1228868344 Q * sladen Quit: Changing server 1228868379 J * sladen paul@starsky.19inch.net 1228868432 Q * sladen 1228868880 J * pflanze ~chris__@77-56-73-53.dclient.hispeed.ch 1228870912 J * ghislainocfs2 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1228871236 Q * dowdle Remote host closed the connection 1228872673 Q * ghislainocfs2 Read error: Connection reset by peer 1228873144 N * qzqy quinq 1228878970 N * quinq qzqy 1228881784 Q * larsivi Ping timeout: 480 seconds 1228881832 J * larsivi ~larsivi@9.80-202-30.nextgentel.com 1228883854 Q * derjohn_foo Ping timeout: 480 seconds 1228887575 J * emcepe ~mcp@wolk-project.de 1228887751 Q * mcp Ping timeout: 480 seconds 1228887751 N * emcepe mcp 1228889306 J * blueshift ~blueshift@tor-irc.dnsbl.oftc.net 1228890338 J * kir ~kir@swsoft-msk-nat.sw.ru 1228890734 Q * balbir_ Ping timeout: 480 seconds 1228890870 P * blueshift Leaving 1228891652 J * ntrs__ ~ntrs@77.29.14.91 1228892526 J * dna ~dna@150-204-103-86.dynamic.dsl.tng.de 1228892779 Q * larsivi Ping timeout: 480 seconds 1228893002 J * doener ~doener@i577B8178.versanet.de 1228893105 Q * doener_ Ping timeout: 480 seconds 1228893634 N * pmenier_off pmenier 1228893678 J * chi6IT41 ~chigital@tmo-100-220.customers.d1-online.com 1228894396 P * kir Leaving. 1228895465 J * Slydder1 ~chuck@dslb-088-074-043-250.pools.arcor-ip.net 1228895562 J * derjohn_mob ~aj@e180211186.adsl.alicedsl.de 1228895668 J * Slydder2 ~chuck@dslb-088-072-219-180.pools.arcor-ip.net 1228895949 Q * Slydder1 Ping timeout: 480 seconds 1228896005 J * kir ~kir@swsoft-msk-nat.sw.ru 1228898295 Q * derjohn_mob Ping timeout: 480 seconds 1228898956 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1228899368 Q * _gh_ Ping timeout: 480 seconds 1228899703 Q * sardyno Ping timeout: 480 seconds 1228900563 J * ntrs_ ~ntrs@77.29.10.82 1228900968 Q * ntrs__ Ping timeout: 480 seconds 1228901550 N * Bertl_zZ Bertl_oO 1228901658 J * thermoman ~thermoman@84.201.90.210 1228901732 M * thermoman hi guys. is there a way to virtualize the RX/TX counters of the interface in a vserver so when monitoring a vserver via snmp i get the traffic the vserver produces and not the traffic of the host system? 1228901867 M * bonbons thermoman: IPv4 and IPv6 traffic is being accounted, but not on the interface level... 1228901941 M * bonbons e.g. look at vserver plugin of collectd (www.collectd.org) for how to collect this information 1228901942 Q * chi6IT41 Read error: Connection reset by peer 1228902088 M * Bertl_oO thermoman: yes, you probably can do that, patches are welcome 1228902094 M * thermoman Bertl_oO: :) 1228902114 M * Bertl_oO thermoman: but in general, folks use snmp on the host, and record guest traffic via iptables and accounting 1228902115 M * thermoman bonbons: i assume reading /proc/virt* on the host, right? 1228902155 M * thermoman Bertl_oO: ok, but you virtualize cpu, load, mem ... why not iface counters ... 1228902180 M * Bertl_oO because that is something which doesn't really belong to the guest 1228902218 M * Bertl_oO but as I said, I'm not really oposed to doing that, just not convinced it is necessary :) 1228902268 M * bonbons thermoman: look at /proc/virtual/*/cacct 1228902282 M * Bertl_oO assumed you do not really care about accurate values, you could get away by showing the socket accounted values for an arbitrary interface (hack) 1228902365 A * arekm wonders how to deal with cacct overflow 1228902398 M * thermoman we're running virtual servers for ourselfs (not customers) and i can get all data per vserver (mem, load, cpu) the "normal" way via /proc in the guest (and so via snmp/cacti without customization) but not the iface counters ... thats why. 1228902402 M * arekm "send #" means number of packets? 1228902406 M * Bertl_oO arekm: the same way as with other (overflowing) counters like those for interfaces :) 1228902472 M * Bertl_oO thermoman: add a bunch of accounting rules (maybe in the initialize scripts?) to iptables, and collect them in some rrd 1228902523 M * thermoman Bertl_oO: that defeats the "normal" way alias "no special tweaking neccessary" :) 1228902598 M * thermoman i have to customize each and every piece thats goint to process this info 1228902620 M * Bertl_oO then maybe the abovementioned hack is the way to go :) 1228902626 M * thermoman thus my question for VIRT_IFACE_COUNTERS 1228902650 M * Bertl_oO will not happen in the near future on my side :) 1228902656 M * thermoman damn :) 1228902686 M * Bertl_oO mainly for technical reasons 1228902698 J * awk ~awk@41.31.193.238 1228902718 M * awk Good morning 1228902727 M * awk Anyone able to assign grsec + vserver 1228902730 M * awk Error, do this: mount -t proc none /proc ; nukleuz:/# mount -t proc none /proc ; mount: permission denied 1228902736 M * Bertl_oO thermoman: I have to leave now .. i.e. I'm already off, but I'll be back in about 2 hours, if you like to continue the discussion :) 1228902790 Q * awk Read error: Connection reset by peer 1228902823 J * awk ~awk@41.28.196.128 1228902844 M * awk sorry 1228902846 M * awk disconnected 1228903151 J * ktwilight ~ktwilight@7.122-66-87.adsl-dyn.isp.belgacom.be 1228903381 Q * ktwilight__ Ping timeout: 480 seconds 1228903818 Q * awk Ping timeout: 480 seconds 1228904179 Q * hparker Ping timeout: 480 seconds 1228904371 J * hparker ~hparker@2001:470:1f0f:32c:215:f2ff:fe60:79d4 1228904567 J * hparker_lappie ~hparker@2001:470:1f0f:32c:215:f2ff:fe60:79d4 1228904567 Q * hparker Read error: Connection reset by peer 1228904581 N * hparker_lappie hparker 1228904858 J * chi6IT41 ~chigital@tmo-100-59.customers.d1-online.com 1228905134 J * awk ~awk@gw1.security.web.za 1228905162 J * gnuk ~F404ror@pla93-3-82-240-11-251.fbx.proxad.net 1228905624 J * jsambrook1 ~jsambrook@anchor-internet-1-if0.router.demon.net 1228906519 J * ghislainocfs2 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1228907336 J * Adrinael_ adrinael@rid7.kyla.fi 1228907454 Q * Adrinael Ping timeout: 480 seconds 1228907578 Q * awk Ping timeout: 480 seconds 1228907585 J * awk ~awk@dsl-146-26-199.telkomadsl.co.za 1228907642 J * awk- ~awk@gw1.security.web.za 1228908068 Q * awk Ping timeout: 480 seconds 1228908128 Q * awk- Ping timeout: 480 seconds 1228908179 Q * chi6IT41 Quit: bin weg 1228908197 J * chi6IT41 ~chigital@tmo-100-59.customers.d1-online.com 1228909349 Q * jsambrook1 Read error: Connection reset by peer 1228909833 J * awk ~awk@41.28.194.221 1228909849 M * awk hrm, connection issues, anyone answer that question with my proc? 1228910054 J * hparker_lappie ~hparker@2001:470:1f0f:32c:215:f2ff:fe60:79d4 1228910054 Q * hparker Read error: Connection reset by peer 1228910632 N * hparker_lappie hparker 1228910645 M * blathijs awk: Nope, nobody said anything 1228911221 M * awk ok, thanks :) 1228911236 M * awk actually hoping to catch harry, he would know 1228914101 Q * awk Read error: Connection reset by peer 1228915462 M * user123 hello 1228915594 M * Bertl_oO hello 1228915595 M * user123 I have a proxy in a vserver. The Server with the vservers is the router too. Now i want to make a transparent proxy with havp, squid and squidGuard, and i need to force it - without to modifie the browser settings. Si i would use iptables: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to 192.168.7.7:8080 - will this be a endless loop? 1228915687 M * Bertl_oO I would add the original destination -d and make sure that the requests come from eth0 (i.e. outside) 1228915745 M * user123 ok so i need to set a ip-range. 1228915812 M * user123 eth0 is the lan and eth1 the internet. I hope i don't have thinking failure... hmm.. 1228915844 M * Bertl_oO the -d would be the host IP of the proxy :) 1228915862 M * Bertl_oO 192.168.7.7 should be the guest IP 1228916114 M * user123 where is the different between -d and --to-port and --to ? 1228916178 M * nox user123: -d is where the client ask -to is where it gets prerouted 1228916201 M * Bertl_oO host: 192.168.7.6, guest: 192.168.7.7 (for example) 1228916219 M * Bertl_oO -d 192.168.7.6 .... --to 192.168.7.7:8080 1228916219 M * nox :8080 obsoletes --to-port 1228916231 P * ghislainocfs2 1228916311 M * user123 k and why i should set -d for the same ip as in --to ? 1228916326 M * user123 now i'am a little bit confused... 1228916327 M * nox you shouldn't 1228916348 M * nox -d is your router --to is the proxy 1228916445 M * user123 okay thats clear, but should it work without the -d ? Or tell me why its so important to set it - i want to understand it... 1228916592 M * user123 the vserver host is the router too, so why its important so set the -d with the same ip as the host - the router? 1228916660 M * user123 or have missunderstood something? 1228916666 M * user123 +i * 1228916667 M * nox hmm right for a transparent proxy -d is imho not very helpful 1228916690 M * nox better would be -s! $proxyip 1228916693 M * nox better would be -s ! $proxyip 1228916726 M * nox so everything not coming from proxy will be redirected to proxy 1228916735 M * nox without you have a loop 1228916753 M * user123 good, that was my first problem :) 1228916788 M * user123 network interfaces in the vserver are mangaed over the netfilter ,or? 1228916873 M * nox you mean guest with vserver? 1228916898 M * nox everything can be filtered by netfilter on the host 1228916960 M * user123 i know, but i want understand how it is mangaed with ther network interfaces in the guest. 1228917009 M * user123 how the host manage it. 1228917024 M * nox manage what? 1228917046 M * user123 the "virtual" network interfaces - the network interfaces in the guest. 1228917122 M * nox for the host it is like an alias 1228917141 M * Bertl_oO user123: there is no 'virtual' interface in the guest 1228917163 M * Bertl_oO Linux-VServer uses IP isolation not network virtualization 1228917196 N * qzqy quinq 1228917250 M * user123 i know, but i don't how i could explain it... 1228917258 M * user123 know* 1228917358 M * user123 hmm - i wan understand how it works if the guest sends a tcp/udp paket over the network, witch way would it go and how is it handled in the netfilter/iptables on the host. 1228917375 M * user123 i'am bad in formuling questions in english... 1228917415 M * nox its straight forward 1228917431 M * nox everything passes IN/OUT chain on the host 1228917450 M * nox so no forward within the the host 1228917521 M * Bertl_oO no forward between guest and host to be precise 1228917533 M * user123 ok - sry for my bad formuling of questions. I asked couse of the fear of a endless loop with the proxy(you said the solution) and i want understand it for furter iptables problems. 1228917534 M * Bertl_oO of course, the host forwards packets going from eth0 to eth1 1228917556 M * Bertl_oO the 'proxy' problem is actually not even Linux-VServer related 1228917560 J * balbir_ ~balbir@59.145.136.1 1228917587 M * Bertl_oO i.e. you can assume that you have a proxy _on_the_host_ on a specific IP (the guest IP) and you want to do the stuff you are doing 1228917611 M * Bertl_oO means: it is not necessary to consider (or special case) the fact, that the proxy will then be inside a guest 1228917630 M * user123 i know, but there are soem ways to do this and i just want to ask if there can be some problems with iptables... 1228917652 M * nox no there isn't 1228917659 M * nox worx like a charme 1228917666 M * Bertl_oO well, you might want to ask the iptables guys for iptables details :) 1228917693 M * user123 the vserver guys are more nicer that the iptable guys ;) 1228917709 Q * chi6IT41 Ping timeout: 480 seconds 1228917729 M * user123 with the proxy and iptables, there are more ways - to subnets... 1228917745 M * nox but you shouldn't keep Bertl_oO away from advancing that great project :D 1228917750 M * user123 or the not working javascript pac over dhcp... 1228917779 J * ntrs__ ~ntrs@77.29.10.82 1228917793 M * Bertl_oO no idea what you're talking about :) 1228917799 M * user123 he needs some varied :) 1228917822 M * user123 sry what i mean - there are more ways to use proxies 1228917825 M * Bertl_oO btw, thanks for the compliment (to the Linux-VServer folks) 1228917847 M * Bertl_oO yeah, transparent proxies fail in many ways (for several protocols) 1228917856 M * user123 i'am missing vserver on my toaster... 1228917860 M * Bertl_oO the best way is to use an explicit proxy config 1228917889 M * Bertl_oO then your toaster must use an arch which is not supported by linux (yet) :) 1228917899 M * nox you are welcome it is VERY deserved 1228917920 M * user123 if you have tons of computers with windows, linux, and mac - and 3 browsers on each computer, that a proxy configurations i real hard. 1228917942 M * Bertl_oO isn't there a standartized auto-proxy protocol? 1228917946 Q * ntrs_ Read error: Connection reset by peer 1228917958 M * fb Bertl_oO: there is :) 1228917960 M * Bertl_oO at least linux and mac should adhere to that 1228917964 M * user123 i have used a pac file hostet from the apache webserver and publiced over dhcp(option 252) and i still doenst work... 1228917994 M * fb Bertl_oO: and afaik one can use upnp to advertise www proxy in the lan 1228918003 M * user123 btw my toaster is quite old - i need a sun spar toaster, or arm... 1228918008 M * user123 sparc* 1228918031 M * Bertl_oO yeah, you should get one, you'll have instant Linux-VServer there :) 1228918047 M * user123 i couldn't life without vserver... 1228918092 M * user123 great thing to make everything secure, and for development and testing new stuff too... 1228918123 M * user123 at christmas time a can install a 5 node vserver cluster :) 1228918252 M * user123 uhm - i have one last iptable questions - does the iprange modul work with PREROUTING too? 1228918293 M * nox dunno never tried, so give it a try :) 1228918511 M * user123 are you sure that something like "iptables ... -s ! 192.168.7.7 ... " should work? 1228918604 M * ktwilight got a vc_ctx_migrate(): Function not implemented error :/ http://rafb.net/p/0joQzi86.html 1228918616 M * ktwilight Linux sys-hs-02 2.6.27.8-vs2.3.0.36.2 #1 SMP Wed Dec 10 13:41:10 GMT 2008 x86_64 GNU/Linux 1228918634 M * ktwilight it's a fresh and hot baby :) 1228918683 J * chi6IT41 ~chigital@tmo-096-127.customers.d1-online.com 1228918821 J * sardyno ~me@pool-96-235-18-120.pitbpa.fios.verizon.net 1228918915 J * davidkarban ~david@193.85.217.71 1228919053 J * _nono_ ~gomes@libation.ircam.fr 1228919320 M * nox user123: pretty sure, but just try it first with other port if it is a production case 1228919321 M * ktwilight ok, this is odd, vserver's site states 0.30.215 but debian has 0.30.216? is there something that i'm missing...? 1228919360 M * nox why does hashify only work on running vserver? 1228919394 M * daniel_hozac ktwilight: it's a broken prerelease. 1228919436 M * ktwilight ouch :( 1228919461 M * ktwilight why'd it be in backports if it's broken :/ 1228919491 M * ktwilight daniel_hozac, k, so the solution is to get .215? 1228919504 M * daniel_hozac or a recent pre-release. 1228919524 J * derjohn_mob ~aj@80.69.42.51 1228919547 M * ktwilight ... 1228919551 M * ktwilight aha 1228919580 M * ktwilight let's hope sid solves it 1228919657 M * ktwilight hm, sid's won't work, 'cuz of libc6 dependency :| 1228919686 M * nox would love to also use it for a rsync --link-dest backup, which sometimes is incomplete and then (next day) syncs a lot of stuff what is already on the desthost 1228919783 M * nox ok sry OT, just have to make a better script :) 1228920453 M * ktwilight hm, just ran the testfs.sh script, it seems setattr --barrier doesn't work for xfs. known issue? 1228920453 M * ktwilight [106]* setattr --~barrier /home/mnt/dir_2868 1228920475 M * ktwilight think i remember Bertl mentioning about it. 1228920734 Q * chi6IT41 Ping timeout: 480 seconds 1228921298 J * geb ~geb@115.4.82-79.rev.gaoland.net 1228921857 J * ghislainocfs2 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1228921949 J * dreamind ~dreamind@p57B1BC1D.dip0.t-ipconnect.de 1228921951 M * dreamind Hi :) 1228922075 P * ghislainocfs2 1228922122 Q * user123 Remote host closed the connection 1228922172 J * ntrs_ ~ntrs@77.29.21.11 1228922318 J * ghislainocfs2 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1228922359 P * ghislainocfs2 1228922573 M * micah daniel_hozac: hey where does umount2 come from in src/exec-remount.c? 1228922574 Q * ntrs__ Read error: Operation timed out 1228922728 M * geb hi 1228922931 M * micah looks like maybe dietlibc mount.h? 1228923094 M * micah i'm wondering because I got failed builds on two architectures due to linker error: src/exec-remount.c:110: undefined reference to `umount2` 1228923345 Q * hparker Quit: Quit 1228923504 J * chi6IT41 ~chigital@tmo-100-200.customers.d1-online.com 1228924070 J * ghislainocfs2 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1228924121 N * pmenier pmenier_off 1228924395 M * Bertl_oO micah: man umount2 :) 1228924507 M * Bertl_oO ktwilight: barrier is supposed to be working with a recent kernel 1228924528 M * Bertl_oO (for xfs, that is :) 1228924586 M * ktwilight hm, in .27.8? 1228924612 M * dreamind Hi Bertl_oO :) 1228924617 M * ktwilight think in earlier .27 it was broken, but not sure if it's fixed. am checking now since ya mentioned :) 1228924642 Q * Aiken Remote host closed the connection 1228924919 M * daniel_hozac ktwilight: and with recent utils, you shouldn't even need the barrier. 1228924935 M * daniel_hozac micah: sounds like they're missing in dietlibc. 1228924980 M * ktwilight hm, barriers are still disabled in .27, looks like we'll have to wait till .28. 1228925014 M * ktwilight daniel_hozac, .216 failed on me, and i can't grab sid's 'cuz of libc6's dependency which i wouldn't want to upgrade 1228925029 M * daniel_hozac ktwilight: so... build the tarball yourself. 1228925048 M * ktwilight i couldn't find the pre-releases, only the 215? 1228925053 M * arekm barriers are evil 1228925072 A * ktwilight don't even know if he should be worried without barriers 1228925107 M * tam http://people.linux-vserver.org/~dhozac/t/uv-testing/ <-- prereleases 1228925126 M * ktwilight o 1228925140 M * ktwilight thanks tam :) 1228925168 M * ktwilight is that link definitive? can i add it somewhere in the wiki? 1228925178 M * daniel_hozac it's already there. 1228925184 M * ktwilight ... 1228925228 M * ktwilight 'xactly where? am at Downloads and don't see it. 1228925255 Q * sardyno Quit: leaving 1228925276 J * sardyno ~me@pool-96-235-18-120.pitbpa.fios.verizon.net 1228925285 Q * ghislainocfs2 Read error: Connection reset by peer 1228925367 J * hparker ~hparker@2001:470:1f0f:32c:215:f2ff:fe60:79d4 1228925418 N * Bertl_oO Bertl 1228925478 M * micah daniel_hozac: the arch has dietlibc-dev installed, which contains /usr/include/diet/sys/mount.h 1228925502 M * daniel_hozac micah: headers have nothing to do with the linker. 1228925568 M * Bertl ktwilight: feel free to add a link to the Downloads page 1228925604 M * Bertl (if you do so, add the link to the experimental branch too, like on the front page) 1228925626 M * micah daniel_hozac: sure, but /usr/lib/diet/lib/libc.a also has umount2 in it 1228925636 M * ktwilight hmm 1228925711 M * ktwilight Bertl, http://linux-vserver.org/Downloads#util-vserver that's what i have. good? 1228925725 M * Bertl and you probably want to update the experimental patch table too :) 1228925727 M * ktwilight as for the frontpage, don't quite understand. i should add this util-vserver link in the experimental page? 1228925757 M * ktwilight Bertl, it should be updated, i just did it yesterday or something like that :) 1228925761 M * Bertl no, you should add the link to the experimental patches (kernel) to the Downloads page (maybe including your patch matrix :) 1228925786 M * ktwilight ah 1228925811 M * Bertl and below the util-vserver version, add a link to the prereleases too 1228925827 M * Bertl http://people.linux-vserver.org/~dhozac/t/uv-testing/ 1228925828 M * micah here is a build-log on alpha where it fails to find umount2: http://buildd.debian.org/fetch.cgi?&pkg=util-vserver&ver=0.30.216%7Er2772-5&arch=alpha&stamp=1227907425&file=log 1228925856 M * Bertl dietlibc-dev: missing 1228925858 M * ktwilight Bertl, just did, can you please check? but it's a generic link rather than to the patch itself 1228925896 M * ktwilight http://linux-vserver.org/Downloads#Kernel_Patches <- i hope that's what you meant :) 1228925920 M * ktwilight so, i'll add the util-vserver patch in ExperimentalPatchTableMatrix, right? 1228925924 M * Bertl yep, looks fine to me 1228925939 M * Bertl you can do that, but actually no need to do so 1228925952 M * ktwilight yea i think so too 1228925960 M * ktwilight will just leave it as that :) 1228925961 M * Bertl almost all versions of util-vserver work with almost all kernel patches 1228925965 M * micah for some reason it only failed on alpha and ia64 1228925985 M * Bertl micah: read the first 10 lines of the log 1228926016 M * Bertl (or what does the dietlibc-dev: missing mean?) 1228926051 M * micah Bertl: it just means that the package is not installed on the builder, but if you continue reading, you will see that it gets installed 1228926056 M * Bertl ah, obviously that is some kind of dependancy generation 1228926063 M * micah in otherwords, you are just reading the build-dependency satisfaction process 1228926067 M * micah yes 1228926186 M * Bertl I presume it isn't really simple to retry with upstream dietlibc? 1228926534 Q * chi6IT41 Quit: bin weg 1228926940 M * Bertl micah: do you have a debian alpha available somewhere (i.e can your get user access to one)? 1228927154 M * micah Bertl: i might be able to get access to one (this is also happening on ia64 too btw) 1228927187 M * Bertl yes, but I guess we can figure what the problem is with one of those archs, and alpha seemed more realistic :) 1228927241 M * micah there are a few debian developer boxes that are alpha/ia64 that I probably can get access to 1228927243 M * Bertl if you fail, let me know, I have an alpha in my basement, but I have to get it running and install debian on it (so quite some work) 1228927257 M * micah ok, let me try to login to these machines 1228927491 J * dowdle ~dowdle@scott.coe.montana.edu 1228928160 Q * balbir_ Ping timeout: 480 seconds 1228928258 M * fb Bertl: send me this alpha and i can do the rest for you ;-) 1228928726 Q * ktwilight Quit: dead 1228928978 J * faheem ~faheem@cpe-071-077-007-143.nc.res.rr.com 1228929040 M * faheem Hi. I'm getting this message from trying to connect to a Debian etch vserver from a recently upgraded lenny host. Worked fine before upgrade. suggestions about debugging? 1228929057 M * faheem ssh etch 1228929057 M * faheem Read from socket failed: Connection reset by peer 1228929080 M * daniel_hozac what do the logs say? 1228929080 M * Bertl sounds like sshd is not runnign there or you are not permitted to ssh to it 1228929084 M * micah faheem: install the util-vserver from sid 1228929096 M * micah could be the insecure caps problem 1228929116 M * faheem Bertl: ssh is runnig in the vserver - checked. nat is setup too. 1228929135 M * faheem daniel_hozac: what logs - vserver auth logs? 1228929142 M * micah faheem: yeah 1228929184 M * faheem micah: You mean 0.30.216~r2772-5? I'm currently using lennys 0.30.216~r2772-4 - not very different. :-) 1228929192 M * micah faheem: actually very different 1228929202 M * faheem micah: Ok, give me a sec. 1228929218 M * micah -5 is supposed to be in lenny, but hasn't migrated because I can't get it to build on alpha/ia64 1228929278 M * faheem micah: Ok, it's installing. What do I do now? 1228929290 M * micah faheem: look at the auth.log 1228929296 M * faheem stop/start instance? 1228929302 M * faheem micah: Ok, sec. 1228929341 M * faheem micah: Do you want me to paste? pastebin? 1228929346 M * micah pastebin 1228929360 M * faheem micah: Ok, sec. 1228929366 M * micah http://paste.linux-vserver.org/ 1228929460 M * faheem doesn't echo here? http://paste.linux-vserver.org/12645 1228929469 J * ghislainocfs2 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1228929487 M * micah faheem: yeah, so you've got -5 installed, maybe restart your guest 1228929493 M * micah this is the problem that -5 should solve 1228929500 M * faheem micah: Ok, sec. 1228929504 M * micah # 1228929510 M * micah ->>> Dec 10 11:41:24 etch sshd[14822]: fatal: chroot("/var/run/sshd"): Operation not permitted 1228929519 M * Bertl can we somehow push those updates ASAP? 1228929534 M * micah Bertl: i'm waiting on access to that alpha box so we can fix the issue with the build 1228929542 M * micah Bertl: once that builds properly, it will migrate into lenny 1228929552 M * Bertl okay 1228929567 M * faheem micah: Ok, works now. Thanks, that's some fantastic support. You're the Debian maintainer, right? 1228929571 M * micah i'm not sure why my access doesn't work yet, it supposed to be immediate 1228929578 M * faheem what was the issue? link? just curious. 1228929578 M * micah faheem: i am 1228929605 M * micah faheem: the chroot capability was inverted and I didn't get the patch right that made it work :) 1228929617 M * faheem debian specific problem? 1228929644 M * micah yeah 1228929668 M * faheem micah: debian bug report? 1228929715 M * faheem Are you hearing about this a lot from Debian users? :-) 1228929905 M * faheem does the upgrade have to be synced across all platforms? 1228929940 Q * ghislainocfs2 Read error: Connection reset by peer 1228930179 M * faheem Hmm, looks like http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506949 1228930332 Q * kir Quit: Leaving. 1228930396 J * ktwilight ~ktwilight@7.122-66-87.adsl-dyn.isp.belgacom.be 1228931587 M * micah Bertl: ok, I got at an alpha box... I dont have root on it, so this might be somewhat challenging 1228931684 M * daniel_hozac root isn't an issue. 1228931851 J * larsivi ~larsivi@9.80-202-30.nextgentel.com 1228931999 J * ghislainocfs2 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1228932092 M * micah ok, I've just attempted to build it myself in alpha 1228932109 M * micah and I get the same failure, so I now know that its not the buildd environment thats causing it 1228932150 Q * ghislainocfs2 Read error: Connection reset by peer 1228932164 M * micah http://paste.linux-vserver.org/12646 1228932270 M * micah and to show that the dietlibc.a has umount2: http://paste.linux-vserver.org/12647 1228932324 J * ghislainocfs2 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1228932388 M * daniel_hozac it doesn't have a umount2 symbol though. 1228932538 M * micah it doesnt? 1228932545 M * micah what is the last two lines in that paste? 1228932776 Q * dna Quit: Verlassend 1228932825 J * balbir_ ~balbir@122.167.219.26 1228933635 M * daniel_hozac micah: a filename. 1228933644 M * daniel_hozac micah: it built the file, but the file didn't produce a symbol. 1228934859 J * awk ~awk@security.web.za 1228934871 M * awk hi, anyone was able to answer my /proc + grsec question? 1228934906 M * awk i'll re-paste the error: Error, do this: mount -t proc none /proc ; nukleuz:/# mount -t proc none /proc ; mount: permission denied 1228935003 M * Bertl inside a guest or what? 1228935049 M * awk yes, it has only happend now that I installed grsec, not exactly sure what setting could be doing it 1228935068 M * Bertl inside the guest, mounting is not allowed by default 1228935082 M * Bertl i.e. you need to give a special ccapability to do that 1228935108 M * awk and if I remove hmm, style with plain in it I can do a ps aux 1228935120 M * awk ps aux now, it complains about proc not being mounted 1228935143 M * Bertl IMHO you have some problems with the proc security 1228935152 M * awk Bertl this option, 1 sec 1228935163 M * Bertl what distro are you using? 1228935179 M * awk debian, it works now with grsec set to 'low' 1228935199 M * daniel_hozac awk: did you read harry's README? 1228935237 M * awk daniel_hozac no but I would love to? 1228935243 M * awk been trying to catch him for quite some time 1228935261 M * awk I removed stuff I know that doesn't work eg: capabilities restrictions, etc. 1228935284 M * awk I do have an option under filesystem security that is enabled to have proc restrictions.. 1228935302 M * awk but I set this to user who owns the process 1228935365 M * daniel_hozac http://people.linux-vserver.org/~harry/_README_ 1228935375 M * awk thank you! 1228935408 M * awk ahh, so its a chroot restriction, thanks 1228935428 M * awk [*] Deny mounts 1228935431 M * awk blah right in front of my eyes :D 1228935472 M * awk hmm, I see harry stated dont set anything on double chroots, but from what I read this is a way to break out of a chroot, shouldnt it rather be safe to set? 1228935542 M * daniel_hozac util-vserver uses that to do mounts securely. 1228935548 M * daniel_hozac i.e. brekaing out of chroots. 1228935562 M * daniel_hozac Linux-VServer has other methods for keeping guests contained. 1228935579 M * daniel_hozac (filesystem namespaces, barrier= 1228935596 M * awk ahh because look what this states mkdir foo; chroot foo; cd .. (vwala you broke out of a chroot) 1228935601 M * Bertl where the barrier will be faded out gradually ... 1228935620 M * awk ah, i see 1228935638 M * daniel_hozac yes. 1228935651 M * daniel_hozac also documented in chroot(2). 1228935678 M * awk then i will just restric enforce chdir ("/") on the chroot 1228935700 M * daniel_hozac no. 1228935710 Q * kiorky Quit: leaving 1228935749 J * kiorky ~kiorky@ver44-1-82-229-123-127.fbx.proxad.net 1228935765 M * micah ok, would seeing a build-log for dietlibc help determine why the umount2 symbol isn't there? 1228935768 M * awk ;/ 1228935780 M * awk daniel_hozac ok, thanks for advice 1228935801 M * daniel_hozac micah: not really. i assume the headers just don't define __NR_umount2 1228935815 Q * kiorky 1228935836 J * cga ~weechat@94.36.88.11 1228935936 M * awk hrm, is south africa the only country with these mozzies half the size of your hands and move in an up and down motion so you can never catch them! grrr, i'm getting carried away here 1228936061 M * micah mozzies? 1228936066 M * micah oh mosquitos 1228936076 M * awk yes :) 1228936179 M * daniel_hozac micah: you probably want to change it to be #if defined(__NR_umount2) use it... #elif defined(__NR_umount) && defined(__NR_oldumount) use __NR_umount... #endif 1228936187 M * micah daniel_hozac: seems like youa re right: http://paste.linux-vserver.org/12648 1228936189 M * daniel_hozac and change umount accordingly. 1228936232 M * daniel_hozac or just do it the lazy way and use an arch-specific .S. 1228936235 Q * dreamind Quit: leaving 1228936258 M * awk bbl, thanks once again! appreiacte how helpfull this channel really is 1228936259 Q * awk Quit: . 1228936268 M * micah daniel_hozac: i assume you are speaking of src/exec-remount? 1228936271 M * daniel_hozac no. 1228936275 M * daniel_hozac dietlibc, of course. 1228936325 J * kiorky ~kiorky@ver44-1-82-229-123-127.fbx.proxad.net 1228936344 Q * gnuk Remote host closed the connection 1228936438 M * micah i'm afraid this is beyond my skill level 1228936460 M * Bertl do you have shell access there? 1228936489 M * micah i do 1228936521 M * Bertl can you get daniel_hozac or myself access too? 1228936541 M * micah i cannot :( 1228936552 M * micah its restricted to debian developers only 1228936559 M * Bertl okay, np, get a source tree for dietlibc (devian style) 1228936568 M * micah already got it handy 1228936581 M * Bertl make a diff to the vanilla (upstream) dietlibc 1228936584 M * micah compiled it and looked at the objdump to see if I could replicate the missing symbol 1228936591 M * micah got that too 1228936591 M * Bertl upload that somewhere 1228936660 M * micah http://ftp.de.debian.org/debian/pool/main/d/dietlibc/dietlibc_0.31-1.diff.gz 1228936710 M * micah these are generated normally by the debian build process 1228936879 M * Bertl sorry, that is not a diff for the debian version, that is a diff adding the debian folder 1228936899 M * micah thats all that is changed from the upstream 1228936909 M * Bertl please apply the patches, remove the debian folder and make a diff -NurpP 1228936921 M * micah ok 1228937185 M * micah Bertl: http://micah.riseup.net/dietlibc.diff 1228937289 M * Bertl tx, daniel_hozac: I presume alpha and ia64 do not define umount2, they simply reused the syscall, yes? 1228937411 M * Bertl ah, alpha reused oldumount, how about ia64? 1228937797 M * Bertl micah: try this one (completely untested) http://vserver.13thfloor.at/Stuff/DIETLIBC/delta-alpha-umount2.diff 1228937826 M * Bertl rebuild the dietlibc for alpha, check that the lib now has the umount2 as terminal 1228938014 M * micah ok 1228938069 M * Bertl if it does, please do an objdump for that section (disassemble) 1228938287 M * micah Bertl: objdump -d on the libc.a for the disassemble? 1228938295 M * micah here is the symbol: http://paste.linux-vserver.org/12649 1228938357 M * Bertl yes, -d on the libc.a, for umount2 1228938419 M * micah Bertl: http://micah.riseup.net/dietlib_diss 1228938437 M * daniel_hozac i think it would be cleaner to just make umount2.S do the right thing. 1228938491 M * Bertl please go ahead :) 1228938938 Q * balbir_ Ping timeout: 480 seconds 1228939009 J * balbir_ ~balbir@122.167.219.26 1228939129 Q * balbir_ reticulum.oftc.net cation.oftc.net 1228939129 Q * cga reticulum.oftc.net cation.oftc.net 1228939129 Q * larsivi reticulum.oftc.net cation.oftc.net 1228939129 Q * Slydder2 reticulum.oftc.net cation.oftc.net 1228939129 Q * arekm reticulum.oftc.net cation.oftc.net 1228939129 Q * bibabu reticulum.oftc.net cation.oftc.net 1228939129 Q * svenk reticulum.oftc.net cation.oftc.net 1228939129 Q * Wonka reticulum.oftc.net cation.oftc.net 1228939129 Q * opuk reticulum.oftc.net cation.oftc.net 1228939129 Q * morrigan reticulum.oftc.net cation.oftc.net 1228939129 Q * padde reticulum.oftc.net cation.oftc.net 1228939129 Q * vasko reticulum.oftc.net cation.oftc.net 1228939129 Q * bXi reticulum.oftc.net cation.oftc.net 1228939129 Q * quinq reticulum.oftc.net cation.oftc.net 1228939129 Q * simontwo reticulum.oftc.net cation.oftc.net 1228939129 Q * mEDI_S reticulum.oftc.net cation.oftc.net 1228939129 Q * DLange reticulum.oftc.net cation.oftc.net 1228939129 Q * harry reticulum.oftc.net cation.oftc.net 1228939129 Q * Hollow reticulum.oftc.net cation.oftc.net 1228939129 Q * matti reticulum.oftc.net cation.oftc.net 1228939129 Q * bzed reticulum.oftc.net cation.oftc.net 1228939129 Q * SpComb reticulum.oftc.net cation.oftc.net 1228939129 Q * geb reticulum.oftc.net cation.oftc.net 1228939129 Q * Adrinael_ reticulum.oftc.net cation.oftc.net 1228939129 Q * esa reticulum.oftc.net cation.oftc.net 1228939129 Q * independence reticulum.oftc.net cation.oftc.net 1228939129 Q * PowerKe reticulum.oftc.net cation.oftc.net 1228939129 Q * nox reticulum.oftc.net cation.oftc.net 1228939129 Q * mnemoc reticulum.oftc.net cation.oftc.net 1228939129 Q * baggins reticulum.oftc.net cation.oftc.net 1228939129 Q * Guy- reticulum.oftc.net cation.oftc.net 1228939129 Q * wibble reticulum.oftc.net cation.oftc.net 1228939129 Q * maddoc reticulum.oftc.net cation.oftc.net 1228939129 Q * pmjdebruijn reticulum.oftc.net cation.oftc.net 1228939129 Q * ard reticulum.oftc.net cation.oftc.net 1228939129 Q * sid3windr reticulum.oftc.net cation.oftc.net 1228939129 Q * tokkee reticulum.oftc.net cation.oftc.net 1228939129 Q * fosco reticulum.oftc.net cation.oftc.net 1228939129 Q * transacid reticulum.oftc.net cation.oftc.net 1228939129 Q * weasel reticulum.oftc.net cation.oftc.net 1228939129 Q * trippeh reticulum.oftc.net cation.oftc.net 1228939129 Q * yang reticulum.oftc.net cation.oftc.net 1228939129 Q * Hunger reticulum.oftc.net cation.oftc.net 1228939129 Q * [PUPPETS]Gonzo reticulum.oftc.net cation.oftc.net 1228939129 Q * arthur reticulum.oftc.net cation.oftc.net 1228939129 Q * ktwilight reticulum.oftc.net cation.oftc.net 1228939129 Q * derjohn_mob reticulum.oftc.net cation.oftc.net 1228939129 Q * davidkarban reticulum.oftc.net cation.oftc.net 1228939129 Q * thermoman reticulum.oftc.net cation.oftc.net 1228939129 Q * mcp reticulum.oftc.net cation.oftc.net 1228939129 Q * pflanze reticulum.oftc.net cation.oftc.net 1228939129 Q * xdr reticulum.oftc.net cation.oftc.net 1228939129 Q * grobie reticulum.oftc.net cation.oftc.net 1228939129 Q * ensc reticulum.oftc.net cation.oftc.net 1228939130 Q * hijacker_ reticulum.oftc.net cation.oftc.net 1228939130 Q * gcj reticulum.oftc.net cation.oftc.net 1228939130 Q * cehteh reticulum.oftc.net cation.oftc.net 1228939130 Q * phedny reticulum.oftc.net cation.oftc.net 1228939130 Q * kaner reticulum.oftc.net cation.oftc.net 1228939130 Q * meebey reticulum.oftc.net cation.oftc.net 1228939130 Q * kiorky reticulum.oftc.net cation.oftc.net 1228939130 Q * doener reticulum.oftc.net cation.oftc.net 1228939130 Q * pmenier_off reticulum.oftc.net cation.oftc.net 1228939130 Q * derjohn reticulum.oftc.net cation.oftc.net 1228939130 Q * xipe reticulum.oftc.net cation.oftc.net 1228939130 Q * ex reticulum.oftc.net cation.oftc.net 1228939130 Q * karasz reticulum.oftc.net cation.oftc.net 1228939130 Q * arapaho reticulum.oftc.net cation.oftc.net 1228939130 Q * blathijs reticulum.oftc.net cation.oftc.net 1228939130 Q * zbyniu reticulum.oftc.net cation.oftc.net 1228939130 Q * ag- reticulum.oftc.net cation.oftc.net 1228939130 Q * hparker reticulum.oftc.net cation.oftc.net 1228939130 Q * daniel_hozac reticulum.oftc.net cation.oftc.net 1228939130 Q * nou reticulum.oftc.net cation.oftc.net 1228939130 Q * bonbons reticulum.oftc.net cation.oftc.net 1228939130 Q * fb reticulum.oftc.net cation.oftc.net 1228939130 Q * FloodServ reticulum.oftc.net cation.oftc.net 1228939130 Q * mugwump reticulum.oftc.net cation.oftc.net 1228939130 Q * ntrs_ reticulum.oftc.net cation.oftc.net 1228939130 Q * nenolod reticulum.oftc.net cation.oftc.net 1228939130 Q * dowdle reticulum.oftc.net cation.oftc.net 1228939130 Q * MooingLemur reticulum.oftc.net cation.oftc.net 1228939130 Q * tam reticulum.oftc.net cation.oftc.net 1228939130 Q * brc reticulum.oftc.net cation.oftc.net 1228939130 Q * faheem reticulum.oftc.net cation.oftc.net 1228939130 Q * micah reticulum.oftc.net cation.oftc.net 1228939130 Q * AndrewLee reticulum.oftc.net cation.oftc.net 1228939130 Q * sardyno reticulum.oftc.net cation.oftc.net 1228939130 Q * nkukard reticulum.oftc.net cation.oftc.net 1228939130 Q * dkg reticulum.oftc.net cation.oftc.net 1228939130 Q * FireEgl reticulum.oftc.net cation.oftc.net 1228939130 Q * Supaplex reticulum.oftc.net cation.oftc.net 1228939130 Q * infowolfe reticulum.oftc.net cation.oftc.net 1228939182 J * nou Chaton@causse.larzac.fr.eu.org 1228939182 J * daniel_hozac ~daniel@ssh.hozac.com 1228939182 J * hparker ~hparker@2001:470:1f0f:32c:215:f2ff:fe60:79d4 1228939182 J * gcj ~chris@cpc3-cmbg7-0-0-cust452.cmbg.cable.ntl.com 1228939182 J * arapaho ~arapaho@213.223.114.206 1228939182 J * karasz ~karasz@shell.opensde.net 1228939182 J * ag- ~ag@fedaykin.roxor.cx 1228939182 J * zbyniu ~zbyniu@ip-62.181.188.13.static.crowley.pl 1228939182 J * blathijs ~matthijs@drsnuggles.stderr.nl 1228939182 J * ex ex@85.232.229.248 1228939182 J * meebey meebey@booster.qnetp.net 1228939182 J * kaner ~kaner@zzz.strace.org 1228939182 J * xipe ~xipe@91.121.168.169 1228939182 J * cehteh ~ct@pipapo.org 1228939182 J * phedny ~mark@phedny.vps.van-cuijk.nl 1228939182 J * hijacker_ ~hijacker@213.91.163.5 1228939182 J * ensc ~irc-ensc@77.235.182.26 1228939182 J * grobie ~grobie@valgrind.schnuckelig.eu 1228939182 J * xdr ~xdr@118-173-96-87.cust.blixtvik.se 1228939182 J * derjohn ~derjohn@80.69.41.3 1228939182 J * pmenier_off ~pme@LNeuilly-152-22-72-5.w193-251.abo.wanadoo.fr 1228939182 J * pflanze ~chris__@77-56-73-53.dclient.hispeed.ch 1228939182 J * mcp ~mcp@wolk-project.de 1228939182 J * doener ~doener@i577B8178.versanet.de 1228939182 J * thermoman ~thermoman@84.201.90.210 1228939182 J * davidkarban ~david@193.85.217.71 1228939182 J * derjohn_mob ~aj@80.69.42.51 1228939182 J * ktwilight ~ktwilight@7.122-66-87.adsl-dyn.isp.belgacom.be 1228939182 J * kiorky ~kiorky@ver44-1-82-229-123-127.fbx.proxad.net 1228939182 J * mugwump ~samv@watts.utsl.gen.nz 1228939182 J * nenolod nenolod@petrie.dereferenced.org 1228939182 J * FireEgl FireEgl@173-16-9-10.client.mchsi.com 1228939182 J * AndrewLee ~andrew@flat.iis.sinica.edu.tw 1228939182 J * MooingLemur ~troy@shells195.pinchaser.com 1228939182 J * Supaplex ~supaplex@166.70.62.193 1228939182 J * tam ~tam@gw.nettam.com 1228939182 J * brc bruce@72.20.27.65 1228939182 J * dkg ~dkg@lair.fifthhorseman.net 1228939182 J * FloodServ services@services.oftc.net 1228939182 J * fb fback@red.fback.net 1228939182 J * nkukard ~nkukard@196.212.73.74 1228939182 J * micah ~micah@micah.riseup.net 1228939182 J * infowolfe ~infowolfe@c-24-21-204-172.hsd1.or.comcast.net 1228939182 J * ntrs_ ~ntrs@77.29.21.11 1228939182 J * sardyno ~me@pool-96-235-18-120.pitbpa.fios.verizon.net 1228939182 J * dowdle ~dowdle@scott.coe.montana.edu 1228939182 J * faheem ~faheem@cpe-071-077-007-143.nc.res.rr.com 1228939182 J * morrigan morrigan@IRC.13thfloor.at 1228939182 J * svenk ~sven@213.73.89.36 1228939182 J * Wonka produziert@chaos.in-kiel.de 1228939182 J * opuk ~kupo@potatisbulle.com 1228939182 J * PowerKe ~tom@d5153A64C.access.telenet.be 1228939182 J * nox ~nox@nox.user.oftc.net 1228939182 J * mnemoc ~amery@shell.opensde.net 1228939182 J * baggins ~baggins@kenny.mimuw.edu.pl 1228939182 J * sid3windr luser@bastard-operator.from-hell.be 1228939182 J * Guy- ~korn@elan.rulez.org 1228939182 J * fosco fosco@212.85.148.86 1228939182 J * Hunger Hunger.hu@Hunger.hu 1228939182 J * [PUPPETS]Gonzo gonzo@fellatio.deswahnsinns.de 1228939182 J * transacid ~transacid@transacid.de 1228939182 J * arthur ~arthur@pan.madism.org 1228939182 J * wibble wibble@vortex.ukshells.co.uk 1228939182 J * maddoc maddoc@social.ostruktur.com 1228939182 J * weasel ~weasel@weasel.noc.oftc.net 1228939182 J * pmjdebruijn pascal@jester.pcode.nl 1228939182 J * trippeh atomt@uff.ugh.no 1228939182 J * yang yang@yang.netrep.oftc.net 1228939182 J * DLange ~DLange@dlange.user.oftc.net 1228939182 J * mEDI_S ~medi@snipah.com 1228939182 J * padde ~padde@patrick-nagel.net 1228939182 J * matti matti@acrux.romke.net 1228939182 J * harry ~harry@d51A461B4.access.telenet.be 1228939182 J * bzed ~bzed@devel.recluse.de 1228939182 J * SpComb terom@zapotek.paivola.fi 1228939182 J * vasko ~vasko@unreal.rainside.sk 1228939182 J * bXi bluepunk@irssi.co.uk 1228939182 J * quinq ~user@quinq.eu.org 1228939182 J * simontwo ~simon@diogenes.bruteforce.dk 1228939182 J * tokkee tokkee@ssh.faui2k3.org 1228939182 J * Hollow ~hollow@shiva.xnull.de 1228939182 J * ard ~ard@shell2.kwaak.net 1228939182 J * independence independen@titan.blinkenshell.org 1228939182 J * bibabu bibabu@status2k.de 1228939182 J * arekm arekm@carme.pld-linux.org 1228939182 J * esa ~esa@ip-87-238-2-45.static.adsl.cheapnet.it 1228939182 J * Slydder2 ~chuck@dslb-088-072-219-180.pools.arcor-ip.net 1228939182 J * Adrinael_ adrinael@rid7.kyla.fi 1228939182 J * geb ~geb@115.4.82-79.rev.gaoland.net 1228939182 J * larsivi ~larsivi@9.80-202-30.nextgentel.com 1228939182 J * cga ~weechat@94.36.88.11 1228939182 J * balbir_ ~balbir@122.167.219.26 1228939182 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1228939195 Q * daniel_hozac reticulum.oftc.net cation.oftc.net 1228939195 Q * nou reticulum.oftc.net cation.oftc.net 1228939195 Q * hparker reticulum.oftc.net cation.oftc.net 1228939195 Q * ktwilight reticulum.oftc.net cation.oftc.net 1228939195 Q * derjohn_mob reticulum.oftc.net cation.oftc.net 1228939195 Q * davidkarban reticulum.oftc.net cation.oftc.net 1228939195 Q * thermoman reticulum.oftc.net cation.oftc.net 1228939195 Q * xdr reticulum.oftc.net cation.oftc.net 1228939195 Q * ensc reticulum.oftc.net cation.oftc.net 1228939195 Q * hijacker_ reticulum.oftc.net cation.oftc.net 1228939195 Q * gcj reticulum.oftc.net cation.oftc.net 1228939195 Q * pflanze reticulum.oftc.net cation.oftc.net 1228939195 Q * grobie reticulum.oftc.net cation.oftc.net 1228939195 Q * cehteh reticulum.oftc.net cation.oftc.net 1228939195 Q * phedny reticulum.oftc.net cation.oftc.net 1228939195 Q * kaner reticulum.oftc.net cation.oftc.net 1228939195 Q * meebey reticulum.oftc.net cation.oftc.net 1228939195 Q * mcp reticulum.oftc.net cation.oftc.net 1228939195 Q * derjohn reticulum.oftc.net cation.oftc.net 1228939195 Q * xipe reticulum.oftc.net cation.oftc.net 1228939195 Q * ex reticulum.oftc.net cation.oftc.net 1228939195 Q * karasz reticulum.oftc.net cation.oftc.net 1228939195 Q * arapaho reticulum.oftc.net cation.oftc.net 1228939195 Q * doener reticulum.oftc.net cation.oftc.net 1228939195 Q * pmenier_off reticulum.oftc.net cation.oftc.net 1228939195 Q * kiorky reticulum.oftc.net cation.oftc.net 1228939195 Q * blathijs reticulum.oftc.net cation.oftc.net 1228939195 Q * zbyniu reticulum.oftc.net cation.oftc.net 1228939195 Q * ag- reticulum.oftc.net cation.oftc.net 1228939195 Q * fb reticulum.oftc.net cation.oftc.net 1228939195 Q * FloodServ reticulum.oftc.net cation.oftc.net 1228939195 Q * mugwump reticulum.oftc.net cation.oftc.net 1228939195 Q * ntrs_ reticulum.oftc.net cation.oftc.net 1228939195 Q * nenolod reticulum.oftc.net cation.oftc.net 1228939195 Q * dowdle reticulum.oftc.net cation.oftc.net 1228939195 Q * tam reticulum.oftc.net cation.oftc.net 1228939195 Q * MooingLemur reticulum.oftc.net cation.oftc.net 1228939195 Q * brc reticulum.oftc.net cation.oftc.net 1228939195 Q * faheem reticulum.oftc.net cation.oftc.net 1228939195 Q * micah reticulum.oftc.net cation.oftc.net 1228939195 Q * AndrewLee reticulum.oftc.net cation.oftc.net 1228939195 Q * nkukard reticulum.oftc.net cation.oftc.net 1228939195 Q * Supaplex reticulum.oftc.net cation.oftc.net 1228939195 Q * sardyno reticulum.oftc.net cation.oftc.net 1228939195 Q * dkg reticulum.oftc.net cation.oftc.net 1228939195 Q * FireEgl reticulum.oftc.net cation.oftc.net 1228939195 Q * infowolfe reticulum.oftc.net cation.oftc.net 1228939195 Q * cga reticulum.oftc.net cation.oftc.net 1228939195 Q * larsivi reticulum.oftc.net cation.oftc.net 1228939195 Q * Slydder2 reticulum.oftc.net cation.oftc.net 1228939195 Q * bibabu reticulum.oftc.net cation.oftc.net 1228939195 Q * opuk reticulum.oftc.net cation.oftc.net 1228939196 Q * morrigan reticulum.oftc.net cation.oftc.net 1228939196 Q * Wonka reticulum.oftc.net cation.oftc.net 1228939196 Q * balbir_ reticulum.oftc.net cation.oftc.net 1228939196 Q * svenk reticulum.oftc.net cation.oftc.net 1228939196 Q * arekm reticulum.oftc.net cation.oftc.net 1228939196 Q * simontwo reticulum.oftc.net cation.oftc.net 1228939196 Q * quinq reticulum.oftc.net cation.oftc.net 1228939196 Q * bXi reticulum.oftc.net cation.oftc.net 1228939196 Q * vasko reticulum.oftc.net cation.oftc.net 1228939196 Q * padde reticulum.oftc.net cation.oftc.net 1228939196 Q * Hollow reticulum.oftc.net cation.oftc.net 1228939196 Q * harry reticulum.oftc.net cation.oftc.net 1228939196 Q * DLange reticulum.oftc.net cation.oftc.net 1228939196 Q * mEDI_S reticulum.oftc.net cation.oftc.net 1228939196 Q * matti reticulum.oftc.net cation.oftc.net 1228939196 Q * SpComb reticulum.oftc.net cation.oftc.net 1228939196 Q * bzed reticulum.oftc.net cation.oftc.net 1228939196 Q * geb reticulum.oftc.net cation.oftc.net 1228939196 Q * esa reticulum.oftc.net cation.oftc.net 1228939196 Q * independence reticulum.oftc.net cation.oftc.net 1228939196 Q * pmjdebruijn reticulum.oftc.net cation.oftc.net 1228939196 Q * maddoc reticulum.oftc.net cation.oftc.net 1228939196 Q * wibble reticulum.oftc.net cation.oftc.net 1228939196 Q * Guy- reticulum.oftc.net cation.oftc.net 1228939196 Q * baggins reticulum.oftc.net cation.oftc.net 1228939196 Q * mnemoc reticulum.oftc.net cation.oftc.net 1228939196 Q * nox reticulum.oftc.net cation.oftc.net 1228939196 Q * PowerKe reticulum.oftc.net cation.oftc.net 1228939196 Q * Adrinael_ reticulum.oftc.net cation.oftc.net 1228939196 Q * [PUPPETS]Gonzo reticulum.oftc.net cation.oftc.net 1228939196 Q * transacid reticulum.oftc.net cation.oftc.net 1228939196 Q * sid3windr reticulum.oftc.net cation.oftc.net 1228939196 Q * Hunger reticulum.oftc.net cation.oftc.net 1228939196 Q * fosco reticulum.oftc.net cation.oftc.net 1228939196 Q * tokkee reticulum.oftc.net cation.oftc.net 1228939196 Q * yang reticulum.oftc.net cation.oftc.net 1228939196 Q * ard reticulum.oftc.net cation.oftc.net 1228939196 Q * trippeh reticulum.oftc.net cation.oftc.net 1228939196 Q * arthur reticulum.oftc.net cation.oftc.net 1228939196 Q * weasel reticulum.oftc.net cation.oftc.net 1228939196 Q * bonbons reticulum.oftc.net cation.oftc.net 1228939345 J * dkg ~dkg@lair.fifthhorseman.net 1228939345 J * brc bruce@72.20.27.65 1228939345 J * tam ~tam@gw.nettam.com 1228939345 J * Supaplex ~supaplex@166.70.62.193 1228939345 J * MooingLemur ~troy@shells195.pinchaser.com 1228939345 J * AndrewLee ~andrew@flat.iis.sinica.edu.tw 1228939345 J * FireEgl FireEgl@173-16-9-10.client.mchsi.com 1228939345 J * nenolod nenolod@petrie.dereferenced.org 1228939345 J * mugwump ~samv@watts.utsl.gen.nz 1228939345 J * FloodServ services@services.oftc.net 1228939345 J * fb fback@red.fback.net 1228939345 J * nkukard ~nkukard@196.212.73.74 1228939345 J * micah ~micah@micah.riseup.net 1228939345 J * infowolfe ~infowolfe@c-24-21-204-172.hsd1.or.comcast.net 1228939345 J * ntrs_ ~ntrs@77.29.21.11 1228939345 J * sardyno ~me@pool-96-235-18-120.pitbpa.fios.verizon.net 1228939345 J * dowdle ~dowdle@scott.coe.montana.edu 1228939345 J * faheem ~faheem@cpe-071-077-007-143.nc.res.rr.com 1228939345 J * morrigan morrigan@IRC.13thfloor.at 1228939345 J * svenk ~sven@213.73.89.36 1228939345 J * Wonka produziert@chaos.in-kiel.de 1228939345 J * opuk ~kupo@potatisbulle.com 1228939345 J * PowerKe ~tom@d5153A64C.access.telenet.be 1228939345 J * nox ~nox@nox.user.oftc.net 1228939345 J * mnemoc ~amery@shell.opensde.net 1228939345 J * baggins ~baggins@kenny.mimuw.edu.pl 1228939345 J * sid3windr luser@bastard-operator.from-hell.be 1228939345 J * Guy- ~korn@elan.rulez.org 1228939345 J * fosco fosco@212.85.148.86 1228939345 J * Hunger Hunger.hu@Hunger.hu 1228939345 J * [PUPPETS]Gonzo gonzo@fellatio.deswahnsinns.de 1228939345 J * transacid ~transacid@transacid.de 1228939345 J * arthur ~arthur@pan.madism.org 1228939345 J * wibble wibble@vortex.ukshells.co.uk 1228939345 J * maddoc maddoc@social.ostruktur.com 1228939345 J * weasel ~weasel@weasel.noc.oftc.net 1228939345 J * pmjdebruijn pascal@jester.pcode.nl 1228939345 J * trippeh atomt@uff.ugh.no 1228939345 J * yang yang@yang.netrep.oftc.net 1228939345 J * DLange ~DLange@dlange.user.oftc.net 1228939345 J * mEDI_S ~medi@snipah.com 1228939345 J * padde ~padde@patrick-nagel.net 1228939345 J * matti matti@acrux.romke.net 1228939345 J * harry ~harry@d51A461B4.access.telenet.be 1228939345 J * bzed ~bzed@devel.recluse.de 1228939345 J * SpComb terom@zapotek.paivola.fi 1228939345 J * vasko ~vasko@unreal.rainside.sk 1228939345 J * bXi bluepunk@irssi.co.uk 1228939345 J * quinq ~user@quinq.eu.org 1228939345 J * simontwo ~simon@diogenes.bruteforce.dk 1228939345 J * tokkee tokkee@ssh.faui2k3.org 1228939345 J * Hollow ~hollow@shiva.xnull.de 1228939345 J * ard ~ard@shell2.kwaak.net 1228939345 J * independence independen@titan.blinkenshell.org 1228939345 J * bibabu bibabu@status2k.de 1228939345 J * arekm arekm@carme.pld-linux.org 1228939345 J * esa ~esa@ip-87-238-2-45.static.adsl.cheapnet.it 1228939345 J * Slydder2 ~chuck@dslb-088-072-219-180.pools.arcor-ip.net 1228939345 J * Adrinael_ adrinael@rid7.kyla.fi 1228939345 J * geb ~geb@115.4.82-79.rev.gaoland.net 1228939345 J * larsivi ~larsivi@9.80-202-30.nextgentel.com 1228939345 J * cga ~weechat@94.36.88.11 1228939345 J * balbir_ ~balbir@122.167.219.26 1228939345 J * meebey meebey@booster.qnetp.net 1228939345 J * kiorky ~kiorky@ver44-1-82-229-123-127.fbx.proxad.net 1228939345 J * ktwilight ~ktwilight@7.122-66-87.adsl-dyn.isp.belgacom.be 1228939345 J * derjohn_mob ~aj@80.69.42.51 1228939345 J * davidkarban ~david@193.85.217.71 1228939345 J * thermoman ~thermoman@84.201.90.210 1228939345 J * doener ~doener@i577B8178.versanet.de 1228939345 J * mcp ~mcp@wolk-project.de 1228939345 J * pflanze ~chris__@77-56-73-53.dclient.hispeed.ch 1228939345 J * pmenier_off ~pme@LNeuilly-152-22-72-5.w193-251.abo.wanadoo.fr 1228939345 J * derjohn ~derjohn@80.69.41.3 1228939345 J * xdr ~xdr@118-173-96-87.cust.blixtvik.se 1228939345 J * grobie ~grobie@valgrind.schnuckelig.eu 1228939345 J * ensc ~irc-ensc@77.235.182.26 1228939345 J * hijacker_ ~hijacker@213.91.163.5 1228939345 J * phedny ~mark@phedny.vps.van-cuijk.nl 1228939346 J * cehteh ~ct@pipapo.org 1228939346 J * xipe ~xipe@91.121.168.169 1228939346 J * kaner ~kaner@zzz.strace.org 1228939346 J * ex ex@85.232.229.248 1228939346 J * blathijs ~matthijs@drsnuggles.stderr.nl 1228939346 J * zbyniu ~zbyniu@ip-62.181.188.13.static.crowley.pl 1228939346 J * ag- ~ag@fedaykin.roxor.cx 1228939346 J * karasz ~karasz@shell.opensde.net 1228939346 J * arapaho ~arapaho@213.223.114.206 1228939346 J * gcj ~chris@cpc3-cmbg7-0-0-cust452.cmbg.cable.ntl.com 1228939349 J * hparker ~hparker@2001:470:1f0f:32c:215:f2ff:fe60:79d4 1228939349 J * daniel_hozac ~daniel@ssh.hozac.com 1228939349 J * nou Chaton@causse.larzac.fr.eu.org 1228939353 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1228939389 M * micah yow 1228939390 J * ntrs__ ~ntrs@77.29.21.11 1228939414 M * micah Bertl: so that worked? can we do another for ia64 which has the same problem? 1228939438 M * Bertl well, does it work for util-vserver? or does it just fix the compile? 1228939454 M * micah i'd like a more 'clean' solution as well, but I'm also wanting whatever solution will get -5 into lenny before release, which seems like it will require getting a fixed dietlibc-dev in first 1228939462 M * Bertl and daniel_hozac suggested a cleaner/proper fix 1228939468 Q * ntrs_ Read error: Connection reset by peer 1228939471 M * micah ah maybe I missed it in the netsplit? 1228939623 M * Bertl probably not .. he hasn't pasted a link yet 1228939644 M * micah oh :) 1228939665 M * Bertl try the same for ia64 in the meantime (compile wise) 1228939677 M * Bertl i.e. same patch but for the ia64 dir 1228939680 Q * cga Quit: WeeChat 0.2.6 1228939681 M * micah ok 1228940330 M * micah Bertl: http://paste.linux-vserver.org/12650 1228940396 M * micah and http://micah.riseup.net/dietlibc_ia64_diss 1228940433 M * micah i notice that its a little different from the alpha one 1228940515 M * daniel_hozac http://people.linux-vserver.org/~dhozac/p/m/delta-umount2-fix01.diff 1228940518 M * daniel_hozac is what i had in mind. 1228940633 M * Bertl yep, makes sense if we can assume that this is true for all archs 1228940655 M * daniel_hozac sys_oldumount is the one that takes one argument. 1228940994 M * Bertl micah: test compile with daniel_hozac's patch, but you need to test for all archs which do not define umount2 1228941197 M * micah do we have a list of others that do not? 1228941285 M * daniel_hozac for arches which don't define umount2, umount2 ought to be a simple umount(path, 0). 1228941299 M * daniel_hozac umm. other way around. 1228941323 M * daniel_hozac i.e. umount is umount2(path, 0) and umount2 is the umount syscall. 1228942024 M * micah ok, well... this compiled on alpha, where else should I attempt the compile? 1228942179 M * daniel_hozac ia64, x86_64, i386, ppc... 1228942312 Q * davidkarban Quit: Ex-Chat 1228942490 M * Bertl also verify at least on one of the affected archs that it works as expected, and test on x86* that it doesn'tdo any harm 1228942658 M * Bertl finally, if all works well, please submit the changes upstream (i.e. to fefe) 1228942703 M * Bertl daniel_hozac: any simple test for the umount2 which can be done via util-vserver? 1228942720 M * daniel_hozac not really. 1228942752 M * Bertl lazy umount would be a good test, or? 1228942765 M * daniel_hozac sure. 1228942797 M * Bertl micah: so you probably want to make a simple C test program, which does just that 1228942889 M * Bertl if you need help there, just let me know :) 1228943071 M * micah i could use the help actually 1228943120 M * daniel_hozac int main(int argc, char *argv[]) { if (umount2(argv[1], MNT_DETACH) == -1) perror("umount2"); return 0; } 1228943251 M * micah and then use the patched dietlibc to compile that? 1228943327 J * FaUl immo@2001:4c50:ffff:a8::8 1228943329 M * FaUl oink 1228943339 M * FaUl i'm just building a vpn-vserver 1228943354 M * FaUl i added NET_ADMIN to the bcapabilities in order to allow it to configure the network 1228943368 M * Bertl micah: yep, and then use that to unmount a loop mount you are currently in 1228943373 M * FaUl (yes, i'm sure that i want this and i'm aware of the security problems) 1228943395 M * FaUl but i cannot see every interface with every ip - what additional configuration do i need in order to archive that? 1228943411 M * Bertl configure it for ip 0.0.0.0 1228943417 M * FaUl ah, that was to easy 1228943418 M * FaUl thx 1228943444 M * daniel_hozac FaUl: you know you can do it securely, right? 1228943465 M * FaUl daniel_hozac: nope, that is new? 1228943484 M * FaUl the last time, i invested time in that it wasn't possible i think 1228943490 M * FaUl but this is at least one year ago 1228943540 M * daniel_hozac the easiness of it is semi-new, i guess. 1228943553 M * FaUl is there some documentation? 1228943560 M * FaUl Linux weltzentrale 2.6.22.18-vs2.3.0.32wz.01 #1 SMP Sun Mar 9 00:34:11 CET 2008 i686 GNU/Linux 1228943560 M * daniel_hozac requires you use a decent VPN-server though. 1228943568 M * FaUl should be good enough i hope 1228943573 M * daniel_hozac e.g. openvpn. 1228943580 M * FaUl tinc is what i use 1228943603 M * FaUl openvpn really sucks when you need full-mesh ;-) 1228943638 M * daniel_hozac so figure out how to configure it to not setup the interface then. 1228943661 M * FaUl thats easy, it doesn't do it by default 1228943684 M * daniel_hozac so you pass it an open fd to /dev/net/tun? 1228943692 M * daniel_hozac already configured for the interface you want? 1228943726 M * FaUl i'm not sure how that tun-stuff really works, but it creates a new tap-device called like the network is named 1228943739 M * daniel_hozac then it sets up the interface. 1228943765 M * FaUl ah, i thought you meant that ip-setup 1228943788 M * daniel_hozac but just setup the /etc/vservers//interfaces/X directory with the info you want, and touch tun or tap in that directory. 1228943789 J * ntrs_ ~ntrs@77.29.22.56 1228943848 M * FaUl 1what do you mean with "touch tun or tap? 1228943852 M * FaUl ah, create empty files? 1228943861 M * daniel_hozac that is what touch does, yes. 1228943874 M * FaUl in fact it updates the atime ;-) 1228943891 M * daniel_hozac i think you mean mtime. 1228943895 M * FaUl (and the mtime) 1228943906 M * FaUl ah, you where faster 1228943924 M * daniel_hozac technically it updates all three, but two are just side effects. 1228943945 M * micah how do I get dietlibc to include dietlibc-0.31/include/sys/mount.h when I compile? 1228943955 M * FaUl ctime should not be updated if the file allready exists 1228943973 M * FaUl anyway, lets stop nitpicking ;-) 1228943986 M * daniel_hozac micah: uh, why does it matter? 1228944000 M * daniel_hozac micah: but #include should do the trick. 1228944021 M * micah daniel_hozac: yeah I guess you are right there 1228944045 M * daniel_hozac FaUl: you're modifying mtime, which is a status change, thus ctime ought to be updated. 1228944085 M * micah hmm, I am going to need losetup to make a loopmount 1228944118 M * daniel_hozac micah: you'll need root for that. 1228944122 M * Bertl well, you can use a normal mount as well 1228944145 M * Bertl (as long as you are permitted to unmount it :) 1228944156 M * micah yeah, the problem is I do not have root on most of these arches 1228944170 M * FaUl daniel_hozac: ah, of course your right 1228944173 M * Bertl maybe one of the admins can help out there? 1228944175 M * FaUl you're 1228944186 M * FaUl i allways mix up ctime with "creation time" ;-) 1228944213 Q * ntrs__ Ping timeout: 480 seconds 1228944220 M * micah well, amongst us, maybe we have enough arches to test? 1228944285 M * FaUl daniel_hozac: thx for the tip, but that will not work for me 1228944294 M * FaUl as the interface does not longer goes down, if vpn breaks away 1228944313 M * FaUl and thus the ospfd continues announcing a route that does not longer exist 1228944329 M * fb FaUl: i'm sure it's named like that in many books about unix :) 1228944353 M * fb FaUl: i'm sure i saw it in some manpages too 1228944554 M * FaUl Bertl: mh, adding 0.0.0.0 did not help to see eveerything on the device 1228944567 Q * ntrs_ Read error: Connection reset by peer 1228944607 M * micah Bertl: is it sufficient to create a ext3 fs in a loop file and then mount that and then change dir into it? 1228944643 M * FaUl anyway, my gf forces me into bed, so i cannot work on that any further right now. but i will read backlog in case somebody wants to help... ;-) 1228944646 M * FaUl n8 1228944711 M * micah hmm not able to get debian root people to do this 1228944825 M * micah i can test this on x86_64, i386 but not much more than that it seems 1228944861 Q * ghislainocfs2 Read error: Connection reset by peer 1228944924 M * Bertl well, then it will be untested on alpha or ia64 .. if that is debian policy, so be it :) 1228944967 M * Bertl micah: and yes, it is more than sufficient to make a mount, chdir into it, and try to unmount it (the normal way) which should fail 1228944977 M * micah its not policy, i just do not have access to do these types of tests on those architectures 1228944987 M * Bertl then unmount it with detach, which should succeed 1228945006 M * micah "with detatch" means with this test umount.c 1228945014 M * Bertl yep 1228945280 J * ghislainocfs2 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1228945571 Q * bonbons Quit: Leaving 1228945642 M * micah Bertl: success means what exactly? 1228945736 M * daniel_hozac success means no error. 1228945751 M * micah but not actually unmounting it 1228945784 M * daniel_hozac until you cd out of it. 1228945807 M * micah I do not get an error, but when I cd out of it, it is not unmounted 1228945821 M * micah unless you mean to say that I cd out of it and then run the umount again 1228945827 M * daniel_hozac it should become immediately unreachable. 1228945843 M * daniel_hozac only in the current shell should you be able to see the mount. 1228945845 M * micah it appears as if it is unreachable, but its still in the fstab 1228945848 M * micah ah 1228945857 M * micah hm 1228945863 M * daniel_hozac fstab has nothing to do with it at all :-) 1228945873 M * micah i still see it when I open another shell 1228945885 M * daniel_hozac i.e. see the contents? 1228945932 M * micah no 1228945956 M * daniel_hozac that's all we care about right now 1228945968 M * micah ok, then if i issue a umount again (while out of the dir), I get: 1228945975 M * micah umount: /dev/loop0: not mounted 1228945976 M * micah umount: /dev/loop0: not mounted 1228945979 M * micah and then its gone from the fstab 1228945984 M * micah err 1228945988 M * micah why do I keep saying fstab 1228945991 M * micah gone from 'df' 1228945996 M * daniel_hozac i.e. mtab. 1228946000 M * micah yes, thank you 1228946003 M * daniel_hozac but that's not what we care about at all. 1228946020 M * daniel_hozac all that matters is, can you access the conents? 1228946024 M * micah no, i cannot 1228946032 M * daniel_hozac which means it was unmounted. 1228946070 M * micah ok, I've tested this on i386, I can do x86_64, but beyond that I need to fish around for people to help with those arches 1228946358 J * Aiken ~Aiken@ppp118-208-8-76.lns1.bne1.internode.on.net 1228948690 Q * derjohn_mob Ping timeout: 480 seconds 1228949618 Q * geb Remote host closed the connection 1228951816 J * derjohn_mob ~aj@e180211186.adsl.alicedsl.de 1228951882 Q * Slydder2 Quit: Leaving.