1303777775 Q * fisted_ Quit: leaving
1303780099 J * mef ~mef@c-76-124-159-205.hsd1.nj.comcast.net
1303781054 M * Bertl off to bed now ... have a good one everyone!
1303781058 N * Bertl Bertl_zZ
1303781070 M * mef sid3windr: a few thousand bucks for what?
1303783360 Q * hparker Quit: Quit
1303786361 Q * jrklein synthon.oftc.net charon.oftc.net
1303786361 Q * Chlorek synthon.oftc.net charon.oftc.net
1303786361 Q * AlexanderS synthon.oftc.net charon.oftc.net
1303786361 Q * nox synthon.oftc.net charon.oftc.net
1303786361 Q * Mr_Smoke synthon.oftc.net charon.oftc.net
1303786361 Q * darkhawk synthon.oftc.net charon.oftc.net
1303786361 Q * arekm synthon.oftc.net charon.oftc.net
1303786361 Q * pmjdebruijn synthon.oftc.net charon.oftc.net
1303786361 Q * eyck_ synthon.oftc.net charon.oftc.net
1303786361 Q * disposable synthon.oftc.net charon.oftc.net
1303786361 Q * LuckyLuke synthon.oftc.net charon.oftc.net
1303786361 Q * zbyniu synthon.oftc.net charon.oftc.net
1303786361 Q * wurtel synthon.oftc.net charon.oftc.net
1303786361 Q * Radiance synthon.oftc.net charon.oftc.net
1303786361 Q * transacid synthon.oftc.net charon.oftc.net
1303786361 Q * julius synthon.oftc.net charon.oftc.net
1303786361 Q * Hunger synthon.oftc.net charon.oftc.net
1303786361 Q * DLange synthon.oftc.net charon.oftc.net
1303786361 Q * DreamerC synthon.oftc.net charon.oftc.net
1303786361 Q * sid3windr synthon.oftc.net charon.oftc.net
1303786361 Q * tokkee synthon.oftc.net charon.oftc.net
1303786366 J * nox ~nox@nox.user.oftc.net
1303786366 J * Mr_Smoke smokey@layla.lecoyote.org
1303786366 J * darkhawk ~darkhawk@shell.offlinehoster.de
1303786366 J * arekm arekm@carme.pld-linux.org
1303786366 J * pmjdebruijn ~pascal@overlord.pcode.nl
1303786366 J * eyck_ ~eyck@77.79.198.68
1303786366 J * disposable disposable@blackhole.sk
1303786366 J * LuckyLuke ~luca@host65-83-static.228-95-b.business.telecomitalia.it
1303786366 J * zbyniu ~zbyniu@ip-62.181.188.13.static.crowley.pl
1303786366 J * wurtel ~paul@gw-office.telegraaf.net
1303786366 J * Radiance ~Radiance@193.16.154.187
1303786366 J * transacid ~transacid@transacid.de
1303786366 J * julius ~julius@217.20.127.15
1303786366 J * Hunger ~Hunger@Hunger.hu
1303786366 J * DLange ~DLange@dlange.user.oftc.net
1303786366 J * DreamerC ~DreamerC@122-116-181-118.HINET-IP.hinet.net
1303786366 J * tokkee tokkee@osprey.tokkee.org
1303786366 J * sid3windr luser@bastard-operator.from-hell.be
1303786423 J * jrklein ~osx@2001:470:1f0f:572::250:160
1303786423 J * Chlorek chlorek@chlorek.com
1303786423 J * AlexanderS ~alex@2001:6f8:1c3c:f76::152:1
1303797354 J * imcsk8 ~ichavero@148.229.9.250
1303797388 Q * ncopa Quit: Leaving
1303797401 J * ncopa ~ncopa@3.203.202.84.customer.cdi.no
1303798213 Q * mef Quit: Leaving.
1303799089 J * mef ~mef@c-76-124-159-205.hsd1.nj.comcast.net
1303799134 Q * mef 
1303800280 J * petzsch ~markus@dslb-088-075-121-090.pools.arcor-ip.net
1303800724 J * mef ~mef@c-76-124-159-205.hsd1.nj.comcast.net
1303800735 J * mef1 ~mef@c-76-124-159-205.hsd1.nj.comcast.net
1303800787 Q * mef1 
1303801083 Q * mef Read error: Operation timed out
1303801357 J * ghislain ~AQUEOS@adsl2.aqueos.com
1303804363 J * Piet ~Piet__@659AABAHN.tor-irc.dnsbl.oftc.net
1303804763 M * sid3windr (for an own mac range)
1303805079 Q * imcsk8 Quit: This computer has gone to sleep
1303807388 Q * Piet Quit: Piet
1303809628 J * BenG ~bengreen@cpc12-aztw24-2-0-cust146.aztw.cable.virginmedia.com
1303812485 J * Piet ~Piet__@659AABALH.tor-irc.dnsbl.oftc.net
1303814152 M * ddman anyone knows about pid virtualization in vserver ?
1303814864 N * Bertl_zZ Bertl
1303814871 M * Bertl morning folks!
1303814894 M * Bertl ddman: yes :)
1303815161 M * ddman Bertl, hi
1303815194 M * ddman Bertl, there is a new flag fro 2.6.26 onwards like CLONE_NEWPID
1303815221 M * ddman prior to this 2.6.26 or this clone option how did you implment pid namespace ?
1303815287 M * Bertl correct?
1303815358 M * ddman how does init get pid 1 in a container ?
1303815474 M * Bertl Linux-VServer uses pid isolation for years, and init, if used at all, is virtualized to show pid 1 despite the fact that it actually has a different pid
1303815811 J * SwenTjuln_ ~SwenTjuln@77.111.2.36
1303815898 J * PowerKe ~tom@94-226-105-27.access.telenet.be
1303815922 Q * BenG reticulum.oftc.net kilo.oftc.net
1303815922 Q * derjohn_mob reticulum.oftc.net kilo.oftc.net
1303815922 Q * SwenTjuln reticulum.oftc.net kilo.oftc.net
1303815922 Q * lodan reticulum.oftc.net kilo.oftc.net
1303815922 Q * ignaz reticulum.oftc.net kilo.oftc.net
1303815922 Q * PowerKe_ reticulum.oftc.net kilo.oftc.net
1303815922 Q * C14r reticulum.oftc.net kilo.oftc.net
1303815922 Q * AndrewLee reticulum.oftc.net kilo.oftc.net
1303815922 Q * wibble reticulum.oftc.net kilo.oftc.net
1303815922 N * SwenTjuln_ SwenTjuln
1303815922 J * wibble wibble@vortex.ukshells.co.uk
1303816415 J * C14r ~C14r@mail.cipworx.de
1303816579 J * lodan ~lodan@rb178-1-88-163-25-248.fbx.proxad.net
1303816654 M * ddman Bertl, so you modify proc entry of init ?
1303816666 M * ddman how does tools like ps know that init has pid 1
1303816856 J * derjohn_mob ~aj@p54B0286A.dip.t-dialin.net
1303816925 J * AndrewLee ~andrew@210.240.39.201
1303816950 J * ignaz ~ignaz@85-126-150-194.work.xdsl-line.inode.at
1303817009 J * ViRUS ~mp@p5486615B.dip.t-dialin.net
1303817427 M * Bertl yes, the proc entry as well as any reference to a real guest init are rewritten to '1' and pid 1 is mapped back to the real pid of init running in a guest
1303817672 M * ddman the last one should be running in host ?
1303817708 M * ddman pid 1 is mapped back to read pid in host
1303818232 M * ddman Bertl, ?
1303818284 M * Bertl there is only one real pid which is host wide
1303818510 M * ddman Bertl, so if a process queries it from inside a container you get the mapped pid but in host you get the real pid ?
1303818556 Q * Piet Ping timeout: 480 seconds
1303818580 M * Bertl in the spectator process you get the real pid, the host only sees processes not belonging to a guest (by default)
1303818591 M * Bertl *spectator context*
1303818614 M * ddman i meant host as in "the host in which the guests run "
1303818639 M * Bertl did you actually try Linux-VServer yet?
1303818652 M * ddman Bertl, i have tried openVz
1303818659 M * ddman i thought it is similar
1303818704 M * Bertl well, in Linux-VServer we have a 'host context' with the id=0, a 'spectator context' with the id=1 and a number of guest contexts
1303818718 M * Bertl the host context only sees processes not tagged in any way
1303818740 M * Bertl each guest context only sees processes tagged with the guest context id
1303818749 M * Bertl and the spectator context sees everything
1303819000 M * ddman Bertl, thanks
1303819001 P * ddman Leaving
1303820101 J * derjohn_foo ~aj@p54B01BC9.dip.t-dialin.net
1303820505 Q * derjohn_mob Ping timeout: 480 seconds
1303821336 J * Piet ~Piet__@659AABAS8.tor-irc.dnsbl.oftc.net
1303821873 Q * petzsch Quit: Leaving.
1303825241 J * petzsch ~markus@dslb-088-075-121-090.pools.arcor-ip.net
1303827650 J * hparker ~hparker@2001:470:1f0f:32c:beae:c5ff:fe01:b647
1303827921 Q * Chlorek Ping timeout: 480 seconds
1303829281 J * dowdle ~dowdle@scott.coe.montana.edu
1303829851 Q * derjohn_foo Ping timeout: 480 seconds
1303830009 M * Bertl off to grab some groceries, bbl 
1303830098 N * Bertl Bertl_oO
1303832784 J * Inufash ~Imadi@28IAAA8SD.tor-irc.dnsbl.oftc.net
1303832889 J * derjohn_foo ~aj@ip-81-210-228-18.unitymediagroup.de
1303832961 J * harobed ~harobed@pda57-1-82-231-115-1.fbx.proxad.net
1303833938 J * bonbons ~bonbons@2001:960:7ab:0:9555:7b3e:a5cc:36cb
1303834041 N * Bertl_oO Bertl
1303834196 Q * harobed Ping timeout: 480 seconds
1303834696 J * imcsk8 ~ichavero@148.229.9.250
1303835146 J * thewanderer1 ~thewander@cwx253.internetdsl.tpnet.pl
1303835208 M * thewanderer1 I like the grsec integration, something that's beyond OVZ
1303835237 M * Bertl so, the question was: what does it currently add to the standard cgroups/namespaces LXC stuff?
1303835245 M * Bertl (where it is Linux-VServer)
1303835288 M * Bertl well, first, we have the known userspace/kernel interface, i.e. userspace tools (mostly util-vserver) work with that
1303835308 M * thewanderer1 now it's a wrapper around cgroups and namespaces, right?
1303835323 M * Bertl we also provide a lot of isolation features which are more efficient than the virtualization usually used in mainline
1303835342 M * Bertl for example IP isolation in addition to network namespaces, or process isolation
1303835377 M * thewanderer1 that supposedly works with network namespaces and veth and with PID namespaces
1303835384 Q * Inufash Quit: Leaving
1303835387 M * thewanderer1 or is there more to it?
1303835398 M * Bertl not really, as for example network namespaces add a complete virtual network stack
1303835406 M * Bertl so each packet traverses two stacks
1303835417 M * Bertl where with IP isolation, there is only a single stack
1303835457 M * thewanderer1 like venet?
1303835479 M * Bertl like that, although the implementation is simpler and less error prone :)
1303835492 M * thewanderer1 yeah, seen a mess every now and then with venet :P
1303835494 M * Bertl for the pid space, we also allow guests without init process
1303835515 M * Bertl i.e. you can build a guest out of a single service
1303835535 M * Bertl which increases scalability for small systems and large number of guests
1303835542 M * thewanderer1 yes, sounds like lxc-exec
1303835583 M * thewanderer1 how's chroot handled? pivot_root?
1303835601 M * Bertl yep
1303835621 M * Bertl and regarding lxc-exec, similar, but without the lxc-init
1303835639 M * thewanderer1 there used to be some filesystem "labeling" stuff, right?
1303835658 M * thewanderer1 or did it crawl to my mind from another, similar project? :P
1303835665 M * Bertl correct, unification is probably one of the main features not present in mainline/lxc
1303835693 M * Bertl it allows you to share binaries, libraries and in general files between several guests
1303835720 M * Bertl reducing the disk and memory footprint and increasing the overall performance drastically
1303835730 M * Bertl (if you have reasonably similar guests, that is)
1303835826 M * thewanderer1 and is it possible to mount cgroup on a Vserver system? cause last time I checked, it was a major headache for LXC guys where it was possible to 'break out' of a container by mounting cgroups inside (if you had CAP_SYS_ADMIN ofc)
1303835852 M * thewanderer1 but on OpenVZ 2.6.32, for instance, one can't mount cgroup, as if it's not compiled in :P
1303835865 M * Bertl heh, lol
1303835899 M * Bertl well, cgroups inside guests (i.e. within other cgroups) work to some extend (i.e. where cgroups permit hierarchical structures)
1303835905 M * Bertl (not all of them do yet)
1303835909 M * thewanderer1 that's nice
1303835917 Q * LuckyLuke Remote host closed the connection
1303835944 M * dowdle Bertl: Here's a somewhat loaded, vague question... how done is LXC?  I guess that assumes some value of "done" that varies from person to person.
1303835958 M * Bertl the isolation contexts do not support nesting yet, and probably never will (the cases where it makes sense are very rare)
1303835975 J * LuckyLuke ~luca@host65-83-static.228-95-b.business.telecomitalia.it
1303835976 M * Bertl dowdle: according to the LXC folks, it's complete
1303835980 M * dowdle I will be attending both the LXC and the Linux-VServer presentations at LinuxFest Northwest this weenend.
1303835992 M * thewanderer1 hehe, "complete" doesn't mean "does isolation properly" :P
1303836002 M * Bertl according to everybody who used it yet, it's still very raw and unuseable for professional stuff
1303836003 M * dowdle Bertl: Does syslog work inside of an LXC container?
1303836012 M * thewanderer1 so the next thing I'm doing when I manage to launch UML with grsec inside a KVM-guest with grsec within an openvz host is running Vserver in that UML
1303836040 M * dowdle thewanderer1: Are you going to be doing that while you are riding a unicycle?
1303836048 M * Bertl dowdle: 'they' say it does, but I haven't managed to figure out how they virtualize the console (yet)
1303836050 M * thewanderer1 no, but do you have a good rhyme to INCEPTION?
1303836094 M * thewanderer1 Bertl: for me, the console's been mostly "omg why doesn't it work?" :P
1303836104 M * dowdle thewanderer1: If you use the Adam Sandler Cajun "tion" you can make any word ending in "tion" rhyme.  Like virtualization.
1303836144 M * Bertl thewanderer1: while it is mostly lack of configuration and/or knowledge :)
1303836144 Q * imcsk8 Quit: This computer has gone to sleep
1303836175 M * thewanderer1 Bertl: sure, but there's a reason why IBM posted the "securing LXC cookbook" :P
1303836176 M * Bertl i.e. a friend of mine has the 'guest' consoles on (C-A-)F5-F12
1303836195 M * thewanderer1 it's device cgroup
1303836210 M * Bertl not even necessary in a Linux-VServer guest
1303836227 M * thewanderer1 yes, "entering" LXC is notably hard
1303836584 M * fback good evening :)
1303836831 Q * ViRUS Ping timeout: 480 seconds
1303837404 J * ViRUS ~mp@p54B2ADB0.dip.t-dialin.net
1303839658 J * imcsk8 ~ichavero@nat.ti.uach.mx
1303839661 Q * Piet Ping timeout: 480 seconds
1303839793 J * Chlorek ~chlorek@chlorek.com
1303840250 J * Piet ~Piet__@659AABA5F.tor-irc.dnsbl.oftc.net
1303841962 J * hijacker_ ~hijacker@87-126-142-51.btc-net.bg
1303842051 M * karasz official patch for 2.6.35.12 anytime soon?
1303842750 J * manana ~mayday090@84.17.25.149
1303842839 M * Bertl do you need one?
1303842874 M * karasz since .35 is so called long time support it might prove handy.
1303842901 M * Bertl only if you need one, no? :)
1303842907 M * karasz true
1303842933 M * karasz yes please, if it is not a too big hassle i would like on eif possible.
1303843141 M * Bertl okay, you can have the vs2.3.0.36.33 really quick, or an updated version incorporating newer fixes as far as applicable to the old 2.6.35 a little later
1303843179 M * karasz if i might chose (thx) i would wait for the updated version
1303843202 M * karasz thx in advance.
1303843274 M * Bertl no problem, will happen a little later tonight I guess, i.e. should be uploaded tomorrow
1303843296 M * karasz tomorrow is quite fine
1303843991 Q * Piet Ping timeout: 480 seconds
1303844180 N * ensc Guest3294
1303844190 J * ensc ~irc-ensc@p5DF2C307.dip.t-dialin.net
1303844340 M * AlexanderS hi, is there a preferred way to shutdown all running vservers on host shutdown?
1303844389 M * AlexanderS especially those, that are not marked with default, so vserver-default does not catch it?
1303844456 M * Bertl well, you can mark them with other markings (besides default) and use a similar script (it is rather generic actually) to shut them down
1303844552 M * AlexanderS they are maybe started on demand manually without marking, but it is essential to shut them down propperly...
1303844568 J * Piet ~Piet__@659AABA8O.tor-irc.dnsbl.oftc.net
1303844597 Q * Guest3294 Ping timeout: 480 seconds
1303844609 M * Bertl check the script (vserver-default) you can generalize that to shut down any guests left as well, I don't think util-vserver does this kind of cleanup by default
1303844916 Q * derjohn_foo Read error: Operation timed out
1303846878 Q * manana Remote host closed the connection
1303846895 J * harobed ~harobed@arl57-1-82-231-110-14.fbx.proxad.net
1303846943 Q * Piet Quit: Piet
1303848878 Q * petzsch Quit: Leaving.
1303850360 Q * bonbons Quit: Leaving
1303850524 M * daniel_hozac it does
1303850531 M * daniel_hozac the util-vserver initscript will stop any running script.
1303850651 M * Bertl s/script/guest/?
1303850659 M * daniel_hozac hehe, yes :)
1303850681 M * Bertl ah, great, so that's already been taken care of then ... good to know
1303850706 M * Bertl AlexanderS: so no problem there
1303851711 Q * harobed Ping timeout: 480 seconds
1303852126 Q * hijacker_ Quit: Leaving
1303853235 Q * puck Quit: Coyote finally caught me
1303853747 J * puck ~puck@leibniz.catalyst.net.nz
1303855264 J * ichavero_ ~ichavero@189.155.246.230
1303855296 Q * ghislain Quit: Leaving.
1303855892 J * ichavero__ ~ichavero@189.155.111.175
1303856139 Q * puck Quit: Coyote finally caught me
1303856270 Q * ichavero_ Ping timeout: 480 seconds
1303856396 Q * ichavero__ Quit: This computer has gone to sleep
1303856559 J * puck ~puck@leibniz.catalyst.net.nz
1303862214 Q * dowdle Remote host closed the connection