1301962718 J * derjohn_mob aj@88.128.152.41 1301965031 J * fisted ~fisted@p508837D9.dip.t-dialin.net 1301965059 Q * fisted_ Ping timeout: 480 seconds 1301974960 Q * eyck_ Ping timeout: 480 seconds 1301975567 J * eyck ~eyck@77.79.198.67 1301977089 Q * _nono_ Ping timeout: 480 seconds 1301977269 J * BenG ~bengreen@cpc12-aztw24-2-0-cust146.aztw.cable.virginmedia.com 1301977300 Q * BenG 1301977927 J * ichavero_ ~ichavero@148.229.9.250 1301980497 J * _nono_ ~gomes@licencieux.ircam.fr 1301980581 M * Bertl off to bed now ... have a good one everyone! 1301980585 N * Bertl Bertl_zZ 1301983214 Q * FireEgl Read error: Connection reset by peer 1301984143 J * FireEgl FireEgl@Sebastian.Atlantica.US.TO 1301984869 Q * derjohn_mob Ping timeout: 480 seconds 1301985030 J * ghislain ~AQUEOS@adsl2.aqueos.com 1301988008 J * petzsch ~markus@dslb-092-078-238-146.pools.arcor-ip.net 1301988318 Q * harry Ping timeout: 480 seconds 1301990518 J * derjohn_mob ~aj@213.238.45.2 1301991580 Q * manana Ping timeout: 480 seconds 1301993786 M * SwenTjuln hi all 1301993899 M * SwenTjuln if I call iptables from a script while starting guest (ie /etc/vservers//scripts/post-start) is it valid only within network context? 1301993915 M * daniel_hozac network contexts don't separate iptables. 1301993925 M * daniel_hozac network namespaces do. 1301993939 M * daniel_hozac but those aren't currently created until the start process triggers. 1301994048 M * Mr_Smoke Meaning you *can* use iptables inside a guest ? 1301994056 M * daniel_hozac sure 1301994067 M * Mr_Smoke without any special BCAPS that otherwise ruin your privacy ? 1301994071 M * Mr_Smoke I mean other context's 1301994276 M * daniel_hozac you still need CAP_NET_ADMIN 1301994298 M * Mr_Smoke Ah 1301994301 M * Mr_Smoke That's the one 1301994314 M * SwenTjuln daniel_hozac: i want to use DirectRouting for HA 1301994331 M * SwenTjuln like described here: http://www.centos.org/docs/5/html/Virtual_Server_Administration/s2-lvs-direct-iptables-VSA.html 1301994345 N * BobR_oO BobR 1301994416 M * SwenTjuln in need a rule which will work only in relation within given network namespace 1301994454 M * SwenTjuln i really can't distinguish between network context and network namespace 1301994458 M * SwenTjuln :-\ 1301994496 M * daniel_hozac network context is what you get by default. 1301994510 M * daniel_hozac network namespace is the mainline feature that currently has very little util-vserver support. 1301994578 M * daniel_hozac (so you'd definitely know if you had configured it) 1301994650 M * SwenTjuln i see. So if I understand correctly those two will merge eventually? 1301994747 N * BobR BobR_zZ 1301995267 Q * petzsch Quit: Leaving. 1301995609 M * daniel_hozac no 1301995611 M * daniel_hozac never merge 1301995616 M * daniel_hozac completely separate functionalities. 1301995664 M * daniel_hozac for DR, just add --to to the end of the command, and it'll work. 1301995672 M * daniel_hozac (assuming you're using network contexts) 1301995682 M * Wonka but used for the same - virtualized/separated network? 1301995693 M * daniel_hozac one is virtualized, one is isolated. 1301995717 M * daniel_hozac there are even use cases of using both at the same time. 1301995733 M * daniel_hozac which i guess shows that they are not the same :) 1301995765 M * Wonka so one needs both at once to properly isolate guests... 1301995769 J * Fisher ~yw-junwei@222.196.243.23 1301995775 M * daniel_hozac not necessarily. 1301995781 M * Wonka (with "guests" being implicitely virtualized) 1301995781 M * daniel_hozac depends entirely on what you want to achieve. 1301995838 M * Fisher e ha 1301995854 M * Wonka my goal would be to get vservers that can do anything a Xen domU or something like it can do - but only with their own IP addresses (plus multicast/broadcast stuff) 1301995855 M * SwenTjuln daniel_hozac: ty 1301995868 M * daniel_hozac Wonka: so you want a network namespace. 1301995902 M * Wonka and that one properly isolated from the other vservers, only visible to each other like discrete hardware would be 1301995960 M * Fisher hekko 1301996057 M * Fisher hard 1301996065 P * Fisher 1301996151 J * manana ~mayday090@84.17.25.149 1301996868 J * BenG ~bengreen@cpc12-aztw24-2-0-cust146.aztw.cable.virginmedia.com 1301999005 J * petzsch ~markus@dslb-188-103-060-158.pools.arcor-ip.net 1302003184 J * st-16052 ~st-16052@a89-154-147-132.cpe.netcabo.pt 1302003293 Q * st-16052 1302003844 Q * manana Read error: Connection reset by peer 1302003865 Q * BenG Quit: I Leave 1302004197 J * st-16539 ~st-16539@a89-154-147-132.cpe.netcabo.pt 1302004308 Q * st-16539 1302004664 Q * petzsch Quit: Leaving. 1302005419 J * manana ~mayday090@84.17.25.149 1302008559 N * Bertl_zZ Bertl 1302008568 M * Bertl morning folks! 1302009772 J * thierryp ~thierry@zanzibar.inria.fr 1302009824 Q * thierryp Remote host closed the connection 1302010456 M * hijacker afternoon, closer to evening... Bertl 1302011119 M * ghislain it depend where YOUR center of the world is 1302012750 M * Chlorek Bertl: did you saw my strace? 1302013168 M * Bertl yep, but it looks more like you have some additional security in place than anything else 1302013186 M * Chlorek mhm 1302013195 M * Bertl as I said, a --debug run on the old 'working' kernel and the 'new' one would be a good start 1302013244 M * Chlorek I can't at this moment 1302013429 M * Chlorek but you're right 1302013447 M * Chlorek kernel.grsecurity.chroot_deny_fchdir switched to 0 solved problem 1302013479 M * Bertl well, there you go, self inflicted :) 1302013536 M * daniel_hozac IIRC all chroot options need to be disabled... 1302013548 M * Chlorek yes but strange that it worked before 1302013586 M * daniel_hozac you most likely didn't configure it the same 1302015717 M * Bertl need a nap now ... bbl 1302015734 N * Bertl Bertl_zZ 1302015820 Q * ncopa Quit: Leaving 1302018459 J * eja ~user@75.110.195.31 1302018481 M * eja hello, anyone know if postgresql 8.4 works inside a vserver guest? 1302019452 J * bonbons ~bonbons@2001:960:7ab:0:557b:4c7d:6375:c4a7 1302019506 Q * ichavero_ Quit: This computer has gone to sleep 1302020808 J * petzsch ~markus@dslb-188-103-060-158.pools.arcor-ip.net 1302021816 M * mnemoc eja: yes, it does work 1302021820 J * thierryp ~thierry@zanzibar.inria.fr 1302021896 M * eja is it possible to have a unique localhost for each guest? seems lots of programs try to listen on localhost 1302021912 M * mnemoc eja: yes 1302022316 M * eja i'm not finding much documentation on how to achieve that 1302022494 Q * thierryp Remote host closed the connection 1302022837 J * hijacker_ ~hijacker@87-126-142-51.btc-net.bg 1302023224 Q * derjohn_mob Ping timeout: 480 seconds 1302028721 Q * kwowt 1302029064 N * Bertl_zZ Bertl 1302029074 M * Bertl eja: what's you kernel/patch version? 1302029300 M * Bertl *your 1302029818 N * ensc Guest758 1302029828 J * ensc ~irc-ensc@p5DF2CF5D.dip.t-dialin.net 1302030239 Q * Guest758 Ping timeout: 480 seconds 1302032732 M * eja Bertl: i'm running 2.6.34-vs2.3.0.36.30.4.pre6-custom 1302032843 M * Bertl that has lback (loopback) remapping by default on, but usually, unless you changed it, single_ip special casing as well 1302032865 M * Bertl so, you probably want to put ~single_ip in the nflags for guests with one IP 1302033171 M * eja should i see an additional loopback 127.x.y.1 ip on the host? 1302033244 M * Bertl nope 1302033258 M * Bertl just inside the guest you'll see 'lo' and 127.0.0.1 1302033332 M * eja i do see a lo inside the guest so it must be working? 1302033348 M * Bertl probably, you can ping it and tcpdump on the host 1302033357 M * Bertl there you'll see the 127.x.y.1 1302033556 M * eja also, what syslog daemon would you recommend? i've been using sysklogd but it hangs forever upon starting in the guest. 1302033721 M * Bertl klogd is the kernel logger, you don't want that inside the guest 1302033748 M * Bertl well, you can enable the dummy kmesg interface and log absolutely nothing inside the guest :) 1302033768 M * Bertl but usually it's simpler to disable the klogd and just use a syslogd 1302034093 Q * FireEgl Remote host closed the connection 1302034427 Q * petzsch Quit: Leaving. 1302034504 M * eja yup that's what happened... syslogd is running but it was trying to run klogd as well. 1302035256 Q * manana Remote host closed the connection 1302035498 M * eja can i refer to a vserver by its context ID when trying to stop it? 1302035620 Q * bonbons Quit: Leaving 1302036751 Q * hijacker_ Quit: Leaving 1302037989 J * derjohn_mob ~aj@c135080.adsl.hansenet.de 1302038083 M * Bertl eja: should work, but I've never done so :) 1302038171 M * eja so if i enter a vserver and then type exit it will kill the vserver. but logout won't? 1302038603 M * Bertl no 1302038617 M * Bertl the guest will not be 'killed' at any time 1302038639 M * Bertl the guest or better the context stays alive till the last process inside the context dies 1302038664 M * Bertl and you can even make the context persistant, so that it will outlive any process 1302039459 Q * derjohn_mob Ping timeout: 480 seconds 1302039461 M * eja that makes more sense. 1302041055 J * derjohn_mob ~aj@c135080.adsl.hansenet.de 1302041612 J * FireEgl ~FireEgl@Sebastian.Atlantica.US.TO 1302042675 Q * FireEgl Remote host closed the connection 1302042710 J * FireEgl ~FireEgl@173-16-9-3.client.mchsi.com 1302047769 Q * imcsk8 Quit: Leaving