1291853716 M * Bertl off to bed now ... have a good one everyone!
1291853720 N * Bertl Bertl_zZ
1291855737 J * Hunger ~Hunger@Hunger.hu
1291856672 Q * dowdle Remote host closed the connection
1291858708 Q * manana Remote host closed the connection
1291860994 J * imcsk8 ~ichavero@189.253.64.164
1291861407 Q * imcsk8 Quit: This computer has gone to sleep
1291862000 Q * neutrino Ping timeout: 480 seconds
1291865860 J * imcsk8 ~ichavero@189.253.64.164
1291867063 J * bsingh ~balbir@122.172.5.43
1291871528 Q * oli Quit: Verlassend
1291872050 Q * bsingh Ping timeout: 480 seconds
1291876505 Q * niki Quit: Ex-Chat
1291877544 Q * imcsk8 Quit: This computer has gone to sleep
1291878017 N * Bertl_zZ Bertl
1291878021 M * Bertl morning folks!
1291878555 J * ghislain ~AQUEOS@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr
1291879148 Q * thierryp_ Remote host closed the connection
1291879373 M * hijacker morning
1291880745 J * harry ~harry@d51A461B4.access.telenet.be
1291881230 Q * ntrs Ping timeout: 480 seconds
1291881321 Q * derjohn_foo Ping timeout: 480 seconds
1291881383 J * DarkUranium ~DarkUrani@93-103-181-50.dynamic.t-2.net
1291881663 J * ntrs ~ntrs@vault08.rosehosting.com
1291881708 J * mikez mike@no.phear.eu
1291882741 J * derjohn_foo ~aj@213.238.45.2
1291884036 J * neutrino ~clopez___@155.99.117.91.static.mundo-r.com
1291884691 J * petzsch ~markus@dslb-092-078-235-044.pools.arcor-ip.net
1291885679 M * ghislain good morning..... infidel               (sorry just watched akmed the dead terrorist comic puppet show)
1291885831 J * manana ~mayday090@84.17.25.149
1291886010 J * BenG ~bengreen@cpc2-aztw22-2-0-cust83.aztw.cable.virginmedia.com
1291886635 J * thierryp ~thierry@zankai.inria.fr
1291886667 Q * DarkUranium Ping timeout: 480 seconds
1291887697 J * DarkUranium ~DarkUrani@93-103-181-50.dynamic.t-2.net
1291888406 Q * DarkUranium Ping timeout: 480 seconds
1291890367 J * barismetin ~barismeti@zanzibar.inria.fr
1291890370 Q * barismetin Remote host closed the connection
1291890387 J * barismetin ~barismeti@zanzibar.inria.fr
1291890546 M * FlashDeluxe hi! can somebody tell me how i can add a route in my vserver, so that it is able to connect to an IP in my VPN? 
1291890954 M * Bertl you do not 'add routes' in guests, unless you are using network namespaces (which I doubt)
1291890985 M * Bertl you can add routes (within multiple routing tables) on the host though
1291891026 M * FlashDeluxe do i have to do that via ip rules?
1291891041 M * Bertl multiple routing tables, yes
1291891092 M * FlashDeluxe ah ok, thanks
1291891401 J * kir ~kir@swsoft-msk-nat.sw.ru
1291891467 Q * thierryp Remote host closed the connection
1291891521 J * thierryp ~thierry@zankai.inria.fr
1291892241 P * kir Leaving.
1291892990 Q * ktwilight_ Read error: Connection reset by peer
1291892998 J * ktwilight ~keliew@91.176.112.57
1291894574 Q * petzsch Quit: Leaving.
1291894646 J * yarihm ~yarihm@gprs15.swisscom-mobile.ch
1291898484 J * bsingh ~balbir@122.172.5.43
1291898771 Q * bsingh Read error: Connection reset by peer
1291899576 Q * BenG Quit: I Leave
1291900163 J * petzsch ~markus@dslb-092-078-235-044.pools.arcor-ip.net
1291900672 Q * manana Remote host closed the connection
1291900776 J * manana ~mayday090@84.17.25.149
1291901177 J * DarkUranium ~DarkUrani@93-103-181-50.dynamic.t-2.net
1291902498 Q * neutrino Remote host closed the connection
1291902818 J * bsingh ~balbir@122.167.249.158
1291904319 Q * thierryp Remote host closed the connection
1291904426 Q * DarkUranium Remote host closed the connection
1291904778 N * ensc Guest472
1291904788 J * ensc ~irc-ensc@p5DF2CDC9.dip.t-dialin.net
1291904946 Q * Guest472 Ping timeout: 480 seconds
1291905644 J * imcsk8 ~ichavero@189.253.64.164
1291906153 J * biz ~biz@baze.de
1291906492 J * DarkUranium ~DarkUrani@93-103-181-50.dynamic.t-2.net
1291906505 Q * petzsch Quit: Leaving.
1291906590 M * biz Hi, is it possible to set net.core.somaxconn and net.ipv4.tcp_max_syn_backlog per guest? (e.g. using /etc/vservers/<guest>/sysctl/n/{setting,value})
1291906652 M * daniel_hozac no
1291906661 M * daniel_hozac it might be if you use network namespaces.
1291906778 M * arekm would be nice if Daniel needed network namespaces for something ... then we would have nice support in utils instead of current hacks ;-)
1291906811 M * biz damn.. ok. So when I set it globally on the host system, do I have to restart the guests or is it active immediately?
1291906880 M * daniel_hozac active immediately.
1291906900 M * daniel_hozac arekm: unlikely. don't really have time right now.
1291906914 M * biz thanks
1291907052 Q * vizz Quit: leaving
1291907151 J * vizz ~vizz@2001:1608:12:0:dead:beef:babe:101
1291908645 Q * barismetin Remote host closed the connection
1291909142 J * petzsch ~markus@dslb-092-078-235-044.pools.arcor-ip.net
1291909215 J * hparker ~hparker@2001:470:1f0f:32c:215:f2ff:fee0:9872
1291910143 Q * ntrs Ping timeout: 480 seconds
1291910313 M * ard arekm : there is pretty ok support for networked namespaces actually :-)
1291910400 M * ard you have to do some stuff yourself, since there is no real generic solution on how to use them
1291910436 M * ard With some vservers/host combinations I use veth and bridge that with vlans. Mostly tunnel servers.
1291910454 M * ard With most vservers I just put the complete vlan in the network namespace
1291910631 J * ntrs ~ntrs@vault08.rosehosting.com
1291910704 M * arekm ard: my solution is here http://www.pld-linux.org/Docs/Vserver#head-23617c6842424b1f0ff988634b39000b6137f60c
1291910713 M * arekm ard: but it's racy. Is your solution race free?
1291910815 Q * derjohn_foo Ping timeout: 480 seconds
1291911161 J * thierryp ~thierry@82.226.190.44
1291911282 J * dowdle ~dowdle@scott.coe.montana.edu
1291911899 M * Bertl nap attack ... bbl
1291911907 N * Bertl Bertl_zZ
1291913783 J * neutrino ~neutrino@209.106.18.95.dynamic.jazztel.es
1291914384 Q * FlashDeluxe Remote host closed the connection
1291914590 M * ard arekm : I use the normal vserver ip setup except for those that hold the network namespace. I have multiple guests in a single network namespace.
1291914606 M * ard startup of the networknamespace holder is similar
1291914628 M * ard there is no race as far as I can see.
1291914700 M * ard The latest problem I had was when doing dhcp-server, because the post-start is too late to add interfaces to a vserver  :-)
1291914708 M * ard I do not change init style though
1291914759 M * ard I think I will fix that by forking of a "daemon" from pre-init, that will give the vserver an interface and have an init script inside the client that waits until there is a default route or whatever
1291914810 M * ard but for general use I have generic vservers within a network namespace that can communicate with generic vservers within another namespace through an external firewall
1291914906 M * ard Of course it is possible to run a firewall in a seperate network namespace, but the firewall I am now working on has about 156 interfaces :-)
1291914919 M * ard that's 1 of a few clusters
1291915293 Q * bsingh Ping timeout: 480 seconds
1291915928 J * bsingh ~balbir@122.172.8.35
1291915966 M * arekm in my setup there is a race. guest init scripts can be faster than post-start script that setups veth
1291916543 Q * DarkUranium Remote host closed the connection
1291917875 J * dreamind ~dreamind@mx01.ap-wdsl.de
1291917893 J * DarkUranium ~DarkUrani@93-103-181-50.dynamic.t-2.net
1291917893 M * dreamind Hi folks :)
1291917946 M * dreamind I have a strange problem, when /dev/cgroup is mounted, any vserver won't start :(
1291917965 M * dreamind This is the actual error:  /usr/lib/util-vserver/vserver.functions: line 1525: /dev/cgroup/mail2/tasks: No such file or directory
1291917983 M * dreamind it seems the mkdir in /dev/cgroup fails - but why? :(
1291917989 M * daniel_hozac do you have an old util-vserver and CONFIG_CGROUP_NS enabled?
1291918186 M * dreamind well I just installed the newest util-vserver (pre2926)
1291918204 M * daniel_hozac did you rerun the initscript?
1291918213 M * dreamind and I have CONFIG_CGROUP_NS enabled
1291918219 Q * mnemoc Quit: Reconnecting
1291918223 M * dreamind yes I tried to rerun /etc/init.d/util-vserver
1291918231 J * mnemoc ~amery@shell.opensde.net
1291918296 M * dreamind I just stopped one vserver, umounted /dev/cgroup, rerun /etc/init.d/util-vserver and same problem
1291918313 M * dreamind :(
1291918366 M * daniel_hozac /etc/init.d/util-vserver restart, right?
1291918452 M * dreamind argh it will restart all guests?
1291918492 Q * dreamind Remote host closed the connection
1291918598 J * dreamind ~dreamind@mx01.ap-wdsl.de
1291918630 M * dreamind ok this killed my jabber instance :(
1291918702 M * daniel_hozac right.
1291918704 M * daniel_hozac it stops all guests.
1291918750 M * dreamind ok i did now a restart, but still it doesn't work when /dev/cgroup is mounted.
1291918768 M * dreamind still exactly the same error.
1291918812 Q * DarkUranium Remote host closed the connection
1291918876 M * dreamind daniel_hozac: any idea? is it possible, that its related to my (not current) mixture of linux-vserver and grsecurity?
1291918884 M * dreamind I'm running:  2.6.32.21-grsec2.2.0-vs2.3.0.36.29.4
1291919166 M * daniel_hozac well, what options are /dev/cgroup mounted with?
1291919279 M * dreamind According to /proc/mounts: vserver /dev/cgroup cgroup rw,relatime,net_cls,freezer,devices,cpuacct,cpu,ns,cpuset 0 0
1291919302 M * daniel_hozac are you sure you have the latest version of /etc/init.d/util-vserver?
1291919310 M * daniel_hozac or did you configure your /etc/vservers/.defaults/cgroup manually?
1291919379 M * dreamind I have: util-vserver 0.30.216-pre2926-1
1291919414 M * dreamind and in /etc/vservers/.defaults/cgroup I only have a mnt file which contains /dev/cgroup.
1291919477 M * dreamind I just removed that whole directory, with the same result
1291919490 M * dreamind (still the same list of options)
1291919780 M * daniel_hozac so diff -u /etc/init.d/util-vserver sysv/util-vserver lists nothing?
1291919854 Q * thierryp Remote host closed the connection
1291919996 M * dreamind hm, strange... I guess I forgot that :( there was CGROUP_SUBSYS=defaults inserted. but anyhow when I now start util-vserver it doesn't want to mount /dev/cgroup
1291920017 M * daniel_hozac yes, you need the cgroup directory.
1291920021 M * daniel_hozac otherwise cgroups won't be used.
1291920051 M * dreamind I know
1291920070 M * dreamind but I don't get why this fails on my system: /bin/mount -t cgroup -o cpu,cpuacct,devices,freezer,net_cls vserver /dev/cgroup
1291920071 M * dreamind :(
1291920092 M * dreamind it fails with: mount: vserver already mounted or /dev/cgroup busy
1291920141 M * dreamind ok this was not complete... util-vserver now tries to use the following options: cpuset,cpu,cpuacct,devices,freezer,net_cls
1291920154 M * dreamind but fails mounting
1291920209 M * daniel_hozac why?
1291920271 M * dreamind I don't know, mount just shows "vserver already mounted or /dev/cgroup busy"
1291920397 J * Weihnachtsmann ~1234@ip-95-223-36-117.unitymediagroup.de
1291920409 M * Weihnachtsmann hi i search a guy for images - i will payed :(
1291920610 M * neutrino hello
1291920664 M * neutrino I can mount directories with sshfs but I can not umount them on a vserver guest (I have SECURE_MOUNT and BINARY_MOUNT cccaps enabled)
1291920671 M * neutrino fusermount -u test
1291920677 M * neutrino fusermount: failed to clone namespace: Operation not permitted
1291920692 M * neutrino any idea?
1291920839 M * neutrino It works if I run umount as root (instead of fusermount -u). But I need to umount the dir as an unprivileged user
1291921877 Q * quasisane Quit: leaving
1291922354 J * derjohn_foo aj@80.187.146.54
1291922875 M * dreamind daniel_hozac: I'll try with newer kernel, maybe that helps :/
1291923081 J * quasisane ~sanep@c-76-24-80-97.hsd1.nh.comcast.net
1291923741 M * daniel_hozac neutrino: what is it actually trying to do?
1291923751 M * daniel_hozac because that sounds like it's doing something it most definitely doesn't need to do.
1291923780 M * daniel_hozac dreamind: well, make sure it's not mounted before you run it...
1291923822 M * dreamind daniel_hozac: it wasn't earlier, I checked multiple times :(
1291923851 J * DarkUranium ~DarkUrani@93-103-181-50.dynamic.t-2.net
1291924154 P * dreamind 
1291926807 J * ghislain1 ~AQUEOS@adsl2.aqueos.com
1291926863 Q * ghislain Ping timeout: 480 seconds
1291927143 Q * bsingh Ping timeout: 480 seconds
1291927388 Q * petzsch Quit: Leaving.
1291927571 N * Bertl_zZ Bertl
1291927632 M * Bertl Weihnachtsmann: probably wrong channel, eh?
1291927811 M * neutrino I want to allow a non privilege user to mount via sshfs a directory and allow the same user to unmount the previously mounted directory
1291927879 M * neutrino I found two workarounds: allow all users to call unmount with root privileges (via sudo)
1291927917 M * Bertl sudo?
1291927952 M * Bertl fusermount seems to try to unshare namespaces, which shouldn't be required for mounting or unmounting ... 
1291927970 M * daniel_hozac yeah
1291927980 M * neutrino unmount works as expected
1291927980 M * daniel_hozac unmounting in a namespace seems pretty silly actually.
1291927985 M * neutrino but fusermount no
1291928021 M * neutrino I ended symbolic linking /etc/fstab and /etc/mtab and applying a small patch to the unmount code
1291928113 M * neutrino That will remove the check that unmount does on the user option on fstab. So only having user=username would be enough to allow the user to unmount the directory
1291928147 M * neutrino that did the trick and users are able to unmount the directories calling unmount (without sudo)
1291928168 J * ichavero_ ~ichavero@189.253.64.164
1291928185 M * Bertl why not simply put the user option into fstab?
1291928216 Q * imcsk8 Read error: Connection reset by peer
1291928268 M * neutrino becouse I want to allow users to mount/unmount any arbitrary directory. That will require to put all possibilities (crazy) on fstab
1291928469 Q * yarihm Read error: Connection reset by peer
1291928566 Q * cuba33ci Read error: Connection reset by peer
1291928654 J * cuba33ci ~cuba33ci@111-240-212-190.dynamic.hinet.net
1291928662 J * petzsch ~markus@dslb-092-078-235-044.pools.arcor-ip.net
1291930599 Q * hparker Quit: Quit
1291930841 J * hparker ~hparker@2001:470:1f0f:32c:215:f2ff:fee0:9872
1291931803 Q * ntrs Ping timeout: 480 seconds
1291932180 Q * derjohn_foo Ping timeout: 480 seconds
1291932245 J * ntrs ~ntrs@vault08.rosehosting.com
1291932246 Q * petzsch Quit: Leaving.
1291932319 N * ensc Guest523
1291932329 J * ensc ~irc-ensc@p5DF2FB91.dip.t-dialin.net
1291932476 J * niki ~niki@94.145.207.11
1291932729 Q * Guest523 Ping timeout: 480 seconds
1291933890 Q * ntrs Ping timeout: 480 seconds
1291934284 J * ntrs ~ntrs@vault08.rosehosting.com
1291934541 M * vizz hello, i try to understand how networking works between host and guest, both have own ip but same mac
1291934551 M * vizz i cant find something like bridges or vlans
1291935667 M * Bertl because there are none, Linux-VServer by default uses network isolation
1291935699 M * Bertl i.e. the host has a bunch of IP addresses, and a guest is restricted to a subset of those for binding services to them
1291935721 M * Bertl networking happens on the host, no virtual network stack involved
1291936541 M * vizz ok, but i cant detect the guests interface on the host, i wonder about that
1291936889 M * daniel_hozac run ip a
1291936941 M * Bertl the problem with ifconfig is that it is ancient and should have been replaced by ip (from iproute2) several years ago
1291937033 M * vizz ip works, thanks
1291937124 M * vizz one more question guys :), should i run kernel with grsec patch in the guests, on the host, or both?
1291937143 M * Bertl in the guests will be hard to accomplish :)
1291937161 M * Bertl you are sharing the (host) kernel with the guests
1291937166 M * vizz err
1291937172 M * vizz your r right
1291937204 M * Bertl if you 'like' grsec or 'think' that it improves your guest/host security ... go for it
1291937240 M * vizz i read something about grsec and friends of mine use it with vserver
1291937273 M * vizz i will try later, now i want to migrate a machine
1291937291 M * Bertl you probably also read something about windows and most likely friends of you use it as well, but as I said, your choice :)
1291937298 M * vizz ;)
1291937405 M * Bertl harry puts some time and efford into combining the patches, and folks seem to like them ...
1291937422 Q * ghislain1 Quit: Leaving.
1291938708 Q * DarkUranium Quit: Leaving