1280620925 Q * bonbons Quit: Leaving
1280621962 Q * fLoo Quit: Server does not respond.
1280621963 J * fLoo fLoo@irc.coresec.de
1280627036 Q * allquixotic Quit: Farewell!
1280628031 J * derjohn_foo ~aj@g228048250.adsl.alicedsl.de
1280628461 Q * derjohn_mob Ping timeout: 480 seconds
1280628476 Q * uebera|| Ping timeout: 480 seconds
1280629344 J * uebera|| ~user@subjektzentrisch.de
1280630267 Q * derjohn_foo Ping timeout: 480 seconds
1280630780 J * derjohn_foo aj@tmo-059-246.customers.d1-online.com
1280631671 J * SauLus_ ~SauLus@d064100.adsl.hansenet.de
1280632079 Q * SauLus Ping timeout: 480 seconds
1280632079 N * SauLus_ SauLus
1280632319 Q * imcsk8 Quit: This computer has gone to sleep
1280633024 M * Bertl off to bed now ... have a good one everyone!
1280633030 N * Bertl Bertl_zZ
1280637532 N * arekm_ arekm
1280637569 N * arekm Guest504
1280637598 Q * Guest504 Quit: Reconnecting
1280637600 J * arekm_ arekm@carme.pld-linux.org
1280637626 N * arekm_ arekm
1280644092 Q * derjohn_foo Ping timeout: 480 seconds
1280644116 J * derjohn_foo ~aj@g228049147.adsl.alicedsl.de
1280645090 Q * manana Read error: Connection reset by peer
1280645131 J * manana ~mayday090@84.17.25.149
1280646971 J * petzsch ~markus@dslb-088-075-172-243.pools.arcor-ip.net
1280647392 J * ghislain ~AQUEOS@adsl2.aqueos.com
1280647780 Q * nkukard Quit: Leaving
1280649805 Q * petzsch Quit: Leaving.
1280650851 J * petzsch ~markus@dslb-088-075-172-243.pools.arcor-ip.net
1280652657 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d
1280656299 Q * derjohn_foo Remote host closed the connection
1280657661 J * wishi ~wishi@kaze.crazylazy.info
1280657663 M * wishi sers
1280657714 M * wishi I'm loking for some hints to configure a grsec/vserver enabled kernel... just to avoid config issues :)
1280660911 M * Marillion take the $Distri Vserver-Kernel, patch them and configure your own grsec .config to your own security, the topic is too complex
1280661174 M * Marillion it is dependent what you are needed
1280662560 J * derjohn_mob ~aj@g228049147.adsl.alicedsl.de
1280663500 J * nkukard ~nkukard@41-133-165-147.dsl.mweb.co.za
1280663677 N * fLoo Florian
1280663696 N * Florian fLoo
1280665415 N * Bertl_zZ Bertl
1280665419 M * Bertl morning folks!
1280665564 J * pmenier ~pmenier@ACaen-152-1-10-112.w83-115.abo.wanadoo.fr
1280666109 M * vserver_guy morning
1280666132 M * vserver_guy regarding the brief chbind conversation last night
1280666148 M * vserver_guy is there a way to prevent the host using any IP's other than certain ones specified
1280666193 M * vserver_guy rather than stopping it using them at the application level
1280667836 M * vserver_guy i found a nice patch for portmap-5 that covers multiple interfaces here http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=280537
1280667845 M * vserver_guy but it doesn't appear to support portmap 56
1280667848 M * vserver_guy but it doesn't appear to support portmap *6
1280668569 M * Bertl as I said, you can do that by putting a host app into a chbind/ncontext wrapper
1280668582 M * vserver_guy but can you specify multiple IPs for chbind?
1280668595 M * Bertl yes, it is the same mechanism used for guests
1280668605 M * vserver_guy what is the syntax?
1280668609 M * Bertl i.e. all a guest can do (network wise) can be done as well
1280668616 M * Bertl chbind --help
1280668634 M * vserver_guy i did that :)
1280668641 M * vserver_guy but it only shows an example of 1 IP
1280668642 M * vserver_guy ie. exec /usr/sbin/chbind --ip $IP /etc/init.d/httpd $*
1280668659 M * vserver_guy are they just space separated?
1280668690 M * Bertl just repeat the --ip <> part
1280668714 M * vserver_guy ok doke, I take it that I should edit the init.d/portmap script to alter its start daemon then
1280668811 M * Bertl or use/copy one of those v_* wrappers
1280668854 M * vserver_guy where could I find one?
1280668892 M * Bertl in the util-vserver packages ... so most likely it is already installed somewhere
1280668907 M * vserver_guy i'll have a look around
1280668907 M * Bertl there should be a v_portmap too IIRC
1280668965 M * vserver_guy whats the command to see the compile options for util-vserver again
1280669100 M * vserver_guy or more directly, do you know where the util-vserver directory is
1280669175 M * vserver_guy nm
1280669177 M * vserver_guy just installed locate
1280669225 M * vserver_guy ./usr/lib/util-vserver
1280669407 M * vserver_guy hmmm
1280669414 M * vserver_guy i found a quick way to kill my SSH session!
1280669416 M * vserver_guy exec /usr/sbin/chbind --ip 10.0.1.1/32 /etc/init.d/portmap start
1280669461 M * vserver_guy any reason why, /usr/sbin/chbind --ip 10.0.1.1/32 /etc/init.d/portmap start, would throw this error
1280669466 M * vserver_guy ncontext: vc_net_create(): Invalid argument
1280669502 M * Bertl for the first question, try 'exec echo bye' instead
1280669507 M * vserver_guy lol
1280669537 M * Bertl for the second, because you didn't specify an nid?
1280669555 M * Bertl (and didn't separate the command with --)
1280669598 M * vserver_guy i think i might be misunderstanding this
1280669615 M * vserver_guy is the script, v_portmap, designed to start the service on the host, or on a guest
1280669644 M * Bertl it is a wrapper for the host service 'portmap' to limit it to host IP(s)
1280669656 M * vserver_guy does the host have an NID then ?
1280669674 M * Bertl the host itself has '0' i.e. no nid
1280669693 M * Bertl but for this service, a dynamic nid will be used
1280669708 M * vserver_guy . /usr/sbin/chbind --nid 0 --ip 10.0.1.1/bond0 /etc/init.d/portmap start
1280669717 M * vserver_guy so the above syntax is incorrect then?
1280669801 M * vserver_guy http://paste.linux-vserver.org/16409
1280669815 M * vserver_guy I don't suppose you could point me in the right direction?
1280669854 M * Bertl what has your line to do with the v_portmap wrapper?
1280669875 M * Bertl and yes, it is completely nonsense
1280669888 M * vserver_guy right, this is the wrapper
1280669889 M * vserver_guy http://paste.linux-vserver.org/16410
1280669892 M * Bertl --nid 0 doesn't make sense, and /bond0 doesn't make sense either
1280669926 M * Bertl yep, why not just use that wrapper?
1280669932 M * vserver_guy i am trying to
1280669934 M * vserver_guy i created the file
1280669935 M * vserver_guy http://paste.linux-vserver.org/16411
1280669972 M * vserver_guy but it just echos back this ...
1280669972 M * vserver_guy http://paste.linux-vserver.org/16412
1280670034 M * vserver_guy is it something to do with dynamic contexts?
1280670038 M * Bertl util-vserver version?
1280670052 M * vserver_guy 0.30.216-pre2883
1280670060 M * vserver_guy 2.6.34-vs2.3.0.36.30.4.pre6
1280670136 M * Bertl I guess the wrapper needs to updated then to handle this correctly
1280670143 M * Bertl please contact daniel_hozac when he's around
1280670171 M * vserver_guy via PM - or just wait around in here?
1280670194 M * Bertl for a test, extend the vsysvwrapper with a --nid $NID
1280670215 M * Bertl and add an NID=42 to the portmap.conf
1280670294 M * vserver_guy http://paste.linux-vserver.org/16413
1280670315 M * vserver_guy looks like it worked?
1280670421 M * vserver_guy is there any reason you chose 43?
1280670424 M * vserver_guy is there any reason you chose 42?
1280670448 M * Bertl yes, 42 is the answer :)
1280670456 M * vserver_guy oh boy
1280670479 M * Bertl no it is an arbitrary but 'unique' number
1280670484 M * vserver_guy is this some kind of movie reference ;)
1280670493 M * Bertl book, but yes
1280670499 M * vserver_guy its spooky, i start my guests with 43
1280670519 M * vserver_guy i take it, as long as it doesn't co-incide with a guest, it shouldn't cause problems
1280670533 M * vserver_guy for each v_* script, should it have a unique NID then?
1280670617 P * fLoo 
1280670619 M * Bertl typically yes, but you could use the same nid if the IPs stay the same (but you would need to omit the --ip and ensure that the context already exists)
1280670625 J * fLoo fLoo@irc.coresec.de
1280670627 M * vserver_guy ah, i see
1280670648 M * vserver_guy so in essence, we are just creating a "wrapper" for any application we start in that env?
1280670658 M * vserver_guy basically, a very limited, tiny guest?
1280670795 M * Bertl kind of, guests are the sum of all the different isolation wrappers (xid, nid, tag, spaces)
1280670823 M * Bertl but as it is a modular design, you can use just the nid isolation for this purpose
1280670833 M * vserver_guy ok, makes sense 
1280670841 M * vserver_guy saves on multiple configs too
1280670863 M * vserver_guy now to work out with NIS won't start on the host :(
1280671052 M * Bertl note that the portmapper often needs to reached via 127.0.0.1 too, so you might want to add that specific IP to the wrapper as well (and of course, use the lback remapping for the guest)
1280671076 M * vserver_guy yeah, i added, IP="127.0.0.1 10.0.1.1 10.0.1.6"
1280671128 M * vserver_guy NIS seems like a fussy little app!
1280671166 M * vserver_guy it keeps throwing broadcast: RPC: Timed out.
1280671277 M * vserver_guy does NIS need to be started in a v_ wrapper too?
1280671399 M * vserver_guy ignore me, NIS is fussy
1280671408 M * vserver_guy i had to stop, then start, not restart
1280671815 M * vserver_guy woo, all working, thanks boss
1280671827 M * vserver_guy would it be crazy to run an NIS master in a vserver?
1280672071 M * Bertl as long as it works ... why not?
1280672089 M * vserver_guy the thing i love about vservers is the ability to create HA services relatively easily
1280672121 M * vserver_guy put everything in a vserver, add DRBD and heartbeat and you have instant redudancy
1280672290 M * Bertl yep ... off for now ... bbl
1280672294 N * Bertl Bertl_oO
1280672295 M * vserver_guy thanks again
1280672297 M * vserver_guy see you later
1280672299 M * Bertl_oO you're welcome!
1280681126 Q * geb Ping timeout: 480 seconds
1280681162 Q * pmenier Quit: Konversation terminated!
1280681675 Q * derjohn_mob Remote host closed the connection
1280682005 J * imcsk8 ~ichavero@evdomip-28-55.iusacell.net
1280683492 J * derjohn_mob ~aj@g228049147.adsl.alicedsl.de
1280685334 Q * derjohn_mob Remote host closed the connection
1280685406 N * Bertl_oO Bertl
1280685410 M * Bertl back now ...
1280694855 J * ntrs ~ntrs@95.155.40.60
1280695690 Q * Radiance Ping timeout: 480 seconds
1280696366 Q * ntrs Read error: Connection reset by peer
1280696434 J * ntrs ~ntrs@95.155.40.60
1280697757 Q * imcsk8 Quit: This computer has gone to sleep
1280699058 Q * bonbons Quit: Leaving
1280699567 J * derjohn_mob ~aj@g228049147.adsl.alicedsl.de
1280700390 Q * ghislain Quit: Leaving.
1280701206 J * BenG ~bengreen@cpc6-aztw22-2-0-cust100.aztw.cable.virginmedia.com
1280701244 Q * ntrs Ping timeout: 480 seconds
1280701397 Q * BenG 
1280701740 Q * petzsch Quit: Leaving.
1280702208 J * janezek ~janezek@89-212-22-34.static.t-2.net
1280702274 M * janezek hi
1280702329 M * janezek is it possible to set the guest OS to have the ability to mount --bind folder/ other_folder/
1280702349 M * janezek right now i get this: mount: permission denied
1280702494 M * Bertl yep
1280702552 M * janezek and how do i get it to work?
1280702652 M * Bertl http://linux-vserver.org/Capabilities_and_Flags (check out SECURE_MOUNT, SECURE_REMOUNT and BINARY_MOUNT)
1280702776 M * janezek tnx!
1280702782 M * Bertl np
1280706182 J * Piet ~Piet__@82VAAAMAV.tor-irc.dnsbl.oftc.net
1280707080 Q * Piet Remote host closed the connection
1280707123 J * Piet ~Piet__@82VAAAMA5.tor-irc.dnsbl.oftc.net