1291423097 M * Bertl daniel_hozac: got a minute? 1291423121 M * daniel_hozac sure 1291423124 M * daniel_hozac what's up? 1291423132 M * Bertl still the user namespace feature 1291423148 M * daniel_hozac okay 1291423160 M * Bertl I was wondering if we should record that separately for the two space entries 1291423177 M * Bertl or alternatively make it depend on one of them 1291423223 M * Bertl because as I see it, util-vserver does currently request the user space in both of them, right? 1291423252 M * daniel_hozac hmm. no, i don't think so. 1291423266 M * daniel_hozac we should only be using the space index for the filesystem namespaces. 1291423342 M * Bertl vxi->vx_fs[index] = fs; 1291423359 M * Bertl so we currently record two entries for the filesystem as well 1291423367 M * daniel_hozac right. 1291423371 M * Bertl not sure both are used by util-vserver though 1291423377 M * daniel_hozac they are. 1291423406 M * Bertl and naturally there are nsproxies for both as well 1291423416 M * Bertl maybe I just misunderstood you 1291423446 M * Bertl let me rephrase that 1291423475 M * daniel_hozac util-vserver will only use one user space per guest. 1291423477 M * Bertl currently we allow a mask for each index, and that mask may well contain CLONE_NEWUSER (for each index as well) 1291423483 M * daniel_hozac right 1291423511 M * Bertl so, now as I see it, we have two options here (to clean the mess up for the user space :) 1291423528 M * Bertl a) disallow CLONE_NEWUSER in one of them 1291423553 M * Bertl b) make the user credentials an indexed feature as well 1291423568 M * daniel_hozac i don't really see a use-case for the index there. 1291423573 M * Bertl as far as I understood you, we should go for a) 1291423585 M * daniel_hozac right 1291423606 M * Bertl the question now is, what will break if we remove CLONE_NEWUSER from one index (advertisement and setting)? 1291423637 M * daniel_hozac nothing should. 1291423659 M * daniel_hozac non-zero indices will only be used by util-vserver for the filesystem ones. 1291423737 M * Bertl so we simple remove CLONE_NEWUSER from the space mask for index1 1291423755 M * daniel_hozac right 1291423760 M * Bertl resulting in EINVAL when you request to set or enter it 1291423792 J * mikez mike@no.phear.eu 1291423873 M * Bertl in which case we get the cred = NULL case handled for free 1291423992 M * daniel_hozac how so? 1291424021 M * Bertl because when the mask contains the proper bit, the creds have been already set 1291424039 M * Bertl we just need to check at assignment time for the put/free 1291424100 M * Bertl judging from the code, I believe that we should never encounter a process where cred or real_cred are NULL 1291424139 M * daniel_hozac right 1291424142 M * Bertl so, we only have two cases at space_set, one when the set mask for index 0 is zero 1291424160 M * Bertl (or the user bit there, FWIW) 1291424181 M * Bertl in which case we can simply assign the values 1291424195 M * Bertl and the second one, where we need to assign and put the old ones 1291424205 M * daniel_hozac right 1291424235 M * Bertl in the enter case, it is always defined, because when the bit is not set, we'll get EINVAL before we take action 1291424302 M * daniel_hozac yeah 1291424329 M * Bertl btw, I think we should expose the mask somewhere in the nsproxy proc entry, no? 1291424349 M * Bertl (and of course, add the user space as pointer entry) 1291424362 M * Bertl well, the credentials :) 1291424365 M * daniel_hozac yeah 1291424365 M * daniel_hozac i agree 1291424408 M * Bertl okay, I'll prepare something in that direction and post it for review this weekend 1291424454 M * Bertl as far as I understood, it seems to work fine for arekm and fix his issues so far 1291424463 M * daniel_hozac good. 1291424528 M * Bertl I don't see a point in duplicating the other credentials atm, do you? 1291424543 M * Bertl i.e. key store, etc 1291424630 M * daniel_hozac hmm, we don't get that for free? 1291424646 Q * dowdle Remote host closed the connection 1291424682 M * Bertl struct cred *replacement_session_keyring; /* for KEYCTL_SESSION_TO_PARENT */ 1291424727 M * Bertl struct key *uid_keyring; /* UID specific keyring */ 1291424728 M * Bertl struct key *session_keyring; /* UID's default session keyring */ 1291424752 M * daniel_hozac what are they part of? 1291424778 M * Bertl the session keyring is part of the process 1291424794 M * Bertl the uid keyrings are part of the user struct 1291424806 M * daniel_hozac aren't those handled automatically when we create a new userspace though? 1291424824 M * Bertl maybe, I haven't dug into that code yet 1291424879 M * daniel_hozac hmm, guess not... 1291424890 M * daniel_hozac i really have no idea how those key store things work :-) 1291424908 M * Bertl me neither, although I used to use some of them :) 1291424940 M * Bertl http://lwn.net/Articles/210502/ 1291425000 M * Bertl (this was the beginning :) 1291425063 M * Bertl efs makes heavy use of that keystore 1291425086 M * daniel_hozac okay 1291425145 M * Bertl anyway, I think we are safe if we don't touch them for now 1291425163 M * daniel_hozac sounds good. 1291425248 M * Bertl okay, thanks for your time, let me know if there is anything I need to be careful about regarding util-vserver ... 1291425271 M * Bertl as I said, will probably have a tested patch at the end of the weekend 1291425309 M * daniel_hozac i don't think there's anything to worry about for util-vserver there. 1291425346 M * daniel_hozac just ensure it's part of the default mask returned, and it should just work... 1291425492 Q * bsingh Ping timeout: 480 seconds 1291425514 M * Bertl we'll see :) 1291438692 M * Bertl off to bed now ... have a good one everyone! 1291438697 N * Bertl Bertl_zZ 1291449179 J * ghislain ~AQUEOS@adsl2.aqueos.com 1291450291 Q * thierryp Remote host closed the connection 1291450905 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1291452328 M * arekm ouh, still some creds problems? 1291456002 J * derjohn_mob ~aj@p54B02B74.dip.t-dialin.net 1291457121 Q * derjohn_mob Ping timeout: 480 seconds 1291457459 J * pmenier ~pmenier@ACaen-152-1-14-246.w83-115.abo.wanadoo.fr 1291458246 M * ntrs Are there rpms of the latest util-vserver (pre2926)? 1291462977 J * manana ~mayday090@84.17.25.149 1291469308 N * Bertl_zZ Bertl 1291469312 M * Bertl morning folks! 1291469326 M * Bertl ntrs: rpm -tb 1291469370 M * Bertl arekm: did you encounter any or are you just refering to our discussion? 1291469947 Q * _WildPIkachu_ Ping timeout: 480 seconds 1291470393 J * _WildPIkachu_ ~nkukard@196-215-87-245.dynamic.isadsl.co.za 1291474407 M * Bertl off for now ... bbl 1291474414 N * Bertl Bertl_oO 1291476605 Q * eyck Read error: No route to host 1291476906 J * eyck ~eyck@77.79.198.66 1291478276 Q * Wonka Remote host closed the connection 1291478592 J * Wonka produziert@chaos.in-kiel.de 1291479552 Q * _WildPIkachu_ Ping timeout: 480 seconds 1291480353 J * nkukard ~nkukard@196-210-171-6.dynamic.isadsl.co.za 1291480728 J * petzsch ~markus@p4FF458C3.dip.t-dialin.net 1291483643 Q * manana Ping timeout: 480 seconds 1291483679 M * arekm Bertl_oO: referring to discussion 1291483705 J * manana ~mayday090@84.17.25.149 1291486434 N * pmenier pmenier_off 1291486587 J * Walex ~Walex@94-195-60-69.zone9.bethere.co.uk 1291491007 Q * FireEgl Remote host closed the connection 1291492059 J * bsingh ~balbir@122.172.43.177 1291493422 Q * petzsch Quit: Leaving. 1291494023 Q * FloodServ Service unloaded 1291494122 J * FloodServ services@services.oftc.net 1291494384 J * arosen ~arosen@130.127.39.173 1291494458 M * arosen Does anyone use vserver with ubuntu 10.04? I just tried it out and it seemed really unstable. (For example I created a new vserver started it. entered it. and then exited from it and then when I went to reenter it, the process that was running it had died. ) 1291494523 M * arosen I've been using vserver with debian lenny for just creating vm's of debian and its worked great there . 1291494626 M * daniel_hozac Ubuntu doesn't have anyone caring for it. 1291494631 M * daniel_hozac so i wouldn't really suggest using that. 1291494851 M * arosen daniel_hozac: Under debian I couldn't create a vserver of ubuntu because there wasn't a script for lucid. Is there a script i could put there to get around this? 1291494894 M * arosen that matched up with --dist 1291496728 J * petzsch ~markus@p4FF458C3.dip.t-dialin.net 1291496806 M * _are_ well, you could just copy over the script from wherever you find it? 1291497066 M * daniel_hozac get a newer debootstrap installed. 1291498167 M * Bertl_oO arosen: most likely your problem is caused by upstart and a missing proper guest config 1291498194 M * Bertl_oO (assumed that you did not use the ubuntu provided kernel) 1291499280 Q * Walex Remote host closed the connection 1291501411 Q * petzsch Quit: Leaving. 1291502090 Q * ghislain Quit: Leaving. 1291503671 J * ktwilight_ ~keliew@91.176.92.54 1291503911 Q * ktwilight Ping timeout: 480 seconds 1291504450 Q * kazuya Ping timeout: 480 seconds 1291504760 J * kazuya kazuya@freebsdsecured.org