1255219549 J * badiane ~badiane@pool-72-68-164-228.nycmny.east.verizon.net 1255220159 Q * takeru Quit: takeru 1255220838 Q * hparker Remote host closed the connection 1255221536 J * Chlorek ~cokolwiek@c.sed.pl 1255222043 Q * Chlorek Quit: - 1255222393 J * Chlorek ~cokolwiek@c.sed.pl 1255222530 M * Bertl off to bed now ... have a good one everyone! 1255222539 N * Bertl Bertl_zZ 1255223469 J * hparker ~hparker@2001:470:1f0f:32c:290:96ff:fe50:40fa 1255226459 J * aj__ ~aj@e180194133.adsl.alicedsl.de 1255226863 Q * derjohn_foo Ping timeout: 480 seconds 1255229783 Q * micah Remote host closed the connection 1255230007 J * saulus_ ~saulus@c193250.adsl.hansenet.de 1255230140 J * micah ~micah@micah.riseup.net 1255230388 Q * SauLus Ping timeout: 480 seconds 1255230392 N * saulus_ SauLus 1255233455 Q * carnage Remote host closed the connection 1255233460 J * carnage ~carnage@voip-colo-74-86-148-74.link2voip.com 1255236658 J * WastePotato ~WastePota@77-101-160-58.cable.ubr08.dals.blueyonder.co.uk 1255237092 Q * hparker Quit: Read error: 104 (Peer reset by connection) 1255237306 J * hparker ~hparker@2001:470:1f0f:32c:290:96ff:fe50:40fa 1255239357 Q * WastePotato Ping timeout: 480 seconds 1255240257 J * takeru ~takeru@nttkyo586239.tkyo.nt.ftth.ppp.infoweb.ne.jp 1255244957 J * ghislainocfs2 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1255245801 P * takeru 1255251391 N * Bertl_zZ Bertl 1255251395 M * Bertl morning folks! 1255253554 M * arachnist moin 1255254126 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1255254208 J * pmenier ~pmenier@ACaen-152-1-72-181.w83-115.abo.wanadoo.fr 1255255839 M * Bertl off for now .. got some more work in the basement, bbl ... 1255255845 N * Bertl Bertl_oO 1255256539 J * dna ~dna@69-205-103-86.dynamic.dsl.tng.de 1255259117 J * Shinsaku ~Shinsaku@chello089076140236.chello.pl 1255260461 J * BenG ~bengreen@94-169-110-10.cable.ubr22.aztw.blueyonder.co.uk 1255261903 Q * Shinsaku 1255262228 J * doener ~doener@i59F56781.versanet.de 1255262331 Q * doener_ Ping timeout: 480 seconds 1255263507 J * jep ~jpduyx@adsl-228-22.dsl.uva.nl 1255263618 M * jep hi quick question ... i try to setup X inside a vserver ... need to use vprocunhide ... but when i try to use /etc/vservers/MYVSERVER/apps/vprocunhide/files ... it dows not work ... only when i use /etc/vservers/defaults/apps/vprocunhide/files it works 1255263653 M * jep but i don't want to unhide /proc/bus/pci for every guest on this host system .. what is the right way .. what am i missing 1255263866 Q * jpic Ping timeout: 480 seconds 1255263869 Q * BenG Quit: I Leave 1255264261 J * dna_ ~dna@69-205-103-86.dynamic.dsl.tng.de 1255264463 Q * dna Ping timeout: 480 seconds 1255265958 Q * larsivi Remote host closed the connection 1255267434 Q * aj__ Remote host closed the connection 1255267444 J * Shinsaku ~Shinsaku@chello089076140236.chello.pl 1255267542 J * theocrite ~Goddefroy@kim.theocrite.org 1255267547 M * theocrite hi 1255267828 J * derjohn_mob ~aj@e180194133.adsl.alicedsl.de 1255268197 Q * derjohn_mob Remote host closed the connection 1255270600 J * geb ~geb@earth.gebura.eu.org 1255270795 J * xdr ~xdr@h-239-29.A219.priv.bahnhof.se 1255271465 Q * dna_ Read error: Connection reset by peer 1255271478 J * dna_ ~dna@69-205-103-86.dynamic.dsl.tng.de 1255271482 Q * SauLus Read error: Connection reset by peer 1255271505 J * saulus ~saulus@c193250.adsl.hansenet.de 1255273884 N * Bertl_oO Bertl 1255273888 M * Bertl back now ... 1255274004 M * Bertl jep: that's expected, the proc (un)hiding is global, i.e. for all guests 1255274051 M * Bertl jep: but I think the information your X reads from /proc/bus/pci doesn't need to be dynamic or writeable, so you could get away by simply mounting a file in place 1255274067 J * WastePotato ~WastePota@77-101-160-58.cable.ubr08.dals.blueyonder.co.uk 1255274560 M * jep Bertl: ah, i thought it would be possible to have a specific procunhide config for every client beside the global one ... 1255274560 M * jep X tries to detect my pci hardware ... haven't been able to get it to start without the procunhide. 1255274560 M * jep Is there a work around to only procunhide for a specific guest .... i would feel less secure to let all guests see my pci bus 1255274901 M * Bertl nope, that would complicate the vprocunhide mechanism too much, because we would need to store a 'list' of allowed guests for each entry 1255274943 M * Bertl but as I said, you might get away with simply mounting a static file (or filesystem) in place, with the proper information 1255275606 M * Bertl nap attack ... bbl 1255275612 N * Bertl Bertl_zZ 1255276274 Q * WastePotato Quit: WeeChat 0.3.0 1255278065 Q * pmenier Quit: Konversation terminated! 1255278072 J * WastePotato ~WastePota@77-101-160-58.cable.ubr08.dals.blueyonder.co.uk 1255278739 M * jep Bertl: is there a link where i can find some info on how to do this ? i have some kind of fight ... not allowed to mount something over /proc/bus because the mountpoint does not exist ... but also, when i try to create a directory /proc/bus ... i am not allowed to make it because it already exists .... i think that it is hidden (!) but does exist so how could i mount something over there ? 1255278992 J * derjohn_mob ~aj@e180194133.adsl.alicedsl.de 1255279111 M * jep X complains with the following, when it cannot access /proc/bus/pci/ 1255279111 M * jep xf86PciVideoInfo is not set 1255279111 M * jep Could not get primary PCI info 1255279111 M * jep Aborted 1255280965 M * transacid did anyone try runit yet. i seem to run into problems cause the debain configure script wants to init q but that's not really possible 1255281066 M * daniel_hozac for everything using inittab, you need to set the initstyle to plain. 1255282035 M * transacid daniel_hozac: thanks 1255282453 Q * Shinsaku 1255284706 Q * geb Ping timeout: 480 seconds 1255284775 J * geb ~geb@earth.gebura.eu.org 1255285500 J * BenG ~bengreen@94-169-110-10.cable.ubr22.aztw.blueyonder.co.uk 1255286443 Q * BenG Quit: I Leave 1255287044 N * Bertl_zZ Bertl 1255287060 M * Bertl back now ... 1255287115 M * Bertl jep: make /proc/bus itself visible inside the guests, then put a --bind mount entry into the guest config's fstab 1255287246 M * daniel_hozac Bertl: won't the proc hiding still hide the dentry from lookup? 1255287266 M * Bertl should work fine, but let me check that :) 1255287419 M * Bertl works flawlessly here on 2.6.29.2-vs2.3.0.36.12 ... (I was already logged on there to test :) 1255287436 M * daniel_hozac cool. 1255287539 M * Bertl btw, does recent util-vserver allow file based --bind mounts (via config fstab)? 1255287547 M * daniel_hozac not yet. 1255287563 M * Bertl that would really be nice to have, what's the problem there? 1255287582 M * daniel_hozac it requires some code. :) 1255287644 M * Bertl okay, I somewhat thought it would be the same (userspace wise) than the other bind mounts ... 1255287661 M * daniel_hozac no, because of the way we do mounts to avoid symlink attacks. 1255287691 M * daniel_hozac we chroot to the guest, cd to the mount point, and mount it at . 1255287704 M * daniel_hozac (after chrooting back to the host) 1255287738 M * Bertl okay, so the code for that would require to identify the source as file, then move to the dir above that and do the --bind mount? 1255287751 M * daniel_hozac yes. 1255287823 M * Bertl k, do you have any estimation when you could get around adding that? (before I dive into the code and provide a patch :) 1255287847 M * daniel_hozac not at the moment. 1255287864 M * daniel_hozac lots of real life business unfortunately :( 1255287893 M * Bertl that depends on the kind of business (the unfortunately part) .. 1255287902 M * daniel_hozac hehe 1255287907 M * daniel_hozac true. 1255287936 M * Bertl so I hope it is more 'fortunately' for you than actually 'unfortunately' :) 1255287945 M * daniel_hozac yeah. 1255287973 M * Bertl good, do you see any problems with adding a patch which does that? any security concerns or similar? 1255287981 M * daniel_hozac no. 1255287990 M * daniel_hozac i just haven't had time. 1255288041 M * Bertl np, is there a quick howto for using the svn version, i.e. what to run to get a configureable and buildable version? 1255288074 M * Bertl (basically how to make one of your tar snapshots from that) 1255288138 M * daniel_hozac http://people.linux-vserver.org/~dhozac/t/mkuvrel.sh 1255288158 M * daniel_hozac it accepts an svn diff on stdin to make a custom tarball. 1255288192 M * daniel_hozac (no arguments required) 1255288548 M * Bertl hmm .. I tried to run it without any stdin, it fails with: cp: cannot stat `./ChangeLog': No such file or directory 1255288560 M * daniel_hozac you need to have svn2cl installed. 1255288593 M * daniel_hozac auto*, svn, and svn2cl should be only requirements. 1255288642 M * Bertl ah, yes, that seems to work perfectly, thanks a lot! 1255288731 J * ViRUS ~mp@p579B5218.dip.t-dialin.net 1255289579 Q * Piet_ Quit: Piet_ 1255290004 J * Piet ~piet@04ZAABFB9.tor-irc.dnsbl.oftc.net 1255290346 Q * geb Ping timeout: 480 seconds 1255292150 Q * badiane Ping timeout: 480 seconds 1255293000 Q * Chlorek Quit: - 1255293123 J * Chlorek ~cokolwiek@82.210.156.165 1255293537 J * BenG ~bengreen@94-169-110-10.cable.ubr22.aztw.blueyonder.co.uk 1255293976 J * agaffney ~agaffney@71-81-81-131.dhcp.stls.mo.charter.com 1255294008 M * agaffney I'm trying to get a NFS server working inside a vserver guest 1255294022 M * agaffney I know that the kernel nfsd doesn't work, so I'm trying unfs3 1255294043 M * Bertl okay? 1255294062 M * agaffney when I start it inside my guest, it "hangs" for a while and then complains "Cannot register service: RPC: Timed out" and "unable to register (NFS3_PROGRAM, NFS_V3, udp)." 1255294071 M * agaffney is there some "trick" to this? 1255294100 M * Bertl sounds like it isn't able to contact the portmapper 1255294124 J * geb ~geb@earth.gebura.eu.org 1255294173 M * agaffney I'm doing this in gentoo, and the unfs3 ebuild doesn't require portmap, only rpcbind, which is started first 1255294184 M * agaffney I wonder if I actually need portmap as well 1255294203 M * daniel_hozac rpcbind is a portmap replacement. 1255294216 M * agaffney that's what I thought 1255294259 M * Bertl my best guess would be loopback isolation and single_ip special casing :) 1255294289 M * Bertl btw, daniel_hozac: can we work around that in userspace somehow? 1255294309 M * daniel_hozac making sure they're not both set for the context? 1255294311 M * agaffney Bertl: eh? :P 1255294324 M * daniel_hozac i guess, but what if someone wants that behavior? 1255294365 M * Bertl daniel_hozac: i.e. either default to the old 'lback' setting when no lback is specified, or disable single_ip if not explicitely listed when auto_lback/lback is enabled? 1255294397 M * Bertl I can work around that in the kernel too, but it would exactly do what you are worried about 1255294410 M * Bertl agaffney: what kernel, how many guest IPs? 1255294443 M * agaffney 2.6.29.6-vs2.3.0.36.14 and only 1 running guest 1255294451 M * agaffney with 1 IP 1255294504 M * Bertl okay, my assumption is that your rpcbind binds to 127.0.0.1 (which is a sane thing to do), and your kernel is configured to special case the single IP case (which is also a sane thing per se) 1255294560 M * Bertl now, the problem is, that with single_ip specialcasing, rpcbind and any request, ends up at the one IP your guest uses 1255294576 M * agaffney http://dpaste.com/105886/ 1255294581 M * agaffney nope, it's binding to the eth0 IP 1255294585 M * Bertl and most likely gets rejected, because it checks for 'local' (i.e. 127.0.0.1) requests only 1255294622 M * Bertl simply add ~single_ip in the guest configs cflags and restart your guest 1255294627 M * daniel_hozac nflags 1255294637 M * Bertl right 1255294718 M * agaffney that seems to have done the trick 1255294734 M * agaffney I'm still new to vserver, so I have no idea what the single_ip behavior is 1255294770 M * agaffney or why disabling it worked 1255294797 M * Bertl normally bindings to 0.0.0.0 (IP_ADDR_ANY) have to be checked against all guest IPs, the single_ip special casing allows the kernel to simply replace that address with the one IP assigned to the guest 1255294851 M * Bertl this works perfectly fine when the lback address is also set to that address (you can check that by removing the ~single_ip flag and instead setting lback to the same ip) 1255294852 M * agaffney ok, so that's why everything was listening on 192.168.0.21:* instead of 0.0.0.0:* without me having to configure each daemon that way 1255294863 M * Bertl precisely 1255294902 M * agaffney so I just can't run nfsd on my host or any other guests 1255294910 M * agaffney since 111 and 2049 are in use for 0.0.0.0 1255294917 M * Bertl unfortunately another option, the AUTO_LBACK assigns a 127.x.y.1 ip to the guest 1255294937 M * Bertl (as lback address) which is used to do loopback isolation 1255294957 M * Bertl nope, the guest is _always_ restricted to the guest IP(s) 1255294993 M * agaffney so what's the benefit of the SINGLE_IP behavior? 1255294999 M * Bertl i.e. you can run and bind to 0.0.0.0 on any other guest, just do not bind to 0.0.0.0 on the host, as it will not be restricted there and grab _all_ IP(s) including the guests 1255295012 M * Bertl the benefit is simply performance 1255295052 M * Bertl checking against a list of IPs, even if it contains a single item is slower than not checking at all :) 1255295250 M * agaffney ah 1255295277 M * agaffney now I get to fight with unfsd not liking nfsd's exports format :P 1255295338 A * agaffney needs to hang out here 1255295345 J * badiane ~badiane@pool-72-68-164-228.nycmny.east.verizon.net 1255295657 Q * geb Ping timeout: 480 seconds 1255295701 Q * Chlorek Quit: Reconnecting 1255295702 J * Chlorek ~cokolwiek@c.sed.pl 1255295788 J * ghislainocfs21 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1255295967 Q * ghislainocfs2 Read error: Operation timed out 1255296286 J * uva_ bno@118-168-235-242.dynamic.hinet.net 1255296319 M * Bertl agaffney: no problem, hang out as long as you like ... 1255296492 J * geb ~geb@79.82.4.173 1255296731 Q * uva Ping timeout: 480 seconds 1255296884 A * agaffney cries a little 1255296886 Q * jep Ping timeout: 480 seconds 1255296889 M * agaffney unfs3 doesn't support file locking 1255296975 M * Bertl IIRC, samba does :) 1255296982 M * agaffney yeah.... 1255297004 M * agaffney I'm just wondering if I'm masochistic enough to share my portage tree with CIFS instead of NFS 1255297020 M * agaffney currently, it's being shared via NFS from my vserver host 1255297030 M * agaffney but I'm moving all the NAS functionality into a vserver guest 1255297053 M * Bertl maybe extend unfs3 ... 1255297086 M * agaffney that assumes a level of non-laziness that I don't have :P 1255297101 M * Bertl daniel_hozac: how does the following look for you? http://vserver.13thfloor.at/Stuff/delta-file-bindmount-feat01.diff 1255297388 M * agaffney mounting with -o nolock seems to help :P 1255297397 M * agaffney assuming I don't actually care about the server-side locking 1255297631 J * blues ~blues@agh12.neoplus.adsl.tpnet.pl 1255297747 Q * blues_ Ping timeout: 480 seconds 1255298937 Q * WastePotato Ping timeout: 480 seconds 1255300317 Q * dna_ Quit: Verlassend 1255300536 Q * saulus Remote host closed the connection 1255301923 Q * ghislainocfs21 Quit: Leaving. 1255302042 N * morrigan morrigan_zZ 1255302458 Q * krushik Remote host closed the connection 1255303421 J * WastePotato ~WastePota@77-101-160-58.cable.ubr08.dals.blueyonder.co.uk 1255304486 Q * bonbons Quit: Leaving 1255304632 Q * WastePotato Quit: WeeChat 0.3.0