1303690380 Q * bonbons Quit: Leaving
1303697674 M * Bertl off to bed now ... have a good one everyone!
1303697679 N * Bertl Bertl_zZ
1303700218 Q * ktwilight__ Read error: Connection reset by peer
1303700248 J * ktwilight__ ~keliew@91.176.180.223
1303706047 J * ddman ~deadman@zswa01cs005-da01.atlanta.hp.com
1303706154 M * ddman  how does vserver implements the pid namespace feature before the CLONE_NEWPID in kernel ?
1303712574 J * fisted_ ~fisted@p50884514.dip.t-dialin.net
1303712782 Q * fisted Ping timeout: 480 seconds
1303714726 J * ghislain ~AQUEOS@adsl2.aqueos.com
1303718084 J * Walex ~Walex@o1.phyip3.dur.ac.uk
1303720259 Q * Walex Remote host closed the connection
1303720370 J * bonbons ~bonbons@2001:960:7ab:0:641e:9862:e0c0:2bc6
1303722461 J * kir ~kir@swsoft-msk-nat.sw.ru
1303722465 P * kir 
1303725092 J * ncopa ~ncopa@3.203.202.84.customer.cdi.no
1303727127 J * kir ~kir@swsoft-msk-nat.sw.ru
1303728403 P * kir Leaving.
1303729311 Q * imcsk8 Quit: This computer has gone to sleep
1303729316 Q * derjohn_mob Ping timeout: 480 seconds
1303729351 J * imcsk8 ~ichavero@148.229.9.250
1303731191 Q * ktwilight__ Remote host closed the connection
1303731629 N * Bertl_zZ Bertl
1303731643 M * Bertl morning folks!
1303731675 M * Bertl ddman: Linux-VServer uses pid isolation combined with initpid virtualization
1303732559 M * Bertl off for now ... bbl
1303732563 N * Bertl Bertl_oO
1303737874 N * Bertl_oO Bertl
1303740202 M * Bertl off for now ... bbl
1303740208 N * Bertl Bertl_oO
1303741577 N * BobR_zZ BobR_oO
1303742479 J * BenG ~bengreen@cpc12-aztw24-2-0-cust146.aztw.cable.virginmedia.com
1303743291 J * dowdle ~dowdle@scott.coe.montana.edu
1303744483 J * derjohn_mob ~aj@13.Red-83-49-185.dynamicIP.rima-tde.net
1303745261 J * ddman34_ ~ddman34@59.164.103.79
1303745270 P * ddman34_ 
1303745388 Q * BenG Quit: I Leave
1303746285 M * ensc which capabilities have I to set that 'cap_set_file(3)' works in a vserver?  0xfffffffff in ccapabilities gives -EPERM
1303746288 M * ensc setxattr("/var/tmp/x", "security.capability", "\x00\x00\x00\x02\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 20, 0) = -1 EPERM (Operation not permitted)
1303746445 Q * derjohn_mob Ping timeout: 480 seconds
1303751546 J * mef ~mef@173-15-128-90-BusName-Philadelphia.hfc.comcastbusiness.net
1303754324 M * mef It is great to see so many people on this irc channel.
1303754360 M * mef I used to be involved, but got a bit distracted.
1303756590 J * Piet ~Piet__@82VAABAXZ.tor-irc.dnsbl.oftc.net
1303756681 M * mef What's the status of IPv6 support? Are folks using it in production?
1303756688 M * mef production settings that is.
1303756883 J * petzsch ~markus@dslb-092-078-117-192.pools.arcor-ip.net
1303757179 M * arekm mostly works, less tested than ipv4, no support for modular ipv6
1303757779 N * ensc Guest3151
1303757789 J * ensc ~irc-ensc@p5DF2C67D.dip.t-dialin.net
1303758197 Q * Guest3151 Ping timeout: 480 seconds
1303758735 M * mef what do you mean by "modular ipv6"?
1303758817 M * mef arekm: thanks for the response.
1303758847 M * arekm ipv6 in module
1303758889 M * arekm there is no loopback mapping for ipv6 if I remember correctly, too (which sucks)
1303758984 M * mef got it… 
1303758999 M * mef so you are not sure whether the right thing happens when IPv6 is compiled as a module.
1303759297 M * arekm I'm sure that it is not possible to build ipv6 as module with vserver.
1303759318 M * mef oh ok.
1303759325 M * mef then I don't understand your above answer.
1303759329 M * mef you said "ipv6 in module"
1303759335 M * mef what did you mean by that?
1303759410 M * sid3windr ipv6 as a module
1303759422 M * sid3windr (kernel module)
1303759547 M * mef sorry for being so dense… so it is possible to compiler IPv6 as a kernel module, but it is not possible to make this work with vserver.
1303759572 M * sid3windr exactly
1303759888 M * fback mef: you will not be able to select it as a module when you patch the kernel with vserver patch
1303759962 M * fback mef: and it works quite well if you can live without separated ::1 with simple case uses (eg single /48 network)
1303760061 M * mef Any reason ::1 loopback support is not available?
1303760078 M * mef Is it just lack of engineering time or is there a fundamental problem?
1303760103 M * fback it is available, but not isolated
1303760673 M * Bertl_oO mef: somebody wanted to sponsor ipv6 lback isolation, but it never happened (the sponsoring :)
1303760761 M * Bertl_oO and regarding modular ipv6, except for distros there is no point in having that, but it was already done some time ago
1303760941 M * Bertl_oO ensc: I don't have a cap_set_file() on my system, what does it do?
1303760975 M * ensc Bertl_oO: next fedora 15; it replaces setuid with posix file capabilities
1303760988 M * Bertl_oO okay, what is the syscall called?
1303760989 M * ensc cli utiltiies is named setcap
1303760998 M * ensc setxattr
1303761028 M * ensc I had to give FCAP bcapability to vserver to make rpm extraction work
1303761061 M * Bertl_oO hmm, setxattr should be fine with ccap FS_SECURITY
1303761084 M * ensc and PCAP is probably required to make it work
1303761091 M * ensc FS_SECURITY does not suffice
1303761118 M * Bertl_oO the problem I see is that if you allow arbitrary posix caps, you basically disable the guest limitations
1303761133 M * Bertl_oO i.e. it needs to apply the masking at least
1303761148 M * mef Bertl_oO: LOL
1303761181 M * ensc Bertl_oO: yes; I think this too
1303761204 M * mef Bertl_oO: what is left to finish off IPv6 in your opinion?
1303761216 M * Bertl_oO ensc: I'll have a look at it when I find some time, shouldn't be too hard to add
1303761225 M * ensc Bertl_oO: thx
1303761242 M * Bertl_oO mef: besides testing, the ipv6 loopback isolation is the last piece IMHO
1303761276 M * mef I see… but if one doesnt' care about isolating ::1, then it basically is done?
1303761289 M * mef Or one can start with ::1 as is
1303761295 M * Bertl_oO as I said, modular ipv6 is something for distros, so if a distro stands up and either adds it or sponsors the development, it's a feature to add and test
1303761319 M * mef there is that word again: modular ipv6
1303761348 M * Bertl_oO just means 'the ability to build ipv6 as loadable module'
1303761359 M * mef ok… don't need that.
1303761370 M * Bertl_oO it's not a correct term, but it came up eventually and it stuck
1303761378 M * mef but working ::1 seems essential
1303761392 M * Bertl_oO well, it's working, just not isolated
1303761405 M * mef are you supporting auto configuration of a IPv6 per vserver?
1303761425 M * Bertl_oO nope, but that would be userspace
1303761431 M * mef right
1303761440 M * mef daniel_hozac built that once for planetlab
1303761454 M * Bertl_oO so then it might be already available :)
1303761502 M * mef we have not used it much because we just never really got onto the ipv6 bandwagon.
1303761503 M * mef http://git.planet-lab.org/?p=util-vserver-pl.git;a=blob;f=src/vip6-autod.c;h=ab03cf5777e40420bf8f09bd1e7ce01b533090d1;hb=HEAD
1303761564 M * mef and it makes a nasty little assumption that it is ok to overload the FF:FE bits in the lower 64 bits of an autoconfigured IPv6 address.
1303761623 M * mef Not sure that is a valid assumption.  It sure would be better if one could do something like what VMware or Xen does—they have their own ether mac prefix.
1303761819 M * sid3windr for only a few thousand bucks that could be yours to buy for vserver ;>
1303762386 J * manana ~mayday090@84.17.25.149
1303762572 Q * cuba33ci Read error: Connection reset by peer
1303762649 J * cuba33ci ~cuba33ci@111-240-171-181.dynamic.hinet.net
1303765636 Q * manana Remote host closed the connection
1303766021 Q * bonbons Quit: Leaving
1303766999 Q * petzsch Quit: Leaving.
1303767730 Q * imcsk8 Quit: This computer has gone to sleep
1303767971 Q * Piet Quit: Piet
1303770688 Q * mef Ping timeout: 480 seconds
1303772166 Q * dowdle Remote host closed the connection
1303772375 Q * ghislain Quit: Leaving.
1303772536 J * derjohn_mob ~aj@p54B0286A.dip.t-dialin.net
1303772925 N * Bertl_oO Bertl