1237857073 J * yarihm ~yarihm@77-56-182-18.dclient.hispeed.ch 1237857544 Q * duckx Remote host closed the connection 1237859306 J * bono bono@114-45-224-90.dynamic.hinet.net 1237860629 Q * yarihm Quit: This computer has gone to sleep 1237863828 J * ghislainocfs21 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1237864164 Q * ghislainocfs2 Ping timeout: 480 seconds 1237865580 J * derjohn_foo ~aj@p5B23BD95.dip.t-dialin.net 1237866013 Q * derjohn_mob Ping timeout: 480 seconds 1237866489 J * neofutur ~neofutur@xena.ww7.be 1237871407 J * doener_ ~doener@i59F55726.versanet.de 1237871508 Q * doener Ping timeout: 480 seconds 1237871537 Q * Piet Ping timeout: 480 seconds 1237874452 J * Piet ~piet@asteria.debian.or.at 1237874571 J * takeru ~takeru@nttkyo330069.tkyo.nt.ftth.ppp.infoweb.ne.jp 1237875728 Q * infowolfe Ping timeout: 480 seconds 1237875805 J * infowolfe ~infowolfe@97-120-32-173.ptld.qwest.net 1237877259 J * sharkjaw ~gab@149-240-82.oke2-bras6.adsl.tele2.no 1237879459 J * infowolfe_ ~infowolfe@c-76-105-242-186.hsd1.or.comcast.net 1237879498 N * DoberMann[ZZZzzz] DoberMann 1237879508 J * ktwilight__ ~ktwilight@91.178.149.76 1237879523 Q * ghislainocfs21 Ping timeout: 480 seconds 1237879573 Q * infowolfe Ping timeout: 480 seconds 1237879789 Q * ktwilight_ Ping timeout: 480 seconds 1237881645 J * ghislainocfs2 ~Ghislain@adsl2.aqueos.com 1237881980 Q * sharkjaw Remote host closed the connection 1237882138 J * cluk ~cluk@p5B17F637.dip.t-dialin.net 1237882177 Q * hparker Quit: Read error: 104 (Peer reset by connection) 1237882298 J * sharkjaw ~gab@149-240-82.oke2-bras6.adsl.tele2.no 1237883091 Q * derjohn_foo Ping timeout: 480 seconds 1237883219 P * oo_ 1237883337 J * harobed ~harobed@pda57-1-82-231-115-1.fbx.proxad.net 1237883837 J * scientes ~scientes@75-165-16-192.tukw.qwest.net 1237884015 J * Adrinael adrinael@rid7.kyla.fi 1237884189 J * cga ~weechat@62.196.2.6 1237884774 J * yarihm ~yarihm@gw.ptr-80-238-186-66.customer.ch.netstream.com 1237885074 J * duckx ~Duck@81.57.39.234 1237886165 J * Pazzo ~ugelt@reserved-225136.rol.raiffeisen.net 1237886724 J * DjMT ~medz___@cpe-76-169-80-109.socal.res.rr.com 1237886783 J * esa ~esa@ip-87-238-2-45.static.adsl.cheapnet.it 1237887094 Q * duckx Remote host closed the connection 1237887186 J * mrfree ~mrfree@host1-89-static.40-88-b.business.telecomitalia.it 1237887204 M * mrfree hi all 1237887212 M * mrfree I've just installed a debian guest 1237887243 M * mrfree but "vserver guest1 start" reports no error but the guest doesn't start 1237887246 J * esa` bip@62.123.8.86 1237887267 Q * esa Ping timeout: 480 seconds 1237887305 M * mrfree any idea? 1237887355 M * hijacker_ mrfree, how do you know the guest does not start? 1237887419 M * mrfree 'vserver ... suexec' is supported for running vservers only; aborting... 1237887426 M * mrfree and vserver-stats 1237887432 M * mrfree doesn't list it 1237887559 M * pmenier_off mrfree: is there at least one service running on the guest ? 1237887569 N * pmenier_off pmenier 1237887580 M * mrfree pmenier, I've just build it 1237887592 J * gnuk ~F404ror@pla93-3-82-240-11-251.fbx.proxad.net 1237887594 M * pmenier yes but i encountered same problem recently 1237887618 M * pmenier because rsyslog didn't start and there was no other services configured 1237887680 M * mrfree pmenier, how you solved this issue? 1237887729 M * pmenier by modifying startup script for rsyslog 1237887801 M * mrfree pmenier, which mods? 1237887820 M * pmenier sorry don't remember.. and i don't have machine at hand 1237887883 M * pmenier you can try to enable cron ... but perhaps there is another issue... i'm not an expert 1237888063 M * mrfree pmenier, yeah you're right 1237888074 M * mrfree adding a service like cron works 1237888078 M * pmenier cool 1237888106 M * mrfree rsyslog is simply disabled per default 1237888150 M * mrfree simply add rsyslog 1237888151 M * mrfree :) 1237888155 M * mrfree thanks for the idea ;) 1237889518 Q * balbir_ Ping timeout: 480 seconds 1237890243 J * balbir_ ~balbir@122.172.48.48 1237892034 Q * mattzerah Quit: Leaving 1237892662 Q * infowolfe_ synthon.oftc.net larich.oftc.net 1237892662 Q * nenolod synthon.oftc.net larich.oftc.net 1237892662 Q * sardyno synthon.oftc.net larich.oftc.net 1237892662 Q * Hunger synthon.oftc.net larich.oftc.net 1237892662 Q * fb synthon.oftc.net larich.oftc.net 1237892662 Q * AndrewLee synthon.oftc.net larich.oftc.net 1237892662 Q * kaner synthon.oftc.net larich.oftc.net 1237892666 J * AndrewLee ~andrew@flat.iis.sinica.edu.tw 1237892674 J * sardyno ~me@pool-96-235-18-120.pitbpa.fios.verizon.net 1237892676 J * infowolfe_ ~infowolfe@c-76-105-242-186.hsd1.or.comcast.net 1237892677 J * nenolod nenolod@petrie.dereferenced.org 1237892709 J * Hunger Hunger.hu@Hunger.hu 1237892964 J * fb fback@red.fback.net 1237893008 Q * bzed Quit: leaving 1237893034 J * bzed ~bzed@devel.recluse.de 1237893036 Q * bzed Read error: Connection reset by peer 1237893046 J * bzed ~bzed@devel.recluse.de 1237893585 N * Bertl_zZ Bertl 1237893589 M * Bertl morning folks! 1237893869 J * saulus_ ~saulus@d025048.adsl.hansenet.de 1237893885 M * fb morninig Bertl! :) 1237894023 M * ghislainocfs2 morning ;) 1237894038 M * arekm .29 final ye 1237894280 Q * SauLus Ping timeout: 480 seconds 1237894280 N * saulus_ SauLus 1237894746 Q * kir Remote host closed the connection 1237894761 J * kir ~kir@swsoft-msk-nat.sw.ru 1237895239 Q * yarihm Read error: Connection reset by peer 1237895588 J * yarihm ~yarihm@gw.ptr-80-238-186-66.customer.ch.netstream.com 1237896077 Q * SauLus Quit: leaving 1237896309 J * derjohn_mob ~aj@80.69.42.51 1237896376 J * xdr ~xdr@62.88.128.188 1237896394 Q * xdr 1237897894 Q * yarihm Quit: This computer has gone to sleep 1237898975 Q * DreamerC Quit: leaving 1237899216 J * DreamerC ~DreamerC@122-116-181-118.HINET-IP.hinet.net 1237899590 M * _Shiva_ Bertl: any palns on 2.6.29, yet? ;-) 1237899598 M * _Shiva_ s/palns/plans/ 1237899873 Q * sharkjaw Quit: Leaving 1237900027 Q * derjohn_mob Remote host closed the connection 1237900315 J * thierryp ~thierry@zircon.inria.fr 1237900513 M * Bertl go ahead if you want to do a port .. we then can compare the results 1237900554 M * _Shiva_ *g* 1237900608 M * _Shiva_ so far i can tell you the latest patch for 2.6.28.8 does not apply :-) too many hunks do not succeed 1237900632 M * Bertl and the other way round? 1237900716 M * _Shiva_ you mean apply patch-2.6.29.diff to 2.6.28.8-vs2.3.0.36.9 ? 1237900742 M * Bertl well, the delta between 2.6.28.8 and 2.6.29, yes 1237900777 M * _Shiva_ (actally, that would be some delta to 2.6.28.8... mainline only provides patches against 2.6.28..) 1237900846 Q * doener_ Quit: leaving 1237901112 M * _Shiva_ linux-2.6.29 # patch -p1 --dry-run < ../patch-2.6.28.8-vs2.3.0.36.9.diff | grep -v ^patching | grep ^Hunk | cut -d ' ' -f 3 | sort | uniq -c 102 FAILED 504 succeeded 1237901133 M * _Shiva_ that's for completeness :-) 1237901182 M * _Shiva_ . o 0 ( "grep -v ^patching" is a useless grep here - sorry) 1237901539 J * doener ~doener@i59F55726.versanet.de 1237901706 M * _Shiva_ phew ... delta-2.6.28.8-2.6.29.diff --> 2301339 lines 1237901739 M * Bertl not bad for a minor version change :) 1237901748 M * Bertl (in a stable kernel that is :) 1237901774 M * biz Is there a way to get the number of open file descriptors of one specific guest system? /proc/sys/fs/file-nr is global / the host system 1237901799 M * Bertl check out /proc/virtual//limits 1237901856 M * biz wow, that's perfect. Thanks :-) 1237901863 M * Bertl you're welcome! 1237901880 M * Bertl besides the current value, you also get the min/max 1237901992 M * _Shiva_ Bertl: "linux-2.6.28.8-vs2.3.0.36.9 # patch -p1 --dry-run < ../delta-2.6.28.8-2.6.29.diff | grep ^Hunk | grep FAILED | wc -l" 1237901997 M * _Shiva_ Bertl: --> 102 1237902021 M * _Shiva_ Bertl: i guess that are the very same 102 failed from above ;-) 1237902066 M * biz I don't quite get it how one can set ulimit's (as it's a shell-builtin in bash for example) to limit a whole vserver context? Does vserver foo start somehow inherit the calling process's limits and set them for the whole context, or how is that done? 1237902099 M * _Shiva_ Bertl: but you'll get *1983* Hunks succeeded that way :-) 1237902124 M * Bertl biz: there are actually two kinds of limits .. the ulimits and the rlimits 1237902147 M * Bertl biz: the ulimits are 'user' limits, and get inherited from one process to the other 1237902166 M * Bertl they are generally process limits, i.e. each process has that limit 1237902187 M * Bertl the rlimits are per context, i.e. they limit the total resources inside a guest 1237902218 M * Bertl example: ulimit #files = 16 means, each process can open 16 files 1237902246 M * Bertl rlimit #files = 128 means, a total of 128 files can be opened by all processes 1237902339 J * derjohn_mob ~aj@51.42.69.80.in-addr.net-lab.net 1237902360 M * biz ah, thanks! I'll read up on that resource limits page 1237902464 M * biz by the way: 1237902468 M * biz : mail.linux-vserver.org [78.47.240.170]: 1237902468 M * biz >>> STARTTLS 1237902470 M * biz <<< 454 TLS no valid RSA private key: error:02001002:system library:fopen:No such file or directory (#4.3.0) 1237902488 Q * balbir_ Read error: Connection reset by peer 1237902544 M * Bertl Hollow_: --^^ 1237902563 M * biz I was unable to send harry a mail recently since my MTA does STARTTLS if it's supported by the peer (and I was to lazy to disable that yet) 1237903457 J * balbir_ ~balbir@122.172.151.182 1237903562 Q * mrfree Quit: Leaving 1237904054 Q * doener Quit: leaving 1237904191 Q * scientes Quit: scientes 1237904238 J * scientes ~scientes@75-165-16-192.tukw.qwest.net 1237904651 Q * esa` Ping timeout: 480 seconds 1237904913 J * esa bip@62.123.8.86 1237904953 M * biz I still encounter this strange procfs and devpts problem. I've narrowed it down a bit though 1237904977 M * Bertl and what is that 'strange procfs and devpts problem'? 1237905031 M * biz I ran vprocunhide prior to starting any guests. /proc and /dev/pts on the host are mounted. I start up a guest which has /dev/pts and /proc in its /etc/vservers/foo/fstab. In the guest, they are mounted just fine 1237905057 M * biz Once in a while (every ~20hours, it's really hard to track that) /proc in the guest is empty 1237905078 M * biz I'm unable to ssh into the guest because openpty() fails (/dev/pts is not accessible too) 1237905088 M * Bertl what kernel/patch do you use? 1237905103 M * biz I can do what I want in the guest, /proc is empty, "ps" for example says /proc.. "No such file or directory" 1237905117 M * biz The only fix: ls /proc (on the host system!) 1237905121 M * biz then everything is up again 1237905131 M * biz One moment 1237905151 M * biz 2.6.22.19-grsec2.1.11-vs2.2.0.7 1237905174 M * biz util-vserver 0.30.216~r2750-3ubuntu2 1237905190 M * Bertl you might try without the grsec and see if that fixes it 1237905219 J * dowdle ~dowdle@scott.coe.montana.edu 1237905221 J * doener ~doener@i59F55726.versanet.de 1237905270 M * biz Yeah, that's what harry said too.. but I've got some guests running in production on there, so I've yet to find the right time 1237905319 M * Bertl maybe setup a test system for that, and try to recreate the issue there first, then try with the non-grsec version? 1237905332 M * biz I'm still quite confused about this. It's only a problem for guests that need to provide login shells 1237905389 M * biz hm.. yeah. I definitely need to track that down sometime :-) 1237905416 M * Bertl could as well be a very obscure Linux-VServer procfs bug 1237905447 M * Bertl but we can't really tell with grsec in place 1237905487 M * biz And it's _very_ hard to notice that one and the "fix" I've stated, because if I'm unable to ssh into this guest, I ssh into the host system, and by doing that, the host accesses /dev/pts and it's all "fixed" again 1237905490 Q * takeru Ping timeout: 480 seconds 1237905519 M * biz So I really had luck being logged in on the guest already while that happened 1237905525 M * biz *on the host 1237905829 M * biz Oh, and for the record.. I've already reproduced/noticed this on another host system (exactly the same kernel, though) 1237905875 M * Bertl well, if it happens every 20h it should be easy to test with a non grsec kernel 1237905990 M * biz I'll setup a test system and try to reproduce it 1:1, then try it with non-grsec on there and hopefully I'm smarted after that ;D 1237906107 M * biz And thanks again, I'm out for now 1237906116 M * Bertl np, cya 1237906778 J * hparker ~hparker@2001:470:1f0f:32c:290:96ff:fe50:40fa 1237907506 Q * doener Quit: leaving 1237907899 J * saulus ~saulus@d073185.adsl.hansenet.de 1237908149 Q * saulus 1237908164 J * saulus ~saulus@d073185.adsl.hansenet.de 1237908365 M * ghislainocfs2 bertl: just a quick reminder 1237908412 M * ghislainocfs2 bertl: if we have a complex fstab for a guest we must build it then move it to the mountpoint we cannot ask the vserver build tool to read an fstab and mount it before building the guest ? 1237908418 J * doener ~doener@i59F55726.versanet.de 1237908434 M * ghislainocfs2 bertl: dont know if i am clear here :) 1237908547 J * takeru ~takeru@nttkyo210167.tkyo.nt.ftth.ppp.infoweb.ne.jp 1237908779 Q * saulus Quit: leaving 1237908794 J * saulus ~saulus@d073185.adsl.hansenet.de 1237908804 M * Bertl ghislainocfs2: well, if you do the mounts on the host, it should suffice for the build 1237908820 M * Bertl nevertheless you need to add it to the guest fstab lateron 1237908835 M * Bertl but maybe ask daniel_hozac to make sure 1237909046 Q * saulus 1237909061 J * saulus ~saulus@d073185.adsl.hansenet.de 1237909252 Q * saulus 1237909422 Q * davidkarban Quit: Ex-Chat 1237909576 J * saulus ~saulus@d073185.adsl.hansenet.de 1237909600 M * ghislainocfs2 yes that is what i guessed: mount on the host, vserver build, umount on the host, create the fstab, vserver start 1237911716 Q * derjohn_mob Ping timeout: 480 seconds 1237912443 M * Bertl _Shiva_: so how far is your port? :) 1237912688 Q * thierryp Quit: ciao folks 1237914511 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1237914567 Q * cga Quit: WeeChat 0.2.6.1 1237914768 Q * doener Ping timeout: 480 seconds 1237916133 J * yarihm ~yarihm@77-56-182-18.dclient.hispeed.ch 1237916150 N * DoberMann DoberMann[PullA] 1237917091 N * pmenier pmenier_off 1237917116 Q * kir Quit: Leaving. 1237917630 J * davidkarban ~david@88.86.104.103 1237918232 J * TroisSinges ~TroisSing@244.213.97-84.rev.gaoland.net 1237918250 J * doener ~doener@i59F55726.versanet.de 1237918482 Q * harobed Ping timeout: 480 seconds 1237918569 M * TroisSinges Hi everybody ! 1237918589 Q * takeru Quit: takeru 1237918598 N * DoberMann[PullA] DoberMann 1237918600 M * Bertl welcome TroisSinges! 1237918663 Q * esa Quit: Coyote finally caught me 1237918667 M * TroisSinges I'm trying to use nss_vserver in order to have only one SSH server (on the host) as explained in http://linux-vserver.org/Howto_HostAuth 1237918678 M * TroisSinges but it doesn't seem to work 1237918690 M * TroisSinges nss_vserver looks old 1237918709 M * TroisSinges how do you manage with SSH ? 1237918720 M * TroisSinges Do you install a SSH server on every guest ? 1237918741 M * Bertl it very much depends on what you want to accomplish and what your setup is 1237918753 M * Bertl e.g. do you have separate public IPs for each guest? 1237918760 M * TroisSinges Yes I have. 1237918795 M * Bertl then there is no real point in doing the nss stuff, you can simply install sshd in each guest, and restrict the host's sshd to host-only IPs 1237918816 M * Bertl the guest sshd(s) will be automatically limited to the guest IPs 1237918831 M * TroisSinges Oh yes, I already did that. 1237918845 J * derjohn_mob ~aj@e180194130.adsl.alicedsl.de 1237918855 M * TroisSinges I was just wondering if I could limit the number of ssh servers... 1237918881 M * Bertl well, sure you can, the question is, what's the gain here 1237918897 M * Bertl and that very much (again) depends on your setup 1237918912 J * hijacker ~hijacker@87-126-142-51.btc-net.bg 1237918940 M * Bertl for example, if you have a huge number of very similar guests, and you utilize unification, then the overhead of those (mostly sleeping) sshd(s) will be minimal 1237918963 M * TroisSinges Nice point. 1237918979 M * Bertl if your guests all use different distros, and you basically want to reach each of them via ssh, then a completely different approach would make more sense 1237919003 M * TroisSinges Oh no, my guests are very similar, same distros and so on. 1237919029 M * TroisSinges Then I should try to experiment unification. 1237919030 M * Bertl and how many guests are we talking about? 10? 100? 1237919039 M * TroisSinges 100 1237919075 M * Bertl each containing different users or each for a single user? (regarding the sshd)? 1237919117 M * Bertl i.e. more like a web space with ssh access, or like a fully fledged virtual server? 1237919118 M * mnemoc I DNAT to 2200 + guest index :p 1237919140 M * TroisSinges Different users on each vserver. 1237919178 M * Bertl then you probably want the sshd running in each guest anyway, to handle things like stored keys or dedicated ssh commands 1237919199 M * TroisSinges Yes, you should be right about that. 1237919226 M * Bertl but, if the default sshd seems too heavy (note that apache has about 20 times the resource footprint than sshd), you can use a lightweight sshd 1237919286 M * mnemoc dropbear is cool, but you can't restrict commands using authorized_keys 1237920053 M * TroisSinges Thanks a lot for your answers and explanations ! 1237920064 M * Bertl you're welcome! 1237920074 M * Bertl feel free to hang around ... 1237920210 M * TroisSinges sure 1237920735 J * duckx ~Duck@81.57.39.234 1237920957 Q * gnuk Quit: NoFeature 1237921227 M * yarihm hi everyone 1237921236 M * yarihm has vserver been integrated into the fedora main repos? 1237921255 M * Bertl no idea, you tell me? 1237921258 M * yarihm that is, I find util vserver, but does the kernel have vserver-caps? 1237921267 M * daniel_hozac no. 1237921294 M * yarihm the docu on the wiki points to daniel_hozac's repos but they seem only to be for up to fedora 6 1237921315 M * yarihm so util-vserver i can get from the fedora main repo it seems, however the kernel ... 1237921338 M * daniel_hozac you build yourself. 1237921495 Q * Pazzo Quit: ... 1237921548 M * yarihm well then .. 1237921691 J * thierryp ~thierry@home.parmentelat.net 1237921998 Q * larsivi Ping timeout: 480 seconds 1237922221 Q * davidkarban Quit: Ex-Chat 1237922494 J * harobed ~harobed@arl57-1-82-231-110-14.fbx.proxad.net 1237923850 J * cga ~weechat@94.36.110.25 1237923869 Q * harobed Ping timeout: 480 seconds 1237924749 Q * hparker Ping timeout: 480 seconds 1237925012 Q * TroisSinges Quit: TroisSinges 1237925086 J * saulus_ ~saulus@d073229.adsl.hansenet.de 1237925495 Q * saulus Ping timeout: 480 seconds 1237925495 N * saulus_ SauLus 1237925977 N * DoberMann DoberMann[PullA] 1237925982 M * yarihm daniel_hozac, do you happen to have a 'distro-support-dir' for fedora8 or fedora10? 1237926136 M * yarihm uh, that should have been fedora 9 1237926162 Q * thierryp Quit: ciao folks 1237926163 M * yarihm instead of fedora 8 1237926320 J * hparker ~hparker@2001:470:1f0f:32c:290:96ff:fe50:40fa 1237927118 Q * Piet Quit: Piet 1237927380 M * yarihm vserver fedora10 build -m yum --context 1000 --hostname fedora10.nine.ch --interface fedora10=lo:127.0.0.2/8 -- -d f8 1237927381 M * yarihm /etc/vservers/.defaults/vdirbase/fedora10: Function not implemented 1237927407 M * yarihm I don't quite get it, this is from what I can tell a command rather close to the documentations suggestion 1237927430 J * harobed ~harobed@arl57-1-82-231-110-14.fbx.proxad.net 1237927479 Q * hijacker Quit: Leaving 1237927511 M * Bertl yarihm: what kernel? 1237927540 M * yarihm vanilla :) I hoped that I don't need to compile a kernel for this 1237927550 M * yarihm just building the guest ... kinda stupid I guess 1237927586 M * Bertl well, yeah :) util-vserver needs a Linux-VServer kernel to build guests properly 1237927647 M * yarihm I'll try to bootstrap on my workstation. I installed fedora10 in a parallels-VM for easy bootstrapping of a fedora10 guest for a customer but I'm not going to walk through a make menuconfig and then do a kernel compile on fedora in that virtual machine just to bootstrap a guest 1237927672 M * yarihm maybe 'crossbootstrapping' for fedora works on debian or i'll just let it be 1237927697 M * Bertl debian should be fine, all you need is a working rpm and yum 1237927713 M * Bertl (which is a little trickier if you stick to 'debian') 1237927773 M * Bertl but you could as well install a fedora10 in kvm (or whatever you prefer) and use that as basis for a fedora10 guest 1237927787 M * Bertl just remove all the unnecesarry stuff and hardware related scripts 1237927815 M * yarihm Bertl, that path has proven to be somewhat cumbersome, honestly 1237927864 M * yarihm daniel_hozac does a nice job with the customization of these installations, they often produce not a single error at shutdown 1237927877 M * yarihm I once tried to create an OpenSuSE 10.3 guest ... 1237927879 M * yarihm by hand 1237927888 M * yarihm it's just ... 1237927924 M * fb yarihm: you can always build your own guest, and use daniel's cleaning scripts later 1237927935 M * yarihm cleaning scripts? 1237927935 M * fb good evening everyone 1237927942 M * yarihm never seen them ... 1237927947 M * yarihm but that sounds interesting 1237927988 M * fb yarihm: they're run at the end of build process, to remove unnecessary startup / shutdown scripts 1237928024 M * fb if you don't want to do this by hand, you can use one of them, at least as a base what to do 1237928048 M * yarihm i see 1237928133 M * yarihm where is the website for daniel's util-vserver? I'd fetch the newest version to check whether he has done f10 already 1237928157 M * yarihm debian sid has the definition for f9 already ... 1237928178 M * yarihm i'd use that and then do an upgrade to f10 if everything else fails 1237928210 M * Bertl http://people.linux-vserver.org/~dhozac/t/uv-testing/ (snapshots) otherwise use the svn 1237928373 M * yarihm Bertl, thanks 1237928819 J * ghislainocfs21 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1237929110 Q * ghislainocfs2 Ping timeout: 480 seconds 1237931600 Q * cluk Quit: Ex-Chat 1237932567 Q * bonbons Quit: Leaving 1237932602 J * gdm ~gdm@pistol.redetoile.net 1237932621 J * mcclelland ~jamie@74.65.228.221 1237932827 Q * yarihm Quit: This computer has gone to sleep 1237932939 M * mcclelland hi all - I'm having trouble with two vservers on a single host. Each vserver host has IP addresses from multiple IP blocks. I'd like to specify a different default route for each vserver host. My ultimate goal is to ensure that vserver 1 sends network packets with one src address, and vserver 2 sends network packets with a different src address. 1237932982 M * mcclelland My problem is that I can't figure out how each vserver chooses the src IP address to use. 1237933002 Q * bono Quit: Leaving 1237933215 M * trippeh_ mcclelland: Look up policy routing 1237933228 M * trippeh_ I think there is some info on lartc.org 1237933236 M * mcclelland trippeh_: thanks - does policy routing refer to creating routing tables? 1237933250 M * trippeh_ Yes. Multiple tables even. 1237933258 M * mcclelland I looked at that option - but I couldn't figure out a way to say: if the packet originates on a given vserver, using this table. 1237933292 M * trippeh_ You probably have to do it on a IP address level, pretty sure there is no vserver classification module available 1237933353 M * mcclelland so - perhaps by src IP address? 1237933372 M * trippeh_ Yep. 1237933378 M * Bertl mcclelland: yep, it's actually quite simple 1237933396 M * Bertl ip rule add table from src 1237933447 M * Bertl (well, actually the other way round, but you get the idea :) 1237933476 M * mcclelland yes - I'll give it a try now and report back. 1237933491 M * Bertl make sure that both tables are complete 1237933502 M * Bertl i.e. contain local network routes and default gateways 1237933537 J * dkg ~dkg@lair.fifthhorseman.net 1237934246 J * yarihm ~yarihm@77.109.189.6 1237934261 J * arew264 ~arew264@c-76-31-144-66.hsd1.tx.comcast.net 1237934293 M * arew264 hello 1237934302 M * Bertl welcome arew264! 1237934328 M * arew264 I stumbled on to VServer while researching virtual machines, and I have two questions 1237934344 M * Bertl let's hear ... 1237934375 M * arew264 firstly, is VServer tied to any particular platform, or could I run it on... say... an old IBM mainframe? 1237934408 M * Bertl Linux-VServer supports all Linux architectures, so, as long as that old IBM mainframe can run Linux, it will work 1237934429 M * Bertl (if it doesn't, let us know, we'll consider it a bug and fix it ASAP :) 1237934501 M * arew264 okay, I'm not sure if I'll wind up finding out, but I probably will 1237934513 M * arew264 I'll be sure to report back if I do try 1237934531 M * arew264 anyway, the other question is why VServer depends on dietlibc 1237934550 M * Bertl well, actually it doesn't .. 1237934557 M * arew264 well, it's optional 1237934558 M * daniel_hozac it is just encouraged. 1237934561 M * arew264 true 1237934578 M * Bertl the reason for using dietlibc vs e.g. glibc is simple 1237934584 M * daniel_hozac the reason is because glibc doesn't really do chroot security very well. 1237934591 M * daniel_hozac it's also a lot easier to audit dietlibc. 1237934621 M * arew264 I know dietlibc is quite a bit smaller, but are there any large compatibility or performance differences? 1237934633 M * daniel_hozac yarihm: i don't have f10 yet. 1237934641 M * Bertl arew264: not performance related, just security related 1237934653 M * daniel_hozac yarihm: but as fb said, the distribution cleanup script should help some, at least. 1237934668 M * Bertl arew264: the modular design of glibc (resolver and stuff) leads to a multitude of possible security issues 1237934709 M * Bertl arew264: think, host glibc loading guest glibc-resolver for example 1237934749 M * arew264 Bertl: okay, that makes more sense now.Thanks for the help. 1237934764 M * Bertl you're welcome! feel free to hang around and learn more 1237934819 M * arew264 I will, but I'll probably be AFK while I recompile my kernel with the VServer patch 1237934992 M * Bertl btw, I assume that you are aware that Linux-VServer is not a VM solution, but more an isolation technology (recently called OS Level virtualization) 1237935273 M * arew264 well, what I'm really after is a way to run separate linux environments such that bad userspace code crashing or infinite looping in one environment can't bring down the system 1237935301 M * arew264 and such that users with access to one client environment can't fiddle with files on the host 1237935542 M * arew264 oh, and I have one more crazy question 1237935603 M * arew264 if I had a host system with enough network interfaces that I could let each client environment have it's own interface... could I give each client direct access to an interface? 1237935738 M * daniel_hozac what does "direct access" mean? 1237935792 M * arew264 well, the client is sending and receiving data on the actual interface instead of a virtual interface 1237935793 J * bourgeau ~bourgeau@tomsoieur.fr 1237935869 M * daniel_hozac there are no virtual interfaces 1237935876 M * mcclelland thanks all for the networking suggestions. For the record - I came up with these two commands to add a routing table: ip rule add table malcolm from src 209.51.171.162; ip route add default via 209.51.163.193 dev eth0 table malcolm. Before impleneting it though - a colleague suggested an application level solution to the fundamental problem (postfix sending from the wrong ip address) - using the smtp_bind_address postfix parameter - which I used instead. 1237935895 M * arew264 gah, yea, I just looked at the wiki article on networking again, and this is definitely possible 1237935899 M * arew264 sorry 1237936259 M * Bertl np, but you planned setup sounds like a perfect match for Linux-VServer 1237936305 M * arew264 that's what I thought when I found it 1237936312 M * arew264 I was really excited at the time, actually 1237936371 M * bourgeau Hi, I try to build a planetlab node from iso on a debian Vserver guest, what is the build method to apply. 1237936409 M * Bertl hmm, I presume the planetlab iso has some kind of installer? 1237936456 M * bourgeau yes, it normaly run on a cdrom 1237936471 M * Bertl okay, and you are sure that it will work inside a guest? 1237936487 M * Bertl I mean, usually the planetlab stuff work on a Linux-VServer kernel 1237936529 M * bourgeau not really, I've tried with kvm and it was ok, but I changed had to change to Vserver 1237936549 M * daniel_hozac yeah, kvm is more suited for it. 1237936559 M * bourgeau Oups, you are right, the planetlab nodes run Vserver 1237936571 M * Bertl there is no problem to run kvm side by side with Linux-VServer guests 1237936683 Q * harobed Ping timeout: 480 seconds 1237936692 M * bourgeau Yes, it can be a good option, but I'll run out of IPs 1237936908 M * arew264 just out of curiosity, does this project have any plans to merge with the mainline kernel, or is it too specialized? 1237936978 M * Bertl no specific plans, but some folks are working on it .. and basically mainline is merging similar stuff now (should be finished in 2-3 years :) 1237937014 M * arew264 ah, okay 1237937320 Q * cga Quit: WeeChat 0.2.6.1 1237938551 Q * mcclelland Quit: leaving 1237938766 Q * dowdle Remote host closed the connection 1237939187 Q * bourgeau Quit: bourgeau