1286152781 J * imcsk8 ~ichavero@evdomip-80-222.iusacell.net
1286153922 M * Bertl off to bed now ... have a good one everyone!
1286153928 N * Bertl Bertl_zZ
1286157506 Q * manana Remote host closed the connection
1286161274 Q * derjohn_mob Read error: No route to host
1286162597 J * infowolfe ~infowolfe@c-67-166-127-67.hsd1.ut.comcast.net
1286163786 Q * imcsk8 Quit: This computer has gone to sleep
1286167221 J * derjohn_mob aj@88.128.70.254
1286169294 N * Bertl_zZ Bertl
1286169298 M * Bertl morning folks!
1286172253 J * ncopa ~ncopa@3.203.202.84.customer.cdi.no
1286173065 J * ntrs_ ~ntrs@77.28.27.135
1286173221 Q * ntrs_ Read error: Connection reset by peer
1286173232 J * ntrs_ ~ntrs@77.29.199.109
1286173757 J * kir ~kir@swsoft-msk-nat.sw.ru
1286174829 M * hijacker morning
1286175635 Q * derjohn_mob Ping timeout: 480 seconds
1286176221 J * derjohn_mob aj@88.128.217.145
1286177326 J * balbir_ ~balbir@122.172.19.99
1286179118 J * thierryp ~thierry@zankai.inria.fr
1286179143 Q * derjohn_mob Ping timeout: 480 seconds
1286179264 J * BenG ~bengreen@cpc6-aztw22-2-0-cust100.aztw.cable.virginmedia.com
1286179492 J * ghislain ~AQUEOS@adsl2.aqueos.com
1286179817 J * barzinho 9715ef7c@ircip2.mibbit.com
1286181875 J * petzsch ~markus@p4FF46672.dip.t-dialin.net
1286182167 M * fback_ morning Bertl :)
1286183114 J * manana ~mayday090@84.17.25.149
1286183176 J * barismetin ~barismeti@zanzibar.inria.fr
1286184182 Q * ntrs_ Ping timeout: 480 seconds
1286185468 Q * petzsch Quit: Leaving.
1286187734 J * petzsch ~markus@p4FF46672.dip.t-dialin.net
1286187789 Q * petzsch 
1286188391 Q * FireEgl Quit: Leaving...
1286188987 Q * BenG Quit: I Leave
1286189196 J * petzsch ~markus@p4FF46672.dip.t-dialin.net
1286190004 J * derjohn_mob ~aj@213.238.45.2
1286190732 J * ntrs ~ntrs@77.29.199.109
1286191272 Q * balbir_ Ping timeout: 480 seconds
1286191472 J * hijacker_ ~hijacker@213.91.163.5
1286191479 Q * hijacker_ Read error: Connection reset by peer
1286192253 Q * niki Quit: Ex-Chat
1286193476 Q * barzinho Quit: http://www.mibbit.com ajax IRC Client
1286194814 J * CcxCZ ~ccxCZ@adslctc-1867.adslcust.sbone.cz
1286194989 J * balbir_ ~balbir@122.172.41.188
1286196695 Q * manana Remote host closed the connection
1286196717 M * CcxCZ hi, I have some weird problems on vserver/grsec. Can anybody assist me? I already crawled through pages of straces.
1286196766 M * CcxCZ DBmail is unable to connect to postgrsql socket, psql does fine: http://paste.pocoo.org/show/270852/
1286197218 J * BenG ~bengreen@cpc6-aztw22-2-0-cust100.aztw.cable.virginmedia.com
1286197735 J * FireEgl ~FireEgl@2001:470:e056:8:d5d8:9d02:6232:c46d
1286198426 M * Bertl CcxCZ: what kernel/patch?
1286198475 M * CcxCZ 2.6.32.15-grsec2.1.14-vs2.3.0.36.29.4
1286198482 M * CcxCZ Bertl: ^
1286198499 M * Bertl hmm ... rather old ... do you use loopback isolation?
1286198553 M * CcxCZ It's unix domain sockets, connecting via IP works (but lacks user authentication)
1286198558 M * Bertl the problem is just with the socket/file ?
1286198586 M * Bertl then I'd suspect unix permissions or grsec 
1286198619 M * Bertl check with grsec debug/audit and syslogs (inside the guest)
1286198635 M * CcxCZ srwxrwxrwx 1 postgres postgres 0 Oct  4 15:08 /var/run/postgresql/.s.PGSQL.5432
1286198672 M * CcxCZ so perms should be OK, also all the uids/gids of dbmail/psql are the same
1286198826 M * Bertl this is inside a single guest, yes, not two different guests?
1286198903 M * CcxCZ syslog has just quite undescriptive connection error message and kernel/grsec log reports some segfaults (:-|), but they seem unrelated to the issue
1286198914 Q * BenG Quit: I Leave
1286198962 M * CcxCZ yes, single guest
1286199010 A * CcxCZ wonders if it's even possible to share unix socket among two guests
1286199158 M * CcxCZ there might be some bugs in dbmail, but they shouldn't be able to trigger this behavior (as far as I understand)
1286199226 M * Bertl to answer the question, yes, it is possible
1286199262 M * Bertl the permission denied OTOH comes from the kernel, so userspace is unlikely to be the culprit
1286199287 M * CcxCZ that's what I thought
1286199293 M * Bertl I'd suggest to try with vanilla + Linux-VServer (recent 2.6.32.x patch)
1286199330 M * Bertl if that works as expected, dig into grsec stuff, if not, we have some kind of bug we should investigate
1286199352 M * CcxCZ hmm, ATM I don't have box to try that on (that on is production server)
1286199429 M * CcxCZ is there list of syscalls that could irk grsec? like chroot and pivot_root that I could grep for
1286199496 M * Bertl no idea, you have to talk to the grsec folks for this, maybe harry can help too (he is maintaining the Linux-VServer + grsec patches)
1286199557 M * CcxCZ kthnx, for now I can keep using IP sockets as a workaround
1286199906 Q * `kbad Quit: leaving
1286199908 M * Bertl np
1286200700 Q * ncopa Quit: Ex-Chat
1286200864 J * ncopa ~ncopa@3.203.202.84.customer.cdi.no
1286201846 M * petzsch Bertl: any updates on the patch for 2.6.32.24?
1286201888 M * Bertl should be finished tonight
1286201968 M * petzsch ok, great to hear :-)
1286202890 J * Mr_Smoke smokey@layla.lecoyote.org
1286203848 Q * petzsch Quit: Leaving.
1286203896 M * Mr_Smoke HJi there
1286203932 M * Mr_Smoke Hi* too. I'm currently running an old 2.2.0.7/IPv6/grsec kernel
1286203950 M * Mr_Smoke I'm getting a new physical host, and am wondering about a kernel upgrade
1286203973 M * Mr_Smoke How far are we from the stabilisation of the current experimental branch ?
1286204107 P * kir Leaving.
1286204612 J * dowdle ~dowdle@scott.coe.montana.edu
1286204813 M * Bertl hard to tell, the recent kernel/patches seem to work fine, but atm there are no resources to do a proper code review, cleanup and testing for a devel/stable release
1286204849 M * Mr_Smoke Understood, I expected as much TBH
1286204872 M * Mr_Smoke I am on the verge of moving to Xen, too (i know, totally different technology)
1286204875 M * Mr_Smoke hence my question
1286204993 M * CcxCZ works for me :o)
1286204998 M * Mr_Smoke I'm not totally against the idea of running an experimental kernel though
1286205007 M * Mr_Smoke Except that I4d rather have grSec on my side :)
1286205114 Q * FireEgl Ping timeout: 480 seconds
1286205165 M * daniel_hozac there are patches with grsec for semi-recent kernels
1286205273 M * Mr_Smoke I see that now, indeed
1286205293 M * Mr_Smoke Is there a way to see the "missing" improvements between those semi-recent kernels and the latest ones ?
1286205307 M * Mr_Smoke That would be a great help in the decision making process :)
1286205316 M * Mr_Smoke (quite indispensable axctually)
1286205687 J * FireEgl FireEgl@FireEgl.CJB.Net
1286205747 M * Mr_Smoke Bottom line is I'll probably run a XEN or KVM anyway, and then one of the VMs will also run vserver containers
1286205767 M * Mr_Smoke Deciding on XEN vs KVM should be my main concern atm
1286205875 Q * FireEgl Read error: Connection reset by peer
1286206147 M * Bertl well, I would not even consider Xen with the current state of kvm
1286206237 M * Mr_Smoke How do you mean ?
1286206680 M * Mr_Smoke You mean it's mature enough not to bother with Xen ?
1286206759 J * FireEgl ~FireEgl@173-16-9-10.client.mchsi.com
1286206893 M * CcxCZ I'm using kvm with winxp guests and it's working flawlessly
1286206959 M * Mr_Smoke What's the performance hit ?
1286206966 Q * FireEgl Remote host closed the connection
1286207324 M * Bertl less than xen on a VT capable cpu
1286207823 M * Mr_Smoke Duly noted.
1286207834 M * Mr_Smoke I should read up a bit then
1286207846 M * Mr_Smoke Bertl: and you'd recommend KVM even for production use ?
1286207941 J * FireEgl FireEgl@Sebastian.Atlantica.CJB.Net
1286207943 M * daniel_hozac i've used kvm in production for several years.
1286208046 M * Mr_Smoke Ok. I'm seriously outdated here :)
1286208201 J * petzsch ~markus@p4FF46672.dip.t-dialin.net
1286208360 Q * thierryp Remote host closed the connection
1286208389 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d
1286209181 J * imcsk8 ~ichavero@201.174.32.227
1286209209 Q * barismetin Remote host closed the connection
1286209758 J * kir ~kir@swsoft-msk-nat.sw.ru
1286209812 Q * kir 
1286209985 M * Bertl Mr_Smoke: definitely, I use it for all kernel testing nowadays
1286210050 Q * petzsch Quit: Leaving.
1286210220 M * Mr_Smoke Ok.
1286211143 J * snoop ~sqd@APuteaux-153-1-2-90.w82-124.abo.wanadoo.fr
1286211476 M * snoop Hello all, i have a problem with vserver, i try to launch mrouted into vserver (is a multicast router service) but i have an error  :
1286211476 M * snoop  mrouted: 18:54:19.236 IGMP socket: Operation not permitted
1286211476 M * snoop  It is a limitation of vserver or i doing something bad (i hope it ) ?
1286211552 M * daniel_hozac you can't really do network things in a guest.
1286211693 M * snoop daniel_hozac, they are no hack for permit more network thing ? 
1286211727 M * daniel_hozac sure, you can give your guest CAP_NET_ADMIN and CAP_NET_RAW and disable the network context, but those aren't really suggested as they make your guest way too powerful.
1286211815 Q * derjohn_mob Ping timeout: 480 seconds
1286211890 J * petzsch ~markus@p4FF46672.dip.t-dialin.net
1286213066 M * snoop wonderfull is working, thank's daniel_hozac 
1286214114 Q * petzsch Quit: Leaving.
1286214172 M * snoop I leave, see you, tomorrow i try the solution and compare with vmware, i think it's more effective, i tell you on the chan.See you
1286214195 M * Mr_Smoke Apples and oranges, but ok :)
1286214197 M * snoop thank's again ^^
1286214208 Q * snoop Quit: Quitte
1286214988 J * petzsch ~markus@p4FF46672.dip.t-dialin.net
1286216154 J * dna ~dna@dslb-094-222-215-110.pools.arcor-ip.net
1286216419 Q * ntrs Read error: Connection reset by peer
1286216431 J * ntrs ~ntrs@77.28.3.88
1286217639 J * derjohn_mob aj@tmo-093-213.customers.d1-online.com
1286217941 J * _ruben_ ~ruben@bl21-161-8.dsl.telepac.pt
1286221248 Q * petzsch Quit: Leaving.
1286221258 J * petzsch ~markus@p4FF46672.dip.t-dialin.net
1286221492 J * petzsch1 ~markus@p4FF46672.dip.t-dialin.net
1286221682 J * urbee urbee@93-103-199-233.dynamic.dsl.t-2.net
1286221691 M * urbee Hi :)
1286221739 Q * petzsch Ping timeout: 480 seconds
1286222104 M * Bertl off to bed now ... have a good one everyone!
1286222145 M * urbee nite
1286222147 N * Bertl Bertl_zZ
1286222319 J * petzsch ~markus@p4FF45B32.dip.t-dialin.net
1286222694 Q * petzsch1 Ping timeout: 480 seconds
1286222868 J * niki ~niki@94.145.207.11
1286223621 Q * bonbons Ping timeout: 480 seconds
1286223889 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d
1286224010 Q * dna Quit: Verlassend
1286224396 Q * bonbons Quit: Leaving
1286225162 Q * ntrs Ping timeout: 480 seconds
1286225266 Q * ghislain Quit: Leaving.
1286225428 J * cuba33ci_ ~cuba33ci@111-240-205-165.dynamic.hinet.net
1286225534 Q * cuba33ci Ping timeout: 480 seconds
1286225717 J * derjohn_foo aj@88.128.205.219
1286225822 J * manana ~mayday090@84.17.25.149
1286225988 Q * derjohn_mob Ping timeout: 480 seconds
1286226222 J * _ruben_1 ~ruben@bl21-161-8.dsl.telepac.pt
1286226222 Q * _ruben_ Read error: Connection reset by peer
1286226630 P * _ruben_1 
1286226935 Q * petzsch Quit: Leaving.
1286229279 J * petzsch ~markus@p4FF45B32.dip.t-dialin.net
1286229660 Q * manana Remote host closed the connection
1286233319 Q * dowdle Remote host closed the connection
1286233771 Q * petzsch Quit: Leaving.
1286233858 Q * imcsk8 Quit: Leaving
1286234789 M * Mr_Smoke Aw now there's LXC too ?
1286234791 M * Mr_Smoke Darn
1286234806 M * Mr_Smoke How is one man suppose to make the right choice now