1324857722 Q * iendha Ping timeout: 480 seconds 1324860349 J * Aiken ~Aiken@2001:44b8:2168:1000:21f:d0ff:fed6:d63f 1324867061 Q * daniel_hozac Ping timeout: 480 seconds 1324867576 J * black ~black@host86-174-74-101.range86-174.btcentralplus.com 1324870380 M * Bertl off to bed now ... have a good one everyone! 1324870393 N * Bertl Bertl_zZ 1324871997 J * black_ ~black@host86-176-121-250.range86-176.btcentralplus.com 1324872253 Q * black Ping timeout: 480 seconds 1324873446 J * hparker ~hparker@2001:470:1f0f:32c:beae:c5ff:fe01:b647 1324875165 Q * Rockj Ping timeout: 480 seconds 1324875168 Q * Guest21571 Ping timeout: 480 seconds 1324877071 J * FireEgl ~FireEgl@173-16-9-169.client.mchsi.com 1324878173 Q * black_ Quit: Leaving 1324878289 J * black ~black@host86-176-121-250.range86-176.btcentralplus.com 1324878347 Q * black 1324878365 J * black ~black@host86-176-121-250.range86-176.btcentralplus.com 1324878383 Q * black 1324880043 Q * hparker Quit: I've fallen off the 'net and can't get up 1324882842 J * ncopa ~ncopa@3.203.202.84.customer.cdi.no 1324884558 J * ghislain ~AQUEOS@adsl2.aqueos.com 1324887878 N * ensc Guest21746 1324887888 J * ensc ~irc-ensc@p54ADF669.dip.t-dialin.net 1324888298 Q * Guest21746 Ping timeout: 480 seconds 1324888944 M * urbee linux-2.6.35-vserver-2.3.0.36.32 1324888950 M * urbee linux-2.6.33-vserver-2.3.0.36.30.4 1324888958 M * urbee u think i could use old config on this kernel? 1324888969 M * urbee or should i rather not 1324889295 J * sannes ~ace@cm-84.209.106.118.getinternet.no 1324889755 Q * ensc|w Remote host closed the connection 1324889764 J * ensc|w ~ensc@www.sigma-chemnitz.de 1324890690 J * Rockj rockj@rockj.net 1324891550 Q * PowerKe Read error: Operation timed out 1324892190 Q * Rockj Ping timeout: 480 seconds 1324892206 J * PowerKe ~tom@94-226-105-186.access.telenet.be 1324892333 J * yang yang@boneym.linuxshell.org 1324892369 N * yang Guest21749 1324894110 J * bonbons ~bonbons@2001:960:7ab:0:6426:3ca1:bf0b:e448 1324894929 M * urbee echo NET_ADMIN >> bcaps 1324894938 M * urbee is this the correct way to allow a vm use iptables? 1324894945 M * urbee FATAL: Could not load /lib/modules/2.6.35-vs2.3.0.36.32-gentoo/modules.dep: No such file or directory 1324894946 M * urbee iptables v1.4.8: can't initialize iptables table `filter': Permission denied (you must be root) 1324894946 M * urbee Perhaps iptables or your kernel needs to be upgraded. 1324894948 M * urbee cuz i cant :) 1324897204 J * Rockj rockj@rockj.net 1324897817 M * urbee ok 1324897818 M * urbee i tried 1324897827 M * urbee echo NET_ADMIN >> bcapabilities 1324897830 M * urbee doesnt work either :p 1324897835 M * urbee what am i missing? 1324897866 M * Mr_Smoke Are you aware that by doing that, this particular guest would probably have more control than you really want it to have ? 1324897883 M * Mr_Smoke I'd suggest investigating network namespaces too, if you're not already doing that 1324898020 M * urbee NET_ADMIN 1324898022 M * urbee NET_RAW 1324898027 M * urbee seems i need those two 1324898038 M * urbee Mr_Smoke: this is the only VM thats going to run here and its going to be managed by me 1324898048 M * urbee so i dont think there's a huge issue 1324898062 M * urbee i could run the stuff directly in OS without the vserver in between 1324898072 M * urbee but i find it easier to manage in case of issues 1324898080 M * urbee with linux-vserver 1324898090 M * Mr_Smoke ok then :) 1324898135 M * urbee would be nice if this could be done so the guest wouldnt have to get all these control anyway 1324898138 M * urbee :) 1324898145 M * urbee but i guess its not possible :p 1324898161 M * Mr_Smoke I think network namespace allows that 1324898171 M * urbee if i understood this correctly, the guest is now able to add new interfaces by itself right? 1324898179 M * urbee no need for the host to do that 1324898251 M * Mr_Smoke not sure, never tried, but I know it helps when you want more control such as netfilter 1324898301 M * urbee have any ideas how to set /tmp inside a vm with noexec,nosuid? 1324898319 M * urbee none /tmp tmpfs size=300m,mode=1777,noexec,nosuid 0 0 1324898321 M * urbee like this? 1324898424 M * Mr_Smoke probably 1324898549 M * urbee thx :> 1324899701 J * derjohn_mob ~aj@p5B024A5E.dip.t-dialin.net 1324900506 Q * gucki_ Remote host closed the connection 1324900968 M * urbee quotacheck: Cannot stat() mounted device /dev/root: No such file or directory 1324900968 M * urbee quotacheck: Cannot find filesystem to check or filesystem not mounted with quota option. 1324900972 M * urbee tryin to set up quota in a guest 1324900979 M * urbee using gentoo as the host system and debian 6 as guest 1324901869 M * urbee seems gentoo changed something in mtab 1324901878 M * urbee now i cant see /dev/sda3 as my root filesystm 1324901881 M * urbee just /dev/root 1324901896 M * urbee s -la /dev/root 1324901896 M * urbee lrwxrwxrwx 1 root root 4 Dec 26 13:12 /dev/root -> sda3 1324901901 M * urbee which seems to be a link 1324901955 M * urbee any suggestions? 1324902201 M * Chlorek uuid 1324902944 M * urbee uuid ? 1324903104 Q * Aiken Remote host closed the connection 1324906015 Q * padde Remote host closed the connection 1324906139 J * padde ~padde@patrick-nagel.net 1324906974 J * hparker ~hparker@2001:470:1f0f:32c:beae:c5ff:fe01:b647 1324911598 J * Hunger ~Hunger@proactivesec.com 1324913466 Q * imcsk8 Ping timeout: 480 seconds 1324913843 M * urbee anyone?:p 1324914032 N * Bertl_zZ Bertl 1324914037 M * Bertl morning folks! 1324914094 M * urbee hi Bertl 1324914167 M * Bertl hey, what are you trying an what is the kernel/patch/util-vserver version? 1324914185 M * urbee i'm trying to set up quota 1324914194 M * urbee http://linux-vserver.org/Quotas 1324914219 M * Bertl i.e. you want the guest to be accounted on a user/group base? 1324914234 M * urbee I need quotas from inside the guest 1324914240 M * urbee just quota support for users inside the guest 1324914246 M * Bertl or you want the guest to be able to configure and manage user/group quota? 1324914254 M * urbee well yeah 1324914290 M * urbee util-vserver-0.30.216_pre2955 1324914311 M * urbee vserver-sources 2.3.0.36.32 1324914315 M * Bertl well, really depends on the guest system, recent quotatools do not allow a 'secure' quota setup, mostley because they are trying to be too smart 1324914324 M * urbee debian 6 1324914340 M * urbee should i try with some older quota then? 1324914368 M * Bertl the important check is with mtab containing hdv* and specifying ufs 1324914392 M * Bertl if the quota commands complain about other devices and/or not having proper access, they are too new 1324914403 M * urbee quota: Cannot stat() mounted device /dev/root: No such file or directory 1324914411 M * Bertl yep, like that 1324914418 M * urbee grep /dev/hdv1 /etc/mtab 1324914424 M * urbee /dev/hdv1 / ufs defaults,usrquota,grpquota 0 0 1324914440 M * Bertl i.e. the quota tools ignore /etc/mtab and look in /proc/mounts 1324914499 M * urbee so 1324914502 M * urbee find an older quota 1324914509 M * urbee thats the only solution? 1324915044 M * urbee i went with an older quota for lenny 1324915045 M * urbee quotacheck: Cannot stat old user quota file: No such file or directory 1324915045 M * urbee quotacheck: Cannot stat old group quota file: No such file or directory 1324915045 M * urbee quotacheck: Cannot stat old user quota file: No such file or directory 1324915045 M * urbee quotacheck: Cannot stat old group quota file: No such file or directory 1324915045 M * urbee quotacheck: Checked 1322 directories and 15955 files 1324915047 M * urbee get these now 1324915053 M * urbee when i run quotacheck 1324915180 Q * ncopa Quit: Leaving 1324915459 M * urbee went and installed from source 1324915467 M * urbee 3.17 1324915470 M * urbee quotacheck works now 1324915474 M * urbee but quotaon gives me an error 1324915482 M * urbee quotaon: using //aquota.group on /dev/hdv1 [/]: No such device or address 1324915482 M * urbee quotaon: using //aquota.user on /dev/hdv1 [/]: No such device or address 1324915543 M * Bertl did you setup the vroot device? 1324915549 M * urbee yeah 1324915568 M * urbee i'll do it again just to be sure 1324915598 Q * Hunger Quit: _._ 1324915631 M * urbee darn 1324915635 M * urbee did it again and now it works :) 1324915799 M * Bertl good :) 1324915799 J * Hunger ~Hunger@proactivesec.com 1324916015 J * imcsk8 ~ichavero@148.229.1.11 1324918319 M * urbee thanks 1324918424 M * Bertl you're welcome! 1324920556 Q * imcsk8 Ping timeout: 480 seconds 1324922378 J * imcsk8 ~ichavero@148.229.1.11 1324923287 M * urbee /sbin/quotacheck 1324923294 M * urbee the guide says it should be in /sbin 1324923304 M * urbee is it a problem if its in /usr/sbin/ 1324923305 M * urbee ? 1324923402 M * Bertl nope 1324923416 M * urbee same sh*t right? 1324923418 M * urbee :P 1324925546 M * urbee quotacheck: Quota for users is enabled on mountpoint / so quotacheck might damage the file. 1324925546 M * urbee Please turn quotas off or use -f to force checking. 1324925556 M * urbee it seems that quota doesnt go off on shutdown/restart of vm 1324925560 M * urbee what am i doing wrong? 1324925568 M * urbee If i do quotaoff inside vm before rebooting it works 1324925573 M * urbee if i dont i get this msg 1324925626 M * urbee the guide says to add quotaon to rc.local 1324925632 M * urbee but where to stop it? 1324925917 M * Bertl maybe halt.local? 1324925954 M * Bertl but really depends on your guest distro 1324925958 M * urbee debian6 1324925975 M * Bertl don't use debian, so no idea 1324927446 Q * padde Remote host closed the connection 1324927484 J * padde ~padde@patrick-nagel.net 1324928542 M * urbee Bertl: i see now, setting iptables sets it on host machine also 1324928550 M * urbee is there a way to do this differently? 1324928571 M * urbee i mean..setting iptables in guest sets it on host also 1324928606 M * urbee any other way to do this than with NET_ADMIN and NET_RAW ? 1324928641 M * fback_ urbee: network stack is not a part of vm, if you want separate networking, use network namespaces 1324928730 N * fback_ fback 1324928775 M * Bertl the default Linux-VServer uses is network isolation 1324928800 M * Mr_Smoke hello there 1324928808 M * Bertl urbee: with network isolation, you are not allowed to do things like iptables or routing, but usually you do not need that anyway 1324928820 M * Mr_Smoke oh good, i've got a question on that topic 1324928831 M * Mr_Smoke how would one do traffic accounting in a guest then ? 1324928832 M * Bertl urbee: as fback mentioned, if you want a virtual network stack, you can use network namespaces for taht 1324928878 M * Bertl Mr_Smoke: set up an iptables rule based on the guest IPs (for accounting) and use that 1324928909 M * Bertl also, accounting based on the cgroup might work, but I doubt that was tested (in mainline) 1324928924 M * Mr_Smoke Bertl: sorry I misphrased that 1324928934 M * Mr_Smoke Bertl: how would one with guest access only achieve that? 1324928942 M * Mr_Smoke I can account for my traffic just fine 1324928953 M * Mr_Smoke I'm wondering if my "clients" can, somehow 1324928955 M * Bertl without a virtual networks stack not at all 1324928968 M * Mr_Smoke Yeah, I expected as much 1324928974 M * Bertl but there are a lot of things guest root cannot do 1324928984 M * Bertl like for example loading kernel modules 1324928992 M * Mr_Smoke And with virtual network stack? is that documented somewhere ? 1324928996 M * Mr_Smoke yeah and thank god they can't :) 1324929020 M * Bertl the virtual network stack basically adds another layer (regarding entworking) 1324929046 M * Bertl it is a mainline feature and 'documented' via the kernel documentation and LXC work/wiki 1324929074 M * Mr_Smoke oh ok ,that's == network namespace ? 1324929093 M * Bertl yep, each network packet will traverse two network stacks 1324929106 M * Bertl the one on the host, and the virtual one for the guest/namespace 1324929124 M * Mr_Smoke ok 1324929133 M * Mr_Smoke so I basically need to read up about that. 1324929139 M * Mr_Smoke Do vserver-tools make use of this ? 1324929148 M * Mr_Smoke or does one need mainline tools? 1324929208 M * Bertl uI don't know about vserver-tools (I doubt they ahve been updated recently), but util-vserver doesn't support network namespace setup yet, but you can unsahre them quite fine (with util-vserver) 1324929235 M * Bertl so you need to do the configuration in the pre/post scripts 1324929255 M * Mr_Smoke 'kay 1324929261 M * Mr_Smoke Thanks for that :) 1324929270 M * Mr_Smoke I'll read up more on the LXC website 1324929292 M * Mr_Smoke http://lxc.sourceforge.net/index.php/about/kernel-namespaces/network/ <= this 1324929328 M * Bertl if you really plan on usig network namespaces, it would be beneficial to start a wiki page and contact the folks who already played with that via the ML 1324929473 M * Mr_Smoke duly noted 1324929565 M * Mr_Smoke hm, what's "unshare" ? 1324929580 M * Bertl namespaces get 'unshared' 1324929592 M * Mr_Smoke ah ok 1324929616 M * Bertl i.e. when you want a separate namespace, you 'unshare' that specific namespace for a particular process 1324929626 M * Bertl (for example with the unshare syscall) 1324929684 M * Mr_Smoke (hm lxc website last update: april '11) 1324929691 M * Mr_Smoke I see 1324929715 M * Bertl working day and night to bring latest technologies to the masses :) 1324929798 M * Mr_Smoke :D 1324932720 Q * MooingLemur Read error: Operation timed out 1324932871 Q * imcsk8 Ping timeout: 480 seconds 1324933061 J * MooingLemur ~troy@ipv4.pinchaser.com 1324933596 M * urbee is it possible to run the host machine on a LAN address, lets say 192.168.x.x and run the guest on a public ip? 1324933599 M * urbee shouldnt be a problem right? 1324933674 M * fback urbee: without network namespaces host has all the addresses 1324933689 M * urbee what if i use eth0 for lan and eth1 for vm? 1324933708 M * fback urbee: and there's no problem assigning public ips to guests 1324933720 M * urbee ok..so thats a yes 1324933801 M * fback urbee: again, without network namespaces host has all the ips. all the networking is done on the host, vserver patch just isolates available ips. 1324935036 J * macmaN ~chezburge@138.167.190.90.dyn.estpak.ee 1324935669 Q * bonbons Quit: Leaving 1324936128 J * hijacker_ ~hijacker@cable-84-43-136-96.mnet.bg 1324936580 Q * arekm Remote host closed the connection 1324936787 Q * hijacker_ Quit: Leaving 1324937143 J * arekm ~arekm@ixion.pld-linux.org 1324937559 Q * sannes Remote host closed the connection 1324940889 J * imcsk8 ~ichavero@148.229.1.11 1324941310 J * petzsch ~markus@p57B65B05.dip.t-dialin.net 1324941713 Q * macmaN Ping timeout: 480 seconds 1324942955 J * macmaN ~chezburge@138.167.190.90.dyn.estpak.ee 1324943377 Q * petzsch Quit: Leaving.