1288915215 Q * dowdle_ Remote host closed the connection
1288915391 Q * ghislain Quit: Leaving.
1288921382 M * Bertl off to bed now ... have a good one everyone!
1288921387 N * Bertl Bertl_zZ
1288937618 Q * padde Remote host closed the connection
1288937803 J * padde ~padde@patrick-nagel.net
1288940733 J * BenG ~bengreen@cpc6-aztw22-2-0-cust100.aztw.cable.virginmedia.com
1288941751 J * ghislain ~AQUEOS@adsl2.aqueos.com
1288942161 Q * derjohn_mob Ping timeout: 480 seconds
1288942362 J * petzsch ~markus@dslb-092-078-224-120.pools.arcor-ip.net
1288942994 Q * nkukard Ping timeout: 480 seconds
1288943198 Q * petzsch Quit: Leaving.
1288943532 Q * Piet_ Remote host closed the connection
1288943574 J * Piet_ ~Piet__@659AAA1JT.tor-irc.dnsbl.oftc.net
1288943682 J * derjohn_mob ~aj@213.238.45.2
1288943718 J * nkukard ~nkukard@196.213.204.34
1288944469 N * Bertl_zZ Bertl
1288944475 M * Bertl morning folks!
1288944845 M * hijacker morning
1288944963 J * Fa1c0n Fa1c0n@114.92.49.22
1288945210 P * Fa1c0n Leaving
1288945662 J * petzsch ~markus@dslb-092-078-224-120.pools.arcor-ip.net
1288947745 M * ncopa morning
1288947756 M * ncopa i have just released alpine-vserver-2.1.1
1288947769 M * ncopa seems to work, except vserver-stat
1288947777 M * ncopa i get:  open(memory.usage_in_bytes): No such file or directory
1288947786 M * ncopa but the vserver runs
1288947850 M * Bertl what kernel/patch/util-vserver version?
1288947853 M * ncopa its a 2.6.35.8-vs2.3.0.36.33 kernel and 0.30.216-pre2921
1288947870 M * ncopa its with uclibc and not gnu libc
1288947872 M * Bertl memory cgroups enabled in the kernel?
1288948004 M * ncopa CGROUP_MEM_RES_*=y
1288948015 M * Bertl okay, /dev/cgroup mounted?
1288948038 M * ncopa no
1288948061 M * ncopa which openrc service is supposed to do that?
1288948064 M * Bertl that is supposed to be done by the runlevel startup scripts of util-vserver
1288948071 M * ncopa ah
1288948115 M * Bertl /etc/init.d/util-vserver here
1288948125 M * ncopa yeah
1288948126 M * ncopa here too
1288948130 M * ncopa i just forgot to start it
1288948141 M * ncopa i had a feeling there was someting i had forgot :)
1288948143 M * ncopa thanks!
1288948146 M * Bertl np
1288948149 M * ncopa all good then
1288948261 M * ncopa sweet!
1288948296 M * ncopa it took me exactly 1 min to boot alpine-vserver iso in qemu and have the first guest running
1288948309 M * ncopa 61 seconds
1288948526 M * Bertl nice
1288949675 M * swenTjuln Is there a known issue with rbldnsd in VServer
1288949781 M * Bertl had to google that, inspired by DJ Bernsteins rbldns ... not sure that is good :)
1288949804 M * Bertl anyway, I don't see why it should have any issues in a guest
1288949929 M * swenTjuln why wouldnt it be good?
1288950018 M * swenTjuln Bertl: actually, it works but with strange issue
1288950021 M * Bertl I don't know anything about this software ... but I know that DJB lives in his own universe, with his own rules
1288950043 M * Bertl and they are often rather different from the rest of the world :)
1288950071 M * Bertl but as it isn't DJB software, just inspired, it might be just fine
1288950089 M * swenTjuln You know....when you 'fake' loopback in guest
1288950132 M * swenTjuln it gets mapped or something (ie 127.0.0.1 in container is 127.something.something on host)
1288950156 M * Bertl correct
1288950183 M * swenTjuln in my case 127.something.something is 127.12.179.1
1288950215 M * swenTjuln so....if I bind rbldnsd on 127.12.179.1 and query 127.12.179.1, it would work
1288950242 M * swenTjuln but it wouldn't if i bind it to 127.0.0.1
1288950276 M * Bertl then your kernel or guest config is broken
1288950321 M * Bertl the 127.x.x.1 IP is mapped back and forth with a proper guest config so the 127.x.y.1 is never even seen inside a guest
1288950344 M * Bertl what kernel/patch/util-vserver version?
1288950455 M * swenTjuln kernel: Linux ubuntu 2.6.32-24-vserver #43~ppa1-Ubuntu, utils: 0.30.215
1288950517 M * Bertl those tools are definitely too old for that kernel
1288950551 M * Bertl also check that you do not have single_ip special casing on for your guest
1288950559 M * Bertl (and a single IP assigned :)
1288950587 M * swenTjuln Bertl: i've disabled single ip special casing
1288950604 M * swenTjuln we talket about it yesterday
1288950613 M * swenTjuln *talked*
1288950741 M * Bertl upload the output of 'nattribute --get --nid <nid>' and 'cat /proc/virtnet/<nid>/info' to paste.linux-vserver.org (replace <nid> with your guest's nid)
1288950876 M * swenTjuln http://paste.linux-vserver.org/18303
1288950893 M * swenTjuln now I'll try to bind it to another lo IP
1288950911 M * Bertl [127.0.0.11-0.0.0.0/255.0.0.0:0010] 
1288950917 M * Bertl where does that come from?
1288950930 M * swenTjuln i've just created another IP for lo
1288950940 M * Bertl don't do that
1288950940 M * swenTjuln so I can bind service to it
1288950946 M * swenTjuln no?
1288950948 M * swenTjuln ok
1288950973 M * swenTjuln is there a reason not to do it?
1288950996 M * Bertl yes, with a /8 binding, you basically assign _all_ local addresses to the guest
1288951014 M * Bertl and they will all get remapped to lback as well
1288951035 M * swenTjuln ups
1288951077 M * swenTjuln but wasn't that supposed to be for routing purposes (netmask)
1288951079 M * swenTjuln ?
1288951102 M * Bertl lo is special in this regard
1288951129 M * swenTjuln oh! Always of just within Vserver?
1288951136 M * swenTjuln or
1288951142 M * Bertl in general, and loopback (127.x) addresses won't work if you use lback remapping
1288951188 M * Bertl (but IMHO there is no point in using 127.x addresses anyway, except for the typical 127.0.0.1 case)
1288951279 M * swenTjuln well 127.0.0.1:53 is already used by BIND so i'd need another IP which i'll use to bind RBLDNS
1288951303 M * Bertl what about 192.168.0.1:53 then :)
1288951328 M * swenTjuln ...that would do
1288951336 M * swenTjuln just what I was typeing
1288951349 M * swenTjuln ill use dummy interface for that
1288951373 M * Bertl np, it will use lo for local traffic anyways
1288951407 M * swenTjuln so you suggest that I assign 192.168.0.1 to lo?
1288951412 M * Bertl no
1288951431 M * Bertl I'd assign it to the interface carrying 195.x
1288951444 M * Bertl but as I said, dummy is fine
1288952474 M * swenTjuln Bertl: seem like it's working. Thanks
1288952502 M * Bertl you're welcome!
1288952509 M * Bertl off for now ... bbl
1288952513 N * Bertl Bertl_oO
1288953510 J * manana ~mayday090@84.17.25.149
1288955666 Q * petzsch Quit: Leaving.
1288956311 J * petzsch ~markus@dslb-092-078-224-120.pools.arcor-ip.net
1288956811 P * petzsch 
1288957533 J * petzsch ~markus@dslb-092-078-224-120.pools.arcor-ip.net
1288958109 Q * nkukard Quit: Leaving
1288958109 Q * renihs Read error: Connection reset by peer
1288961308 Q * BenG Quit: I Leave
1288961578 M * swenTjuln Building DEB packages(on Ubuntu) for util-vserver-0.30.216-pre2921 don't work.
1288961624 M * swenTjuln i've successfully build packages for pre2914, though
1288962742 M * swenTjuln even pre2920 build successfully 
1288962762 M * swenTjuln *built*
1288963804 M * fback swenTjuln: 21:06 <daniel_hozac> try adding a make DESTDIR=$(CURDIR)/debian/tmp install-distribution to your debian/rules before creating the  manifest.
1288964086 Q * FloodServ synthon.oftc.net services.oftc.net
1288965437 M * swenTjuln fback: Yes....that helped! TY!
1288965582 Q * petzsch Quit: Leaving.
1288965646 J * FloodServ services@services.oftc.net
1288966969 Q * derjohn_mob Ping timeout: 480 seconds
1288968690 J * dowdle ~dowdle@scott.coe.montana.edu
1288969033 J * petzsch ~markus@ip-80-226-244-105.vodafone-net.de
1288970077 Q * petzsch Quit: Leaving.
1288970508 Q * ghislain Quit: Leaving.
1288970534 J * derjohn_mob aj@88.128.41.185
1288971309 J * ghislain ~AQUEOS@adsl2.aqueos.com
1288971321 J * petzsch ~markus@ip-80-226-204-100.vodafone-net.de
1288972330 Q * petzsch Quit: Leaving.
1288972698 J * petzsch ~markus@ip-80-226-13-104.vodafone-net.de
1288973199 Q * derjohn_mob Ping timeout: 480 seconds
1288974665 J * petzsch1 ~markus@ip-80-226-13-104.vodafone-net.de
1288974832 Q * petzsch Ping timeout: 480 seconds
1288978314 Q * petzsch1 Quit: Leaving.
1288980115 Q * Piet_ Ping timeout: 480 seconds
1288980715 J * Piet_ ~Piet__@659AAA1WP.tor-irc.dnsbl.oftc.net
1288982685 J * faheem ~faheem@bigipfloater1.duhs.duke.edu
1288982749 M * faheem has anyone got suggestions about getting a fedora 13 (or similar) vserver working on debian lenny?
1288982789 M * faheem the standard vserver package on lenny has up to like fedora 6 or 7.
1288982954 J * harry ~harry@d51A461B4.access.telenet.be
1288984287 M * daniel_hozac get a newer util-vserver+
1288984512 M * faheem daniel_hozac: will the one from testing work?
1288984616 M * daniel_hozac unlikely.
1288984779 M * arekm daniel_hozac: hi, I assume there is no smarter/better way to get some interface for use inside of guest with network namespace enabled than this? http://paste.linux-vserver.org/pastebin.php?dl=16615
1288984859 M * daniel_hozac line 13 is crack.
1288984882 Q * peanut Ping timeout: 480 seconds
1288984888 J * peanut ~peanut@cpe-24-58-59-60.twcny.res.rr.com
1288984958 J * petzsch ~markus@p4FF45D69.dip.t-dialin.net
1288985009 M * arekm veth would be much nicer for me but no idea how to get it yet
1288985187 M * arekm anyway I'm looking into http://www.nongnu.org/util-vserver/doc/conf/configuration.html and I don't see any script run with post-start or pre-stop as parameter. I see separate scripts documented there for that. Huh?
1288985215 M * daniel_hozac yes.
1288985264 M * daniel_hozac the scripts are given the script type as an argument too.
1288985673 M * arekm daniel_hozac: I need a hint for one thing. In post-start I'm doing "vspace -e "$VSERVER_NAME" --net -- ip link add name "veth-$VSERVER_NAME-host" type veth peer name "veth-$VSERVER_NAME"" which creates two veth devices connected together but both are inside of guest... any clues on how to move one to host namespace?
1288985693 M * daniel_hozac do that in the host.
1288985696 M * daniel_hozac then move it to the guest.
1288985991 M * arekm hmm, if I understand this correctly then to do the move I need the pid of something in guest, how to get such pid from post-start?
1288986010 M * daniel_hozac yeah, it's ugly as hell.
1288986040 M * daniel_hozac i need to do some work to add hooks for this so people aren't exposed to this horrible API...
1288986074 M * arekm the best would be to patch iproute to use own pid right? My guess is that vspace is moving into desired net namespace
1288986088 M * daniel_hozac but, you probably need to do it from context 1 and do something like a vcontext --xid <guest> --migrate -- ps
1288986100 M * arekm vspace -e "$VSERVER_NAME" --net -- ip link set "veth-$VSERVER_NAME" netns OWNPID 
1288986112 M * daniel_hozac well, you need to be in the host's namespace to have access to the interface in the first place.
1288986120 M * daniel_hozac in order to move it.
1288986149 M * arekm ah
1288986182 M * daniel_hozac honestly, why it's using a pid is beyond me. if you're using plain initstyle, i guess you can just grep for the initpid in /rpoc/virtual
1288986235 M * daniel_hozac you can do something like pid=$(vserver <guest> exec sh -c 'echo $$; exec sleep 60') i suppose.
1288986250 M * arekm I was going to do exacly something like that :)
1288987057 M * arekm uhm, some capability is needed to manage interfaces NET_ADMIN?
1288987524 M * arekm seems to be working - vserver ${VSERVER_NAME} exec sh -c 'exec sleep 60' &
1288987525 M * arekm pid=$(vserver ${VSERVER_NAME} exec sh -c 'pidof -s sleep'
1288987982 M * arekm Comments? http://www.pld-linux.org/Docs/Vserver#head-23617c6842424b1f0ff988634b39000b6137f60c
1288988380 M * arekm uhm, but iptables inside of guest don't work
1288988448 M * Bertl_oO faheem: better build your own from recent util-vserver linked on the wiki
1288988452 N * Bertl_oO Bertl
1288988503 M * arekm is another capability needed?
1288988651 M * arekm hm, docs say NET_ADMIN is enough
1288988771 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d
1288989009 M * faheem Bertl: meaning from source?
1288989041 M * Bertl yep, despite common knowledge, it's possible :)
1288989084 M * faheem Bertl: heh
1288989145 M * Bertl note that the tar can be used to build a .deb and .rpm
1288989416 M * faheem Bertl: can i use the version from squeeze?
1288989444 M * Bertl sure, just don't expect it to work
1288989581 M * arekm 169690 socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = -1 EPERM (Operation not permitted)
1288989593 M * arekm iptables needs raw sock, weird
1288989685 M * daniel_hozac not really.
1288989699 M * Bertl IMHO it should use netlink
1288989811 M * arekm ehm, mine is using socket for something - http://pastebin.com/0ErdUQE4
1288989889 M * arekm lol, creating /sbin/modprobe that does exit 0 and iptables starts working
1288989915 M * arekm but had to add NET_RAW of course
1288990344 M * arekm iptables people tell me that it doesn't yet fully use netlink
1288990599 M * arekm daniel_hozac: seems that there is nsid, too (ip netns add 1    # create network namespace with index 1; ip link set eth1 nsid 1    # move eth1 to network namespace with index 1). Maybe there is a way to figure out which id was used for new net namespace
1288990638 J * imcsk8 ~ichavero@201.174.32.230
1288990657 M * arekm or not, seems that only to be a proposition ;/
1288990717 M * daniel_hozac yeah...
1288991764 M * arekm and here are the dragons [256753.704368] unregister_netdevice: waiting for lo to become free. Usage count = 3
1288991810 M * daniel_hozac heh
1288992366 M * arekm daniel_hozac: another problem - how to reliably detect from inside of guest that we have netns enabled
1288992760 M * Bertl /proc/self/nsproxy
1288992770 M * Bertl (at least if you have Linux-VServer patched)
1288992814 Q * Piet_ Remote host closed the connection
1288992935 M * arekm Bertl: and what would be there if enabled/disabled? 
1288992957 M * arekm (-) == enabled, (I) == disabled?
1288992975 M * Bertl I = initial
1288993023 M * arekm what's "initial" then?
1288993025 M * Bertl there is no en- or disabled
1288993045 M * Bertl there is an initial namespace (used on the host) and 'other' namespaces
1288993073 M * arekm so basically this file cannot be used to verify that we have namespace in guest (and not using isolation) right?
1288993100 M * Bertl network namespaces and isolation are orthogonal
1288993111 M * Bertl i.e. you can have none, one of them or both
1288993186 M * arekm weird because I had normal vserver setup and simply added netns -> ended with being able to use different ip in guest (but maybe that's NET_ADMIN/RAW fault)
1288993232 M * arekm Bertl: anyway. I have initscripts. The same initscripts are used on bare metal host and in vserver guest. For vserver guest I simply skip network setting. Now I need to differentiate pure vserver guest vs netns enabled vserver guest
1288993332 M * Bertl well, (I) means host/initial namespace
1288993354 M * Bertl you will get that on guests using the host network namespace and isolation
1288993389 M * arekm actually I get that on host and isolation only guests. netns enabled guests don't have (I)
1288993532 M * Bertl that's what I said
1288993546 M * arekm right
1288993687 J * Piet_ ~Piet__@659AAA10Z.tor-irc.dnsbl.oftc.net
1288993727 J * derjohn_mob ~aj@tmo-018-47.customers.d1-online.com
1288993970 M * faheem Bertl: why can't i just get new 'recipies' for my current installation?
1288993995 Q * petzsch Quit: Leaving.
1288994008 M * Bertl probably because nobody here uses 'your' setup (successfully)
1288994014 M * arekm Bertl: can there be something else than (I) or () ?
1288994020 M * arekm (-)
1288994032 M * Bertl haven't checked
1288994054 M * faheem Bertl: this is just whatever is the default installation on debian lenny
1288994089 M * Bertl and we are telling folks (including the debian maintainers) that this setup is broken and should not be used
1288994132 M * Bertl but feel free to investigate and figure out strange workarounds
1288994148 M * faheem Bertl: well, that's too bad. it used to work for me
1288994168 M * Bertl so, what changed?
1288994170 M * faheem once upon a time
1288994196 M * faheem Bertl: well, the current installation doesn't have magical recipies for Fedora 13
1288994224 M * Bertl so, write them yourself, or complain to the maintainers
1288994254 M * Bertl mainline (i.e. recent util-vserver) has them and they work just fine
1288994290 M * Bertl I don't see what we could do to help here
1288994308 M * faheem Bertl: well, my question was whether i could just copy them from a more recent version
1288994319 M * faheem they mostly look like a bunch of text config files
1288994332 M * Bertl try it out, we just don't know, because we do not test that known broken config
1288994369 M * faheem Bertl: ok
1288994391 M * faheem Bertl: can you point me to discussion of the brokenness?
1288994407 M * faheem like a debian bug report or something?
1288994413 M * Bertl http://linux-vserver.org/Installation_on_Debian
1288994428 M * faheem Bertl: ok thanks
1288994449 M * Bertl might not be accurate as the upcoming 'stable' release will have a 2.6.32 kernel
1288994451 J * petzsch ~markus@p4FF45D69.dip.t-dialin.net
1288994463 M * Bertl (but with an older/outdated patch, at least atm)
1288994646 M * faheem Bertl: the Debian folks don't talk to you, or what?
1288994661 M * Bertl they do, but debian has 'strange' rules
1288994669 M * daniel_hozac really?
1288994671 M * faheem Bertl: ah
1288994680 M * daniel_hozac who is even maintaining the kerenl part of it these days?
1288994694 M * Bertl micah and dan AFAIK
1288994717 M * daniel_hozac i didn't realize micah did the kernel as well.
1288994735 M * Bertl faheem: for example, there is no chance in hell to get new scripts (for fedora 13) into debian stable, because it isn't a security fix
1288994773 M * faheem Bertl: ok. but that in itself wouldn't cause brokenness. just outdatedness
1288994801 M * Bertl yes, most of the brokenness is caused by picking the wron patches/tools at the wrong time
1288994861 M * faheem Bertl: sounds unpleasant
1288994899 M * faheem is there a recommended unofficial version? if the official one is broken, that is
1288994933 M * faheem package that is
1288994945 M * Bertl IIRC, somebody was/is maintaining newer packages
1288994965 M * Bertl but as I said, at least for util-vserver it should be trivial to build a .deb from the source
1288994981 M * Bertl and the kernel should be customized anyway, at least IMHO
1288995012 M * faheem Bertl: hmm. my current kernel works just fine, so i'm disinclined to experiment
1288995026 M * faheem but in any case, i'd need a corresponding kernel, right?
1288995042 M * daniel_hozac no.
1288995699 J * BenG ~bengreen@cpc6-aztw22-2-0-cust100.aztw.cable.virginmedia.com
1288995709 Q * BenG 
1288997034 Q * petzsch Quit: Leaving.
1288997908 Q * derjohn_mob Read error: Connection reset by peer
1288998030 Q * faheem Quit: Lost terminal
1288999311 Q * dowdle Remote host closed the connection