1287619945 J * geb ~geb@mars.gebura.eu.org 1287621005 J * FireEgl FireEgl@2001:470:e056:8:f84f:1f5c:bed1:f951 1287621338 Q * geb Quit: ZNC - http://znc.sourceforge.net 1287621671 Q * Piet Ping timeout: 480 seconds 1287621766 J * geb ~geb@mars.gebura.eu.org 1287622293 J * Piet ~Piet__@1RDAAACDE.tor-irc.dnsbl.oftc.net 1287622709 M * Bertl off to bed now ... have a good one everyone! 1287622715 N * Bertl Bertl_zZ 1287626937 Q * DLange Quit: Kernel updates for fun and profit 1287636896 Q * balbir_ Ping timeout: 480 seconds 1287639543 J * ghislain ~AQUEOS@adsl2.aqueos.com 1287639754 J * balbir_ ~balbir@122.248.163.1 1287640166 Q * ghislain Read error: Connection reset by peer 1287640400 J * ncopa ~ncopa@3.203.202.84.customer.cdi.no 1287641140 J * ghislain ~AQUEOS@adsl2.aqueos.com 1287641651 M * MrTV good morning everyone! 1287642239 M * hijacker morning 1287642260 N * karasz_ karasz 1287642534 M * arekm Bertl_zZ: 2.6.36 is there :) 1287643280 J * DLange ~DLange@dlange.user.oftc.net 1287643335 Q * swenTjuln Quit: KVIrc Insomnia 4.0.1, revision: 4541, sources date: 20100627, built on: 2010-08-03 16:04:47 UTC http://www.kvirc.net/ 1287643745 Q * derjohn_foo Ping timeout: 480 seconds 1287644391 Q * niki Quit: Ex-Chat 1287644827 J * petzsch ~markus@dslb-088-075-126-201.pools.arcor-ip.net 1287645511 J * thierryp ~thierry@zankai.inria.fr 1287645870 Q * thierryp Remote host closed the connection 1287645918 J * thierryp ~thierry@zankai.inria.fr 1287646565 J * derjohn_foo ~aj@213.238.45.2 1287647624 N * morfoh_ morfoh 1287647767 Q * petzsch Quit: Leaving. 1287647867 Q * Piet Remote host closed the connection 1287647932 N * monrad monrad-51468 1287648068 J * Piet ~Piet__@1RDAAACOC.tor-irc.dnsbl.oftc.net 1287648118 N * Bertl_zZ Bertl 1287648124 M * Bertl morning folks! 1287648159 M * Bertl arekm: was about time :) 1287648330 M * ghislain morning 1287648340 M * ghislain following the netstat mail in mailing list 1287648364 M * ghislain making the kernel privacy of guest option true brings what exact changes to the system and it's security ? 1287648388 M * ghislain i just blindly set it to true without knowing exactly what it does :p 1287648399 M * ghislain you know..privacy is good so... 1287648888 M * Bertl it somewhat prevents the admin to interfere with the guest 1287648920 Q * monrad-51468 Quit: bla 1287648952 J * monrad-51468 ~mmk@domitian.tdx.dk 1287649094 M * fback ghislain: it forces the admin to vserver enter the guest instead just use the spectator context ;-) 1287649143 M * Bertl not just that .. :) 1287649178 M * Bertl also note that entering a guest can be blocked as well 1287650661 J * ktwilight ~keliew@91.176.229.197 1287650817 Q * ktwilight_ Ping timeout: 480 seconds 1287651286 M * ghislain entering a guest can be blocked by this 1287651294 M * ghislain humm never encountered that 1287651349 M * ghislain i wonder in what way it prevent it hum 1287651364 M * Bertl not with that option 1287651439 M * ghislain humm i will see if there is doc on the site i am confused about this :) 1287651505 J * barismetin ~barismeti@zanzibar.inria.fr 1287651518 M * Bertl VXF_STATE_ADMIN formerly INFO_PRIVATE 1287651926 M * ghislain is the privacy option permiting this flag but is off by default or does it exeist even withtou a kernel with guest privacy option checked ? 1287652072 M * Bertl it exists regardless of the privacy option 1287652219 M * ghislain tu est toujours sur casting ? 1287652223 M * ghislain ousp sorry 1287652438 Q * barismetin Remote host closed the connection 1287652825 N * zbyniu_ zbyniu 1287653583 M * ghislain oh there you go, complete answer in the mailing list thanks bertl 1287653794 J * swenTjuln ~kvirc@217.72.66.253 1287654522 Q * ntrs Ping timeout: 480 seconds 1287654988 J * ntrs ~ntrs@vault08.rosehosting.com 1287655186 M * ghislain added to the faq 1287655209 M * Bertl tx 1287655313 J * BenG ~bengreen@cpc6-aztw22-2-0-cust100.aztw.cable.virginmedia.com 1287656160 M * fback Bertl: I'd consider blocking entering guest to be like dropping any kind of console and depending on ssh only 1287656204 M * fback works in most cases, yes, but in emergency situation you most likely need the console 1287657288 J * petzsch ~markus@dfn162.rz.tu-ilmenau.de 1287658677 Q * petzsch Quit: Leaving. 1287658826 Q * BenG Quit: I Leave 1287660310 Q * balbir_ Ping timeout: 480 seconds 1287661301 J * BenG ~bengreen@cpc6-aztw22-2-0-cust100.aztw.cable.virginmedia.com 1287661312 Q * BenG 1287661971 J * niki ~niki@188.228.10.177 1287663840 M * Bertl fback: consider it hosting a machine where you do not have the root password (and the console is locked down) 1287664456 J * petzsch ~markus@dfn461.rz.tu-ilmenau.de 1287665329 Q * petzsch Quit: Leaving. 1287665476 J * petzsch ~markus@dfn461.rz.tu-ilmenau.de 1287665711 Q * niki Ping timeout: 480 seconds 1287665906 Q * petzsch Quit: Leaving. 1287666039 J * balbir_ ~balbir@122.167.172.17 1287666146 J * barismetin ~barismeti@zanzibar.inria.fr 1287666267 J * niki ~niki@188.228.10.177 1287667171 Q * dude_ Remote host closed the connection 1287668575 J * BenG ~bengreen@cpc6-aztw22-2-0-cust100.aztw.cable.virginmedia.com 1287669087 Q * BenG Quit: I Leave 1287670642 M * swenTjuln Bertl: is /proc/uptime (on host not in VE) somehow affected by vserver patch? 1287670664 M * Bertl yes, it can be virtualized 1287670671 M * swenTjuln i know that 1287670685 M * swenTjuln it's just that I get wierd values 1287670709 M * Bertl kernel/patch/util-vserver version and what values do you get? 1287670716 M * swenTjuln file contains: UPTIME_SINCE_BOOT IDLE_SICE_BOOT values 1287670763 M * swenTjuln and IDLE_SICE_BOOT value is extremely low 1287670884 M * swenTjuln 2.6.32-24-vserver/???i don't know (cannonical lies to us, remember)/0.30.215 1287670951 M * swenTjuln i use packages from https://launchpad.net/~christoph-lukas/+archive/ppa , except util-vserver is ubuntu(karmic) package 1287670972 M * swenTjuln which claims it's 0.30.216 but it's not 1287671057 M * swenTjuln is there a better source for pre-compiled ubuntu packages thancristoph-lukas' PPA ? 1287671222 M * swenTjuln BBL 1287671228 Q * thierryp Ping timeout: 480 seconds 1287671432 M * Bertl the VIRT_UPTIME works via a known 'delta' to the existing uptime accounting 1287671473 M * Bertl i.e. at guest startup, a delta is recorded and stored with the context, all results are now biased with that delta, the normal uptime as well as the idle time 1287671592 M * MrTV hi, i am trying to formulate a regex to filter kernel log messages from vserver (using logcheck). i cannot express » and « so that egrep understands it. the egrep version is 2.5.3 and the log file is in iso-8859 format. at least the file programm guesses that. is this possible at all? 1287671684 M * MrTV e.g. egrep "»" /var/log/kern.log finds nothing 1287671702 M * daniel_hozac \xbb \xab 1287671717 M * MrTV this does: cat /var/log/kern.log | iconv -f iso-8859-1 -t utf-8 | egrep "»" 1287671767 M * Bertl it's a simple extended ascii character (upper range) 1287671787 M * Bertl but I plan to make it configurable for those utf-8 freaks out there :) 1287671879 M * MrTV daniel_hozac, how do you enter that? just hitting backslash b b gives no search result 1287671935 M * PowerKe maybe it works if you set your locale to en_US.UTF-8 ? (export LC_ALL=en_US.UTF-8) 1287671955 M * Bertl MrTV: don't forget the 'x' 1287671978 M * MrTV egrep \xbb /var/log/kern.log 1287671981 M * MrTV no result 1287671989 M * MrTV LANG is en_US.UTF-8 1287672097 M * MrTV if i open the kern.log with less, i see it like and 1287672107 M * PowerKe hmm, so it's maybe the other way around and your kernel logger is writing the file iso-8859-1 and grep is parsing it as utf-8 (not sure what the representation is for that character in both encodings) 1287672211 M * MrTV how does egrep know what kind of file it reads? 1287672269 M * daniel_hozac use LANG=C 1287672347 M * MrTV if i say file /var/log/kern.log, i get ISO-8859 text. so rsyslog (on debian lenny) is probably writing it in iso, as PowerKe said 1287672653 M * MrTV export LANG=C; egrep \xbb /var/log/kern.log 1287672656 M * MrTV no result 1287672745 M * MrTV i am beginning to believe that egrep in that version isn't able to search for those chars. 1287672799 M * Bertl it definitely is, but it probably doesn't understand hex ascii specifiers 1287672911 M * MrTV grep -e "`echo -n » | iconv -f utf-8 -t iso-8859-1`" /var/log/kern.log 1287672914 M * MrTV this works 1287672962 M * Bertl you should be able to use `echo -ne '\xbb' for example 1287672969 M * MrTV but i cannot tell logcheck to pipe the whole file through iconv 1287673013 M * Bertl no need to do that IMHO 1287673037 M * Bertl you just need to figure out what is actually in the log, and 'xxd' can help you there 1287673071 M * Bertl from the kernel side, it simply is \xab and \xbb as daniel mentioned 1287673115 M * MrTV hm, ok. i'll try to dig further. thx! 1287673167 M * Bertl if you are interested, I'll whip up a patch to change the quotes? 1287673188 M * Bertl (as I said, I've been planning to do that for some time now) 1287673270 J * Kitty_Away go-there@188.247.74.45 1287673274 M * MrTV maybe that is a good idea, but for now i would then have to patch and build my own kernel which is not what i really want. :) 1287673300 Q * ncopa Quit: Ex-Chat 1287673305 M * MrTV i'd rather like to stay with the distro kernel, we had a little discussion about that yesterday 1287673382 M * Bertl well, then xxd is your friend 1287673411 M * MrTV ok 1287673860 M * MrTV xxd says (if i interpret the output correctly, newer used xxd before) that the chars are "bb" and "ab". 1287673877 M * MrTV now i only have to go one step more 1287673904 M * PowerKe grep `echo -ne \\\\xbb` /var/log/kern.log should work 1287673984 M * MrTV PowerKe, you found it, that works! 1287674073 J * BenG ~bengreen@cpc6-aztw22-2-0-cust100.aztw.cable.virginmedia.com 1287674073 M * MrTV this also does: egrep $'\xab' /var/log/kern.log 1287674110 Q * BenG 1287674134 M * MrTV i wonder if logcheck will take this 1287675319 J * petzsch ~markus@dslb-088-075-126-201.pools.arcor-ip.net 1287675394 M * MrTV it isn't :\ 1287675909 M * Bertl figure out how to specify hex or octal ascii codes first 1287675957 M * Bertl e.g. check for 'A' as \0101 or \x41 1287675978 M * Bertl you might need to escape certain parts, like the back slash 1287675993 M * Bertl once that works, the sequence you want to identify is either 1287676022 M * Bertl \xc2\xbb ... \xc2\xab (UTF-8) or just \xbb ... \xab (ISO8859) 1287676042 M * Bertl (or the octal representation if the hex form is not recognized) 1287676187 M * MrTV ok, i'll try 1287676935 J * fLoo fLoo@188-194-120-245-dynip.superkabel.de 1287676944 Q * Kitty_Away autokilled: This host violated network policy. Mail support@oftc.net if you think this in error. (2010-10-21 16:02:24) 1287676945 M * fLoo <3 Bertl 1287676947 M * fLoo :) 1287676966 M * fLoo i thought u'd go for the updates this week but within 1 day - impressive 1287676993 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1287677084 M * Bertl thanks, but I already had some patches for the -rc uploaded so the change was not too big 1287677119 M * Bertl I also decided to re-activate the VIRT_TIME, but the new implementation is mostly untested 1287677166 M * fLoo i see 1287677172 M * fLoo i dont use VIRT_TIME anyway 1287677190 M * fLoo did u got any response regarding hard cpu scheduling from lk team ? 1287677222 Q * barismetin Remote host closed the connection 1287677291 M * Bertl yes, there seems to be a new patch, I'm currently looking into it for integration 1287677329 M * ghislain ohoh, great news 1287677354 M * fLoo nice 1287677360 M * fLoo i bashed them 1287677367 M * fLoo seems to be working 1287677372 M * fLoo gonna keep on bashing them ;) 1287677414 M * Bertl yeah, they even bothered to CC me :) 1287677423 M * fLoo lol 1287677555 M * Bertl but the first impression of 2.6.36 is good 1287677580 M * Bertl i.e. it might actually be a kernel which can keep up with 2.6.22 :) 1287677657 J * thierryp ~thierry@home.parmentelat.net 1287677717 M * fLoo i liked 2.6.18 tbh 1287677728 M * fLoo and 2.4.32 ;) 1287677757 M * fLoo atm i am compiling the new kernels for my boxes 1287677774 M * fLoo btw, can i assist you with a better link for hosting the patches ? 1287677779 M * fLoo or are u fine with what u got 1287677804 M * Bertl ATM the server seems to be fine, but thanks for the offer, I'll keep that in mind 1287677809 M * fLoo yw 1287678123 M * fLoo mmh 1287678131 M * fLoo not much changed since 2.6.35.X 1287678141 M * fLoo had only to modifiy like 20 entries 1287678213 M * fLoo hermine:/usr/src/linux-2.6.36# make-kpkg --initrd kernel_image --revision coresec.1 1287678214 M * fLoo lets go 1287679456 Q * derjohn_foo Ping timeout: 480 seconds 1287679873 M * arekm Bertl: do you have some eta on .36 patch? 1287679925 M * Bertl already uploaded and linked on the wiki page :) 1287679951 M * Bertl but there will be a bunch of minor updates in the next few hours 1287680207 Q * niki Quit: Ex-Chat 1287680363 M * arekm wow 1287680377 M * arekm faster than light 1287680407 M * arekm these deltas are fixes I assume? 1287680413 M * arekm for .36 1287680491 M * Bertl feature enhancements and cleanups 1287680523 M * arekm will these be merged into that "next few hours" updated patch? 1287680535 M * Bertl yes, I hope so 1287680564 M * arekm ok, merging here locally then 1287680575 M * ghislain if you named the patch with the date you woudl have to make it up to the second in precision :) 1287680899 M * Bertl we have nanosecond precision in the kernel now :) 1287681875 Q * thierryp Remote host closed the connection 1287682210 M * fLoo lol 1287682211 M * fLoo what for ? 1287682212 M * fLoo :D 1287682936 M * Bertl to produce distinctive time stamps :) 1287683193 M * ghislain eheh 1287683421 J * pell ~john@ip-81-210-160-120.unitymediagroup.de 1287683531 M * pell hello, is there a way to create a bind-mount of a dir on the host filesystem to a dir in a running guest (i.e. without restarting the guest?) 1287683790 M * Bertl yes, just use the filesystem namespace for the guest to do that 1287685211 M * pell Bertl: I've tried it, could you have a look? http://pastebin.com/raw.php?i=cdsYu8Ay 1287685267 M * urbee Oct 19 21:43:44 ivan ovpn-server[18352]: Note: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2) 1287685267 M * urbee Oct 19 21:43:44 ivan ovpn-server[18352]: Cannot allocate TUN/TAP dev dynamically 1287685288 M * urbee is it possible to run openvpn on a vserveR? 1287685291 M * daniel_hozac pell: yes, that mount would have been cleaned up. 1287685295 M * daniel_hozac urbee: yes. 1287685308 M * urbee what am i doing wrong then :) 1287685312 M * daniel_hozac urbee: you need to setup the interfaces with util-vserver, and copy the device node 1287685335 M * urbee is there something on wiki about this? 1287685343 M * urbee cuz i have no idea what ur talking about :) 1287685351 M * urbee i just got a request from a user to make this work 1287685387 M * urbee http://linux-vserver.org/Frequently_Asked_Questions#Can_I_run_an_OpenVPN_Server_in_a_guest.3F 1287685389 M * urbee i see :p 1287685423 M * daniel_hozac that is actually mostly bogus. 1287685428 M * fLoo Linux hermine 2.6.36-vs2.3.0.36.33 #1 SMP Thu Oct 21 18:56:07 CEST 2010 i686 GNU/Linux 1287685430 M * fLoo everything fine 1287685431 M * fLoo <3 1287685473 M * urbee where should i check then? 1287685655 M * pell daniel_hozac: I usually bind-mount before starting the guest, so somehow util-vserver is clever enough to resolve it in this situation (is this what you meant with "would have been cleaned up"?) 1287685941 M * Bertl it means, that your /mnt/data/root/pictures does not exist in the guest namespace 1287685987 M * Bertl use /bin/bash instead of the mount and have a look around 1287686219 M * pell correct, there is no /mnt/data/root/pictures in the guest namespace. So when starting a guest the host namespace is duplicated, including all nodes necessary to resolve such a bind mount? And now as I'm trying to create such a bind-mount afterwards I have to make sure that I get all nodes in there first so "mount" can resolve it? ... or am I missing something? :) 1287686250 M * Bertl well, you are on the right track 1287686265 M * Bertl the namespace is a copy of the host namespace at the time the guest was started 1287686290 M * Bertl but it got 'cleaned up' by util-vserver so that there are no unnecessary dependancies 1287686349 M * pell ahh, ok. that's what daniel_hozac meant :) 1287686397 M * arekm the quotes patch is weird, why this is needed? 1287686452 M * Bertl to make folks happy who complain about the \xbb and \xab characters in the kernel log 1287686480 M * Bertl (the default is the old behaviour) 1287686515 M * arekm so why not use ascii? making such thing configurable looks quite insane? 1287686541 M * Bertl because I intentionally avoid 7bit ascii characters for debug reasons 1287686553 J * thierryp ~thierry@home.parmentelat.net 1287686608 M * Bertl but you can select the ascii version, which will use single quotes instead 1287686757 M * arekm choosed default, just was suprised to see such thing 1287686826 M * urbee anyone about the openvpn issue? :p 1287686871 M * Bertl select persistant tun devices, configure the tun for the guest, that's about it 1287686981 M * urbee any docs or wiki i could help myself with? or any howtos or similar 1287687017 M * Bertl well, you found the wiki page already, try to make it work and correct the outdated info there 1287687027 M * daniel_hozac setup the interface for the guest like you normally would and touch /etc/vservers//interfaces//tun (or tap). 1287687028 M * Bertl check the 'flower page' for the tun specific config 1287687230 M * pell Bertl: wow, looking at the output of another guest with some bind-mounts using vnamespace -e /bin/cat /proc/mounts, the cleanup looks very effective. The final entry for any bind-mount is like on the host system a simple "/dev/mapper/data /vservers/foo/mnt/target", and I'm unable to find the real source directory for /vservers/foo/mnt/target from this entry (the source in the mounts file is just the device node) 1287687420 M * Bertl which basically is identical, and the way you want to 'mount' that in the running guest now 1287687474 M * Bertl folks tend to see the --bind mounts as 'links' for directories, but they are actually something completely different :) 1287687510 M * Bertl (and they work for files as well :) 1287687609 M * pell I just started to realize that :) .. I wonder how 'mount' is able to find out the real source file/dir then? (i.e. the /proc/mounts output just lists the device node as the source, while the mount output shows the "complete" source path) 1287687640 M * daniel_hozac mount writes its own state file. 1287687679 M * pell :o 1287687968 M * Bertl which in turn means that mount usually shows whatever 'somebody' has written to /etc/mtab, even if that doesn't reflect reality 1287687990 M * Bertl (you can try that yourself, just modify the mtab file and see what mount reports :) 1287688160 M * pell so if /etc/mtab is missing, how could I find out the complete source paths of all active bind-mounts? 1287688202 M * Bertl this is like finding all the pathes to a hardlinked file :) 1287688481 M * pell very interesting... thanks for the hints :) -- helps to understand how to solve my problem... I'll give it a try now ;) 1287688787 J * derjohn_mob aj@tmo-081-18.customers.d1-online.com 1287689775 M * Bertl arekm: okay, uploaded two more deltas and a 'new' patch 1287689976 M * arekm ok, updated, got stuck on usual things like grsecurity 1287690046 M * pell got it working now. However, there is a weirdness left I don't understand: using mount in the guest namespace also affects /etc/mtab on the host(?) (/proc/mounts of the host is unaffected and correct) 1287690212 M * daniel_hozac only if you use vnamespace 1287690224 M * daniel_hozac vmount will update the guest's /etc/mtab 1287690494 M * pell http://pastebin.com/raw.php?i=LVS1VpLQ 1287690565 M * pell I'm using vnamespace there, but I think this is related to the symbolic link stuff of dm? (/dev/mapper/data == /dev/dm-1) 1287691306 M * pell ok, I could solve it by adding the source filesystem of the bind-mount using "mount -n" to the guest namespace, then using vmount to finally create the bind-mount. Everything looks clean now, thanks! :) 1287691913 Q * Alteisen Ping timeout: 480 seconds 1287692028 M * Bertl arekm: ah, is there a grsec patch for 2.6.36? 1287692239 M * Bertl anyway, off to bed for today ... have a good one everyone! 1287692245 N * Bertl Bertl_zZ 1287694076 J * Alteisen alteisen@shell.chaostreff-dortmund.de 1287694983 Q * pell Quit: leaving 1287695390 Q * ntrs Ping timeout: 480 seconds 1287695473 Q * bonbons Quit: Leaving 1287695872 M * arekm Bertl_zZ: unfortunately not yet 1287695894 J * ntrs ~ntrs@vault08.rosehosting.com 1287695960 J * fzylogic ~fzylogic@dsl081-243-128.sfo1.dsl.speakeasy.net 1287697373 Q * ghislain Quit: Leaving. 1287698461 Q * PowerKe Read error: Connection reset by peer 1287698469 J * PowerKe ~tom@d5153A3CF.access.telenet.be 1287699121 Q * petzsch Ping timeout: 480 seconds 1287699850 Q * FireEgl Remote host closed the connection 1287700629 J * petzsch ~markus@ip-80-226-224-188.vodafone-net.de 1287700631 J * FireEgl ~FireEgl@173-25-19-139.client.mchsi.com 1287701380 Q * petzsch Ping timeout: 480 seconds 1287704447 Q * fzylogic Quit: DreamHost Web Hosting http://www.dreamhost.com 1287704467 Q * dowdle Remote host closed the connection