1322697977 Q * chrissbx Ping timeout: 480 seconds 1322699013 Q * dowdle Remote host closed the connection 1322699393 J * chrissbx ~chrissbx@69-196-180-202.dsl.teksavvy.com 1322700961 J * ghislain ~AQUEOS@adsl2.aqueos.com 1322700989 Q * ghislain 1322701490 Q * qwerty1 1322707017 J * puck ~puck@leibniz.catalyst.net.nz 1322707029 M * puck xghbv g svgcsvb yg5b4gbrtfg5rfdr5v fjrtggrhujhvbyhgtgiojgnhfbctnbhgfyghcefuysdu5trecvgvedrr 1322707036 M * puck gkhnifbvkdrtnbhbudfkrtv5njhtrvkhfbudchnbtghfhdfrtjbjgunhgtvgjgn dhvnv hvnj behb cfjhy befvrbheyrf 1322712241 Q * Aiken Read error: Connection reset by peer 1322712266 J * Aiken ~Aiken@2001:44b8:2168:1000:21f:d0ff:fed6:d63f 1322713533 J * fisted ~fisted@xdsl-87-78-211-78.netcologne.de 1322714176 M * Bertl off to bed now .. have a good one everyone! 1322714184 N * Bertl Bertl_zZ 1322721196 Q * derjohn_mobi Ping timeout: 480 seconds 1322721694 J * derjohn_mob ~aj@87.253.171.211 1322722401 J * ncopa ~ncopa@3.203.202.84.customer.cdi.no 1322722700 J * qwerty1 ~werty@04ZAAAGZ1.tor-irc.dnsbl.oftc.net 1322725906 J * ghislain ~AQUEOS@adsl2.aqueos.com 1322727775 J * eyck ~eyck@77.79.198.60 1322729590 Q * kcin Quit: ZNC - http://znc.in 1322729840 J * kcin ~kcin@91.118.96.132 1322730223 Q * kcin Quit: ZNC - http://znc.in 1322730382 J * kcin ~kcin@91.118.96.132 1322732289 Q * zbyniu Ping timeout: 480 seconds 1322733824 J * Bowwwweee 02e221b7@ircip2.mibbit.com 1322733839 M * Bowwwweee http://celebislegend.altervista.org/sito/ <-- visit this site! http://celebislegends.forumfree.it/ <-- and the forum 1322733841 P * Bowwwweee 1322736103 N * Bertl_zZ Bertl 1322736109 M * Bertl morning folks! 1322736559 M * fanto666 should I set barrier flag on /vservers or /vservers/ ? 1322736702 M * Bertl barrier always goes to /path/to/guest/.. 1322736710 M * Bertl (note the '..') 1322736793 M * Bertl note that this _might_ be the same as /vservers but it might as well be different, thus it's really the best choice to use '..' :) 1322741956 J * zbyniu ~zbyniu@ip-62.181.188.13.static.crowley.pl 1322743656 M * fanto666 ok, just for sure. 1322743674 M * fanto666 I still have problems with namespaces 1322743752 M * fanto666 so i was checking if this isn't the reason 1322744363 M * Bertl what kind of problems, and what kernel/patch version? 1322744432 M * fanto666 mmnt 1322744752 J * clopez ~clopez@155.99.117.91.static.mundo-r.com 1322745059 M * Bertl off for now ... bbl 1322745066 N * Bertl Bertl_oO 1322746305 J * thierryp ~thierry@zankai.inria.fr 1322749176 J * meebey meebey@cloud.smuxi.org 1322749218 M * meebey Bertl_oO: I have sent an update wrt the NFS uid/gid issue to: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633526#55 1322749744 J * fisted_ ~fisted@xdsl-87-78-221-2.netcologne.de 1322750151 Q * fisted Ping timeout: 480 seconds 1322750820 Q * Aiken Remote host closed the connection 1322753916 Q * thierryp Remote host closed the connection 1322754658 J * dowdle ~dowdle@scott.coe.montana.edu 1322755752 Q * ncopa Quit: Leaving 1322759053 J * bonbons ~bonbons@2001:960:7ab:0:e876:950:28cd:c48b 1322759091 J * thierryp ~thierry@home.parmentelat.net 1322760022 Q * thierryp Remote host closed the connection 1322761349 Q * derjohn_mob Ping timeout: 480 seconds 1322764529 J * petzsch ~markus@p57B63B4F.dip.t-dialin.net 1322765157 N * Bertl_oO Bertl 1322766220 Q * petzsch Quit: Leaving. 1322766825 M * chrissbx Hm, so has someone already verified all possibilities for running chrome or chromium in a vserver guest without the need for --no-sandbox ? 1322766880 M * chrissbx I'm reading that chromium uses seccomp (at least in one variation of its sandboxing), if so then why would it also need pid namespaces? 1322767198 Q * fisted_ Quit: leaving 1322768138 J * petzsch ~markus@p57B63B4F.dip.t-dialin.net 1322768431 M * Bertl I've never understood what seccomp 1322768440 M * Bertl is supposed to do ... 1322768473 M * Bertl anyway, how does chromium work when running as user not root? 1322768510 M * chrissbx It ships with a setuid root binary to set up the sandboxing. 1322768542 M * Bertl okay, let me rephrase then, how does it work on e.g. RHEL 1322768560 M * Bertl (which has a kernel not able to use namespaces :) 1322768575 M * chrissbx (They said about 1-2 years ago they intend to get rid of the need for the setuid binary at some point, so maybe setuid binary means namespaces and whatever, and they are not ready with seccomp for public consumption yet) 1322768588 M * chrissbx I don't know. 1322768634 M * chrissbx I dimly remember that in a very first version they just used chroot and resource limits or so, so maybe they still fall back to that on RHEL? 1322768654 M * chrissbx But then the big warning I get when running with --no-sandbox doesn't make me believe it uses anything. 1322768689 M * chrissbx (BTW I just send mail to the vserver list.) 1322768692 M * chrissbx sent 1322768851 M * chrissbx seccomp is meant to just let a process do "pure" calculations (no side effects on the system other than communicating inputs and results), 1322768917 M * Bertl sounds good, but I do not see that this is how it's implemented in the kernel 1322768927 M * chrissbx and in the way Google uses it according to the article I linked, allow it to do more but tightly controlled by the proxy thread. 1322768961 M * chrissbx From what I've read, the kernel simply forbids any other syscalls than read write exit and sigreturn. 1322769000 M * chrissbx (Actually it SIGKILLs the process if it does any other calls.) 1322769016 M * chrissbx s/process/thread/ 1322769019 Q * petzsch Quit: Leaving. 1322769034 M * chrissbx (Hm or maybe really the whole process, dunno.) 1322769272 A * chrissbx off buying and having breakfast 1322769454 Q * Guest15983 Ping timeout: 480 seconds 1322769666 J * transacid ~transacid@transacid.de 1322769694 N * transacid Guest18964 1322770254 Q * geos_one Remote host closed the connection 1322770731 Q * ensc|w Quit: Lost terminal 1322770946 J * Aiken ~Aiken@2001:44b8:2168:1000:21f:d0ff:fed6:d63f 1322771520 Q * FireEgl charon.oftc.net resistance.oftc.net 1322771520 Q * PowerKe charon.oftc.net resistance.oftc.net 1322771520 Q * ser charon.oftc.net resistance.oftc.net 1322771520 Q * ccxCZ charon.oftc.net resistance.oftc.net 1322771520 Q * jrayhawk charon.oftc.net resistance.oftc.net 1322771520 Q * nicholi charon.oftc.net resistance.oftc.net 1322771520 Q * ntrs charon.oftc.net resistance.oftc.net 1322771520 Q * disposable charon.oftc.net resistance.oftc.net 1322771520 Q * brc charon.oftc.net resistance.oftc.net 1322771520 Q * imcsk8 charon.oftc.net resistance.oftc.net 1322771520 Q * micah charon.oftc.net resistance.oftc.net 1322771617 J * nicholi ~nicholi@rrcs-76-79-196-34.west.biz.rr.com 1322771617 J * FireEgl FireEgl@2001:470:e056:1:d457:b67a:304d:7aeb 1322771617 J * ntrs ~ntrs@vault08.rosehosting.com 1322771617 J * imcsk8 ~ichavero@148.229.1.11 1322771617 J * PowerKe ~tom@94-226-105-186.access.telenet.be 1322771617 J * brc ~bruce@72.20.27.65 1322771617 J * jrayhawk ~jrayhawk@nursie.omgwallhack.org 1322771617 J * ccxCZ ~ccxCZ@new.webprojekty.cz 1322771617 J * micah ~micah@micah.riseup.net 1322771617 J * ser ~ser@host1.tldp.ibiblio.org 1322771617 J * disposable disposable@shell2.vps.websupport.sk 1322773692 J * derjohn_mobi ~aj@88.128.146.214 1322773831 J * sweil ~stefan@p5086F501.dip.t-dialin.net 1322775618 J * geos_one ~chatzilla@chello080109195117.4.graz.surfer.at 1322776188 Q * bonbons Ping timeout: 480 seconds 1322776715 Q * clopez Ping timeout: 480 seconds 1322776891 J * bonbons ~bonbons@ppp-153-52.adsl.restena.lu 1322778145 N * Guest18964 transacid 1322778669 Q * bonbons Quit: Leaving 1322778901 J * petzsch ~markus@p57B64370.dip.t-dialin.net 1322778991 Q * sweil Remote host closed the connection