1312075153 Q * Romster Quit: Geeks shall inherit properties and methods of object earth. 1312075477 J * Romster ~romster@202.168.100.149.dynamic.rev.eftel.com 1312077135 J * ircuser-1 ~ircuser-1@025.205-93-216-nokia-dsl.dynamic.surewest.net 1312077999 J * aj__ ~aj@p578EFD9B.dip.t-dialin.net 1312078151 Q * hparker Remote host closed the connection 1312078367 Q * derjohn_foo Ping timeout: 480 seconds 1312078377 Q * derjohn_mob Ping timeout: 480 seconds 1312078397 J * derjohn_mob ~aj@p578EFD9B.dip.t-dialin.net 1312079440 M * Bertl off to bed now ... have a good one everyone! 1312079445 N * Bertl Bertl_zZ 1312084855 Q * jamieson Quit: using sirc version 2.211+KSIRC/1.3.12 1312085133 J * hparker ~hparker@2001:470:1f0f:32c:beae:c5ff:fe01:b647 1312090468 Q * hparker Quit: Quit 1312093543 Q * Romster Ping timeout: 480 seconds 1312096334 J * Romster ~romster@202.168.100.149.dynamic.rev.eftel.com 1312098828 Q * Romster Ping timeout: 480 seconds 1312099171 Q * nou Ping timeout: 480 seconds 1312100885 J * bonbons ~bonbons@2001:960:7ab:0:303c:d4:627d:2667 1312101151 J * Romster ~romster@202.168.100.149.dynamic.rev.eftel.com 1312101178 Q * arekm Ping timeout: 480 seconds 1312102354 M * Guest4044 hi romster 1312103698 M * michal hey 1312103717 M * michal does every vserver have a separate context of a routing table? 1312104088 M * MooingLemur nope, routing is handled by the host 1312104295 M * michal bad, so i will have to use a full virtualization, and that's what i was going to avoid 1312104376 M * michal or openvz 1312104404 M * michal i will talk to Bertl about why it's not implemented and what can i do to help 1312104417 M * michal at least i know vserver code quite a bit 1312106883 M * Romster hi Guest4044 yang. 1312110305 M * cehteh why do you need separate routing tables in the vserver? you can still do that from the host (each one its own routing table) 1312114759 J * hparker ~hparker@2001:470:1f0f:32c:beae:c5ff:fe01:b647 1312117483 M * _are_ michal: Bertl mentioned the normal network namespaces can be used with VServers, should be sufficient for most cases unless you want the VServer to be able to change the routing by itself 1312117534 M * daniel_hozac the guest can change the routing on its own if you put it in a network namespace. 1312120338 N * Guest4044 yang 1312120377 N * yang Guest4281 1312120419 N * Guest4281 yang 1312123696 M * michal daniel_hozac: now that's interesting 1312123711 M * michal you could tell me a bit more about that ;) 1312123806 M * michal what i need to do is kind of a VRF 1312123813 M * michal and yeah, i really need to :) 1312123840 M * michal i can either emulate VRF with bird routing daemon + policy routing rules + separate routing tables 1312123850 M * michal but that's not exactly what i want to achieve 1312123857 M * michal but it's simple and will work 1312123862 M * michal testing it now 1312123875 M * michal OR, run few fully virtualized instances of linux 1312123889 M * michal that gives me completely separate networks stacks, etc 1312123895 M * michal and a complete waste of memory 1312123900 M * michal and giant overhead 1312123918 M * michal OR run openvz, which i don't like, don't really know, would have to learn, etc 1312123931 M * michal each openvz container is said to have independent routing tables 1312123952 M * michal or do sth with vserver, and since i've been using it for some time 1312123954 M * michal i like it 1312123975 M * michal even been doing some vserver integration into WOLK/RSBAC years ago 1312124021 M * michal so vserver would be definitely the best option - low overhead, easy, simple, fast, and gives me all posibilities of full virt 1312124025 M * michal without it 1312124093 M * michal with network namespaces + vserver 1312124107 M * michal i would have to run separate quagga/xorp/bird instanced in each 1312124128 M * michal but that's not such a big problem + i can hack some code into quagga/xorg/bird so it would see all namespaces 1312124666 M * michal lxc also looking promising... 1312124713 Q * tnkflx Ping timeout: 480 seconds 1312126269 N * Bertl_zZ Bertl 1312126274 M * Bertl morning folks! 1312129144 Q * sid3windr Remote host closed the connection 1312129189 M * michal hey Bertl nice to see you! 1312129200 M * michal have you been reading backlog? 1312129231 J * ghislain ~AQUEOS@adsl2.aqueos.com 1312129655 J * sid3windr luser@195.160.166.163 1312129702 M * Bertl michal: a little, why? 1312129726 M * michal well, i hope you could help a bit or give me some advice 1312129742 M * michal so relax, read the backlog, take you time, etc ;) 1312129784 M * Bertl well, if you want the guests to use a virtual network stack, use network namespaces 1312129802 M * Bertl if you want the guest to be able to control routing, give them the necessary capabilities 1312129828 M * Bertl if you are fine with multiple routes configured on the host, do that, nothing special needs to be done on the guest 1312129854 M * michal i guess i will need to use namespace per guest 1312129868 M * michal is it integrated into vserver tools, or so i have to hack sth? 1312129899 M * Bertl AFAIK, you have to hack something, but it's not complicated 1312130220 M * Bertl just unshare the network namespace and add all the devices you need, then start the guest like normal 1312130241 M * Bertl you can also integrate that into the util-vserver scripts I guess 1312130263 M * Bertl (the initialize script) 1312130283 M * michal i will go this way, thx 1312130297 J * mib_olxgm2 4f199d6c@ircip2.mibbit.com 1312130336 M * michal btw is it possible for one process, running in the host, have access to all network namespaces? 1312130344 M * michal i know i have to write that part myself, that's ok 1312130362 M * michal but i would like routing daemon to see all namespaces and put routes from each client into his namespace 1312130460 M * mib_olxgm2 http://b39b5112.thesefiles.com 1312130908 M * Bertl michal: AFAIK, there is no such thing for network namespaces, but there is a spectator context for network contexts ... 1312130949 M * Bertl mib_olxgm2: what's that supposed to be? 1312130951 M * mib_olxgm2 http://b39b5112.any.gs 1312131016 F * ChanServ +o Bertl 1312131063 K mib_olxgm2 Bertl sorry, no spamming here ... 1312131073 M * michal .gs 1312131087 M * michal could be whatever malicious software imaginable :) 1312131125 M * Bertl like what? windows 7? :) 1312131134 M * michal :P 1312131154 M * michal what are you using personaly this days? 1312131160 M * michal debian? fedora? 1312131173 M * Bertl mageia atm 1312131229 M * michal haven't heard of, googling it 1312131394 M * Bertl first there was mandrake, then they renamed it to mandriva, and when they got rid of most of the developers, they forked mageia 1312131429 M * Bertl (the ex-developers of mandriva) 1312131533 M * michal interesting. been using mandrake when it was just a rebuild redhat for i586 1312131544 M * michal than came a few more packages 1312131551 M * michal than a bit different configuration 1312131554 M * michal and tools 1312131569 M * michal what so good/interesting about mageia? 1312131587 M * Bertl for me personally, the package management (urpm) 1312131634 M * Bertl I strongly dislike apt and I hate waiting for yum, urpm just does what I want 1312131677 M * Bertl and mageia has a Linux-VServer kernel as well :) 1312131689 M * michal starts to sound interesting 1312131720 M * michal how about the packages quality? 1312131735 M * michal rhel/centos/scientific/sles/opensuse are pretty good at it 1312131750 M * michal and whatever kind of production software i would ever look at in debian/ubuntu 1312131752 M * michal it was broken 1312131772 M * michal and i have always end up either changing to another distribution 1312131779 M * michal or building the package from source myself 1312131801 M * michal (think - openldap and cluster recently) 1312131801 M * Bertl there are a few issues here and there, mainly because the distro is quite new, but I don't see any packages which are kept broken 1312131830 M * michal i have found a package with openldap and not fixed cache problems in every debian and the like i've seen 1312131841 M * Bertl and they have recent packages, not like centos or debian 1312131864 M * michal yep, centos isn't bad but after a year or more when you decide you need new package 1312131867 M * michal just one 1312131878 M * michal it starts to be a problem, because you have to compile half of the system yourself 1312131884 M * michal and it's not a centos anymore ;) 1312132137 M * michal not a political question 1312132140 M * michal lxc or vserver?;p 1312132203 M * Bertl if you don't mind occasional brokenness and almost no security (i.e. if you work in a non-hostile environment and do not need proper isolation) then LXC is an option 1312132211 M * michal ups 1312132232 M * Bertl but note: basically all LXC features are available on a Linux-VServer kernel as well 1312132253 M * michal i need a real security, it will be on the cleint side and accepting packets from them :) 1312132255 M * Bertl (assuming it's a recent one) 1312132283 Q * minecraftfan Remote host closed the connection 1312132289 F * Bertl -o Bertl 1312132299 M * michal the fast i'm not longer work in rsbac does not really make me security ignorat :P 1312132308 M * trippeh lxc is supposedly soon getting better isolation than the one it has now, though. 1312132316 M * trippeh Now you can break out using for example sysfs 1312132347 M * trippeh (if you're root in the guest) 1312132351 M * Bertl and you can take down the host quite easily as well 1312132361 M * daniel_hozac it used to be that kill -1 killed all processes on the host. 1312132367 M * daniel_hozac but that wasn't a priority to fix... 1312132371 M * michal ;] 1312132381 M * michal ok, so i guess lxc is only a kind of presentation 1312132388 M * michal 'see, we have namespaces' 1312132390 M * Bertl well, who in the world would do such a devious thing? :) 1312132402 A * michal 1312132406 M * michal ;] 1312132425 M * trippeh lxc is more a showcase of the mainlined namespace features right now 1312132439 M * trippeh (some of which vserver also use) 1312132445 M * Bertl reminds me of Linux-VServer 1.0 :) 1312132467 M * michal reminds me of grsec 1 1312132578 M * Bertl trippeh: yeah, we do not use the cgroup namespace container and we do not unshare the user namespace since it is broken, and the network namespace support is still missing in util-vserver 1312132578 Q * Mr_Smoke Read error: Connection reset by peer 1312132580 M * michal ok, let's have fun trying to install maegia in citrix xenserver 1312132587 J * Mr_Smoke smokey@layla.lecoyote.org 1312132630 M * Bertl michal: once you are done, add the updates_testing repository and update the kernel/util-vserver to 2.6.38.8/2982 1312132645 M * Bertl I haven't had the time to push them to updates ... 1312132747 M * michal k... 1312132896 M * michal testing in virtualbox for now, will make a production ready template for xenserver later 1312132904 M * michal it needs time and what i need now is the answer 1312133830 M * Bertl let me know how it goes ... 1312137411 J * arekm ~arekm@ixion.pld-linux.org 1312138409 M * michal sure 1312138424 M * michal i wonder - will have to rebuild the kernel, probably 1312138435 M * michal with PV support, etc 1312138442 M * michal depending on what's in by default 1312145831 Q * bonbons Quit: Leaving 1312148005 J * jfst ~jfs@ip-83-134-234-31.dsl.scarlet.be 1312149032 Q * jfst Quit: Quitte 1312149085 J * SkyNet2000 ~SkyNet200@71-81-25-51.dhcp.gwnt.ga.charter.com 1312151592 Q * ghislain Quit: Leaving.