1255219549 J * badiane ~badiane@pool-72-68-164-228.nycmny.east.verizon.net
1255220159 Q * takeru Quit: takeru
1255220838 Q * hparker Remote host closed the connection
1255221536 J * Chlorek ~cokolwiek@c.sed.pl
1255222043 Q * Chlorek Quit: -
1255222393 J * Chlorek ~cokolwiek@c.sed.pl
1255222530 M * Bertl off to bed now ... have a good one everyone!
1255222539 N * Bertl Bertl_zZ
1255223469 J * hparker ~hparker@2001:470:1f0f:32c:290:96ff:fe50:40fa
1255226459 J * aj__ ~aj@e180194133.adsl.alicedsl.de
1255226863 Q * derjohn_foo Ping timeout: 480 seconds
1255229783 Q * micah Remote host closed the connection
1255230007 J * saulus_ ~saulus@c193250.adsl.hansenet.de
1255230140 J * micah ~micah@micah.riseup.net
1255230388 Q * SauLus Ping timeout: 480 seconds
1255230392 N * saulus_ SauLus
1255233455 Q * carnage Remote host closed the connection
1255233460 J * carnage ~carnage@voip-colo-74-86-148-74.link2voip.com
1255236658 J * WastePotato ~WastePota@77-101-160-58.cable.ubr08.dals.blueyonder.co.uk
1255237092 Q * hparker Quit: Read error: 104 (Peer reset by connection)
1255237306 J * hparker ~hparker@2001:470:1f0f:32c:290:96ff:fe50:40fa
1255239357 Q * WastePotato Ping timeout: 480 seconds
1255240257 J * takeru ~takeru@nttkyo586239.tkyo.nt.ftth.ppp.infoweb.ne.jp
1255244957 J * ghislainocfs2 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr
1255245801 P * takeru 
1255251391 N * Bertl_zZ Bertl
1255251395 M * Bertl morning folks!
1255253554 M * arachnist moin
1255254126 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d
1255254208 J * pmenier ~pmenier@ACaen-152-1-72-181.w83-115.abo.wanadoo.fr
1255255839 M * Bertl off for now .. got some more work in the basement, bbl ...
1255255845 N * Bertl Bertl_oO
1255256539 J * dna ~dna@69-205-103-86.dynamic.dsl.tng.de
1255259117 J * Shinsaku ~Shinsaku@chello089076140236.chello.pl
1255260461 J * BenG ~bengreen@94-169-110-10.cable.ubr22.aztw.blueyonder.co.uk
1255261903 Q * Shinsaku 
1255262228 J * doener ~doener@i59F56781.versanet.de
1255262331 Q * doener_ Ping timeout: 480 seconds
1255263507 J * jep ~jpduyx@adsl-228-22.dsl.uva.nl
1255263618 M * jep hi quick question ... i try to setup X inside a vserver ... need to use vprocunhide ... but when i try to use     /etc/vservers/MYVSERVER/apps/vprocunhide/files  ... it dows not work ... only when i use /etc/vservers/defaults/apps/vprocunhide/files it works 
1255263653 M * jep but i don't want to unhide /proc/bus/pci for every  guest on this host system  .. what is the right way .. what am i missing 
1255263866 Q * jpic Ping timeout: 480 seconds
1255263869 Q * BenG Quit: I Leave
1255264261 J * dna_ ~dna@69-205-103-86.dynamic.dsl.tng.de
1255264463 Q * dna Ping timeout: 480 seconds
1255265958 Q * larsivi Remote host closed the connection
1255267434 Q * aj__ Remote host closed the connection
1255267444 J * Shinsaku ~Shinsaku@chello089076140236.chello.pl
1255267542 J * theocrite ~Goddefroy@kim.theocrite.org
1255267547 M * theocrite hi
1255267828 J * derjohn_mob ~aj@e180194133.adsl.alicedsl.de
1255268197 Q * derjohn_mob Remote host closed the connection
1255270600 J * geb ~geb@earth.gebura.eu.org
1255270795 J * xdr ~xdr@h-239-29.A219.priv.bahnhof.se
1255271465 Q * dna_ Read error: Connection reset by peer
1255271478 J * dna_ ~dna@69-205-103-86.dynamic.dsl.tng.de
1255271482 Q * SauLus Read error: Connection reset by peer
1255271505 J * saulus ~saulus@c193250.adsl.hansenet.de
1255273884 N * Bertl_oO Bertl
1255273888 M * Bertl back now ...
1255274004 M * Bertl jep: that's expected, the proc (un)hiding is global, i.e. for all guests
1255274051 M * Bertl jep: but I think the information your X reads from /proc/bus/pci doesn't need to be dynamic or writeable, so you could get away by simply mounting a file in place
1255274067 J * WastePotato ~WastePota@77-101-160-58.cable.ubr08.dals.blueyonder.co.uk
1255274560 M * jep Bertl: ah, i thought it would be possible to have a specific procunhide config for every client beside the global one ...
1255274560 M * jep X tries to detect my pci hardware ... haven't been able to get it to start without the procunhide.  
1255274560 M * jep Is there a work around to only procunhide for a specific guest .... i would feel less secure to let all guests see my pci bus 
1255274901 M * Bertl nope, that would complicate the vprocunhide mechanism too much, because we would need to store a 'list' of allowed guests for each entry
1255274943 M * Bertl but as I said, you might get away with simply mounting a static file (or filesystem) in place, with the proper information
1255275606 M * Bertl nap attack ... bbl
1255275612 N * Bertl Bertl_zZ
1255276274 Q * WastePotato Quit: WeeChat 0.3.0
1255278065 Q * pmenier Quit: Konversation terminated!
1255278072 J * WastePotato ~WastePota@77-101-160-58.cable.ubr08.dals.blueyonder.co.uk
1255278739 M * jep Bertl: is there a link where i can find some info on how to do this ? i have some kind of fight ... not allowed to mount something over /proc/bus because the mountpoint does not exist ... but also, when i try to create a directory /proc/bus ... i am not allowed to make it because it already exists .... i think that it is hidden (!) but does exist so how could i mount something over there ?
1255278992 J * derjohn_mob ~aj@e180194133.adsl.alicedsl.de
1255279111 M * jep X complains with the following, when it cannot access /proc/bus/pci/
1255279111 M * jep xf86PciVideoInfo is not set
1255279111 M * jep Could not get primary PCI info
1255279111 M * jep Aborted
1255280965 M * transacid did anyone try runit yet. i seem to run into problems cause the debain configure script wants to init q but that's not really possible
1255281066 M * daniel_hozac for everything using inittab, you need to set the initstyle to plain.
1255282035 M * transacid daniel_hozac: thanks
1255282453 Q * Shinsaku 
1255284706 Q * geb Ping timeout: 480 seconds
1255284775 J * geb ~geb@earth.gebura.eu.org
1255285500 J * BenG ~bengreen@94-169-110-10.cable.ubr22.aztw.blueyonder.co.uk
1255286443 Q * BenG Quit: I Leave
1255287044 N * Bertl_zZ Bertl
1255287060 M * Bertl back now ...
1255287115 M * Bertl jep: make /proc/bus itself visible inside the guests, then put a --bind mount entry into the guest config's fstab
1255287246 M * daniel_hozac Bertl: won't the proc hiding still hide the dentry from lookup?
1255287266 M * Bertl should work fine, but let me check that :)
1255287419 M * Bertl works flawlessly here on 2.6.29.2-vs2.3.0.36.12 ... (I was already logged on there to test :)
1255287436 M * daniel_hozac cool.
1255287539 M * Bertl btw, does recent util-vserver allow file based --bind mounts (via config fstab)?
1255287547 M * daniel_hozac not yet.
1255287563 M * Bertl that would really be nice to have, what's the problem there?
1255287582 M * daniel_hozac it requires some code. :)
1255287644 M * Bertl okay, I somewhat thought it would be the same (userspace wise) than the other bind mounts ...
1255287661 M * daniel_hozac no, because of the way we do mounts to avoid symlink attacks.
1255287691 M * daniel_hozac we chroot to the guest, cd to the mount point, and mount it at .
1255287704 M * daniel_hozac (after chrooting back to the host)
1255287738 M * Bertl okay, so the code for that would require to identify the source as file, then move to the dir above that and do the --bind mount?
1255287751 M * daniel_hozac yes.
1255287823 M * Bertl k, do you have any estimation when you could get around adding that? (before I dive into the code and provide a patch :)
1255287847 M * daniel_hozac not at the moment.
1255287864 M * daniel_hozac lots of real life business unfortunately :(
1255287893 M * Bertl that depends on the kind of business (the unfortunately part) ..
1255287902 M * daniel_hozac hehe
1255287907 M * daniel_hozac true.
1255287936 M * Bertl so I hope it is more 'fortunately' for you than actually 'unfortunately' :)
1255287945 M * daniel_hozac yeah.
1255287973 M * Bertl good, do you see any problems with adding a patch which does that? any security concerns or similar?
1255287981 M * daniel_hozac no.
1255287990 M * daniel_hozac i just haven't had time.
1255288041 M * Bertl np, is there a quick howto for using the svn version, i.e. what to run to get a configureable and buildable version?
1255288074 M * Bertl (basically how to make one of your tar snapshots from that)
1255288138 M * daniel_hozac http://people.linux-vserver.org/~dhozac/t/mkuvrel.sh
1255288158 M * daniel_hozac it accepts an svn diff on stdin to make a custom tarball.
1255288192 M * daniel_hozac (no arguments required)
1255288548 M * Bertl hmm .. I tried to run it without any stdin, it fails with: cp: cannot stat `./ChangeLog': No such file or directory
1255288560 M * daniel_hozac you need to have svn2cl installed.
1255288593 M * daniel_hozac auto*, svn, and svn2cl should be only requirements.
1255288642 M * Bertl ah, yes, that seems to work perfectly, thanks a lot!
1255288731 J * ViRUS ~mp@p579B5218.dip.t-dialin.net
1255289579 Q * Piet_ Quit: Piet_
1255290004 J * Piet ~piet@04ZAABFB9.tor-irc.dnsbl.oftc.net
1255290346 Q * geb Ping timeout: 480 seconds
1255292150 Q * badiane Ping timeout: 480 seconds
1255293000 Q * Chlorek Quit: -
1255293123 J * Chlorek ~cokolwiek@82.210.156.165
1255293537 J * BenG ~bengreen@94-169-110-10.cable.ubr22.aztw.blueyonder.co.uk
1255293976 J * agaffney ~agaffney@71-81-81-131.dhcp.stls.mo.charter.com
1255294008 M * agaffney I'm trying to get a NFS server working inside a vserver guest
1255294022 M * agaffney I know that the kernel nfsd doesn't work, so I'm trying unfs3
1255294043 M * Bertl okay?
1255294062 M * agaffney when I start it inside my guest, it "hangs" for a while and then complains "Cannot register service: RPC: Timed out" and "unable to register (NFS3_PROGRAM, NFS_V3, udp)."
1255294071 M * agaffney is there some "trick" to this?
1255294100 M * Bertl sounds like it isn't able to contact the portmapper
1255294124 J * geb ~geb@earth.gebura.eu.org
1255294173 M * agaffney I'm doing this in gentoo, and the unfs3 ebuild doesn't require portmap, only rpcbind, which is started first
1255294184 M * agaffney I wonder if I actually need portmap as well
1255294203 M * daniel_hozac rpcbind is a portmap replacement.
1255294216 M * agaffney that's what I thought
1255294259 M * Bertl my best guess would be loopback isolation and single_ip special casing :)
1255294289 M * Bertl btw, daniel_hozac: can we work around that in userspace somehow?
1255294309 M * daniel_hozac making sure they're not both set for the context?
1255294311 M * agaffney Bertl: eh? :P
1255294324 M * daniel_hozac i guess, but what if someone wants that behavior?
1255294365 M * Bertl daniel_hozac: i.e. either default to the old 'lback' setting when no lback is specified, or disable single_ip if not explicitely listed when auto_lback/lback is enabled?
1255294397 M * Bertl I can work around that in the kernel too, but it would exactly do what you are worried about
1255294410 M * Bertl agaffney: what kernel, how many guest IPs?
1255294443 M * agaffney 2.6.29.6-vs2.3.0.36.14 and only 1 running guest
1255294451 M * agaffney with 1 IP
1255294504 M * Bertl okay, my assumption is that your rpcbind binds to 127.0.0.1 (which is a sane thing to do), and your kernel is configured to special case the single IP case (which is also a sane thing per se)
1255294560 M * Bertl now, the problem is, that with single_ip specialcasing, rpcbind and any request, ends up at the one IP your guest uses
1255294576 M * agaffney http://dpaste.com/105886/
1255294581 M * agaffney nope, it's binding to the eth0 IP
1255294585 M * Bertl and most likely gets rejected, because it checks for 'local' (i.e. 127.0.0.1) requests only
1255294622 M * Bertl simply add ~single_ip in the guest configs cflags and restart your guest
1255294627 M * daniel_hozac nflags
1255294637 M * Bertl right
1255294718 M * agaffney that seems to have done the trick
1255294734 M * agaffney I'm still new to vserver, so I have no idea what the single_ip behavior is
1255294770 M * agaffney or why disabling it worked
1255294797 M * Bertl normally bindings to 0.0.0.0 (IP_ADDR_ANY) have to be checked against all guest IPs, the single_ip special casing allows the kernel to simply replace that address with the one IP assigned to the guest
1255294851 M * Bertl this works perfectly fine when the lback address is also set to that address (you can check that by removing the ~single_ip flag and instead setting lback to the same ip)
1255294852 M * agaffney ok, so that's why everything was listening on 192.168.0.21:* instead of 0.0.0.0:* without me having to configure each daemon that way
1255294863 M * Bertl precisely
1255294902 M * agaffney so I just can't run nfsd on my host or any other guests
1255294910 M * agaffney since 111 and 2049 are in use for 0.0.0.0
1255294917 M * Bertl unfortunately another option, the AUTO_LBACK assigns a 127.x.y.1 ip to the guest
1255294937 M * Bertl (as lback address) which is used to do loopback isolation
1255294957 M * Bertl nope, the guest is _always_ restricted to the guest IP(s)
1255294993 M * agaffney so what's the benefit of the SINGLE_IP behavior?
1255294999 M * Bertl i.e. you can run and bind to 0.0.0.0 on any other guest, just do not bind to 0.0.0.0 on the host, as it will not be restricted there and grab _all_ IP(s) including the guests
1255295012 M * Bertl the benefit is simply performance
1255295052 M * Bertl checking against a list of IPs, even if it contains a single item is slower than not checking at all :)
1255295250 M * agaffney ah
1255295277 M * agaffney now I get to fight with unfsd not liking nfsd's exports format :P
1255295338 A * agaffney needs to hang out here
1255295345 J * badiane ~badiane@pool-72-68-164-228.nycmny.east.verizon.net
1255295657 Q * geb Ping timeout: 480 seconds
1255295701 Q * Chlorek Quit: Reconnecting
1255295702 J * Chlorek ~cokolwiek@c.sed.pl
1255295788 J * ghislainocfs21 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr
1255295967 Q * ghislainocfs2 Read error: Operation timed out
1255296286 J * uva_ bno@118-168-235-242.dynamic.hinet.net
1255296319 M * Bertl agaffney: no problem, hang out as long as you like ...
1255296492 J * geb ~geb@79.82.4.173
1255296731 Q * uva Ping timeout: 480 seconds
1255296884 A * agaffney cries a little
1255296886 Q * jep Ping timeout: 480 seconds
1255296889 M * agaffney unfs3 doesn't support file locking
1255296975 M * Bertl IIRC, samba does :)
1255296982 M * agaffney yeah....
1255297004 M * agaffney I'm just wondering if I'm masochistic enough to share my portage tree with CIFS instead of NFS
1255297020 M * agaffney currently, it's being shared via NFS from my vserver host
1255297030 M * agaffney but I'm moving all the NAS functionality into a vserver guest
1255297053 M * Bertl maybe extend unfs3 ...
1255297086 M * agaffney that assumes a level of non-laziness that I don't have :P
1255297101 M * Bertl daniel_hozac: how does the following look for you? http://vserver.13thfloor.at/Stuff/delta-file-bindmount-feat01.diff
1255297388 M * agaffney mounting with -o nolock seems to help :P
1255297397 M * agaffney assuming I don't actually care about the server-side locking
1255297631 J * blues ~blues@agh12.neoplus.adsl.tpnet.pl
1255297747 Q * blues_ Ping timeout: 480 seconds
1255298937 Q * WastePotato Ping timeout: 480 seconds
1255300317 Q * dna_ Quit: Verlassend
1255300536 Q * saulus Remote host closed the connection
1255301923 Q * ghislainocfs21 Quit: Leaving.
1255302042 N * morrigan morrigan_zZ
1255302458 Q * krushik Remote host closed the connection
1255303421 J * WastePotato ~WastePota@77-101-160-58.cable.ubr08.dals.blueyonder.co.uk
1255304486 Q * bonbons Quit: Leaving
1255304632 Q * WastePotato Quit: WeeChat 0.3.0