonB Quit: This computer has gone to sleep 1209761088 M * daniel_hozac Bertl: hmm, that's news to me. how do you exploit it? 1209761097 N * Guest2782 Genghis 1209761124 M * Bertl daniel_hozac: not at all, just stumbled over it when checking the code (for the last fix) 1209761134 N * Genghis Guest2789 1209761154 M * daniel_hozac well, the missing check should mean that you can somehow see sockets not beloning to you, right? 1209761186 M * daniel_hozac oh i see. /proc/net/netlink. 1209761326 J * mrfree ~mrfree@host197-183-dynamic.19-79-r.retail.telecomitalia.it 1209761813 J * Aiken ~james@ppp118-208-54-233.lns4.bne1.internode.on.net 1209761945 Q * mick_work Remote host closed the connection 1209762106 J * docelic ~docelic@78.134.196.122 1209762154 Q * mire Ping timeout: 480 seconds 1209763309 Q * bonbons Quit: Leaving 1209763469 M * daniel_hozac Bertl: i've been looking at the pid space... if we make it mandatory, we can eliminate vx_reaper. this means, however, that we need to get the pid space setup in __alloc_vx_info. sound okay? 1209763527 M * Bertl yep, sounds good so far ... 1209763561 M * daniel_hozac i'd also like to cut down on the amount of dereferences we need to get to the spaces in the vxi, how do you feel about a struct nsproxy vx_nsproxy? 1209763612 M * daniel_hozac (t->vx_info->nsproxy->pid_ns->...) 1209763625 M * Bertl hmm, no problem with that, but double check that we do not mess up the nsproxy functions 1209763638 M * Bertl i.e. free up part of the vx_info accidentially and such 1209763642 Q * mrfree Quit: Leaving 1209763644 M * daniel_hozac right. 1209763680 M * daniel_hozac do you think vc_ctx_migrate should enter the pid space? 1209763688 M * daniel_hozac or should we leave that to vc_enter_space? 1209763753 M * Bertl I'd prefer to keep it for the spaces, but I guess we have to do that on the migrate, otherwise we will break compatibility 1209763894 M * daniel_hozac right. 1209763903 M * daniel_hozac on the other hand, we could leave that up to the utils. 1209763927 M * Bertl that is something you have to decide :) 1209763955 M * Bertl I'm fine if it works with recent utils (given that they are available) 1209763971 M * daniel_hozac hehe 1209764146 M * daniel_hozac another issue is that /proc gets the pid namespace when you mount it. 1209764170 M * Bertl which means we need to do the proc mount inside the context, so? 1209764203 M * Bertl (no problem with /proc not bein accurate on the host here ) 1209764229 M * Bertl we need to update the test scripts though, and I'd suggest to up the API 1209764241 M * Bertl (version that is) 1209764242 M * daniel_hozac well, chcontext --xid 42 -- kill will not really work. 1209764302 M * Bertl hmm, do we care? there is vkill? 1209764306 M * daniel_hozac i suppose we still want to hide processes from guests on the host? 1209764324 M * daniel_hozac right, that's what i was getting at. we don't care, right? 1209764394 M * Bertl well, personally I don't care, but non mainline scripts might (no problem to break them though) 1209764425 M * daniel_hozac heh 1209764718 M * daniel_hozac which pids should vkill operate on? 1209764748 M * daniel_hozac the init_pid_ns pid, the vxi->nsproxy->pid_ns pid, or both? 1209764754 N * Guest2789 Genghis 1209764757 M * Bertl that's a good one, which brings us to the question, what shall the spectator context show in the future ... 1209764794 N * Genghis Guest2792 1209764808 M * daniel_hozac the init_pid_ns seems like our only choice. 1209764811 M * Bertl but I guess we leave that open till we know where mainline is heading ... for now, we use the pid inside the guest 1209765035 M * daniel_hozac well, i'll start working on these things, see how well it works. 1209765072 M * Bertl excellent! keep me updated and/or let me know if you need a second opinion 1209765083 M * daniel_hozac will do. 1209765437 Q * [d]dub Quit: bye 1209766962 Q * bzed Ping timeout: 480 seconds 1209767220 Q * Piet Remote host closed the connection 1209767251 J * Piet ~piet@tor.noreply.org 1209767579 J * bzed ~bzed@devel.recluse.de 1209768418 N * Guest2792 Genghis 1209768432 J * mire ~mire@140-173-222-85.adsl.verat.net 1209768454 N * Genghis Guest2798 1209771995 Q * Piet Quit: Piet 1209772075 N * Guest2798 Genghis 1209772114 N * Genghis Guest2804 1209772584 Q * docelic Quit: http://www.spinlocksolutions.com/