1228953668 Q * nenolod Ping timeout: 480 seconds 1228954190 Q * larsivi Remote host closed the connection 1228954224 J * larsivi ~larsivi@9.80-202-30.nextgentel.com 1228954362 Q * SpComb Remote host closed the connection 1228954366 J * SpComb terom@zapotek.paivola.fi 1228954632 J * nenolod ~nenolod@ip70-189-74-62.ok.ok.cox.net 1228955350 Q * nenolod Quit: Leaving 1228955418 J * nenolod nenolod@petrie.dereferenced.org 1228957037 Q * balbir_ Ping timeout: 480 seconds 1228957646 Q * dowdle Remote host closed the connection 1228957707 J * balbir_ ~balbir@122.167.218.124 1228958097 Q * infowolfe Ping timeout: 480 seconds 1228958174 J * infowolfe ~infowolfe@c-24-21-204-172.hsd1.or.comcast.net 1228958780 Q * infowolfe Read error: Operation timed out 1228960636 J * arapaho_ ~arapaho@213.223.114.206 1228960753 Q * arapaho Ping timeout: 480 seconds 1228960754 Q * hparker Quit: Quit 1228961603 J * hparker ~hparker@2001:470:1f0f:32c:212:f0ff:fe0f:6f86 1228963780 J * infowolfe ~infowolfe@c-24-21-204-37.hsd1.or.comcast.net 1228965624 J * _gh_ ~gerrit@12.51.223.155 1228966435 Q * Aiken Quit: Leaving 1228969078 M * Bertl off to bed now .. have a good one everyone! 1228969083 N * Bertl Bertl_zZ 1228969948 J * jaqque foobar@buddha.sbih.org 1228969996 M * jaqque i'm having a bit of a problem with starting (well, creating) a vserver on a powerpc system. debian lenny (testing) 1228969999 M * jaqque vattribute: vc_set_ccaps(): Interrupted system call 1228970004 M * jaqque Linux spartacus 2.6.26-1-vserver-powerpc #1 SMP Wed Nov 26 16:16:37 CET 2008 ppc GNU/Linux 1228970025 M * jaqque google and the wiki have been no help, other than to say that powerpc is supported 1228970043 M * jaqque i've not seenthis on either i386 nor amd64 1228970104 M * jaqque any clues where i can look? 1228970282 Q * derjohn_mob Ping timeout: 480 seconds 1228970304 M * micah jaqque: install the -5 version of the utilities from sid 1228970414 M * jaqque util-vserver or vserver-debiantools or both? 1228970598 M * micah jaqque: util-vserver 1228970604 M * micah jaqque: i do not recommend using vserver-debiantools 1228970691 M * jaqque i'm interested why - i've not had a problem with them yet 1228970709 M * jaqque i only really use newvserver anyway 1228970710 M * micah jaqque: lots of people come here with problems 1228970730 M * micah yeah, newvserver is just a simple wrapper 1228970826 M * jaqque well; same problem with the -5 of util-vserver 1228970881 M * micah hm, darn 1228970897 M * micah well, at least you wont run into the other problems that you would with -4 1228970913 M * micah Interrupted system call is a weird one 1228971124 M * jaqque [18369.935032] Not cloning cgroup for unused subsystem ns 1228971128 M * jaqque found that in dmesg 1228971170 M * jaqque OH - could it be that /var/lib/vservers is a bind mount? 1228971270 M * jaqque changing /etc/vservers/.defaults/vdirbase to point directly to /home/vservers did not change anything 1228972172 Q * hparker Quit: Read error: 104 (Peer reset by connection) 1228972213 M * micah jaqque: sorry I dont have any ideas :( 1228972622 M * jaqque well; darn 1228972702 M * micah jaqque: but, when daniel_hozac and Bertl_zZ awake, I am sure they will have good ideas 1228972784 M * jaqque thank you :) i am still trying a few different thing the shotgun approach 1228973079 M * micah might be something to do with powerpc 1228973170 M * daniel_hozac jaqque: try rebuilding util-vserver without using the alternative syscalls. 1228973214 M * jaqque daniel_hozac: i will thanks 1228973224 M * jaqque oh crap 1228973235 M * jaqque :( i won't be able to try until friday. 1228973256 M * jaqque i rebooted it. forgot that the network won't come back up. oops! 1228973853 Q * balbir_ Ping timeout: 480 seconds 1228975131 N * quinq qzqy 1228975912 M * micah daniel_hozac: ia64,hppa,alpha,i386,x86_64,ppc all work fine, arm, sparc, mipsel all on their way just slow 1228976697 J * kir ~kir@swsoft-msk-nat.sw.ru 1228977986 J * esa` ~esa@ip-87-238-2-45.static.adsl.cheapnet.it 1228977999 Q * esa Ping timeout: 480 seconds 1228978483 J * sharkjaw ~gab@149-67-194.231210.adsl.tele2.no 1228978829 J * mtg ~mtg@vollkornmail.dbk-nb.de 1228979028 J * chi6IT41 ~chigital@tmo-105-251.customers.d1-online.com 1228979402 J * doener_ ~doener@i577BAEE8.versanet.de 1228979503 Q * doener Ping timeout: 480 seconds 1228981089 J * davidkarban ~david@193.85.217.71 1228981575 N * pmenier_off pmenier 1228981618 Q * larsivi Ping timeout: 480 seconds 1228981926 J * derjohn_mob ~aj@e180201011.adsl.alicedsl.de 1228983727 N * arapaho_ arapaho 1228983885 Q * nenolod Quit: Leaving 1228984201 J * nenolod nenolod@petrie.dereferenced.org 1228984244 Q * derjohn_mob Ping timeout: 480 seconds 1228984443 Q * sharkjaw Remote host closed the connection 1228985353 J * balbir_ ~balbir@59.145.136.1 1228985640 J * larsivi ~larsivi@85.221.53.194 1228985773 Q * nkukard Quit: Leaving 1228986251 P * kir Leaving. 1228986839 J * Slydder1 ~chuck@dslb-088-072-228-140.pools.arcor-ip.net 1228987243 J * kir ~kir@swsoft-msk-nat.sw.ru 1228989463 J * blikez mike@no.phear.eu 1228989594 M * blikez hello, can somebody tell me whats wrong. During a setup new guest vserver server hangs 1228989602 M * blikez i got log like thath http://phear.eu/log 1228989855 J * Aiken ~Aiken@ppp118-208-116-8.lns4.bne4.internode.on.net 1228989884 M * blikez umm? 1228990231 J * tramjoe_merin ~tramjoe@193.41.238.151 1228990267 J * dreamind ~dreamind@p57B1BD98.dip0.t-ipconnect.de 1228990269 M * dreamind Hi :) 1228990288 Q * mugwump Read error: Operation timed out 1228990291 J * mugwump ~samv@watts.utsl.gen.nz 1228990297 M * pmjdebruijn lo 1228990340 M * dreamind hi pmjdebruijn 1228990383 M * blikez pmjdebruijn: have u got any ideas? 1228990423 M * dreamind hi blikez 1228990424 M * pmjdebruijn blikez: no sorry, I don't use RedHat-ish distros 1228990576 M * blikez pmjdebruijn: thats gentoo 1228990587 M * blikez 2.6.16.8 vserve+grsec 1228990704 M * pmjdebruijn blikez: you're building a redhat guest... 1228990712 M * pmjdebruijn blikez: 2.6.16.8? 1228990716 M * pmjdebruijn blikez: that's antique 1228990779 M * blikez err 26.8 1228991247 M * pmjdebruijn ok 1228991258 M * pmjdebruijn well, wait around until someone with redhat experience can help 1228991266 M * blikez i changed for a diffrent tarbal stage 3 1228991329 M * blikez http://phear.eu/log2 1228991664 Q * chi6IT41 Ping timeout: 480 seconds 1228991712 M * blikez humm? 1228991737 M * pmjdebruijn sorry I don't have experience with gentoo+vserver as well 1228991741 M * pmjdebruijn please wait around 1228991775 M * pmjdebruijn blikez: I assume you read http://www.gentoo.org/proj/en/vps/vserver-howto.xml 1228991783 M * blikez ehhh 1228991792 M * blikez i used that as well 1228992062 M * padde blikez: maybe Hollow can help, he's the gentoo+vserver master ;) 1228992108 M * blikez hes idling 3days ;p 1228992130 M * padde blikez: when I set up my gentoo vservers I used the stage4 from here: http://people.linux-vserver.org/~hollow/stages/ 1228992184 M * padde blikez: (but that was nearly a year ago, don't remember a thing.. stuff just runs since then) 1228992609 J * chi6IT41 ~chigital@tmo-100-107.customers.d1-online.com 1228994673 Q * balbir_ Ping timeout: 480 seconds 1228994857 J * awk ~awk@gw1.security.web.za 1228994860 M * awk morning all! 1228994887 Q * Aiken Quit: Leaving 1228994930 M * awk hmm, ran into a tricky situation, I upgraded to 'host/parent' from debian etch -> lenny, and all is well, vservers start great all services are working I can browse to my http site, etc.. but ssh? I cant ssh to the vserver anymore it just says server unexpecditly closed connections 1228994943 M * awk I can't find any logs that can see what could help the situation 1228994964 M * awk the only way i can now get itno the vserver is with vserver name enter. 1228995075 M * awk ssh -l root IP -p 22 ; Read from socket failed: Connection reset by peer 1228995153 M * awk I even changed binaddress from ip to nothing so its listening on 0.0.0.0 1228995195 M * fb awk: on host or guest? 1228995206 M * awk fb: guest, host works fine 1228995240 M * fb awk: actually i was asking about this 0.0.0.0 binding :) 1228995265 M * awk fb: naaa, wouldnt do that in the host 1228995314 M * fb are you sure you don't deny root login? 1228995325 M * fb and you have some password set for root? 1228995346 M * fb by default ssh denies empty passwords, and root login probably too 1228995359 M * fb and ssh -vvv may shed some light 1228995440 M * awk fb: naaa, even if I just use putty with no username/password it doesn't even ask 1228995541 M * awk http://pastebin.com/m5a0a79c1 1228995708 M * fb awk: /etc/ssh/sshd_config? 1228995739 M * fb and you could try to run sshd in verbose mode without detouching from console 1228995740 M * awk fb: I have made sure /etc/hosts.allow/deny is empty 1228995742 M * awk fb: 1 sec 1228995803 M * awk http://pastebin.com/m53841d2e 1228995824 M * fb PermitRootLogin no 1228995832 M * awk yes, using -l username 1228995836 M * awk just don't want to disaplay stuff here 1228995848 M * awk using a user -l that is set to AllowUser 1228995864 M * awk but even if I specify no user and await putty to ask for username it doesn't get that far 1228995894 M * awk fb: and its not a fw issue as i have flushed all the rules too 1228995924 M * fb /etc/issue is clean? 1228995947 M * fb try to run sshd in debug mode 1228995950 M * awk nope it has my security advisery there 1228995964 M * fb awk: not empty, clean :) 1228995983 M * awk ahh 1228996012 M * awk just sshd -d ? 1228996039 M * fb uhm 1228996058 M * fb you can also run sshd -t before 1228996073 M * awk before? 1228996084 M * fb before runnind sshd -d 1228996100 M * fb maybe with -dd even; -t will test your config 1228996122 M * awk ok 1228996127 M * awk i just read 1228996328 M * awk http://pastebin.com/m6ad93e73 1228996342 M * awk address family not supported by protocol 1228996345 J * mrfree ~mrfree@host1-89-static.40-88-b.business.telecomitalia.it 1228996398 M * fb and when you try to connect? 1228996438 M * awk ok fixed that... 1228996445 M * awk part it was because i never had what to bind to 1228996448 M * awk now when i connect i get this 1228996480 M * awk http://pastebin.com/m52dd3acd 1228996480 M * awk :P 1228996496 M * fb # 1228996498 M * fb chroot("/var/run/sshd"): Operation not permitted 1228996502 M * awk yes 1228996504 M * fb there's your answer 1228996511 M * awk hmmm 1228996614 M * awk some chroot restriction with grsec then 1228996623 M * fb i don't have lenny around, but i suppose there's an option in config, so it won't chroot 1228996632 M * fb chroot is restricted by vserver too 1228996639 M * awk ahh 1228996643 M * fb and changing this is not advised 1228996649 M * awk because i was aware after lenny it still neve worked even withou grsec 1228996666 M * fb (this may make escaping chroot jail possible) 1228996683 N * Bertl_zZ Bertl 1228996684 M * awk hmmm, any other sugestions then 1228996693 M * Bertl morning folks! 1228996695 M * awk as I belive etch used a very old version and things must have changed since there 1228996698 M * awk hello Bertl :) 1228996700 M * awk you up late 1228996704 M * fb man sshd and find option to turn chroot off? 1228996712 M * awk ok 1228996713 Q * _gh_ Ping timeout: 480 seconds 1228996715 M * awk let me see if i can 1228996721 M * Bertl awk: a proper solution would be to make grsec Linux-VServer aware 1228996755 M * fb Bertl: co chroot isn't restricted inside vserver? 1228996796 M * Bertl not by default, but you _can_ restrict it 1228996806 M * awk Bertl: what do you mean by making it aware i ust read the sshd doc and it states the exact config i should have for perm on /var/run/sshd 1228996822 M * dreamind Hi Bertl :) 1228996822 M * Bertl but the idea is not to simply restrict it, the idea is to apply grsec 'conditions' at the proper level 1228996851 M * dreamind hm, this would be nice :) 1228996868 M * dreamind RBAC or how this MAC layer of grsec is called :) 1228996874 M * Bertl the problem here is that grsec and Linux-VServer are just 'combined' not properly merged/extended 1228996875 M * dreamind (mandatory access controls) 1228996908 M * awk Bertl: so this is restricted by rbac? 1228996923 M * dreamind Bertl: btw. I merged newest vserver+grsecurity just yesterday, but I couldn't reach harry yet 1228996945 M * awk Bertl: thing is i'm sure sure sure it wasn't installed and still never worked or i had level set at 'low' and still never worked 1228997001 M * Bertl but for the chroot part, it should be fairly simple to excempt host (xid=0) chroot from all/most rules, and thus get the chroot checks at least for (new style) guests 1228997011 M * Bertl *exempt 1228997051 M * awk ok send me on the right path or reading and i'll do that 1228997069 M * Bertl a good start will be the grsec specific chroot patches :) 1228997078 M * awk :P 1228997089 M * Bertl for the Linux-VServer part, it all boils down to vxcheck() 1228997114 M * awk Bertl: so you saying this could be outside of grsec and vserver itself doing it? 1228997148 M * Bertl no, but Linux-VServer could provide an additional 'condition' for those checks to trigger 1228997157 M * awk ok 1228997159 M * awk thanks 1228997168 M * fb awk: for now i'd check where to turn chroot off ;) 1228997194 M * awk could it be related to pivot_root? 1228997226 M * awk let me look up pivot_root() 1228997287 J * nkukard ~nkukard@196.212.73.74 1228997304 Q * ard Ping timeout: 480 seconds 1228997331 M * fb awk: this may be triggered by privilege separation 1228997414 M * Bertl jaqque: did you fix your 'issues' on powerpc? 1228997458 M * awk fb: where is that normal set? 1228997466 M * awk any clue would have my investigation :P 1228997521 M * Bertl read the code, add a few printk every now and then 1228997532 M * Bertl rebuild the kernel, run it, check for the output 1228997545 M * Bertl (could easily be done with kvm/qemu without any reboot :) 1228997547 M * awk ok, jus wish i had the fastest machine to re-build kernel :D 1228997569 M * Bertl kernel rebuilding after a minimal change takes a few seconds at most 1228997593 M * Bertl the kernel build system is quite smart in not rebuilding stuff which doesn't need to be rebuilt 1228997662 M * awk the way it works with debian is quite stupid, it states nothing to be done, even after changes are made and wont re-build the kernel I actually have to tar -.... package again, cp the old .config across and then re-build with a new append-to-...... 1228997684 M * Bertl well, don't use debian for your kernel rebuild then ... 1228997759 M * Bertl "Doctor, doctor, it hurts when I do that... ... then don't do that." :) 1228997870 Q * chi6IT41 Ping timeout: 480 seconds 1228997969 M * fb awk: i'm talking about sshd and making it not to chroot :) 1228998033 Q * zbyniu Ping timeout: 480 seconds 1228998046 M * blikez Bertl: u still there? 1228998130 M * Bertl yup 1228998213 J * _gh_ ~gerrit@12.51.223.155 1228998290 M * blikez Bertl: http://phear.eu/log http://phear.eu/log2 1228998309 M * blikez i tired stage 3 and 4 1228998358 M * fb Bertl: Doctor, doctor, it hurts when i breathe.... don't do that? ;) 1228998371 M * Bertl blikez: sounds like badly installed tools or unfortunate setup 1228998401 M * Bertl fb: there is not much alternative to breathing, but you can compile the kernel perfectly well without debian scripts :) 1228998402 M * blikez so what shpuld i do? 1228998426 M * Bertl blikez: first, run testme.sh and 'vserver-info - SYSINFO' and upload that somewhere 1228998459 M * fb Bertl: yeah, beside they work perfectly for me ;) 1228998477 M * Bertl fb: then please do the lengthy rebuilds and be happy :) 1228998494 M * fb (and most time it takes to generate new .deb file again, not kernel compile) 1228998532 M * fb Bertl: by perfectly i mean it compiles only what needs to be compiled :P 1228998595 M * awk blikez: you friends with dman? 1228998628 M * awk mike (polish guy) 1228998646 M * blikez im mike :> 1228998652 M * Bertl fb: even better so, awk is not using the debian kernel rebuild properly then ... please help him 1228998654 M * blikez awk: i have problem 1228998655 J * zbyniu ~zbyniu@ip-62.181.188.13.static.crowley.pl 1228998659 M * awk blikez: lol 1228998667 M * awk thought so 1228998671 M * blikez Bertl: test shows everything is ok 1228998732 M * awk blikez: i'm also having problems 1 day crash course with grsec code ;/ 1228998758 M * nox when i want to write a hashify.sh i have du ensure that owner/group/rights and hash is identical, anything forgotten? 1228998820 M * awk oooo, I nearlly had a lead thought it was chroot_deny_chroot 1228998848 Q * arekm Quit: Changing server 1228998855 J * ard ~ard@shell2.kwaak.net 1228998862 M * blikez Bertl: what tools should i reinstall? 1228998920 M * Bertl blikez: please upload the output of both (as stated before) 1228998992 J * chi6IT41 ~chigital@tmo-100-239.customers.d1-online.com 1228999001 M * awk fb: check this out 1228999004 M * awk http://www.nabble.com/Bug-506938:-openssh-server:-Can%27t-connect-to-sshd-on-vserver-since-the-latest-update-in-lenny-(only-on-vservers)-td20695737.html 1228999011 M * awk another guy with the same issue after lenny upgrade 1228999054 M * Bertl not unexpected, as this is/was caused by a broken util-vserver version (in debian) 1228999078 M * Bertl micah is currently working on pushing a proper? version 1228999109 M * awk exactly :) 1228999120 M * awk SYS_CHROOT bcapability 1228999127 M * awk thats where the problem is, brokn util-vserver 1228999171 M * awk *downloads source* and compiles 1228999177 M * blikez Bertl: http://phear.eu/test.log 1228999178 M * Bertl well, I hope you are not using the 'known broken' version we were discussing yesterday all day long, are you? 1228999195 M * awk Bertl: I wasn't here to know it was broken :P 1228999209 M * awk I see the patches for it now! 1228999239 M * Bertl blikez: and for vserver-info? 1228999252 M * blikez which script is for vserver-info? 1228999262 M * Bertl 'vserver-info - SYSINFO' 1228999290 M * fb Bertl, awk: sorry, I'm at work, need to do something from time to time ;) 1228999326 M * awk fb: work? whats that :D kiddin. 1228999342 M * awk Bertl: where is the log of yesterday convo so i can see the outcome and know where to go from here? 1228999373 M * awk are we waiting for a patch? 1228999379 M * awk should i downgrade to etch util-vserver package? 1228999381 M * Bertl http://irc.13thfloor.at/LOG/2008-12/LOG_2008-12-10.txt 1228999385 M * awk thank you 1228999433 M * blikez Bertl: http://phear.eu/info.log 1228999442 J * arekm_ arekm@carme.pld-linux.org 1228999471 N * arekm_ arekm 1228999509 M * arekm oftc umie ssla, no proszÄ™ 1228999533 M * blikez a co ;p 1228999537 M * awk Bertl: don't you guys push out the packages for debian, etc? why would they just add stuff that doesn't work? or is known not to work 1228999565 M * arekm ups. 1228999578 M * Bertl awk: that's the debian way ... micah is doing quite some work 1228999605 M * Bertl blikez: does /etc/vservers/.defaults/run.rev exists and if, where does it point to? 1228999657 M * awk micah: what is the status on this? 1228999662 M * awk you breaking things again :P 1228999668 M * awk and put people n a wild goose chase 1228999707 M * blikez Bertl: Bertl /.defaults/ its all empty 1228999748 M * Bertl then your installation of util-vserver (or to be precise, the post installation) didn't work properly 1228999765 M * blikez should i reinstal util-server? 1228999787 M * Bertl try that, preferably with a newer version if available 1228999826 M * blikez Bertl: i think i lahve the latest one 1228999829 M * blikez vserver 0.30.215 1228999864 M * Bertl it is the latest stable, but there are quite a number of prereleases to 0.30.216 out there, and newer kernels will benefit from that 1228999888 Q * arekm Quit: leaving 1228999890 Q * zbyniu Ping timeout: 480 seconds 1228999891 J * arekm arekm@carme.pld-linux.org 1228999910 M * Bertl (I would also suggest to go for 2.6.27.8, it is a lot better than the 2.6.26 series :) 1228999918 Q * arekm 1228999919 J * arekm arekm@carme.pld-linux.org 1228999972 M * blikez but there is no patch vserver+grsec for it 1228999985 M * dreamind blikez: I just yesterday made one 1228999990 M * dreamind but I couldn't reach harry yet 1228999994 M * blikez oh my 1228999995 M * blikez !! 1228999997 M * awk blikez: there is! 1228999997 M * blikez :> 1229000000 M * awk I spoke to you about this yesterday 1229000014 M * blikez awk: i was sleepy 1229000017 M * dreamind awk: there is? :) 1229000018 M * awk the version before works perfectly with 2.6.27.8 1229000021 M * blikez awk: where it is? 1229000033 M * blikez i thought u told me 2.6.26.8 1229000034 M * blikez ;p 1229000034 M * dreamind awk: ok but its an older version of the vserver patch 1229000038 M * Bertl in any case, I'd suggest to _first_ try without grsec, and once that works, experiment with those patches 1229000053 M * dreamind I have here the latest version of grsecurity and with vserver support 1229000056 M * dreamind for 2.6.27.8 1229000064 M * blikez dreamind: paste link :> 1229000093 A * arekm has grsec+vserver+apparmor ;P 1229000106 M * dreamind http://www.dreamind.de/files/2.6.27.8-vserver-grsecurity/ 1229000130 M * dreamind its splitted, so you also could just apply the regular vserver patch and later the grsecurity patch. 1229000139 M * dreamind or more, I created those 2 patches with git ;) 1229000149 M * blikez arekm: podziel sie ;} 1229000168 M * blikez dreamind: you could update the old ipv6 patch as well ;) 1229000184 M * dreamind well, if I find time... 1229000189 M * dreamind but I currently don't use ipv6 :D 1229000199 M * blikez ;] 1229000202 M * awk dreamind: do you have a changelog? 1229000227 M * dreamind awk: well, no - I should put my git tree online 1229000233 M * Bertl blikez: you are aware, that ipv6 is part of recent kernels? or is that some other 'old ipv6 patch'? 1229000235 M * dreamind but about changes in vserver code - i don't know... 1229000256 M * awk Bertl: I told him that yesterday too 1229000260 M * awk lol Bertl: you where sleeping! 1229000262 M * dreamind awk: but the most of the changes you can find out in the head (comment) of the patch 1229000263 M * awk err blikez 1229000281 M * awk thanks 1229000316 M * dreamind awk: mostly I first applied the vserver patch on top of 2.6.27.8 and then the grsecurity patch. 1229000330 M * dreamind awk: then I fixed rejects and some others (mainly in do_brk) 1229000378 M * ard Hmmmmm... 1229000379 M * ard [pid 27434] link("/usr/sbin/logrotate", "/usr/sbin/logrotate.dpkg-tmp") = -1 EPERM (Operation not permitted) 1229000471 M * arekm blikez: ftp://ftp.pld-linux.org/dists/th/PLD/SRPMS/RPMS/kernel-2.6.27.8-1.src.rpm (everything inside) 1229000471 Q * Hollow Read error: Connection reset by peer 1229000507 M * blikez arekm: i thought about pld yesterday but i choosen gentoo 1229000619 J * Hollow ~hollow@shiva.xnull.de 1229000641 M * awk The following packages will be upgraded: vserver-debiantools heheh 1229000776 M * awk ok great, his 'patch' doesnt work 1229000790 M * blikez whos? 1229000823 M * awk micah's patch 1229000919 M * ard this is even more wierd: 1229000920 M * ard root@c32791:/var/lib/vservers/antispam/usr/sbin# vserver antispam hashify 1229000920 M * ard rename(): Operation not permitted 1229000924 M * ard on the host ... 1229000945 M * awk well untill micah fixes it I have to set UsePrivilegeSeparation no; this at least works 1229000984 J * zbyniu ~zbyniu@ip-62.181.188.13.static.crowley.pl 1229001043 M * blikez zbyniu: :)) 1229001074 M * awk actualy that doesn't work!!! 1229001113 M * awk vwala, now it works.... what a mission, thanks all for sugestions, pointers, etc. 1229001114 M * zbyniu blikez: :) 1229001321 M * fb awk: afaik, if you don't use any ssh subsystems, like sftp or so, you can safely drop privilege separation 1229001367 M * awk fb: good to know, thanks 1229001574 M * fb awk: but don't consider me a security expert :) 1229001644 P * kir Leaving. 1229001751 M * awk fb: tell me this, how often do you re-compile your kernel? 1229001947 M * fb awk: when doing major upgrade few times, then only after some hardware changes 1229001964 M * awk hh 1229001965 M * fb always with make-kpkg 1229001965 M * awk ah 1229002008 M * awk fb: why is it that make-kpgkg if you change something it doesn't pick up on this and re-makes and image 1229002194 M * fb awk: never had an issue with make-kpkg script, dunno 1229002227 M * fb awk: and i had to give my glass orb for some service ;) 1229002278 M * fb awk: with information you provided there's not much more can be done. and excuse me, i have to go now 1229002288 M * fb be back in few hours 1229002308 M * awk take it easy 1229002430 J * derjohn_mob aj@p57A6EE69.dip.t-dialin.net 1229002574 J * gnuk ~F404ror@pla93-3-82-240-11-251.fbx.proxad.net 1229003524 Q * derjohn_mob Ping timeout: 480 seconds 1229005009 Q * chi6IT41 Ping timeout: 480 seconds 1229005369 Q * awk 1229005580 J * chi6IT41 ~chigital@tmo-100-40.customers.d1-online.com 1229006133 Q * mtg Quit: Verlassend 1229006568 N * qzqy quinq 1229007393 M * micah Bertl: s390 also checked out ok 1229007409 M * Bertl excellent! 1229007463 M * micah i did start to wonder though, but this version of dietlibc has been in debian for some time now (over a year), what happened in util-vserver to suddenly need these fixes? 1229007488 M * micah i'm sure its not something broken, but rather a new feature, but would be nice to know what it is 1229007496 M * Bertl changes in the way how unmounting/cleanup is done in the guest 1229007526 M * Bertl (probably related to the barrier fade-out) 1229007559 M * micah the barrier is getting faded out? 1229007572 M * Bertl yep, in the near future, we won't need it anymore 1229007582 M * micah wow, what replaces it? 1229007598 M * Bertl namespaces and tricky pivot_root 1229007620 Q * larsivi Ping timeout: 480 seconds 1229007676 M * micah ah that tricky privot_root 1229007844 Q * sid3windr Ping timeout: 480 seconds 1229007886 J * sid3windr luser@bastard-operator.from-hell.be 1229008156 Q * arapaho Quit: leaving 1229008524 J * derjohn_mob ~aj@80.69.42.51 1229009879 Q * chi6IT41 Ping timeout: 480 seconds 1229010276 J * mtg ~mtg@dialbs-088-079-143-204.static.arcor-ip.net 1229010400 J * hparker ~hparker@2001:470:1f0f:32c:215:f2ff:fe60:79d4 1229010880 J * dowdle ~dowdle@scott.coe.montana.edu 1229010906 J * chi6IT41 ~chigital@tmo-100-34.customers.d1-online.com 1229011324 Q * hparker Quit: Quit 1229011568 Q * _gh_ Ping timeout: 480 seconds 1229011626 J * hparker ~hparker@2001:470:1f0f:32c:212:f0ff:fe0f:6f86 1229011919 M * jaqque Bertl: not yet; i inadvertently lost access to it until tomorrow 1229011952 M * Bertl ah, i.c., well, it should work fine on powerpc, so let me know if you hit some issues 1229012017 M * jaqque Bertl: will do; i am going to recopile the vserver utils w/o the alternative syscalls, see if that resolves it 1229012033 M * Bertl yep, please do that 1229012425 M * blikez Bertl: when i try to emerge util-vserver in gentoo it mergin everything new kernel patches, how can i emerge only util-vserver 1229012431 M * blikez do you know? 1229012452 M * Bertl no idea, I'm not a gentoo person 1229012507 M * blikez oh i know now 1229012523 M * blikez Bertl: should i install 0.30.215? 1229012614 M * Bertl doesn't matter, that or the latest prerelease 1229012660 M * hparker blathijs: Try it with --nodeps 1229012674 M * hparker arggh... tab fail... blikez ^^ 1229013101 Q * tramjoe_merin Remote host closed the connection 1229013741 J * geb ~geb@79.82.4.115 1229014688 M * geb hi 1229014787 J * cH16It4| ~chigital@tmo-100-34.customers.d1-online.com 1229014805 Q * cH16It4| 1229014848 J * cH16It4| ~chigital@tmo-100-34.customers.d1-online.com 1229014861 Q * cH16It4| 1229014897 Q * chi6IT41 Quit: bin weg 1229015191 J * chi6IT41 ~chigital@tmo-100-34.customers.d1-online.com 1229015347 Q * mtg Quit: Verlassend 1229015625 M * blikez ks34774 ~ # vesync http 1229015625 M * blikez /usr/sbin/vsomething: line 96: 8475 Killed $_VSERVER "$i" exec "$cmd" "$@" 1229015628 M * blikez umm? 1229015650 M * Bertl what's vesync? 1229015698 M * blikez it crashed my box ;< 1229015704 M * blikez medtadata 1229015705 M * ard well, it does vsomething :-) 1229015761 M * blikez fock me ;| 1229015763 J * arapaho ~arapaho@213.223.114.206 1229015852 Q * davidkarban Quit: Ex-Chat 1229016336 J * awk ~awk@gw1.security.web.za 1229016343 M * awk hello folks 1 step further but closer :) 1229016345 M * awk http://pastebin.com/m68b940b4 1229016357 M * awk since latest patch for kernel I get this, I have read the proc security page on vserver 1229016368 M * awk just can't understand what i should try --unhide or something 1229016386 M * awk and I don't have vprocunhide 1229016392 M * Bertl there is a script (in util-vserver) called vprocunhide 1229016400 M * Bertl you definitely want to install and run that 1229016417 M * awk 'install' and run it.. I ran it now 1229016419 M * awk does nothing 1229016457 M * Bertl it fixes the proc permissions ... did you build util-vserver yourself? 1229016458 M * awk http://pastebin.com/m72da56e6 1229016466 M * awk well it changes the error output 1229016482 M * awk no its sthe same 1229016571 M * blikez awk i sroted it out now :) 1229016579 M * awk lucky you :D 1229016597 M * blikez Bertl: i have some problems with updating portage 1229016599 M * blikez >>> Starting retry 3 of 3 with rsync://rsync.gentoo.org/gentoo-portage 1229016599 M * blikez >>> Checking server timestamp ... 1229016599 M * blikez timed out 1229016600 M * blikez rsync error: received SIGINT, SIGTERM, or SIGHUP (code 20) at rsync.c(276) [receiver=2.6.9] 1229016632 M * Bertl blikez: sorry, you have to contact gentoo folks for gentoo specific stuff 1229016642 M * blikez mkay thanks :) 1229016646 M * Bertl but did you check that the guest can reach the portage host? 1229016667 M * Bertl maybe you just 'forgot' to do the proper stuff to let the guest on the internet :) 1229016680 M * blikez lemme check ;} 1229016686 M * blikez im only a human 1229016713 M * awk hmm, wish I could debug what is causing the restriction on proc 1229016718 M * awk if its grsec or if its vserver 1229016722 M * awk maybe i should just downgrade 1229016735 M * awk I never made grsec changes so it has to be vserver..... 1229016747 M * Bertl it's quite simple to debug, build a kernel without the grsec patch and check 1229016762 M * awk !!!!!!!!!!!!!!!!!!!!!!!!! 1229016767 M * awk I knew u would say that 1229016767 M * awk :D 1229016825 M * Bertl well, it's kind of obvious, isn't it? 1229016863 J * balbir_ ~balbir@122.167.199.85 1229016890 M * awk yes, but its long winded! 1229017008 Q * awk Quit: brb 1229017108 M * blikez Bertl: that weird tho i had ro in fstab i changed in on rw and restarted guest 1229017113 M * blikez and it crashed my server 1229017115 Q * chi6IT41 Ping timeout: 480 seconds 1229017221 M * Bertl blikez: a guest cannot affect the host system unless there is a bug somewhere 1229017264 M * Bertl blikez: (or you gave more caps than good) if you host really crashed, please provide the kernel trace, so that we can look into it 1229017487 M * blikez Bertl: it even crahed when i typed to stop vserver 1229017526 M * Bertl please define 'crashed' 1229017544 M * blikez Bertl: went down 1229017557 M * Bertl well, that could be for several reasons 1229017566 M * blikez for example? 1229017599 M * Bertl e.g. you did mount/copy the initctl from the host into the guest, or you gave permission to actually issue a system boot to the guest, or you exposed the magic-sysrq proc entry 1229017601 M * blikez well hold on i ll log on in rescue mode 1229017628 Q * kiorky Remote host closed the connection 1229017645 M * Bertl could as well be that your host 'just' lost an IP 1229017705 M * blikez Bertl: there is nothing about in HOWTO about copy init or expose the magic-sysrq 1229017709 M * blikez http://www.gentoo.org/proj/en/vps/vserver-howto.xml 1229017715 M * blikez i will check on vserver howto 1229017732 M * Bertl for a good reason, i.e. so that you do not do that stuff :) 1229017760 M * micah arm....is.....so.......slow 1229017802 M * blikez Bertl: hehe 1229017909 J * kiorky ~kiorky@ver44-1-82-229-123-127.fbx.proxad.net 1229018355 M * Bertl nap attack ... bbl 1229018363 N * Bertl Bertl_zZ 1229018722 J * klikz mike@no.phear.eu 1229018726 Q * pmenier Quit: Konversation terminated! 1229018780 J * awk ~awk@gw1.security.web.za 1229018784 M * awk nope, its vserver 1229019007 M * micah awk: are you using lenny? 1229019035 M * awk yup 1229019051 M * awk found a way around for my chroot issue though for now 1229019055 M * micah file => "/etc/default/ssh", 1229019055 M * micah pattern => "SSHD_OOM_ADJUST=-17", 1229019056 M * micah replacement => "unset SSHD_OOM_ADJUST", 1229019065 M * micah awk: you cant use -5 of util-vserver? 1229019302 M * klikz ks34774 mike # vserver http enter 1229019302 M * klikz Killed 1229019304 M * klikz heh 1229019320 M * awk micah: yes 1229019397 M * awk need 5 minutes. 1229019399 Q * awk Quit: brb 1229019513 Q * blikez Quit: Lost terminal 1229019615 Q * dreamind Quit: leaving 1229021108 M * geb micah, did you already get an acces on an alpha box or are you looking for one ? 1229021114 M * geb for the -5 1229021194 Q * derjohn_mob Ping timeout: 480 seconds 1229021255 M * micah geb: already confirmed alpha, but thanks 1229021261 M * micah geb: just waiting on sparc and mips 1229021381 M * geb stupid question: can't you work with qemu ? 1229021741 Q * mrfree Quit: Leaving 1229022760 J * cga ~weechat@94.36.88.11 1229022775 Q * balbir_ Quit: Ex-Chat 1229022810 J * balbir_ ~balbir@122.167.199.85 1229024295 Q * geb Quit: Quitte 1229024398 Q * Slydder1 Quit: Leaving. 1229028001 J * larsivi ~larsivi@9.80-202-30.nextgentel.com 1229029030 Q * cga Quit: WeeChat 0.2.6 1229029666 N * Bertl_zZ Bertl 1229029680 M * Bertl back now .. that was refreshing ... 1229029876 Q * kiorky Remote host closed the connection 1229029877 J * kiorky ~kiorky@cryptelium.net 1229029942 M * fb Bertl: evening :) 1229030009 M * Bertl klikz: so do I read that correctly, when you enter one of your guests, something evil happens? 1229030820 J * derjohn_mob ~aj@e180201011.adsl.alicedsl.de 1229031151 M * klikz Bertl: yeah execly 1229031180 M * klikz Bertl: i cant uptade portage cause after 91% system hangs 1229031190 M * klikz i cant even stop it cause it hangs as well 1229031193 M * Bertl and system means the guest or host? 1229031197 M * klikz host 1229031217 M * Bertl and hang now means: unresponsive or powerdown, or what? 1229031238 M * klikz unresponsive 1229031256 M * Bertl do you get logged out? do you have console access? 1229031276 M * klikz its like 1229031278 M * klikz ks34774 0 # vserver http stop * Stopping local ... [ ok ] * Stopping vixie-cron ... [ ok ] * Saving random seed ... [ ok ] * Stopping syslog-ng ... [ ok ] 1229031285 M * klikz and connection closed 1229031288 M * klikz thats it 1229031298 M * Bertl okay, and when you try to logon again? 1229031302 M * daniel_hozac sounds like you've configured it to down your host's IP address. 1229031317 M * Bertl yeah, that would be my first guess too 1229031319 M * klikz Bertl: i have to reboot box 1229031330 M * Bertl because you do not have a console, right? 1229031333 M * klikz yes 1229031362 M * klikz and server does not respond for a ping 1229031369 M * Bertl okay, upload the contents (files and data) of your guest's /etc/vservers//interfaces 1229031447 M * klikz by upload you mean tar it and put on web? 1229031493 M * Bertl whatever .. but a list of files, together with the contents is fine 1229031514 M * klikz ok 1229031573 Q * balbir_ Ping timeout: 480 seconds 1229031716 M * klikz Bertl: phear.eu/data.tgz 1229031780 M * Bertl is the value in interfaces/0/ip your host ip? 1229031786 M * klikz yes 1229031796 M * Bertl then it is perfectly fine what happens 1229031814 M * klikz Bertl: hold on i had diffrent box and it worked well 1229031822 M * Bertl i.e. you tell util-vserver to bring that ip up on guest start and shut it down on guest stop 1229031823 M * klikz host and guest had the same ip 1229031854 M * klikz why it does not working now? 1229031871 M * Bertl so, when you do the start, you get a message stating that this address is already assigned, and when you shut it down, the ip is removed 1229031872 M * klikz honest i had guest and host on one ip 1229031885 M * daniel_hozac klikz: you want to set nodev for that 1229031889 M * Bertl if you really want to share the hostip, the 'dev' entry should be a nodev entry 1229031900 M * klikz thats why 1229031924 M * Bertl but note: sharing the host IP has some dangers, which you can easily avoid by assigning a private IP to the guest and using S/DNAT to map it to the host ip 1229032011 M * klikz yeah i only try that, cause i waiting for additional ipv4 1229032013 M * klikz heh 1229032081 M * klikz Bertl: geez, thanks a lot Bertl 1229032088 M * Bertl just for the record: your system did neither hang nor crash, nor did it do anything which it wasn't supposed to do according to your config :) 1229032098 M * klikz execly 1229032104 M * Bertl and you're welcome! :) 1229032162 M * klikz if you wouldnt help me propably i would keep trying that till i wouldnt recive that additional ipv4 1229032166 M * klikz hehe 1229032471 M * klikz btw Bertl when i change location of vserver for example from /vserver to /home ? 1229032880 J * ktwilight_ ~ktwilight@227.99-66-87.adsl-dyn.isp.belgacom.be 1229033155 Q * ktwilight Ping timeout: 480 seconds 1229033332 M * Bertl yes? 1229033742 M * klikz i just realized what i wrote i will better go sleep and i will finish it tomorow 1229033745 M * klikz heh 1229033747 M * klikz thanks Bertl 1229033749 M * klikz nite 1229034112 M * Bertl have a good one! 1229034716 Q * kiorky Remote host closed the connection 1229035250 M * mugwump hey is there anything like a vserver-sar ? 1229035278 M * mugwump or is sar known to do useful things inside a vserver? 1229035343 J * kiorky ~kiorky@cryptelium.net 1229035923 Q * gnuk Quit: NoFeature 1229036137 M * mugwump well, I guess 'sar -q' works, at least 1229036452 J * Aiken ~Aiken@ppp118-208-116-8.lns4.bne4.internode.on.net 1229038034 M * mugwump what would be really nice would be if cron was to be logging the bsd accounting info so you could see which jobs were causing the most load 1229038186 M * Bertl I think you should be able to do that with a wrapper (script) 1229039236 M * mugwump wow, atop looks interesting