1234828864 Q * pflanze Remote host closed the connection
1234828879 J * Psy0rz_ ~psy0rz@lounge.datux.nl
1234828894 M * Psy0rz_ how is it possible that i can change partition from within a vserver?
1234828911 M * Bertl hmm?
1234828914 M * Psy0rz_ i just toggled the bootflag of a partition as a test
1234828934 M * Psy0rz_ kernel 2.6.22.19_vs2.2.0.7_syn3
1234828940 M * Bertl and?
1234828962 M * Psy0rz_ i would assume someone wouldn't be able to do 'harm' to the host system?
1234828980 M * Bertl that very much depends on the guest config and security setup
1234828998 M * Psy0rz_ so it isnt locked down by default?
1234829012 M * Bertl if you change something on a partition/disk, that implies that you have a device node inside the guest
1234829022 M * Bertl this is not the case by default created guests
1234829027 M * Psy0rz_ ah k
1234829054 M * Bertl so, if you give a guest access to your devices, it will have access to them :)
1234829066 Q * dowdle Remote host closed the connection
1234829081 M * Psy0rz_ so if there aren't any device nodes, i should be fine? i see indeed that it's not allowed to mknod
1234829109 M * Bertl you need a 'known secure' set of devices to get a working guest (usually)
1234829131 M * Bertl they will be created when you build a guest (with util-vserver's build method)
1234829142 M * Psy0rz_ so thats why my lvm-tools also seem to be able to read stuff
1234829158 M * Bertl you can create a skeleton guest to have an example what devices that would be
1234829194 M * Psy0rz_ thanks
1234829196 Q * geb Ping timeout: 480 seconds
1234829211 M * Bertl np, how did you create that guest, btw?
1234829215 M * Psy0rz_ i just assumed it didnt mather what kind of device nodes i had ;)
1234829224 M * Psy0rz_ i just rsynced an existing installation 
1234829231 M * Psy0rz_ without stripping or changing much
1234829244 M * Bertl there is an rsync build method too in util-vserver for that purpose
1234829250 M * Psy0rz_ oh cool!
1234829254 M * Psy0rz_ :)
1234829257 M * Bertl (i.e. it will do the proper cleanup and such)
1234829288 M * Psy0rz_ ah k
1234829328 M * Bertl recent devel/experimental kernels also feature a device mapping mechanism, which would allow you to have 'disabled' devices in a guest
1234829374 M * Psy0rz_ so how are new kernels coming up? 
1234829382 M * Psy0rz_ is it hard to keep up with the rapid development?
1234829393 M * Bertl not really
1234829427 M * Psy0rz_ but its still 2.6.22, right?
1234829442 M * Bertl we have patches for 2.6.27 and 2.6.28 as well
1234829447 M * Bertl just not stable releases
1234829456 M * Psy0rz_ oh i see i looked over them
1234829514 M * Psy0rz_ well 2.6.22.19/2.2.0.7 works really well :)
1234829529 M * Bertl glad to hear ...
1234829749 J * geb ~geb@AOrleans-253-1-41-107.w92-140.abo.wanadoo.fr
1234829931 J * saulus ~saulus@c207173.adsl.hansenet.de
1234830037 Q * saulus_ Ping timeout: 480 seconds
1234830839 Q * geb Quit: Quitte
1234830902 Q * Aiken Quit: Leaving
1234830922 J * Aiken ~Aiken@ppp118-208-45-4.lns3.bne1.internode.on.net
1234831349 J * zbyniu ~zbyniu@ip-62.181.188.13.static.crowley.pl
1234831546 Q * aj__ Ping timeout: 480 seconds
1234832968 J * geb ~geb@AOrleans-253-1-41-107.w92-140.abo.wanadoo.fr
1234836033 M * Bertl off to bed now .. enjoy!
1234836038 N * Bertl Bertl_zZ
1234836496 Q * mEDI_S Ping timeout: 480 seconds
1234836558 J * mEDI_S ~medi@snipah.com
1234836791 Q * grobie Ping timeout: 480 seconds
1234836796 J * grobie ~grobie@tyr.schnuckelig.eu
1234840704 J * balbir_ ~balbir@122.172.57.139
1234842422 Q * geb Ping timeout: 480 seconds
1234842980 J * geb ~geb@AOrleans-253-1-48-197.w92-140.abo.wanadoo.fr
1234852388 Q * puck Ping timeout: 480 seconds
1234852502 Q * geb Ping timeout: 480 seconds
1234852885 J * puck ~puck@leibniz.catalyst.net.nz
1234853191 Q * hparker Quit: Read error: 104 (Peer reset by connection)
1234853860 J * sharkjaw ~gab@217-26-13.231210.adsl.tele2.no
1234855296 J * davidkarban ~david@88.86.104.103
1234855790 J * ghislainocfs21 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr
1234856119 Q * ghislainocfs2 Ping timeout: 480 seconds
1234856154 J * dna ~dna@133-199-103-86.dynamic.dsl.tng.de
1234856399 J * kir ~kir@swsoft-msk-nat.sw.ru
1234856756 J * friendly ~friendly@ppp121-44-218-114.lns10.mel4.internode.on.net
1234857978 Q * sharkjaw Remote host closed the connection
1234858274 J * sharkjaw ~gab@217-26-13.231210.adsl.tele2.no
1234859307 J * harobed ~harobed@pda57-1-82-231-115-1.fbx.proxad.net
1234859926 J * doener ~doener@i577BBEB8.versanet.de
1234860031 Q * doener_ Ping timeout: 480 seconds
1234860357 J * pn ~pn@80.69.41.3
1234862657 J * aj__ ~aj@139.12.1.252
1234862992 J * gnuk ~F404ror@pla93-3-82-240-11-251.fbx.proxad.net
1234863034 Q * friendly Quit: Leaving.
1234863064 Q * ghislainocfs21 Quit: Leaving.
1234863081 J * ghislainocfs2 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr
1234864009 J * ktwilight_ ~ktwilight@95.97-67-87.adsl-dyn.isp.belgacom.be
1234864312 Q * ktwilight Ping timeout: 480 seconds
1234865616 Q * ensc Ping timeout: 480 seconds
1234866090 N * Bertl_zZ Bertl
1234866094 M * Bertl morning folks!
1234866146 M * ghislainocfs2 morning bertl :)
1234866442 M * Psy0rz_ morning :)
1234866452 M * Psy0rz_ coffee!
1234867488 J * ensc ~irc-ensc@p57AA747B.dip.t-dialin.net
1234867846 J * yarihm ~yarihm@whitehead2.nine.ch
1234870138 Q * saulus Quit: leaving
1234870229 Q * yarihm Quit: Leaving
1234870588 J * saulus ~saulus@d045178.adsl.hansenet.de
1234871083 Q * saulus Ping timeout: 480 seconds
1234874182 M * Bertl off for now ... bbl
1234874187 N * Bertl Bertl_oO
1234876757 Q * Aiken Remote host closed the connection
1234876974 Q * nenolod Ping timeout: 480 seconds
1234877713 J * JonB ~NoSuchUse@130.227.63.19
1234878863 J * tito ~irc___irc@tito.prolink.org
1234878935 M * tito hi
1234878964 M * tito i still have a problem to ping as a non-root users -_- 
1234878982 M * tito i've upgraded util-vserver to version 0.30.215
1234878998 M * tito i am using kernel 2.6.28.4 with vs2.3.0.36.7
1234879033 M * tito and still i can't ping if i'm not root wathever i try
1234879044 M * JonB in or outside guest?
1234879125 M * tito i enter my vserver and when i try to ping (google or even it's own ip) : ping: icmp open socket: Operation not permitted
1234879161 M * tito with user root it works
1234879195 M * tito so i tried chmod u+s /bin/ping but it's the same
1234879218 M * tito i tried to add capabilities with setpcaps cap_net_raw=ep /bin/ping
1234879223 M * tito but still the same
1234879262 M * tito so maybe i missed something but i really don't know what
1234879425 J * nenolod ~nenolod@ip70-189-74-62.ok.ok.cox.net
1234879498 J * hparker ~hparker@2001:470:1f0f:32c:290:96ff:fe50:40fa
1234879542 M * ktwilight_ tito, i doubt it matters, but i'd suggest using 0.30.216-xxxx
1234880025 M * JonB i can ping just fine
1234880032 M * JonB do your firewall rules disallow ping
1234880114 M * tito no it's allowing icmp
1234880116 M * tito ACCEPT     icmp --  anywhere             anywhere
1234880148 M * tito and the thing that disturbs me is that with root it is working
1234880159 M * tito but not with another non privileged user
1234880457 Q * nenolod Quit: my eyes cannot compute this misery.
1234880508 M * JonB do you ping -f or something?
1234880568 J * nenolod nenolod@petrie.dereferenced.org
1234880708 M * tito nop jsut a normal ping : ping host
1234880797 M * JonB what about ip address
1234880802 M * JonB does it find the ip address?
1234880904 M * tito well it's the same
1234880909 M * tito box:/# ping 91.121.9.79
1234880909 M * tito PING 91.121.9.79 (91.121.9.79) 56(84) bytes of data.
1234880909 M * tito 64 bytes from 91.121.9.79: icmp_seq=1 ttl=64 time=0.023 ms
1234880915 M * tito box:/# su - mike
1234880915 M * tito mike@box:~$ ping 91.121.9.79
1234880915 M * tito ping: icmp open socket: Operation not permitted
1234881024 M * JonB better wait for Bertl_oO 
1234881089 M * tito hehe ok i will ^^ thanks for your time
1234881256 M * hijacker_ tito, i have the same on a vserver of mine
1234881263 M * hijacker_ ping uses raw_icmp
1234881267 M * hijacker_ or was it net_raw?
1234881298 M * tito well i heard that raw_icmp was set by default
1234881301 M * hijacker_ but I like it this way , so I never bothered to check why it behaves like that...
1234881309 M * tito and that  net_raw is insecure
1234881327 M * hijacker_ the vserver I had was build almost 2 years back in time
1234881333 M * hijacker_ so maybe then it was not auto added?
1234881336 M * hijacker_ how about yours?
1234881340 M * hijacker_ when was it built?
1234881357 M * tito it's a new build
1234881362 M * hijacker_ strange
1234881371 M * hijacker_ on my new builts I can use icmp with no errors
1234881382 M * hijacker_ btw
1234881387 M * JonB 2.6.22.18-vs2.2.0.6
1234881398 M * hijacker_ utils version you may prefer to use is 0.30.216-pre something...
1234881418 M * hijacker_ maybe that will do the trick for you
1234881450 M * tito yes maybe
1234881461 M * tito i have no other option so i will try ^^
1234881520 M * tito or could it be related to the kernel version i use, or kernel options ?
1234881522 N * ensc Guest101
1234881532 J * ensc ~irc-ensc@p57AA5B6D.dip.t-dialin.net
1234881545 M * JonB no, the feature matrix says you do have the capability
1234881632 M * tito okay
1234881639 Q * Guest101 Ping timeout: 480 seconds
1234881684 M * JonB http://linux-vserver.org/util-vserver:Capabilities_and_Flags
1234881693 M * JonB raw_icmp is default
1234881714 M * hijacker_ so then try with latest utils tito 
1234881751 M * JonB i have 0.30.216~r2772-6
1234881882 Q * davidkarban Ping timeout: 480 seconds
1234882089 J * davidkarban ~david@88.86.104.103
1234882521 M * hijacker_ i am currently with this one: util-vserver-0.30.216-pre2827
1234882682 N * Bertl_oO Bertl
1234882824 M * Bertl off again ... bbl
1234882828 N * Bertl Bertl_oO
1234883270 J * geb ~geb@AOrleans-253-1-6-11.w90-24.abo.wanadoo.fr
1234883349 M * geb hi
1234883360 M * JonB hi
1234883472 Q * davidkarban Quit: Ex-Chat
1234884079 Q * nenolod Ping timeout: 480 seconds
1234884417 J * nenolod nenolod@petrie.dereferenced.org
1234884635 M * tito ok i have installed util-vserver: 0.30.216-pre2782
1234884650 M * tito but it didn't solve my ping problem :(
1234884653 M * ktwilight_ :(
1234884671 M * ktwilight_ maybe it's .28.x fault somewhere
1234884677 M * ktwilight_ + vserver patch
1234884707 M * ktwilight_ tito, what happens when you give caps to guest? does it work?
1234884735 M * tito the NET_RAW cap?
1234884828 M * ktwilight_ and RAW_ICMP
1234884909 J * fluor- ~fluor@silentio.us
1234884918 N * fluor- fluor
1234884930 M * fluor hi there
1234884950 M * tito it doesn't change the behavior of ping
1234884967 M * ktwilight_ tito, gotta wait for Bertl_oO then :/
1234884970 M * ktwilight_ hi fluor
1234885001 M * tito ok ;)
1234885030 J * dentifrice d9e097e21a@91.194.60.102
1234885038 M * dentifrice hello
1234885067 M * dentifrice just wondering, what are the known benefits of running vhashify over vservers?
1234885074 Q * fluor 
1234885122 M * hijacker_ tito, yes it does not
1234885134 M * hijacker_ it applies only to vservers built with the latest utils
1234885140 M * hijacker_ at least this is what I observed...
1234885207 M * dentifrice could it reduce iowait for instance, by reading all shared binaries from the same inodes, rather than crawling all over the disk?
1234885333 J * geb_ ~geb@AOrleans-253-1-61-66.w92-140.abo.wanadoo.fr
1234885410 M * hijacker_ iowait + disk space ;-)
1234885413 M * hijacker_ i reckon dentifrice 
1234885472 M * JonB what about ram space?
1234885494 M * dentifrice hijacker_: yeah, I figured diskspace would be a plus, but less iowait is really what I'm into :)
1234885499 Q * nenolod Ping timeout: 480 seconds
1234885518 M * hijacker_ dentifrice, ah nice
1234885524 Q * geb Ping timeout: 480 seconds
1234885529 M * hijacker_ i am not quite sure, just guessing here...
1234885535 M * hijacker_ it is supposed to be so thou
1234885538 M * dentifrice JonB: how would that be?
1234885563 M * dentifrice I'm not familiar with how/when binaries are put into ram
1234885570 M * dentifrice s/put/loaded
1234885590 M * hijacker_ well, each binary places it's contents into the address space, be it virtual or physical
1234885597 J * nenolod nenolod@petrie.dereferenced.org
1234885597 M * hijacker_ so RAM will not be beneficial...
1234885636 M * JonB hijacker_: are you sure? I had the understanding that the assembler program code would be shared
1234885642 M * JonB but not the stack
1234885767 M * hijacker_ JonB, not quite sure
1234885780 M * hijacker_ but as far as my knowledge expands
1234885800 M * hijacker_ i think that each process reserves and thus occupies its own address space
1234885851 M * hijacker_ unless it is not told to do otherwise and use shared memory for some reason
1234885857 M * hijacker_ please correct me if I am wrong...
1234886031 M * JonB well, it's like this
1234886040 M * JonB you read the same inodes from the disk
1234886051 M * JonB so i expect it to be only once in ram
1234886062 M * hijacker_ not if you start it several times?
1234886079 M * JonB next time some guest tries to read the same inodes, wont the kernel say "already got that"
1234886095 Q * Hawq Remote host closed the connection
1234886101 M * JonB and just reuse the allocated memory?
1234886106 M * JonB possibly with a copy on write
1234886272 Q * sharkjaw Remote host closed the connection
1234886307 M * hijacker_ i doubt that
1234886318 M * hijacker_ it will just serve it from disk cache if available...
1234886328 M * hijacker_ anyone else here?
1234886603 M * dentifrice I wish I knew
1234886988 M * JonB doesnt the faq say
1234887009 Q * tam Quit: Lost terminal
1234887023 J * tam ~tam@gw.nettam.com
1234887149 M * hijacker_ i dunno
1234887162 M * hijacker_ i have not used hashify for any of my vservers..
1234887306 M * JonB neither have i, but i have considered it
1234887910 M * hijacker_ aye
1234887911 M * hijacker_ ;-)
1234887913 M * hijacker_ well
1234887916 M * hijacker_ gtg now fellows
1234887918 M * hijacker_ speak later
1234889566 J * cga ~weechat@62.196.2.6
1234889614 J * mrtv ~timo@sub17.rz-zw.fh-kl.de
1234889629 M * mrtv hi @all
1234889801 M * mrtv i am searching for an official vserver enabled ubuntu kernel, because i would like to take advantage of their update support. i only found howtos for building a kernel manually. is vserver support only available the manual way or have i overlooked something?
1234889849 M * geb_ did you consider a debian kernel ?
1234889889 M * geb_ https://help.ubuntu.com/community/VServer
1234889961 M * mrtv hmm, not yet, but that seems to be too much customization for to be handled via the normal update mechanism. say i dont want to add a debian line in sources.list on a ubuntu system and i dont want to install the .deb file manually
1234890016 J * jp- ~jp@itdev.judelawfirm.com
1234890058 M * mrtv i know that web page. the deb line for the sources list isn't there any more
1234890086 Q * JonB Quit: Leaving
1234890088 M * mrtv and there is no sign that it was officially supported
1234890092 M * geb_ yeah i didn't know
1234890190 M * ktwilight_ vserver has alot of manual work, so either love it or leave it :)
1234890260 M * mrtv i can still go with lenny of course 
1234890436 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d
1234890594 M * mrtv another question: when using the stock lenny vserver kernel: how can i prove that one vserver cannot access the loopback device of another?
1234890952 M * Psy0rz_ mrtv i think you need to cleanup the /dev directory
1234890960 M * Psy0rz_ by using only the minimal set of device nodes
1234891156 M * mrtv hmm, there is no loopback device in /dev of the vserver. am i save now? :)
1234891303 M * geb_ with lenny kernel (witch contain 2.3.x patch ) each vserver has its own loopback interface
1234891366 M * geb_ so i think you are safe
1234891416 M * geb_ if you realy want to try , create 2 vserver, one with an apache server and verify that the second can't access it via localhost
1234891514 M * mrtv good idea, i will try that out, thx 
1234891579 M * mrtv bye 
1234891582 Q * mrtv Quit: Verlassend
1234891621 Q * daniel_hozac Ping timeout: 480 seconds
1234891858 Q * dna Quit: Verlassend
1234891981 Q * opuk Ping timeout: 480 seconds
1234892348 J * hijacker ~hijacker@87-126-142-51.btc-net.bg
1234892588 J * opuk ~kupo@potatisbulle.com
1234892637 J * larsivi ~larsivi@70.84-48-63.nextgentel.com
1234892875 Q * nenolod Ping timeout: 480 seconds
1234893416 Q * cga Quit: WeeChat 0.2.6
1234894137 P * indy 
1234894592 J * nenolod nenolod@petrie.dereferenced.org
1234895116 Q * aj__ Ping timeout: 480 seconds
1234895173 Q * harobed Ping timeout: 480 seconds
1234899098 Q * arekm Quit: leaving
1234899507 Q * esa Quit: Coyote finally caught me
1234899640 J * arekm arekm@carme.pld-linux.org
1234900101 M * puck I've been receiving some kernel panics with 2.6.28.4 and vserver patch 2.6.28.4-vs2.3.0.36.7 around __inet6_check_established - is this a known issue?
1234900122 M * puck I was getting kernel panics once every 24 hours (yesterday the box was up for about 4 hours before it paniced)
1234900140 M * puck I've rolled back to a 2.6.28.3, non-vserver kernel and it has been running fine since yesterday
1234900632 J * harobed ~harobed@arl57-1-82-231-110-14.fbx.proxad.net
1234900948 M * Scurz is there any doc about iptables and vserver ? to make rules for each guest
1234901270 M * geb_ Scurz, there is some usefull tools here https://listes.univ-reims.fr/sympa/d_read/vs-tools/Sources/Latest.tgz
1234901339 M * geb_ one of those tools allow to create iptables rules for each vserver
1234901352 M * geb_ that's what you are looking for ?
1234901643 M * Scurz mouais, je cherche surtout de la doc geb_ :)
1234902005 J * cga ~weechat@94.36.116.238
1234902017 M * klike how nd where i can add second ipv4 in guest?
1234902034 M * klike oh
1234902036 M * klike i remember now
1234903945 Q * opuk Quit: host reboot
1234904440 Q * hijacker Ping timeout: 480 seconds
1234904725 J * hijacker ~hijacker@87-126-142-51.btc-net.bg
1234904990 Q * bonbons Quit: Leaving
1234905583 J * esa bip@ip-87-238-2-45.static.adsl.cheapnet.it
1234908211 Q * cga Quit: WeeChat 0.2.6
1234908740 J * Aiken ~Aiken@ppp118-208-45-4.lns3.bne1.internode.on.net
1234909069 M * _Shiva_ FYI: patch-2.6.28.4-vs2.3.0.36.7 + delta-sminc-fix01 applies with all Hunks succeeded on vanilla 2.6.28.6 - except for $EXTRAVERSION in top level Makefile ;-)
1234909120 P * Psy0rz_ 
1234909145 M * _Shiva_ but that's of course trivial to fix ;-)
1234909393 A * _Shiva_ . o 0 ( phew.. 2.6.28.*6* already.. time flies.. )
1234909941 M * arekm some of us already runs it ;>
1234911977 N * ensc Guest151
1234911987 J * ensc ~irc-ensc@p57AA5B6D.dip.t-dialin.net
1234912004 Q * hijacker Quit: Leaving
1234912095 Q * Guest151 Ping timeout: 480 seconds
1234912652 Q * harobed Ping timeout: 480 seconds
1234912986 Q * tito 
1234913237 Q * Slydder1 Quit: Leaving.
1234913627 J * _Radiance ~Radiance@193.16.154.187
1234913627 Q * ktwilight_ Read error: Connection reset by peer
1234913663 Q * Radiance Read error: Connection reset by peer
1234913696 J * ktwilight_ ~ktwilight@95.97-67-87.adsl-dyn.isp.belgacom.be
1234913989 Q * _Radiance Quit: changing servers
1234914040 Q * duckx Remote host closed the connection
1234914607 Q * sid3windr Remote host closed the connection