1325721756 Q * dowdle 1325721849 Q * click Read error: Operation timed out 1325721989 J * clopez ~clopez@238.10.117.91.dynamic.mundo-r.com 1325722110 M * ryker ok. figured out how to diff this. so yes, all pids are visible under /proc/ when using the spectator context. but some device files are missing when running as the spectator context, such as /proc/cgroup, /proc/cmdline, /proc/acpi, etc. 1325722128 J * Hunger ~Hunger@proactivesec.com 1325722132 M * Bertl those are not device files 1325722156 M * Bertl but yes, certain /proc entries might still be hidden 1325722170 M * daniel_hozac you can configure vprocunhide differently if you wish 1325722228 M * ryker well… not sure what I want to do. ;) I just want to make rkhunter run and not complain about hidden processes and ports that are for a running guest. 1325722303 M * ryker maybe the solution is to just make this project #2 for Bertl after we contract him for support. :) 1325722314 M * Bertl IMHO the first step is to test it on an unpatched kernel first 1325722352 M * Bertl because all those rootkit checks often do some weird stuff and make specific assumptions which might even change with a new kernel release 1325722391 M * Bertl once it is verified that the tool in question works on an unpatched kernel, one can see what the differences are in a properly configured spectator environment 1325722404 M * ryker Bertl: we've run rkhunter on a centos 5.6 kernel on a kvm guest without it reporting any hidden processes or hidden ports. 1325722416 M * Bertl but we can make that project #2 if you like :) 1325722487 M * ryker I think that is looking like a better option here. We are getting into areas that I'm not very familiar with and would probably take me a lot longer to eventually find a solution 1325722523 Q * thal Ping timeout: 480 seconds 1325722553 M * ryker Bertl: BTW, will you be able to send me a second quote/estimate for the kernel project like I asked in my last email? As soon as you send me that, I can talk to my manager about this. 1325722578 M * Bertl let's take that off channel ... 1325722786 J * thal ~thalunil@walledcity.de 1325723644 Q * ghislain Quit: Leaving. 1325724553 Q * ryker Quit: ryker 1325725229 J * click click@ice.vcon.no 1325731761 Q * Pogs241 Quit: Pogs241 1325736321 Q * clopez Ping timeout: 480 seconds 1325736715 J * nicholi ~nicholi@rrcs-76-79-196-34.west.biz.rr.com 1325738582 J * clopez ~clopez@238.10.117.91.dynamic.mundo-r.com 1325740041 J * Pogs241 ~user@cpe-71-72-126-188.insight.res.rr.com 1325740198 Q * clopez Ping timeout: 480 seconds 1325742310 J * sannes ~ace@cm-84.209.106.118.getinternet.no 1325742808 M * Bertl off to bed now ... have a good one everyone! 1325742814 N * Bertl Bertl_zZ 1325744384 Q * Hollow Quit: Hollow 1325744515 Q * FireEgl Read error: Connection reset by peer 1325745260 J * FireEgl ~FireEgl@173-16-9-169.client.mchsi.com 1325745998 J * ghislain ~AQUEOS@adsl2.aqueos.com 1325748827 J * Hollow ~Hollow@p5B2C5555.dip.t-dialin.net 1325750533 J * Marbug ~Marbug@83.101.67.3 1325750533 J * fisted_ ~fisted@xdsl-87-78-212-113.netcologne.de 1325750605 Q * fisted Read error: Operation timed out 1325753088 Q * zbyniu Ping timeout: 480 seconds 1325753143 M * renihs Bertl_zZ, 3.1.6-vs2.3.2.5, sys-cluster/util-vserver-0.30.216_pre2955 1325753733 M * renihs Bertl_zZ, oh and patch: patch-3.1.6-vs2.3.2.5.diff 1325753764 Q * ensc|w Remote host closed the connection 1325753774 J * ensc|w ~ensc@www.sigma-chemnitz.de 1325754725 J * zbyniu ~zbyniu@ip-62.181.188.13.static.crowley.pl 1325755190 M * arekm Bertl_zZ: did you look at 3.2 (aka will it require many changes to vserver patch or just something minor) ? 1325755347 M * renihs uh, 3.2 is out 1325755623 Q * nicholi Read error: Operation timed out 1325755641 J * nicholi ~nicholi@rrcs-76-79-196-34.west.biz.rr.com 1325755738 M * ghislain hum, do you see /proc/mount in guest ? i do not know if i do somethiugn wrong but /proc/mounts is not in any of my guests 1325755759 M * ghislain i use 3.1.6-vs2.3.2.5 1325755791 M * ghislain df show v but /proc/mounts is empty therefor plenty of tools fails (quotatools mainly) 1325755803 M * ghislain df show /dev/hdv2 40G 679M 39G 2% /var 1325755881 M * ghislain arekm , renihs: do you see /proc/mounts in your guests ? 1325755971 M * renihs well i can cat /proc/mounts 1325755988 M * renihs and see what i suspect to see 1325755989 M * ghislain it is not empty then ? 1325755991 M * renihs nope 1325756023 M * renihs e.g http://pastebin.com/RHzDFxv6 1325756131 M * ghislain that mean i have a flags that must be wrong ^^ thanks a lot renihs :) 1325756150 M * renihs yw 1325756274 M * ghislain ok found it 1325756287 M * ghislain now i have it but still quota refuse to work 1325756342 M * ghislain they cannot find the device, they look for the real one instead of the vroot one 1325756356 M * ghislain as /proc/mount show the real one not the hdv2 one 1325756395 M * renihs hmm well i never mangled with quotas *inside* of guests tbh 1325756401 M * renihs maybe that is helpfull? http://vserver.13thfloor.at/Experimental/patch-3.1.6-vs2.3.2.5.diff 1325756403 M * renihs argl 1325756408 M * renihs http://linux-vserver.org/Frequently_Asked_Questions#Is_there_a_way_to_implement_.22user.2Fgroup_quota.22_per_VServer.3F 1325756455 M * ghislain yes i use vroot devices on a non shared partition 1325756662 M * ghislain i follow this one: 1325756662 M * ghislain http://linux-vserver.org/Standard_non-shared_quota 1325756769 M * renihs hmm and i assume that doesnt work? 1325756790 M * renihs paste/explain what doesnt, most of the knowledgeable people are sleeping now, but they always read back 1325756812 M * renihs i havent ever used quotas inside a guest 1325756884 M * ghislain this worked before debian squeeze 1325756903 M * ghislain the old linux quota tools read mtab but the new versions read /proc/mount 1325756950 M * renihs hmm shouldnt be mtab a link from /proc/mount in first place? 1325757334 M * ghislain no it is an independant file updated by the system but not a direct true representation of what is mounted if you mess with it ^^ 1325759747 J * clopez ~clopez@155.99.117.91.static.mundo-r.com 1325759982 J * gucki ~gucki@AStrasbourg-157-1-37-51.w90-40.abo.wanadoo.fr 1325760016 J * petzsch ~markus@dslb-092-078-233-184.pools.arcor-ip.net 1325760132 Q * gucki Remote host closed the connection 1325761763 Q * ser Ping timeout: 480 seconds 1325761775 J * ser ~ser@host1.tldp.ibiblio.org 1325762333 Q * petzsch Quit: Leaving. 1325762363 J * petzsch ~markus@dslb-092-078-233-184.pools.arcor-ip.net 1325763116 Q * petzsch Quit: Leaving. 1325763315 J * BenG ~bengreen@cpc10-aztw24-2-0-cust114.aztw.cable.virginmedia.com 1325763436 J * ser_ ~ser@host1.tldp.ibiblio.org 1325763458 Q * ser Ping timeout: 480 seconds 1325763512 Q * Aiken Remote host closed the connection 1325765319 Q * Hollow Quit: Hollow 1325765688 Q * ser_ Ping timeout: 480 seconds 1325765990 J * ser ~ser@host1.tldp.ibiblio.org 1325766424 M * ghislain i send the details to the list perhaps someone found a way 1325766427 M * ghislain that i missed 1325767041 Q * BenG Quit: I Leave 1325767184 Q * sannes Ping timeout: 480 seconds 1325767455 J * BenG ~bengreen@cpc10-aztw24-2-0-cust114.aztw.cable.virginmedia.com 1325768285 J * Hollow ~Hollow@p5B2C5555.dip.t-dialin.net 1325768957 N * Bertl_zZ Bertl 1325768967 M * Bertl morning folks! 1325769043 M * Bertl ghislain: yeah, the quota folks 'improved' the tool behaviour ... so now there seems to be no other way than to patch the tools or the kernel 1325769278 J * sannes ~ace@cm-84.209.106.118.getinternet.no 1325769397 Q * BenG Quit: I Leave 1325769729 M * ghislain hi bertl, no way to trick the kenrel with guru device remapping or wierd sorcellery stuff 1325769736 M * ghislain :( 1325769950 M * ghislain hum patching the kernel i can't , patching the tools seems hard for someone like me also 1325770010 M * ghislain is it possible to sponsor this feature, do you think it will be hard ? 1325770035 M * Bertl depends on what needs to be changed, the simplest way for now is to use older quota tools 1325770045 M * ghislain i guess it would mean detect vroot and modify the /proc/mount accordingly ? 1325770068 M * ghislain ok 1325770091 M * Bertl that might be one solution, but I haven't had a deeper look at the quota tools if that would be enough 1325770100 J * petzsch ~markus@dslb-092-078-233-184.pools.arcor-ip.net 1325770127 M * ghislain i think they just changed the /etc/mtab by /proc/mounts but most of the time i am wrong so.. lol 1325770183 M * Bertl well, you probably can try to --bind mount a file over /proc/mounts then with the 'correct' information for a test? 1325770266 Q * Hollow Read error: Connection timed out 1325770331 J * Hollow ~Hollow@p5B2C5555.dip.t-dialin.net 1325770375 M * ghislain yes i will give it a try 1325770471 Q * Hunger Ping timeout: 480 seconds 1325772491 J * Hunger hunger@proactivesec.com 1325773109 M * ghislain hum i fail to rbind, how would you do that ? 1325773173 M * daniel_hozac mount --bind /etc/mtab /proc/mounts 1325773217 M * daniel_hozac although one way to get around it is probably just to mv hdv1 to the name of the real device. 1325773221 M * daniel_hozac (in the guest) 1325773490 M * ghislain moving it works for the quotacheck -fmvug, it fail if i use the directory name but if i use the device name this is working 1325773508 M * daniel_hozac make sure mtab is updated too to reflect the change. 1325773546 M * ghislain yes i have modified it too but still using /var do not work, using /dev/mapper/volume-guest01 works 1325773569 M * ghislain this was the same with the old tools i was unable to use the directory 1325773596 M * ghislain only the device was working, surely the tiool do black magic on the mapping 1325773889 M * ghislain with strace i see it does the right mapping as it do statfs("/var" then stat("/dev/mapper/vserverpool-guest01" 1325773895 M * ghislain but still fail, strange 1325774475 M * daniel_hozac it's probably because the device numbers don't match or something silly like that. 1325774785 J * thierryp ~thierry@home.parmentelat.net 1325775320 M * Bertl yeah, instead of having a proper kernel interface for quota, the tools do magical und sometimes funny low level stuff to work around the kernel and directly hack the filesystem :) 1325775373 M * daniel_hozac yeah... 1325775384 M * daniel_hozac quota is one strange beast. 1325775384 M * Bertl but that hasn't changed since I first worked on quota, and it probably will not change ever .. the quota folks are weird ... 1325776017 M * ghislain i wonder how a so basic function can stay in that state for so long ^^ 1325776111 M * ghislain ok then i guess i have to learn c and kernel and start contributing if i want it to change muhahahaa 1325776144 M * ghislain we sometime forget most of the code is done by volunteer and that the debian license cost/linux one is pretty cheap ;p 1325776205 M * ghislain so i need to put the real name in mtab, name the vroot alias like the real one, remove hide_mounts and all should work again 1325776809 N * ensc Guest22761 1325776819 J * ensc ~irc-ensc@p54ADE87E.dip.t-dialin.net 1325777278 Q * Guest22761 Ping timeout: 480 seconds 1325779397 Q * Hollow Quit: Hollow 1325780390 J * dowdle ~dowdle@scott.coe.montana.edu 1325780846 Q * petzsch Quit: Leaving. 1325780966 J * ghislain1 ~AQUEOS@adsl2.aqueos.com 1325780990 J * BenG ~bengreen@cpc10-aztw24-2-0-cust114.aztw.cable.virginmedia.com 1325781284 Q * ghislain Ping timeout: 480 seconds 1325781483 Q * Marbug Ping timeout: 480 seconds 1325781906 J * mattk ~mattk@gateway.wp.highwinds.com 1325781963 M * mattk I note some recent updates in http://rpm.hozac.com/dhozac - are any of the kernel updates known to work with CentOS 6 / 6.2 ? 1325782079 J * Marbug ~Marbug@83.101.67.3 1325782597 Q * hparker Quit: I've fallen off the 'net and can't get up 1325783107 J * hparker ~hparker@2001:470:1f0f:32c:beae:c5ff:fe01:b647 1325783184 J * bonbons ~bonbons@2001:960:7ab:0:7805:72c5:1b53:ae8f 1325783273 M * daniel_hozac haven't tried CentOS, but they're fine with RHEL. 1325784150 J * petzsch ~markus@dslb-092-078-233-184.pools.arcor-ip.net 1325785715 Q * thierryp Remote host closed the connection 1325785823 Q * mattk Remote host closed the connection 1325786198 J * thierryp ~thierry@home.parmentelat.net 1325786421 Q * thierryp Remote host closed the connection 1325787128 Q * Chlorek Ping timeout: 480 seconds 1325787728 Q * clopez Ping timeout: 480 seconds 1325789180 Q * BenG Quit: I Leave 1325790163 Q * Hunger Ping timeout: 480 seconds 1325790607 Q * petzsch Quit: Leaving. 1325791842 J * Hunger hunger@proactivesec.com 1325793294 J * petzsch ~markus@dslb-092-078-233-184.pools.arcor-ip.net 1325794670 Q * petzsch Quit: Leaving. 1325795494 J * cuba33ci_ ~cuba33ci@114-36-226-184.dynamic.hinet.net 1325795849 Q * cuba33ci Ping timeout: 480 seconds 1325795857 N * cuba33ci_ cuba33ci 1325796150 N * Bertl Bertl_oO 1325796178 J * fisted ~fisted@xdsl-87-78-216-143.netcologne.de 1325796422 Q * fisted_ Read error: Operation timed out 1325797056 J * Hollow ~Hollow@91-66-255-107-dynip.superkabel.de 1325797104 J * Aiken ~Aiken@2001:44b8:2168:1000:21f:d0ff:fed6:d63f 1325797732 J * petzsch ~markus@dslb-092-078-233-184.pools.arcor-ip.net 1325800369 Q * Hollow Quit: Hollow 1325801365 Q * bonbons Quit: Leaving 1325802474 Q * petzsch Quit: Leaving. 1325803225 J * thierryp ~thierry@home.parmentelat.net 1325804250 Q * thierryp Remote host closed the connection 1325804318 Q * Marbug Ping timeout: 480 seconds 1325804686 Q * sannes Remote host closed the connection 1325804873 J * clopez ~clopez@238.10.117.91.dynamic.mundo-r.com 1325805082 Q * Pogs241 Quit: Pogs241 1325805263 J * Pogs241 ~user@cpe-71-72-126-188.insight.res.rr.com