1243814693 Q * bonbons Quit: Leaving 1243815013 Q * Floops[w]1 Ping timeout: 480 seconds 1243816606 J * Floops[w] ~baihu@205.214.201.176 1243819893 Q * nenolod Quit: my eyes cannot compute this misery. 1243819912 J * nenolod nenolod@petrie.dereferenced.org 1243820683 Q * nenolod Quit: my eyes cannot compute this misery. 1243820694 J * nenolod nenolod@petrie.dereferenced.org 1243820694 Q * nenolod 1243820707 J * nenolod nenolod@petrie.dereferenced.org 1243821404 Q * nenolod Quit: my eyes cannot compute this misery. 1243821462 J * nenolod nenolod@petrie.dereferenced.org 1243821552 Q * simNIX Quit: Ik ga weg 1243823386 M * Bertl off to bed now ... have a good one everyone! 1243823391 N * Bertl Bertl_zZ 1243827261 Q * nenolod Quit: my eyes cannot compute this misery. 1243827272 J * nenolod nenolod@petrie.dereferenced.org 1243827756 Q * nenolod Quit: my eyes cannot compute this misery. 1243827806 J * nenolod nenolod@petrie.dereferenced.org 1243829405 Q * nenolod Quit: my eyes cannot compute this misery. 1243829525 J * nenolod nenolod@petrie.dereferenced.org 1243833128 Q * larsivi Read error: Connection reset by peer 1243833159 J * larsivi ~larsivi@70.84-48-63.nextgentel.com 1243833248 Q * fb Remote host closed the connection 1243833251 J * fb fback@red.fback.net 1243833997 Q * hparker Quit: Read error: 104 (Peer reset by connection) 1243838287 J * ktwilight__ ~keliew@252.7-240-81.adsl-dyn.isp.belgacom.be 1243838287 Q * ktwilight_ Read error: Connection reset by peer 1243839316 J * doener ~doener@i59F5557E.versanet.de 1243839418 Q * doener_ Ping timeout: 480 seconds 1243839915 J * davidkarban ~david@193.85.217.71 1243842029 J * geos_one ~chatzilla@chello084115149052.4.graz.surfer.at 1243842030 J * derjohn_mob ~aj@e180192081.adsl.alicedsl.de 1243844005 Q * derjohn_mob Remote host closed the connection 1243844038 J * derjohn_mob ~aj@e180192081.adsl.alicedsl.de 1243844423 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1243846580 J * gnuk ~F404ror@pla93-3-82-240-11-251.fbx.proxad.net 1243847561 Q * geos_one Quit: ChatZilla 0.9.84 [Firefox 3.0.10/2009050120] 1243848327 J * kir ~kir@swsoft-msk-nat.sw.ru 1243849774 J * Pazzo ~ugelt@reserved-225136.rol.raiffeisen.net 1243850522 Q * Pazzo Quit: Ex-Chat 1243851512 J * BenG ~bengreen@94-169-110-10.cable.ubr22.aztw.blueyonder.co.uk 1243852032 J * friendly ~friendly@ppp118-208-150-23.lns10.mel4.internode.on.net 1243853418 Q * derjohn_mob Ping timeout: 480 seconds 1243853448 Q * pmenier Quit: Konversation terminated! 1243854430 J * geb ~geb@AOrleans-253-1-2-208.w90-24.abo.wanadoo.fr 1243854467 M * geb hi 1243854579 M * pmjdebruijn lo 1243854729 Q * geb 1243854738 J * geb ~geb@earth.gebura.eu.org 1243855504 J * cga ~weechat@82.84.148.27 1243855836 J * hijacker ~hijacker@213.91.163.5 1243856659 Q * SauLus Ping timeout: 480 seconds 1243856859 J * saulus ~saulus@c192131.adsl.hansenet.de 1243857016 Q * friendly Quit: Leaving. 1243857886 J * cga_ ~weechat@82.84.184.45 1243857963 Q * cga Ping timeout: 480 seconds 1243858263 N * Bertl_zZ Bertl 1243858266 M * Bertl morning folks! 1243858682 M * geb :) 1243858797 M * geb http://svn.freebsd.org/viewvc/base?view=revision&revision=192895 1243858842 M * geb is there any plan for supporting that in vserver ( profilic support) ? 1243858873 M * pmjdebruijn it's a cool feature 1243858879 M * pmjdebruijn but I wouldn't know what to use it for... 1243858894 M * Bertl nope, we basically had that a long time ago, but we decided that it isn't really useful and not really secure either 1243858960 M * Bertl nevertheless, you can still make bsd-like chroots inside a guest (even with namespaces and such) 1243858976 M * geb pmjdebruijn, modjail ( code.google.com/p/mod-jail/ ) support in jail for example 1243859015 M * geb why "not really secure" ? 1243859058 M * Bertl the host has a bunch of capabilities (including the one which allows to make Linux-VServer system calls), which are stripped away when a guest is created 1243859088 M * Bertl this makes the guest 'secure' 1243859122 M * Bertl to allow running a full guest creation, one would need to allow some of those caps inside a guest too, which isn't really secure 1243859146 M * geb pmjdebruijn, another idea: in the vserver dedicaced to mail, launch a vserver for any spamassassin/clamav instance 1243859164 M * geb ok Bertl i understand more now 1243859189 M * Bertl of course, with a lot of additional checks and indirections, you could filter all calls to the syscall switch (and other syscall stuff) and check if they affect a guest-guest or not .. but that really complicates design, and thus reduces security 1243859222 M * geb yeah that what i was just thinking about 1243859237 M * geb i didn't check all jail() code now , maybe they implemented it by this way 1243859258 M * geb thanks a lot for your opinion :) 1243859259 M * Bertl if you really _want_ hierarchical structures, you could do so with a proper policy deamon 1243859317 M * Bertl i.e. the guest sends 'requests' to the host system, which does the hierachy management in userspace, and just creates a 'flat' space for the guests, despite the fact that they use hierarchical filesystem spaces and such 1243859323 M * geb i did made a simple try, with really few pieces of shell and an inetd service 1243859339 M * geb but i didnt trust it , that was just a try 1243859407 M * geb what do you mean by hierarchical filesystem spaces ? something accessible to the vserver that requested creation like /vservers/foo/vservers/var ? 1243859426 M * Bertl yep, for example 1243859475 M * geb hum good idea, i didn't imagine that :) 1243859484 M * pmjdebruijn geb: what does that have to do with hierarchies? 1243859579 M * geb i'm note sure i understand your question well, but Bertl suggested it, and i think i can be logical than if a vserver request a creation of another then he may have access to "child" files 1243859732 M * geb but maybe i just misunderstood ..? 1243860555 J * derjohn_mob ~aj@e180192081.adsl.alicedsl.de 1243864348 Q * derjohn_mob Ping timeout: 480 seconds 1243865023 Q * BenG Quit: I Leave 1243865249 J * hparker ~hparker@2001:470:1f0f:32c:290:96ff:fe50:40fa 1243865249 Q * FireEgl Remote host closed the connection 1243866110 J * FireEgl FireEgl@WTF.4.1.0.c.0.7.4.0.1.0.0.2.ip6.arpa 1243866133 Q * geb Quit: Quitte 1243866346 N * yang yang-away 1243866774 Q * cga_ Ping timeout: 481 seconds 1243867064 J * hijacker_ ~hijacker@213.91.163.5 1243867064 Q * hijacker Read error: Connection reset by peer 1243867099 Q * FireEgl Remote host closed the connection 1243867582 J * dowdle ~dowdle@scott.coe.montana.edu 1243867941 J * FireEgl FireEgl@WTF.4.1.0.c.0.7.4.0.1.0.0.2.ip6.arpa 1243869012 Q * davidkarban Quit: Ex-Chat 1243869147 Q * larsivi Read error: Connection reset by peer 1243869166 J * larsivi ~larsivi@70.84-48-63.nextgentel.com 1243869277 Q * larsivi Remote host closed the connection 1243869294 J * larsivi ~larsivi@70.84-48-63.nextgentel.com 1243869368 J * balbir ~balbir@116.50.167.3 1243869766 J * derjohn_mob ~aj@e180192081.adsl.alicedsl.de 1243870115 Q * kir Quit: Leaving. 1243870314 N * Bertl Bertl_oO 1243872463 J * harobed ~harobed@arl57-1-82-231-110-14.fbx.proxad.net 1243874063 Q * FireEgl Quit: Leaving... 1243875024 Q * derjohn_mob Remote host closed the connection 1243875211 J * derjohn_mob ~aj@e180192081.adsl.alicedsl.de 1243875262 J * pmenier ~pmenier@ACaen-152-1-53-240.w83-115.abo.wanadoo.fr 1243875291 J * hijacker ~hijacker@87-126-142-51.btc-net.bg 1243875665 J * geb ~geb@AOrleans-253-1-2-208.w90-24.abo.wanadoo.fr 1243875685 Q * derjohn_mob Remote host closed the connection 1243875823 Q * geb 1243875831 J * geb ~geb@earth.gebura.eu.org 1243876208 J * imcsk8 ~ichavero@189.135.124.143 1243876391 Q * larsivi Remote host closed the connection 1243876571 Q * pmenier Quit: Konversation terminated! 1243876615 J * larsivi ~larsivi@70.84-48-63.nextgentel.com 1243878037 P * taggart Leaving 1243878179 Q * weasel Quit: Reconnecting 1243878183 J * weasel ~weasel@weasel.noc.oftc.net 1243878792 M * derjohn Hi folks! On a Debian etch box I get with current vserver devel: 1243878798 M * derjohn # vserver webserver enter 1243878798 M * derjohn vnamespace: execvp("/usr/sbin/vserver"): No such file or directory 1243878810 M * derjohn is that a known bug (utils?) ? 1243879297 Q * gnuk Quit: NoFeature 1243879904 Q * imcsk8 Quit: This computer has gone to sleep 1243879941 J * imcsk8 ~ichavero@189.135.124.143 1243880003 M * derjohn update: I boot accidentially 2.3.0.36.12 which shows that problem, 2.3.0.36.14 does not! 1243880011 M * derjohn issue: solved :) 1243880028 M * derjohn s/boot/booted/ 1243880184 Q * geb Ping timeout: 480 seconds 1243880218 Q * imcsk8 1243880439 J * bakins ~bakins@157.166.167.129 1243880488 M * bakins can I limit how many cpu's a guest can "see"? 1243880731 M * bakins also, I have dlimits set, but can I make df -h inside a guest show those, like can with rss rlimits for memory? 1243881293 M * Bertl_oO bakins: yes, cpusets and/or cgroups allow you to do that 1243881313 M * Bertl_oO and if the dlimit is working/active then df -h will show those limits too 1243881324 M * bakins Bertl_oO: cpusets seem to want to bind a guest to a certain physical CPU or am I misreading docs? 1243881333 M * Bertl_oO (all assuming that you do not use a broken/outdated patch) 1243881350 M * bakins and apparently my dlimits stuff is just wrong, bcs diggin in some docs df -h shoudl report the limit 1243881357 J * docelic ~docelic@78.134.203.126 1243881364 M * bakins 2.6.22.19-vs2.3.0.34.1 1243881393 M * Bertl_oO yes, cpusets kind of 'bind' cpus to guests, what did you mean with 'how many cpu's a guest can "see"?' 1243881419 M * bakins ie, so a guest only sees 2 cpu's in /proc/cpuinfo instead of all the ones on the host 1243881462 M * Bertl_oO ah, well, that's probably something you should do with a file level --bind mount 1243881487 M * bakins ?? 1243881491 M * Bertl_oO i.e. just put some file containing what you want over that proc entry 1243881512 M * bakins ahh. sounds kludgey 1243881532 M * bakins I suppsoe I could hack something together to "dynamically" "bind" guests to CPUS 1243881576 M * Bertl_oO well, there are 1000 things one 'would like' to modify in the proicfs ... but it is just some kind of info for userspace ... having a switch or config or whatver for each entry would be quite complicated and totally unnecessary 1243881581 M * Bertl_oO *procfs 1243881615 M * Bertl_oO you can limit the CPU usage in several ways, but that doesn't affect what is 'shown' in /proc/cpuinfo 1243881629 M * Bertl_oO (and IMHO there is no real point in changing that info anyway) 1243881695 M * bakins licensing... 1243881724 M * Bertl_oO well, for that the --bind mount will do nicely 1243881789 M * Bertl_oO (not that I say you should circumvent any license checks this way :) 1243881870 M * bakins hehe 1243881885 M * bakins so far, vserver is much better than openvz 1243881906 M * bakins the sill privvmpages crap in openvz made it useless for heavily threaded apps, at least 1243881941 M * Bertl_oO in general, it is less intrusive, and more performant ... 1243881950 M * bakins also, vdlimit: vc_get_dlimit(): No such process 1243881954 M * bakins mean anything??? 1243881977 M * Bertl_oO means that the device you are trying to query has no dlimit set 1243882014 M * bakins hrm.. thought I followed the docs: http://linux-vserver.org/Disk_Limits_and_Quota 1243882025 M * Bertl_oO possible causes: missing tagging on the filesystem in question, wrong filesystem specified (link) ... 1243882035 M * bakins shoud directory in /etc/vservers/vs_name/dlimits/root/ be "/" 1243882036 M * bakins ?? 1243882050 M * bakins or the vs name?? 1243882057 M * Bertl_oO the '/' of the guest (as path) 1243882076 M * bakins so for me /vservers/ 1243882077 M * bakins ? 1243882092 M * Bertl_oO if that is your mount point for the guest filesystem, then yes 1243882095 M * bakins k 1243882101 M * bakins docs a little confusing 1243882148 M * Bertl_oO feel free to improve them, it's a wiki 1243882159 M * bakins true 1243882812 Q * scientes Ping timeout: 480 seconds 1243882998 J * Pazzo ~ugelt@reserved-225136.rol.raiffeisen.net 1243883018 Q * Pazzo 1243884169 Q * Medivh Server closed connection 1243884170 J * imcsk8 ~ichavero@evdomip-227-246.iusacell.net 1243884231 J * Medivh ck@dolphin.serverbox.de 1243884475 Q * dowdle Remote host closed the connection 1243884539 Q * DLange Ping timeout: 480 seconds 1243884652 J * derjohn_mob ~aj@e180192081.adsl.alicedsl.de 1243884777 J * FireEgl ~FireEgl@173-16-9-10.client.mchsi.com 1243885266 J * dowdle ~dowdle@scott.coe.montana.edu 1243885895 M * bakins If I want to limit network bandwidth for a guest I just use normal iptables stuff?? 1243885972 M * Bertl_oO bascially tc and iptables, yes 1243885991 M * Bertl_oO (same goes for accounting) 1243886015 M * bakins can I use the scripts stuff to do that on guest start? 1243886079 M * Bertl_oO sure, there are a bunch of different scripts (different in time and guest creation state) 1243886099 M * bakins get some env stuff passed in?? 1243886117 M * Bertl_oO yep, all of them get some basic info about the guest 1243886133 M * Bertl_oO (either via ENV or via arguments) 1243886178 M * bakins examples?? 1243887307 Q * imcsk8 Read error: Connection reset by peer 1243887455 M * Bertl_oO for the bandwidth limiting? 1243887674 M * bakins just the scripts in general 1243887722 M * bakins none of the ones I found have args or env stuff 1243887820 Q * hijacker Quit: Leaving 1243887859 M * Bertl_oO sec, let me do a test run :) 1243888090 M * Bertl_oO well, I just tried with the 'initialize' script, and besides having a lot of information in the environment, it gets the two arguments 'initialize' and 'test1' passed, which you can use to get all other guest information easily 1243888145 M * Bertl_oO ('test1' here is the guest name) 1243889159 Q * snooze Server closed connection 1243889164 J * snooze ~o@1-1-4-40a.gkp.gbg.bostream.se 1243889283 M * bakins Bertl_oO: so same args should be there for the other scripts? 1243889440 M * Bertl_oO similar, yep 1243889456 M * daniel_hozac and you also have the working directory. 1243889465 M * daniel_hozac depending on which script you're talking about. 1243889624 M * bakins this documented anywhere? (had to ask...) or some master script that calls tehse I can poke around? 1243889629 M * daniel_hozac the great flower page. 1243889642 M * bakins yeah, which doesn't seem to tell me what args I get 1243889679 M * daniel_hozac it's just what type of script and the name of the guest. 1243889683 M * bakins k 1243890052 J * DLange ~DLange@dlange.user.oftc.net 1243890174 Q * FireEgl Ping timeout: 480 seconds 1243890334 Q * bakins Quit: bakins 1243890379 Q * bonbons Quit: Leaving 1243890793 J * FireEgl FireEgl@173-16-9-10.client.mchsi.com 1243891669 J * _gh_ ~gerrit@c-71-193-204-84.hsd1.or.comcast.net 1243893173 J * saulus_ ~saulus@c193159.adsl.hansenet.de 1243893189 Q * derjohn_mob Ping timeout: 480 seconds 1243893584 Q * saulus Ping timeout: 480 seconds 1243893588 N * saulus_ SauLus 1243893627 J * uva_ bno@118-160-166-237.dynamic.hinet.net 1243894064 Q * uva Ping timeout: 480 seconds 1243896088 Q * larsivi Ping timeout: 480 seconds 1243896300 M * micah is 'vserver delete' smart enough to stop the guest before deleting it? 1243896355 M * micah looks like it 1243896793 M * daniel_hozac yes. 1243897241 Q * dowdle Remote host closed the connection 1243897447 Q * harobed Ping timeout: 480 seconds 1243897971 Q * arekm Server closed connection 1243897973 J * arekm arekm@carme.pld-linux.org 1243899664 J * hparker|laptop ~hparker@2001:470:1f0f:32c:290:96ff:fe50:40fa 1243899665 Q * hparker Remote host closed the connection 1243900605 J * thierryp ~thierry@sah215.atp.nicta.com.au 1243900619 Q * thierryp