1250208037 M * Bertl try if it works when you chroot into the guest space (from the host) 1250208056 M * Bertl ignore the update-binfmts inside the guest, it can't work without help 1250208079 M * mstrobert Bertl, Hm, that's a good idea. 1250208110 M * Mr_Smoke Hm 1250208112 M * Mr_Smoke evenin 1250208136 M * Mr_Smoke Has anyone tried the sock_sendpage exploit on vserver kernels yet ? 1250208216 M * mstrobert Bertl, Same behavior. "run-detectors: unable to find an interpreter for ./foo.exe". 1250208228 M * Bertl Mr_Smoke: probably not, but gnarface brought that up a few minutes ago ... you might want to check the irc logs :) 1250208235 M * Mr_Smoke Thanks 1250208245 M * Bertl mstrobert: so 'something' is missing in your setup then :) 1250208264 M * Bertl mstrobert: I'd opt for the actual binary/interpreter 1250208408 M * mstrobert Bertl, Hm. Well, the host's update-binfmt --display is saying cli is interpreted by /usr/bin/cli , which exists on the guest as a symlink to /etc/alternatives/cli , which is a symlink to /usr/bin/mono , which is an ELF executable that runs fine when executed directly. 1250208441 M * mstrobert (and /usr/bin/cli runs fine when executed directly, of course) 1250208464 M * Bertl does it exist on the host as well? 1250208555 M * mstrobert Bertl, yes, with the same symlinks, and ability to execute the mono ELF 1250208590 M * Bertl but it doesn't work in the chroot, correct? 1250208623 M * Bertl any security mechanisms or similar which might be the cause for that? 1250208626 M * Mr_Smoke Bertl: thanks for the heads up. Turns out PaX protects me from the vulnerability itself 1250208634 M * Mr_Smoke And the patch does appear trivial indeed 1250208662 M * mstrobert Bertl, executing a .exe doesn't, correct. Well, I'm not aware of a security mechanism which should be stopping that. I haven't set one up, at least. 1250208667 M * mstrobert That I know of :) 1250208704 M * Bertl okay, anything in dmesg? 1250208824 M * mstrobert Bertl, guest dmesg is empty. nothing interesting in host dmesg 1250208834 M * mstrobert Bertl, Nothing interesting in guest or host syslog or message, either. 1250208909 M * Bertl that's at least unusual ... I presume mono is supposed to work inside a chroot too? 1250208918 M * Bertl (with the binfmt stuff, I mean) 1250208937 M * mstrobert Bertl, I'll test that on another system 1250209041 M * mstrobert Bertl, Nevermind; I'm not at all set up to easily test that on my desktop. 1250209065 M * Bertl okay, nevertheless, I'd say that's cruicial to test first 1250209084 M * Bertl I don't see why that shouldn't work, at least I remember that it worked with java 1250209098 M * Bertl (but you never know) 1250209151 M * mstrobert Bertl, Okay. So what I need to work is for a mono .exe to run, but with /proc/sys/fs/binfmt_misc as an empty directory. I can try to set up a chroot to test that tomorrow. 1250209183 M * Bertl /proc/sys/fs/binfmt_misc is not the problem here, at least not from the Linux-VServer PoV 1250209195 M * Mr_Smoke Hm btw ... 1250209201 M * Bertl mstrobert: i.e. you should be able to unhide it 1250209212 M * Mr_Smoke Are there any grsec-enabled versions ov linux-vserver devel branch, 2.3.X.X ? 1250209234 M * mstrobert Bertl, Is it easy to unhide it? 1250209297 M * Bertl setattr should do the trick (check out setattr --help) 1250209326 M * mstrobert Bertl, Okay 1250209402 M * mstrobert Bertl, is this going to be identical to the procedure described at http://linux-vserver.org/USB_Devices ? 1250210322 M * mstrobert Bertl, I followed the procedure there, and now I can run mono .exe executables in my guest. (and for what it's worth, "update-binfmts --display" in the guest reports cli as enabled. 1250210340 M * mstrobert Bertl, Thanks helping me get this to work. 1250210435 M * mstrobert Bertl, you mentioned security issues. Does doing this open me up to some security issues, then? 1250210679 M * Bertl well, opening up _any_ direct kernel interfaces usually bring some security issues 1250210706 M * Bertl OTOH, it's probably compareable to any other Linux system 1250210771 M * Mr_Smoke Hm 1250210793 M * Mr_Smoke Is there any way to make the guest able to "see" its virtual network traffic ? 1250210803 M * Mr_Smoke Run stuff like iftop for example ? 1250210814 M * Mr_Smoke That would mean access to /proc/net I suppose 1250210863 M * gnarface my guess is if you're concerned about local security you should NOT give /proc access of any sort to any guest that has local user accounts 1250210880 M * gnarface but maybe thats just meaningless paranoia 1250210907 M * Mr_Smoke I get that 1250211001 M * Mr_Smoke Problem is it obscures quite a lot of otherwise useful info 1250211010 M * Bertl not really 1250211026 M * Bertl the point you are missing there is that the guest shares the network stack with the host 1250211030 J * tudenbart ~willi@xdsl-213-196-250-118.netcologne.de 1250211040 M * Bertl so, for example network counter will show you the total host traffic 1250211106 M * Mr_Smoke Yeah, I remember that actually 1250211121 M * Mr_Smoke I'm just saying, isn't there a way to let the guest count its beans ? 1250211211 M * Bertl sure, but it makes things complicated and slow 1250211230 M * Mr_Smoke Ok :) 1250211321 M * Bertl and it is much simpler to add an iptables 'accounting' rule and provide that data to the guest (if needed) 1250211371 M * Mr_Smoke True. 1250211375 M * Mr_Smoke I'll think about that 1250211451 Q * dothebart Ping timeout: 480 seconds 1250211652 J * geb ~geb@earth.gebura.eu.org 1250211883 J * vargadanis ~vargadani@catv-89-135-31-112.catv.broadband.hu 1250211898 M * vargadanis hi.. are there any loopback interface issues with vserver? 1250211908 M * Bertl like? 1250211924 M * vargadanis like ipconfig in the VPS doesn't display one 1250211929 M * vargadanis ifconfig ** 1250211932 M * vargadanis my bad... sorry 1250211957 M * Bertl nope, if properly configured, it will show up, even for the old ifconfig 1250211983 M * vargadanis i c.. so it is porbably not properly configured 1250211995 M * vargadanis cause lo doesn't show ip in the VPS 1250211998 M * vargadanis when netering ifconfig 1250212012 M * Bertl what kernel/patch and util-vserver version? 1250212045 M * vargadanis 2.6.24-23-vserver kernel version debian 1250212084 M * vargadanis 0.30.214 1250212095 M * vargadanis util-vserver 1250212100 M * Bertl debian kernels are usually broken, but in your case, it might be just a simple misconiguration ... how many IPs does your guest have? 1250212112 M * vargadanis 1 1250212116 M * vargadanis eth0 only 1250212128 M * Bertl and did you disable the single_ip special casing? 1250212129 M * vargadanis in /etc/network/interfaces there is no loopback 1250212155 M * vargadanis ahm.. no.. I don't know what that is 1250212159 M * vargadanis so possibly not 1250212195 M * Bertl I presume your kernel (only debian knows for sure :) has the automatic single IP special casing enabled 1250212216 M * Bertl which means, that you need to disable it, for single IP guests, which should show an 'lo' 1250212229 M * Bertl (i.e. actually have more than one IP) 1250212249 M * Bertl you can do that by adding ~single_ip to the nflags 1250212289 Q * docelic_ Ping timeout: 480 seconds 1250212370 M * vargadanis ahha, ok, whatever you say O_o 1250212378 M * vargadanis i'll look up where i can do that 1250213152 M * vargadanis Bertl, can you tell me how to add ~single_op to the nflags? 1250213187 M * Bertl with e.g. echo? like 'echo ~single_op >nflags 1250213201 M * vargadanis where do i execute this command? 1250213219 M * Bertl in the guest configuration dir 1250213244 M * Bertl http://www.nongnu.org/util-vserver/doc/conf/configuration.html 1250213252 M * vargadanis is that a problem that i don't have that file yet? 1250213271 M * vargadanis is the config dir the one where i see eg. the vdir dir? 1250213275 M * Bertl no, just means that you do not have any nflags set yet 1250213298 M * Bertl (explicitely, that is) 1250213435 M * vargadanis hmm.. ok, I got the single_ip thing and there is still no lo interface 1250213449 M * vargadanis shoulnd't i add it to /etc/network/interfaces file? 1250213454 M * Bertl did you use ~single_ip ? 1250213464 M * vargadanis yes 1250213466 M * Bertl and did you restart the guest? 1250213477 M * vargadanis it's int he /etc/versers/vserver-name/ dir 1250213478 M * vargadanis yes 1250213487 M * vargadanis in the** 1250213503 M * vargadanis so it's where it is supposed to be i guess 1250213517 M * Bertl please upload the contents of /proc/virtnet//info and status 1250213528 M * Bertl (paste.linux-vserver.org or similar) 1250213834 M * vargadanis http://paste.linux-vserver.org/13363 1250213880 M * vargadanis if you'd like you could take a look at the server too with root privileges 1250213889 M * vargadanis i only use it for learning puposes it's home 1250213930 M * Bertl nah, not necessary .. 1250213993 M * Bertl well, it looks like the debian kernel defaults are different from what I remember from 2.6.26 kernels 1250214095 M * Bertl I presume this is actually a vs2.0 or vs2.2 kernel, which doesn't support 'lo' at all, strange though, as I do not know of such patches for 2.6.24 or later 1250214118 M * Bertl let's give the 'testme.sh' a spin on your system please 1250214148 M * vargadanis testme.sh.. ok where do i find that? linux-vserver.org? 1250214154 M * Bertl http://vserver.13thfloor.at/Stuff/SCRIPT/testme.sh 1250214216 M * vargadanis Bertl, http://paste.linux-vserver.org/13364 1250214252 M * Bertl so yeah, that is a 2.2.0 based kernel 1250214318 M * Bertl i.e. you do not have per guest isolated loopback in that version 1250214367 M * vargadanis i c 1250214376 M * vargadanis isn't 2.2.0.7 the newest version? 1250214395 M * Bertl the latest 'stable' version, actually for 2.6.22.x 1250214424 M * vargadanis so i should downgade my system? 1250214428 M * vargadanis i mean the kernel? 1250214464 M * Bertl no, if you want loopback isolation and virtualization, you need to go for the vs2.3 branch, see http://linux-vserver.org/Feature_Matrix 1250214490 M * Bertl and then you want to use the 2.6.27.x or 2.6.29.x kernel (or maybe a 2.6.30.x one :) 1250214552 M * vargadanis how 'development' versions are those? 1250214560 M * vargadanis i mean how stable can i use them? 1250214585 M * Bertl most of the experimental patches are in production somewhere 1250214668 M * vargadanis why are they called experimental if there are peeps using it? O_o 1250214677 M * vargadanis i am getting confused by those names 1250214710 M * Bertl well, we label the code-reviewed, well tested patches 'stable' 1250214738 M * Bertl then there are the patches containing newer features, which we call 'development' 1250214753 M * Bertl (mostly because the API or the features themselves might change) 1250214776 M * Bertl and then there are 'experimental' patches, which are usually not feature complete 1250214804 M * Bertl nevertheless, all of them should work, otherwise it's a bug, and you should tell us :) 1250214838 M * Bertl care has to be taken on -preXX patches and of course -dont-use patches should not be used :) 1250214842 Q * geb Quit: / 1250214889 M * vargadanis ohh boy... it's getting complicated O_o 1250214908 M * vargadanis but hell how am i supposed to learn how to patch a frigging kernel if not by patching one? 1250214940 M * Bertl good point! there is even a page on the wiki which might help you with that 1250214991 M * vargadanis link, link link :) 1250215010 M * Bertl http://linux-vserver.org/Installation_on_Linux_2.6 1250215069 M * vargadanis so which version do you recommend? 1250215079 M * vargadanis there isn't anything that isn't allowed here 1250215091 M * vargadanis so you can hook me with the latest untested buggy crap ever :) 1250215112 M * Bertl if you are looking for stability, but want full 'lo' isolation, then I'd go for 2.6.27.x (latest patch for that one) 1250215125 M * Bertl if you want to do some testing, go for 2.6.30.4 1250215216 M * vargadanis the .x matters at all? 1250215233 M * Bertl .x just means, get the latest version 1250215248 M * Bertl so for 2.6.27.x last time I checked it was 2.6.27.29 1250215397 M * vargadanis still is 1250215467 M * vargadanis and the vserver version? 1250215483 M * vargadanis i downloaded the .29 1250215528 M * Bertl http://vserver.13thfloor.at/ExperimentalT/patch-2.6.27.29-vs2.3.0.36.6.diff 1250215618 M * vargadanis http://vserver.13thfloor.at/Experimental/patch-2.6.27.21-vs2.3.0.36.4.diff 1250215622 M * vargadanis ohh 1250215633 M * vargadanis i should have read your post first :) 1250215801 M * vargadanis okie dokie... 1250215809 M * vargadanis configuring kernel :) 1250216047 Q * vargadanis Read error: Connection reset by peer 1250217798 Q * hparker Ping timeout: 480 seconds 1250218917 J * sardyno_ ~me@pool-96-235-18-120.pitbpa.fios.verizon.net 1250218938 M * Bertl off to bed now ... have a good one everyone! 1250218943 N * Bertl Bertl_zZ 1250218971 Q * sardyno Ping timeout: 480 seconds 1250220483 M * Evet nite Bertl_zZ 1250221718 Q * balbir_ Ping timeout: 480 seconds 1250224658 Q * nenolod Remote host closed the connection 1250224690 J * nenolod nenolod@petrie.dereferenced.org 1250225167 J * doener_ ~doener@i59F55E84.versanet.de 1250225267 Q * doener Ping timeout: 480 seconds 1250226759 J * balbir_ ~balbir@59.145.136.1 1250227505 J * ghislainocfs2 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1250228991 J * vargadanis ~vargadani@catv-89-135-31-112.catv.broadband.hu 1250228998 M * vargadanis hello everyone 1250230590 J * mxs mxs@p4FCCB570.dip.t-dialin.net 1250230916 Q * scientes_ Ping timeout: 480 seconds 1250230930 Q * mxs_ Ping timeout: 480 seconds 1250231049 J * sharkjaw ~gab@149-49-95.oke2-bras6.adsl.tele2.no 1250232182 Q * derjohn_mob Ping timeout: 480 seconds 1250233125 J * dna ~dna@55-197-103-86.dynamic.dsl.tng.de 1250235199 J * derjohn_mob ~aj@80.85.196.112 1250238360 Q * sharkjaw Ping timeout: 480 seconds 1250239991 Q * balbir_ Ping timeout: 480 seconds 1250241017 J * balbir_ ~balbir@59.145.136.1 1250241457 J * BWare ~itsme@a184136.upc-a.chello.nl 1250241528 Q * balbir_ Ping timeout: 480 seconds 1250241687 J * gnuk ~F404ror@pla93-3-82-240-11-251.fbx.proxad.net 1250243128 J * balbir_ ~balbir@59.145.136.1 1250244798 Q * balbir_ Ping timeout: 480 seconds 1250245775 Q * nenolod Remote host closed the connection 1250245811 J * nenolod nenolod@petrie.dereferenced.org 1250245983 Q * pmenier Ping timeout: 480 seconds 1250248300 J * geb ~geb@earth.gebura.eu.org 1250248645 J * Pazzo ~ugelt@reserved-225136.rol.raiffeisen.net 1250248957 J * pmenier ~pmenier@ACaen-152-1-27-65.w83-115.abo.wanadoo.fr 1250249227 N * Evet Guest79 1250249243 J * Evet ~root@88.254.74.60 1250249247 M * Evet hi 1250249547 Q * Guest79 Quit: Lost terminal 1250249832 Q * geb Quit: / 1250249842 J * geb ~geb@earth.gebura.eu.org 1250250065 M * Evet I am trying to build a skeleton vserver 1250250084 M * Evet done. but i cant start 1250250091 M * Evet got this error: http://pastebin.com/d2a2fe41a 1250250633 M * hijacker_ Evet, did the skeleton build complete successfully ? 1250250647 M * hijacker_ looks like you're missing some mount points 1250250665 M * hijacker_ have you got a /path_to_vservers/vservername/tmp ? 1250250687 M * geb did you see Spender's last joke ? http://grsecurity.net/~spender/wunderbar_emporium.tgz :) 1250250748 M * hijacker_ /etc/vservers/datatek/fstab maybe remove those entries -> /tmp and /var/run if any 1250250761 M * hijacker_ geb, what's that joke ? 1250250782 M * geb a sort of homemad su :) 1250250787 M * geb homemade 1250250796 M * Evet hijacker_: building done properly. and, there isn't tmp dir 1250250823 M * hijacker_ geb, it is 3.3megs archived;-) 1250250830 M * hijacker_ plenty of code inside i guess? 1250250858 M * hijacker_ Evet, is there /path_to_vservers/vservername/tmp ? 1250250868 M * Evet hijacker_: no 1250250877 M * hijacker_ can you mkdir ? 1250250888 M * Evet hijacker_: did. nothing changes. same error 1250250889 M * hijacker_ dunno why it was not create 1250250895 M * hijacker_ hm 1250250944 M * Evet why it occurs mount problem? 1250250986 M * geb there is a video inside hijacker_ 1250251057 M * hijacker_ ah ;-) 1250251062 M * hijacker_ ok geb i will take a look 1250251079 M * hijacker_ Evet, can you copy/paste the contents of /etc/vservers/datatek/fstab ? 1250251083 M * hijacker_ if less than 3 lines 1250251087 M * hijacker_ if not put it on pastebin 1250251148 M * Evet none /proc proc defaults 0 0 1250251149 M * Evet none /tmp tmpfs size=16m,mode=1777 0 0 1250251149 M * Evet none /dev/pts devpts gid=5,mode=620 0 0 1250251248 M * hijacker_ well 1250251253 M * hijacker_ comment out the /tmp 1250251296 M * hijacker_ apart of this, I am not sure whether I can help any furhter 1250251314 M * hijacker_ what kernel version, patch version and util-vserver version are you using ? 1250251473 M * Evet im using 2.6.26-2 1250251478 M * Evet vserver amd 64 1250251487 M * Evet and not using util-vserver 1250251524 M * hijacker_ Evet, why not? 1250251538 M * hijacker_ util-vserver are the utils that let you build, log on into vservers? 1250251544 M * hijacker_ mange them 1250251545 M * hijacker_ etc 1250251555 M * hijacker_ I think you SHOULD use util-vserver 1250251579 M * Evet aha okay 1250251596 M * Evet i deleted the tmp entry 1250251609 M * Evet now, the only error is 1250251611 M * Evet fakerunlevel: open("/var/run/utmp"): No such file or directory 1250251911 M * sannes Anyone experiencing that the hostname is set on the host server when changed from within a vserver guest? 1250251957 M * vargadanis you mean that when you cange your container's hostname the host systems hostname changes too? 1250251984 M * vargadanis that'd be weird... taken that the whole point of the containers is to isolate O_o 1250252545 M * Evet hijacker_: so? 1250252930 Q * derjohn_mob Ping timeout: 480 seconds 1250252930 N * Bertl_zZ Bertl 1250252935 M * Bertl morning folks! 1250252972 M * Evet mornin 1250253024 M * Bertl sannes: known issue with old util-vserver and newer kernels 1250253043 M * Bertl sannes: update util-vserver to a recent version and you should be fine 1250253130 M * Bertl Evet: you are aware that a 'skeleton' guest cannot be started? 1250253149 M * Evet Bertl: yes 1250253176 M * Evet got "fakerunlevel: open("/var/run/utmp"): No such file or directory" error 1250253282 M * Bertl probably that file doesn't exist, no? 1250253325 M * Evet Bertl: didn't exist 1250253330 M * Bertl but let me rephrase my comment above: you know, that a skeleton guest cannot be started without adding a complete and consistant distro? 1250253341 M * Evet i created a file and a dir, got same error 1250253366 M * Evet Bertl: no i dont know. hmm 1250253404 M * Bertl a skeleton guest is just a few files and dirs to put something in, nothing which can be used by itself 1250253437 M * Bertl like creating a dir for your documents ... you still have to put in all documents to make it useful 1250253484 M * Evet Bertl: so i can copy files from another vserver, an it will work? 1250253517 M * Bertl for example, but if you want to do that, you're better off with the 'clone' or 'rsync' build methods 1250253556 M * Evet Bertl: unfortunately clobne method doesnt work 1250253567 M * Bertl how so? 1250253733 M * Evet Bertl: same error 1250253760 M * Evet http://pastebin.com/d3269f02e 1250253803 M * Evet i can comment out /tmp 1250253804 M * Bertl what kernel/patch and util-vserver version? 1250253808 M * Evet then i got fakerunlevel: open("/var/run/utmp"): No such file or directory 1250253840 M * Bertl and please paste your 'build 1250253847 M * Bertl command line for me too 1250253960 M * Evet how can i learn util-vserver version, Bertl 1250253975 M * Bertl 'vserver-info - SYSINFO' 1250254028 M * Evet Kernel: 2.6.26-2-vserver-amd64 1250254043 M * Evet util-vserver: 0.30.216-pre2772; Dec 13 2008, 04:56:19 1250254079 M * Bertl so those are the 'known-broken' debian kernel and tools, nevertheless, cloning a guest should work even with them 1250254140 M * Evet hmm 1250254147 M * Evet what i can do now 1250254153 M * Evet upgrade the util-vserver? 1250254180 M * Bertl first, upload your 'build' command line so that I can have a look a t it :) 1250254230 M * Evet vserver cloned build -m clone --hostname cloned.datateknolojileri.com --interface eth0:192.168.1.14/24 -- --source /etc/vservers/tostmodern 1250254254 M * Bertl /etc/vservers/tostmodern is nonsense 1250254271 M * Bertl either specify the path to the guest data, or leave out the path completely 1250254280 M * Bertl i.e. 'tostmodern' 1250254341 M * Evet okay 1250254359 M * Evet i created a new clone 1250254366 M * Evet got absolutely same error 1250254400 M * Bertl and starting 'tostmodern' works? 1250254446 M * Evet yes its already running 1250254486 M * Bertl and the build (clone) succeeded? 1250254544 M * Evet Bertl: built properly. but doesnt start 1250254546 M * Evet same error 1250254553 M * Bertl did you remove the 'cloned' 1250254557 M * Bertl guest first? 1250254596 M * Evet Bertl: i named new one cloned3 1250254611 M * Bertl and you are trying to start cloned3, yes? 1250254626 M * Evet unfortunately got same error 1250254671 M * Bertl upload all the steps and the system output you get starting with the clone build method up to the guest startup please 1250254716 Q * Pazzo Quit: . 1250254768 M * Evet Bertl: http://pastebin.com/dc8eaf8d 1250254862 M * Bertl how long does it take for the 'build' to finish? 1250254887 M * Evet Bertl: instantly 1250254919 M * Bertl that doesn't sound right ... you sure your tostmodern guest has its data and is the right one? 1250254949 M * Evet Bertl: yes i have a website running properly under tostmodern 1250254956 Q * jpic_ Quit: reboot 1250255195 M * Bertl what does du -skx `vserver-info tostmodern VDIR`/ report? 1250255197 J * biz biz@baze.de 1250255214 M * biz hi :) 1250255231 M * Evet Bertl: 364296 /etc/vservers/tostmodern/vdir/ 1250255234 M * Evet hi 1250255297 M * Bertl so that looks somewhat fine, now let's do the same with cloned3/4 1250255332 M * biz I've just read the faq entry on io scheduling at http://linux-vserver.org/Frequently_Asked_Questions#Disk_I.2FO_limiting.3F_Is_that_possible.3F 1250255382 M * biz At the end it says "Think every guest is treated like a own process group." -- so without the key_type setting, is there a way to set the cfq scheduler class for a whole guest? 1250255434 M * Evet Bertl: http://pastebin.com/d66e609ce 1250255461 M * sannes Bertl: Uhm, used version vserver 0.30.215 is even that outdated? 1250255463 M * biz I've switched from deadline to cfq recently because a non-important guest with lots of low-prio processes is able to kill performance of high priority processes running in other guests 1250255494 M * Bertl biz: this is basically valid for the old cfq extension, recent kernels/tools should allow you to do more 1250255495 M * sannes Bertl: sorry util-vserver version 0.30.215 of course .. 1250255510 J * dothebart ~willi@xdsl-81-173-228-180.netcologne.de 1250255528 M * biz Bertl: I'd really like to set the whole guest to use the cfq "idle" class, is that possible somehow? 1250255534 M * Bertl sannes: yes, you'll need 0.30.216 (preferably the latest pre) for kernels 2.6.25+ 1250255594 M * sannes Bertl: Ah! Thank you! :) 1250255601 M * Evet Bertl: how can i upgrade it? remove and install? 1250255654 M * Bertl yes, make sure that the old util-vserver is gone if you build/install the new one yourself 1250255666 M * Bertl also adjust the pathes to match the weird debian config 1250255681 M * Bertl (or move stuff around :) 1250255810 M * Evet but, im using 0.30.216 1250255824 Q * tudenbart Read error: Connection reset by peer 1250255866 M * Evet does other debian users face same issues? 1250255901 M * Bertl maybe, it is known that the debian kernel (2.6.26-x) and the util-vserver version they use are somewhat broken 1250255962 M * Bertl but that is a debian issue, nothing we can help you with ... there is no good explanation why your tostmodern guest has data, but the 'clone' doesn't 1250255997 M * Bertl it works perfectly fine here, and I guess daniel_hozac won't investigate further unless you try with a mainline version (preferably the latest pre) 1250256156 M * biz Bertl: I wonder if "ionice -c3 vserver my_low_prio_guest start" will affect all processes in the future within that guest? If so, can this be done later "on-the-fly"? 1250256178 M * Bertl ionice can be used on pids too 1250256241 M * biz but how can I get the parent pid of all processes within a vserver? like init on a non-vserver system 1250256285 M * Bertl if you start an init inside the guest, it will be the parent, if your guest is init-less then host init will be 'the parent' 1250256558 M * sannes hm, 0.30.216 of util-vserver is not backwardscompatible with kernels that work with 0.30.215 ? 1250256561 M * biz humm.. this is a debian guest system with sys-V style init. Afaik a vserver ... start does invoke init 3 within that guest?! I can't find a init process within the guest, so I guess this is the "init-less" variant you said? 1250256591 M * Bertl sannes: recent util-vserver is backwards compatible back to 2.4 kernels 1250256717 J * emcepe ~mcp@wolk-project.de 1250256947 Q * mcp Ping timeout: 480 seconds 1250256947 N * emcepe mcp 1250257281 M * theocrite Bertl: you're amazing, you're like a bot answering every single question here. How can you even have time to code and eat ? 1250257413 M * biz yeah, Bertl is great :D. I come in here once in a while and he's always here helping someone 1250257508 M * Bertl theocrite: it's getting tougher every day, especially as the monetary contributions from the community have reached an all time low ... 1250257707 M * theocrite Is there a way to donate without paypal ? 1250257710 A * theocrite hates paypal 1250257732 M * Bertl sure, you can get my bank account and directly transfer it there (pm) 1250257744 A * Bertl hates paypal too :) 1250258005 M * biz hmmm.. weird. I always get ioprio_set: Operation not permitted with this: 1250258013 M * biz $ vps auxn | grep 23266 1000 23266 40014 baze 0.0 0.1 15176 4368 pts/6 Ss+ Jun16 0:02 -/bin/bash 1250258046 M * biz chcontext --xid baze sudo -u '#1000' ionice -c3 -p23266 1250258075 M * biz *add a newline there after 'grep 23266' 1250258109 A * biz wonders if this is grsec related 1250258175 M * Bertl by default, you cannot change IO priorities in a guest 1250258191 J * derjohn_mob ~aj@tmo-108-92.customers.d1-online.com 1250258207 M * biz Bertl: I get the same with --cap SYS_NICE,SYS_ADMIN :( 1250258302 M * Bertl check with strace -fF what operation fails 1250258340 M * biz vserver(0xb010001, 0x9c4e, 0x7fff9b303690, 0x8, 0upeek: ptrace(PTRACE_PEEKUSER,32173,120,0): No such process 1250258354 M * biz ioprio_set: Operation not permitted 1250258360 M * Bertl put the strace _inside_ the context :) 1250258368 M * biz ahh :) 1250258436 M * biz SYS_251(0x1, 0x5ae2, 0x6007, 0, 0) = -1 EPERM (Operation not permitted) 1250258558 M * Bertl if (tcred->uid != cred->euid && 1250258558 M * Bertl tcred->uid != cred->uid && !capable(CAP_SYS_NICE)) { 1250258589 M * Bertl and after that, you get the 'security' check of your security framework 1250258619 M * Bertl no further checks in the code, so I'd opt for grsec then 1250258680 M * biz humm. Thanks, I'll try to find something on grsec+ionice 1250258716 M * Bertl note: I'm assuming that your process actually has SYS_NICE here :) 1250258745 M * biz http://pastebin.com/d1f258184 1250258750 M * biz that was the full output 1250258842 M * biz oh well, most of it is the sudo stuff... so this one should be enough: http://pastebin.com/d995c6bc 1250258892 M * biz Bertl: do you mean if the process has a nice value set? 1250258920 M * Bertl doesn't really matter 1250259828 J * mib_01i8mi1e 795eaf12@webchat.mibbit.com 1250259834 Q * mib_01i8mi1e 1250260362 M * biz weird. It works for processes running with an effective uid within the guest that is does not exist on the host system 1250260433 M * biz I don't even have to pass the --cap option 1250260561 M * biz Eg. a process running with uid 120 within a guest can be ioniced if there is no user with uid 120 on the host system 1250260610 M * Bertl ah, you probably want to enter the guest's user space too 1250260633 M * Wonka sounds broken :) 1250260654 M * Bertl well, yeah, kind of half way into the guest 1250260990 M * biz sorry. I did some more tests and it's not true 1250261026 M * biz But what I found out: you don't need to enter the guests own context, just context 1 (which is able to see everything) is enough 1250261049 M * biz And setting the priority within the current scheduling class works fine 1250261052 M * Bertl yep, unless your kernel honors guest privacy 1250261065 M * biz but switching to another scheduler class does not :( 1250261078 M * biz for example: 1250261081 M * biz $ chcontext --xid 1 sudo -u '#1000' ionice -p23150 -c3 1250261085 M * biz ioprio_set: Operation not permitted 1250261090 M * biz $ chcontext --xid 1 sudo -u '#1000' ionice -p23150 -n7 1250261095 M * biz ... works fine 1250261170 A * biz still doesn't understand why 1250261574 J * dowdle ~dowdle@scott.coe.montana.edu 1250262271 M * Bertl does it result in the same syscall? 1250262312 M * biz let me check 1250262397 M * biz -c3 => SYS_251(0x1, 0x5a6e, 0x6007, 0, 0) = -1 EPERM (Operation not permitted) 1250262410 M * biz -n7 => SYS_251(0x1, 0x5a6e, 0x4007, 0, 0) = 0 1250263052 J * hparker ~hparker@2001:470:1f0f:32c:290:96ff:fe50:40fa 1250263124 M * Bertl works fine here, issuing it on the host (not even spectator context) for -c3 and -n7 (with guest pid) 1250263188 M * Bertl works fine from spectator context too ... note: I'm not doing the sudo stuff, just the ionice 1250263471 M * biz eww 1250263502 M * biz $ ionice -p23150 -c3 1250263506 M * biz ioprio_set: No such process 1250263520 M * Bertl kernel version? 1250263530 M * biz 2.6.22-vs2.2.0.5-grsec2.1.11 1250263554 M * Bertl too old for having it work on the host context 1250263555 N * DoberMann[ZZZzzz] DoberMann[PullA] 1250263588 M * biz ok, so when I do it within the context without the sudo I get this: 1250263612 Q * derjohn_mob Ping timeout: 480 seconds 1250263614 M * biz $ chcontext --xid baze ionice -p23150 -c3 1250263614 M * biz ioprio_set: Operation not permitted 1250263655 M * biz since it looks very similar to the -c vs -n problem, I get the same with: 1250263662 M * biz $ chcontext --xid baze ionice -p23150 -n7 1250263662 M * biz ioprio_set: Operation not permitted 1250263692 M * Bertl I'd suggest to try with 2.6.22.x-vs2.2.0.7 and without grsec 1250263727 M * Bertl if the issue persists, I'll have a look ... 1250263780 M * biz ok, I'll do it within the next few days :) 1250263804 M * biz Thanks so much for the help so far 1250263810 M * Bertl np 1250264106 M * sannes Bertl: Using 0.30.216_pre2841 with an older kernel gives: vcontext: pivot_root(): Invalid argument when trying to start a guest .. 1250264134 M * sannes is there any newer? 1250264215 M * Bertl what kernel/patch version and how did you configure util-vserver? 1250264246 M * sannes Bertl: I used the gentoo install of 0.30.216_pre2841 1250264303 M * Bertl don't do that :) 1250264326 M * Bertl at least not if you want to report issues here, i.e. try with mainline first 1250264338 M * sannes so that would be with --with-vrootdir=/vservers --with-initscripts=gentoo --localstatedir=/var and .. 1250264374 M * sannes I can of course compile it manually, .. 1250264464 M * sannes Bertl: Kernel version is 2.6.28.8 with patch-2.6.28.7-vs2.3.0.36.8.diff 1250264560 M * Bertl well, updating that wouldn't hurt either 1250264619 M * sannes heh, I did update, but then the old version of util-vservers did not play ball so had to reboot back to the old kernel :P 1250264685 M * sannes Anyways, maybe I should just boot the darn thing with shiny new kernel and updated util-vserver :P 1250264761 M * Bertl will probably work, unless the util-vserver is broken 1250265407 J * imcsk8 ~ichavero@nat.ti.uach.mx 1250265412 Q * hparker Quit: Read error: 104 (Peer reset by connection) 1250265422 J * hparker ~hparker@2001:470:1f0f:32c:290:96ff:fe50:40fa 1250265556 Q * ghislainocfs2 Quit: Leaving. 1250266022 Q * ensc|w Remote host closed the connection 1250266112 J * derjohn_mob ~aj@tmo-104-16.customers.d1-online.com 1250266315 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1250266822 M * Evet is there anyone who running bind under a vserver? 1250266837 M * hijacker_ Evet, myself 1250266891 M * Evet hijacker_: is it working properly? 1250266898 M * hijacker_ 24/7 1250266911 M * Evet mine is not 1250266923 M * hijacker_ geb, that video is awful man 1250266939 M * Evet it acts like there is a firewall blocking bind's port 1250266955 M * geb hijacker_, :) 1250266972 M * hijacker_ Evet, is bind starting at all ? 1250266975 M * geb Evet, i also run bind in a vserver without any problem 1250266979 M * hijacker_ ps aux | grep bind 1250266996 M * hijacker_ netstat -aupn | grep 53 1250267012 M * Evet hijacker_: on host or vserver? 1250267028 M * hijacker_ Evet, on the vserver 1250267048 M * hijacker_ you are running bind in there, right ? 1250267066 M * Evet right 1250267067 M * Evet wait pls 1250267141 M * Evet hijacker_: http://pastebin.com/d7a6979c4 1250267144 M * hijacker_ i still have like 35 minutes before i head home ;-> 1250267177 M * hijacker_ udp 0 0 188.40.78.44:53 0.0.0.0:* 303/named 1250267182 M * geb looks like bind is working 1250267182 M * hijacker_ that means bind is running 1250267189 M * hijacker_ how do you tell it does not work ? 1250267195 M * geb could you test "dig localhost @$ip" ? 1250267236 M * hijacker_ ;; Query time: 50 msec 1250267236 M * hijacker_ ;; SERVER: 188.40.78.44#53(188.40.78.44) 1250267236 M * hijacker_ ;; WHEN: Fri Aug 14 19:26:40 2009 1250267242 M * Evet geb: dig not found 1250267244 M * hijacker_ Evet, do you run bind on the host as well ? 1250267264 M * geb how would you test your bind with dig ;) ? 1250267271 M * Evet hijacker_: running on 2 vservers 1250267282 M * hijacker_ because I am able to query it on that IP address 1250267294 M * hijacker_ it works for me 1250267339 M * hijacker_ ;; ANSWER SECTION: 1250267339 M * hijacker_ version.bind. 0 CH TXT "9.5.1-P3" 1250267341 M * hijacker_ there you go 1250267434 M * geb it also works from my host 1250267438 M * Evet hijacker_: so why cany reach via domain name 1250267446 M * Evet datateknolojileri.com and tostmodern.org 1250267457 M * hijacker_ Evet, misconfigured bind? 1250267478 M * hijacker_ what do you have in your /etc/resolv.conf on the computer where you try to make the queries? 1250267498 M * geb no NS server for your first domain 1250267501 M * Evet hijacker_: 1250267511 M * Evet ns1.datateknolojileri.com and ns1.tostmodern.org 1250267517 M * Evet are reach my website 1250267523 M * hijacker_ geb, there are: Domain servers in listed order: 1250267523 M * hijacker_ NS1.DATATEKNOLOJILERI.COM 188.40.78.43 1250267558 M * hijacker_ so this one does have the name server properly set 1250267562 M * geb i didn't get them, how do you ? 1250267579 M * hijacker_ whois datateknolojileri.com 1250267585 M * hijacker_ and looking in between the lines;-) 1250267613 Q * hparker Ping timeout: 480 seconds 1250267634 M * hijacker_ Name Server:NS1.TOSTMODERN.ORG - the second one is also set 1250267660 M * hijacker_ PING NS1.TOSTMODERN.ORG (188.40.78.44) 56(84) bytes of data. -> resolveable 1250267668 J * hparker ~hparker@2001:470:1f0f:32c:290:96ff:fe50:40fa 1250267680 M * hijacker_ PING NS1.DATATEKNOLOJILERI.COM (188.40.78.43) 56(84) bytes of data. 1250267680 M * hijacker_ -> same here 1250267717 M * hijacker_ ;; QUESTION SECTION: 1250267717 M * hijacker_ ;www.DATATEKNOLOJILERI.COM. IN A 1250267734 M * hijacker_ the ns1.DATATEKNOLOJILERI.COM is not authoritive for this zone 1250267755 M * Evet i had same issue with apache 1250267762 M * Evet but there is a feature of apache 1250267766 M * Evet to solve this problem 1250267774 M * geb Evet, ? 1250267782 M * Evet i configured host machine's apache settings 1250267801 M * Evet added "Listen %HOSTIP%" to /etc/apache2/ports.conf 1250267806 M * Evet and it solved 1250267813 M * Evet it called binding addresses 1250267821 M * geb but your bind is listening, we can call it 1250267831 M * geb it just haven't the zone right now 1250267842 M * Evet yesterday, someone said that 1250267848 M * Evet bind has a bug-like thing 1250267853 M * Evet 0.0.0.0 issue 1250267854 M * sannes Bertl: still with kernel 2.6.30.4 and patch-2.6.30.4-vs2.3.0.36.14-pre4.diff, with util-vserver 0.30.216_pre2841 I get vcontext: pivot_root(): Invalid argument when trying to start a vserver .. does that mean it has picked up some wrong kernel headers or similar ? 1250267867 M * hijacker_ Evet, i doubt that 1250267874 M * Evet Bertl: do you remember the 0.0.0.0 issue of bind? 1250267877 M * hijacker_ it seems to have bound to the right IP address 1250267894 M * hijacker_ as per your netstat result 1250267901 M * hijacker_ so it is a misconfiguration now 1250267919 M * geb Evet, see pv :) 1250268123 M * sannes Bertl: nevermind, I actually managed to boot the wrong kernel .. *doh* 1250268146 M * Bertl Evet: hmm? 1250268294 M * sannes Bertl: Yip, everything works with newest + newest 1250268303 M * Bertl excellent! 1250268321 M * sannes no leaking hostnames either :) 1250268333 M * Bertl the way it should be :) 1250268447 J * ensc|w ~ensc@www.sigma-chemnitz.de 1250269195 J * scientes_ ~scientes@174-21-98-38.tukw.qwest.net 1250269207 Q * FireEgl Ping timeout: 480 seconds 1250269433 Q * derjohn_mob Ping timeout: 480 seconds 1250270244 Q * gnuk Quit: NoFeature 1250270440 Q * mnemoc Remote host closed the connection 1250270964 J * FireEgl FireEgl@173-16-9-10.client.mchsi.com 1250272110 Q * ensc|w Quit: Lost terminal 1250273360 P * Evet 1250273364 J * Evet ~root@88.254.74.60 1250273379 M * Evet hey BWare 1250274148 J * docelic ~docelic@78.134.200.109 1250274527 Q * nou Ping timeout: 480 seconds 1250275455 J * nou Chaton@causse.larzac.fr.eu.org 1250275490 M * geb Evet, did you see my pv ? 1250275505 M * geb maybe it is a bit late now :( 1250278646 Q * geb Ping timeout: 480 seconds 1250278649 Q * thalunil Quit: Terminated with extreme prejudice - dircproxy 1.2.0 1250278681 J * thalunil ~thalunil@walledcity.de 1250278753 Q * thalunil 1250278763 J * thalunil ~thalunil@walledcity.de 1250283456 J * tudenbart ~willi@xdsl-213-196-253-175.netcologne.de 1250283873 Q * dothebart Ping timeout: 480 seconds 1250284362 Q * hparker Quit: Read error: 104 (Peer reset by connection) 1250285093 Q * SauLus Ping timeout: 480 seconds 1250285279 J * geb ~geb@earth.gebura.eu.org 1250285292 J * saulus ~saulus@c150181.adsl.hansenet.de 1250285944 J * derjohn_mob ~aj@p5B23D614.dip.t-dialin.net 1250286913 M * thermoman Bertl:i changed OS from gentoo to debian lenny, partition with vservers kept untouched 1250286932 M * thermoman where do i find testme.sh to test if my system works as supposed to be? 1250286940 M * thermoman showattrs looks good 1250286974 M * Bertl http://vserver.13thfloor.at/Stuff/SCRIPT/ 1250287041 M * thermoman from 2006? 1250287162 M * thermoman testme.sh: line 209: echo: write error: Broken pipe 1250287162 M * thermoman testme.sh: line 210: echo: write error: Broken pipe 1250287166 M * thermoman this is good? :) 1250287188 M * thermoman there is only green output, no warnings. so i'm good, right? 1250287202 M * thermoman Bertl: thanks fpr the url 1250287273 M * Bertl the broken pipe sound like missing tool 1250287295 M * Bertl you did get the latest testme.sh version, right? 1250287344 M * thermoman the one without version appended 1250287363 M * thermoman yes, the latest 1250287363 M * Bertl yep, what's in ;line 209 and 210 there? 1250287400 M * thermoman echo "$VSRI" | grep -q 'dietlibc: yes' && UINF="${UINF}D" 1250287401 M * thermoman APIS=`echo "$VSRI" | sed -n '/APIs/ {s/.*: //;p;q;}'` 1250287476 M * thermoman Bertl: started it 5 times ... 2 times no error 1250287479 M * thermoman strange 1250287503 M * Bertl well, should be fine, i.e. not test related 1250287516 M * Bertl but definitely unusual bash behaviour :) 1250287542 Q * scientes_ Remote host closed the connection 1250287585 J * Elton08702 ~Delphi@189.82.173.67 1250287624 M * thermoman Bertl: one more thing: with my vservers running on gentoo host and then entering a vserver and issueing: "ps f -o user,pid,nice,%cpu,%mem,cputime,etime,tty8,command ax" i get process list in tree view of _all_ processes 1250287639 M * thermoman now with debian host i only get login->bash->ps 1250287651 M * thermoman how come? 1250287655 J * scientes ~scientes@174-21-98-38.tukw.qwest.net 1250287664 M * thermoman i still see all vserver processes with ps aux inside vserver 1250287831 M * Bertl I don't think that is host distro related .. you probably changed the kernel as well 1250287932 M * thermoman oh yes, sur 1250287935 M * thermoman sure 1250287951 M * thermoman the command on the host works 1250287974 M * thermoman but inside vservers i only see these 3 processes 1250287982 M * thermoman with the forest option 1250288026 M * Marillion have you grsec enabled? 1250288032 M * Bertl it works on the guest too, but you have to do it correclty (i.e. do not use enter, use ssh, and either have an init process inside the guest, or the fake init) 1250288061 M * Marillion thermoman: in my guest works fine 1250288111 M * thermoman Marillion: nope 1250288124 M * Marillion ah ok 1250288133 M * thermoman ok will test via ssh 1250288186 M * thermoman via ssh i get no output at all except for the headline 1250288187 M * Marillion ok, i tested it with over ssh, sorry 1250288206 M * Marillion not with backdoor 1250288208 M * thermoman via enter i get the 3 processes ... 1250288534 M * Bertl what kernel is that now? 1250288633 M * thermoman Bertl: 2.6.26-2-vserver-686-bigmem 1250288645 M * thermoman stock lenny one 1250288662 M * thermoman guests are lenny as well 1250288673 M * thermoman ps aux works, forest is crippled 1250288724 M * Bertl known broken kernel .. try with a working one :) 1250288755 M * thermoman si there a prebuild one from debian? 1250288786 M * thermoman if it's only the output of ps i can live using ps aux instead the alias for the forest 1250288801 M * thermoman *with 1250288817 M * thermoman or are therre other things not working? 1250288926 Q * Elton08702 Read error: Connection reset by peer 1250288985 M * Bertl there are numerous things which are broken .. and special care has to be taken when switching to or from that kernel (filesystem flags get messed up) 1250289022 M * thermoman Bertl: i switched from gentoo kernel ... and used showattrs as described in wiki to check barrier 1250289047 M * thermoman Bertl: do i need to check more than the flags on the vservers root directory? 1250289113 M * thermoman the wiki itself isn't clear if _all_ files inside the vserver have to be changed in a way regarding the xattr or only the vservers / 1250289138 M * thermoman i get B on /var/lib/vservers and b on all in there 1250289153 M * Bertl only the directory above the guest root 1250289155 M * thermoman anything else i have to be concerned of? 1250289167 M * thermoman don't use unification 1250289180 M * Bertl not in the file attribute department 1250289186 M * thermoman but? 1250289253 Q * bonbons Quit: Leaving 1250289290 N * DoberMann[PullA] DoberMann[ZZZzzz] 1250289474 M * Bertl I do not remember those issues, you have to talk with the debian folks .. or search on the mailinglist/irc logs ... all I remember is that we had countless reports of minor issues and misbehaviour 1250289500 M * thermoman ok 1250289515 M * Bertl and I still do not understand why the did choose a kernel which wasn't supported and a patch version which was known to be broken/incomplete 1250289614 M * thermoman the problem with 1250289615 M * thermoman root 18768 0 0.2 0.1 00:00:00 00:09 ? | \_ /bin/bash /sbin/vshelper poweroff 82 1250289618 M * thermoman root 18806 0 0.0 0.0 00:00:00 00:09 ? | | \_ cat /tmp/vshelper-stop-sync.RDjhUd/pipe 1250289621 M * thermoman still remains 1250289646 M * thermoman "halt" inside the vserver, vserver shuts down 1250289660 M * thermoman these 2 processes keep hanging on the host 1250289749 M * Marillion thermoman: take the 2.6.27 branch, is better 1250289764 M * Bertl and get recent util-vserver :) 1250289825 M * thermoman i just switched from gentoo to debian to get rid of the "do it all yourself" compile and dependency hell 1250289852 M * thermoman dont wanna use custom kernels again 1250289968 M * Bertl well, then get a more recent debian kernel at least .. or live with it :) 1250289999 M * Bertl for the debian folks, the broken kernel and tools are fine, so if that's your choice ... so be it 1250290024 M * Marillion thermoman: i understand what you mean, but it helps you not at the moment 1250290136 M * Marillion or wait an lenny at half 1250290305 M * Mr_Smoke Bertl: when is the next update to the "stable" branch to be expected? 1250290359 M * Marillion thermoman: or look at the backports.org as well for recent Kernel with security support 1250290670 M * Bertl Mr_Smoke: what do you mean with 'update'? 1250290798 M * Mr_Smoke I mean, 2.2.0.7 hasn't evolved in ages 1250290857 M * Bertl okay, so has linux 2.4, what kind of evolution do you expect there? 1250290860 M * Mr_Smoke It's ok for production, although it lacks a few features that are only in 2.3 1250290872 M * Mr_Smoke However, 2.3 + grsec isn't quite stable yet 1250290893 M * Mr_Smoke I'm just wondering : is 2.3 going to go stable some day or .. what's the big plan :) 1250290905 M * Bertl vs2.3 will 'evolve' (or better stabilize) at some point in vs2.4 1250290933 M * Mr_Smoke I see 1250290949 M * Mr_Smoke And nothing will be backported to 2.2 in the meantime ? 1250290949 M * Bertl but as my time is currently quite limited, and Linux-VServer related contributions are seldom, I doubt that it will be soon 1250290969 M * Mr_Smoke Ouch :/ 1250291051 M * Bertl stable release require extensive code cleanup and review, as well as testing ... this takes an awful lot of time ... 1250291086 M * Mr_Smoke Yeah I get that 1250291123 M * Mr_Smoke I always thought the "stable" branche was still getting stable improvements while the devel branch was evolving 1250291152 M * Marillion but devel works good 1250291160 M * Mr_Smoke just like debian stable gets updates while sid/testing go crazy 1250291176 M * Mr_Smoke Marillion: well we've got a 2.3+grsec server rebooting every 2 weeks or so 1250291196 M * Mr_Smoke We can't say it's vserver+grsec's fault for sure, but it's very suspicious 1250291197 M * Marillion why? 1250291206 M * Marillion oh 1250291215 M * Mr_Smoke Hard to tell. Need to hook up a vKVM some day 1250291254 M * Bertl Mr_Smoke: did you try without grsec yet? 1250291315 M * Marillion Mr_Smoke: *iirc* KVM Guest need mprotect(), is not more secure 1250291318 M * Mr_Smoke Well I've got a 2.3.0.32 rig running ok 1250291344 M * Mr_Smoke Marillion: hm sorry. I meant a KVM *device*, and v for virtual. It's a remote, dedicated server, hands off 1250291361 M * Marillion ah ok :) 1250291361 Q * scientes Ping timeout: 480 seconds 1250291371 M * Mr_Smoke Because of course, ther's not much in the logs 1250291395 M * Mr_Smoke Bertl: but we're quite keen on Pax/Grsec 1250291601 Q * imcsk8 Quit: This computer has gone to sleep 1250293333 J * scientes ~scientes@174-21-106-69.tukw.qwest.net