1221091874 J * FireEgl FireEgl@173.16.9.10
1221092307 Q * ard Quit: BitchX-1.1-final -- just do it.
1221093002 J * ard ~ard@shell2.kwaak.net
1221093007 A * ard sighs
1221093016 A * ard upgraded util-vserver on debian
1221093216 M * daniel_hozac and?
1221098326 M * quinq speechless
1221098330 M * quinq good night
1221099949 Q * balbir_ Ping timeout: 480 seconds
1221101375 T * * http://linux-vserver.org/ |stable 2.2.0.7, devel 2.3.0.34, grsec 2.2.0.7|util-vserver-0.30.215|libvserver-1.0.2|vserver-utils-1.0.3| He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the Wiki, and we forget about the minute. 
1221101375 T * ChanServ -
1221102531 M * micah ard: bug reports are the only way you can get your mind read
1221103957 J * derjohn_foo ~aj@e180192089.adsl.alicedsl.de
1221104263 Q * derjohn_mob Ping timeout: 480 seconds
1221104601 Q * quinq Remote host closed the connection
1221106082 Q * Aiken Quit: Leaving
1221106302 Q * grobie Ping timeout: 480 seconds
1221106880 J * grobie ~grobie@valgrind.schnuckelig.eu
1221109383 J * kir1 ~kir@swsoft-msk-nat.sw.ru
1221109608 Q * kir Ping timeout: 480 seconds
1221109979 J * kir ~kir@swsoft-msk-nat.sw.ru
1221110048 Q * kir1 Ping timeout: 480 seconds
1221114536 Q * larsivi Quit: Konversation terminated!
1221114715 Q * hparker Quit: Read error: 104 (Peer reset by connection)
1221115320 N * Bertl_zZ Bertl
1221115324 M * Bertl morning folks!
1221115448 M * fb hello Bertl :)
1221115596 J * dna ~dna@84-214-dsl.kielnet.net
1221116024 Q * derjohn_foo Ping timeout: 480 seconds
1221116511 M * ghislainocfs2 morning
1221116896 Q * eyck Quit: leaving
1221116907 J * eyck WvEGPHPG@nat05.nowanet.pl
1221117274 J * jsambrook ~jsambrook@aelfric.plus.com
1221117368 J * cga ~weechat@host160-65-static.88-82-b.business.telecomitalia.it
1221117429 P * jsambrook 
1221117610 J * loddafni1 ~mike@chello080108111137.5.11.univie.teleweb.at
1221117910 J * larsivi ~larsivi@85.221.53.194
1221118047 J * cryptronic ~oli@p4FD2F78F.dip.t-dialin.net
1221118321 Q * hijacker Remote host closed the connection
1221119268 Q * pisco_ Remote host closed the connection
1221119312 J * pisco_ ~pisco@tor.noreply.org
1221119411 N * phedny Guest6383
1221119417 J * phedny ~mark@2a02:348:35:5a26::1
1221119429 N * DoberMann[ZZZzzz] DoberMann
1221119527 Q * Guest6383 Remote host closed the connection
1221120016 Q * ktwilight_ Remote host closed the connection
1221120216 J * ktwilight ~ktwilight@185.111-66-87.adsl-dyn.isp.belgacom.be
1221120279 J * zbyniu_ ~zbyniu@host13-188.crowley.pl
1221120389 Q * zbyniu Ping timeout: 480 seconds
1221122632 N * pmenier_off pmenier
1221123285 A * ard compares
1221123287 M * ard Linux version 2.6.26.5-vs2.3.0.35.5-d64-xeon (root@etchdev64) (gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)) #1 SMP Wed Sep 10 14:49:44 CEST 2008
1221123296 M * ard with http://vserver.13thfloor.at/Experimental/
1221123326 M * ard that's exactly the 10 minutes I needed to patch up that ipv6 route thingie.
1221123651 M * Bertl what does d64-xeon mean?
1221123696 M * ard dell, 64 bit, xeon processor (what actually should have been P4 based xeon). I usde d64-core2 for the newer dells :-)
1221123715 M * Bertl i.c., tx!
1221123741 A * ard off to a meeting
1221123744 A * ard sighs :-(
1221126061 J * ktwilight_ ~ktwilight@116.92-66-87.adsl-dyn.isp.belgacom.be
1221126444 Q * ktwilight Ping timeout: 480 seconds
1221129732 Q * C14r Quit: Lost terminal
1221129764 J * lilalinux ~plasma@80.69.41.3
1221131178 Q * esa Ping timeout: 480 seconds
1221131186 J * esa bip@62.123.8.23
1221131508 Q * xdr Ping timeout: 480 seconds
1221132539 Q * esa Remote host closed the connection
1221132552 J * esa bip@62.123.8.23
1221133397 N * phedny Guest6401
1221133402 J * phedny ~mark@2001:7b8:3f5::115
1221133498 N * Guest6401 phedny_
1221133531 Q * ghislainocfs2 Read error: Connection reset by peer
1221135266 J * derjohn_foo ~aj@p5B23C9E0.dip.t-dialin.net
1221135287 J * quinq ~quinq@quinq.eu.org
1221135314 M * quinq hello :)
1221135336 M * Bertl hey
1221135660 Q * FireEgl charon.oftc.net resistance.oftc.net
1221135660 Q * emag charon.oftc.net resistance.oftc.net
1221135660 Q * infowolfe charon.oftc.net resistance.oftc.net
1221135660 Q * Hollow charon.oftc.net resistance.oftc.net
1221135660 Q * MooingLemur charon.oftc.net resistance.oftc.net
1221135660 Q * brc charon.oftc.net resistance.oftc.net
1221135660 Q * tam charon.oftc.net resistance.oftc.net
1221135660 Q * nkukard charon.oftc.net resistance.oftc.net
1221135660 Q * laptopnenolod charon.oftc.net resistance.oftc.net
1221135660 Q * nenolod charon.oftc.net resistance.oftc.net
1221135660 Q * quasisane charon.oftc.net resistance.oftc.net
1221135660 Q * bragon charon.oftc.net resistance.oftc.net
1221135964 Q * pisco_ Ping timeout: 480 seconds
1221135985 J * pisco ~pisco@tor.noreply.org
1221136155 J * C14r ~C14r@h58173.serverkompetenz.net
1221136207 J * FireEgl FireEgl@173.16.9.10
1221136207 J * emag D6WF5XtK3j@gurski.org
1221136207 J * infowolfe ~infowolfe@c-67-160-149-42.hsd1.or.comcast.net
1221136207 J * brc bruce@megarapido.cliquerapido.com.br
1221136207 J * MooingLemur ~troy@shells195.pinchaser.com
1221136207 J * Hollow ~hollow@proteus.croup.de
1221137904 J * xdr ~xdr@197-173-96-87.cust.blixtvik.se
1221137904 J * ctrix ~8__D@81-174-32-147.static.ngi.it
1221137904 J * nkukard ~nkukard@196.212.73.74
1221137904 J * laptopnenolod ~nenolod@pool-71-241-220-223.ptldme.east.verizon.net
1221137904 J * nenolod ~nenolod@ip70-189-74-62.ok.ok.cox.net
1221137904 J * quasisane ~sanep@c-75-68-62-13.hsd1.nh.comcast.net
1221137904 J * bragon ~Alexandre@alucard.bragon.info
1221137904 Q * pisco Killed (charon.oftc.net (Nick collision (new)))
1221137905 J * tam ~tam@gw.nettam.com
1221137950 J * pisco_ ~pisco@tor.noreply.org
1221138584 J * Borg- borg@borg.uu3.net
1221138586 M * Borg- hi ho
1221138593 M * Borg- checking for NSS... no
1221138593 M * Borg- no
1221138593 M * Borg- configure: error: internal error
1221138595 M * Borg- any clues?
1221138701 M * blathijs Borg-: Do you have the right dependencies installed?
1221138724 M * Borg- hm
1221138727 M * Borg- http://linux-vserver.org/Installation_on_Linux_2.6
1221138730 M * Borg- cant see any here
1221138749 M * daniel_hozac you need beecrypt or NSS.
1221138781 M * Borg- which one is smaller.. faster.. better
1221138795 M * daniel_hozac nss is faster for most things.
1221138806 M * Borg- bulkier as well? I like lightweight stuff
1221138855 M * blathijs What's NSS here? Not name service switch, I suspect?
1221138870 M * daniel_hozac Network Security Service.
1221138898 M * Borg- why not using openssl?
1221138944 M * daniel_hozac license issues, and beecrypt/nss are required by rpm.
1221138966 M * Borg- rpm?
1221138977 M * Borg- redhad package manager?
1221138983 M * daniel_hozac redhat, yes.
1221138987 M * Borg- uh.. interesting
1221138996 M * Borg- and what rpm have to do w/ LFS?
1221139000 J * ghislainocfs2 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr
1221139010 M * Borg- can I push --no-rpm-shit to ./configure of util-vserver?
1221139010 M * daniel_hozac LFS?
1221139016 M * Borg- Linux From Scrath
1221139037 M * daniel_hozac rpm has nothing to do with it.
1221139056 M * daniel_hozac it's just the reason beecrypt/nss are the available choices.
1221139061 M * Bertl Borg-: you still might want rpm on your host, to install rpm based guests, but that was just a reason for somebody why to use this and not that :)
1221139067 M * Borg- is that beecrypt/NSS is used by util-vserver anywhere else except rpm?
1221139080 M * daniel_hozac they're used by vhashify.
1221139082 M * Bertl Borg-: it is used for the hashification
1221139085 M * Borg- okey.. thx
1221139088 M * daniel_hozac nothing rpm-related at all.
1221139094 M * Borg- im going for beecrypt then..
1221139098 M * Borg- looks esier to install
1221139137 M * Borg- a lot of changes since i installed my old 2.0 vserver utils
1221139150 M * daniel_hozac beecrypt has always been required for vhashify.
1221139156 M * Borg- bacana..
1221139159 Q * derjohn_foo Ping timeout: 480 seconds
1221139159 M * Borg- I mean impossible ;)
1221139161 M * daniel_hozac nss is the recent addition.
1221139193 M * Borg- I would remeber such step of downloading and compiling beecrypt
1221139205 M * Borg- BA!.. I would even have pkg of that already somewhere :)
1221139228 M * Bertl you can disable the hashify part, and that is probably what happened before
1221139314 M * Borg- thx..works
1221139410 M * ctrix hello all
1221139413 M * ctrix i was using "CAP_NET_RAW" to share a socket between the vserver and the host
1221139417 M * ctrix basically i have the DB on the host and the application in the vserver
1221139421 M * ctrix with the latest version, i don't see the DB socket anymore.
1221139424 M * ctrix Am i missing something ?
1221139439 M * ctrix (working on debian)
1221139442 Q * xdr Remote host closed the connection
1221139448 M * Bertl you database uses an ICMP socket to chat?
1221139460 M * ctrix tcp socket
1221139474 M * Bertl so why use CAP_NET_RAW for tcp stuff?
1221139474 M * ctrix with the old versions, using netstat i was able to see the listening socket
1221139500 M * ctrix years ago without that it wasn0t working but anyway, i'll remove
1221139507 M * ctrix but how can i share the loopbacl ?
1221139527 M * Bertl ah, you don't want to do that, although you can
1221139546 M * Bertl simply bind the database to a private IP on the host
1221139553 M * Bertl and use that from within the guest
1221139573 M * ctrix so if i bind *not* to looopback it will work ?
1221139580 J * gypsymauro ~colorioma@84.18.151.77
1221139581 M * gypsymauro hi
1221139599 M * Bertl ctrix: sure, networking between guest and host works fine
1221139602 M * Bertl gypsymauro: hey
1221139611 M * gypsymauro on the root server I've a device called /dev/ttyUSB0
1221139617 M * gypsymauro how can I c it on guest?
1221139619 M * ctrix so it's only lo that is "hidden"
1221139641 M * Bertl ctrix: yep, the loopback ips are now isolated by default
1221139648 M * ctrix perfect
1221139656 M * ctrix how to "unisolate" ?
1221139657 M * Bertl gypsymauro: depends on the device and requirements ... 
1221139658 M * ctrix just to know
1221139662 M * ctrix if i'll need it
1221139681 M * Bertl http://linux-vserver.org/Capabilities_and_Flags
1221139689 M * gypsymauro Bertl: uhm it's an usb-serial adaptor for a gsm modem it works on the root
1221139689 M * ctrix that's what i'm looking
1221139704 M * gypsymauro I need to c it on guest too
1221139707 M * Bertl gypsymauro: that should work with simply 'copying' the device into the guest
1221139713 M * ghislainocfs2 is it impossible to run  nfs-user-server inside a guest with the  	SECURE_MOUNT and BINARY_MOUNT cap, is it not enough  ?
1221139729 M * gypsymauro Bertl: what do u mean with copying?
1221139741 M * Bertl gypsymauro: try cp -va /dev/ttyUSB0 /path/to/guest/dev/
1221139748 M * Bertl (on the host)
1221139752 M * daniel_hozac ghislainocfs2: you shouldn't need any caps for nfs-_user_-server.
1221139773 M * Bertl gypsymauro: note: you'll need to redo that copy when the device assignment changes for that device (major/minor)
1221139784 M * ghislainocfs2 daniel: ah ok, i cannot mount anything: mount: 192.168.1.72:/srv/fai/config: can't read superblock
1221139785 M * ghislainocfs2  must be something else then
1221139806 M * daniel_hozac ghislainocfs2: mounting is not something you do on a server...
1221139811 M * Bertl gypsymauro: a more sophisticated setup would be to add a proper udev/hal/fdi rule for this device (so that it is created in the guest's dev too)
1221139838 M * ghislainocfs2 daniel: the pxe boot client do not work so i tried on the server to see
1221139880 M * daniel_hozac ghislainocfs2: do it from another box.
1221139890 M * ghislainocfs2 ok  ill do
1221139901 M * gypsymauro Bertl: it works tanx:)
1221139912 M * Bertl you're welcome!
1221139933 M * ctrix S_CAPS="LBACK_ALLOW,~LBACK_REMAP,~HIDE_LBACK"
1221139953 M * ctrix sorry if i ask agaim, but what am i doing wrong ?
1221139958 M * daniel_hozac umm...
1221139963 M * daniel_hozac you're using legacy configuration files, for one.
1221139964 M * ctrix (and i'm keyword dislessic too, today)
1221139972 M * Bertl you are using tools which are 6 years old? :)
1221139984 M * ctrix lol! it's the debian stull in lenny
1221140009 M * daniel_hozac lenny's utils are recent.
1221140024 M * daniel_hozac you're just using all the legacy stuff that for whatever reason isn't split...
1221140025 M * Bertl you definitely need/want a dir-tree based config
1221140052 M * Bertl http://www.nongnu.org/util-vserver/doc/conf/configuration.html
1221140098 M * ctrix i have it i saw what one as well but was playing with the wrong files. sorry. i'm sooo stupid. let's try again
1221140100 M * daniel_hozac which is what vserver ... build will create.
1221140120 M * Bertl ctrix: np, happens ...
1221140227 M * ctrix ok i'm using ncapabilities file.
1221140235 M * ctrix Unknown ncap 'LBACK_REMAP'
1221140241 M * ctrix Unknown ncap 'LBACK_ALLOW'
1221140256 M * Bertl util-vserver version probably < 0.30.216
1221140269 M * ctrix 0.30.216~r2772-2
1221140285 M * ctrix lowercase, maybe ?
1221140287 M * Bertl ah, capability :)
1221140295 M * Bertl you want to use nflags :)
1221140357 M * ctrix ok , WORKS !
1221140390 M * ctrix thans a lot, i spent 4 hours reading the docs and wokging in the wrong direction.
1221140402 M * ctrix a blog post may help google index this problem, thanks again
1221140426 M * Bertl just keep in mind, you do not want to do it that way :)
1221140437 M * Bertl (mainly for security reasons)
1221140479 M * ctrix that's the only thing i expose
1221140486 M * ctrix the socket of the database
1221140513 M * ctrix after all the socket would be avalaible in any way even with that option disabled
1221140514 M * Bertl I doubt that _nothing_ on the host uses a port on 127.x
1221140544 J * xdr ~xdr@197-173-96-87.cust.blixtvik.se
1221140544 M * ctrix the database is only used from the host
1221140545 M * Bertl note that any service on the host which uses 127.x is now vulnerable to DoS and/or spoofing attacks
1221140567 M * ctrix uhmm yes, if someone breaks in
1221140579 M * Bertl or something goes wrong :)
1221140596 M * ctrix i'll need to rework this setup 
1221140612 M * Bertl as I said, no need for sharing over 127.x
1221140625 M * Bertl any other IP will do as well (actually even better :)
1221140696 P * gypsymauro 
1221140703 M * ctrix the solution may be simpler than expected, i'll do some tests and if it's successfull, i'll switch. 
1221140797 M * Bertl if you write on 'your' blog, don't forget to mention the security implications, otherwise folks will end up opening their hosts to potentially hostile guests
1221140820 M * ctrix of course
1221140923 Q * sladen Ping timeout: 480 seconds
1221141102 Q * larsivi Quit: Konversation terminated!
1221141249 M * Bertl nap attack ... bbl
1221141263 N * Bertl Bertl_zZ
1221141555 J * sladen paul@starsky.19inch.net
1221142556 J * hparker ~hparker@linux.homershut.net
1221142948 Q * pmenier Ping timeout: 480 seconds
1221143248 J * pmenier ~pme@LNeuilly-152-22-72-5.w193-251.abo.wanadoo.fr
1221144542 J * tramjoe_merin ~tramjoe@193.41.238.151
1221144602 J * Wezz6400 ~Wezz6400@145-118-111-36.fttx.bbned.nl
1221144659 P * Wezz6400 
1221144742 Q * ghislainocfs2 Quit: Leaving.
1221145320 J * ghislainocfs2 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr
1221145732 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d
1221146207 M * ghislainocfs2  
1221146216 M * ghislainocfs2 oups sorry
1221146302 J * dowdle ~dowdle@scott.coe.montana.edu
1221147198 Q * tramjoe_merin Quit: using sirc version 2.211+KSIRC/1.3.12
1221147346 P * kir Leaving.
1221147554 Q * cga Quit: WeeChat 0.2.6
1221147759 Q * ghislainocfs2 Ping timeout: 480 seconds
1221148322 Q * lilalinux Remote host closed the connection
1221149343 Q * fanto666 Quit: Leaving
1221150315 J * lucrus ~papo@host-84-223-100-175.cust-adsl.tiscali.it
1221150351 M * lucrus hello *
1221150399 M * lucrus I have a xen domU image on my server, is there a way to migrate it automagically to vserver?
1221150534 M * daniel_hozac do you want to make the domU into a Linux-VServer host or turn it into a Linux-VServer guest?
1221150556 M * lucrus the second
1221150581 M * daniel_hozac so you'd probably want to use the rsync build method.
1221150636 M * lucrus well, the domU is offline right now, I can just copy the files over, I was just wondering if I could use it as is
1221150718 M * daniel_hozac some hack might be possible using losetup, but i don't know how you'd get the offset.
1221150784 M * lucrus the offset is not a problem, the problem is the configuration file for vserver
1221150802 M * lucrus (I assume I need one)
1221150813 M * daniel_hozac use vserver ... build -m skeleton.
1221150824 M * lucrus ok, I try
1221151252 N * Bertl_zZ Bertl
1221151255 M * Bertl back now ..
1221151420 J * blues blues@adu203.neoplus.adsl.tpnet.pl
1221151539 Q * blues_ Ping timeout: 480 seconds
1221152455 Q * pmenier Quit: Konversation terminated!
1221153264 J * cga ~weechat@host-84-221-254-115.cust-adsl.tiscali.it
1221154458 Q * ktwilight_ Ping timeout: 480 seconds
1221154937 J * ktwilight ~ktwilight@226.213-66-87.adsl-static.isp.belgacom.be
1221157506 J * ktwilight_ ~ktwilight@35.109-66-87.adsl-dyn.isp.belgacom.be
1221157853 Q * ktwilight Ping timeout: 480 seconds
1221160327 J * ntrs ~ntrs@77.29.78.38
1221162028 Q * cga Ping timeout: 480 seconds
1221163927 J * ntrs_ ~ntrs@77.29.75.225
1221164352 Q * ntrs Ping timeout: 480 seconds
1221164776 Q * bonbons Quit: Leaving
1221164847 Q * Medivh Ping timeout: 480 seconds
1221165840 Q * dna Quit: Verlassend
1221165968 J * derjohn_foo ~aj@e180192089.adsl.alicedsl.de
1221167198 M * ktwilight_ i just went through the wiki but can't find anything. but is there a special flag that i need to enable to set xattr?
1221167242 M * ktwilight_ i've done the testfs.sh and xattr passes. so i'm unsure why i'd see the app having this error >>>>> [afr.c:6237:afr_check_xattr_cbk] gfs-afr: [CRITICAL]: 'gfs-client1' doesn't support Extended attribute: Operation not permitted
1221167278 M * Bertl xattr != EA
1221167306 M * ktwilight_ doh
1221167311 M * ktwilight_ shoot me please...
1221167330 M * ktwilight_ so what should i be looking for?
1221167398 M * Bertl extended attribute and probably ACL support in the kernel
1221167461 M * Bertl but whatever you are doing, it might be tied to CAP_SYS_ADMIN
1221167533 J * Aiken ~Aiken@ppp118-208-124-125.lns4.bne4.internode.on.net
1221167994 M * ktwilight_ Bertl, got it! it's CAP_SYS_ADMIN :)
1221168001 M * ktwilight_ strange that i didn't have to before, now i have to. hmm...
1221168007 M * ktwilight_ thanks anyways :)
1221168019 M * Bertl well, I wouldn't give SYS_ADMIN lightly
1221168054 M * Bertl basically makes your guest all-powerfull
1221168175 M * ktwilight_ yup, probably there's only one or two stuff that are required :(
1221168211 M * ktwilight_ i looked at the diff before to see if i can modify it in a way to suit my needs, i.e. to split CAP_SYS_ADMIN, but it was waaaaaay too advance for me.
1221168246 M * ktwilight_ i'll try to find out more on what's required in SYS_ADMIN then later when have the resources to turn this into a reality :)
1221169742 Q * pisco_ Remote host closed the connection
1221169785 J * pisco_ ~pisco@tor.noreply.org
1221170470 J * doener ~doener@i577BAA55.versanet.de
1221170573 Q * doener_ Ping timeout: 480 seconds
1221170875 N * DoberMann DoberMann[ZZZzzz]
1221171449 Q * loddafni1 Remote host closed the connection
1221171716 Q * cryptronic Quit: Leaving.
1221172353 Q * blathijs Ping timeout: 480 seconds
1221174199 Q * ntrs_ Ping timeout: 480 seconds
1221175155 M * Bertl okay, off to bed now .. have a good one everyone!
1221175160 N * Bertl Bertl_zZ
1221176071 J * BrunoXLambert ~Bruno@dsl-149-190.b2b2c.ca
1221176950 J * ViRUS ~mp@p579B57D7.dip.t-dialin.net