1252457838 Q * dallas Quit: dallas
1252458980 Q * imcsk8 Quit: This computer has gone to sleep
1252459620 J * imcsk8 ~ichavero@189.135.236.32
1252459719 Q * imcsk8 
1252461647 J * derjohn_foo ~aj@e180193195.adsl.alicedsl.de
1252461647 Q * derjohn_mob Read error: Connection reset by peer
1252462207 J * doener_ ~doener@i59F54B57.versanet.de
1252462311 Q * doener Ping timeout: 480 seconds
1252463217 J * geb ~geb@earth.gebura.eu.org
1252463661 Q * PowerKe Ping timeout: 480 seconds
1252465250 J * saulus_ ~saulus@d003030.adsl.hansenet.de
1252465661 Q * SauLus Ping timeout: 480 seconds
1252465666 N * saulus_ SauLus
1252465921 M * Bertl off to bed now .. have a good one everyone!
1252465927 N * Bertl Bertl_zZ
1252466198 M * geb i just woke up :)
1252466203 M * geb 'night Bertl
1252466860 M * arachnist i'm still awake
1252466869 M * arachnist (it's 5:30 AM here)
1252466965 J * PowerKe ~tom@d5153A2D7.access.telenet.be
1252467147 M * geb same :)
1252468329 Q * hparker Quit: Read error: 104 (Peer reset by connection)
1252468648 Q * geb Ping timeout: 480 seconds
1252472515 Q * sardyno_ Ping timeout: 480 seconds
1252472624 J * sardyno ~me@pool-96-235-18-120.pitbpa.fios.verizon.net
1252473316 Q * FireEgl Ping timeout: 480 seconds
1252473443 J * sharkjaw ~gab@90.149.121.45
1252473809 Q * ghislainocfs2 Quit: Leaving.
1252473836 J * ghislainocfs2 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr
1252474112 J * FireEgl Proteus@2001:470:e056:1:4::9
1252474281 Q * sardyno Ping timeout: 480 seconds
1252475025 J * thierryp ~thierry@home.parmentelat.net
1252475241 J * sardyno ~me@pool-96-235-18-120.pitbpa.fios.verizon.net
1252475758 J * geb ~geb@earth.gebura.eu.org
1252476902 M * geb hi
1252477463 Q * thierryp Remote host closed the connection
1252477484 J * thierryp ~thierry@home.parmentelat.net
1252477823 J * balbir ~balbir@122.172.25.214
1252478277 M * arekm Bertl_zZ: any idea why this has never been merged into 2.6.27 patches? http://ftp.linux-vserver.org/pub/people/dhozac/p/k/delta-owner-xid-feat02.diff 
1252478486 Q * derjohn_foo Ping timeout: 480 seconds
1252480550 Q * wibble Remote host closed the connection
1252480903 M * Hollow geb: ok, no problem :) i think bertl also hacked some spam protection into pastebin.php ;)
1252481146 M * _Shiva_ arekm: that specific patch would not apply in current Kernels anyway :-) the netfilter code has changed a lot since 2.6.17.. 
1252481168 J * mxs_ mxs@p4FCCA036.dip.t-dialin.net
1252481184 M * arekm _Shiva_: afaik .27 is still maintained evein in vserver
1252481221 J * dna ~dna@p548F0568.dip0.t-ipconnect.de
1252481316 M * _Shiva_ arekm: but the patch you refer to ist for 2.6.*17*
1252481322 M * _Shiva_ not ..27
1252481386 M * arekm right but is not applied to .27 and I have it applied for .27 locally (maybe it was adjusted for .27... doesn't matter anyway)
1252481466 Q * mxs Ping timeout: 480 seconds
1252481546 M * _Shiva_ arekm: and it actually applied..?
1252481610 M * arekm http://cvs.pld-linux.org/cgi-bin/cvsweb/packages/kernel/kernel-owner-xid.patch?rev=1.1.2.3
1252481613 M * arekm this one applies well
1252481647 M * _Shiva_ 'cause the match-modules moved to the xtables implementation...
1252481665 M * _Shiva_ yeah - right.. that rev moved, too :-)
1252484458 J * davidkarban ~david@199.123.broadband11.iol.cz
1252485645 J * BWare ~itsme@212.0.244.174
1252486341 J * derjohn_foo ~aj@139.12.1.252
1252486496 Q * Guest631 Ping timeout: 480 seconds
1252487189 J * Genghis ~Genghis@ph34r.my.d-n-s.org.uk
1252487222 N * Genghis Guest1894
1252487837 J * dna_ ~dna@p548F0941.dip0.t-ipconnect.de
1252488276 Q * dna Ping timeout: 480 seconds
1252489426 J * BenG ~bengreen@94-169-110-10.cable.ubr22.aztw.blueyonder.co.uk
1252491165 Q * FireEgl Remote host closed the connection
1252491987 J * FireEgl Proteus@2001:470:e056:1:4::9
1252492736 Q * balbir Read error: Connection reset by peer
1252493672 J * balbir ~balbir@122.172.38.13
1252496515 Q * BenG Quit: I Leave
1252496813 M * pmjdebruijn Bertl_zZ: the 2.6.27.31 patch applies just fine on 2.6.27.32 :)
1252496824 A * pmjdebruijn goes on to compile next
1252496924 M * arekm ocfs2 build is broken in .32
1252498616 N * Bertl_zZ Bertl
1252498623 M * Bertl morning folks!
1252498642 M * Bertl arekm: vanilla or Linux-VServer, and if latter, in what way?
1252498850 M * Bertl arekm: regarding the owner*id patch, IIRC, it was experimental (probably got into planet lab kernels?) but I never got feedback from testing (and it requires changes to userspace to be usable) .. but I do not see a problem with adding it, if there is an actual user (and maintained userspace patches to make it work)
1252499344 M * arekm Bertl: vanilla
1252499608 M * pmjdebruijn arekm: the two OCFS patches broke things?
1252500504 M * arekm guess so because .31 was fine
1252500677 M * pmjdebruijn hmmm ok
1252500686 M * pmjdebruijn well we don't use OCFS with vserver
1252500693 M * pmjdebruijn arekm: still thanks for the headsup...
1252500703 M * pmjdebruijn we use ocfs elsewhere... no point in trying to upgrade those :)
1252500709 M * pmjdebruijn arekm: you just saved me 15minutes of work :p
1252500789 Q * arachnist Quit: leaving
1252500799 J * arachnist arachnist@insomniac.pl
1252501752 J * BenG ~bengreen@94-169-110-10.cable.ubr22.aztw.blueyonder.co.uk
1252501886 M * Bertl okay, off for now .. bbl
1252501886 N * Bertl Bertl_oO
1252502402 J * Pazzo ~ugelt@reserved-225136.rol.raiffeisen.net
1252503456 Q * BenG Quit: I Leave
1252504801 Q * sharkjaw Remote host closed the connection
1252505685 J * imcsk8 ~ichavero@189.135.236.32
1252505773 Q * BWare Ping timeout: 480 seconds
1252506401 J * BWare ~itsme@212.0.244.174
1252509462 Q * kir Quit: Leaving.
1252510694 Q * dkg Server closed connection
1252510706 J * dkg ~dkg@lair.fifthhorseman.net
1252510751 Q * SauLus Quit: ...something weird happened
1252510764 J * saulus ~saulus@d003030.adsl.hansenet.de
1252510864 J * dowdle ~dowdle@scott.coe.montana.edu
1252512441 Q * dna_ Quit: Verlassend
1252512589 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d
1252512684 N * Bertl_oO Bertl
1252512687 M * Bertl back again ...
1252513008 M * Mr_Smoke Hello :)
1252513018 M * Mr_Smoke Hey there Bertl :) can I annoy you with a question ?
1252513128 M * micah Mr_Smoke: it is better to ask the question rather than asking if you can ask
1252513134 M * Mr_Smoke Sure :)
1252513135 M * Bertl Mr_Smoke: you already did :) the answer is yes :)
1252513143 M * Mr_Smoke Ok
1252513151 M * Mr_Smoke I've got a memory leak issue with PHP
1252513157 M * micah ...protocol overhead
1252513170 M * Mr_Smoke So far I'm in the early stages of diagnosing the issue, but this is what I've gathered
1252513198 M * Mr_Smoke - On 3 non-related non-vserver machines running PHP 5.2.8, 5.2.9 and 5.2.10, the problem is not present
1252513217 M * Mr_Smoke - on *my* vserver 2.2.0.7, inside the vserver, the problem is reproducible
1252513237 M * Mr_Smoke I'm currently compiling php on the host, to see what happens
1252513246 M * Mr_Smoke The question is ... I know it's a long shot but ...
1252513258 M * Mr_Smoke Can you think of anything that might mess with the way php handles memory ?
1252513273 M * Bertl okay, chances that it is Linux-VServer related (if you are not hitting any guest limits) is almost zero
1252513282 M * Mr_Smoke Darn.
1252513294 M * Bertl but, to verify, I'd suggest that you make sure that the versions are identical
1252513303 M * Mr_Smoke That's what I'm about do to.
1252513309 M * Mr_Smoke The host is emerge'ing PHP as we speak
1252513314 M * Bertl i.e. do not compile it on the host, make a copy of the guest and chroot into it
1252513343 M * Mr_Smoke Hm, I don't get it. What would I achieve by doing this ?
1252513353 M * Mr_Smoke Oh
1252513355 M * Mr_Smoke Chroot.
1252513359 M * Mr_Smoke *headpalm*
1252513474 M * Mr_Smoke Well I chrooted in the original vserver
1252513509 M * Mr_Smoke How is that different form chrooting into a copy of the guest ?
1252513569 M * Bertl it might collide with the actual running guest
1252513578 M * Mr_Smoke Well I'm using php cli
1252513579 Q * FireEgl Ping timeout: 480 seconds
1252513579 M * Bertl and/or it might mess up permissions for the guest
1252513601 M * Mr_Smoke So it shouldn't be too different now, should it ?
1252513623 M * Bertl it should be identical in userspace, except that it is now running on the host
1252513623 Q * davidkarban Quit: Ex-Chat
1252513743 M * Mr_Smoke Ok, that's what I thought
1252513750 M * Mr_Smoke And indeed, the problem is the same
1252513757 M * Mr_Smoke So Vserver is in the clear, as expected :)
1252513770 M * Mr_Smoke Do you think PaX might be the culprit ?
1252513777 M * Bertl well, it could still be a side effect of the kernel
1252513798 M * Bertl so, what I'd suggest is to rsync/dump the guest to one of those machines which work fine
1252513805 M * Bertl and try again with the chroot there
1252513841 M * Bertl if the problem is gone, the kernel is to blame, if it remains, it is definitely userspace
1252513921 M * Mr_Smoke Sounds good. Let's try that
1252514019 M * Mr_Smoke Hm maybe not today though, but I'll keep that in mind. Thanks :)
1252514146 J * FireEgl FireEgl@173-16-9-10.client.mchsi.com
1252514319 M * harry always , when you suspect a problem with grsec, use the non-grsec patch
1252514329 M * harry try with that, if that fixes your problem, contact me :)
1252514345 M * harry (and for now, disable all "misc hardening features"
1252514365 M * harry aparently, there are some problems with some of the options on some machines... but i'm workin gon it
1252514478 M * harry gotta go again... sorry that i'm not active lately... personal problems here...
1252514711 M * raceme is there somewhere more documentation about loopback configuration that what is described here: http://linux-vserver.org/Capabilities_and_Flags#Network_context_flags_.28nflags.29 ?
1252514769 N * DoberMann[ZZZzzz] DoberMann[PullA]
1252514826 J * xdr ~xdr@h-239-29.A219.priv.bahnhof.se
1252514859 M * raceme in fact i am not sure to understand what do SINGLE_IP, LBACK_REMAP, LBACK_ALLOW, HIDE_NETIF and HIDE_LBACK
1252515282 M * Bertl what do you want to know about them? did you read the help text?
1252515291 M * Bertl (kernel config)
1252515419 M * raceme Bertl: i didn't read that, perhaps i should begin there so...
1252515438 M * Bertl not necessary, it's not terribly complicated
1252515459 M * raceme Bertl: in fact I'm wondering how interacts for exemple LBACK_REMAP and HIDE_LBACK
1252515466 Q * FireEgl Ping timeout: 480 seconds
1252515491 M * Bertl LBACK_REMAP does the actual remapping lback <-> 127.0.0.1
1252515539 M * raceme Bertl: so it share lo between vservers ?
1252515543 M * Bertl HIDE_LBACK shows lback addreses as 127.0.0.1
1252515578 M * Bertl HIDE_NETIF restricts network interfaces (to be shown) to those carrying a guest IP
1252515740 M * Bertl LBACK_ALLOW finally decides if the loopback address will be allowed in source selection
1252515770 M * Bertl the loopback (lo) isolation works like this:
1252515829 M * Bertl each guest gets (usually automaticall, via AUTO_LBACK, kernel option) a specific loopback ip assigned (not necessarily a loopback address, but usually it is)
1252515833 A * raceme listens with attention (and logs) :)
1252515871 M * Bertl every loopback (127.x.y.z) address is then mapped (via LBACK_REMAP) to this specific lback address
1252515893 M * Bertl and mapped back when received too
1252515940 M * Bertl (this is the HIDE_LBACK part)
1252515988 M * Bertl given that each guest has a unique lback address, they can happily coexist without clashing or security issues
1252516017 M * Bertl any questions left?
1252516047 M * raceme Bertl: many thanks for this explanation. I'll read that again when really awake :)
1252516072 J * FireEgl FireEgl@173-16-9-10.client.mchsi.com
1252516174 M * raceme Bertl: i've got another question unrelated: i'm using lenny kernel, but would like to upgrade it to at least 2.6.29 tu get ext4; from what i see on http://linux-vserver.org/Downloads#Kernel_Patches , would it be wise to go with 2.6.29-6 and vs2.3.0.36.14 ?
1252516219 M * Bertl it would probably be wiser to go for 2.6.30.x, because mainline fixed some stuff there
1252516222 M * raceme it is marked experimental but as I read on the wiki lenny kernel uses 2.3.0.35 which is also experimental ?
1252516236 M * Bertl yes correct
1252516266 M * raceme Bertl: i wanted to start with 2.6.30 but the pre7 of vs2.3.0.36.14-pre7 scared me :)
1252516284 M * Bertl raceme: it would be great if you could put up a wiki page about the lback stuff, once you're fully awake :)
1252516370 M * raceme Bertl: i'll try to write something when i have time but will ask you to read it before put in on the wiki :)
1252516394 M * Bertl that's fine with me, the -pre will go away soon, I guess
1252516424 M * raceme Bertl: so i should go with pre7 without risking to dry rivers and rain frogs on my box :)
1252516471 M * Bertl rather unlikely, but if it happens, please let us know *G*
1252516476 Q * saulus Read error: Connection reset by peer
1252516487 J * saulus ~saulus@d003030.adsl.hansenet.de
1252516518 M * raceme Bertl: well thanks for your help and availability... i'll test that soon when i have time
1252516670 M * Bertl you're welcome!
1252516794 J * hparker ~hparker@2001:470:1f0f:32c:290:96ff:fe50:40fa
1252517174 Q * puck Server closed connection
1252517179 J * puck ~puck@leibniz.catalyst.net.nz
1252517351 Q * derjohn_foo Ping timeout: 480 seconds
1252517724 J * saulus_ ~saulus@c150140.adsl.hansenet.de
1252517724 Q * saulus Read error: Connection reset by peer
1252517731 N * saulus_ SauLus
1252519250 J * fishingshrimp ~Adium@xdsl-87-79-152-67.netcologne.de
1252519766 Q * mnemoc Server closed connection
1252519780 J * mnemoc ~amery@shell.opensde.net
1252520921 M * arekm pmjdebruijn: one line fix for ocfs2
1252521062 Q * mugwump Server closed connection
1252521070 J * mugwump ~samv@watts.utsl.gen.nz
1252521634 Q * _gh_ Ping timeout: 480 seconds
1252521834 Q * fishingshrimp Quit: Leaving.
1252522077 Q * Pazzo Quit: Bye!
1252524061 Q * FireEgl Ping timeout: 480 seconds
1252524142 J * dna ~dna@100-199-103-86.dynamic.dsl.tng.de
1252524637 J * FireEgl FireEgl@173-16-9-10.client.mchsi.com
1252525504 M * pmjdebruijn arekm: ok
1252525665 Q * imcsk8 Quit: This computer has gone to sleep
1252525957 J * xdr_ ~xdr@h-239-29.A219.priv.bahnhof.se
1252526034 Q * thierryp Quit: ciao folks
1252526061 Q * xdr Ping timeout: 480 seconds
1252526447 Q * FireEgl Ping timeout: 480 seconds
1252526874 J * derjohn_foo ~aj@g228139029.adsl.alicedsl.de
1252526900 M * Mr_Smoke harry: I'll try when I get the chance. I don't have a spare box to test the non-grsec patch on at the moment, and I'd rather not reboot this one unnecessarily
1252526928 M * Mr_Smoke But apparently the php guys have been unable to reproduce the problem
1252526981 M * Bertl well, userspace memory leaks are always somehow userspace related .... i.e. even if the kernel is doing something wrong, it can only be the trigger
1252527020 M * Mr_Smoke Im not sure I get what you're saying
1252527077 M * Bertl the kernel can not 'leak' userspace memory, it can only execute userspace pathes which are not well tested (cornercases) which then leak memory
1252527077 J * FireEgl FireEgl@173-16-9-10.client.mchsi.com
1252527114 M * Bertl if your test case leaks kernel memory OTOH, it's completely unrelated to php (i.e. php is the catalyst there)
1252527174 M * Mr_Smoke I'm fairly sure it's userspace too
1252527226 M * Mr_Smoke somehow, PHP is reaching its own memory limit and killing the thread
1252527250 M * Mr_Smoke But it's not supposed to reach that limit in that particular case
1252527251 M * Bertl well, that's not unusual for php, IIRC, the default limit is 32M
1252527401 M * Mr_Smoke I'm not being clear enough
1252527421 M * Mr_Smoke I found a very simple script on bugs.php.net that someone else used as diagnostics
1252527432 M * Mr_Smoke You can find it here : http://bugs.php.net/bug.php?id=49501
1252527448 M * Mr_Smoke In a normal case, it's not breaking the limit because it's supposed to stop before
1252527474 M * Mr_Smoke in my case however, the thread gets bigger and bigger (while it shouldn't) and breaks the limit unexpectedly
1252527497 M * Mr_Smoke I've straced it a bit and it boils down to mmap2() returning ENOMEM at some point
1252527533 M * Bertl that sounds like a kernel/grsec issue
1252527540 M * Mr_Smoke F*ck :(
1252527552 M * Bertl did you check without grsec yet?
1252527554 M * Mr_Smoke How can I help tracking it down ?
1252527567 M * Mr_Smoke Other people have
1252527580 M * Bertl and?
1252527580 M * Mr_Smoke With very, very similar setups. It's not the same, I know
1252527587 M * Mr_Smoke And they're ok without grsec
1252527605 M * Mr_Smoke What I'd *really* like is find out which grsec feature causes this
1252527617 M * Mr_Smoke all the sysctl-controlled features are off at the moment
1252527621 M * Mr_Smoke So it's got to be something else
1252527625 M * Bertl well, check the mmap2 path
1252527632 M * Mr_Smoke Meaning ?
1252527695 M * Mr_Smoke What do you mean by "mmap2 path" ?
1252527705 M * Bertl follow the mmap2 syscall in the kernel source, check what modifications grsec does
1252527718 M * Bertl but first I'd double check if the grsec patch is to blame
1252527740 M * Bertl (otherwise you end up working your way through it for almost nothing :)
1252527745 M * Mr_Smoke Sure
1252527752 M * Mr_Smoke One big difference for example
1252527810 M * Mr_Smoke in my non-grsec setup, I see basically a series of write() and mremap()
1252527850 M * Mr_Smoke In the grsec one, its write(), mmap2(), mremap(), munmap()
1252527871 M * Mr_Smoke I don't know whether that's caused by a different version of PHP or something else though :/
1252527910 M * Bertl so do some more systematical testing ... e.g. get the same php setup (for example as a guest)
1252528099 M * Mr_Smoke Yeah, and non-grsec kernel ... I know I can't avoid that :/
1252528116 M * Mr_Smoke PITA, but I suppose I'll live
1252528195 Q * hparker Ping timeout: 480 seconds
1252528206 M * Mr_Smoke So that means no-one has tried PHP inside vserver+grsec yet
1252528223 M * Mr_Smoke Otherwise I'd have stumbled upon something by now
1252528244 Q * ard Quit: server kast verhuizing
1252528564 J * hparker ~hparker@2001:470:1f0f:32c:290:96ff:fe50:40fa
1252528858 M * Mr_Smoke Ok thanks for the clues
1252528881 M * Mr_Smoke I guess I'll have to temporarily take this server off-duty and do some more testing
1252528886 M * Mr_Smoke Or maybe at home, we'll see
1252528888 M * Mr_Smoke G'nite :)
1252528990 M * Bertl cya
1252529045 Q * dna Quit: Verlassend
1252529079 M * trippeh 2.6.30.6 is out
1252529094 M * trippeh Patch from Experimental/ almost applies ;)
1252529096 M * trippeh Easy fix tho.
1252529134 M * trippeh Compiles fine ;) Wonder if it runs O-K.
1252529757 Q * bonbons Quit: Leaving
1252530241 J * larsivi ~larsivi@70.84-48-63.nextgentel.com
1252530468 Q * geb Quit: /
1252530673 N * DoberMann[PullA] DoberMann[ZZZzzz]
1252532940 J * ard ~ard@shell2.kwaak.net
1252533987 Q * FireEgl Read error: Connection reset by peer
1252534636 P * ghislainocfs2 
1252534863 J * FireEgl FireEgl@173-16-9-10.client.mchsi.com
1252535336 Q * matthew-_ Ping timeout: 480 seconds
1252535465 J * brccc ~bruce@72.20.27.65
1252535479 M * brccc Howdy .. ltns :)
1252535604 J * matthew-_ ~ms@ns2.wellquite.org
1252535786 M * Bertl howdy brccc!
1252537922 Q * Hunger Quit: _._
1252538020 J * Hunger ~Hunger@Hunger.hu
1252538808 Q * Piet Remote host closed the connection
1252538850 J * Piet ~piet@659AACFMF.tor-irc.dnsbl.oftc.net
1252539109 N * morrigan morrigan_zZ