1215993666 M * Bertl_oO if the question is to the unification, check out: http://linux-vserver.org/util-vserver:Vhashify
1215993781 M * dniel Bertl_oO: yes I asked to the channel. I need unification with a base debian. Okey I'll read this page
1215993825 M * Bertl_oO doesn't matter if it is debian or some other distro (guest side) if you are on debian (host side) make sure to have recent util-vserver
1215993869 M * dniel Bertl_oO: yes... I donwload it from backports :)
1215994144 M * Bertl_oO good, that should work
1215994595 J * Mojo1978 ~Mojo1978@ip-78-94-98-211.hsi.ish.de
1215994776 J * __gh__ ~gerrit@67.170.155.50
1215995192 Q * _gh_ Ping timeout: 480 seconds
1215995231 J * doener_ ~doener@i577BB7AC.versanet.de
1215995315 Q * Snow-Man Remote host closed the connection
1215995332 Q * doener Ping timeout: 480 seconds
1215995437 M * dniel I read the documentation of vhashify utility and I couldn't understand it. I want to install in a directory (inside of the host server) a base system of linux (for example a debian). Then I want that all virtual server (guests) being hardlinks of this directory with CoW support. Can vhashify help me?
1215995460 M * Bertl_oO sure, that's what it is for
1215995612 M * Bertl_oO http://linux-vserver.org/Frequently_Asked_Questions#How_do_I_manage_a_multi-guest_setup_with_vhashify.3F
1215995957 M * dniel refering to the line: "vserver name-of-guest hashify" How can I do that if name-of-guest doesn't exist yet?
1215995976 M * Bertl_oO you don't do that for non existing guests
1215995999 M * Bertl_oO in your case, you do that for the 'template'
1215996009 M * Bertl_oO then you use clone to create new guests from that
1215996498 M * dniel Does the "template" have to be a guest running?
1215996514 M * Bertl_oO for the hashify part, yes, after that, no
1215996557 M * dniel ah! okey!
1215996587 M * dniel now I understand better the idea :)
1215998777 J * fatgoose ~samuel@82.80.modemcable.oricom.ca
1215999481 J * fatgoose_ ~samuel@82.80.modemcable.oricom.ca
1215999513 Q * fatgoose Read error: No route to host
1215999532 Q * dniel Quit: Leaving
1215999536 J * fatgoose ~samuel@82.80.modemcable.oricom.ca
1215999963 Q * fatgoose_ Ping timeout: 480 seconds
1216002060 J * Moser_ ~chatzilla@Xb29e.x.pppool.de
1216002457 Q * Moser Ping timeout: 480 seconds
1216004546 J * sandra_f ~sandra_f@ANantes-257-1-8-146.w90-31.abo.wanadoo.fr
1216004652 Q * sandra_f 
1216006326 M * Bertl_oO okay, off to bed now .. have a good one everyone!
1216006331 N * Bertl_oO Bertl_zZ
1216014375 Q * laptopnenolod Quit: <arika> this sh scripting is the language of the future
1216014425 J * laptopnenolod ~nenolod@ip70-189-74-62.ok.ok.cox.net
1216016889 J * z0d ~z0d@fw.wonderline.hu
1216018009 M * z0d hello
1216018878 J * kir ~kir@swsoft-msk-nat.sw.ru
1216019351 Q * jsambrook Quit: Leaving.
1216020427 J * yarihm ~yarihm@84-74-147-84.dclient.hispeed.ch
1216020570 Q * yarihm 
1216020911 J * dna ~dna@183-221-dsl.kielnet.net
1216023139 J * mire ~mire@104-174-222-85.adsl.verat.net
1216023196 Q * mire 
1216023406 Q * kiorky_ Ping timeout: 480 seconds
1216023446 J * kiorky ~kiorky@cryptelium.net
1216023477 M * arachnist MARK="default" /usr/lib/util-vserver/vserver-wrapper start <| where does one set the "default" for vserver?
1216023530 M * opuk echo default > /etc/vservers/<guest>/apps/init
1216023541 M * arachnist thanks
1216024143 J * derjohn_mob ~aj@80.69.42.51
1216025255 J * jsambrook ~jsambrook@anchor-internet-1-if0.router.demon.net
1216026175 Q * jsambrook Quit: Leaving.
1216026228 J * jsambrook ~jsambrook@anchor-internet-1-if0.router.demon.net
1216027532 J * gypsy ~colorioma@84.18.151.77
1216027536 M * gypsy hi
1216027576 M * gypsy is te development of vserver still alive? it seems there are no news since 2006..
1216027588 M * pmjdebruijn gypsy: it's alive and kicking...
1216027630 M * pmjdebruijn  patch-2.6.22.19-vs2.2.0.7.diff    14-Mar-2008
1216027656 M * pmjdebruijn that's the latest stable...
1216028219 M * arachnist arachnist kerrigan:~ [214]% uname -sr
1216028219 M * arachnist Linux 2.6.25.10-vs2.3.0.34.13
1216028802 Q * derjohn_mob Ping timeout: 480 seconds
1216028879 Q * tzanger Ping timeout: 480 seconds
1216028895 M * sid3windr :)
1216029107 M * gypsy I c:) well but mailling lists and the site gives a bad feeling about the future of the project:(
1216029140 M * sid3windr mailinglist is pretty active, no? :)
1216029150 M * sid3windr as is the site, I believe?
1216029161 M * sid3windr 2.6.22.19 is not from 2006 is it?
1216029181 M * sid3windr the "news" page should indeed either be updated more frequently or go away,  I guess :/
1216029619 Q * jsambrook resistance.oftc.net kilo.oftc.net
1216029640 J * jsambrook ~jsambrook@anchor-internet-1-if0.router.demon.net
1216030009 J * friendly ~friendly@ppp59-167-145-230.lns4.mel6.internode.on.net
1216030581 Q * nerdpunk Quit: Ex-Chat
1216031056 J * ktwilight ~ktwilight@197.119-66-87.adsl-dyn.isp.belgacom.be
1216031321 Q * ktwilight_ Ping timeout: 480 seconds
1216031977 J * yarihm ~yarihm@guest-docking-nat-1-094.ethz.ch
1216032248 Q * Aiken Remote host closed the connection
1216032546 J * mrjack ~mrjack@p54B5B413.dip0.t-ipconnect.de
1216032547 M * mrjack hi
1216032581 M * mrjack does there exist a script, which rewrites the configuration from vserver 1.x to 2.x style?
1216032613 M * sid3windr yes
1216032625 M * sid3windr I will check if I still have it
1216032628 M * mrjack sid3windr: do you know where to find it?
1216032632 M * sid3windr it's not perfect of course
1216032633 M * mrjack that would be nice :-)
1216032675 M * sid3windr hm, can't immediately find it :/
1216032695 M * sid3windr it was posted on the mailing list I think
1216032743 M * sid3windr long long time ago
1216032759 M * sid3windr checking my backup server now, but that may take a while :)
1216032815 M * sid3windr got it
1216032854 M * sid3windr http://magic.powersource.cx/~tom/convert-vs.sh
1216032863 J * Aiken ~james@ppp121-45-243-126.lns2.bne4.internode.on.net
1216032865 M * sid3windr disclaimer: I didn't write it, and I'm not responsible if it blows up your house :) 
1216032869 M * sid3windr but I used it successfully
1216032874 M * sid3windr it depends on how complex your setup is of course
1216032880 M * sid3windr I had a very basic one at the time and it converted it fine
1216032990 M * mrjack thankyou
1216033050 J * kiorky_ ~kiorky@cryptelium.net
1216033171 Q * kiorky Ping timeout: 480 seconds
1216033193 J * loddafnir ~mike@193.170.138.233
1216033861 J * kiorky ~kiorky@cryptelium.net
1216033882 M * mrjack sid3windr: thank you, this script works for my purposes..
1216033977 Q * kiorky_ Ping timeout: 480 seconds
1216035351 Q * friendly Quit: Leaving.
1216035950 N * Bertl_zZ Bertl
1216035956 M * Bertl morning folks!
1216036000 M * nox wb Bertl 
1216037082 M * pmjdebruijn morning
1216038358 M * sid3windr mrjack: welcome :)
1216038362 M * sid3windr I found it useful myself :)
1216038637 Q * Mojo1978 Remote host closed the connection
1216038908 N * zbyniu_ zbyniu
1216039282 M * Bertl sid3windr, mrjack: just a note to that script, it might make sense to actually _use_ the 'skeleton' build (in the script, where it is mentioned) instead of creating the stuff by hand (to keep compatibility) but otherwise it looks somewhat sane
1216039333 M * sid3windr noted - however I haven't used it in a very long time, and am not planning to do it again :)
1216039342 M * sid3windr (as I don't have old-style config guests left)
1216039344 M * Bertl well, except for tghe lock/nproc in flags :)
1216039394 M * Bertl not quite unexpected, as the 'old' config style died out about 4? years ago
1216039417 M * sid3windr indeed :P
1216039758 M * daniel_hozac Bertl: got some patches for you...
1216039765 M * daniel_hozac http://people.linux-vserver.org/~dhozac/p/k/delta-exitxid-fix01.diff
1216039769 M * daniel_hozac http://people.linux-vserver.org/~dhozac/p/k/delta-unix-fix02.diff
1216039775 M * daniel_hozac http://people.linux-vserver.org/~dhozac/p/k/delta-procsec-feat05.1.diff (for 2.6.25 this time)
1216039781 M * daniel_hozac http://people.linux-vserver.org/~dhozac/p/k/delta-pidspace-feat02.diff
1216039802 M * Bertl wow, you've been busy that weekend? :)
1216039803 M * daniel_hozac http://people.linux-vserver.org/~dhozac/p/k/delta-pidspace-lock01.diff is definitely worth discussing... should we use RCU instead?
1216039815 M * daniel_hozac i've got no internet access at the dorm... heh.
1216039938 M * Bertl okay, the first one looks very good, wanted to do that for some time now
1216039953 M * daniel_hozac yeah, me too.
1216040019 M * Bertl the second one has some whitespace changes in it, we should avoid those unless there is a good reason
1216040095 M * daniel_hozac i thought it looked prettier grouping the continue conditions together :)
1216040114 M * daniel_hozac (i was making other changes too initially, but they got reverted)
1216040123 M * Bertl okay, will look at it ... that fixes the unix socket info, yes?
1216040149 M * daniel_hozac right.
1216040222 M * Bertl is the feat5.1 complete?
1216040237 M * daniel_hozac why? is it missing anything?
1216040243 M * daniel_hozac (i.e. i think so)
1216040277 M * Bertl okay, just wondering, because IIRC, you planned to break out the vs_check for inode flags
1216040341 M * daniel_hozac well, other than vx_hide_check using the "wrong" flags, i don't see any reason to.
1216040399 M * Bertl okay, no problem with that ... but both, hide and write check could be replaced by a generic check, I guess
1216040542 M * daniel_hozac well, they are used in different code paths, so it might as well be kept separate. but yes, i see your point.
1216040579 M * Bertl np with that, I just was curious
1216040645 Q * Adrinael Ping timeout: 480 seconds
1216040667 M * daniel_hozac hmm, we probably want to hold off on procsec for now... i guess the multiple /proc mounts are messing it up.
1216040697 M * Bertl with or without pid space?
1216040813 M * daniel_hozac hmm, probably both. but currently i'm testing with pid spaces.
1216040904 J * Adrinael adrinael@rid7.kyla.fi
1216041311 M * Bertl interesting ...
1216042004 J * derjohn_mob aj@p57A6DC6A.dip.t-dialin.net
1216042497 Q * derjohn_mob Ping timeout: 480 seconds
1216042838 M * matti Hi Bertl, daniel_hozac :)))
1216043022 M * Bertl hey matti! how's going?
1216043141 M * matti Good, good...
1216043143 M * matti Yourself?
1216043344 M * daniel_hozac Bertl: opinions on the pidspace patches?
1216043347 M * daniel_hozac hello matti!
1216043348 Q * Aiken Quit: Leaving
1216043629 M * matti daniel_hozac: Hi :)
1216043905 J * JonB ~NoSuchUse@130.227.63.19
1216043918 M * Bertl daniel_hozac: got distracted ... should get to them shortly
1216043940 M * JonB hey Bertl 
1216043995 M * JonB the /proc/loadavg file, on the vserver host, is that the overall load level on the machine including the guests, or just the load for the host ?
1216044012 M * Bertl the overall load
1216044031 M * JonB ok
1216044087 M * JonB some of my users complain that the response time is still too slow even though i reniced the bad test guests (to 10, maybe that was too small)
1216044125 M * daniel_hozac so put some hard limits on them?
1216044155 M * Bertl JonB: in general 20 is a good choice for stuff which should not disturb other stuff
1216044184 M * Bertl also ionice with -c3 is a good idea there
1216044185 M * JonB daniel_hozac: i prefer to leat it eat and have it's cpu as well
1216044243 M * daniel_hozac so, idle time only.
1216044248 M * JonB Bertl: i can set that as well just like the nice level?
1216044259 M * JonB i'll try it
1216044610 J * Djinh ~alexlh@194.109.7.202
1216045045 M * Bertl daniel_hozac: this hunk can go, no? @@ -2641,8 +2641,9 @@ int proc_pid_readdir(struct file * filp,
1216045083 M * daniel_hozac hmm, yes.
1216045088 M * daniel_hozac i don't know why that's there...
1216045103 M * Bertl what about the @@ -81,7 +81,7 @@ static int proc_get_sb 
1216045116 M * Bertl why do we remove the _ns dependant stuff there?
1216045144 M * daniel_hozac so that init can exit.
1216045156 J * docelic ~docelic@78.134.193.128
1216045173 M * daniel_hozac otherwise /proc becomes unusable after init dies.
1216045199 M * Bertl okay, but we only want that for 'blend through init' cases, no?
1216045330 M * daniel_hozac well, i didn't see the point in making it conditional. AFAICT, it doesn't really matter either way.
1216045389 M * Bertl hmm, I'd assume that this is the handle for init (pid wise) inside a  pid space, no?
1216045420 M * Bertl i.e. if we pass the one from host init unconditionally, wouldn't that mean that /proc inside the guest will _always_ refer to host init?
1216045507 M * daniel_hozac no, it's traversing the pid namespace using find_ge_pid.
1216045559 M * Bertl so what's ei->pid used for then?
1216045650 M * daniel_hozac i honestly don't know what the purpose is, but the task it's referring to has to exist in order for /proc to work.
1216045686 M * Bertl which suggests, that it is essential for proc, so I doubt that it isn't used there :)
1216045777 Q * JonB Quit: Leaving
1216045795 M * daniel_hozac i traced it pretty far, i didn't see it being used anywhere (other than the "does the task exist?" check).
1216045813 M * Bertl well, then we might want to remove that check
1216045839 M * Bertl see what still works, if all is fine, that's the way to go
1216045872 M * Bertl SCD: what's the idea behind the required/optional space support?
1216045887 M * daniel_hozac SCD?
1216045900 M * Bertl something completely different:
1216045903 M * daniel_hozac ah.
1216045929 M * daniel_hozac i'd like to have some way for the kernel to tell the utils what spaces were previously a part of the process context.
1216045984 M * daniel_hozac it's something that is bound to lag.
1216045989 M * Bertl hmm
1216045997 M * daniel_hozac and i'd like to automate it as much as possible.
1216046015 M * Bertl what's the problem if you don't know this?
1216046036 M * daniel_hozac that the utils won't be creating the spaces as necessary, and it'll fall on the user to do it.
1216046045 M * daniel_hozac which is pretty lame, if you ask me.
1216046066 M * Bertl i.e. what if you use the fully available space mask (if not specified otherwise)?
1216046091 M * daniel_hozac then we get network namespaces by default... a default i'd rather avoid :)
1216046108 M * Bertl hmm, do we advertize them?
1216046115 M * daniel_hozac with my patch, yes.
1216046127 M * daniel_hozac (thus letting people play around with network namespaces)
1216046140 M * Bertl aha, how's that related to the pidspace feature?
1216046164 M * daniel_hozac it's not :)
1216046175 M * Bertl okay, so please remove that part then :)
1216046188 M * Bertl i.e. put it in a separate patch
1216046223 M * daniel_hozac well, it's just the CLONE_NEWNET line that's affected, but sure.
1216046249 M * Bertl no, it's the entire vserver/space_cmd change
1216046308 M * Bertl and I presume you are using the vcmd_space_supported struct in VCMD_get_space_mask() which is kind of wrong
1216046353 M * daniel_hozac how so?
1216046381 M * Bertl well, VCMD_get_space_mask uses vcmd_space_mask (struct)
1216046397 M * Bertl VCMD_get_space_mask_v0 will use vcmd_space_mask_v0
1216046418 M * Bertl once we have an API change there, it will be reflected in a change in the structures
1216046431 M * daniel_hozac i did that at first, but moving set_space and enter_space to vcmd_space_mask_v0 seemed wronger.
1216046440 M * Bertl (not convinced yet we should do that/need that)
1216046456 M * daniel_hozac well, i pretty much need it for the utils.
1216046461 M * Bertl what'S the problem with simply putting that info into a file?
1216046487 M * daniel_hozac other than file parsing sucks? :)
1216046490 M * Bertl something like /etc/vservers/.default/unshare 
1216046520 M * Bertl well, you need to read defaults and config anyway, no?
1216046544 M * Bertl (or has that changed lately :)
1216046591 M * daniel_hozac well, this is part of vc_ctx_create/migrate.
1216046659 M * daniel_hozac also, this is very kernel internal, so having the kernel tell userspace is preferable, IMHO.
1216046745 M * Bertl you have to convince me that this isn't more than a really ugly special casing for the network namespaces :)
1216046759 M * daniel_hozac the filesystem bits are also in there.
1216046775 M * daniel_hozac i already had & ~(CLONE_NEWNS|CLONE_FS) in the utils which is... ugly.
1216046799 M * Bertl hmm?
1216046810 M * Bertl we actually want to clone those, no?
1216046832 M * daniel_hozac not always.
1216046834 M * daniel_hozac http://svn.linux-vserver.org/projects/util-vserver/browser/trunk/lib/syscall_ctxcreate-v21.hc
1216046910 M * Bertl why's that?
1216046916 M * daniel_hozac CLONE_NEWNS|CLONE_FS/CLONE_NEWNET are optional, and created separately.
1216046936 M * Bertl well, ultimately all spaces are 'optional'
1216046949 M * daniel_hozac i would not consider the pid namespace optional :-)
1216046952 M * Bertl if somebody want's to run his guest in a shared IPC space?
1216046963 M * daniel_hozac that's a feature i have not yet implemented.
1216046982 M * Bertl so, how is that handled in the future (when you implement it)
1216047006 M * daniel_hozac probably using a flag that disables the automatic space handling.
1216047035 M * Bertl what about putting the to-be-unshared (or the not-to-be-unshared) spaces in a config file?
1216047067 M * z0d bye
1216047068 Q * z0d Remote host closed the connection
1216047074 M * Bertl you can always warn on requests which cannot be satisfied
1216047097 M * daniel_hozac that would be required, yes.
1216047137 M * daniel_hozac i.e. you set the flag, the automatic space handling is disabled, and you have to create all the files necessary in /etc/vservers/<guest>/spaces.
1216047151 M * daniel_hozac (which exists in 0.30.215, already)
1216047208 M * Bertl so why not put the defaults for 'automatic space handling' in a file/dirtree too?
1216047223 M * daniel_hozac because the utils don't know what the kernel supports.
1216047237 M * daniel_hozac i.e. when 2.6.29 is released adding another namespace, i'd like 0.30.216 to still work.
1216047249 M * Bertl that's what the VCMD_get_space_mask() is for
1216047266 M * daniel_hozac exactly.
1216047268 M * Bertl it shows what the kernel _supports_ 
1216047291 M * daniel_hozac but it needs a way to distinguish between _new_ features, and features that have been moved from the process context to a namespace.
1216047339 M * daniel_hozac otherwise you'll suddenly have contexts without e.g. IPC isolation.
1216047360 M * Bertl how's that handled right now?
1216047391 M * Bertl we have IPC spaces since a while, no=
1216047396 M * Bertl s/=/?/
1216047497 M * Bertl look, I'm not against such a change per se, but you are requesting a major API change here, and I currently fail to see why we would need that _now_ (and not half a year ago :)
1216047557 Q * opuk Ping timeout: 480 seconds
1216047640 J * opuk ~kupo@c213-100-138-228.swipnet.se
1216047713 N * DoberMann[PullA] DoberMann
1216047865 M * daniel_hozac well, we did need it half a year ago :)
1216047913 M * daniel_hozac i don't want to have the blacklist in the utils.
1216047967 M * daniel_hozac and it's not really an API change. it's a new API.
1216047986 M * Bertl okay, let's assume we add a new syscall command to support this information ... 
1216048003 M * Bertl for the older kernels, it won't change a bit, right?
1216048023 M * Bertl so you still need that blacklist for any API up to this one
1216048033 M * daniel_hozac yes, the old API is still supported in the utils.
1216048037 M * Bertl now let's look into the future
1216048057 M * Bertl what spaces are going to be broken out of the 'process' context in the near future?
1216048083 M * daniel_hozac i have no idea :)
1216048094 M * Bertl any wild guesses or so?
1216048179 M * daniel_hozac device namespace maybe, obsoleting the loop/dm stuff.
1216048228 M * Bertl and that wouldn't be handled properly without this change?
1216048257 M * daniel_hozac this is the case that's already handled though.
1216048270 J * fatgoose_ ~samuel@82.80.modemcable.oricom.ca
1216048295 M * daniel_hozac the case this change fixes is when there are completely _new_ namespaces.
1216048329 M * daniel_hozac i.e. things that have no corresponding feature in the process context.
1216048336 M * daniel_hozac which we might not want to make the default.
1216048337 M * Bertl required would list the same as 'mask' and optional those completely new ones?
1216048366 M * daniel_hozac well, the same as mask - CLONE_NEWNS|CLONE_FS
1216048396 M * daniel_hozac (since those were never part of the context)
1216048403 J * fatgoose__ ~samuel@82.80.modemcable.oricom.ca
1216048403 M * Bertl because those are neither required nor optional?
1216048422 M * Bertl or do they get into the optional ones?
1216048428 M * daniel_hozac required and optional are really bad names...
1216048432 M * daniel_hozac they'd go into optional.
1216048462 M * Bertl so you want a new API (new syscall command) with broken naming :)
1216048471 Q * fatgoose Read error: Connection reset by peer
1216048499 M * Bertl do we have spaces which are neither 'optional' nor 'required'?
1216048510 M * daniel_hozac well, the names are something i'd like to change...
1216048527 Q * fatgoose__ 
1216048535 M * daniel_hozac if you have ideas for better names, please, let me know.
1216048558 M * Bertl I'm still not able to figure the information passed to userspace here
1216048559 J * fatgoose ~samuel@82.80.modemcable.oricom.ca
1216048600 M * Bertl I'm fine with information like: please unshare those for a fully isolated guest
1216048626 M * Bertl or, those spaces are available, unshare to your liking
1216048637 M * daniel_hozac right.
1216048648 M * daniel_hozac that's what i want :)
1216048652 M * daniel_hozac (i.e. both)
1216048657 M * Bertl but I see problems with information like: this used to be part of the process context in kernels 2.6.2-2.624
1216048713 M * daniel_hozac well, that's the same as "please unshare those for a fully isolated guest".
1216048714 M * Bertl okay, but CLONE_NEWNS and CLONE_FS are part of the former and the latter
1216048753 M * Bertl because a fully isolated guest wants to unshare (ignore the inversion on CLONE_FS) thise
1216048756 M * Bertl *those
1216048763 Q * fatgoose_ Ping timeout: 480 seconds
1216048798 M * daniel_hozac well, CLONE_NEWNS isn't really required for a fully isolated guest.
1216048819 M * Bertl of course it is, otherwise the fs namespace is not isolated
1216048832 M * Bertl (see mount and stuff)
1216048901 M * daniel_hozac well, we'd have to differentiate between isolation and a secure setup.
1216048903 M * Bertl the only spaces here which come to my mind right now are pid spaces and network
1216048926 M * Bertl your patches aim to make pid space an essential one (which is fine)
1216048952 M * daniel_hozac so maybe .secure and .optional, or something like that.
1216048982 M * Bertl so is a guest without an IPC namespace not secure?
1216049001 M * Bertl (or with a shared IPC space between two guests, imagine that :)
1216049026 M * daniel_hozac if "secure" is defined as guest A cannot mess with guest B, then yes, it's insecure.
1216049064 M * Bertl okay, let's take one step back here ...
1216049097 M * Bertl assumed that you get a new syscall command (let's say in addition to the VCMD_get_space_mask), called VCMD_get_space_something
1216049130 M * Bertl which returns some kind of space mask too (we don't know its precise purpose and name yet)
1216049170 M * Bertl what would that additional mask return with 2.6.22 or 2.6.25 or a future 2.6.30 (which has device namespaces)
1216049181 M * Bertl ?
1216049200 Q * fatgoose Quit: fatgoose
1216049393 M * daniel_hozac 2.6.22 = { .required = CLONE_NEWUTS|CLONE_NEWIPC, .optional = CLONE_NEWNS|CLONE_FS }, 2.6.25 = { .required = CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWUSER|CLONE_NEWPID, .optional = CLONE_NEWNS|CLONE_FS|CLONE_NEWNET }, 2.6.30 = { .required = CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWUSER|CLONE_NEWPID|CLONE_NEWDEV, .optional = CLONE_NEWNS|CLONE_FS|CLONE_NEWNET|CLONE_NEW... }
1216049409 M * daniel_hozac with the terminology in my patch.
1216049454 Q * gypsy Quit: leaving
1216049463 M * Bertl so it is a special casing for the NEWNET nothing more
1216049501 M * daniel_hozac no, it's moving the blacklist from the utils to the kernel.
1216049507 M * daniel_hozac since the kernel is the one who knows about it.
1216049545 M * Bertl well, it doesn't change
1216049550 M * daniel_hozac sure it does.
1216049562 M * daniel_hozac whenever a new namespace is added, the blacklist has to be extended.
1216049567 M * daniel_hozac i don't know what people are working on.
1216049714 J * fatgoose ~samuel@82.80.modemcable.oricom.ca
1216049868 M * Bertl I don't understand the 'blacklist' semantics you are referring to
1216049918 M * Bertl from the kernel PoV, we have spaces which are supported for guests (i.e. you can enter them via syscall commands) and we have unrelated spaces
1216049950 M * Bertl of course, the supported spaces can be selected independantly (i.e. you make up your own subset)
1216050007 M * Bertl if you want some kind of 'suggestion' for a 'good' (default) set of spaces, we can do that, but I don't see why that should be kernel side
1216050022 M * daniel_hozac because it changes.
1216050052 M * daniel_hozac i want the utils to work on more than one kernel version.
1216050069 M * Bertl of course, we are in total agreement there
1216050094 M * Bertl that's why we have API versions
1216050098 M * daniel_hozac requiring the utils to have the blacklist (i.e. supported spaces that are optional) means that you need new utils to not get those new features by default.
1216050136 M * Bertl not if they are part of the config
1216050138 M * daniel_hozac (or you have to configure the utils to not unshare it)
1216050153 M * daniel_hozac i'd still prefer to have a sane default.
1216050206 M * Bertl well, that'd be CLONE_NEWNS|CLONE_FS|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWUSER|CLONE_NEWPID then, no?
1216050234 M * Bertl (of course, masked with the space_mask
1216050307 M * Bertl I don't have a problem to provide an additional syscall command, which returns this set for a forseeable future (including the masking, if you like)
1216050341 M * Bertl but I don't see what that would buy us .. or how it would simplify usespace handling
1216050370 M * bXi evenin
1216050398 M * daniel_hozac CLONE_NEWNS|CLONE_FS should be part of the other mask.
1216050653 M * Bertl well, there would be no 'other' mask, there would be a 'suggested mask' and that would include CLONE_NEWNS|CLONE_FS of course
1216050678 M * Bertl simply because those are the suggested (known good, working) defaults, no=
1216050700 A * Bertl thinks he should rebind = to ? 
1216051252 M * sid3windr =$ maybe ;)
1216051705 Q * kir Quit: Leaving.
1216051994 Q * fatgoose Quit: fatgoose
1216052005 J * raphinou ~rb@88.197.235.173
1216052198 J * Mojo1978 ~Mojo1978@ip-78-94-98-211.hsi.ish.de
1216053732 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d
1216053835 M * daniel_hozac well, sure, i can work with that...
1216054169 M * Bertl okay, and you'd prefer an extended get_space_mask over a separate call, yes?
1216054199 M * Bertl i.e. a space_mask_v1 which reports 'mask' and 'suggested' ?
1216054297 M * daniel_hozac ideally, yes.
1216054501 M * Bertl okay, I can live with 'default' or 'suggested' there, whatever you prefer
1216054552 M * daniel_hozac suggested is fine.
1216055628 M * daniel_hozac http://people.linux-vserver.org/~dhozac/p/k/delta-pidspace-feat03.diff http://people.linux-vserver.org/~dhozac/p/k/delta-pidspace-lock02.diff
1216055887 Q * yarihm Ping timeout: 480 seconds
1216055921 M * daniel_hozac what do you want the supported space structure to be called?
1216055955 M * daniel_hozac (i.e. the one with mask and suggested)
1216056012 M * Bertl well, as usual, we make that vcmd_space_mask (v1) and change the existing one to vcmd_space_mask_v0
1216056071 M * daniel_hozac so we make set_space/enter_space use vcmd_space_mask_v0=
1216056074 M * daniel_hozac s/=/?/
1216056111 M * Bertl I think we will break that up too, but I have to think about that a little more
1216056135 M * Bertl maybe we do a vcmd_get_space_mask or so
1216056226 M * Bertl OTOH, we could avoid that completely and reuse the existing struct if we go for a separate syscall command _only_ reporting the suggested/default
1216056681 M * daniel_hozac VCMD_get_suggested_spaces?
1216056690 M * daniel_hozac VCMD_get_suggested_mask?
1216057091 Q * Mojo1978 Ping timeout: 480 seconds
1216057126 M * daniel_hozac did you get a chance to look at either of the pidspace-lock* patches?
1216057301 M * Bertl VCMD_get_space_suggested :)
1216057333 M * Bertl looking at the lock02 now ...
1216057492 M * Bertl hmm, what do we need the vxi_*lock macros for?
1216057573 M * daniel_hozac nothing, really. just makes it easier to switch from one kind of locking to another.
1216057630 M * Bertl we have options there?
1216057692 M * daniel_hozac i don't know. locking in the kernel is not exactly a topic i'm intimately familiar with :)
1216057903 M * Bertl k, np
1216057937 M * daniel_hozac http://people.linux-vserver.org/~dhozac/p/k/delta-getspacesuggested-feat01.diff
1216057994 M * Bertl hmm, looks like we should take 'default'
1216058027 M * daniel_hozac for alignment purposes? :)
1216058032 M * Bertl yep :)
1216058044 M * Bertl but let me check the rest first :)
1216058082 M * Bertl suggested_mask -> space_default_mask 
1216058104 M * daniel_hozac yeah.
1216058131 M * Bertl yeah, let's go for default, suggested is too long in so many cases ...
1216058153 M * NaioN Bertl: where can i get the newest patch?
1216058166 M * daniel_hozac http://vserver.13thfloor.at/Experimental/
1216058172 M * NaioN thx
1216058199 M * Bertl daniel_hozac: is the CLONE_* list in sequence (for the masks)?
1216058230 M * Bertl (if not, we might want to put that in order)
1216058244 M * daniel_hozac hmm, probably not.
1216058248 M * daniel_hozac lowest to highest?
1216058269 M * Bertl yes, I'd say so, we'll add at the end
1216058350 M * daniel_hozac you're assuming new spaces get added as the highest bit :)
1216058370 M * daniel_hozac (there has been talk about recycling old bits...)
1216058386 M * Bertl well ... we can add inbetween too, if necessary :)
1216058389 M * daniel_hozac http://people.linux-vserver.org/~dhozac/p/k/delta-getspacedefault-feat01.diff
1216058470 M * arekm hello, is 2.3 for .26 planned or maybe this rel will be skipped?
1216058478 M * Bertl hmm, in the set space, do we actually want the default_space_mask?
1216058506 M * daniel_hozac arekm: why would it be skipped?
1216058510 Q * jsambrook Quit: Leaving.
1216058543 M * Bertl arekm: ah, 2.6.26 is out :) tx for the info :)
1216058547 M * daniel_hozac Bertl: i think so. it's the old "set NEWNS|FS" compat thing.
1216058551 M * arekm daniel_hozac: no idea, there is always posibility for "big changes, well wait for .27 to adopt" or something like that
1216058564 M * daniel_hozac honestly, i think we can just drop that and replace it with -EINVAL.
1216058592 M * Bertl I'm fine with that too, if you prefer (but probably breaks backwards compatibility)
1216058611 M * daniel_hozac i don't think so.
1216058671 M * Bertl I remember that we did this to handle a previous version which didn't pass the mask
1216058674 M * daniel_hozac _v0 were the ones without data.
1216058684 M * daniel_hozac _v0 is no longer supported in the switch.
1216058708 M * Bertl okay, no problem then, i.e. we drop that check completely
1216058752 M * daniel_hozac arekm: quite a few files got shuffled around, but i think it shouldn't be too big of a problem...
1216058798 M * daniel_hozac (need to investigate more though)
1216060503 J * lafille ~lafille@ANantes-257-1-8-146.w90-31.abo.wanadoo.fr
1216060606 Q * lafille 
1216061645 M * mrjack hm, how can i show up the services/bootmsgs when i use vserver start <vserver>, the output does not show up since i upgrade from 1.2 to 2.x - how can i see the output?
1216061680 M * daniel_hozac use the sysv/gentoo init style.
1216061708 M * mrjack where can i change the init style? i use debian with debian-vserver kernel?
1216061757 M * daniel_hozac echo <initstyle> > /etc/vservers/<guest>/apps/init/style
1216061775 M * mrjack this is currently set to plain
1216061803 M * daniel_hozac which is why you're not seeing any output.
1216061809 M * mrjack ok
1216061810 M * FaUl mh
1216061816 M * mrjack thank you very much for your help :)
1216062021 M * mrjack why is this not the default?
1216062040 M * daniel_hozac it is.
1216062348 M * mrjack ok, but then the question is, why is it not the default on my system :-P
1216062380 M * daniel_hozac someone obviously created the apps/init/style file.
1216062394 M * daniel_hozac and decided to put plain in there.
1216062398 M * mrjack yes, i guess it was me
1216062399 M * daniel_hozac figure out who, and you'll know.
1216062436 M * mrjack daniel_hozac: i converted with convert-vs.sh from the old config style so i might have messed up something when i created the new configurations
1216062449 M * daniel_hozac i don't know what that is.
1216062463 M * mrjack http://magic.powersource.cx/~tom/convert-vs.sh
1216062464 M * daniel_hozac but presumably it didn't do the right thing.
1216062488 M * mrjack init style plain works for most vservers, but some require style sysv
1216062504 M * daniel_hozac plain should work with practically anything.
1216062505 M * mrjack so the script itself did no bad job anyway :)
1216062507 M * daniel_hozac you just don't get any output.
1216062509 M * arekm require? how so?
1216062527 M * mrjack arekm: the vserver restarted in an endless loop
1216062537 M * daniel_hozac that means you didn't run the cleanup scripts...
1216062557 M * mrjack which cleanup scripts?
1216062586 M * daniel_hozac the post-build scripts which cleanup most common distributions, removing useless start/stop scripts.
1216062626 M * mrjack well, don't remember any cleanup script the time i installed these vservers 
1216062668 M * daniel_hozac probably didn't exist back then... Copyright says 2003.
1216062722 M * mrjack yes, seems so :-)
1216062730 M * mrjack i started vserverhosting in 2003
1216062749 M * Bertl excellent! so a long time user then ...
1216062754 M * mrjack yes :)
1216062762 M * Bertl and, still happy?
1216062771 M * mrjack yes.
1216062801 M * mrjack but the change from 1.2 to 2.x is overwelming
1216062828 M * mrjack so many options :-P
1216062833 M * Bertl well, the backwards compatibility stuff should take care of most of it
1216062848 M * Bertl but yeah, quite a lot changed since
1216062873 M * Bertl and you definitely want to utilize the new features (i.e. you want to update/migrate the config)
1216062887 M * mrjack yup. i am currently migrating to the new config-style
1216062898 M * mrjack but this will take a few days :-P
1216062936 M * Bertl shouldn't be too hard .. my suggestion is to create a new guest (with util-vserver), and check the config
1216062962 M * Bertl most likely the skeleton config will suffice for your setup anyways, so doing that would be another option
1216062964 M * mrjack i have read the great flower page
1216062982 M * mrjack i already have 4 host-systems converted
1216063013 M * Bertl ah, so it takes days because of the number of systems involved?
1216063066 M * mrjack yes, and to improve/edit my managementscripts to use the new config-style
1216063089 Q * duckx Remote host closed the connection
1216063093 M * Bertl i.c. well, yeah, that can take time
1216063122 J * duckx ~Duck@81.57.39.234
1216063134 M * Bertl daniel_hozac: okay, I have to leave now, will go through the locking when I get back ... what 'issues' did you observe without?
1216063159 M * daniel_hozac none, but we're not protecting any of it currently.
1216063169 M * daniel_hozac so in theory we could race.
1216063192 M * daniel_hozac and when you're derefencing that far... it just makes me worry.
1216063199 J * britneypire ~britneypi@ANantes-257-1-8-146.w90-31.abo.wanadoo.fr
1216063299 Q * britneypire 
1216063365 M * Bertl okay, understood
1216063372 N * Bertl Bertl_oO
1216063388 Q * duckx Remote host closed the connection
1216063395 M * daniel_hozac in any case, it shouldn't affect any hot paths, so it can't hurt, right?
1216063448 Q * raphinou Quit: Leaving
1216063491 M * mrjack when i set rlimits/rss and as, is there a possibility so that within the vserver there is only rss.hard pages showed when you use programs like top or free?
1216063521 M * daniel_hozac set VIRT_MEM in flags.
1216063557 J * duckx ~Duck@81.57.39.234
1216063579 M * mrjack okay, there is currently just "lock" - so i have to change to "lock set 393216"?
1216063605 M * mrjack when i want to set to 384mb?
1216063648 M * daniel_hozac no.
1216063652 M * daniel_hozac echo VIRT_MEM > flags
1216063855 M * mrjack ok
1216063858 M * mrjack thank you
1216064318 Q * docelic Quit: http://www.spinlocksolutions.com/
1216064463 J * ViRUS ~mp@p579B4260.dip.t-dialin.net
1216064836 J * yarihm ~yarihm@84-74-147-84.dclient.hispeed.ch
1216066033 J * awake ~irc-user@75-121-155-85.dyn.centurytel.net
1216066514 M * awake What is the best way to network/firewall vservers?  I want to be able to be able to contoll each vservers interactins with the network and with each other vserver. How Xen dose networking looks good, but is there a simpler or better to do it for vservers?
1216066574 M * daniel_hozac just do IP-based checks in INPUT/OUTPUT.
1216066697 J * awake_ ~irc-user@75-121-174-72.dyn.centurytel.net
1216066933 M * awake_ IP_based checks would work as long as all the host are well behaved but after listeng to a recording of Capelis's talk from DefCon15 on virtulizatioin I am more conserned about posible mis-behaving vservers and other protocols.
1216066989 M * daniel_hozac huh?
1216066996 M * awake_ I ment "as long as vservers on the host are well behaved"
1216066998 Q * awake Ping timeout: 480 seconds
1216067021 M * daniel_hozac you do realize that Linux-VServer is an IP-based isolation solution, right?
1216067039 M * daniel_hozac i.e. there's nothing _but_ IP, and the set of IP addresses is limited per guest.
1216067085 M * awake_ Thankyou, I had not yet come acroos that in the documentation I read.
1216067170 J * derjohn_mob ~aj@e180195021.adsl.alicedsl.de
1216068243 M * daniel_hozac Bertl_oO: http://people.linux-vserver.org/~dhozac/p/k/delta-pidspace-lock03.diff fixes (what appears to be) a deadlock in exit_child_reaper.
1216068880 Q * simonp Quit: Leaving
1216068994 Q * bonbons Quit: Leaving
1216071078 Q * yarihm Quit: This computer has gone to sleep
1216071197 N * DoberMann DoberMann[ZZZzzz]
1216071585 J * yarihm ~yarihm@84-74-147-84.dclient.hispeed.ch
1216072936 J * dna_ ~dna@183-221-dsl.kielnet.net
1216073036 J * the_fafa ~fafa@p5496E45C.dip.t-dialin.net
1216073082 Q * loddafnir Remote host closed the connection
1216073339 Q * dna Ping timeout: 480 seconds
1216073467 Q * fafa_ Ping timeout: 480 seconds
1216074026 M * nkukard man i love linux-vservers  ;)
1216074128 J * Aiken ~james@ppp121-45-243-126.lns2.bne4.internode.on.net
1216074170 M * nkukard daniel_hozac, is that more work on that issue you have with the amd?
1216075448 P * openblast http://quassel-irc.org - Chat comfortably. Anywhere.
1216075470 Q * ViRUS Quit: Leaving
1216076367 Q * dna_ Ping timeout: 480 seconds
1216076517 N * Bertl_oO Bert
1216076524 N * Bert Bertl
1216076532 M * Bertl back now ..
1216076543 M * nkukard copied some of my vservers over using rsync to a new box.
1216076555 M * nkukard mount: mount point /.rpmdb does not exist
1216076561 M * nkukard seem to get that error now
1216076575 M * Bertl what rsync options?
1216076577 M * mrjack wb Bertl
1216076580 M * nkukard the new box has  /sda mounted as /vservers  where the previous server was on same disk
1216076585 M * nkukard Bertl,   -va
1216076592 M * nkukard darn, i borked it, didn't i?
1216076604 M * Bertl nkukard: try with -axHPSD --numeric-ids :)
1216076635 Q * Aiken Remote host closed the connection
1216076645 M * nkukard Bertl, any way to fix it?
1216076658 M * Bertl yeah, run the rsync again
1216076668 M * Bertl it will not copy stuff already there
1216076710 M * nkukard hrmmmm .... what is the problem btw?
1216076737 M * Bertl you lost half of the files, and those which got transferred, have the wrong ownership (user/group)
1216076779 M * nkukard this is very bad  :(
1216076787 Q * yarihm Quit: Leaving
1216076799 M * Bertl why? did you remove the original already?
1216076823 J * fatgoose ~samuel@82.80.modemcable.oricom.ca
1216076824 M * nkukard one of them, yea
1216076839 A * nkukard thinks .... is running with those options above going to fix anything broken atm?
1216076866 M * Bertl the above options (to rsync) will fix permissions and copy missing files
1216076871 J * Aiken ~james@ppp121-45-243-126.lns2.bne4.internode.on.net
1216076884 M * Bertl i.e. stop the guest, re-run the rsync with the given options, restart and you should be fine
1216076884 M * nkukard ran it with --dry-run, not much difference
1216076904 M * nkukard let me try
1216076962 M * Bertl note that you want to copy all the guest data
1216076985 M * Bertl so, the .rpmdb could be part of the external rpmdb (of this guest) as well
1216077016 M * Bertl check symbolic links in the guest config for broken ones
1216077017 M * nkukard i'm copying /vservers/  and /etc/vservers
1216077031 M * nkukard yea, checked that
1216077035 M * nkukard all seem right
1216077043 M * nkukard .rpmdb is in each vserver in /vservesr/
1216077047 M * nkukard *vservers/
1216077137 M * Bertl and what gets mounted there?
1216077221 M * nkukard nothing ... not entirely sure what .rpmdb is used for
1216077229 M * nkukard i'm running   vyum with --debug
1216077277 M * nkukard + /usr/sbin/vnamespace --new -- /usr/lib/util-vserver/vyum-worker myvserver list
1216077277 M * nkukard mount: mount point /.rpmdb does not exist
1216077284 Q * awake_ Ping timeout: 480 seconds
1216077470 M * nkukard Bertl, the rsync with the above options still gives me the same problem ... hrmmm
1216077626 M * Bertl okay, maybe a change in the host distro?
1216077644 M * Bertl i.e. different (maybe newer?) yum?
1216077663 M * Bertl what happens if you create that /.rpmdb on the host?
1216077676 M * nkukard on the ot the same
1216077690 M * nkukard aha
1216077692 M * nkukard one sec
1216077787 M * nkukard i feel dumb now Bertl .... didn't read it was  /.rpmdb  thought it was .rpmdb  :(
1216077792 M * nkukard nearly 2am here :(
1216077802 M * Bertl np, glad it is fixed now :)
1216077822 M * nkukard thanks a million man
1216077840 M * Bertl btw, interesting time zone, it's 1:24 am here, so you are roughly half an hour off :)
1216078220 M * nkukard i mean 1:30 sorry
1216078277 M * Bertl ah, and I was hoping for one of those half hour time zones ...
1216078446 M * nkukard heheheh
1216079184 Q * fatgoose Quit: fatgoose
1216079879 Q * the_fafa Quit: the_fafa
1216079889 Q * bzed Quit: brb - reboot