1247617883 J * scientes_ ~scientes@174-21-105-2.tukw.qwest.net 1247618239 M * Bertl off to bed now ... have a good one everyone! 1247618244 N * Bertl Bertl_zZ 1247620841 Q * ViRUS Quit: If there is Artificial Intelligence, then there's bound to be some artificial stupidity. (Thomas Edison) 1247622598 J * ousado_ ~johnny@p5B3C2E02.dip0.t-ipconnect.de 1247622660 Q * geb Quit: / 1247623012 Q * ousado Ping timeout: 480 seconds 1247626826 J * saulus_ ~saulus@c150240.adsl.hansenet.de 1247627237 Q * SauLus Ping timeout: 480 seconds 1247627243 N * saulus_ SauLus 1247628803 J * hparker ~hparker@2001:470:1f0f:32c:290:96ff:fe50:40fa 1247631918 Q * hparker Quit: Read error: 104 (Peer reset by connection) 1247634277 Q * gate_keeper_ Remote host closed the connection 1247634693 J * ghislainocfs2 ~Ghislain@adsl2.aqueos.com 1247638660 Q * balbir_ Ping timeout: 480 seconds 1247638856 J * kris ~kris@cop.sisgroup.com.au 1247639048 M * kris Missing quota vroot patch for 2.6.30 http://paste.linux-vserver.org/13123 1247639098 J * gate_keeper_ ~gk@62.162.38.90 1247639178 Q * DreamerC Ping timeout: 480 seconds 1247640114 J * pmenier ~pme@LNeuilly-152-22-8-5.w193-251.abo.wanadoo.fr 1247640395 J * Pazzo ~ugelt@reserved-225136.rol.raiffeisen.net 1247641811 J * davidkarban ~david@193.85.217.71 1247642336 J * balbir_ ~balbir@122.172.45.217 1247645362 J * BenG ~bengreen@94-169-110-10.cable.ubr22.aztw.blueyonder.co.uk 1247645542 J * esa bip@62.123.13.212 1247645923 Q * BenG Quit: I Leave 1247646763 J * thierryp ~thierry@zanzibar.inria.fr 1247647017 Q * BWare Ping timeout: 480 seconds 1247647348 J * BenG ~bengreen@94-169-110-10.cable.ubr22.aztw.blueyonder.co.uk 1247648055 N * DoberMann[ZZZzzz] DoberMann 1247648543 Q * kris Remote host closed the connection 1247650288 J * gnuk ~F404ror@pla93-3-82-240-11-251.fbx.proxad.net 1247652758 J * friendly ~friendly@ppp121-44-193-30.lns10.mel4.internode.on.net 1247654823 N * Bertl_zZ Bertl 1247654830 M * Bertl morning folks! 1247655080 Q * BenG Quit: I Leave 1247655930 M * FIChTe moin bertl 1247656553 J * richi_ ~richi@85-126-150-194.work.xdsl-line.inode.at 1247656557 M * richi_ hello 1247656602 M * richi_ how can i change the bcaps in running mode? 1247656607 M * richi_ i want to mount loop backdevices 1247656617 M * richi_ inside of a guest... 1247656667 M * richi_ my kernel has the aes loop modul, but i could not remember what i need to set and if i need to copy the loopback dev files /dev/loop* inside the guest.. 1247656767 J * derjohn_mob ~aj@80.85.196.112 1247657484 M * Bertl you can change the capabilities with vattribute 1247657535 M * Bertl and you need to create/copy all devices into the guest which should be 'used' inside the guest (note that you could mount a filesystem from to host into the guest namespace, in which case the loop device isn't required) 1247658126 J * jazzanova ~boris@ool-44c5c39f.dyn.optonline.net 1247658128 M * jazzanova hello 1247658161 M * jazzanova when i start my vserver it is not booting, no rc scripts are running. i can enter the vserver with "enter" 1247658181 M * jazzanova i think this happened when I upgraded the vserver instance to lenny 1247658188 M * jazzanova any ideas? 1247658217 M * jazzanova how can i see the booting process ? 1247658415 J * BWare ~itsme@ip-80-113-1-198.ip.prioritytelecom.net 1247658423 Q * friendly Quit: Leaving. 1247658701 Q * jazzanova Ping timeout: 480 seconds 1247658763 Q * Piet Remote host closed the connection 1247658877 J * jazzanova ~boris@ool-44c5c39f.dyn.optonline.net 1247658906 J * Piet ~piet@659AAA6ET.tor-irc.dnsbl.oftc.net 1247659075 M * jazzanova should I be running klogd in a vserver guest ? 1247659101 J * doener_ ~doener@i59F5426C.versanet.de 1247659146 M * jazzanova how can I see "dmesg" for a guest ? 1247659197 M * Bertl if you can enter the guest, it has already started 1247659202 Q * doener Ping timeout: 480 seconds 1247659246 M * Bertl the 'boot' process can be seen on the console when you use 'sysv' init style, and in the guest logs when you use the 'plain' init style 1247659259 M * Bertl nope, running klogd inside a guest doesn't make any sense 1247659269 M * Bertl dmesg is only relevan on the host 1247659426 Q * balbir_ Ping timeout: 480 seconds 1247659876 Q * jazzanova Ping timeout: 480 seconds 1247659956 J * hparker ~hparker@2001:470:1f0f:32c:290:96ff:fe50:40fa 1247660189 J * balbir_ ~balbir@122.172.45.217 1247663080 J * geos_one ~chatzilla@213.229.35.178 1247663089 Q * geos_one 1247663609 J * docelic ~docelic@78.134.202.66 1247664693 N * dave0gone dave0 1247664891 J * allquixotic ~sean@pool-70-17-238-89.balt.east.verizon.net 1247665722 Q * hparker Quit: Read error: 104 (Peer reset by connection) 1247667311 M * Bertl off for now ... bbl 1247667315 N * Bertl Bertl_oO 1247667740 Q * allquixotic Quit: Ex-Chat 1247667852 Q * esa Quit: Coyote finally caught me 1247668908 M * _Shiva_ is there a generic wrapper program to call normal/unmodified programs with in the host's context to let them see the guest's processes, too? i.e. like the provided "vps", "vtop" do.. 1247668928 M * daniel_hozac chcontext --xid 1 -- ... 1247669041 M * _Shiva_ tnx :-) 1247670210 Q * gate_keeper_ Remote host closed the connection 1247670318 N * dave0 dave0gone 1247670459 N * dave0gone dave0 1247670726 J * mxs_ mxs@p4FCCB2C1.dip.t-dialin.net 1247670801 J * Solitary_Scar ~SS@storm.ungowa.org 1247671042 Q * mxs Ping timeout: 480 seconds 1247671213 J * ViRUS ~mp@p579B456F.dip.t-dialin.net 1247672383 J * dowdle ~dowdle@scott.coe.montana.edu 1247672422 Q * Pazzo Ping timeout: 480 seconds 1247673137 N * Bertl_oO Bertl 1247673140 M * Bertl back now ... 1247673181 Q * FireEgl Ping timeout: 480 seconds 1247674302 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1247674982 Q * davidkarban Quit: Ex-Chat 1247675220 J * FireEgl FireEgl@173-16-9-10.client.mchsi.com 1247675242 J * hparker ~hparker@2001:470:1f0f:32c:290:96ff:fe50:40fa 1247675678 Q * scientes_ Ping timeout: 480 seconds 1247676882 Q * hijacker Ping timeout: 480 seconds 1247676937 J * hijacker ~hijacker@213.91.163.5 1247677309 Q * pmenier Quit: Konversation terminated! 1247677562 Q * Swords2 1247677781 Q * Abraxas Ping timeout: 480 seconds 1247677811 N * DoberMann DoberMann[PullA] 1247679408 Q * bonbons Quit: Leaving 1247680433 Q * gnuk Quit: NoFeature 1247681073 J * Abraxas ~Abraxas@94-224-69-84.access.telenet.be 1247681408 Q * hparker Quit: Read error: 104 (Peer reset by connection) 1247681432 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1247681446 Q * balbir_ Ping timeout: 480 seconds 1247681923 J * imcsk8 ~ichavero@148.229.1.11 1247682104 J * balbir_ ~balbir@122.172.3.176 1247683772 Q * ViRUS Quit: If there is Artificial Intelligence, then there's bound to be some artificial stupidity. (Thomas Edison) 1247684972 Q * thierryp Ping timeout: 480 seconds 1247686108 Q * bonbons Quit: Leaving 1247687054 J * _gh_ ~gerrit@205.233.52.216 1247687198 M * Guy- hi 1247687203 M * Guy- 21:43:13.447034500 kern.warn: vxW: [>>Xorg<<,32293:#41|41|41] denied 22 access to proc:ffff8800bf928370[#0,4026531914] 1247687206 Q * derjohn_mob Ping timeout: 480 seconds 1247687208 M * Guy- how do I find out what this was? 1247687224 M * Guy- I mean, what proc entry Xorg tried to access 1247687250 M * Bertl the inode number is 4026531914 1247687397 M * Guy- OK, it was /proc/mtrr 1247687403 J * hparker ~hparker@2001:470:1f0f:32c:290:96ff:fe50:40fa 1247687472 M * Guy- if I put ">/proc/mtrr" in the vprocunhide/files configfile, xorg running in a guest will get write access, right? 1247687494 M * Bertl depends on the checks associated with /proc/mtrr 1247687515 M * Bertl note that access to mtrr can affect your whole system quite drasticallt 1247687520 M * Bertl *drastically 1247687587 M * Guy- I realise that 1247687613 M * Guy- apparently, setattr --write didn't do the trick (do I have to stop the guest first?) 1247687627 M * Bertl nope 1247687654 M * Bertl make sure it is not hidden inside the guest 1247687660 M * Guy- no, I can read it fine 1247687671 M * Guy- xorg.log.3510:open("/proc/mtrr", O_WRONLY) = -1 EACCES (Permission denied) 1247687676 M * Guy- this is what happens 1247687679 M * Bertl then most likely it contains more capability checks 1247687718 M * Guy- this guest is running with almost all capabilities already... do you have a hunch what capability may be required to write to mtrr? 1247687738 M * Bertl no, but I can check that in the source code (but so can you :) 1247687761 M * Guy- I'll try :) 1247687792 M * Guy- would that be in fs/proc, or somewhere mtrr specific? 1247687851 M * Bertl the check could be everywhere down the call tree 1247687927 M * Guy- I'm trying by doing find . -type f -exec fgrep -l mtrr {} + | xargs fgrep -l CAP 1247687934 M * Guy- does this look promising to you? :) 1247687986 M * Bertl well, it looks interesting :) 1247687998 M * Guy- CAP_SYS_ADMIN seems to be the relevant capability 1247688023 M * Guy- based on arch/x86/kernel/cpu/mtrr/if.c, mtrr_write() 1247688034 M * Bertl sounds good 1247688050 M * Guy- however, the bcapabilities file for this guest includes SYS_ADMIN 1247688113 M * Bertl what does /proc/virtual//status say about that? 1247688165 M * Guy- Flags: 0000001402020010 1247688165 M * Guy- BCaps: 000000007fefefff 1247688165 M * Guy- CCaps: 0000000000000101 1247688197 M * Bertl you are getting EACCESS on open 1247688219 M * Bertl the wtrr_write check would give EPERM on write :) 1247688242 M * Guy- indeed :) 1247688248 M * Guy- so I didn't find the correct check 1247688304 M * Guy- in the mtrr directory, there are only CAP_SYS_ADMIN checks 1247688362 J * jazzanova ~boris@ool-44c5c39f.dyn.optonline.net 1247688364 M * jazzanova hi 1247688388 M * Bertl Guy-: looking for proc related EACCES return values, highlights selinux 1247688399 M * jazzanova i am inside my guest, and mount --bind gives me permission denied. 1247688406 M * jazzanova is mount --bind blocked for guest ? 1247688443 M * Bertl yep, by default 1247688465 M * Bertl Guy-: and more important, I do not see an EACCES in Linux-VServer proc code :) 1247688482 M * jazzanova Bertl: how can I allow that ? 1247688486 M * jazzanova its annyoing 1247688499 M * Bertl give the proper ccapability? 1247688527 M * Bertl http://linux-vserver.org/Capabilities_and_Flags 1247688567 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1247688588 M * jazzanova is that mknod capability ? 1247688733 M * Guy- Bertl: I don't use SELinux; but I'll try to look for EACCES return values 1247688781 M * Bertl jazzanova: try SECURE_(RE)MOUNT 1247688941 M * Bertl Guy-: generic_permission() has EACCES too 1247689070 M * jazzanova do I need to restart the guest ? 1247689086 M * Bertl nope 1247689091 M * Guy- Bertl: well, the file permissions look OK (644), and Xorg runs as root 1247689129 M * jazzanova boris@dagny:/etc/vservers/rearden$ cat ccapabilities 1247689129 M * jazzanova SECURE_MOUNT 1247689129 M * jazzanova SECURE_REMOUNT 1247689132 M * jazzanova is that correct ? 1247689154 M * Guy- shouldn't it be ccaps? 1247689159 M * jazzanova oh 1247689162 M * Guy- (instead of ccapabilities) 1247689206 M * jazzanova i probably need to restart guest caues i have old utils 1247689226 M * Guy- no 1247689234 M * Guy- you can hand out capabilities with vattribute 1247689255 M * Guy- (but you'll have to do it by hand, the ccaps file only applies when you start the guest) 1247689264 M * Bertl http://www.nongnu.org/util-vserver/doc/conf/configuration.html 1247689317 M * Guy- oh, so it is ccapabilities... I wonder where I got 'ccaps' from 1247689936 Q * jazzanova Ping timeout: 480 seconds 1247690559 M * Guy- hmmm... I tried with all bcapabilities set, and opening /proc/mtrr for writing still doesn't success in a guest (but it succeeds on the host) 1247690611 Q * bonbons Quit: Leaving 1247691004 J * Ming ~chatzilla@router7137.nal.toronto.edu 1247691091 M * Ming Hi everyone! 1247691361 J * thierryp ~thierry@home.parmentelat.net 1247691505 M * Bertl hi Ming! 1247691595 M * Bertl Guy-: add some debug statements to the critical code pathes 1247691613 Q * thierryp 1247691709 M * Guy- Bertl: yeah, I was kind of afraid it would come to that :) I could do it, but this issue isn't important enough right now, so I won't :) But thanks for your help 1247691742 M * Bertl shouldn't be too hard with kvm :) 1247691781 M * Guy- not hard, but time-consuming :) 1247691796 M * Bertl fair enough 1247692171 Q * _gh_ Quit: Client exiting 1247692515 M * mnemoc Bertl: thanks, the patch for 2.6.27.26 seems to work flawless 1247693156 N * dave0 dave0gone 1247693294 M * Bertl mnemoc: good, thanks for testing! 1247693426 M * mnemoc Bertl: thanks for making! :) 1247693516 N * DoberMann[PullA] DoberMann[ZZZzzz] 1247693648 M * Guy- Bertl: btw, I was seeing an issue with unification; setuid binaries became mode 0600 (on jfs). Was this known and has it been fixed? I stopped unifying my guests when this cropped up 1247693672 M * Guy- I'm not sure if the mode change happened on unification or on COW link breaking 1247693696 M * Bertl first time I hear of that ... maybe test with a recent patch and let me know then? 1247693701 M * Guy- OK 1247693737 M * Guy- (sorry, I meant hashification, fwiw) 1247693796 Q * Ming Quit: ChatZilla 0.9.85 [Firefox 2.0.0.19/0000000000] 1247694033 M * Bertl same mechanism 1247694276 J * ktwilight_ ~keliew@208.58-240-81.adsl-dyn.isp.belgacom.be 1247694541 Q * ktwilight__ Ping timeout: 480 seconds 1247694878 Q * imcsk8 Quit: This computer has gone to sleep 1247695482 J * imcsk8 ~ichavero@189.155.160.179 1247697029 J * mib_32uuxpwx c86fd57a@webchat.mibbit.com 1247697130 Q * mib_32uuxpwx 1247697651 J * derjohn_mob ~aj@c145095.adsl.hansenet.de 1247698571 Q * dowdle Remote host closed the connection 1247702260 Q * Genghis- Quit: ZNC by prozac - http://znc.sourceforge.net