1319241903 Q * dowdle Remote host closed the connection
1319243665 Q * bonbons Quit: Leaving
1319247454 Q * daniel_hozac Ping timeout: 480 seconds
1319247637 M * Bertl_oO off to bed now .. have a good night everyone!
1319247644 N * Bertl_oO Bertl_zZ
1319248353 Q * WMP Quit: ZNC - http://znc.in
1319248358 J * WMP ~oftc@auburn.sored.pl
1319248937 J * treaki_ ~treaki@p5B033AA9.dip.t-dialin.net
1319249194 Q * treaki Ping timeout: 480 seconds
1319249665 J * daniel_hozac ~daniel@c-f33671d5.08-230-73746f22.cust.bredbandsbolaget.se
1319251695 J * chrissbx ~chrissbx@69-196-180-202.dsl.teksavvy.com
1319252545 Q * hparker Quit: Quit
1319260394 J * oftc ~oftc@auburn.sored.pl
1319260397 Q * WMP Read error: Connection reset by peer
1319260397 N * oftc WMP
1319260524 Q * fisted Read error: Operation timed out
1319260789 J * fisted ~fisted@xdsl-87-78-212-153.netcologne.de
1319262049 Q * matti Ping timeout: 480 seconds
1319262076 J * matti matti@acrux.romke.net
1319262432 J * sannes1 ~ace@cm-84.209.106.118.getinternet.no
1319265412 J * ghislain ~AQUEOS@adsl2.aqueos.com
1319268438 M * ghislain Bertl_oO: before i got file not found, this is recently that we have permission denied instead. Why such a change ?
1319272064 N * Bertl_zZ Bertl
1319272069 M * Bertl morning folks!
1319272117 M * Bertl ghislain: that was caused by a mainline change
1319272557 M * Bertl off for now .. bbl 
1319272562 N * Bertl Bertl_oO
1319272622 J * bonbons ~bonbons@2001:960:7ab:0:21b4:8680:77af:a5c4
1319275548 Q * jeroen__ Ping timeout: 480 seconds
1319276194 J * jeroen__ ~jeroen@095-097-051-172.static.chello.nl
1319277571 J * mike mike@no.phear.eu
1319277768 Q * nicholi Ping timeout: 480 seconds
1319278880 J * hparker ~hparker@2001:470:1f0f:32c:beae:c5ff:fe01:b647
1319281785 J * nicholi ~nicholi@rrcs-76-79-196-34.west.biz.rr.com
1319285255 Q * Aiken Remote host closed the connection
1319287944 J * Chris59 KissFm@188.208.35.62
1319287966 Q * Chris59 
1319289841 M * Bertl_oO off for a nap ... bbl
1319289845 N * Bertl_oO Bertl_zZ
1319291238 Q * chrissbx Ping timeout: 480 seconds
1319292946 Q * guerby Ping timeout: 480 seconds
1319293446 N * Bertl_zZ Bertl_oO
1319296339 Q * FireEgl Ping timeout: 480 seconds
1319302053 M * arekm Bertl_oO: you have capability knowledge, so maybe you could help?
1319302150 M * arekm Bertl_oO: http://pastebin.com/diVp5mCz
1319302258 M * Bertl_oO permission denied sounds like permission denied :)
1319302282 M * Bertl_oO i.e. either the unix permissions, or the acls or the tagging (if Linux-VServer enabled kernel) forbid the access
1319302314 M * arekm Bertl_oO: it's on host (yes, vserver is enabled here)
1319302319 M * arekm trying on vanilla kernel now
1319302329 M * Bertl_oO uid/gid seem to be 271
1319302346 M * arekm yes, "bird" user and "bird" group, 271/271
1319302368 M * Bertl_oO so, why should it be able to access a file owned by root.root
1319302379 M * Bertl_oO with only permissions for user/group?
1319302408 M * arekm no idea, but somehow it works as you see in that strace
1319302443 M * arekm what's more important it works also on vanilla
1319302449 M * Bertl_oO hmm? it doesn't work, it fails as far as I can see
1319302459 M * arekm there are two straces there
1319302483 M * arekm first strace is when bird daemon boots via init.d/ script
1319302505 M * arekm the second strace is after system starts and I use init.d/ from root via ssh session
1319302527 M * Bertl_oO did you check the file permissions between both runs?
1319302537 Q * hparker Quit: Quit
1319302570 M * Bertl_oO with the shown capabilities, there should be no way to access the file
1319302622 M * Bertl_oO but of course, if the file gets chowned or the permissions become more open, it would be as intended
1319302671 M * arekm there is no owner change. and bird started from ssh session is able to open it fine
1319302753 M * arekm http://pastebin.com/PpLjEQ4a - whole strace on vanilla kernel
1319302770 M * arekm reboot (checking strace at boot on vanilla)
1319302869 M * Bertl_oO ah, wait, that explains it  ... maybe I missed that
1319302879 M * Bertl_oO the prctl(PR_SET_KEEPCAPS, 1)         = 0
1319302896 M * Bertl_oO ensures that capabities are kept over the setresuid
1319302974 M * arekm doesn't explain anything to me
1319302998 M * arekm since both straces are the same (well, addresses are different and "at boot strace" gets permission denied)
1319303018 M * arekm heh, vanilla kernel also produces perm denied at boot
1319303340 M * Bertl_oO well, I presume there is a difference in the capability set 
1319303382 M * Bertl_oO add a script wrapper which saves the /proc/self/status somewhere
1319303407 M * arekm doesn't capget show current capability?
1319303425 M * Bertl_oO I'm pretty sure the capability set on startup will differ from the one you have lateron
1319303488 M * arekm http://pastebin.com/dz7WMtQY - at boot with additional capget
1319303501 M * arekm http://pastebin.com/nijhRLB8 - running system
1319303561 M * arekm 2498  capget(0x20080522, 0, {CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_ADMIN|CAP_NET_RAW, CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_ADMIN|CAP_NET_R
1319303564 M * arekm AW, 0}) = 0
1319303567 M * arekm 2498  getresuid32([271], [271], [271])  = 0
1319303569 M * arekm 2498  getresgid32([271], [271], [271])  = 0
1319303571 M * arekm on both, just before bird.conf is opened
1319304063 M * arekm -Groups:
1319304064 M * arekm +Groups:        0 1 2 3 4 6 10
1319304069 M * arekm that's the difference
1319304088 M * arekm and explains things
1319305147 M * arekm Bertl_oO: didn't realise that calling setuid/setgid doesn't loose additional groups
1319305295 M * Bertl_oO didn't think of that either
1319305695 Q * fisted Read error: Connection reset by peer
1319305858 J * fisted ~fisted@xdsl-87-78-216-204.netcologne.de
1319306685 J * petzsch ~markus@p57B66D3C.dip.t-dialin.net
1319308457 Q * petzsch Ping timeout: 480 seconds
1319310299 J * chrissbx ~chrissbx@69-196-180-202.dsl.teksavvy.com
1319311844 J * hijacker_ ~hijacker@cable-84-43-136-96.mnet.bg
1319311853 Q * hijacker_ 
1319311879 M * chrissbx Hi. I'm looking for a way to display cpu usage of a vserver (remote machine) in my local gnome panel.
1319311987 M * Bertl_oO and with vserver, you mean guest?
1319312000 M * chrissbx Preferably, but just displaying cpu usage of the whole host would be ok, too; I'm more into the "how do I get that info into my gnome panel?"
1319312023 M * Bertl_oO well, via a panel applet :)
1319312041 M * chrissbx Yeah, but never having written one, I'm not eager to research this on my own.
1319312085 M * Bertl_oO you can always hire somebody to do the research for you ..
1319312126 M * chrissbx I'm on my way getting a look into the standard gnome panel cpu applet, but I can't even find which package that resides in (it says System Monitor in about and when clicking says gnome-system-monitor not found, so, fun) 
1319312143 M * chrissbx Sadly I don't have the money for that.
1319312168 J * hijacker_ ~hijacker@cable-84-43-136-96.mnet.bg
1319312168 M * Bertl_oO well, the system monitor works fine here on my disto
1319312187 M * Bertl_oO you can't really use it to monitor remote hosts though
1319312208 M * chrissbx Exactly, so I want to examine its code, but first I have to find the code..
1319312243 M * Bertl_oO rpm -qf `which gnome-system-monitor`
1319312245 M * Bertl_oO gnome-system-monitor-2.28.2-1.mga1.x86_64
1319312247 M * chrissbx (gnome-system-monitor is *not* installed on my system, so the applet is somewhere else)
1319312340 M * Bertl_oO which here is in gnome-system-monitor-2.28.2-1.mga1.src.rpm
1319313023 J * Aiken ~Aiken@2001:44b8:2168:1000:21f:d0ff:fed6:d63f
1319313180 M * chrissbx (Here on Debian it's /usr/lib/gnome-applets/multiload-applet-2 in package gnome-applets)
1319313222 M * Bertl_oO so, find the source for that and you should be fine
1319313242 M * chrissbx Yes, source package is the same name.
1319313713 M * arekm Bertl_oO: see mail from Paweł :)
1319313920 J * petzsch ~markus@p57B66D3C.dip.t-dialin.net
1319314917 Q * hijacker_ Quit: Leaving
1319315208 J * petzsch1 ~markus@p57B66113.dip.t-dialin.net
1319315584 Q * Aiken Quit: Leaving
1319315600 J * Aiken ~Aiken@2001:44b8:2168:1000:21f:d0ff:fed6:d63f
1319315604 Q * petzsch Ping timeout: 480 seconds
1319316837 Q * sannes1 Remote host closed the connection
1319316839 J * guerby ~guerby@nc10d.tetaneutral.net
1319322883 J * FireEgl ~FireEgl@173-16-9-169.client.mchsi.com
1319323122 Q * ircuser-1 Quit: ircuser-1
1319323194 J * ircuser-1 ~ircuser-1@025.205-93-216-nokia-dsl.dynamic.surewest.net
1319323201 Q * petzsch1 Quit: Leaving.
1319324455 Q * bonbons Quit: Leaving
1319325226 M * chrissbx Is there a way to specify different .hash directories for different filesystems? I'd like to use a different filesystem for /usr (unencrypted, vs. the rest being encrypted).
1319325339 M * Bertl_oO yes, see http://www.nongnu.org/util-vserver/doc/conf/configuration.html
1319325558 M * chrissbx What is "id"? Arbitrary? Will it match the correct one for the filesystem in question by matching device ids?
1319325878 M * Bertl_oO arbitrary, just for you to tell the difference
1319325903 M * Bertl_oO it is a link to the filesystem in question
1319325923 M * chrissbx Ok, trying.
1319326359 Q * guerby Ping timeout: 480 seconds
1319327277 M * chrissbx hm, it needs something else, too; I've got /etc/vservers/.defaults/apps/vunify/hash/01 -> /usr/vservers/.hash
1319327309 M * chrissbx and bind mount /usr/vservers/foo to /usr inside my foo vserver, but vserver foo hashify doesn't fill the hash dir.
1319327320 M * Bertl_oO what's the idea behind the .hash in /usr/vservers/.hash ?
1319327353 M * chrissbx Storage place for the hardlinked files under /usr of foo
1319327356 M * Bertl_oO try /etc/vservers/.defaults/apps/vunify/hash/01 -> /usr/vservers
1319327406 M * Bertl_oO hmm, no, actually the one you used should be fine
1319327420 M * chrissbx I think, too, I also did mkdir that .hash dir
1319327424 M * chrissbx I suspect:
1319327425 M * Bertl_oO is there something to hashify on that filesystem?
1319327450 M * chrissbx  /etc/vservers/foo/apps/vunify -> /var/lib/vservers/.hash
1319327455 M * Bertl_oO i.e. do you have files which are shared? does vhashify already work on the main dir?
1319327493 M * chrissbx   ^ this might be it? This worked in the "only one .hash for everything" case, but that doesn't seem to fit with the multiple fs logic.
1319327503 M * chrissbx I'm using /usr for the host, too.
1319327507 M * Bertl_oO it looks wrong
1319327522 M * Bertl_oO the vunfiy -> ..../.hash
1319327550 M * chrissbx Like, /usr/{sbin,bin,games,local,...} is for the host, /usr/vserver/{foo,.hash} is for the vserver usage.
1319327586 M * Bertl_oO yeah, but /etc/vservers/vserver-name/apps/vunify is supposed to be a dir
1319327603 M * Bertl_oO with a subdirectory called hash, also containing such 'id' links
1319327623 M * Bertl_oO (again see the config url)
1319327700 M * chrissbx Ah, true, that doesn't match the docs.
1319327765 M * Bertl_oO the .defaults is just a default for all guests not specifying anything specific
1319327894 P * orzel Konversation terminated!
1319327997 M * chrissbx Hm, now I've got /etc/vservers/gamb/apps/vunify -> ../../.defaults/apps/vunify and /etc/vservers/.defaults/apps/vunify/hash/01 -> /usr/vservers/.hash