1215476766 J * doener_ ~doener@i577BAAA0.versanet.de 1215476866 Q * doener Ping timeout: 480 seconds 1215477309 Q * nenolod Quit: this sh scripting is the language of the future 1215477711 Q * ntrs_ Ping timeout: 480 seconds 1215478229 J * nenolod ~nenolod@ip70-189-74-62.ok.ok.cox.net 1215478693 Q * micah Ping timeout: 480 seconds 1215479916 J * dniel ~ary@host22.190-136-233.telecom.net.ar 1215480008 J * micah ~micah@micah.riseup.net 1215480082 M * dniel Can I patch a kernel 2.6.25 with vs2.2 stable? or does it only work with 2.6.22? 1215480107 J * FireEgl FireEgl@adsl-4-50-84.bhm.bellsouth.net 1215480301 N * Bertl_oO Bertl 1215480312 M * Bertl dniel: there is no 'stable' release for 2.6.25+ yet 1215480385 M * dniel Bertl: ah... and wich version can i use with this kernel? 2.3 experimental? 1215480390 M * Bertl yep 1215480413 M * dniel Bertl: How does it work? 1215480451 J * micah_ ~micah@micah.riseup.net 1215480475 M * Bertl almost the same as stable, not all features implemented there (yet) 1215480510 M * dniel okey... I'll use this version! because I need CoW enabled 1215480530 Q * micah Ping timeout: 480 seconds 1215480543 M * Bertl cow also works on the stable 2.2 releases 1215480604 M * Bertl http://linux-vserver.org/Feature_Matrix 1215480618 M * dniel Bertl: ahhh excellent! 1215480746 M * dniel I'll use a kernel 2.6.22.x with 2.2 stable then. 1215480885 M * dniel Bertl: when 2.3 will become in stable? (approximately) 1215480922 M * Bertl 2.3 never, at some point, 2.4 will be created from 2.3, and that will become the next stable branch 1215481190 N * micah_ micah 1215481362 M * dniel Bertl: ok... I'm going to have dinner....thanks and regards 1215481369 M * dniel bye 1215481370 M * Bertl you're welcome! 1215481397 Q * dniel Quit: Leaving 1215491684 M * _kwowt Bertl 1215491742 M * Bertl _kwowt 1215491792 M * _kwowt remember that issue i had with internet/NIC when it all just stopped working? 1215491810 M * Bertl yup? 1215491837 M * _kwowt turned out to be a trojan/ddos bot on one of my guest vservers :) 1215491912 M * _kwowt btw, what tha hell r u up so early for :p 1215492050 M * Bertl ah, well, was coding a little ... almost off to bed now :) 1215492067 M * Bertl yeah, that explains it (the ddos) 1215495251 Q * FireEgl Read error: Connection reset by peer 1215495416 Q * kiorky Ping timeout: 480 seconds 1215496401 J * FireEgl FireEgl@adsl-4-50-84.bhm.bellsouth.net 1215497037 J * kiorky ~kiorky@cryptelium.net 1215497058 J * derjohn_foo ~aj@ANantes-157-1-168-136.w90-59.abo.wanadoo.fr 1215497374 M * Bertl okay, finally off to bed ... have a good one everyone! cya! 1215497382 N * Bertl Bertl_zZ 1215497522 Q * kiorky Ping timeout: 480 seconds 1215497581 M * arekm hm, arping isn't used when adding new ips in util-vserver scripts :( 1215497698 J * kiorky ~kiorky@cryptelium.net 1215497732 Q * derjohn_foo Ping timeout: 480 seconds 1215498061 J * ntrs_ ~ntrs@77.29.65.139 1215498415 Q * ensc Ping timeout: 480 seconds 1215498808 J * z0d ~z0d@fw.wonderline.hu 1215498839 M * z0d re 1215500703 J * joern42 ~jr@dyndsl-091-096-038-193.ewe-ip-backbone.de 1215501331 P * joern42 1215501543 Q * laptopnenolod Quit: this sh scripting is the language of the future 1215501568 J * laptopnenolod ~nenolod@ip70-189-74-62.ok.ok.cox.net 1215501905 J * ensc ~irc-ensc@77.235.182.26 1215502788 J * dna ~dna@218-230-dsl.kielnet.net 1215503092 N * DoberMann[ZZZzzz] DoberMann 1215503234 J * joern42 ~jr@dyndsl-091-096-038-193.ewe-ip-backbone.de 1215503647 J * pmenier ~pme@LNeuilly-152-22-72-5.w193-251.abo.wanadoo.fr 1215504215 Q * ntrs_ Ping timeout: 480 seconds 1215504241 J * Slydder ~chuck@194.59.17.53 1215504607 Q * Supaplex Quit: * memory leak? bbiaf 1215504827 J * joern421 ~jr@dyndsl-091-096-062-010.ewe-ip-backbone.de 1215504839 J * kir ~kir@swsoft-msk-nat.sw.ru 1215505176 Q * joern42 Ping timeout: 480 seconds 1215506175 Q * ensc Ping timeout: 480 seconds 1215506958 J * infotron ~infotron@166.70.62.200 1215507612 Q * pmenier Read error: Connection reset by peer 1215507628 J * pmenier ~pme@LNeuilly-152-22-72-5.w193-251.abo.wanadoo.fr 1215507791 P * joern421 1215509667 M * harry bug found!! ;) 1215509675 M * harry i don't have much time, but... 1215509685 M * harry on the host , i have /mnt/home 1215509691 M * harry which contains homedirs (du'uh ;)) 1215509706 M * harry in 4 of my virtual servers, i have a bind mount to /home in the guests 1215509734 M * harry i had (for some strange reason!!!) filesystem corruption, so i had to unmount it and do a fs scan 1215509741 M * harry i logged in on the host 1215509753 M * harry did: umount /mnt/home (and it worked!!!) 1215509765 M * harry i started fsck on it (IT WORKED ASWELL!!!) 1215509784 M * harry but... i could still use the filesystem in the guests 1215509802 M * harry because on the host, the filesystem was unmounted, so the fsck worked 1215509837 M * maddoc_ Outch. 1215509839 M * harry this is massively dangerous for fucking up your entire system! the host doesnt know it's still used in different namespaces 1215509876 N * maddoc_ maddoc 1215509881 M * harry i thought the bind mounts would "not see the homedirs anymore" 1215509890 M * harry and not be a problem anymore 1215509893 M * harry but it didn't 1215509902 M * harry ==> bindmount patch immanent! ;) 1215510280 J * Pazzo ~ugelt@reserved-225136.rol.raiffeisen.net 1215510408 M * Pazzo Hi @ll! 1215510437 M * Pazzo Shouldn't 'echo "NET_ADMIN" >> bcapabilities' allow my vServer to manage netfilter rules with iptables? 1215510556 J * ensc ~irc-ensc@77.235.182.26 1215510561 M * harry first of all: it depends on cwd 1215510681 J * ntrs ~ntrs@77.29.197.19 1215510753 Q * ntrs Read error: Connection reset by peer 1215510756 J * ntrs ~ntrs@77.29.197.19 1215511068 J * yarihm ~yarihm@84-74-147-84.dclient.hispeed.ch 1215511228 Q * ntrs Read error: Connection reset by peer 1215511358 M * waldi harry: you use a too old version of the fsck tool 1215511382 M * waldi harry: it have to use exclusive mounts instead of looking into /etc/mtab 1215511388 J * esa bip@ip-87-238-2-45.static.adsl.cheapnet.it 1215511396 M * harry waldi: it's centos 5 1215511411 Q * esa` Ping timeout: 480 seconds 1215511451 M * z0d harry: what fsck version do you have? 1215511552 M * harry reiserfsck 3.6.19 (2003 www.namesys.com) 1215511599 M * waldi okay, rasierfs 1215511602 M * sid3windr heh, reiser 1215511610 M * waldi oh, wait, murderfs 1215511623 M * sid3windr you don't need vserver stuff to kill your filesystem ;) 1215511646 M * harry http://en.wikipedia.org/w/index.php?title=Comparison_of_file_systems&oldid=220529437#Features 1215511656 M * harry mind the last column @ features ;) 1215511737 M * z0d hehe 1215511862 M * z0d harry: so this problem is reiserfs related, right? 1215511884 M * harry z0d: don't think os 1215511885 M * harry so 1215511893 M * harry could be 1215511944 J * ktwilight ~ktwilight@8.96-66-87.adsl-dyn.isp.belgacom.be 1215512206 Q * ktwilight_ Ping timeout: 480 seconds 1215512228 Q * yarihm Quit: This computer has gone to sleep 1215512358 J * joern421 ~jr@dyndsl-091-096-062-010.ewe-ip-backbone.de 1215513345 Q * cehteh Ping timeout: 480 seconds 1215513631 J * cehteh ~ct@pipapo.org 1215514950 J * friendly ~friendly@ppp59-167-145-230.lns4.mel6.internode.on.net 1215515916 J * loddafni1 ~mike@193.170.138.233 1215517987 Q * Slydder Quit: Leaving. 1215520124 J * Punkie ~Punkie@goc.coolhousing.net 1215520558 Q * friendly Quit: Leaving. 1215520677 N * Bertl_zZ Bertl 1215520681 M * Bertl morning folks! 1215520715 M * Pazzo Moin Bertl! 1215521194 M * _kwowt moin Bertl 1215521194 M * _kwowt :P 1215521202 M * _kwowt already up 1215521270 M * Bertl obviously :) 1215521335 M * _kwowt :P 1215521547 J * dniel ~ary@200.16.16.15 1215521567 N * dniel dniel_at_work 1215522227 M * Punkie hello, I have a problem, when I try to update ubuntu quest from gutsy(7.10) to hardy(8.04), it allways crashed on updating of klogd, it can't start it, when it is trying to start klogd, I see in log only this: http://paste.linux-vserver.org/12305 1215522477 M * Bertl you have a bunch of options there 1215522512 M * Bertl a) change the update/init script to not run klogd (sensible solution) 1215522555 M * Bertl b) enable the SYSLOG capability (and run a dummy klogd) 1215522721 M * daniel_hozac maybe we should enable that by default? 1215522766 M * daniel_hozac it doesn't hurt anything, and makes the broken Debian/Ubuntu klogds happy... 1215522834 M * Bertl shouldn't be a problem, IMHO 1215522856 M * PowerKe enable it for all guests or only debian style? 1215523013 M * daniel_hozac all of them. 1215523048 M * Punkie I have enabled SYSLOG in ccapability file, but I am not sure what it is/means "dummy klogd", option a) is working, thanks a lot 1215523068 M * daniel_hozac it means, it won't ever do anything. 1215523087 M * daniel_hozac so it's a completely useless process. 1215523212 M * Punkie with SYSLOG ccapability klogd doesn't start too 1215523235 M * Bertl what kernel/patches? 1215523282 M * Punkie 2.6.22.19-vs2.3.0.34, util-vservers 0.30.215 1215523321 M * Bertl what error does klogd throw? 1215523364 M * daniel_hozac it's ccapabilities 1215523567 M * Punkie I have right the name of this file (ccapabilities) ;), there is no error, it is starting and nothing is happen... 1215523594 M * Bertl well, that's kind of the purpose 1215523601 M * Punkie * Starting kernel log daemon... that's all 1215523610 M * Bertl i.e. it should start, hang around and do nothing 1215523644 M * daniel_hozac strace it. 1215523671 M * Punkie ok 1215524083 M * dniel_at_work Hi Bertl! sorry to trouble again. Wich version of vserver do you recommend for a kernel 2.6.18.x? vs2.2.0.3 or vs2.2.0.7? Because I'll use the kernel-source have debian etch in its repository 1215524136 M * Bertl you will need to get 'debian' patches for that, as the mainline patches won't apply cleanly 1215524169 M * Bertl good news is, there should be a debian package with Linux-VServer 1215524350 M * dniel_at_work Bertl, yes, but I need compile it with CoW option enabled 1215524400 Q * Aiken Quit: Leaving 1215524442 M * daniel_hozac just get a recent kernel. 1215524458 M * daniel_hozac you're just setting yourself up for pain by using 2.6.18... 1215524685 M * Punkie hmm, I restarted klogd, I had to go out from computer (I am at work)...after 10 minutes, the klogd is normally restarted, I waited before only for (max) 5 minutes. I'm stracing it now 1215524735 M * dniel_at_work daniel_hozac: I don't understad. How can I set it? The only way is compiling with this option enabled. Is it ok? 1215525039 M * fanto666 hello, starting vserver tries to unmont filesystems that are mounted in the host... 1215525069 M * Bertl and usually succeeds, yes, why? 1215525145 M * fanto666 bertl if this was for me, no, it does not and can't succeed because those mount are completely unrelated to vserver... and I would be angry if those got unmounted... 1215525169 M * fanto666 I just wonder where did the script get that. They are NFS mounts... 1215525200 M * Bertl as a guest usually has a separate mount space, all 'unrelated' mounts get 'removed' when the new space was created 1215525215 M * Bertl so, no, your host won't lose those mounts, only the guest 1215525230 M * Bertl (which doesn't use them anyway, so it increases security) 1215525234 M * fanto666 daniel_hozac: the guest does not have the mounts, why does it try to unmount them ar all? 1215525249 M * fanto666 ops, s/daniel_hozac/Bertl 1215525259 M * Bertl the guest 'inherits' all mounts from the host (when a new namespace is created) 1215525282 M * fanto666 inherits in what way? /proc/mounts ? 1215525312 M * Bertl in the way that each and every mount on the host gets 'cloned' for the guest namespace 1215525335 M * fanto666 cloned, but in proc/mounts, am I right? 1215525368 Q * z0d Remote host closed the connection 1215525378 M * fanto666 or is that related to kernel structures? 1215525382 M * Bertl /proc/mounts is a virtual entry which gives a human readable version of the current filesystem namespace 1215525403 M * fanto666 so the umount just makes those invisible in guest 1215525408 M * Punkie http://paste.linux-vserver.org/12306 it takes about 10 minutes 1215525414 M * Bertl fanto666: the actual mounts are cloned for the guest namespace 1215525439 M * Bertl fanto666: and those mounts, not required inside the guest namespace get removed (unmounted) 1215525457 M * fanto666 Bertl: are they cloned by chroot() call or is that relaetd to vserver functionality? 1215525486 M * Bertl neither nor, it is related to the 'clone' system call (unsharing the namespace) 1215525508 J * z0d ~z0d@fw.wonderline.hu 1215525535 M * fanto666 clone (2) - create a child process 1215525537 M * fanto666 this one? 1215525564 M * Bertl yep 1215525599 M * fanto666 Punkie try 'strace -r' that should tell you what takes such time 1215525651 M * fanto666 bertl are they visible somehow in the vserver? 1215525670 M * Bertl who/what? 1215525710 M * fanto666 those mounts 1215525807 M * Bertl let me rephrase your question: are those cloned mounts visible inside a Linux-VServer guest? 1215525825 M * fanto666 yes, that's what I've meant 1215525844 M * Bertl depends, if they _are_ inside the guest, they would be visible even after the chroot, otherwise they are only visible in the namespace (outside the chroot) 1215525887 M * Bertl daniel_hozac: is it known that util-vserver-build-0.30.216-1.pre2722.el5.centos fails on install (with yum)? 1215525932 M * daniel_hozac hmm? 1215525985 M * Bertl http://paste.linux-vserver.org/12307 1215526012 M * daniel_hozac hmm, crap. 1215526071 J * tezburma ~dieter@80.123.213.104 1215526082 M * Bertl welcome tezburma! 1215526090 M * tezburma hi Bertl 1215526105 M * Bertl daniel_hozac is currently looking at your issue :) 1215526200 M * tezburma hey great :-) 1215526219 M * tezburma does he know what my problem is ? 1215526234 M * Bertl yep, http://paste.linux-vserver.org/12307 1215526382 M * Bertl Punkie: try to prefix the klogd call in the init script with 'strace -fF -o /tmp/klogd.trace' 1215526475 M * Punkie oki 1215526742 Q * _gh_ Ping timeout: 480 seconds 1215526814 M * dniel_at_work yessss!!!!!!!!!!! :) I can do it.! I do love linux-vserver 1215526835 M * Bertl congrats! 1215526843 M * dniel_at_work Bertl, thanks! 1215526850 M * Bertl you're welcome! 1215526906 M * dniel_at_work I'm happy!! 1215527468 M * fanto666 I thought chroot() should drop all invisible mountpoints ... 1215527480 M * fanto666 (in the current process namespace) 1215527499 M * daniel_hozac uh, no. 1215527509 M * daniel_hozac that would suck in a bad way. 1215527521 M * fanto666 hmm? 1215527558 M * daniel_hozac if that were the case, chroot /vservers/ would unmount /dev/pts, /dev, /proc, and any other mountpoints you have... 1215527568 M * daniel_hozac on the _host_. 1215527634 M * fanto666 no... I mean that child process should not see them 1215527661 M * daniel_hozac obviously it won't, unless it escapes from the chroot. 1215527682 M * fanto666 so why to unmount those NFS mounts? 1215527684 M * daniel_hozac tezburma: try again now. 1215527699 M * fanto666 (if you remember what I was talking with bertl about a while ago) 1215527701 M * daniel_hozac fanto666: because there's no point in having them mounted in the guest namespace? 1215527721 M * daniel_hozac they're not in the guest, so all they're really doing there is keeping an NFS mount around forever. 1215527728 M * daniel_hozac even if you unmount it on the host. 1215527763 M * fanto666 daniel_hozac: what's the difference between any NFS mount and local e.g. /proc mount then? 1215527769 M * daniel_hozac none. 1215527777 M * fanto666 I may not have /proc mounted in te guest even 1215527798 M * daniel_hozac everything but /proc, /dev, and the guest is unmounted in the guest's namespace. 1215527810 M * daniel_hozac where /proc and /dev are only kept out of convenience. 1215527827 M * Punkie http://quark.fereng.cz/klogd.trace 1215527852 M * Bertl tx 1215527906 M * tezburma daniel_hozac: I am afraid I have the same troubles as before, but the version of the util-vserver-build package hasn't changed in yum 1215527917 M * fanto666 well from my point of view there's a logical problem with namespaces and chroot 1215527952 M * Bertl fanto666: and that would be? 1215527961 M * daniel_hozac tezburma: yum clean metadata 1215527973 M * fanto666 Bertl: only mounts from below chroot should be visible/ezxist in the chrooted process namespace, imho 1215527982 M * daniel_hozac fanto666: exactly! 1215527988 M * daniel_hozac that's what we're doing... 1215528010 M * daniel_hozac and what you're complaining about :) 1215528030 M * fanto666 well, I wonder why doesn't chroot() do that automatically. iirc I've seen unreachable filesystems in /proc/mounts in chrooted process... 1215528057 M * fanto666 daniel_hozac: I am just thinking that the kernel should take care about that and if it's not a ... bug? 1215528057 M * Bertl Punkie: could you try the following inside the guest: 'dd if=/proc/kmsg of=/dev/null bs=1' and see if that hangs? 1215528059 M * tezburma daniel_hozac: I had cleaned all already, the problem is the same ... 1215528060 M * daniel_hozac because, as i just said, that would suck in a bad way. 1215528086 M * daniel_hozac tezburma: proxy? 1215528115 M * Bertl fanto666: never implement stuff in the kernel which can be done in userspace :) 1215528132 M * daniel_hozac tezburma: nevermind, i see what's going on. 1215528143 M * tezburma daniel_hozac which version is the latest ? 1215528153 M * fanto666 Bertl: well, seeing mounts etc in chrooted process is imho a bug 1215528171 M * fanto666 daniel_hozac: No, I mean, that child process should only see its own root and mounts inside of it 1215528178 M * z0d fanto666: chroot is (originally) not a security tool 1215528178 M * daniel_hozac fanto666: that already happens. 1215528184 M * Bertl fanto666: you don't want to see your mounts in a chroot? 1215528216 M * fanto666 Bertl: depends if they are mounted under the chroot or outside of it 1215528233 M * Bertl and that's exactly what mainline does, no? 1215528251 M * fanto666 daniel_hozac: if _that_ happened, there would be no need for unmounting invisible nfs filesystems in the child 1215528268 M * fanto666 let me check something 1215528268 M * Bertl fanto666: you are wrong on that 1215528291 M * Bertl fanto666: let me give you an example _why_ it makes perfect sense to unmount and not just hide host mounts 1215528329 M * Bertl fanto666: let's assume the host has the cdrom mounted on /mnt/cdrom when the guest 'hansi' is started, okay? 1215528330 M * daniel_hozac fanto666: they're not unmounted for beautifying /proc/mounts. they're unmounted because you otherwise have lignering mountpoints, forever. 1215528340 M * daniel_hozac tezburma: okay, try again now, after cleaning. 1215528380 M * Bertl fanto666: now, as the guest has a perfectly fine mount of that cdrom, the kernel will (usually) block the eject .. even if you unmount it on the host 1215528406 J * dowdle ~dowdle@scott.coe.montana.edu 1215528411 M * Bertl fanto666: you'll need to shut down the guest to eject the cd, desired behaviour? 1215528485 M * tezburma daniel_hozac: now I get: Error: Missing Dependency: util-vserver = 0.30.216-0.pre2728.el5.centos is needed by package util-vserver-build 1215528596 M * daniel_hozac well, that file is there, so i don't see why that would be happening... 1215528603 M * fanto666 Bertl: what mean is, that I don't see reason for mountpoint to appear in chrooted process' namespace 1215528618 M * Bertl there is no 'chrooted' namespace 1215528632 M * Bertl there is a namespace per process, and there is chroot() 1215528640 M * Bertl (those are completely unrelated) 1215528681 M * fanto666 well, that may be the problem :) 1215528703 M * daniel_hozac they are completely orthogonal features. 1215528708 M * Bertl fanto666: yes, but it is _your_ problem with understanding the mechanisms :) 1215528714 M * Punkie Bertl: yes it hangs 1215528735 M * fanto666 Bertl: that's quite possible 1215528756 M * Bertl Punkie: okay, tx, seems that this great idea of debian/ubuntu to use dd to read the kernel messages causes this hang 1215528785 M * Bertl Punkie: will see if I can work around that somehow 1215528833 M * Punkie thanks a lot, I will comment it out in init script now 1215528878 M * daniel_hozac you can just disable that initscript. 1215528898 M * daniel_hozac which works fine in proper distributions, but Debian/Ubuntu reenable them every time you upgrade... 1215529025 M * Punkie I understand, but I am glad that I have at least some (temporary) solution ;) 1215529077 M * Punkie thanks a lot for your help 1215529175 M * Bertl np 1215529325 M * fanto666 hmmm I use syslog-ng under debian, I can't comment out that 1215529350 M * Bertl just remove the klog line in the config 1215529378 M * Bertl (or comment it out) 1215529409 M * fanto666 Bertl, it that was to me... I don't have klogd not anything (and can't install because of a conflist) so I can't check for the problem on debian 1215529459 M * fanto666 btw could flag "nonamespace" spare me from unmounting those processes? 1215529462 M * fanto666 ops, filesystems 1215529477 M * Bertl it will disable the private namespace feature 1215529479 M * daniel_hozac i don't understand what you're trying to achieve. 1215529493 M * daniel_hozac why is the unmount a problem for you? 1215529519 M * fanto666 daniel_hozac I'd like to get rid of those "not mounted" messages so I'm trying to find out why does all the stuff happen 1215529577 M * Bertl you get 'not mounted' on the guest startup? for what mounts? 1215529582 M * daniel_hozac uh, it's processing /proc/mounts, so they definitely are mounted... 1215529603 M * fanto666 bertl nfs mounts 1215529634 M * daniel_hozac paste a --debug trace. 1215529635 M * fanto666 haven't I said that before? 1215529708 M * daniel_hozac i'm assuming it's executing umount.nfs, which is doing silly things... 1215529733 M * daniel_hozac tezburma: please try again now. 1215529790 M * fanto666 like this ? //usr/lib64/util-vserver/vserver-wrapper --debug start 1215529807 M * fanto666 hmmm 1215529809 M * daniel_hozac no, like vserver --debug start. 1215529815 M * tezburma daniel_hozac: PERFECT, now its working. thanks for your quick help :-) 1215529837 M * daniel_hozac tezburma: great, thank you. i don't know what went wrong the last time... 1215530068 P * kaouete 1215530166 M * joern421 hi, did somebody has success with installing hamachi inside a guest? 1215530177 M * Bertl what's that? 1215530190 M * joern421 its a proprietary openvpn-like tunnel 1215530195 M * joern421 it uses tun 1215530212 M * Bertl can it handle persistant tun devices? 1215530269 M * snooze how do you find out which tag a file/dir has? 1215530270 M * joern421 this is a good question.. i will rtfm.. :) 1215530318 M * Bertl snooze: lstag/lsxid 1215530319 Q * mick_home Read error: Connection reset by peer 1215530321 M * joern421 ( http://de.wikipedia.org/wiki/Hamachi ) 1215530339 M * snooze Bertl: nice, thanks 1215530340 J * mick_home ~clamwin@h-74-2-196-226.miatflad.covad.net 1215530400 M * snooze hehe 1215530401 M * snooze !!ERR!! ./www 1215530405 M * snooze what could that mean? 1215530419 M * snooze (its only for that dir) 1215530441 M * daniel_hozac that it's not mounted with -o tag. 1215530561 M * Bertl joern421: well, what I read there, I would avoid it like hell :) 1215530571 M * snooze daniel_hozac: of course, stupid me :) 1215530611 M * joern421 Bertl: yes, i thought the same thing :)) 1215530652 M * joern421 Bertl: but i do many things for money ^H^H^H my customers :) 1215530691 M * Bertl well, if it doesn't need to mess with iptables, and if it can handle persistant tun devices, it should work 1215530730 M * Bertl you need to setup the routing and/or nat from outside, and provide the tun device for the guest 1215530819 M * joern421 Bertl: thx, i will try it.. 1215531458 M * fanto666 well, the debug trace is nearly 64k. when starting guest, I get errors about 5 NFS filesystems not mounted 1215531511 M * fanto666 (those 5 that are mounted in host). Are you interested in this? 1215531538 M * Bertl sure, please upload it somewhere 1215531600 M * fanto666 www.fantomas.sk/vserver.start.err 1215531624 M * z0d bye 1215531627 Q * z0d Remote host closed the connection 1215531635 M * fanto666 if there's any problem on our side, I didn't create the vserver ;) 1215531807 M * daniel_hozac try editing /usr/lib*/util-vserver/vserver.functions:_namespaceCleanup 1215531813 M * daniel_hozac add -i to the $_UMOUNT arguments. 1215531898 M * fanto666 hmm, that should surely work 1215531971 M * fanto666 but I again don't understand it - why to do that at all? I mean, the filesystems won't be really unmounted this way, will they? 1215531982 M * daniel_hozac yes, they will 1215531986 M * daniel_hozac from the guest's namespace. 1215532049 M * fanto666 may I expect this change appear in later util-vserver? 1215532101 M * daniel_hozac if it works, sure. 1215532171 M * fanto666 it does 1215532193 M * fanto666 ... and I'm reading the namespaces thing to understand that better 1215532665 Q * dna Ping timeout: 480 seconds 1215533152 Q * tezburma Remote host closed the connection 1215533314 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1215533944 M * joern421 Bertl: hamachi is running, but the hamachi process has to run on the host.. the guest can access it through the tun interface... hmm, i dont know if this is such a good idea... anyway, its working, thanx again 1215533992 M * Bertl np 1215535357 Q * padde Remote host closed the connection 1215535607 M * Pazzo I'm trying to use iptables from inside a vserver guest, I added NET_ADMIN, SYS_MODULE and now also SYS_ADMIN to bcapabilities... but still no way!? 1215535622 M * Bertl don't do it :) 1215535640 M * Bertl there is no point in running iptables inside a guest 1215535717 M * Pazzo Bertl: I need to control the host's netfilter rules from inside a guest 1215535728 M * Bertl why's that? 1215535762 M * Pazzo I'm giving mediaproxy 2.0 (requiring upcoming OpenSER 1.4) a try - it's a RTP proxy... 1215535790 M * Pazzo ...completely rewritten - and instead of handling everything in userspace it is using netfilter, netlink & co 1215535807 M * daniel_hozac seems like a step in the wrong direction if you ask me :) 1215535849 M * Bertl anyway, sounds like you want to run it _outside_ a network context 1215535856 M * Pazzo The idea is not bad - it is running in userspace, written in python (with a small c part), it is distibutable... 1215535863 M * Pazzo (distri...) 1215535894 M * Pazzo and each "relay host" does nothing but insert netfilter rules 1215535925 M * Pazzo Right now I'm trying to find out what EXACTLY it is doing, wheter it would harm my other fw rules etc etc 1215535954 M * Pazzo But I would really like to keep it inside a vServer - as I'm doing with almost all services we are running 1215535994 M * Bertl well, inside a process space makes sense, but when you are drilling up the guest to have full network access, no point in a network context then 1215536045 M * Pazzo Hmmm... and how do I start a vServer in network context 0? 1215536074 Q * dowdle Quit: Konversation terminated! 1215536087 M * Pazzo iptables keeps saying: iptables v1.4.0: can't initialize iptables table `filter': Permission denied (you must be root) 1215536130 J * padde ~padde@patrick-nagel.net 1215536142 M * daniel_hozac strace 1215536185 M * Pazzo Already did so - but I've overseen a line: 1215536188 M * Pazzo socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = -1 EPERM (Operation not permitted) 1215536190 M * Pazzo hehe 1215536193 M * Pazzo just a sec 1215536252 M * Pazzo works :o) 1215536296 M * Pazzo Sorry for disturbing you! 1215536301 M * Bertl np 1215536345 M * Pazzo Now I can go over to the next issues, "Set resource limit for maximum open file descriptors to 11000" and "fatal error: failed to create MediaProxy Relay: Could not determine Linux kernel version" (!?) - but I'm sure I'll manage that ;-) 1215536350 M * Pazzo Thanks for your help! 1215536417 N * pmenier pmenier_off 1215536426 N * DoberMann DoberMann[PullA] 1215536534 J * z0d ~z0d@apn-89-223-133-56.vodafone.hu 1215536539 Q * Pazzo Read error: Connection reset by peer 1215536595 M * z0d re 1215536689 J * dowdle ~dowdle@scott.coe.montana.edu 1215536693 Q * dowdle Remote host closed the connection 1215536929 J * dowdle ~dowdle@scott.coe.montana.edu 1215537063 J * Pazzo ~ugelt@reserved-225136.rol.raiffeisen.net 1215537584 Q * Pazzo Quit: Ex-Chat 1215537675 J * cryptronic ~oli@p54A3B9AA.dip0.t-ipconnect.de 1215539687 Q * jumb0 Remote host closed the connection 1215539735 Q * Punkie Quit: ...mizim... 1215540352 M * Bertl okay, off for now ... bbl 1215540356 N * Bertl Bertl_oO 1215541858 Q * mick_home Read error: Connection reset by peer 1215541886 J * mick_home ~clamwin@h-74-2-196-226.miatflad.covad.net 1215542606 J * ntrs ~ntrs@77.29.73.209 1215543069 N * dniel_at_work dniel 1215543344 J * mire ~mire@8-168-222-85.adsl.verat.net 1215544145 Q * sid3windr Ping timeout: 480 seconds 1215544495 J * sid3windr luser@bastard-operator.from-hell.be 1215544638 M * nkukard this is really weird 1215544640 M * nkukard rpm-fake-resolver: vc_ctx_migrate(): No such process 1215544642 M * nkukard rpm-fake.so: failed to initialize communication with resolver 1215544643 M * nkukard what would cause that ? 1215544659 M * daniel_hozac a race. 1215544689 M * nkukard darn 1215544699 M * nkukard ah, there it works 1215544716 M * nkukard daniel_hozac, quad core amd :( 1215544724 M * daniel_hozac oh really? 1215544730 M * daniel_hozac i only see it on my dual core. 1215544734 M * daniel_hozac my quad core works really well. 1215544760 M * nkukard is it bad, or should i just keep trying until it works like now? 1215544796 M * daniel_hozac keep trying... i honestly have no idea what's causing it at this point. 1215544821 M * nkukard i'm more than willing to do any debugging if you need :) 1215544835 M * nkukard also ... wanted to know if there was a more recent devel version i can test for you? 1215545033 M * daniel_hozac nothing has changed in this regard. 1215545041 M * daniel_hozac i really thought it was fixed in 0.30.215. 1215545051 M * daniel_hozac i.e. 0.30.215 does everything it can to prevent it. 1215545054 A * nkukard checks his version 1215545066 M * nkukard util-vserver-0.30.215-0.4.i586 1215545069 M * nkukard yea, 215 here 1215545125 M * nkukard daniel_hozac, i was wrong, the box i'm on is a dual core AMD X2 1215545138 M * nkukard AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ 1215545145 M * nkukard 4Gb RAM 1215545198 Q * dniel Quit: Leaving 1215547770 Q * mire Quit: Leaving 1215547776 Q * FireEgl charon.oftc.net cation.oftc.net 1215547776 Q * besonen_mobile charon.oftc.net cation.oftc.net 1215547776 Q * bored2sleep charon.oftc.net cation.oftc.net 1215547776 Q * brc charon.oftc.net cation.oftc.net 1215547776 Q * dddd charon.oftc.net cation.oftc.net 1215547776 Q * mick_home charon.oftc.net cation.oftc.net 1215547776 Q * dowdle charon.oftc.net cation.oftc.net 1215547776 Q * infotron charon.oftc.net cation.oftc.net 1215547776 Q * laptopnenolod charon.oftc.net cation.oftc.net 1215547776 Q * simonp charon.oftc.net cation.oftc.net 1215547776 Q * nkukard charon.oftc.net cation.oftc.net 1215547776 Q * nenolod charon.oftc.net cation.oftc.net 1215547776 Q * balbir charon.oftc.net cation.oftc.net 1215547776 Q * tam charon.oftc.net cation.oftc.net 1215547776 Q * tzanger charon.oftc.net cation.oftc.net 1215547776 Q * awk charon.oftc.net cation.oftc.net 1215547776 Q * z0d charon.oftc.net cation.oftc.net 1215547776 Q * cehteh charon.oftc.net cation.oftc.net 1215547776 Q * pmenier_off charon.oftc.net cation.oftc.net 1215547776 Q * joern421 charon.oftc.net cation.oftc.net 1215547776 Q * the_fafa charon.oftc.net cation.oftc.net 1215547776 Q * hijacker_ charon.oftc.net cation.oftc.net 1215547776 Q * ex charon.oftc.net cation.oftc.net 1215547776 Q * jsambrook charon.oftc.net cation.oftc.net 1215547776 Q * larsivi charon.oftc.net cation.oftc.net 1215547776 Q * derjohn charon.oftc.net cation.oftc.net 1215547776 Q * fanto666 charon.oftc.net cation.oftc.net 1215547776 Q * padde charon.oftc.net cation.oftc.net 1215547776 Q * bonbons charon.oftc.net cation.oftc.net 1215547776 Q * kir charon.oftc.net cation.oftc.net 1215547776 Q * ag- charon.oftc.net cation.oftc.net 1215547776 Q * Genghis charon.oftc.net cation.oftc.net 1215547776 Q * _kwowt charon.oftc.net cation.oftc.net 1215547776 Q * phedny charon.oftc.net cation.oftc.net 1215547776 Q * SpComb charon.oftc.net cation.oftc.net 1215547776 Q * transacid charon.oftc.net cation.oftc.net 1215547776 Q * Wonka charon.oftc.net cation.oftc.net 1215547776 Q * AndrewLee charon.oftc.net cation.oftc.net 1215547776 Q * ntrs charon.oftc.net cation.oftc.net 1215547776 Q * micah charon.oftc.net cation.oftc.net 1215547776 Q * Hollow charon.oftc.net cation.oftc.net 1215547776 Q * MooingLemur charon.oftc.net cation.oftc.net 1215547791 J * ntrs ~ntrs@77.29.73.209 1215547791 J * mick_home ~clamwin@h-74-2-196-226.miatflad.covad.net 1215547791 J * dowdle ~dowdle@scott.coe.montana.edu 1215547791 J * z0d ~z0d@apn-89-223-133-56.vodafone.hu 1215547791 J * padde ~padde@patrick-nagel.net 1215547791 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1215547791 J * cehteh ~ct@pipapo.org 1215547791 J * joern421 ~jr@dyndsl-091-096-062-010.ewe-ip-backbone.de 1215547791 J * pmenier_off ~pme@LNeuilly-152-22-72-5.w193-251.abo.wanadoo.fr 1215547791 J * infotron ~infotron@166.70.62.200 1215547791 J * kir ~kir@swsoft-msk-nat.sw.ru 1215547791 J * laptopnenolod ~nenolod@ip70-189-74-62.ok.ok.cox.net 1215547791 J * FireEgl FireEgl@adsl-4-50-84.bhm.bellsouth.net 1215547791 J * micah ~micah@micah.riseup.net 1215547791 J * nenolod ~nenolod@ip70-189-74-62.ok.ok.cox.net 1215547791 J * the_fafa ~fafa@p5496D942.dip.t-dialin.net 1215547791 J * balbir ~balbir@122.167.219.6 1215547791 J * simonp ~simonp@132.208.20.9 1215547791 J * Genghis ~Genghis@got.debian-inside.com 1215547791 J * hijacker_ ~hijacker@213.91.163.5 1215547791 J * ag- ~ag@fedaykin.roxor.cx 1215547791 J * ex ex@valis.net.pl 1215547791 J * _kwowt ~quote@193.77.185.75 1215547791 J * jsambrook ~jsambrook@aelfric.plus.com 1215547791 J * larsivi ~larsivi@169.80-202-217.nextgentel.com 1215547791 J * phedny ~mark@2a02:348:35:5a26::1 1215547791 J * SpComb terom@zapotek.paivola.fi 1215547791 J * Hollow ~hollow@proteus.croup.de 1215547791 J * transacid ~transacid@transacid.de 1215547791 J * Wonka produziert@chaos.in-kiel.de 1215547791 J * tam ~tam@gw.nettam.com 1215547791 J * derjohn ~derjohn@80.69.41.3 1215547791 J * tzanger ~tzanger@gromit.mixdown.ca 1215547791 J * nkukard ~nkukard@196.212.73.74 1215547791 J * awk ~awk@security.web.za 1215547791 J * fanto666 fantomas@fantomas.fantomas.sk 1215547791 J * AndrewLee ~andrew@140.109.17.84 1215547791 J * dddd ~matthew@scorpion.sorbs.net 1215547791 J * besonen_mobile ~besonen_m@71-220-224-216.eugn.qwest.net 1215547791 J * brc bruce@megarapido.cliquerapido.com.br 1215547791 J * bored2sleep ~bored2sle@66-111-53-150.static.sagonet.net 1215547791 J * MooingLemur ~troy@shells195.pinchaser.com 1215548140 J * joern42 ~jr@dyndsl-080-228-186-221.ewe-ip-backbone.de 1215548431 Q * joern421 Ping timeout: 480 seconds 1215548636 M * z0d good night 1215548636 Q * z0d Remote host closed the connection 1215548838 J * yarihm ~yarihm@84-74-147-84.dclient.hispeed.ch 1215548898 Q * bonbons Quit: Leaving 1215549911 Q * joern42 Ping timeout: 480 seconds 1215550240 M * arekm [pid 9396] open("/proc/self/loginuid", O_WRONLY|O_TRUNC|O_NOFOLLOW) = -1 EPERM (Operation not permitted) 1215550256 M * arekm that's from pam_loginuid.so which "pam_loginuid sets the loginuid process attribute for the process that was authenticated. This is necessary for applications to be correctly audited. " 1215550272 M * daniel_hozac yes. 1215550335 M * arekm what's needed to make it working in guest? 1215550365 M * daniel_hozac you get "messing with the procfs" in dmesg on the host, right? 1215550384 M * arekm yes 1215550476 M * daniel_hozac http://people.linux-vserver.org/~dhozac/p/k/delta-proctrunc-fix01.diff 1215550484 M * daniel_hozac i'm not sure about the security implications yet though. 1215550497 M * daniel_hozac it's something that has to be investigated. 1215550643 M * arekm ok 1215550892 Q * nenolod Remote host closed the connection 1215550895 J * hparker ~hparker@linux.homershut.net 1215550903 J * nenolod ~nenolod@ip70-189-74-62.ok.ok.cox.net 1215551114 J * GuilhermeCunha ~Guilherme@189.30.52.208 1215551756 Q * loddafni1 Remote host closed the connection 1215552759 Q * cryptronic Quit: Leaving. 1215553187 J * joern42 ~jr@dyndsl-080-228-186-221.ewe-ip-backbone.de 1215553561 Q * laptopnenolod Quit: this sh scripting is the language of the future 1215553576 J * laptopnenolod ~nenolod@ip70-189-74-62.ok.ok.cox.net 1215554050 J * Aiken ~james@ppp118-208-119-17.lns4.bne4.internode.on.net 1215554803 P * joern42 1215554812 Q * the_fafa Quit: the_fafa 1215554838 J * joern42_ ~joern@dyndsl-080-228-186-221.ewe-ip-backbone.de 1215554925 N * joern42_ joern42 1215555111 J * the_fafa ~fafa@p5496F864.dip.t-dialin.net 1215555974 J * esa` bip@ip-87-238-2-45.static.adsl.cheapnet.it 1215555997 Q * esa Ping timeout: 480 seconds 1215557858 P * joern42 1215557978 Q * ntrs Ping timeout: 480 seconds 1215558033 N * DoberMann[PullA] DoberMann[ZZZzzz] 1215558150 J * Pazzo ~ugelt@sadsl-246059.rol.raiffeisen.net 1215558182 Q * Pazzo 1215558348 Q * dowdle Remote host closed the connection 1215558647 J * fatgoose ~samuel@82.80.modemcable.oricom.ca 1215559092 Q * fatgoose Quit: fatgoose 1215560150 Q * yarihm Quit: This computer has gone to sleep 1215560894 J * fatgoose ~samuel@82.80.modemcable.oricom.ca 1215560978 Q * _kwowt