1227658184 J * esa ~esa@ip-87-238-2-45.static.adsl.cheapnet.it
1227660597 Q * Piet Quit: Piet
1227662347 Q * dowdle Remote host closed the connection
1227662809 N * quinq qzqy
1227662823 Q * qzqy Quit: Coyote finally caught me
1227662965 J * qzqy ~user@quinq.eu.org
1227663319 Q * qzqy Quit: Coyote finally caught me
1227663378 J * qzqy ~user@quinq.eu.org
1227663623 Q * geb Quit: Quitte
1227664887 N * qzqy quinq
1227664914 Q * quinq Quit: Coyote finally caught me
1227664940 J * qzqy ~user@quinq.eu.org
1227664944 N * qzqy quinq
1227664949 Q * sardyno Ping timeout: 480 seconds
1227666068 Q * nenolod Ping timeout: 480 seconds
1227667334 J * nenolod nenolod@petrie.dereferenced.org
1227667339 N * quinq qzqy
1227667348 N * qzqy quinq
1227667360 M * Bertl off to bed now .. have a good one everyone!
1227667367 N * Bertl Bertl_zZ
1227668642 J * bliz42 ~ksmith@c-98-193-150-250.hsd1.tn.comcast.net
1227669025 N * quinq qzqy
1227670866 J * sardyno ~me@pool-96-235-18-120.pitbpa.fios.verizon.net
1227672094 Q * hparker Quit: Quit
1227672713 Q * balbir_ Ping timeout: 480 seconds
1227673525 Q * bliz42 Quit: leaving
1227673613 J * bliz42 ~kdsmith@c-98-193-150-250.hsd1.tn.comcast.net
1227673688 M * bliz42 *yawn*  what's going on pimps?
1227674159 J * hparker ~hparker@p15n30.ruraltel.net
1227674266 Q * derjohn_mob Ping timeout: 480 seconds
1227675579 J * balbir_ ~balbir@124.124.219.61
1227676906 Q * balbir_ Ping timeout: 480 seconds
1227676933 N * bliz42 bliz42_Zz
1227677189 N * qzqy quinq
1227677393 N * quinq qzqy
1227677402 N * qzqy quinq
1227677417 N * quinq qzqy
1227677877 J * balbir_ ~balbir@124.124.219.61
1227678582 Q * sardyno Ping timeout: 480 seconds
1227678641 Q * hparker Quit: Read error: 104 (Peer reset by connection)
1227678842 J * hparker ~hparker@2001:470:1f0f:32c:212:f0ff:fe0f:6f86
1227679996 J * sardyno ~me@pool-96-235-18-120.pitbpa.fios.verizon.net
1227681050 J * sharkjaw ~gab@149-67-194.231210.adsl.tele2.no
1227682839 Q * sardyno Ping timeout: 480 seconds
1227683122 Q * balbir_ Ping timeout: 480 seconds
1227683313 J * doener ~doener@i577B826C.versanet.de
1227683419 Q * doener_ Ping timeout: 480 seconds
1227683461 Q * Adrinael Ping timeout: 480 seconds
1227684133 Q * Aiken Remote host closed the connection
1227684145 J * Aiken ~Aiken@ppp118-208-72-25.lns1.bne4.internode.on.net
1227684716 J * derjohn_mob ~aj@e180194005.adsl.alicedsl.de
1227685362 Q * hparker Quit: Read error: 104 (Peer reset by connection)
1227685451 Q * larsivi Ping timeout: 480 seconds
1227685599 J * hparker ~hparker@2001:470:1f0f:32c:215:f2ff:fe60:79d4
1227685851 J * mtg ~mtg@vollkornmail.dbk-nb.de
1227686080 J * Slydder1 ~chuck@dslb-088-074-032-099.pools.arcor-ip.net
1227686243 J * kir ~kir@swsoft-msk-nat.sw.ru
1227686448 J * Adrinael adrinael@rid7.kyla.fi
1227686660 Q * Hawq Quit: leaving
1227686940 Q * daniel_hozac Remote host closed the connection
1227686952 J * daniel_hozac ~daniel@ssh.hozac.com
1227687136 J * sardyno ~me@pool-96-235-18-120.pitbpa.fios.verizon.net
1227687521 Q * Slydder1 Read error: Connection reset by peer
1227687771 Q * derjohn_mob Ping timeout: 480 seconds
1227688313 Q * ghislainocfs21 Ping timeout: 480 seconds
1227688975 J * dna ~dna@52-200-103-86.dynamic.dsl.tng.de
1227689575 J * larsivi ~larsivi@85.221.53.194
1227689860 J * ghislainocfs2 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr
1227691336 Q * ktwilight_ Ping timeout: 480 seconds
1227691940 J * awk ~awk@gw1.security.web.za
1227691970 M * awk hi, anyone able to tell me what flag to have avalable so I can use identd inside of a vserver?
1227691979 M * awk CAP_ ?
1227691981 J * derjohn_mob ~aj@51.42.69.80.in-addr.net-lab.net
1227692269 M * simontwo awk, what makes identd different from any other daemon listening to an address?
1227692478 M * awk *shrugs*
1227692491 M * awk ok, that answers that question
1227692492 M * awk :)
1227692640 J * ktwilight ~ktwilight@133.100-66-87.adsl-dyn.isp.belgacom.be
1227692803 M * simontwo awk, ok
1227693116 Q * derjohn_mob Ping timeout: 480 seconds
1227693150 M * awk http://lena.franken.de/linux/debian_and_vserver/vserver.html
1227693153 M * awk this article doesn't work well
1227693158 M * awk for starters makes no /dev
1227693175 M * awk secondly doesn't create sym links in /etc/vservers/.def*
1227693181 M * awk is this related to debootstrap?
1227693537 M * awk or can somebody point out a good article to setup a vserver 
1227693556 M * arapaho awk: this doc is not up-to-date
1227693593 M * arapaho if you're running debian host, you should use newvserver command
1227693663 J * ncopa ~ncopa@149-13-151.oke2-bras2.adsl.tele2.no
1227693668 M * ncopa mornin
1227693714 M * ncopa i made util-vserver compile in a native uclibc/busybox system
1227693734 M * ncopa there is actually only one workaround needed
1227693742 M * ncopa where can i post a patch?
1227693760 M * awk arapaho: ok thanks, is there a doc on this
1227693808 M * arapaho man newvserver is a good one
1227694444 M * awk root@tripoli:/etc/vservers# man newvserver
1227694445 M * awk No manual entry for newvserver
1227694449 M * awk guess not hey
1227694503 M * awk that is probabbly a later feature to util-vserver than supplied by debian
1227694519 M * arapaho nope
1227694527 M * arapaho it's in vserver-debiantools package
1227694598 M * awk ahh, thanks.
1227694884 M * awk hrm, why is domainname required?
1227694930 M * awk what happens ifs a sngle host
1227694932 M * awk eg: blah.com
1227694937 M * awk then host blah domain .com ?
1227695033 M * awk arapaho you using etch or sid for your vserver?
1227695148 M * arapaho my host are etch or lenny, vservers are etch
1227695162 M * arapaho most of hosts are etch
1227695174 M * awk oh ok, great..
1227695181 M * arapaho about ten are lenny for testing purposes
1227695318 M * arapaho domain name is required because each host on a network should have a hostname and a domain name
1227695360 M * awk 'should' :)
1227696226 Q * transacid Remote host closed the connection
1227696239 M * awk hrm
1227696248 J * transacid ~transacid@transacid.de
1227696270 M * awk bash: /dev/null: Permission denied
1227696271 M * awk any idea why i'm getting that ? when I su to a user from the vserver?
1227696423 M * Wonka "ls -l /dev/null", please
1227696438 M * Wonka should look like this:
1227696439 M * Wonka crw-rw-rw- 1 root root 1, 3 24. Nov 21:32 /dev/null
1227696456 M * Wonka the "24. Nov 21:32" part may differ, rest should not
1227696614 M * awk crw-rw-rw- 1 root root 1, 3 2008-11-26 12:31 /dev/null
1227696615 M * awk hmm
1227697652 Q * larsivi Remote host closed the connection
1227698382 M * awk ive had this before
1227699042 M * arekm hm, which utility displays nid for guests?
1227699110 M * arekm ah, it's the same as xid
1227700094 Q * Aiken Quit: Leaving
1227700432 J * balbir_ ~balbir@59.145.136.1
1227701174 M * awk hrm, anyone know of this /dev/null issue daniel_hozac told me long ago but forgot...
1227701264 Q * balbir_ Ping timeout: 480 seconds
1227701644 Q * Adrinael Ping timeout: 480 seconds
1227701813 Q * awk 
1227702421 M * ghislainocfs2 humm
1227702436 M * ghislainocfs2 anyone know if we can change the machine type of a vserver at runtile ?
1227702443 M * ghislainocfs2 i386 need to put i686
1227702642 J * balbir_ ~balbir@59.145.136.1
1227702898 N * Bertl_zZ Bertl
1227702902 M * Bertl morning folks!
1227703214 J * Adrinael adrinael@rid7.kyla.fi
1227703489 Q * balbir_ Ping timeout: 480 seconds
1227704019 J * larsivi ~larsivi@9.80-202-30.nextgentel.com
1227705514 N * bliz42_Zz bliz42
1227705529 M * bliz42 hola
1227705548 M * Bertl hey
1227705572 M * Bertl ghislainocfs2: yes, you can quite easily via the uts settings
1227705620 M * Bertl ghislainocfs2: see vuname --help
1227705796 Q * hparker Quit: Quit
1227707085 J * derjohn ~derjohn@80.69.41.3
1227707216 M * micah it looks like setting the default policy to assume all capabilities as insecure is causing a lot of problems with debian folks
1227707256 M * micah sshd and dovecot both need SYS_CHROOT
1227707261 M * Bertl well, there is a known secure set of capabilities
1227707279 M * Bertl (which is given by default, on non debian)
1227707370 M * Bertl that includes, among other capabilities SYS_CHROOT
1227707385 M * micah Bertl: I'm talking about a change in util-vserver's policy
1227707441 M * micah specifically r2796
1227707536 M * Bertl I don't think that this really changed, it was broken for a few pre versions
1227707555 M * micah http://svn.linux-vserver.org/projects/util-vserver/changeset/2796/trunk/lib/getinsecurebcaps.c
1227707558 M * daniel_hozac micah: works fine for me.
1227707686 M * micah daniel_hozac: oddly, it works for me too, but I've now received 3 separate reports from people that it has broken sshd and dovecot
1227707710 M * micah and postfix
1227707738 M * micah perhaps if the guest was running when they did the upgrade?
1227707748 M * daniel_hozac doesn't matter.
1227707768 M * daniel_hozac the utils don't touch the caps once it's running.
1227707877 M * Bertl micah: what arch are the report coming from?
1227707884 M * Bertl *reports
1227707941 M * Bertl daniel_hozac: what type does the vc_get_insecurebcaps() return?
1227707959 M * micah Bertl: the one that was actually reported to the BTS (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506949) is i386, which I am using and not having the issue
1227708002 M * daniel_hozac Bertl: uint_least64_t.
1227708034 M * Bertl oky, shouldn't constants use UL or ULL there?
1227708090 M * Bertl I mean, it should matter right now, as all caps are below 32bit here
1227708097 M * Bertl *shouldn't
1227708148 M * Bertl but e.g. 1 << 32 will definitely fail :)
1227708179 M * daniel_hozac and gcc will warn about it.
1227708232 M * Bertl do you make warnings fatal atm? I don't think so, so that probably goes unnoticed
1227708273 M * daniel_hozac i look at the warnings every time i build.
1227708279 M * ghislainocfs2 bertl thanks i'll try vuname !!
1227708290 M * micah i've asked for more information in the bug reports, because I am not able to cause this to happen myself... However, I believe it is happening, because so many people are telling me that its happening
1227708330 M * Bertl well, given that it happens with recent upstream util-vserver, they should pretty please pay a visit here and let us know
1227708331 M * daniel_hozac micah: for at least one of those cases, using a recent shapshot fixed the problem.
1227708370 M * micah Bertl: i've been training debian people to come to me :)
1227708396 M * micah daniel_hozac: how do you know?
1227708403 M * Bertl that's good! but non debian related issues are better fed upstream
1227708419 M * daniel_hozac micah: see the IRC logs from the other day.
1227708442 M * micah ok, so thats a 4th person then... these have been emails to me
1227708483 M * micah so was there a capability change since r2796?
1227708501 M * micah looks like r2808
1227708504 M * micah http://svn.linux-vserver.org/projects/util-vserver/changeset/2808/trunk/lib/getinsecurebcaps.c
1227708567 M * micah and r2826
1227708796 N * qzqy quinq
1227708821 Q * sharkjaw Remote host closed the connection
1227709197 Q * ktwilight Remote host closed the connection
1227709441 J * ktwilight ~ktwilight@133.100-66-87.adsl-dyn.isp.belgacom.be
1227709460 Q * ktwilight Remote host closed the connection
1227709497 J * ktwilight ~ktwilight@133.100-66-87.adsl-dyn.isp.belgacom.be
1227709772 J * awk ~awk@41.26.2.211
1227709818 M * awk hi daniel_hozac been asking nobody seems tohave the answer, i remeber i had this AGES ago and you told me how to resolve? on login I get -bash: /dev/null: Permission denied perm on /dev/null is crw-rw-rw-  1 root root 1, 3 2008-11-26 12:31 null
1227709864 M * daniel_hozac sounds like you mounted your guest's root filesystem without dev.
1227709880 M * awk let me look
1227709882 M * Bertl (or at least the part where /dev is on)
1227710001 M * awk http://pastebin.com/m4a829cc3
1227710004 M * awk my fstab
1227710038 M * awk erp. should be mtab
1227710038 M * awk wait
1227710065 M * Bertl try with /proc/mounts
1227710101 M * Bertl (inside the guest)
1227710149 M * awk ahh
1227710445 M * arapaho micah: we have the same "problem" here, with x86_64, lenny host, etch vservers. Fixed with SYS_CHROOT in bcapabilities - works fine now.
1227710499 M * micah daniel_hozac: on an unrelated note, did you see my patch above?
1227710515 M * daniel_hozac no?
1227710550 J * mrfree ~mrfree@host17-176-dynamic.53-79-r.retail.telecomitalia.it
1227710586 M * Bertl http://micah.riseup.net/vserver-build.debootstrap.diff
1227710627 M * daniel_hozac so how does debootstrap handle it if something really depends on one these? install it anyway?
1227710683 M * daniel_hozac and blacklists don't seem right to me.
1227710924 M * Bertl especially cron, or logrotate might be something you actually want, no?
1227711064 M * micah Bertl: daniel_hozac has disabled cron
1227711080 M * micah Bertl: so installing logrotate means that logrotate will not work because cron is disabled
1227711109 M * awk could I add this to my fstab udev /dev tmpfs rw,mode=0755 0 0 ... cant track down what couldbe wrong.. my drive is not mouted withpout nodev
1227711113 M * micah daniel_hozac: debootstrap calculates dependencies and if any package needs any of those, they will be installed
1227711145 M * micah daniel_hozac: but that list was generated by me picking through all the things debootstrap installs and removing all the ones that do not have other dependencies that are related to things that cannot be done in the guest
1227711157 M * Bertl awk: if you have that in the guest's config fstab, then the case is clear, you want to add 'dev' to the options
1227711170 M * Bertl awk: by default, nodev is added for secure (guest) mounts
1227711195 M * micah Bertl: its better for the admin to install logrotate later, which will then install cron, than for logrotate to be installed and not working because cron has been disabled
1227711212 M * micah (that is, if the policy is going to be disable cron)
1227711213 M * Bertl awk: but also note, you don't really want udev to populate your dev, unless you do not care about security
1227711223 M * awk Bertl: while I would prefure security, just don't want that /dev/null perm issue
1227711252 M * Bertl awk: without that /dev tmpfs mount, you won't get it anyway?!
1227711276 M * micah daniel_hozac: ie. this isn't a blacklist, its just an exclusion list. you can always install these later if you want
1227711278 M * awk well I don't have it an i get it, thats why i said to add that
1227711287 M * awk maybe its a startup script 
1227711317 M * Bertl well, first upload your /proc/mounts and the guest's fstab (from the config, not the guest filesystem) somewhere
1227711361 Q * mrfree Ping timeout: 480 seconds
1227711451 M * awk http://pastebin.com/m66090ea2
1227711696 M * awk Bertl what do you mean from the config?
1227711708 M * awk upload to where?
1227712080 Q * awk 
1227712942 Q * ktwilight Remote host closed the connection
1227712978 J * ktwilight ~ktwilight@133.100-66-87.adsl-dyn.isp.belgacom.be
1227713138 Q * mtg Quit: Verlassend
1227714561 Q * ktwilight Ping timeout: 480 seconds
1227714730 J * balbir_ ~balbir@122.167.218.80
1227715874 J * mtg ~mtg@dialbs-088-079-143-204.static.arcor-ip.net
1227715909 J * shedi ~siggi@tolvudeild-202.lhi.is
1227715921 M * shedi Greetings
1227715969 M * shedi I have a very strange problem within a guest, I can't all of a sudden use chroot programs, like vsftpd or just chroot
1227716006 M * Bertl update or downgrade util-vserver if you are on debian :)
1227716012 M * shedi I am running 2.6.22.19-vs2.2.0.7 on lenny, and 0.30.216~r2772-4
1227716014 M * shedi I see
1227716183 M * shedi thank you kindly Bertl
1227716234 Q * shedi Quit: Leaving
1227716297 J * hparker ~hparker@2001:470:1f0f:32c:215:f2ff:fe60:79d4
1227717494 J * ktwilight ~ktwilight@253.72-66-87.adsl-dyn.isp.belgacom.be
1227717836 M * bliz42 Hey guys, maybe I can get some input from the experienced vets ;)  I am planning to setup multiple vserver guests, and use a squid reverse proxy setup to share the frontend ip to serve multiple sites... the question comes with allowing ftp access to the individual vservers without running servers on separate ports and without needing multiple ips.. I was thinking of having a seperate file area in the host server or another dedicated f
1227717871 M * hparker I do that, everyone uses scp
1227717895 M * hparker I run ssh on different ports
1227717963 M * bliz42 yeah, i'd prefer not to do that.. i could use a sftp/scp chroot on the host, which will work ok since i don't want to provide ssh shell access
1227717989 M * Bertl bliz42: basically you have a bunch of options: a) run the ftpd on a special guest, and have the directories shared with other guests, b) setup a name based ftp proxy (no idea if such beast exists :), c) use ssh/sftp with separate directories per guest
1227718025 M * bliz42 yeah, just didn't know if from experience one had stood out as a cleaner solution over the rest
1227718067 M * bliz42 I'm leaning towards having a dedicated ftp-tls guest and mount the home directories into the web guests
1227718133 M * bliz42 guess i'll give it a shot and see how well i like the setup.. tks for the feedback
1227718166 Q * zbyniu Ping timeout: 480 seconds
1227718424 M * Bertl np
1227718666 J * zbyniu ~zbyniu@ip-62.181.188.13.static.crowley.pl
1227719512 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d
1227719739 Q * mtg Quit: Verlassend
1227721268 J * geb ~geb@112.4.82-79.rev.gaoland.net
1227721278 M * geb hi
1227721848 M * Bertl hey
1227722430 Q * pmenier_off Quit: Konversation terminated!
1227722759 M * ghislainocfs2 it seems this is a question we see lately but i wanted to understand
1227722778 M * ghislainocfs2 all the guest i create lately just have nothing setup in /etc/rc2.d
1227722795 M * Bertl I presume debian?
1227722805 M * ghislainocfs2 yes lol debian lenny
1227722827 M * Bertl well, usually the default runlevel is 3 (except for debian, IIRC :)
1227722831 M * ghislainocfs2 lenny host with lenny guest
1227722845 M * ghislainocfs2 yes sure debian is lvl2 for whatever reason
1227722876 M * ghislainocfs2 but the vserver tools remove for exemple 'cron' for all the runlevels
1227722879 M * ghislainocfs2 3 included
1227722903 M * Bertl yes, IIRC, we agreed that the guest should be minimal, so syslog it is by default
1227722904 M * ghislainocfs2 i use 2.6.27.6-vs2.3.0.36.2 and 0.30.216-pre2827 on this host
1227722916 M * ghislainocfs2 ok
1227722925 M * ghislainocfs2 so it disable everything but syslog
1227722944 M * Bertl that is the idea, IIRC, as usual, daniel_hozac has the details
1227722994 M * ghislainocfs2 ok, puppet will take care of restarting the services anyway :)
1227723001 M * ghislainocfs2 just wanted to be sure i understood
1227723019 M * ghislainocfs2 thanks bertl :)
1227723031 M * Bertl np
1227723352 M * fb_ ghislainocfs2: for some reason, lenny uses rsyslogd instead sysklogd
1227723369 M * ghislainocfs2 yes i saw that
1227723374 M * ghislainocfs2 it seems lighter weight
1227723425 M * fb_ ghislainocfs2: and (older) vu were (are?) not aware of this change
1227723444 M * fb_ so they disable everything but syslog, which is not there
1227723461 M * Bertl yep
1227723818 M * blathijs Newer util-vserver do it properly
1227726483 Q * _gh_ Ping timeout: 480 seconds
1227726494 Q * ktwilight Remote host closed the connection
1227727171 Q * gnuk Quit: NoFeature
1227727450 J * docelic ~docelic@78.134.194.243
1227727596 J * ktwilight ~ktwilight@253.72-66-87.adsl-dyn.isp.belgacom.be
1227727895 Q * ktwilight Remote host closed the connection
1227728053 Q * geb Remote host closed the connection
1227728492 J * ktwilight ~ktwilight@253.72-66-87.adsl-dyn.isp.belgacom.be
1227728625 Q * ktwilight Remote host closed the connection
1227728762 J * derjohn_mob ~aj@e180194005.adsl.alicedsl.de
1227729173 J * ktwilight ~ktwilight@253.72-66-87.adsl-dyn.isp.belgacom.be
1227729198 Q * ktwilight Remote host closed the connection
1227729676 Q * ghislainocfs2 Quit: Leaving.
1227730736 J * ktwilight ~ktwilight@253.72-66-87.adsl-dyn.isp.belgacom.be
1227730762 J * _gh_ ~gerrit@c-71-193-204-84.hsd1.or.comcast.net
1227733698 J * frootat ~joern@92.117.75.168
1227736191 Q * bonbons Quit: Leaving
1227736755 J * yarihm ~yarihm@77-56-182-18.dclient.hispeed.ch
1227736866 Q * independence Ping timeout: 480 seconds
1227737071 Q * dna Quit: Verlassend
1227738248 J * independence independen@titan.blinkenshell.org
1227739120 Q * ktwilight Remote host closed the connection
1227739125 J * ktwilight_ ~ktwilight@253.72-66-87.adsl-dyn.isp.belgacom.be
1227739145 J * Aiken ~Aiken@ppp118-208-72-25.lns1.bne4.internode.on.net
1227739367 Q * frootat Quit: :(){ :|:&};:
1227740136 Q * bliz42 Quit: bliz42
1227740915 N * quinq qzqy
1227740945 N * qzqy quinq
1227742122 N * quinq qzqy
1227742150 N * qzqy quinq
1227742291 Q * ktwilight_ Read error: Connection reset by peer
1227742327 J * ktwilight_ ~ktwilight@253.72-66-87.adsl-dyn.isp.belgacom.be