1284949325 Q * micah Remote host closed the connection 1284949341 M * Bertl off to bed now ... have a good one everyone! 1284949346 N * Bertl Bertl_zZ 1284949879 J * micah ~micah@micah.riseup.net 1284950053 Q * manana Ping timeout: 480 seconds 1284950271 Q * ensc Ping timeout: 480 seconds 1284950412 J * micah_ ~micah@micah.riseup.net 1284950441 Q * micah_ 1284950492 J * ensc ~irc-ensc@93.159.121.26 1284951503 Q * derjohn_mob Read error: No route to host 1284954908 J * kupo kupo@glitchinthe.net 1284954910 M * kupo hello 1284954937 M * kupo does anyone have any experience running a tor exit node on vserver? 1284955188 J * AndrewLee ~andrew@210.240.39.7 1284955251 Q * AndrewLee 1284955255 J * AndrewLee ~andrew@210.240.39.7 1284955259 Q * AndrewLee 1284955261 J * AndrewLee ~andrew@210.240.39.7 1284956475 Q * niki Quit: Ex-Chat 1284957533 M * arekm how to make /proc/$pid/oom_adj writable in guests? otherwise OOM kills sshd processes 1284960145 J * ntrs ~ntrs@77.28.0.102 1284960249 J * renihs ~lemming@83-65-34-34.arsenal.xdsl-line.inode.at 1284961079 N * Bertl_zZ Bertl 1284961088 M * Bertl back again ... 1284961102 M * Bertl kupo: do you have any problems with that? 1284961156 M * Bertl arekm: OOM_ADJUST ccapability, but you won't be able to set them to unkillable from inside the guest 1284961207 M * Bertl (i.e. unkillable will be reduced to almost unkillable) 1284961683 J * ghislain ~AQUEOS@adsl2.aqueos.com 1284962194 J * derjohn_mob aj@tmo-044-169.customers.d1-online.com 1284962219 J * ncopa ~ncopa@180.40.189.109.customer.cdi.no 1284962568 Q * renihs Ping timeout: 480 seconds 1284963226 J * renihs ~lemming@83-65-34-34.arsenal.xdsl-line.inode.at 1284963236 J * sharkjaw ~gab@90.149.128.29 1284963612 Q * ntrs Read error: Connection reset by peer 1284963634 J * ntrs ~ntrs@77.28.162.54 1284965058 Q * derjohn_mob Ping timeout: 480 seconds 1284965578 Q * renihs Ping timeout: 480 seconds 1284965765 J * derjohn_mob aj@80.187.230.43 1284966064 M * Guy- daniel_hozac: http://linux-vserver.org/Installation_on_Linux_2.6#Manual_util-vserver_Compilation does not, but it probably should; I'll add a link 1284966073 M * Guy- daniel_hozac: did you see the patch? 1284967225 J * petzsch ~markus@dslb-088-067-121-129.pools.arcor-ip.net 1284967229 J * renihs ~lemming@83-65-34-34.arsenal.xdsl-line.inode.at 1284967839 Q * petzsch Quit: Leaving. 1284968080 M * Guy- OK, I updated the wiki 1284968109 J * BenG ~bengreen@cpc6-aztw22-2-0-cust100.aztw.cable.virginmedia.com 1284969018 J * kir ~kir@swsoft-msk-nat.sw.ru 1284969381 Q * derjohn_mob Ping timeout: 480 seconds 1284969999 J * petzsch ~markus@dslb-088-067-121-129.pools.arcor-ip.net 1284970473 M * daniel_hozac Guy-: it's on the download page.... 1284970670 M * Guy- daniel_hozac: and does that mean it shouldn't be anywhere else where people might be looking for it? 1284970717 M * daniel_hozac that place only has a link to the Downloads section, where there is a link to it. 1284970868 M * Guy- daniel_hozac: no, the instructions specifically contain the URL for 0.30.215 1284970920 M * Guy- als, I think the comment I added about needing a development version of util-vserver for recent kernels and vserver patch versions is useful 1284970923 M * Guy- *also 1284970939 M * Bertl well, if it helps, but I'd change the name to 'uv-testing' instead of the full url 1284970967 M * Guy- sure, why not 1284970976 M * Bertl obviously folks are not able to understand 'latest' and 'we will use' :) 1284971035 M * Guy- Bertl: well, 0.30.215 is the "latest" ("current") version listed under Downloads too 1284971121 M * Bertl that is correct, I'd probably list the 'latest' prerelease there too, maybe somebody makes a script for that like the one updating the frontpage? 1284971157 M * Bertl (or even add it to the frontpage as separate matrix? 1284971287 M * Guy- daniel_hozac: did you see the util-vserver patch I pastebined? 1284972384 Q * Romster Quit: Geeks shall inherit properties and methods of object earth. 1284972547 M * Janno is there a reason why CVE-2010-3081 would not work in a vserver? 1284972780 M * Bertl it should work, if done properly 1284972884 M * Janno could that be used to break out of the chroot of a vserver? 1284972908 M * Bertl rather unlikely .. 1284972917 M * Janno okay, thanks 1284972943 M * Bertl we are waiting for new mainline kernels, once the final fix is out, we'll update the patches 1284972985 M * Bertl in the meantime, the temporary fix commited in the git kernel tree can be used to block the exploit 1284973330 J * derjohn_mob ~aj@213.238.45.2 1284973375 J * barismetin ~barismeti@zanzibar.inria.fr 1284973854 J * manana ~mayday090@84.17.25.149 1284975474 J * thierryp ~thierry@zankai.inria.fr 1284975560 M * Guy- Janno: if this is the 64bit/32bit local root exploit, then the reference exploit code doesn't work in a vserver because it can't load the kernel symbol table 1284975600 M * Guy- (at least that's what happened when I tried it) 1284975617 M * Bertl correct 1284975653 M * Janno is that the same CVE? 1284975676 M * Bertl I presume so 1284975676 M * Janno I thought there are two distinct vulnerabilities right now 1284975719 Q * petzsch Quit: Leaving. 1284975928 P * kir Leaving. 1284976014 M * Janno ksplice seems to get a good load of publicity from this.. is there anything to the hype? does ksplice even work with vserver kernels? 1284976211 M * Bertl sure, if you bother to build the required splice data, why not 1284976873 M * neofutur yes 2 distinct vulns 1284976888 M * neofutur http://www.seclists.org/fulldisclosure/2010/Sep/268 1284976892 M * neofutur the new one 1284977573 M * Bertl that looks even less applicable for Linux-VServer guests :) 1284977967 M * harry and that's why you should use grsec :) 1284978042 M * daniel_hozac looks like it's able to bypass grsec, so i'm not sure how that would have helped. 1284979469 Q * BenG Quit: I Leave 1284980971 J * petzsch ~markus@dslb-088-067-121-129.pools.arcor-ip.net 1284982552 J * yarihm ~yarihm@gprs03.swisscom-mobile.ch 1284982578 Q * ncopa Ping timeout: 480 seconds 1284984014 J * BenG ~bengreen@cpc6-aztw22-2-0-cust100.aztw.cable.virginmedia.com 1284984289 J * ncopa ~ncopa@180.40.189.109.customer.cdi.no 1284984443 J * ntrs_ ~ntrs@77.28.166.110 1284984862 Q * ntrs Ping timeout: 480 seconds 1284985660 Q * BenG Quit: I Leave 1284985676 Q * petzsch Quit: Leaving. 1284986810 Q * sharkjaw Remote host closed the connection 1284986923 Q * manana Ping timeout: 480 seconds 1284987844 J * BenG ~bengreen@cpc6-aztw22-2-0-cust100.aztw.cable.virginmedia.com 1284989131 Q * BenG Quit: I Leave 1284989976 Q * renihs Read error: Connection reset by peer 1284990203 M * Guy- hmmm... on 2.6.34.1-vs2.3.0.36.30.4.pre8, high volume read i/o causes kswapd to eat 100% CPU. I assume this can't be vserver related? 1284990228 M * Bertl that is mainline related 1284990306 M * Guy- you know of a specific peculiarity/bug that causes it? 1284990486 M * Bertl nope, but recent kernels have really bad I/O behaviour 1284990494 M * Bertl might be fixed in 2.6.36+ 1284990549 M * Guy- thanks 1284990732 Q * yarihm Quit: Leaving 1284990943 J * alpha_one_x86 ~kvirc@110.31.17.95.dynamic.jazztel.es 1284990943 Q * hijacker Read error: Connection reset by peer 1284990968 M * alpha_one_x86 Hello, I have: /usr/lib64/util-vserver/vprocunhide: line 92: 15910 Segmentation fault $_SETATTR -x "${params[@]}" "$@" with vserver + grsec 1284991030 M * Bertl upload 'vserver-info - SYSINFO' to paste.linux-vserver.org please 1284991100 M * alpha_one_x86 vserver-info -SYSINFO -> Segmentation fault 1284991165 M * Bertl doesn't look like your tools are working then, maybe a misconfigured grsec? 1284991191 M * alpha_one_x86 maybe 1284991208 M * alpha_one_x86 what option not enable with vserver? 1284991247 J * hijacker ~hijacker@213.91.163.5 1284991323 M * Bertl probably harry knows, but IIRC, it is listed somewhere on the wiki 1284991456 M * alpha_one_x86 have you the url? 1284991686 M * Bertl http://linux-vserver.org/Special:Search?search=grsec 1284992060 J * BenG ~bengreen@cpc6-aztw22-2-0-cust100.aztw.cable.virginmedia.com 1284992498 M * alpha_one_x86 all seam ok 1284992890 M * Bertl well, anything in dmesg? 1284993086 M * alpha_one_x86 nothing 1284993118 M * Bertl then your toolchain is broken and creates bad executable 1284993145 M * Bertl i.e. verify that gcc and dietlibc are working as expected 1284993176 M * alpha_one_x86 all see work, only vserver seam not work 1284993192 M * Bertl what else did you compile with dietlibc? 1284993251 M * alpha_one_x86 I don't think, I have normal system 1284993303 M * Bertl so verify that dietlibc works and build proper binaries (with your toolchain) then rebuild util-vserver (upload the output of ./configure) 1284994100 Q * BenG Quit: I Leave 1284994575 M * Bertl nap attack ... bbl 1284994581 N * Bertl Bertl_zZ 1284995422 M * alpha_one_x86 http://pastebin.com/XTy1wbu6 1284995525 Q * ncopa Quit: Ex-Chat 1284995558 M * alpha_one_x86 sorry, with correct flag it work 1284995685 M * alpha_one_x86 My system seam be failed 1284996728 Q * Chlorek Quit: - 1284997528 J * dna ~dna@dslb-094-222-216-173.pools.arcor-ip.net 1284998033 M * alpha_one_x86 setattr failed 1284998108 M * alpha_one_x86 it crash 1284998769 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1284999237 M * alpha_one_x86 I'm in x86_64 without multi-lib 1284999482 Q * thierryp Ping timeout: 480 seconds 1284999570 Q * mcp Remote host closed the connection 1284999716 J * mcp ~mcp@wolk-project.de 1285000271 Q * barismetin Remote host closed the connection 1285001788 Q * Piet Ping timeout: 480 seconds 1285002402 J * Piet ~Piet__@28IAAB2CY.tor-irc.dnsbl.oftc.net 1285002620 Q * eja Quit: Leaving 1285004271 J * Chlorek ~cokolwiek@c.sed.pl 1285004670 N * transaci1 transacid 1285004811 J * petzsch ~markus@dslb-088-067-121-129.pools.arcor-ip.net 1285004975 Q * derjohn_mob Ping timeout: 480 seconds 1285005126 Q * jrdnyquist Remote host closed the connection 1285005545 J * jrdnyquist ~jrdnyquis@slayer.caro.net 1285006045 J * ntrs__ ~ntrs@77.28.10.147 1285006492 Q * ntrs_ Ping timeout: 480 seconds 1285006778 Q * alpha_one_x86 Quit: KVIrc Equilibrium 4.1.0, revision: 4696, sources date: 20100519, built on: 2010-08-29 21:19:12 UTC http://www.kvirc.net/ 1285006810 Q * ntrs__ Read error: Connection reset by peer 1285006821 J * ntrs__ ~ntrs@77.28.24.180 1285008571 N * Bertl_zZ Bertl 1285008578 M * Bertl back now ... 1285009090 Q * petzsch Quit: Leaving. 1285009367 J * petzsch ~markus@dslb-088-067-121-129.pools.arcor-ip.net 1285009392 Q * petzsch 1285009463 J * Piet_ ~Piet__@28IAAB2GC.tor-irc.dnsbl.oftc.net 1285009554 J * ghislain1 ~AQUEOS@adsl2.aqueos.com 1285009612 J * thierryp ~thierry@home.parmentelat.net 1285009723 J * niki ~niki@94.145.207.11 1285009827 Q * Piet Ping timeout: 480 seconds 1285009837 Q * ghislain Ping timeout: 480 seconds 1285010326 J * ghislain ~AQUEOS@adsl2.aqueos.com 1285010579 Q * ghislain1 Ping timeout: 480 seconds 1285010614 Q * Piet_ Remote host closed the connection 1285010749 J * Piet_ ~Piet__@28IAAB2GW.tor-irc.dnsbl.oftc.net 1285010793 Q * Piet_ Remote host closed the connection 1285010832 J * ghislain1 ~AQUEOS@81.56.195.31 1285010836 J * Piet_ ~Piet__@28IAAB2G0.tor-irc.dnsbl.oftc.net 1285010854 N * Piet_ Piet 1285010962 Q * ghislain Ping timeout: 480 seconds 1285012256 Q * thierryp Remote host closed the connection 1285013500 J * derjohn_mob ~aj@d046250.adsl.hansenet.de 1285014105 J * fLoo fLoo@188-194-120-43-dynip.superkabel.de 1285015381 Q * bonbons Quit: Leaving 1285015788 J * imcsk8 ~ichavero@201.174.32.227 1285015914 Q * ntrs__ Ping timeout: 480 seconds 1285016783 J * hijacker_ ~hijacker@87-126-142-51.btc-net.bg 1285017090 Q * dna Quit: Verlassend 1285017627 Q * hijacker_ Quit: Leaving 1285020075 J * petzsch ~markus@dslb-088-067-121-129.pools.arcor-ip.net 1285021234 J * petzsch1 ~markus@dslb-092-075-201-186.pools.arcor-ip.net 1285021517 Q * petzsch Ping timeout: 480 seconds 1285021873 Q * petzsch1 Quit: Leaving. 1285022247 Q * Piet Ping timeout: 480 seconds 1285022393 J * selim ~chatzilla@e181066195.adsl.alicedsl.de 1285022401 Q * selim 1285022856 J * Piet ~Piet__@82VAABDT3.tor-irc.dnsbl.oftc.net 1285023392 Q * imcsk8 Quit: Leaving 1285023494 Q * ghislain1 Quit: Leaving. 1285025076 Q * wibble Remote host closed the connection 1285025080 J * wibble wibble@vortex.ukshells.co.uk 1285025318 Q * Janno Quit: ZNC - http://znc.sourceforge.net