1265935531 J * petzsch ~markus@dslb-092-078-154-157.pools.arcor-ip.net 1265935580 Q * petzsch 1265935885 Q * jrklein Remote host closed the connection 1265935968 J * routinedecilit ~routinede@spock.makeitsoyoubonehead.biz 1265935995 J * jrklein ~jrklein@2001:0:53aa:64c:0:5aeb:b4d8:690 1265936299 J * Diareal ~Diareal@201.171.11.127.dsl.dyn.telnor.net 1265936481 Q * Diareal autokilled: possible spambot. Mail support@oftc.net with questions. (2010-02-12 01:01:21) 1265936572 Q * dowdle Remote host closed the connection 1265941853 M * Bertl off to bed now ... have a good one everyone! 1265941858 N * Bertl Bertl_zZ 1265947087 Q * balbir Ping timeout: 480 seconds 1265947267 J * SauLus_ ~SauLus@c135160.adsl.hansenet.de 1265947678 Q * SauLus Ping timeout: 480 seconds 1265947679 N * SauLus_ SauLus 1265947824 J * balbir ~balbir@122.172.56.13 1265952356 J * ghislain ~AQUEOS@adsl2.aqueos.com 1265955830 Q * balbir Read error: Connection reset by peer 1265956767 J * balbir ~balbir@122.172.106.198 1265958521 M * incd Hey, With vserver gentoo container, I can't get correct IP, I get "SIOCSIFADDR: Permission denied, SIOCSIFFLAGS: Permission denied, SIOCSIFBRDADDR: Permission denied ... etc" 1265958556 M * incd When running "ifconfig eth0 81.17x.xxx.xxx broadcast 81.17x.xxx.xxx netmask 255.255.xxx.xxx up" 1265958574 M * incd I've also tried setting those values to etc/conf.d/net. 1265958724 J * derjohn_mob ~aj@d003182.adsl.hansenet.de 1265959209 Q * derjohn_mob Ping timeout: 480 seconds 1265960567 Q * balbir Read error: Connection reset by peer 1265961402 N * Bertl_zZ Bertl 1265961508 J * balbir ~balbir@122.172.53.90 1265962274 Q * hijacker Quit: Leaving 1265963325 M * Bertl morning folks! 1265963392 J * cluk ~cluk@p5B17EAE1.dip.t-dialin.net 1265965149 J * derjohn_mob ~aj@213.238.45.2 1265965584 M * Mr_Smoke incd: you shouldn't use /etc/conf.d/net 1265965594 M * Mr_Smoke The IP settings live in /etc/vservers 1265966171 M * transaci1 is there a wiki page which lists what prevents stabilization of 2.3.0.* or which needs extra testing? 1265966223 M * Bertl not that I know of ... but basically we have ipv6/v4 issues and testing of the memory cgroup replacement left 1265966227 M * transaci1 incd: you have to do that in the host system in /etc/vservers not inside the guest 1265966261 M * transaci1 never heard of cgroup 1265966382 M * Mr_Smoke Bertl: how about the grsec patch ? 1265966389 M * Bertl transaci1: http://linux-vserver.org/util-vserver:Cgroups 1265966398 M * Bertl Mr_Smoke: hmm? 1265966402 M * Mr_Smoke I've been meaning to give [Rick's?] patch a try but havent foudn the time yet 1265966413 M * Mr_Smoke Bertl: 2.3.x + grsec, I mean 1265966423 M * Bertl well, Harry maintains that 1265966424 M * Mr_Smoke (probably Harry's patch actually) 1265966429 M * Mr_Smoke Yeah, thought so. 1265966444 M * transaci1 Bertl: thanks will look at that 1265966454 M * Mr_Smoke I need to set it up and try it out then. 1265966850 N * DoberMann[ZZZzzz] DoberMann 1265967119 Q * nkukard Read error: Connection reset by peer 1265967652 Q * quasisane Server closed connection 1265967660 J * quasisane ~sanep@c-75-67-251-206.hsd1.nh.comcast.net 1265968201 J * petzsch ~markus@dslb-088-075-122-160.pools.arcor-ip.net 1265968291 Q * petzsch 1265968421 J * nkukard ~nkukard@196.212.73.74 1265969194 J * kir ~kir@swsoft-msk-nat.sw.ru 1265969787 J * gnuk ~F404ror@pla93-3-82-240-11-251.fbx.proxad.net 1265971292 Q * DoberMann Ping timeout: 480 seconds 1265971423 J * bobnormal ~irc@87-194-32-179.bethere.co.uk 1265971426 M * bobnormal morning! 1265971743 M * bobnormal i have a question, i'm trying to get clear in my mind what each of the nflags do and have been using vattributs --xid `cat /etc/vservers//context` --set --flag 1265971760 M * bobnormal however some of the flags, such as hide_lback and lback_remap and single_ip dont seem to set 1265971769 M * bobnormal whilst others like persistent and hide_netif do 1265971771 M * bobnormal why is that 1265971784 M * bobnormal are some flags not possible to set realtime, while others are? 1265971791 M * Bertl util-vserver version? 1265971814 M * bobnormal 0.30.216-pre2855; Nov 23 2009 1265971851 M * Bertl should work fine, note that they are probably set by default 1265971878 M * bobnormal they dont show on the same command line with --get 1265971879 M * Bertl also note that the network context is not necessarily the same as the process context 1265971894 M * bobnormal yep but if you dont set it it will default to the same, correct? 1265971904 M * Bertl yep 1265971958 M * bobnormal 'xid' does not seem particularly obviously the process context or the network context id since i believe vattribute allows setting/getting flags for both ... xid = network context id when doing nflags, and context id when doing caps ? 1265971977 M * Bertl what does 'nattribute --get --nid 42' give you? (adjust the 42 to match your nid) 1265972011 M * Bertl ah, you are using vattribtue instead of nattribute? 1265972025 M * bobnormal ncapabilities: raw_icmp and nflags: hide_netif,state_admin 1265972048 M * bobnormal yep as per the wiki docs - util-vserver Cheatsheet 1265972060 J * taenzerme ~Adium@static-87-79-237-223.netcologne.de 1265972069 M * Bertl well, that is probably wrong then, vattribute is for process context only 1265972078 M * Bertl nattribute is the equivalent for the network context 1265972083 M * bobnormal but it did let me set/unset the 'hide_netif' flag 1265972100 M * bobnormal are there two of those flags, one against ncontext and one against context? 1265972100 M * Bertl because that is a legacy flag, see http://linux-vserver.org/Capabilities_and_Flags 1265972113 M * bobnormal ok 1265972124 M * Bertl we had that on the process context before the network context was separated 1265972125 M * bobnormal so the main thing is, avoid using vattribute for network-related attributes 1265972128 M * bobnormal even though it might work 1265972136 M * bobnormal ? 1265972142 M * Bertl well, it won't work 1265972159 M * bobnormal its output changed and the behaviour inside the vserver changed 1265972287 M * Bertl sounds like a bug/feature in util-vserver, recent kernels do not know that flag on a process context 1265972339 Q * ktwilight_ Ping timeout: 480 seconds 1265972459 J * DoberMann ~james@cap31-6-88-180-72-76.fbx.proxad.net 1265973394 M * bobnormal bertl: where it says L = legacy (only supported if legacy enabled), does that mean that nattribute --get --nid output will only display the flag if it's actually in effect, or can you still set it but it just doesn't take effect? and is legacy set at build-time or runtime? 1265973573 M * Bertl you can set and even get the flags anytime, they just won't have any effect if legacy support is disabled 1265973583 M * Bertl (which is a kernel compile time option) 1265973589 M * bobnormal ok thanks 1265973894 M * bobnormal strange 1265973906 M * bobnormal i set hide_netif with nattribute and it doesnt take effect 1265973913 M * bobnormal as it did with vattribute 1265973974 M * Bertl what kernel do you use? 1265974027 M * bobnormal this one is on 2.6.22-vs2.2.0.7 1265974034 M * bobnormal i have a newer one as well with grsec 1265974043 M * bobnormal but on a different VM 1265974077 M * Bertl so, on that one you probably have legacy on 1265974105 M * bobnormal whats the kernel config option, zcat /proc/config.gz | grep ? 1265974119 M * Bertl LEGACY 1265974128 M * bobnormal CONFIG_VSERVER_LEGACY is not set 1265974133 M * bobnormal CONFIG_VSERVER_LEGACYNET is not set 1265974208 M * Bertl I don't have a 2.6.22 kernel/patch at hand to check, but you won't get that result with a vs2.3.x kernel :) 1265974239 M * bobnormal ok thats fine i only care about the newer release 1265974252 M * bobnormal i will switch my explorations to that one 1265975656 M * Bertl nap attack ... bbl 1265975662 M * bobnormal later :) 1265975665 N * Bertl Bertl_zZ 1265980100 J * hijacker ~hijacker@213.91.163.5 1265980186 J * barismetin ~barismeti@zanzibar.inria.fr 1265980934 Q * hijacker Quit: Leaving 1265981152 Q * barismetin Remote host closed the connection 1265981273 J * barismetin ~barismeti@zanzibar.inria.fr 1265981573 J * hijacker ~hijacker@213.91.163.5 1265981975 Q * barismetin Remote host closed the connection 1265982104 J * barismetin ~barismeti@zanzibar.inria.fr 1265982359 Q * jrdnyquist Remote host closed the connection 1265982596 J * petzsch ~markus@dslb-094-222-079-204.pools.arcor-ip.net 1265982676 M * bobnormal bertl: with 2.6.31.11-grsec2.1.14-vs2.3.0.36.28 neither nattribute nor vattribute to set hide_netif is taking effect 1265982705 M * Mr_Smoke bobnormal: how long have you been running this kernel, out of curiosity , 1265982718 M * bobnormal week or so 1265982755 M * Mr_Smoke Sweet. Any issues ? I'm longing for a stable grsec kernel 1265982782 M * bobnormal no issues so far 1265982796 M * Mr_Smoke Sweet. 1265982802 M * bobnormal i've just finished making an easy-install CD of it including precompiled amd64 kernel + utils as a standard server environment at work 1265982809 M * bobnormal gentoo-based 1265982814 M * Mr_Smoke I think you posted onto the ML about it 1265982824 M * bobnormal i dont think so :) 1265982829 M * bobnormal anyway it works nicely. 1265982831 M * Mr_Smoke Oh, nvm then :) 1265982832 M * bobnormal (so far) 1265982842 M * bobnormal what i am trying to do now is get a handle on all the different nflags/capabilities 1265982845 M * Mr_Smoke Hm that was Rick sth 1265982845 M * bobnormal to lock down my environments 1265982851 M * Mr_Smoke And it was 2.6.31.6 1265982853 M * Mr_Smoke Ok 1265982866 M * bobnormal but i am finding issues with different kernels/util-vserver releases 1265982874 M * bobnormal where setting a flag doesnt necessarily effect the environment 1265982881 M * bobnormal or setting a flag using one tool works but not another 1265982884 M * Mr_Smoke Hm, I wouldn't know about that :/ 1265982886 M * bobnormal none of this appears to be documented anywhere 1265982890 M * bobnormal so im trying to get to the bottom of it 1265982899 M * bobnormal quite time consuming :) 1265982900 M * Mr_Smoke If you'd document that, that would be great :) 1265982905 M * Mr_Smoke Yeah I assume :) 1265982926 M * bobnormal im making a dialog frontend so you can enable/disable flags on the fly or in a config before starting a vserver 1265982953 M * Mr_Smoke Sweet² :) 1265983109 J * Piet ~Piet__@04ZAAAA60.tor-irc.dnsbl.oftc.net 1265983241 J * jrdnyquist ~jrdnyquis@slayer.caro.net 1265984323 M * bobnormal on 2.6.31.11-grsec2.1.14-vs2.3.0.36.28 setting hide_netif using nattribute --set --nid X --flag 'hide_netif' hides only lo, not eth0 in the running guest 1265984346 M * bobnormal util-vserver 0.30.215; jan 29 2010 1265984363 M * Mr_Smoke Just out of curiosity again, why hide eth0 ? 1265984390 M * bobnormal i dunno im just trying to figure out what all these flags do .. and that is different behaviour to the older version i run 1265984416 M * Mr_Smoke oh ok 1265984529 J * Pazzo ~ugelt@reserved-225136.rol.raiffeisen.net 1265985852 Q * geb Server closed connection 1265985894 J * geb ~geb@mars.gebura.eu.org 1265985993 A * harry knows... i have to look at the grsec stuff again... 1265986007 M * harry btw. i'm rik ;) 1265986052 A * harry makes food now... cya'll 1265986508 M * bobnormal see you :) 1265986645 Q * derjohn_mob Ping timeout: 480 seconds 1265986847 M * bobnormal mr_smoke: one good thing about hiding interfaces is that you cant tell the amount of traffic on the host as a howle (eg: other vservers) which might have security implications (cryptanalysis, traffic analysis) 1265986890 M * bobnormal mr_smoke: s/howle/whole/g <-- how did that happen? :) 1265987188 M * micah wtf, the left mouse button stops working 1265987206 Q * barismetin Remote host closed the connection 1265988028 Q * taenzerme Quit: Leaving. 1265988474 Q * hijacker Quit: Leaving 1265989569 J * hijacker ~hijacker@213.91.163.5 1265989585 Q * Pazzo Quit: Bye! 1265990136 J * ktwilight ~ktwilight@53.190-247-81.adsl-dyn.isp.belgacom.be 1265991739 M * Mr_Smoke bobnormal: hey I had never paid attention to these counters, well spotted indeed 1265991812 Q * petzsch Quit: Leaving. 1265992382 Q * jrdnyquist Remote host closed the connection 1265992608 J * jrdnyquist ~jrdnyquis@slayer.caro.net 1265992896 J * dowdle ~dowdle@scott.coe.montana.edu 1265992920 N * DoberMann DoberMann[PullA] 1265992968 J * derjohn_mob ~aj@tmo-101-187.customers.d1-online.com 1265993142 J * petzsch ~markus@dslb-094-222-079-204.pools.arcor-ip.net 1265993145 Q * petzsch 1265993469 Q * Piet Ping timeout: 480 seconds 1265993477 J * shahrul shahrul@97.20.111.218.klj02-home.tm.net.my 1265993649 Q * derjohn_mob Ping timeout: 480 seconds 1265994163 Q * shahrul 1265994289 M * harry bobnormal: i've got a 2.6.32.8 patch ready... 1265994298 M * harry diffing now, will upload it in a jiffy 1265994307 M * harry testing... underway :) 1265994310 M * Mr_Smoke Ah :) 1265994319 M * Mr_Smoke I was just about to start compiling 2.6.31.6 1265994323 M * Mr_Smoke Guess I'll wait a bit :) 1265994376 M * Mr_Smoke harry: basically, is there any notable difference between the latest kernels for which you've made the grsec patch ? 1265994380 M * harry haha 1265994399 M * harry depends 1265994416 M * Mr_Smoke Hm ... meanin ? :) 1265994424 M * harry what kernel you used to use 1265994436 M * Mr_Smoke Heh 1265994437 M * harry between the 2.6.31.11 and the new one: not much 1265994442 M * Mr_Smoke 2.6.22 ;) 1265994443 M * harry just migration 1265994447 M * harry on that... yeah 1265994467 M * harry a lot of grsec stuff changed, a lot of pax, and vserver 1265994472 M * _are_ I seem once agai to have this very generic 'vcontext: execvp("/etc/init.d/rc"): No such file or directory' error. Tools are 216, /etc/init.d/rc exists and is executable including the full path to it, #!/bin/sh referenced there is valid as well. The system ran on a different host, same disk, same tools, same kernel minutes before I restarted on the current host. I am a bit lost. 1265994473 M * Mr_Smoke Well for one thing I know that i shouldn't expect any more oopses from LVM, that's already a nice improvement 1265994516 M * harry it's online 1265994540 M * harry just wait max 1 hour for the site to update 1265994552 M * harry or get it from http://people.linux-vserver.org/~harry/ 1265994563 M * harry right now i'll test if it compiles 1265994574 M * harry (i don't expect problems, but you never know...) 1265994671 M * bobnormal anyone know if CONFIG_VETH in the kernel will work with vServers? 1265994730 M * bobnormal harry: thanks, what bugs will the new patch fix? 1265994744 M * _are_ bobnormal: should work, regardless if that is eth0:0 or eth0.6 stuff, I ahve both in use 1265994791 M * harry bob: goh... don't know 1265994806 M * harry there's a refcount problem that has been solved in 2.6.31.11 1265994817 J * derjohn_mob ~aj@tmo-109-125.customers.d1-online.com 1265994824 M * harry but in this special release... the normal kernel bugs 1265994829 M * harry and grsecurity bugs 1265994834 M * harry vserver patch is still the same 1265994914 M * Mr_Smoke Ok let's get your patch then :) 1265995014 M * bobnormal thanks harry 1265995057 M * harry np 1265995068 M * harry that's what i'm hree for :) 1265995145 M * Mr_Smoke Indeed, many thanks :) 1265995160 M * Mr_Smoke Heh, vanilla 2.6.32.8 hasn't hit portage yet ? 1265995163 M * Mr_Smoke Let's resync 1265995171 M * bobnormal ip link add name funk type veth peer name funkette 1265995178 M * bobnormal ^-- works :) 2 new interfaces! happy happy 1265995178 M * harry it just came out 1265995198 M * Mr_Smoke Sometimes I wonder how BSD jails would compare to linux-vserver 1265995204 M * bobnormal mr_smoke: we run both 1265995214 M * Mr_Smoke bobnormal: oh really ? what's your take then ? 1265995253 M * bobnormal mr_smoke: i havent looked at the admin side of bsd jails, freebsd8 is supposed to have lots of new features .. we need lightweight virtualisation for video processing and both vservers and bsd jails seem to work fine 1265995290 M * Mr_Smoke I need reasonable process isolation, linux binary compatibility, and IPv6 :) 1265995306 M * Mr_Smoke Never used BSD much, as an admin 1265995436 M * bobnormal ipv6 .. played with it in ~2000 and haven't touched it since, so can't help with that. linux binary compatibility works in freebsd but im sure if you have many weird libraries or closed-source stuff expecting certain library versions then it's going to be a pain 1265995469 M * Mr_Smoke Hmkay 1265995481 M * Mr_Smoke I have a spare HDD in that one box, I might set up a BSD onto it 1265995485 M * harry fbsd is more stable... 1265995488 M * Mr_Smoke can grub boot BSD ? 1265995489 M * bobnormal i think we use linux binary compatibility with realserver on freebsd 7.x without too many issues 1265995517 M * bobnormal i only use freebsd because our cto loves it and forces it upon us 1265995525 M * Mr_Smoke Is there something comparable to LVM in FBSD ? 1265995532 M * Mr_Smoke I really like that LVM snapshot feature 1265995538 M * harry that... i do not know 1265995541 M * Mr_Smoke 1 VM per vserver, snapshot, and there you go 1265995541 M * harry i suppose 1265995565 M * bobnormal fbsd8 has that new funky sun filesystem with snapshots... forget the name .. played with it quite heavily and on opensolaris late last year 1265995595 M * bobnormal fbsd7.x implementation was what we tested heavily 1265995598 M * bobnormal which was lacking 1265995653 M * Mr_Smoke Oh ZFS 1265995662 M * harry zorro filesystem! :) 1265995674 M * Mr_Smoke Zaphod FileSystem :p 1265995691 M * harry zaphod's a loser compared to zorro ;) 1265995698 M * harry (coding makes me crazy) 1265995710 Q * cluk Quit: Ex-Chat 1265995788 M * bobnormal that reminds of scrabble with Z the other day ... azure 1265995799 M * harry haha... playing mp3's is 8x more cpu intensive than playing full-hd movies 1265995849 M * bobnormal visualisation? 1265995850 Q * jrklein Quit: jrklein 1265995874 M * harry nope 1265995877 M * harry ubuntu 1265995881 M * harry mythbuntu :) 1265995899 M * harry vdpau stuff is really cool :) 1265995916 M * harry 2% cpu usage when playing full-hd h264 stuff 1265995923 M * harry 16% on certain mp3's :) 1265995926 M * harry (E8400) 1265995986 M * bobnormal i am looking for an ethernet-bridging like solution between vservers and the host's physical ethernet 1265995989 M * bobnormal proxy arp seems to be the go 1265995992 M * bobnormal has anyone tried something similar 1265995998 M * harry i do nat :) 1265996014 M * harry phone... 1265996034 M * _are_ bobnormal: when I once needed 'real' seperate mac-adresses I used tap-devices and vde2 1265996034 M * Mr_Smoke I've done nat too, at some point 1265996054 M * bobnormal im attempting to implement a frontend for util-vserver/etc-vservers-blah/iptables/anything-else-required to mimic the default options on vmware-workstation 1265996070 M * bobnormal ie: you just say 'this vserver, add a network card, make it bridge to my adapter Y' 1265996082 M * bobnormal i've got NAT going already, that's very straightforward 1265996089 M * _are_ apart from that a vserver doesn't have a network interface on its own, it just has access to one, so eth0:5 is just fine and has real access 1265996169 M * bobnormal _are_: yes i dont quite understand how the network interface access works except that there are lots of options like single_ip and limits to raw sockets etc. 1265996199 M * bobnormal _are_: tap devices and vde2 = easy to get working? 1265996214 M * _are_ bobnormal: basically VServer is an isolation of existing resources, not a virtualization of 'new' devices 1265996249 M * _are_ without extra fuss you can't add a 'new' network interface to a vserver, no matter if it is eth* or tap*, you always add it to the host and give the vserer access to it 1265996299 M * _are_ well, I got the tap+vde2 up and running, but I think it is to much trouble for basically the simple adding of IPs to a VSerer unless you really need the MAC adrress seperate 1265996361 M * bobnormal _are_: i got CONFIG_VETH working in a vserver-enabled kernel, which is just virtual ethernet devices in pairs .. theoretically i could then connect vservers to one end of that, route out the other, and have managed ethernet bridging between the real ethernet adaptor and the other end of the veth pair, right? im just not sure all that complexity is really required 1265996380 M * _are_ no 1265996390 M * bobnormal _are_: it would facilitate a new MAC though... 1265996398 M * bobnormal _are_: is there any other way to give a vServer a new MAC? 1265996398 M * _are_ a VServer has no seperate interface, so this additional step makes no sense in a vserver setup 1265996420 M * bobnormal i see 1265996438 M * bobnormal good for performance but frustrating in the 'i wanna mac address' scenario... 1265996451 M * _are_ the new mac i did with the tap0 + vde2 stuff, I am not fully sure if the MAC adress survives once it leaves the box via the bridge device 1265996459 M * _are_ yes 1265996478 M * bobnormal ok, i will try to get that working as an exercise 1265996487 M * bobnormal thanks a lot :) this channel is very interesting 1265996836 M * bobnormal ok back tomorrow + Monday 1265996845 M * bobnormal bye all :) have a good weekend! 1265996846 Q * bobnormal Quit: . 1265996925 J * thierryp ~thierry@lns-bzn-47f-62-147-212-202.adsl.proxad.net 1265997027 Q * thierryp 1265997685 M * harry kernel compiles nicely 1265998267 N * Bertl_zZ Bertl 1265998768 J * barismetin ~barismeti@jua06-1-82-242-159-114.fbx.proxad.net 1265998807 Q * gnuk Quit: NoFeature 1265999619 Q * balbir Ping timeout: 480 seconds 1266000088 Q * jrdnyquist Remote host closed the connection 1266000263 J * balbir ~balbir@122.172.51.182 1266000309 J * niki ~niki@94.145.207.11 1266000433 J * jrdnyquist ~jrdnyquis@slayer.caro.net 1266001769 J * vServer_User_Zz ~vserver@host90-152-15-246.ipv4.regusnet.com 1266001793 N * vServer_User_Zz vServer_User 1266001829 Q * derjohn_mob Ping timeout: 480 seconds 1266001905 Q * vServer_User 1266001926 J * vserver_guy ~vserver@host90-152-15-246.ipv4.regusnet.com 1266002411 J * derjohn_mob ~aj@tmo-101-57.customers.d1-online.com 1266002708 Q * barismetin Remote host closed the connection 1266003129 J * fzylogic ~fzylogic@dsl081-243-128.sfo1.dsl.speakeasy.net 1266003862 M * kolorafa hi, do some of you try to bind part of cgroup fs info vserver? thx for help 1266004023 J * barismetin ~barismeti@jua06-1-82-242-159-114.fbx.proxad.net 1266004482 Q * kir Quit: Leaving. 1266004619 Q * barismetin Remote host closed the connection 1266004647 N * vserver_guy vServer_User_Zz 1266004717 J * hijacker_ ~hijacker@87-126-142-51.btc-net.bg 1266005228 Q * hijacker_ Remote host closed the connection 1266005308 Q * derjohn_mob Ping timeout: 480 seconds 1266005438 J * petzsch ~markus@dslb-094-222-079-204.pools.arcor-ip.net 1266005603 M * Bertl kolorafa: hmm? 1266005610 Q * petzsch 1266005643 M * kolorafa i am thinking how to mount (bind a slice) of cgroup into vserver (guest) 1266005670 M * Bertl a cgroup created inside the guest? 1266005693 M * kolorafa just to modify part of tree of cgroup from guest 1266005730 M * Bertl well, for security reasons, you cannot access a cgroup config from inside that cgroup 1266005738 M * Bertl would kind-of defeat the purpose 1266005773 M * kolorafa i'm trying to use 'cpuacct' to summary user cpu load 1266005790 J * petzsch ~markus@dslb-094-222-079-204.pools.arcor-ip.net 1266005794 M * kolorafa or maybe you know better solution? :) 1266005948 M * kolorafa thx for any advice :) 1266006039 M * Bertl well, you want to get user load inside the guest for a group of processes or for all of them? 1266006105 M * kolorafa both will be good, the basic is for count php user load, but if it count any user load it will be better 1266006160 M * Bertl did you enable VIRT_LOAD for the guest? it should do what you want 1266006176 M * Bertl i.e. present a virtual load average inside the guest for just guest processes 1266006178 M * kolorafa now i use php that run minimum 1s and script what scan /proc/ and read statos of process, for 15min of scan in interval 1s it uses 0,00001% of cpu, so its ok but i am searching for better solution 1266006197 M * kolorafa but i would like to count user load not guest load 1266006211 M * Bertl you mean, load per user? 1266006221 J * barismetin ~barismeti@jua06-1-82-242-159-114.fbx.proxad.net 1266006232 M * kolorafa yes, sorry for not clearly write it 1266006252 M * Bertl well, you need to create one cgroup for each user then 1266006264 M * Bertl not sure it works that well for accounting though 1266006276 M * kolorafa now my script only count a process that works more than 1s, so iam trying to use cgroup or something similar 1266006331 M * Bertl it is rather trivial to do that at kernel level, but I don't think it is that easy to accomplish with existing mechanisms 1266006340 M * kolorafa if process is in some eg 'all guest group' that (i think) is lost of power that it was a separated group? 1266006371 M * Bertl nah, cgroups can be nested (at least they should be) 1266006462 M * kolorafa so from guest is forbidden to access (binded) cgroup or im makeing something wrong? 1266006512 M * Bertl it is forbidden to access the cgroup used for that guest or any cgroup above that 1266006526 M * Bertl it is allowed to access cgroups hierarchically below that cgroup 1266006562 M * kolorafa (but i have problem in binding it :D probably wrong thinking) 1266006563 M * Bertl but you would need to create a cgroup for each user anyway 1266006604 M * kolorafa i know that, but its low pay for haveing a nice "load per user" :) 1266006619 M * Bertl I wouldn't count on that :) 1266006641 M * Bertl actually I guess you'll get significant overhead if you have like 20+ users or so 1266006705 M * Bertl I would look into the process accounting framework, it is rather lightweight and should be able to do at least part of what you want 1266006847 M * Bertl it doesn't give you real-time info, but post mortem accounting data 1266006880 M * Bertl for 'load per user' you'll need some kernel modifications 1266006982 M * kolorafa thinking actual solution is good, because i only read /proc/*/stat to memory and then once on 15m parse it, it works well, but the problem is that i dont have any idea to count process that runs shorter than 1s (thats why i use php with time limit 10s) 1266006990 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1266007272 Q * barismetin Remote host closed the connection 1266007927 M * kolorafa O ! the simplest solution, use (modifed) file like: time echo "