1274055971 J * misc- ~misc@202-154-80-42.people.net.au
1274056041 M * misc- hi all, I've got a guest which will not shut down, because within the guest it has mounted a network drive (smb) and it won't let me unmount it (can't killall -9 mount). I think what's happened is that the guest has mounted the share multiple times (thanks to the monitoring system)
1274056054 M * misc- is there a way I can forcibly kill the guest or the mount process? 
1274062326 Q * balbir Read error: Connection reset by peer
1274063086 J * balbir ~balbir@122.172.1.56
1274063737 J * derjohn_mob ~aj@e180214040.adsl.alicedsl.de
1274067109 Q * derjohn_mob Ping timeout: 480 seconds
1274070965 J * imcsk8 ~ichavero@evdomip-32-239.iusacell.net
1274071508 M * daniel_hozac misc-: check dmesg
1274071514 M * daniel_hozac (on the host)
1274071783 Q * balbir Ping timeout: 480 seconds
1274072229 M * misc- daniel_hozac: ah ok... ok after sifting through the cron errors, I do get something:
1274072231 M * misc- CIFS VFS: Send error in SessSetup = -13
1274072238 M * misc- CIFS VFS: cifs_mount failed w/return code = -2
1274072295 M * misc- not sure if that's related but that's the only relevant thing I can find
1274072388 M * misc- trying a rmmod -f cifs on the host
1274072522 M * misc- seems to be hanging there
1274073085 M * misc- can't killall -9 cifsd, either. Hmmm
1274073601 J * derjohn_mob aj@80.187.147.73
1274074817 J * petzsch ~markus@dslb-094-222-079-190.pools.arcor-ip.net
1274074934 Q * imcsk8 Ping timeout: 480 seconds
1274075013 J * imcsk8 ~ichavero@189.231.51.47
1274075626 Q * Piet Remote host closed the connection
1274075686 J * Piet ~Piet__@82VAAAQG9.tor-irc.dnsbl.oftc.net
1274076363 Q * derjohn_mob Ping timeout: 480 seconds
1274076388 J * derjohn_mob ~aj@80.187.147.73
1274076834 J * balbir ~balbir@122.248.161.59
1274078341 J * swenTjuln ~kvirc@217.72.66.253
1274078414 Q * imcsk8 Ping timeout: 480 seconds
1274078491 J * imcsk8 ~ichavero@evdomip-32-239.iusacell.net
1274079327 J * mtg ~mtg@port-87-193-189-26.static.qsc.de
1274080938 J * ghislain ~AQUEOS@adsl2.aqueos.com
1274081679 Q * imcsk8 Quit: This computer has gone to sleep
1274081970 Q * derjohn_mob Ping timeout: 480 seconds
1274082893 J * kir ~kir@swsoft-msk-nat.sw.ru
1274083268 J * dna ~dna@122-213-103-86.dynamic.dsl.tng.de
1274083624 J * gnuk ~F404ror@pla93-3-82-240-11-251.fbx.proxad.net
1274083692 Q * ghislain Quit: Leaving.
1274083701 J * ghislain ~AQUEOS@adsl2.aqueos.com
1274085159 Q * petzsch Quit: Leaving.
1274085830 J * derjohn_mob ~aj@213.238.45.2
1274086541 J * ntrs ~ntrs@77.28.14.33
1274087268 J * BenG ~bengreen@cpc2-aztw22-2-0-cust521.aztw.cable.virginmedia.com
1274087520 J * hijacker ~hijacker@213.91.163.5
1274087620 Q * derjohn_mob Ping timeout: 480 seconds
1274088138 J * derjohn_mob ~aj@tmo-108-225.customers.d1-online.com
1274088440 Q * BenG Quit: I Leave
1274091756 M * arekm Bertl_zZ: 2.6.34 is there ;)
1274094102 Q * derjohn_mob Ping timeout: 480 seconds
1274094330 Q * Piet Remote host closed the connection
1274094586 J * Piet ~Piet__@82VAAAQRP.tor-irc.dnsbl.oftc.net
1274094941 N * Bertl_zZ Bertl
1274094946 M * Bertl morning folks!
1274094954 M * Bertl arekm: thanks, for the info ...
1274095059 M * arekm so will be a updated patch like today? ;-))
1274095179 J * derjohn_mob ~aj@tmo-109-117.customers.d1-online.com
1274095309 Q * balbir Ping timeout: 480 seconds
1274095503 M * Bertl arekm: maybe, but probably not
1274096633 M * Bertl but I might get a prerelease test version done today
1274097016 Q * ntrs Read error: Connection reset by peer
1274097027 J * ntrs ~ntrs@77.28.18.8
1274098162 Q * harry Remote host closed the connection
1274098560 J * saros saros@wyjebane.info
1274098563 M * saros hello
1274098575 M * Bertl hi
1274098589 M * saros i've got a question.. probably it's a simple thing but i cannot handle it
1274098607 M * saros i have a host.. and a guest
1274098637 M * saros host has a openssh server and apache server working on standard ports 22 and 80
1274098648 M * Bertl restricted to host IPs?
1274098659 M * saros and i would like to have the same services on the same ports in the guest
1274098673 M * saros yes.. host has it's own IP address
1274098680 M * saros and guest as well
1274098687 M * saros i know
1274098700 M * saros it can be done by editing configs of those services
1274098700 M * Bertl I meant, is the sshd and httpd restricted to host IPs via config?
1274098710 M * saros actually yes
1274098741 M * Bertl then there should be no problem
1274098759 M * Bertl guest services do not need to be restricted
1274098760 M * saros hm.. maybe i'll put it in other words :)
1274098772 M * Bertl (they are limited by the guest assigned IP set)
1274098782 M * saros sorry for my english.. it's not my native language ;) but i'm trying
1274098819 M * Bertl np
1274098828 M * saros there is no problem with working apache and openssh.. because i've configured ListenAddress in openssh and Listen/Bind on Apache
1274098832 M * saros but
1274098850 M * saros i will have to put some other services into the host and guest
1274098880 M * saros and some of them don't have something like apache/ssh have
1274098884 M * Bertl services running on the host need to be restricted via config or by utilizing an ncontext
1274098903 M * Bertl but in general it is suggested to avoid having services on the host
1274098903 M * saros only on the host?
1274098915 M * saros ok.. understood
1274098916 M * Bertl (except for e.g. sshd, which should be config limited)
1274098935 M * saros and what about having more than one guest in the host?
1274098937 M * Bertl on the guest, bindings are automagically limited to guest only IPs
1274098944 M * saros ok
1274098956 M * Bertl up to 1000 guests should work on modern hardware :)
1274098963 M * saros :D
1274098984 M * saros ok, i'll check this stuff :)
1274098988 M * swenTjuln Hi all! I've strange upstart-ish error ( again )
1274098990 M * saros thank you for help
1274099004 M * Bertl saros: you're welcome! feel free to hang around
1274099015 M * PowerKe alternatively, you might consider not running services on the host (except for ssh, ntp) and move them to a guest
1274099088 M * swenTjuln according to Vserver docmentation one should "fake low level events"
1274099117 M * Bertl well, a guest doesn't have access to hardware
1274099135 M * Bertl so everything hardware related should be avoided
1274099135 M * swenTjuln this one bugs me: initctl emit local-filesystems
1274099147 M * Bertl mounting filesystems too
1274099160 M * swenTjuln "initctl: Event failed"
1274099163 M * Bertl all guest filesystems are mounted before the guest itself is started
1274099190 M * swenTjuln Bertl: i'm well aware of that
1274099209 M * Bertl so why try doing a mount then?
1274099210 M * swenTjuln but...initctl reports "initctl: Event failed"
1274099239 M * swenTjuln Bertl: it's faking of event from /etc/init/vserver.conf
1274099256 M * Bertl is upstart running?
1274099307 M * swenTjuln Bertl: yes  ....and this time I've double checked it's not ran as sysV :D
1274099336 M * Bertl good, enable debugging for upstart and see what it complains about
1274099480 M * ard woot: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34
1274099485 M * ard commit 126a031e437a4ab56a162e9cff7fc04b9f7efeec
1274099492 M * ard       bnx2: Fix netpoll crash.
1274099542 M * ard ( my reason against using 2.6.33.3 ;-) )
1274099543 Q * djMedrzec Remote host closed the connection
1274099545 J * djMedrzec ~filip@filip.math.uni.lodz.pl
1274099583 J * harry ~harry@d51A461B4.access.telenet.be
1274099583 M * Bertl ard: so I take it that you will be a volunteer for testing the upcoming 2.6.34 patch?
1274099598 M * ard yes
1274099607 M * ard I've got a server ready to test ;-)
1274099621 M * ard first test is linux-containers with netperf ;-)
1274099633 M * ard second test is vserver ;-)
1274099639 M * Bertl let us know how it goies
1274099642 M * Bertl *goes
1274099683 M * ard you have an upcoming patch, or should I just try 2.6.33.3 and fingers crossed and work out some rejects? ;-)
1274099693 M * Bertl doesn't work
1274099701 M * ard thought so ;-).
1274099788 M * swenTjuln Bertl: how can I enable debuging within vserver
1274099994 A * ard sighs...
1274100039 M * ard the compresses bz2 diff between two kernel releases is as big as once the complete .tar.gz of the kernel
1274100062 M * ard .32 -> 33 11MB, and 33->34 7.7MB ...
1274100512 J * Piet_ ~Piet__@82VAAAQUJ.tor-irc.dnsbl.oftc.net
1274100606 M * swenTjuln Bertl: I've found it!
1274100795 M * swenTjuln Bertl: its "oom never" line in /etc/init/ssh.conf
1274100818 Q * Piet Ping timeout: 480 seconds
1274100826 M * swenTjuln this strangely works on another vserver with same kernel :O
1274101653 J * pudgetta c4cb049e@ircip2.mibbit.com
1274101662 P * pudgetta 
1274101749 N * DoberMann[ZZZzzz] DoberMann
1274102111 J * balbir ~balbir@122.172.1.56
1274102702 M * yeeeepssen bartl, can you give me a howto for VPN - in german? :(
1274103396 Q * balbir Ping timeout: 480 seconds
1274103707 M * Bertl yeeeepssen: I'm sure google can
1274103978 N * swenTjuln Swen_Zz
1274104129 J * vserver_guy ~vserver@mirror.sonassi.com
1274104134 M * vserver_guy hi guys
1274104142 M * vserver_guy is is ever possible to get a guest to control iptables?
1274104181 J * balbir ~balbir@122.172.1.56
1274104182 M * Bertl given the necessary capabilities, it should be no problem
1274104186 M * vserver_guy i was setting up a centos guest last week and put cpanel on it, but cpanel wants to control ulimits/iptables ... something that doesnt appear to be possible withint a vserver guest
1274104201 M * vserver_guy is there a way to let it control iptables?
1274104211 M * Bertl 15:49 < Bertl> given the necessary capabilities, it should be no problem
1274104219 M * vserver_guy http://linux-vserver.org/Frequently_Asked_Questions#Can_I_use_iptables_.3F
1274104225 M * vserver_guy i see, i'll have a read!
1274104244 M * Bertl but note: it will control iptables for the host
1274104254 M * vserver_guy that isn't a *big* issue
1274104262 M * vserver_guy the server will only be running 1 vserver
1274104296 M * vserver_guy i am just testing cpanel - but the vps licence is cheaper 
1274104414 M * vserver_guy am i right in putting ... /etc/vservers/primary# cat ccapabilities
1274104415 M * vserver_guy NET_ADMIN
1274104415 M * vserver_guy INFO_ULIMIT
1274104479 M * Bertl ccapabilities go into ccapabilities, while bcapabilities go into bcapabilities :)
1274104491 M * vserver_guy yeh, just hit that error, gotcha 
1274104570 M * vserver_guy darn, still getting "can't initialize iptables table `filter':"
1274104643 M * PowerKe vserver_guy: maybe you first need to load the required modules on the host
1274104816 M * vserver_guy how do you mean
1274104891 M * PowerKe do you have all the necessary iptables options compiled in the kernel or as modules?
1274104908 M * vserver_guy not 100% sure, how do i check
1274104949 M * PowerKe did you build the kernel yourself?
1274104956 M * vserver_guy yes, 
1274104963 M * vserver_guy but, not on this system
1274104970 M * vserver_guy so i don't have access to the menuconfig
1274104989 M * vserver_guy lsmod|grep 'ipt' - is empty
1274105025 M * PowerKe does 'cat /proc/config.gz' work?
1274105044 M * vserver_guy ok, i did `modprobe ip_tables`
1274105067 M * vserver_guy now its showing up in lsmod
1274105081 M * vserver_guy i'm just restarting the guest to see if it still pops up errors
1274105087 M * vserver_guy darn - still the same
1274105128 M * PowerKe you might need some additional modules for filtering, matching, targets, ...
1274105166 M * Bertl xtables
1274105208 P * kir Leaving.
1274105239 M * vserver_guy :(
1274105320 Q * balbir Ping timeout: 480 seconds
1274106227 M * Bertl nap attack ... bbl
1274106232 N * Bertl Bertl_zZ
1274106340 Q * derjohn_mob Ping timeout: 480 seconds
1274106460 J * dowdle ~dowdle@scott.coe.montana.edu
1274107239 J * derjohn_mob ~aj@213.238.45.2
1274107364 M * vserver_guy is there any reason a guest wouldn't be starting on system bootup
1274107378 M * vserver_guy [vservers]$ cat primary/init/mark
1274107379 M * vserver_guy default
1274107399 M * PowerKe did you also add the vserver init script to your startup services?
1274107527 M * vserver_guy hmm, no
1274107579 Q * mathx_ Remote host closed the connection
1274107594 M * PowerKe also, I'm not sure if something has changed in the recent utils, but on my system it's /etc/vservers/<guestname>/apps/init/mark
1274107745 J * balbir ~balbir@122.172.1.56
1274107954 J * petzsch ~markus@dslb-094-222-079-190.pools.arcor-ip.net
1274108106 M * vserver_guy ahah - i had the old syntax
1274108108 M * vserver_guy thanks!
1274108119 M * vserver_guy just need to figure out iptables and i'm sorted
1274109940 Q * balbir Ping timeout: 480 seconds
1274110692 J * balbir ~balbir@122.172.1.56
1274110740 J * thierryp ~thierry@zankai.inria.fr
1274110982 Q * petzsch Quit: Leaving.
1274111044 Q * dna Quit: Verlassend
1274111483 Q * thierryp Ping timeout: 480 seconds
1274111902 Q * mtg Quit: Verlassend
1274112577 J * petzsch ~markus@dslb-094-222-079-190.pools.arcor-ip.net
1274113166 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d
1274113928 Q * balbir Ping timeout: 480 seconds
1274113980 J * imcsk8 ~ichavero@148.229.9.200
1274114437 J * balbir ~balbir@122.172.162.25
1274115868 Q * sid3windr Ping timeout: 480 seconds
1274116180 Q * derjohn_mob Ping timeout: 480 seconds
1274116409 J * sid3windr luser@bastard-operator.from-hell.be
1274116675 N * Bertl_zZ Bertl
1274116679 M * Bertl back now ...
1274116732 Q * imcsk8 Ping timeout: 480 seconds
1274116843 Q * balbir Ping timeout: 480 seconds
1274117071 Q * ghislain Quit: Leaving.
1274117297 J * imcsk8 ~ichavero@201.174.19.86
1274117359 J * balbir ~balbir@122.172.46.240
1274117601 J * ichavero_ ~ichavero@201.174.19.86
1274119618 Q * ncopa Remote host closed the connection
1274123386 J * derjohn_mob ~aj@d183040.adsl.hansenet.de
1274123954 M * ard touch spaces/net and give it capabilities and a network device
1274123961 M * ard ow.... sory
1274123972 M * ard reading backlog, didn't realize ;-)
1274124031 A * ard wouldn't want a vserver to mess with the iptables of the host
1274124321 J * manana ~mayday090@84.17.25.144
1274125031 J * Vudumen ee142c0210@perverz.hu
1274125509 J * thierryp ~thierry@home.parmentelat.net
1274127982 M * vserver_guy got the iptables bit sorted, it needed two bcaps
1274127999 M * vserver_guy ET_ADMIN
1274127999 M * vserver_guy NET_RAW
1274128051 M * vserver_guy i'm toying with the idea of a little HA
1274128063 M * vserver_guy has anyone had any direct experience
1274128087 M * vserver_guy i was thinking of something really straightforward, DRBD for the root directory and keepalived to start/stop the vservers
1274128098 M * Mr_Smoke NET_RAW means any vserver can sniff, AFAIR
1274128101 M * vserver_guy should work in theory right?
1274128132 M * vserver_guy @Mr_Smoke - without NET_RAW, I was getting permissions errors on iptables, with it - it appears to work
1274128152 M * vserver_guy I was going to add it to the Wiki - but perhaps I am wrong?
1274128238 M * Mr_Smoke Sure, it should work
1274128249 M * Mr_Smoke But it also means nothing is safe, network-wise
1274128416 M * vserver_guy I understand that
1274128421 M * vserver_guy there is only 1 vserver guest
1274128442 M * vserver_guy and only ever will be 1, it is whilst we are testing cpanel (the VPS licence is cheaper)
1274128633 M * vserver_guy is keepalived suitable to stop a vserver - in the same manner you can stop apache?
1274128742 M * vserver_guy ah, i think heartbeat is the right one
1274130559 M * ard vserver_guy : have you tried touching spaces/net ?
1274130583 M * ard and then do an ip link set <linkname> netns <pid of first process in vserver>
1274130596 M * ard with the capabilities you mentioned? :-)
1274130617 Q * thierryp Remote host closed the connection
1274130638 M * ard it will make your setup safe, since it only controls it's own interface :-)
1274130756 M * ard you can also do an: ip link add dev eth0 type macvlan name blaat or something like that
1274130771 M * ard to add another virtual interface to your real interface
1274130807 M * ard http203://projects.kwaak.net/twiki/bin/view/Misc/IpRoute
1274130814 M * ard  http://projects.kwaak.net/twiki/bin/view/Misc/IpRoute
1274130817 M * ard for more on that
1274131395 Q * petzsch Quit: Leaving.
1274131688 Q * Vudumen Read error: Connection reset by peer
1274132354 Q * balbir Ping timeout: 480 seconds
1274132953 J * balbir ~balbir@122.172.0.59
1274133851 J * BenG ~bengreen@cpc2-aztw22-2-0-cust521.aztw.cable.virginmedia.com
1274134006 Q * bonbons Quit: Leaving
1274134927 Q * BenG Quit: I Leave
1274135134 Q * ntrs Ping timeout: 480 seconds
1274135710 Q * ichavero_ Quit: This computer has gone to sleep
1274136259 N * DoberMann DoberMann[ZZZzzz]
1274136515 Q * imcsk8 Quit: Leaving
1274137361 Q * dowdle Remote host closed the connection