1267574454 J * imcsk8 ~ichavero@148.229.1.11 1267574548 Q * imcsk8 1267575192 Q * harry Read error: Connection reset by peer 1267575194 J * harry ~harry@d51A461B4.access.telenet.be 1267576423 M * biz hello harry, could you tell me exactly which grsecurity patch you've used for the vserver merge? So far I can find 4 different patches of grsecurity-2.1.14-2.6.32.8 1267576453 M * biz The timestamp in the filename of your merged patch doesn't match any of them 1267576468 M * biz http://wolfram.schlich.org/linux/misc/kernel/grsecurity/ (or is there more of them?) :-) 1267576573 Q * ncopa Ping timeout: 480 seconds 1267576597 M * biz I'm just creating a patch-2.6.32.9-vs2.3.0.36.29.2-grsec2.1.14-201002231820 and got all conflicts solved, but now I'm curious what additional changes are necessary (except for syntactical or obvious logical problems) 1267576667 M * biz if I would know your base grsec patch I could trace them more easily :) 1267576802 M * biz (I'm comparing the diffs of "grsec on top of vserver patched kernel" and "grsec on top of vanilla kernel"...) 1267576972 M * biz Bertl_zZ: FYI, I'm currently running your latest patch-2.6.32.9-vs2.3.0.36.29.2.diff ... no problems yet (well, just running for 2h on a test system) 1267577319 Q * tpo Ping timeout: 480 seconds 1267577857 M * biz Bertl_zZ: as for testing, I'm running patch-2.6.32.8-vs2.3.0.36.29.1-grsec2.1.14-20100224.diff in production on 2 servers (for ~2weeks now), everything basic works fine. No IPv6, no cgroups, "nodev" setup... 1267577980 M * biz going to migrate some others too, but they need IA32 emulation support, so I need to wait (or play around trying to merge it myself) for the next vserver+grsec patch since the current one has broken IA32 support on amd64 1267578738 J * Floops ~baihu@64.210.44.2 1267578807 M * Floops i setup vserver.. but when i create the virtual machine.. it will not accept any passwd i have made on it 1267578812 M * Floops is there something i am missing 1267578865 M * biz virtual machine, huh? 1267578878 M * biz so you have created a vserver guest? 1267578899 M * Floops vserver guest 1267578905 M * Floops sorry wrong term 1267578916 M * Floops yes the guest is there.. but i can't ssh to it 1267578927 M * Floops for some reason it would not accept passwd 1267578946 M * biz can you enter the guest from the host system? 1267578987 M * Floops yes i have enter guest 1267578995 M * Floops and change passwd 1267579000 M * Floops but still can't login to box 1267579031 M * biz does "netstat -tulpen" within the guest show sshd running where you expect it? 1267579130 M * biz Floops: see also http://linux-vserver.org/Frequently_Asked_Questions#When_I_try_to_ssh_to_the_guest.2C_I_log_into_the_host.2C_even_if_I_installed_sshd_on_the_guest._What.27s_wrong_here.3F 1267579153 M * biz you're probably trying to lock into the host's sshd, not the guest's 1267579159 M * biz s/lock/log/ 1267579188 M * Floops even if i put correct ip address 1267579194 M * Floops i can still be going to host and not guess 1267579230 M * Floops i will read link to find more info 1267579242 M * Floops netstat command giv eme no results tho 1267579271 M * biz depends on how you configure your guest interfaces/ips and how sshd on the host is configured (eg. listen on all addresses) and if the host's sshd was started before you start your guest (most probably) 1267579327 M * biz in a common vserver setup, just edit /etc/ssh/sshd_config on the host system and set an explicit ListenAddress (don't set the guest ip because you will want to bind that from within the guest) 1267579968 M * biz bbl 1267580084 M * Floops thanks biz 1267580088 M * Floops i heard this before 1267580093 M * Floops but that was source of my problem 1267580098 M * Floops i have it resolved now 1267582622 Q * kwowt 1267587067 J * imcsk8 ~ichavero@189.155.113.183 1267587927 Q * imcsk8 Quit: This computer has gone to sleep 1267588842 J * SauLus_ ~SauLus@c135128.adsl.hansenet.de 1267589254 Q * SauLus Ping timeout: 480 seconds 1267589254 N * SauLus_ SauLus 1267591448 J * imcsk8 ~ichavero@189.244.53.254 1267592745 J * Hunger ~Hunger@Hunger.hu 1267593879 Q * imcsk8 synthon.oftc.net oxygen.oftc.net 1267593879 Q * DreamerC_ synthon.oftc.net oxygen.oftc.net 1267593879 Q * AndrewLe1 synthon.oftc.net oxygen.oftc.net 1267593879 Q * fback synthon.oftc.net oxygen.oftc.net 1267593879 Q * DLange synthon.oftc.net oxygen.oftc.net 1267593879 Q * mnemoc synthon.oftc.net oxygen.oftc.net 1267593879 Q * Marillion synthon.oftc.net oxygen.oftc.net 1267593879 Q * fLoo synthon.oftc.net oxygen.oftc.net 1267593879 Q * gdm synthon.oftc.net oxygen.oftc.net 1267593879 Q * karasz synthon.oftc.net oxygen.oftc.net 1267593966 J * DLange ~DLange@dlange.user.oftc.net 1267593975 J * Marillion ~dirk@hetzner4.127011.net 1267593992 J * karasz ~karasz@shell.opensde.net 1267594008 J * fback fback@red.fback.net 1267594035 J * fLoo ~fLoo@fs.coresec.de 1267594048 J * AndrewLee ~andrew@u7.hlc.edu.tw 1267594085 J * gdm ~gdm@lair.fifthhorseman.net 1267594122 J * DreamerC ~DreamerC@122-116-181-118.HINET-IP.hinet.net 1267594227 J * imcsk8 ~ichavero@189.244.53.254 1267595331 J * mart ~mart@122-62-16-132.jetstream.xtra.co.nz 1267595353 P * mart 1267597170 Q * imcsk8 Quit: This computer has gone to sleep 1267598439 J * ncopa ~ncopa@ti211310a081-0483.bb.online.no 1267598699 J * ghislain ~AQUEOS@adsl2.aqueos.com 1267599013 Q * ncopa Ping timeout: 480 seconds 1267599158 J * ncopa ~ncopa@63.24.34.95.customer.cdi.no 1267599247 Q * Romster Ping timeout: 480 seconds 1267599748 J * Romster ~romster@202.168.100.149.dynamic.rev.eftel.com 1267601259 Q * derjohn_mob Ping timeout: 480 seconds 1267601340 J * fleischergesell ~fleischer@dslb-088-076-062-146.pools.arcor-ip.net 1267601904 Q * ncopa Ping timeout: 480 seconds 1267601915 J * ncopa ~ncopa@180.40.189.109.customer.cdi.no 1267603117 J * sharkjaw ~gab@90.149.121.45 1267603533 N * Bertl_zZ Bertl 1267603537 M * Bertl morning folks! 1267603546 M * Bertl biz: thanks for the feedback! 1267603681 J * petzsch ~markus@dslb-092-078-230-107.pools.arcor-ip.net 1267603690 Q * bXi Quit: Lost terminal 1267603854 M * arekm bonbonsss 1267607098 J * kir ~kir@swsoft-msk-nat.sw.ru 1267607941 P * kir Leaving. 1267607963 J * mnemoc ~amery@shell.opensde.net 1267609146 J * thierryp ~thierry@home.parmentelat.net 1267609252 J * derjohn_mob ~aj@213.238.45.2 1267609847 J * gnuk ~F404ror@pla93-3-82-240-11-251.fbx.proxad.net 1267612714 M * pmjdebruijn Bertl: may I privmsg you? 1267612793 M * Bertl yep 1267612921 J * ghislain1 ~AQUEOS@adsl2.aqueos.com 1267613194 Q * ghislain Ping timeout: 480 seconds 1267614824 M * petzsch some times i miss the old days :) http://bit.ly/cgY3xy 1267614854 Q * thierryp Remote host closed the connection 1267614868 J * thierryp ~thierry@home.parmentelat.net 1267614994 Q * thierryp Remote host closed the connection 1267615217 A * mnemoc doesn't miss small black/green screens 1267615404 M * Bertl maybe the amber ones? :) 1267615498 M * mnemoc those were cute :) 1267615627 M * sid3windr how about those you could switch between green and amber! 1267615647 A * mnemoc didn't know of those 1267615705 A * petzsch started on an Apple II GS with lots of color :) 1267615928 M * Floops is there any document or example of applying ipv6 address to guest 1267616042 M * Bertl applying as in configuring? 1267616054 M * Bertl if so, you configure them the same way you do with ipv4 1267616112 M * Floops ip add 1267616119 M * Floops for ipv6.. soo it is same process 1267616122 M * Floops thanks 1267616138 M * sid3windr you add them manually instead of configuring it in util-vserver? :P 1267616382 M * Floops ok 1267616385 M * Floops soo this process 1267616386 M * Floops ip addr add 194.169.123.23/24 dev eth0 1267616392 M * Floops that u use here for ipv4 1267616397 M * Floops u can use for ipv6 as well 1267616440 M * Bertl yes 1267616548 M * Floops ty 1267616797 M * yang Floops: ip -6 addr add /64 dev ethX 1267616812 M * yang then "naddress" to attach them into guests 1267617101 M * yang Bertl: the RSS size applies to the Physical amount of RAM ? 1267617369 M * Bertl RSS is resident set size, i.e pages in physical ram 1267617609 Q * petzsch Quit: Leaving. 1267617664 M * yang Floops: these setting should be applied on host (gate) 1267617672 J * thierryp ~thierry@home.parmentelat.net 1267620595 J * balbir ~balbir@122.248.163.1 1267620782 Q * zbyniu Server closed connection 1267620784 J * zbyniu ~zbyniu@ip-62.181.188.13.static.crowley.pl 1267620903 Q * DelTree Server closed connection 1267620915 J * DelTree ~deplagne@goldorak3.eric.deplagne.name 1267620963 Q * sladen Server closed connection 1267620970 J * sladen ~paul@starsky.19inch.net 1267621896 M * biz harry: thanks for the new patch! :-) 1267621903 M * biz will try it immediately 1267622244 J * barismetin ~barismeti@zanzibar.inria.fr 1267623544 Q * julius Server closed connection 1267623545 J * julius ~julius@217.20.127.15 1267624766 Q * FloodServ synthon.oftc.net services.oftc.net 1267625095 J * FloodServ services@services.oftc.net 1267625384 Q * balbir Ping timeout: 480 seconds 1267625761 Q * thierryp Remote host closed the connection 1267631149 Q * http203 Remote host closed the connection 1267631186 J * thierryp ~thierry@home.parmentelat.net 1267631704 J * http203 ~http203@d80h232.public.uconn.edu 1267632000 Q * sharkjaw Remote host closed the connection 1267633170 J * dowdle ~dowdle@scott.coe.montana.edu 1267633184 Q * fleischergesell Ping timeout: 480 seconds 1267633768 Q * thierryp Quit: ciao folks 1267633776 J * strub ~vincent@ASt-Lambert-151-1-31-245.w82-124.abo.wanadoo.fr 1267634284 T * * http://linux-vserver.org/ |stable 2.2.0.7, exp 2.3.0.36.28, grsec 2.3.0.36.28|util-vserver-0.30.216-pre2864| He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the Wiki, and we forget about the minute. 1267634284 T * Bertl - 1267634338 M * strub harry: about patch-2.6.32.9-vs2.3.0.36.29.2-grsec2.1.14-20100303.diff 1267634348 M * strub it doesn't boot on my setup 1267634370 M * strub the issue seems to be at fs/exec.c:setup_arg_pages() 1267634397 Q * Guy- Server closed connection 1267634404 M * strub there's a '/* Move stack pages down in memory. */' code block that the grsec patch moves up a few lines 1267634404 J * Guy- ~korn@195.56.55.102 1267634417 M * strub your patch actually duplicates it 1267634431 Q * FloodServ Service unloaded 1267634465 M * strub so exec() doesn't really work, and the kernel panics when execing init 1267634480 M * strub removing the duplicate code block fixes it for me 1267634484 J * FloodServ services@services.oftc.net 1267635000 M * biz strub, harry: indeed, I've just encountered the same problem. fs/exec.c lines 631-636 and 657-662 are duplicates 1267635044 M * strub harry: yep, that's the one :) 1267635056 M * biz strub: did you remove the upper (grsec) or lower (vanilla) block? 1267635070 M * strub harry: I removed the lower block 1267635077 M * strub kept the grsec one 1267635089 M * biz I'm not harry :D 1267635100 M * strub oops :) 1267635120 M * Bertl but he'll read up ... 1267635126 J * imcsk8 ~ichavero@148.229.1.11 1267636092 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1267636770 Q * barismetin Quit: Leaving... 1267637569 J * balbir ~balbir@122.172.58.121 1267637786 M * biz harry: http://biz.baze.de/pics/linux-2.6.32.9-grsec2.1.14-vs2.3.0.36.29.2-noexec.png 1267637846 M * biz (this was before removing the duplicate code block) 1267638058 Q * ncopa Quit: Ex-Chat 1267638154 N * ensc Guest19 1267638164 J * ensc ~irc-ensc@93.159.121.26 1267638188 Q * Guest19 Ping timeout: 480 seconds 1267638984 Q * matthew-_ Server closed connection 1267638996 J * matthew-_ ~ms@ns2.wellquite.org 1267639096 J * ichavero_ ~ichavero@148.229.1.11 1267639249 Q * derjohn_mob Ping timeout: 480 seconds 1267639348 M * harry argh... damn 1267639593 M * harry i'll fix it 1267639754 M * Bertl balbir: any news on the hard cfs side? 1267640586 J * derjohn_mob ~aj@c152237.adsl.hansenet.de 1267640816 M * harry i think it's fixed now 1267640824 M * harry i still don't get how the error got there 1267640829 M * harry really bizar!! 1267640830 M * harry :( 1267640889 M * Bertl if you got duplicate sections, most likely a hunk applied at the wrong place 1267640907 M * harry i manually applied both grsec and vserver patches 1267640914 M * harry seperately 1267640922 M * Bertl i.e. there are two functions which need patching, and both hunks go to the same function/place 1267640923 M * harry tomorrow , i'll look on my work pc where it went wrong 1267640945 M * harry odd part is, there was a grsec part missing in my patch of before too... :s 1267640979 M * harry anyway, should be ok now 1267640983 M * biz patch -F 0 ftw 1267640986 M * harry didn't change the name tough... 1267640991 M * biz harry: I'll test now :) 1267641020 Q * ex Server closed connection 1267641024 J * ex ex@valis.net.pl 1267641025 M * harry tnx 1267641030 M * harry i'll stay around... 1267641487 J * speed47 ~speed@2001:41d0:1:98a7:babe:cafe:c0ca:1 1267641874 Q * bonbons Read error: Connection reset by peer 1267642096 Q * gnuk Quit: NoFeature 1267642396 Q * yang Server closed connection 1267642400 J * yang yang@yang.netrep.oftc.net 1267643191 M * biz works fine so far... 1267643507 M * harry woeptidoooooooo ;Ã) 1267643810 J * tpo ~tpo@77-58-243-181.dclient.hispeed.ch 1267644010 Q * trippeh Server closed connection 1267644012 J * trippeh atomt@uff.ugh.no 1267644570 M * biz thanks harry :)) 1267645044 Q * tpo Ping timeout: 480 seconds 1267645127 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1267645208 Q * bonbons 1267645287 M * harry np 1267645341 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1267646474 Q * Wonka Server closed connection 1267646475 J * Wonka produziert@chaos.in-kiel.de 1267646644 Q * strub Remote host closed the connection 1267647219 J * ntrs ~ntrs@77.29.5.153 1267647370 Q * Bertl Server closed connection 1267647372 J * Bertl herbert@IRC.13thfloor.at 1267648428 J * tpo ~tpo@77-58-243-181.dclient.hispeed.ch 1267649946 Q * BobR Server closed connection 1267649947 J * BobR odie@IRC.13thfloor.at 1267651644 Q * tpo Ping timeout: 480 seconds 1267652910 Q * bonbons Remote host closed the connection 1267653025 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1267654281 Q * bonbons Quit: Leaving 1267654622 Q * ichavero_ Quit: This computer has gone to sleep 1267655882 Q * weasel Server closed connection 1267655887 J * weasel ~weasel@weasel.noc.oftc.net 1267656027 J * tpo ~tpo@77-58-243-181.dclient.hispeed.ch 1267656505 Q * ghislain1 Quit: Leaving. 1267656681 N * DoberMann DoberMann[ZZZzzz] 1267656893 Q * imcsk8 Quit: Leaving 1267657634 Q * ktwilight__ Read error: Connection reset by peer 1267657646 J * ktwilight ~keliew@91.178.159.151 1267659275 J * ntrs_ ~ntrs@77.29.6.110 1267659706 Q * ntrs Ping timeout: 480 seconds