1234396981 M * derjohn_mob so, that would be like diverting the iptables kernel call to a userspace "filter manager", if the call comes from a context?
1234397062 M * Bertl precisely, this idea is about 3 years old and still hasn't found any implementation (besides proof of concept)
1234397557 Q * dowdle Remote host closed the connection
1234399330 J * zolty_ ~pzoltows@mion.elka.pw.edu.pl
1234399446 Q * zolty Ping timeout: 480 seconds
1234399564 Q * groente Remote host closed the connection
1234399578 J * groente ~groente@shell.puscii.nl
1234399617 J * karasz_ ~karasz@shell.opensde.net
1234399617 Q * karasz Read error: Connection reset by peer
1234399675 Q * infowolfe Ping timeout: 480 seconds
1234399766 J * infowolfe ~infowolfe@c-76-105-242-186.hsd1.or.comcast.net
1234402296 Q * _brent_ Quit: Leaving.
1234403816 J * dowdle ~dowdle@67-42-169-52.blng.qwest.net
1234405450 Q * bonbons Quit: Leaving
1234405589 Q * hparker Quit: Quit
1234406182 J * hparker ~hparker@linux.homershut.net
1234406229 Q * hparker 
1234406408 J * hparker ~hparker@2001:470:1f0f:32c:212:f0ff:fe0f:6f86
1234407642 J * derjohn_foo ~aj@e180202172.adsl.alicedsl.de
1234408071 Q * derjohn_mob Ping timeout: 480 seconds
1234408208 Q * dowdle Remote host closed the connection
1234409258 Q * mugwump Remote host closed the connection
1234409272 J * mugwump ~samv@watts.utsl.gen.nz
1234409971 J * balbir_ ~balbir@122.172.58.13
1234410175 J * tam ~tam@gw.nettam.com
1234411944 Q * hparker Quit: Read error: 104 (Peer reset by connection)
1234412465 M * Bertl off to bed now ... night everyone!
1234412471 N * Bertl Bertl_zZ
1234414295 J * doener ~doener@i577BAF37.versanet.de
1234416489 Q * balbir_ Ping timeout: 480 seconds
1234421125 J * kir ~kir@swsoft-msk-nat.sw.ru
1234422468 J * balbir_ ~balbir@59.145.136.1
1234423537 N * karasz_ karasz
1234424888 P * ghislainocfs21 
1234425682 Q * derjohn_foo Ping timeout: 480 seconds
1234426503 J * harobed ~harobed@pda57-1-82-231-115-1.fbx.proxad.net
1234426877 J * cga ~weechat@62.196.2.6
1234426901 J * friendly ~friendly@ppp121-44-207-248.lns10.mel4.internode.on.net
1234426907 J * ghislainocfs2 ~Ghislain@adsl2.aqueos.com
1234427558 J * duckx ~Duck@81.57.39.234
1234427922 J * doener_ ~doener@i577B878B.versanet.de
1234428023 Q * transacid Remote host closed the connection
1234428027 Q * doener Ping timeout: 480 seconds
1234428367 J * transacid ~transacid@transacid.de
1234428745 J * derjohn_foo ~aj@51.42.69.80.in-addr.net-lab.net
1234430340 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d
1234431931 M * bragon harry: i don't have time too
1234431944 M * bragon harry: when do you planed to fix the 2.6.28 ?
1234431946 M * sid3windr (either)
1234432189 J * mrfree ~mrfree@host1-89-static.40-88-b.business.telecomitalia.it
1234432869 Q * balbir_ Ping timeout: 480 seconds
1234433866 Q * bonbons Quit: Leaving
1234433929 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d
1234434202 J * Fitzdsl c129def7@webchat.mibbit.com
1234434218 M * Fitzdsl hi everybody
1234434224 M * kwowt hi, you
1234434232 M * Fitzdsl i've got a little problem
1234434252 M * Fitzdsl i try to set a linux vserver on a centos 5.2 x86_64
1234434283 M * Fitzdsl i followed this page http://linux-vserver.org/Installation_on_CentOS
1234434294 M * Fitzdsl but when i try to boot on the patched kernel
1234434304 M * Fitzdsl i've got a nice kernel panic
1234434312 M * Fitzdsl :s
1234434326 M * Fitzdsl Code: Bad RIP value
1234434337 M * Fitzdsl RIP [<000000000000000000>]
1234434367 M * Fitzdsl RSP <ffffffff814af50>
1234434386 M * Fitzdsl CR2: 0000000000000000
1234434409 M * Fitzdsl Kernel panice - not syncing: Aie, killing interrupt handler
1234434440 M * Fitzdsl does somebody have an idea ?
1234434475 Q * indy Remote host closed the connection
1234434477 J * indy ~independe@cobra.lysator.liu.se
1234434663 M * Fitzdsl nobody ?
1234434878 A * kwowt has no idea
1234434931 Q * mrfree Quit: Leaving
1234435312 M * Fitzdsl m. hozac ?
1234435315 M * bragon harry: Linux gerontius 2.6.27.15-grsec-2.1.12-vs2.3.0.36.4 #3 SMP Thu Feb 12 11:39:55 CET 2009 x86_64 Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz GenuineIntel GNU/Linux
1234435319 M * bragon it's ok for me
1234435345 M * Fitzdsl ?
1234435353 J * esa bip@ip-87-238-2-45.static.adsl.cheapnet.it
1234435393 M * bragon harry: the 2.6.27.15 work fine, i'm ready to test the 2.6.28
1234435394 A * mnemoc should give a try to grsec/vserver :)
1234435403 M * bragon ;)
1234435425 M * mnemoc bragon: any experience with rsbac/vserver ?
1234435436 M * bragon rsbac?
1234435595 M * mnemoc http://www.rsbac.org/
1234435596 M * bragon mnemoc: i have experience with vserver but i don't know what's rsbac
1234435624 M * mnemoc a security patch similar to grsec
1234435633 M * bragon never used here
1234435640 M * mnemoc ok
1234435672 M * Fitzdsl nobody ever experienced a kernel panic on a centos with the dhozac rpm kernel ?
1234435770 A * mnemoc is alergic to centos
1234435845 A * bragon too
1234436236 J * mrfree ~mrfree@host1-89-static.40-88-b.business.telecomitalia.it
1234436290 Q * friendly Quit: Leaving.
1234436491 J * jordi ~jordi@115.Red-213-96-69.staticIP.rima-tde.net
1234436498 M * jordi hi
1234436535 M * Fitzdsl too ... but no choice
1234436555 Q * mrfree Remote host closed the connection
1234436821 M * jordi I created a bind mount on a host, for a path inside existing vservers. Can I make this mount point appear on the vserver without restarting it?
1234436869 Q * Fitzdsl Quit: http://www.mibbit.com ajax IRC Client
1234437121 J * Fitzdsl c129def7@webchat.mibbit.com
1234437226 Q * Aiken Quit: Leaving
1234439604 J * ktwilight_ ~ktwilight@150.88-66-87.adsl-dyn.isp.belgacom.be
1234439767 Q * derjohn Ping timeout: 480 seconds
1234439896 Q * ktwilight Ping timeout: 480 seconds
1234440272 J * derjohn ~derjohn@80.69.41.3
1234440410 N * Bertl_zZ Bertl
1234440414 M * Bertl morning folks!
1234440468 M * mnemoc morning Bertl 
1234440490 M * Bertl Fitzdsl: could you upload (pastebin) the complete panic (or a picture taken with a camera if you do not have a proper remote console)?
1234440519 M * Bertl jordi: yes, just create it again _inside_ the guest's namespace
1234440848 J * gnuk ~F404ror@pla93-3-82-240-11-251.fbx.proxad.net
1234441017 M * nox is daniel_hozac on holiday?
1234441026 M * nox or busy?
1234441132 M * Bertl no idea, but I have seen him yesterday in the afternoon (on irc)
1234441181 M * bragon http://paste.geeknode.org/did7ue-6038 <== harry all seems to work fine :)
1234441246 M * nox ic
1234441801 J * tanuj 7aa3072f@webchat.mibbit.com
1234441828 M * tanuj my server at boot goes to grub prompt
1234441829 M * tanuj ?
1234441899 M * Bertl then your grub config (menu.cfg) is missing or cannot be found
1234442155 M * tanuj hw can I resolve it
1234442217 M * Bertl boot from a rescue CD/floppy/usb-stick, and check where it is, or try locating it via the grub shell
1234442242 M * Bertl once found, let grub know where to look (assumed it isn't found but empty)
1234442342 M * jordi Bertl: eh, how?
1234442604 M * tanuj no cd drive in system
1234442678 M * Bertl jordi: check out vnamespace --help (make sure not to write the mount to your host's mtab -- option -n)
1234442832 M * tanuj no such command
1234442894 M * tanuj bertl ?
1234442914 M * jordi Bertl: I tried fiddling with vnamespace already
1234442930 M * Bertl tanuj: may very old util-vserver?
1234442953 M * Bertl nevermind, mixed up tanju/jordi
1234442993 M * Bertl tanuj: what 'no such command'?
1234443056 M * jordi nenolod: ah ;)
1234443182 M * tanuj oh!
1234443193 M * tanuj how can I check my disks on grub
1234443210 M * tanuj I got the issue...actually I deleted two partitions yesterday
1234443234 M * tanuj and /boot partition was after those partitions
1234443255 M * tanuj how can i fix it now
1234443343 M * Bertl well, if you don't have the data which was on the boot partition on your system, then you need to boot from a rescue CD or USB stick
1234443371 M * Bertl (because essential data, including kernel and initramfs are gone too)
1234443393 M * Bertl but note, that is not at least Linux-VServer related
1234443396 M * tanuj I have data on my /boot
1234443405 M * tanuj but the disk no. has changed
1234443418 M * tanuj and I am not sure abt the disk partition no.
1234443967 Q * xdr Ping timeout: 480 seconds
1234444920 Q * kir Quit: Leaving.
1234445161 P * tanuj 
1234445203 M * Fitzdsl Bertl: That's ok, i compiled myself the kernel
1234445279 Q * Fitzdsl Quit: http://www.mibbit.com ajax IRC Client
1234447706 J * yarihm ~yarihm@57-58-239-77-pool.cable.fcom.ch
1234447849 J * arekm arekm@carme.pld-linux.org
1234448050 M * saulus_ Bertl: I've checked samba4 from inside the vserver with your patch for the first time. Since samba4 is only the beta release there are probably many bugs left. So just to inform you for the compatibility of your good work: Samba4 installs bind - this works without additional caps! The others (openldap, kerberos and the new "samba" process) seem to work as well. 
1234448146 M * saulus_ Now I've testet the Active Directory Capability - so their work together - and this seems to be working out of a vserver with your patch without problems. No errors, notifications. Successful join into ADS-Domain, no warnings from the windows clients, the Win-ADS-administration software didnt notice to be on a linux, seems to be working like a charm!
1234448176 M * pmjdebruijn saulus_: Samba 3 works perfectly as well :)
1234448188 M * saulus_ So as a status report I would say in short: with your new patch SAMBA4 WORKS! :)
1234448202 M * pmjdebruijn oh, you had issues before?
1234448213 M * saulus_ pmjdebruijn: I know :) But my SSO network settings are difficult to obtain - at least for me
1234448221 M * pmjdebruijn SSO?
1234448229 M * saulus_ samba4 makes it a lot easier and you dont have a real Domain with samba3
1234448233 M * saulus_ single-sign on
1234448278 M * sid3windr o_O 
1234448288 M * Bertl saulus_: excellent! thanks for the feedback!
1234448294 M * saulus_ So I want one user-db (ldap in smb3&smb4 case) to do authentication against pam, nss, windows(roaming profiles), squid, ssh(probably in the future), the webserver and so on
1234448309 M * saulus_ youre welcome ;)
1234448320 M * Bertl pmjdebruijn: saulus_ was running filesystem security attributes on the underlying filesystem (which is not permitted by default)
1234448360 M * saulus_ yes, and thats not required by me, but by samba4 (because it really behaves like a real ADS Server that has acls)
1234448391 M * saulus_ Alternatively you could emulate by writing these acls into a file, but this shall be very slow and not scalable
1234448487 M * saulus_ pmjdebruijn: you're using samba3? Do u use winbind to do the authentication? That was one problem for me so I was checking out samba4
1234448706 M * pmjdebruijn nop
1234448724 M * pmjdebruijn our window and unix infrastructure is seperated
1234448735 M * Bertl saulus_: do you know when samba4 will be out of beta?
1234448781 Q * bonbons Ping timeout: 480 seconds
1234448823 A * pmjdebruijn thinks that won't be soon
1234448838 M * pmjdebruijn they've started backport some features to Samba 3.3 because Samba 4 is taking so long
1234448973 M * saulus_ Bertl: I dont know - "SAMBA 4 Alpha 6 was released on 19th of january 2009"  but as I could read a lot they are doing good things at great speed in the last time (since the last year) and it seems to be really usable already (but not for production)
1234449066 M * Bertl I was kind of disappointed by NFS 4, as it still doesn't handle user attibutes at all, so I'm looking for alternatives there
1234449095 M * saulus_ pmjdebruijn: they decided to do that, because samba3 and samba4 aim different goals: smb4 is really for ADS. samba3 has 4 possibilities - but not the ADS Server, only the client. Samba4 has 2 possibilities, only one - the important ADS implemented
1234449120 M * saulus_ you still use samba3 to be a client on ADS like W2003Server OR Samba4!
1234449187 M * saulus_ Bertl: I dont know, but what about zfs and its integrated nfs support. In my university they just switched to opensolaris and zfs and are fighting against all the acls (that are different on unix and windows for the same action)
1234449210 M * saulus_ so i think they are usable
1234449437 J * blizz ~stephan@62.27.20.121
1234449441 M * blizz hi
1234449473 M * Bertl saulus_: not really fond of Solaris, and zfs is not Linux compatible :)
1234449488 N * ensc Guest1062
1234449497 J * ensc ~irc-ensc@p57AA77C7.dip.t-dialin.net
1234449519 M * pmjdebruijn saulus_: NT4 styles domains with Samba 3 :)
1234449546 M * pmjdebruijn saulus_: Samba 4 can store NTFS style acls in xattrs, right?
1234449555 M * pmjdebruijn saulus_: Samba 3.3 has the same experimental modules I think
1234449555 M * saulus_ pmjdebruijn: this means that your samba3 is a client of some other ads you need to point to
1234449603 M * saulus_ samba3 only cat try to map the basic windows flags to rwx so the files have weird flags on linux (dont make any sense on linux)
1234449604 Q * Guest1062 Ping timeout: 480 seconds
1234449623 M * saulus_ samba4 may store the acls with user_attr or in some .tbd file with slow access
1234449720 M * saulus_ pmjdebruijn: If you want to test it I can serve you a bash script (2400 lines) that generates you your own samba+ldap server, migrates users and is ready to use. Then you can try switching the samba3 domain/share/... flags 
1234449784 M * pmjdebruijn saulus_: I don't have any direct use for it... but it might be educative to read... so yes I'm quite interested...
1234449849 M * saulus_ yes, thanks to Bertl you can create a vserver and delete it afterwards :) I like vserver!
1234449892 J * bonbons ~bonbons@ppp-110-70.adsl.restena.lu
1234449902 M * saulus_ let me just check out how to remove password-protection on lighttpd and I'll upload it
1234450129 Q * yarihm Quit: Leaving
1234450533 M * Bertl off for now ... bbl
1234450537 N * Bertl Bertl_oO
1234451538 J * Darkglow ~pdesnoyer@208.71.184.41
1234451590 M * blizz do filesystem ACLs go fine with vservers?
1234451647 J * _Radiance ~Radiance@193.16.154.187
1234451647 Q * Radiance Read error: Connection reset by peer
1234451652 N * _Radiance Radiance
1234451656 M * Darkglow hi guys, I was wondering if there is a "good" way of doing HA between 2 vservers (on different hosts of course) with something like keepalived ? I know I could give some CAP for net to the vservers so they can manage their IP's, but I was wondering if there is a "suggested" way of doing this.
1234452064 J * kir ~kir@swsoft-msk-nat.sw.ru
1234452328 M * saulus_ blizz: with the new patch they work fine
1234452371 M * saulus_ Darkglow: HA?
1234452485 M * Darkglow well... IP failover or load balancing.
1234452526 M * Darkglow I have this web service I want to have highly available.
1234452535 J * dowdle ~dowdle@scott.coe.montana.edu
1234452815 M * saulus_ pmjdebruijn: http://saulus.dyndns.org/~david/scripts/ldapSambaPDC.sh
1234453029 M * pmjdebruijn saulus_: ah sweet. many thanks.
1234453034 M * saulus_ youre welcome
1234453055 Q * Scurz Quit: leaving
1234453120 M * saulus_ Bertl_oO: Feature request: When deleting vserver - please let it check for mounted filesystems inside! I do lots of mountings into vservers because all my files are on the host - or is there another possibility to prevent apokalypse?
1234453469 J * dna ~dna@92-215-103-86.dynamic.dsl.tng.de
1234454127 M * pmjdebruijn http://repo.or.cz/w/linux-2.6.22.y-op.git
1234454131 M * pmjdebruijn that's interesting...
1234454579 M * blizz saulus_: that patch, is it a new version/dev version? i'm running a patched 2.6.26 kernel
1234454718 N * pmenier_off pmenier
1234454879 M * saulus_ blizz: Bertl_oO did this for me 7 days ago. It works fine with the 2.6.28-4 kernel (2.6.28.4-vs2.3.0.36.6). So you have to build your kernel yourself. 
1234456158 J * hparker ~hparker@2001:470:1f0f:32c:215:f2ff:fe60:79d4
1234457683 Q * cga Quit: WeeChat 0.2.6
1234457766 M * ard Darkglow : /me suggest just using keepalived in front of your servers
1234457791 M * ard that is: if you can have the extra server in there
1234459808 J * saulus ~saulus@d046143.adsl.hansenet.de
1234459917 Q * saulus_ Ping timeout: 480 seconds
1234460051 Q * kir Quit: Leaving.
1234460182 J * yarihm ~yarihm@57-58-239-77-pool.cable.fcom.ch
1234460186 J * saulus_ ~saulus@d126137.adsl.hansenet.de
1234460297 Q * saulus Ping timeout: 480 seconds
1234460657 Q * dydanor Remote host closed the connection
1234460906 Q * pmenier Quit: Konversation terminated!
1234460918 J * buwesiqi ~buwesiqi@193.43.249.169
1234460972 Q * buwesiqi Read error: Connection reset by peer
1234461809 Q * harobed Ping timeout: 480 seconds
1234462847 J * hadi ~hadi@193.43.249.169
1234464331 Q * derjohn_foo Ping timeout: 480 seconds
1234464451 Q * esa Quit: Coyote finally caught me
1234464946 J * esa bip@ip-87-238-2-45.static.adsl.cheapnet.it
1234465188 J * derjohn_foo ~aj@e180202172.adsl.alicedsl.de
1234465579 J * harobed ~harobed@arl57-1-82-231-110-14.fbx.proxad.net
1234465612 N * Bertl_oO Bertl
1234465620 M * Bertl back now ..
1234465650 M * Bertl Darkglow: heartbeat on the host
1234465667 M * Bertl saulus_: when you stop a guest, the mounts will disappear automagically
1234465798 M * Bertl blizz: yes, they do
1234466278 M * blizz so it's going to take a year untili debian is tracking it? :D
1234466466 M * Bertl are you kidding? at least 5 years until it is in stable :)
1234466512 M * Bertl but seriously, 'normal' attributes work out of the box, only security attributes need a minor patch, which you could apply yourself
1234466802 Q * hparker Quit: Quit
1234466833 M * Bertl nap attack ... bbl
1234466840 N * Bertl Bertl_zZ
1234467437 Q * gnuk Quit: NoFeature
1234467525 Q * hadi Remote host closed the connection
1234467556 J * hisyhuti ~hisyhuti@193.43.249.169
1234467677 Q * hisyhuti Remote host closed the connection
1234467696 J * hparker ~hparker@2001:470:1f0f:32c:215:f2ff:fe60:79d4
1234467875 J * setede ~setede@193.43.249.169
1234467956 Q * hijacker_ Ping timeout: 480 seconds
1234468135 J * hijacker_ ~hijacker@213.91.163.5
1234468288 Q * setede Remote host closed the connection
1234468820 J * fohupyz ~fohupyz@193.43.249.169
1234468877 J * cga ~weechat@94.36.93.49
1234468889 Q * fohupyz Remote host closed the connection
1234468907 J * myhivorot ~myhivorot@193.43.249.169
1234469006 Q * myhivorot Remote host closed the connection
1234469299 Q * hparker Quit: Quit
1234470208 J * hparker ~hparker@2001:470:1f0f:32c:212:f0ff:fe0f:6f86
1234471897 Q * cga Quit: WeeChat 0.2.6
1234471914 J * cga ~weechat@94.36.93.49
1234472065 J * Aiken ~Aiken@ppp118-208-45-4.lns3.bne1.internode.on.net
1234473776 Q * cga Quit: WeeChat 0.2.6
1234475750 Q * dna Quit: Verlassend
1234476423 J * pflanze ~chris__@trex.iro.umontreal.ca
1234476443 Q * pflanze Remote host closed the connection
1234476496 J * pflanze ~chris__@trex.iro.umontreal.ca
1234479954 Q * bonbons Quit: Leaving
1234480001 N * ensc Guest1105
1234480011 J * ensc ~irc-ensc@p57AA77C7.dip.t-dialin.net
1234480117 Q * Guest1105 Ping timeout: 480 seconds
1234480211 J * larsivi ~larsivi@70.84-48-63.nextgentel.com
1234481089 J * _brent_ ~brent@jive.fttp.xmission.com
1234481091 P * _brent_ 
1234481465 N * Bertl_zZ Bertl
1234481471 M * Bertl back now ..
1234481905 M * derjohn_foo Bertl, <IRQ> is task_tick_fair+0x22/0x79 something vserver-related (new scheduler/TB?)
1234481943 M * derjohn_foo currently my domU/ pv-ops kernel with vs crashes there.
1234481979 M * derjohn_foo if there is vserver in it, i think it's worth compiling a new kernel, if not then there is a different prob
1234482176 M * Bertl can you upload the oops?
1234482224 M * derjohn_foo as far as the console shows it  , yes
1234482247 M * Bertl still no serial console .. shame on you :)
1234482284 M * derjohn_foo http://paste.linux-vserver.org/12737
1234482301 M * derjohn_foo no no! the _domU_ crashed, not the host
1234482327 M * Bertl hum, and the domU is Linux-VServer enabled?
1234482328 M * derjohn_foo so,ther serial-foo wouldnt help there mich
1234482392 M * derjohn_foo yes! the host a 2.6.22-x-xen (debian), the guest is the 2.6.28.4 I build with fresh vserver 
1234482409 M * Bertl with a preemptive, UP kernel ...
1234482419 M * derjohn_foo no, an SMP kernel
1234482428 M * Bertl SMP alternatives: switching to UP code  
1234482441 M * derjohn_foo it recognizes only one virt cpu ...
1234482449 M * Bertl that's what I meant
1234482467 M * derjohn_foo preemptive might be a bad idea for that, i admit
1234482481 M * Bertl can you get me the locations via addr2line?
1234482508 M * Bertl [<ffffffff8023b0ec>], [<ffffffff8023b192>] and [<ffffffff8023c858>]
1234482511 M * derjohn_foo yes, I have access to the kernel
1234482516 M * derjohn_foo mom
1234482721 M * derjohn_foo addr2line: /boot/vmlinuz-2.6.28.4-vserver2.3.0.36.7-nfct-300hz-derjohn.de: File format not recognized
1234482735 M * derjohn_foo can't i use a bzImage directly ?
1234482773 M * derjohn_foo addr2line -e /boot/vmlinuz-2.6.28.4-vserver2.3.0.36.7-nfct-300hz-derjohn.de ffffffff8023b0ec ffffffff8023b192 ffffffff8023c858
1234482785 M * derjohn_foo that's what I used - silly idea ?
1234482796 Q * harobed Ping timeout: 480 seconds
1234482808 M * derjohn_foo or do I have to boot that kernel und then do a addr2line
1234482983 M * Bertl you need to use the vmlinux
1234482996 M * Bertl the bootable kernel is already stripped of all debug info
1234483047 M * derjohn_foo ok, I get out of the stripped show and use an unstripped