1211070177 J * onox ~onox@kalfjeslab.demon.nl 1211070263 Q * Linus Ping timeout: 480 seconds 1211070413 Q * hparker Quit: Read error: 104 (Peer reset by connection) 1211070939 Q * bonbons Quit: Leaving 1211071016 Q * Adrinael Read error: Connection reset by peer 1211071018 J * Adrinael adrinael@rid7.kyla.fi 1211073882 J * Linus ~Nuhks@bl7-145-243.dsl.telepac.pt 1211074619 Q * Linus Remote host closed the connection 1211075159 J * Linus ~Nuhks@bl7-145-243.dsl.telepac.pt 1211076814 Q * onox Ping timeout: 480 seconds 1211079610 Q * FireEgl Quit: Leaving... 1211088390 J * ntrs__ ~ntrs@77.29.71.195 1211089313 Q * doener_ Ping timeout: 480 seconds 1211090259 J * friendly ~friendly@ppp59-167-137-15.lns3.mel6.internode.on.net 1211090362 J * FireEgl FireEgl@adsl-226-58-107.bhm.bellsouth.net 1211093791 J * ntrs_ ~ntrs@77.29.64.45 1211094224 Q * ntrs__ Ping timeout: 480 seconds 1211096738 N * sladen_ sladen 1211097720 J * dna ~dna@193-235-dsl.kielnet.net 1211098189 Q * Linus Read error: Connection reset by peer 1211099899 Q * ntrs_ Ping timeout: 480 seconds 1211100098 Q * friendly Quit: Leaving. 1211103062 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1211105161 J * ZSUtPGxD ~Gernot@83-64-146-228.klosterneuburg.xdsl-line.inode.at 1211105239 P * ZSUtPGxD 1211105257 J * ZSUtPGxD ~Gernot@83-64-146-228.klosterneuburg.xdsl-line.inode.at 1211105329 P * ZSUtPGxD 1211105344 J * ZSUtPGxD ~Gernot@83-64-146-228.klosterneuburg.xdsl-line.inode.at 1211105351 P * ZSUtPGxD 1211105399 J * ZSUtPGxD ~Gernot@83-64-146-228.klosterneuburg.xdsl-line.inode.at 1211105405 P * ZSUtPGxD 1211105515 J * ZSUtPGxD ~Gernot@83-64-146-228.klosterneuburg.xdsl-line.inode.at 1211106734 Q * MatBoy Quit: Ik ga weg 1211106750 J * MatBoy ~MatBoy@wiljewelwetenhe.xs4all.nl 1211108064 N * DoberMann[ZZZzzz] DoberMann 1211110007 J * Piet ~piet@tor.noreply.org 1211111492 Q * openblast Remote host closed the connection 1211111518 J * openblast ~quassel@static.230.173.47.78.clients.your-server.de 1211111791 J * bfremon ben@lal69-2-82-226-60-237.fbx.proxad.net 1211112074 P * openblast #vserver 1211112986 Q * Aiken Quit: Leaving 1211113378 J * mrfree ~mrfree@host186-19-dynamic.9-79-r.retail.telecomitalia.it 1211115092 J * pmenier ~pmenier@ACaen-152-1-33-36.w83-115.abo.wanadoo.fr 1211115484 P * ZSUtPGxD 1211115723 Q * MatBoy Remote host closed the connection 1211115992 J * MatBoy ~MatBoy@wiljewelwetenhe.xs4all.nl 1211116474 Q * bfremon Ping timeout: 480 seconds 1211116956 J * doener ~doener@i577B99C5.versanet.de 1211117582 J * bfremon ben@lal69-2-82-226-60-237.fbx.proxad.net 1211118083 Q * mrfree Ping timeout: 480 seconds 1211119176 Q * bfremon Ping timeout: 480 seconds 1211120014 J * bfremon ben@lal69-2-82-226-60-237.fbx.proxad.net 1211120444 Q * brc Ping timeout: 480 seconds 1211121100 J * openblast ~quassel@static.230.173.47.78.clients.your-server.de 1211121383 J * ntrs_ ~ntrs@77.29.64.116 1211121428 J * FaUl immo@shell.chaostreff-dortmund.de 1211121429 M * FaUl huhu 1211121517 M * FaUl fs/char_dev.c: In function ‘chrdev_open’: 1211121517 M * FaUl fs/char_dev.c:369: error: dereferencing pointer to incomplete type 1211121517 M * FaUl make[1]: *** [fs/char_dev.o] Error 1 1211121517 M * FaUl make: *** [fs] Error 2 1211121588 M * FaUl this happenes when i try to build v2.6.22.19-vs2.3.0.34 - any idea how to fix this? 1211121841 M * daniel_hozac interesting. 1211121847 M * daniel_hozac could you upload your .config? 1211121999 Q * bfremon Ping timeout: 480 seconds 1211122233 M * FaUl yea 1211122235 M * FaUl sure 1211122311 M * FaUl http://trash.ctdo.de/get/8d6842500dd1b720853b36a3e98f03f7/catfish.conf 1211122682 M * pmenier FaUI: add #include before the vs_device.h include in the file fs/char_dev.c 1211122713 M * pmenier I got this problem two week ago and Bertl suggests me to add this and it works 1211122736 M * FaUl thx 1211122737 M * daniel_hozac actually, just #include should be sufficient. 1211122924 M * FaUl daniel_hozac: eventually update that diff on the website? this is some really annoying problem right now ;-) 1211122946 M * daniel_hozac i'll make sure it's in 2.3.0.35. 1211122963 M * FaUl that would be great 1211124090 J * dowdle ~dowdle@71-32-22-171.blng.qwest.net 1211124710 J * nosomi ~nosomi@83-64-146-228.klosterneuburg.xdsl-line.inode.at 1211124762 P * nosomi 1211124939 Q * quasisane Remote host closed the connection 1211125182 J * nosomi ~nosomi@83-64-146-228.klosterneuburg.xdsl-line.inode.at 1211125190 P * nosomi 1211125996 Q * Piet Ping timeout: 480 seconds 1211126714 M * wp is anyone using collectd in combination with vserver here? 1211126842 N * Bertl_zZ Bertl 1211126846 M * Bertl morning folks! 1211126872 M * Bertl collectd is the thingy feeding data into rrd, IIRC, yes? 1211126923 J * Piet ~piet@86.59.21.38 1211127048 M * wp yes Bertl 1211127055 M * wp i was wondering if anyone was using it actually :) 1211127097 M * wp i saw they have a plugin for vserver 1211127131 M * daniel_hozac IIRC, tokkee wrote it. 1211127170 M * Bertl wp: IIRC, lycos was using collectd for testing, not sure they have it in production 1211127217 J * brc bruce@megarapido.cliquerapido.com.br 1211127267 M * wp i'll try it out 1211128968 J * Linus ~Nuhks@bl7-138-213.dsl.telepac.pt 1211129609 M * tokkee Re ;-) 1211129623 M * tokkee wp, daniel_hozac: Yes, I wrote the collectd vserver plugin. 1211129957 M * Linus /usr/local/lib/util-vserver/vserver-build.debootstrap: line 111: /var/tmp/debootstrap.NVcQNc/usr/lib/debootstrap/arch: No such file or directory <--- why i have this error ?? 1211129977 M * daniel_hozac upgrade your util-vserver. 1211130061 M * FaUl how do i create an gentoo-vserver on a debian-host? 1211130082 M * FaUl now as my new server is fast, it would be nice to have it as distcc-companion 1211130097 M * FaUl but that allways makes trouble if you don't use the same compiler/etc 1211130126 M * daniel_hozac same as any other host OS. 1211130179 M * FaUl is there some documentation somewhere? 1211130212 M * daniel_hozac http://www.gentoo.org/proj/en/vps/vserver-howto.xml 1211130234 M * FaUl ah, thx 1211130426 M * Linus checking for NSS... no <---- now i have a problem :p , what is NSS ?? dietlibc ?? 1211130507 M * Bertl Network Security Services 1211130507 M * FaUl since when is ipv6-support in util-vserver again? 1211130514 M * Bertl it's here in libnss3 1211130725 M * Linus Bertl i use slackware and i can't find this pkg :/ 1211130760 M * Bertl maybe it is called differently .. search your package database for nss 1211130766 M * daniel_hozac nss is IIRC a security library from mozilla. 1211130785 M * daniel_hozac FaUl: depends on which type of IPv6 kernel you have. 1211130809 M * FaUl daniel_hozac: uhm? its 2.6.22-18-vs2.3.0.34 1211130889 M * daniel_hozac 0.30.214 then. 1211130928 M * Linus daniel_hozac but i have install mozilla and i dont have nss 1211130942 M * daniel_hozac so, use beecrypt instead. 1211131011 M * FaUl ah, excellent 1211131038 M * FaUl 2.30.215 will work also then i guess? 1211131109 M * daniel_hozac yes, of course. 1211131146 M * FaUl excellent 1211131187 M * FaUl init-vserver.sh not found; aborting 1211131188 M * FaUl .oO( WHY MUST BE EVERYTHING SO COMPLICATED! ) 1211131192 M * FaUl aargh 1211131274 M * daniel_hozac did you use the correct command line when building the guest? 1211131277 M * daniel_hozac i.e. -d gentoo? 1211131288 M * FaUl yes 1211131293 M * FaUl uhm 1211131299 M * FaUl maybe not 1211131327 M * FaUl i just copied it out of the url you gave me 1211131364 M * daniel_hozac that has -d gentoo. does yours? 1211131400 M * FaUl yes 1211131415 M * FaUl vserver genint build -m template --context 13 --hostname genint --interface eth1.1:192.168.1.3/24 --initstyle gentoo -- -d gentoo -t stage4-amd64-20070905.tar.bz2 1211131420 M * FaUl that was cut&paste 1211131446 A * Linus ok i give up :/ dont find NSS :P 1211131489 M * daniel_hozac looks fine. 1211131499 M * FaUl yea, but vserver start does not work 1211131503 M * daniel_hozac do you see a complete filesystem in /vservers/genint? 1211131576 M * FaUl yes, looks fine 1211131582 M * FaUl catfish:/vserver/genint# ls 1211131582 M * FaUl bin boot dev etc home lib lib32 lib64 mnt proc root sbin sys tmp usr var 1211131664 M * daniel_hozac i don't see anything wrong. 1211131683 Q * pmenier Quit: Konversation terminated! 1211131701 M * Bertl FaUl: 'does not work' actually means what? 1211131701 M * daniel_hozac what output did you see when you built the guest? 1211131787 M * FaUl catfish:/vserver# vserver genint build -m template --context 13 --hostname genint --interface eth1.1:192.168. 1.3/24 --initstyle gentoo -- -d gentoo -t stage4-amd64-20070905.tar.bz2 1211131791 M * FaUl >>> Adding shared /usr/portage to fstab ... 1211131793 M * FaUl >>> Checking init-style ... gentoo 1211131796 M * FaUl >>> Unpacking template ... z^[[5~ok 1211131798 M * FaUl >>> Installing special init-style magic ... 1211131801 M * FaUl chroot-sh: open("/lib/rc/sh/init-vserver.sh"): No such file or directory 1211131803 M * FaUl chroot-sh: chmod("/lib/rc/sh/init-vserver.sh"): No such file or directory 1211131806 M * FaUl !!! 1211131808 M * FaUl !!! You have to install a service (e.g. syslog/cron) and add it to the 1211131811 M * FaUl !!! default runlevel before you start the guest the first time! 1211131813 M * FaUl !!! Otherwise the guest will die as soon as it has finished booting. 1211131816 M * FaUl !!! 1211131818 M * FaUl !!! Consult the Gentoo Handbook on how to chroot and install 1211131820 M * daniel_hozac please use paste.linux-vsever.org for longer pastes. 1211131821 M * FaUl !!! packages into the guest environment. 1211131823 M * FaUl !!! 1211131826 M * FaUl >>> Fixing default runlevel scripts ... 1211131828 M * FaUl >>> Setting hostname ... 1211131831 M * FaUl >>> Fixing syslog-ng.conf ... 1211131833 M * FaUl >>> Fixing fstab ... 1211131836 M * FaUl >>> Providing dummy net dependency ... 1211131838 M * FaUl yea 1211131840 M * FaUl catfish:/vserver# zv 1211131841 M * FaUl i usually do 1211131875 M * FaUl as stated before - i'm a bit tired, sorry 1211131881 M * daniel_hozac that tells you what's wrong though. it couldn't create init-vserver.sh, thus it cannot be found, thus it cannot be started. 1211131905 M * FaUl any idea why? 1211131919 M * daniel_hozac IIRC, the path changed at some point. 1211131923 M * daniel_hozac Hollow would know. 1211131992 M * FaUl ok, its proberly /lib/rcscripts/sh/... 1211132001 M * FaUl how can i make it use this path? 1211132067 M * daniel_hozac well, either do it manually, or change ths cript. 1211132257 M * FaUl i guess i'll try tomorrow 1211132261 M * FaUl after sleeping ;-) 1211135291 Q * dowdle Quit: Konversation terminated! 1211135309 J * ntrs ~ntrs@77.29.64.116 1211135347 J * dowdle ~dowdle@71-32-22-171.blng.qwest.net 1211135383 J * quasisane ~sanep@c-75-68-59-175.hsd1.nh.comcast.net 1211135641 Q * ntrs_ Ping timeout: 480 seconds 1211135961 Q * dna Ping timeout: 480 seconds 1211136929 Q * opuk Ping timeout: 480 seconds 1211137026 J * ntrs_ ~ntrs@77.29.78.42 1211137450 Q * ntrs Ping timeout: 480 seconds 1211137798 J * opuk ~kupo@2001:16d8:ffbd:100::10 1211138097 J * ntrs ~ntrs@77.29.69.99 1211138221 Q * ntrs_ Ping timeout: 480 seconds 1211138946 Q * esa Ping timeout: 480 seconds 1211139005 J * doener_ ~doener@i577B8E25.versanet.de 1211139104 Q * doener Ping timeout: 480 seconds 1211139269 Q * dowdle Quit: Konversation terminated! 1211139728 J * dna ~dna@193-235-dsl.kielnet.net 1211141028 J * cryptronic ~oli@p54A3A37D.dip0.t-ipconnect.de 1211141201 M * pflanze How do you make /proc/*/maps only readable by the owner of the process? 1211141215 M * pflanze And maybe also other such sensitive files. 1211141290 M * Bertl by checking for the appropriate conditions? 1211141310 M * pflanze where? 1211141319 Q * opuk Quit: Reconnecting 1211141328 M * Bertl preferably in the open/access/permission places of proc 1211141332 J * opuk ~kupo@alla.beundrar.kupo.se 1211141337 M * pflanze I mean: how do I configure/whatever the kernel so that it follows this requirement; 1211141345 M * pflanze do I really have to hack the kernel? 1211141346 J * dowdle ~dowdle@71-32-22-171.blng.qwest.net 1211141363 M * pflanze well I don't, 1211141370 M * Bertl pflanze: I'd say so, unless you have something like grsec/selinux already in palce 1211141376 M * pflanze there's a patch by the redhat people, 1211141398 M * pflanze with their stack protection stuff exec-prot or so 1211141400 M * pflanze but I thought there was something simpler. 1211141414 M * daniel_hozac what are you trying to accomplish? 1211141453 M * pflanze That file just seems like a totally useless giveaway to crackers, rendering process space randomization irrelevant for local users. 1211141479 M * pflanze I just want it off :) 1211141485 M * pflanze for non-owners. 1211141492 M * pflanze Since I guess gdb and such will rely on it. 1211141525 M * daniel_hozac randomization means that it won't be the same across executions, no? 1211141537 M * pflanze yes 1211141545 M * daniel_hozac so... i don't get it. 1211141571 M * pflanze well, say you've got pump running or some such service which runs as root. 1211141589 M * pflanze it's adress space is randomized, so an outside intruder can't rely on lib locations 1211141614 M * pflanze *but*, also assume that the intruder got into the machine by means of some php hole and is the wwwdata user now. 1211141631 M * pflanze All it has to do is run ps, find pump, cat /proc/$pumppid/maps, and know the locations, 1211141642 M * pflanze then repeat the attack from the outside with that knowledge. 1211141660 M * pflanze (or even from the inside, if pump accepts traffic from localhost) 1211141691 M * Bertl what attack? 1211141711 M * pflanze likely some buffer overflow 1211141747 M * pflanze The reason for randomization is making such attacks more difficult. 1211141765 M * Bertl well, if you put that service into a separate context, nobody will see it :) 1211141777 M * pflanze yes, but what about other services? 1211141785 M * Bertl same applies there 1211141791 M * pflanze in the same vserver 1211141807 M * pflanze ok, I know, it's an OT question here.. 1211141808 M * Bertl do consequent service separation 1211141819 M * pflanze point is I've got vserver users 1211141835 M * pflanze and they have their services in their one and only vserver usually. 1211141844 M * pflanze using user id's to protect each other from others. 1211141889 M * pflanze And also what about a hole which gets a user out of a vserver context onto the host, but retaining it's uid? 1211141928 M * Bertl well, what about root processes which allow the intruder to logon without password :) 1211141940 M * pflanze Are you recommending SELinux? 1211141966 M * Bertl if you like heavy and complicated (and certified :) 1211141979 M * pflanze Are you recommending grsecurity? 1211141996 M * Bertl if you like experimental :) 1211142105 M * pflanze You can switch off the maps proc entry completely by means of vserver configuration, right? 1211142131 M * daniel_hozac no. 1211142136 M * Bertl not that I know of 1211142170 M * pflanze hm isn't there that proc enable tool? 1211142170 J * ktwilight_ ~ktwilight@147.125-66-87.adsl-dyn.isp.belgacom.be 1211142185 M * daniel_hozac that doesn't apply to per-process entries. 1211142187 M * Bertl doesn't work on dynamic entries 1211142194 M * pflanze ah 1211142389 Q * ktwilight Ping timeout: 480 seconds 1211142485 M * pflanze hm there is a boolean switch in the fs/proc/* sources, 1211142487 M * pflanze EXPORT_SYMBOL(maps_protect); 1211142504 M * pflanze wondering where it is being exported to, a module parameter? 1211142524 M * Bertl grep is your friend 1211142536 M * Bertl (cscope is probably better though :) 1211142728 M * pflanze yay, echo 1 > /proc/sys/kernel/maps_protect 1211142810 M * daniel_hozac doesn't seem to protect smaps though. 1211142894 M * pflanze hm for me it does? 1211142931 M * pflanze 2.6.22.19 1211142949 M * pflanze it only prevents non-root non-owners 1211142964 M * daniel_hozac oh, heh. i skimmed a bit too fast :) 1211143577 J * Aiken ~james@ppp121-45-230-114.lns1.bne4.internode.on.net 1211144541 J * geb ~geb@AOrleans-151-1-11-128.w90-21.abo.wanadoo.fr 1211144561 M * geb hi 1211144585 M * Bertl hey! 1211144618 Q * dna Quit: Verlassend 1211145106 M * Supaplex sup Bertl 1211146410 Q * ntrs Ping timeout: 480 seconds 1211147019 Q * cryptronic Quit: Leaving. 1211147593 M * Bertl okay, off to bed now ... have a good one everyone! 1211147598 N * Bertl Bertl_zZ 1211147680 M * geb bye ! 1211147965 M * Linus cya :) 1211149830 Q * bonbons Quit: Leaving 1211150071 Q * dowdle Remote host closed the connection 1211151289 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1211151370 Q * bonbons 1211152898 N * DoberMann DoberMann[ZZZzzz] 1211153763 Q * Piet Quit: Piet 1211154420 Q * MatBoy Remote host closed the connection 1211154757 M * Linus is possible change port this RSYNC_RSH=ssh vserver debian build -m rsync 1211154766 M * Linus i use port 2222 for ssh 1211154767 M * Linus :) 1211154801 M * daniel_hozac try RSYNC_RSH="ssh -p 2222", if that doesn't work, setup ~/.ssh/config 1211155131 M * Linus dont work daniel_hozac , i will change config of ssh :þ