1319673709 Q * dowdle Remote host closed the connection
1319675318 Q * ksn Ping timeout: 480 seconds
1319675598 Q * guerby Ping timeout: 480 seconds
1319678818 M * Bertl off to bed now ... have a good one everyone!
1319678825 N * Bertl Bertl_zZ
1319679383 Q * clopez Ping timeout: 480 seconds
1319680394 J * ksn ~ksn@197.168.189.9
1319680911 J * treaki_ ~treaki@p5B0331CE.dip.t-dialin.net
1319681223 Q * treaki Ping timeout: 480 seconds
1319684378 Q * hparker Ping timeout: 480 seconds
1319684920 J * hparker ~hparker@linux.homershut.net
1319685708 Q * eyck Ping timeout: 480 seconds
1319688294 Q * hparker synthon.oftc.net charm.oftc.net
1319688294 Q * ghislain synthon.oftc.net charm.oftc.net
1319688294 Q * kshannon synthon.oftc.net charm.oftc.net
1319688352 J * hparker ~hparker@linux.homershut.net
1319688352 J * kshannon ~kris@122.252.14.166
1319689601 J * sannes1 ~ace@cm-84.209.106.118.getinternet.no
1319690571 J * eyck ~eyck@77.79.198.68
1319691063 Q * eyck Ping timeout: 480 seconds
1319693493 Q * FireEgl Ping timeout: 480 seconds
1319693853 J * derjohn_mob ~aj@213.238.45.2
1319694109 J * FireEgl FireEgl@2001:470:e056:1:f885:13a6:cafc:86d1
1319694642 J * ncopa ~ncopa@3.203.202.84.customer.cdi.no
1319695519 J * eyck ~eyck@77.79.198.63
1319698272 J * guerby ~guerby@nc10d.tetaneutral.net
1319698397 J * renihs ~arf@83-65-34-34.arsenal.xdsl-line.inode.at
1319701615 J * ghislain ~AQUEOS@adsl2.aqueos.com
1319704254 J * bonbons ~bonbons@2001:960:7ab:0:5851:bc0:e077:d949
1319706941 Q * ksn Read error: Connection reset by peer
1319706958 J * ksn_ ~ksn@197.110.35.138
1319707089 J * clopez ~clopez@155.99.117.91.static.mundo-r.com
1319709011 Q * fisted Read error: Connection reset by peer
1319709097 J * fisted ~fisted@xdsl-87-78-210-20.netcologne.de
1319709602 Q * Hunger Ping timeout: 480 seconds
1319709773 Q * ksn_ Ping timeout: 480 seconds
1319711140 J * Hunger ~Hunger@Hunger.hu
1319712413 Q * hparker Ping timeout: 480 seconds
1319712489 J * hparker ~hparker@linux.homershut.net
1319713102 Q * hparker Quit: Quit
1319714418 Q * Aiken Remote host closed the connection
1319714836 N * Bertl_zZ Bertl
1319714884 M * Bertl morning folks!
1319715071 M * daniel_hozac morning Bertl
1319715220 M * Bertl hey, got a minute for me?
1319715289 M * daniel_hozac sure
1319715319 M * Bertl http://paste.linux-vserver.org/20644
1319715337 M * Bertl this is the final check regarding ptrace access
1319715371 M * Bertl I'm not sure what the purpose of the last check (regarding VXF_STATE_ADMIN) really is about
1319715379 M * Bertl -about
1319715416 M * daniel_hozac isn't that to prevent ptrace on processes in guests without VXF_STATE_ADMIN?
1319715429 M * daniel_hozac i.e. unadministrable guests
1319715460 M * Bertl ah, good point
1319715545 M * Bertl then I probably have to look elsewhere ... the original issue is that the spectator context cannot access /proc/<tid>/io because we get -EACCES there
1319715590 M * daniel_hozac hmm
1319715593 M * Bertl from a quick glance at the code, the only relevant place was this check, but it cannot possibly trigger on a default system
1319715609 M * daniel_hozac can you reproduce it?
1319715645 M * Bertl chcontext --xid 1 -- cat /proc/1/io
1319715820 M * Bertl does chcontext drop capabilities on xid=1?
1319715939 M * daniel_hozac no, it shouldn't...
1319716031 M * daniel_hozac it looks like any error code from ptrace_may_access will return EACCES though.
1319716079 M * Bertl yep, just saw that, so probably something like the namespace causes this
1319716102 M * Bertl which would mean that we either miss CAP_SYS_PTRACE
1319716132 M * Bertl or the task isn't dumpable then?
1319716158 M * Bertl anyway, will add some debug info to that check and see if something triggers
1319716179 J * Crumbz ~Crumbz@host-89-240-244-133.as13285.net
1319716197 M * daniel_hozac hmm
1319716222 M * daniel_hozac task_ns_capable and the ns_capable do the same thing.
1319716302 M * daniel_hozac the vs_check_bit in ns_capable looks wrong to me.
1319716329 M * daniel_hozac although not related to this.
1319716425 M * Bertl how so? (I'm referring to the wrong part)?
1319716454 M * daniel_hozac it circumvents the actual capability check
1319716462 M * daniel_hozac shouldn't that be a return false?
1319716598 M * Bertl IIRC, we added the VXC_CAP_MASK for exactly that purpose, but it shouldn't be used now/anymore as it is 0
1319716663 M * Bertl so vs_check_bit(VXC_CAP_MASK, cap) should always give false
1319716673 M * daniel_hozac fair enough
1319716698 M * Bertl but I'd opt to remove that contruct as we obviously do not need it
1319716720 M * Bertl (and it just leads to confusion :)
1319716727 M * daniel_hozac yeah :
1319717000 J * ksn ~ksn@197.110.35.138
1319717035 M * daniel_hozac i guess we just need some printk's to see which check is failing.
1319718184 J * thierryp ~thierry@zankai.inria.fr
1319721136 J * hparker ~hparker@2001:470:1f0f:32c:beae:c5ff:fe01:b647
1319721964 Q * treaki_ Ping timeout: 480 seconds
1319723613 Q * ksn Ping timeout: 480 seconds
1319724570 M * Bertl it seems, we actually hit the ident/state_admin check
1319724591 M * Bertl will output a little more details on the flags/check results
1319725293 M * Bertl so, the problem is this, when xid=1 tries to inspect a host process, we end up with both checks returning true and block the access
1319725327 M * Bertl I'm now going to check the case where we try to inspect a guest process
1319725379 M * Bertl the question is if we actually want to change that behaviour, because host processes can be inspected from the host context
1319725536 M * Bertl ser: are you sure you can only see I/O for htop not for guest processes?
1319725552 M * Bertl ser: it is expected that you cannot see I/O for host processes
1319725593 Q * FireEgl Ping timeout: 480 seconds
1319725899 Q * micah Quit: Lost terminal
1319725915 M * Bertl daniel_hozac: 'vurpm urpmi mag1 -- screen'
1319725924 M * Bertl ncontext: execvp(""): Permission denied
1319725932 M * Bertl what am I doing wrong here?
1319726141 J * micah ~micah@micah.riseup.net
1319726759 J * dowdle ~dowdle@scott.coe.montana.edu
1319726822 M * Crumbz Bertl, you seem to be the only person who ever answers question on this server. :P
1319726831 M * Crumbz channel*
1319726840 M * Bertl nah, that is a misconception
1319726873 M * Crumbz Or just a coincidence? ;p
1319727125 Q * Crumbz Quit: Leaving
1319728040 Q * ncopa Quit: Leaving
1319728205 N * [Guy] Guy-
1319729697 Q * nkukard Ping timeout: 480 seconds
1319730439 J * nkukard ~nkukard@41-133-198-167.dsl.mweb.co.za
1319731514 Q * derjohn_mob Ping timeout: 480 seconds
1319732098 Q * nkukard Ping timeout: 480 seconds
1319732347 J * sweil ~stefan@p5086FEB8.dip.t-dialin.net
1319732889 J * nkukard ~nkukard@41-133-198-167.dsl.mweb.co.za
1319733328 J * FireEgl FireEgl@2001:470:e056:1:7052:b613:6257:460f
1319733489 J * treaki_ ~treaki@31-19-232-27-dynip.superkabel.de
1319733517 Q * thierryp Remote host closed the connection
1319733886 M * daniel_hozac Bertl: hmm, it looks fine. i'll have to look at it later.
1319734193 Q * FireEgl Ping timeout: 480 seconds
1319734779 J * FireEgl ~FireEgl@173-16-9-169.client.mchsi.com
1319734937 Q * treaki_ Ping timeout: 480 seconds
1319735953 Q * chrissbx Ping timeout: 480 seconds
1319737178 Q * FireEgl Ping timeout: 480 seconds
1319737811 J * FireEgl ~FireEgl@173-16-9-169.client.mchsi.com
1319738768 Q * renihs Ping timeout: 480 seconds
1319739327 Q * mike Remote host closed the connection
1319739565 J * mike mike@no.phear.eu
1319739922 Q * nicholi Quit: leaving
1319739955 J * nicholi ~nicholi@rrcs-76-79-196-34.west.biz.rr.com
1319741593 M * ser Bertl: I cannot see any of guests IO
1319741593 Q * FireEgl Read error: Connection reset by peer
1319741603 M * ser Bertl: the aonly IO I can is htop itself
1319741696 M * ser which is on the host, btw
1319742038 M * Bertl okay, but you can enter/administrate the guests?
1319742203 M * ser sure i can
1319742219 M * ser iotop also works 
1319742311 M * ser which saves my ass for now, as i can use htop and iotop to achieve mostly the same results as htop alone before on 2.6.36
1319742416 M * ser i think your investigation is right, it looks it just cannot read properly values from /proc/<numbers>/ - these entries were on my strace 
1319742443 Q * hparker Ping timeout: 480 seconds
1319742450 M * ser it works in guests, it works on host, it does not work in context 1
1319742929 J * matti matti@acrux.romke.net
1319742944 P * matti 8-X
1319743210 J * hparker ~hparker@2001:470:1f0f:32c:beae:c5ff:fe01:b647
1319743846 J * Aiken ~Aiken@2001:44b8:2168:1000:21f:d0ff:fed6:d63f
1319744716 Q * Alex[fob] Ping timeout: 480 seconds
1319745342 J * Alex[fob] ~alex@2001:6f8:1c3c:f76::152:1
1319745872 Q * sannes1 Remote host closed the connection
1319747568 J * FireEgl ~FireEgl@173-16-9-169.client.mchsi.com
1319747782 Q * clopez Ping timeout: 480 seconds
1319749193 Q * FireEgl Ping timeout: 480 seconds
1319749648 Q * sweil Remote host closed the connection
1319749804 J * FireEgl ~FireEgl@173-16-9-169.client.mchsi.com
1319750370 Q * FireEgl Remote host closed the connection
1319751239 J * FireEgl FireEgl@2001:470:e056:1:c027:4e85:ce0c:23a6
1319751769 Q * FireEgl Remote host closed the connection
1319752469 M * daniel_hozac Bertl: vurpm should be fixed now.
1319752488 M * daniel_hozac Bertl: do you have some debugging output already from ptrace_may_access?
1319752660 M * daniel_hozac i see how that would trigger for host processes
1319752666 M * daniel_hozac but guests?
1319752788 M * daniel_hozac well, hmm, i can see the guest's io file fine...
1319753721 M * ser daniel_hozac: apt-get install htop; chcontext --xid 1 -- htop
1319753770 J * FireEgl FireEgl@2001:470:e056:1:7d6f:4d19:5b4d:305c
1319754527 M * Bertl yeah, no idea why htop fails
1319754547 M * Bertl but I can see that htop has problems with guest files as well
1319754625 M * Bertl regarding vurpm: can I get a tar (pretty please :)?
1319754848 M * ser Bertl: what do you mean by guests? i run it in a guest and it shows all IO properly
1319754899 J * treaki_ ~treaki@31-19-232-27-dynip.superkabel.de
1319754994 M * Bertl yeah, I can reproduce that
1319755012 M * Bertl I just haven't figured out what keeps htop from doing the same in xid 1
1319755035 M * Bertl because with e.g. 'cat' I can view the I/O stats quite fine from xid=1
1319755045 M * ser OK, sorry, I was sure there is some misunderstanding :)
1319755057 M * ser yes, iotop works well either
1319755064 M * ser it is magic :)
1319755080 M * Bertl so either something in htop is going wrong, or htop is kind of dropping permissions early or something completely different
1319755096 M * ser I can consult htop list if you suggest to
1319755119 M * Bertl yeah, it would definitely bring some outside ideas ...
1319755134 M * ser sorry for my screaming, it is just the basic app in my everyday work :)
1319755137 M * daniel_hozac do we get any errors from htop?
1319755147 M * daniel_hozac (with strace, i mean)
1319755156 M * ser i can upload a strace for you
1319755165 M * Bertl strace shows a bunch of access denied, but not on the pids in question
1319755204 M * daniel_hozac Bertl: new tar uploaded :)
1319755212 M * ser daniel_hozac: if you want me of course to do that :)
1319755222 M * Bertl daniel_hozac: thanks a bunch! \o/
1319755400 M * daniel_hozac the error is that it shows zeroes?
1319755406 M * ser yes
1319755406 M * Bertl yup
1319755420 M * Bertl but the io stats update when using cat for example
1319755440 M * Bertl easy to test with chcontext --xid 42 -- dd if=/dev/zero of=/dev/null bs=1k &
1319755462 M * daniel_hozac hmm
1319755468 M * daniel_hozac i see numbers.
1319755476 M * Bertl hmm, kernel?
1319755493 M * daniel_hozac 3.0.4-vs2.3.1-pre10.1
1319755494 M * Bertl and we are talking about htop running in xid=1
1319755498 M * daniel_hozac right
1319755507 M * Bertl interesting
1319755510 M * daniel_hozac vcontext --xid 1 --migrate -- htop in one window
1319755519 M * daniel_hozac chcontext --xid 42 -- dd if=/dev/zero of=/tmp/blah bs=1M count=3000 in another.
1319755543 Q * fisted Ping timeout: 480 seconds
1319755545 M * ser for me it does not show numbers
1319755554 M * ser 3.0.7-vs2.3.1-beng
1319755575 M * Bertl for me neither, tested with 3.0.4-vs2.3.1-pre10.1 here
1319755588 M * daniel_hozac which fields are you monitoring?
1319755602 M * ser IOWR, IO_WR
1319755619 M * Bertl the 5 IO stat one I could find
1319755627 J * fisted ~fisted@xdsl-87-78-208-43.netcologne.de
1319755650 M * Bertl i.e. IO_R/WBYTES, and IO,IORR,IORW
1319755699 M * daniel_hozac /dev/null doesn't work for me.
1319755710 M * daniel_hozac but /tmp/blah works fine.
1319755713 M * Bertl interesting ...
1319755754 M * ser i am testing on real services, they are shown when i enter a particular guest and run htop
1319755795 M * ser is it possible you have different setattr?
1319755824 M * daniel_hozac for /proc? i have stock everything .
1319755861 M * daniel_hozac setattr doesn't apply to per-process entries anyway.
1319755866 M * Bertl I'm inclined to consider this some kind of htop sanity check going wrong maybe?
1319755887 M * ser Bertl: but why daniel's htop works?
1319755909 M * Bertl haven't tested the 'bla' part yet
1319756040 M * ser i have tested :(
1319756174 M * Bertl adaniel_hozac: vurpm urpmi mag1 -- screen  \n secure-mount: chdir("/.rpmdb"): No such file or directory
1319756208 M * daniel_hozac hmm
1319756209 M * Bertl I presume I have to create something somewhere or somehow tell it that the database is inside?
1319756232 M * daniel_hozac none of that should be needed for internal databases, i don't know.
1319756330 M * Bertl hmm, maybe the guest got messed up, no problem I try with a new one
1319756395 M * daniel_hozac try just making sure its set as internal
1319756465 M * daniel_hozac i.e. touch /etc/vservers/<guest>/apps/pkgmgmt/internal
1319756670 Q * ghislain Quit: Leaving.
1319756862 J * andip ~packet@67.213.81.183
1319757027 M * daniel_hozac ser: if you could upload an strace of an htop session along with some pid that is supposed to be doing IO, that would probably be helpful.
1319757042 M * daniel_hozac but i need to get some sleep for now.
1319757049 Q * andip 
1319757063 M * daniel_hozac good night!
1319757213 M * Bertl have a good one!
1319757360 M * ser daniel_hozac: i will try, unfortunately next week only, i am due to leave for a conference. but i will do it
1319757395 M * Bertl no hurries, we can partially recreate and reproduce the issue (which is a good thing :)
1319757417 M * ser Bertl, daniel_hozac: thanks a lot, guys
1319757426 M * Bertl but it won't hurt to drop an email to the htop folks, maybe they have a good idea
1319757438 M * ser i will do it now
1319757498 M * Bertl thanks!
1319757529 M * ser i am reading htop archives to find out who was an author of vserver patch
1319757548 M * ser and i will contact him directly to achieve beter results :)
1319757589 M * ser it was Mr Jonathan Sambrook
1319757609 M * Bertl yeah, but I don't think it is related to that patch
1319757625 M * Bertl (which adds support for the xid/nid fields)
1319757635 M * ser but at least he will know what we are chatting about
1319757644 M * Bertl yep, definitely
1319757645 M * ser the rest of htop list does not use vserver 
1319757888 Q * treaki_ Ping timeout: 480 seconds
1319757898 J * treaki_ ~treaki@hd679.rmz.uni-lueneburg.de
1319758154 M * ser Ok, I have written him, thanks
1319758166 M * Bertl thank you!
1319758643 Q * bonbons Quit: Leaving
1319759899 Q * treaki_ Ping timeout: 480 seconds