1326153607 M * Guy- vmount stop32 -- -o bind,nosuid,nodev,noatime -n /srv/www /var/www 1326153607 M * Guy- secure-mount: mount(): No such file or directory 1326153670 M * Guy- [pid 23596] mount("/srv/www", ".", 0x40335e, MS_NOSUID|MS_NODEV|MS_NOATIME|MS_BIND, 0x7fb8a3cd8050) = -1 ENOENT (No such file or directory) 1326153709 M * Guy- of course, /srv/www doesn't exist in the guest's mount namespace, but it does on the host (and it did when the guest was started) 1326153809 M * Guy- that /srv/www doesn't exist is not entirely surprising, because secure-mount chroots and fchdir()s into the target directory before attempting the mount 1326153816 Q * ghislain Quit: Leaving. 1326153818 M * Guy- so how can this work at all? 1326153862 M * Guy- no, wait, it does two chroots, and the second chroot is back in the original root 1326154108 M * Guy- if I enter the mount (but not the fs) namespace of the guest, I can see the contents of /srv; if I also enter the fs namespace, I can't 1326154135 M * Guy- without entering the fs namespace, the mount fails with: 1326154136 M * Guy- mount("/srv/www", ".", 0x40335e, MS_NOSUID|MS_NODEV|MS_NOATIME|MS_BIND, 0x7fc780514050) = -1 EINVAL (Invalid argument) 1326154194 M * Guy- so really, how is this supposed to work then? I know the contents of /srv was mounted before the guest started because it got bind mounted inside the guest when the guest started, only in the wrong place (which I had hoped to remedy without restarting the guest) 1326154652 M * Guy- oh well, I restarted the vserver 1326154878 M * Bertl you are aware that there are two namespaces, yes? 1326154995 M * Guy- Bertl: per vserver guest? 1326155005 M * Bertl yup 1326155023 M * Guy- now that you mention it, a bell is dimly ringing, but that's all 1326155045 M * Guy- how should I have gone about this bind mount? 1326155047 M * Bertl one which is used for maintainance (still 'outside' the guest root) 1326155076 M * Bertl and another one which is actually used by the guest processes 1326155146 M * Guy- I don't understand a) why there have to be these two; b) how vmount --bind is supposed to work :) 1326155162 M * Guy- but if you explain and I understand, I'll try to document it in the wiki so others can understand as well 1326155177 M * Bertl well, if there was only one, it would need to be the one the guest processes use, right? 1326155185 M * Guy- yes 1326155202 M * Bertl and as we know, the guest processes do not have any access to the 'outside' 1326155215 M * Bertl (well that's the purpose after all) 1326155227 M * Guy- yes 1326155258 M * Bertl so it would be tricky to do any maintainance on the guest, for example installing a package 1326155281 M * Bertl (external maintainance that is) 1326155301 M * Guy- I've never tried external maintenance, so that's not helping the explanation I'm afraid 1326155303 M * Bertl also, it would be impossible to mount anything into the guest 1326155339 M * Bertl simply because _nothing_ except the guest mounts would exist 1326155398 M * Guy- well, this sort of makes sense, but please let me explain how I was looking at it; maybe you can help me spot the flaw 1326155416 M * Bertl thus there are two namespaces, one which contains a cleaned up host view, and one that contains the guest's view 1326155428 M * Guy- I thought the host had a mount namespace, which got copied into the guest's when the guest got started 1326155450 M * Bertl and there is the part most folks miss the tiny detail of 'cleaned up' 1326155464 M * Guy- not everything that was mounted on the host was mounted under the root of the guest, so the guest wouldn't see everything 1326155484 M * Bertl i.e. everything not related to the guest (and not explicitely mentioned in the guest config) will be removed from the first namespace on startup 1326155499 M * Guy- yes, I was missing this bit 1326155518 M * Guy- however, the directory I was trying to bind mount now was in fact mentioned in the guest config 1326155521 M * Bertl this is mostly because otherwise you get a bunch of expected but nasty side effects 1326155540 M * Bertl like for example, you have a cd-rom mounted and start a guest 1326155551 M * Guy- and then can't umount and remove the cd, I get it 1326155559 M * Bertl precisely 1326155589 M * Guy- I thought this was what would happen, so I was always careful not to have anything mounted I may want to umount later when starting guests 1326155590 M * Bertl but that's not a big problem, because you can always mount stuff in either of the guest namespaces 1326155620 M * Bertl so, for example, let's assume you mount /media/cdrom on the host 1326155639 M * Bertl now you start a guest, and want the guest to 'share' the data on the cdrom 1326155673 M * Bertl naturally /media/cdrom was not excepted from the cleanup, so the first (outer) namespace doesn't contain that mount 1326155696 M * Bertl the second, inner namespace of course, doesn't have it either, as it usually is a subset of the outer one 1326155705 M * Guy- so I'd mount --make-shared first? 1326155736 M * Bertl now, if you enter the inner namespace, you could mount the cdrom (e.g. dev/cdrom) to the guest's /media/cdrom 1326155765 M * Bertl but for that, you would need the /dev/cdrom device to be present 1326155784 M * Bertl (which, for security reasons, is not part of the inner namespace) 1326155788 M * Guy- right 1326155820 M * Bertl instead, you enter the outer namespace, where you have all the host devices available, and simply mount the device there 1326155854 M * Guy- this would be what vmount does, wouldn't it? 1326155856 M * Bertl this can be a one step operation when you directly mount into the shared guest tree (it is mounted rbind) 1326155881 M * Guy- what's the shared guest tree? the vserver root? 1326155906 M * Bertl or a two step operation where you mount it in the outer space (to some out of guest location), prepare some settings and then either bind mount or move mount it into the guest space 1326155926 M * Bertl the vserver root inside the outer namespace, yes :) 1326155973 M * Guy- so, in my specific case, what should I have done? 1326155997 M * Guy- I wanted to mount the host's /srv/www under /var/www in the guest, whose /var was also bind mounted (from /shared/var/guestname) 1326156020 M * Bertl I presume the /srv is a mount on the host? 1326156045 M * Guy- yes, and /srv/www also 1326156062 M * Guy- but there is no corresponding device (it's zfs) 1326156067 M * Bertl so, basically you would enter the outer namespace 1326156080 M * Bertl then do the zfs mount for /srv/www 1326156106 M * Bertl and after that, bind mount it into the guest's subtree 1326156119 M * Guy- I thought that was what I was trying to do 1326156126 M * Bertl (or alternatively directly mount it into the place) 1326156178 M * Guy- but vmount couldn't find /srv/www. I tried vspace --mount --enter 78 -- ls -la /srv as well as vspace --mount --fs --enter 78 -- ls -la /srv 1326156191 M * Guy- in the first case, the contents of /srv was visible; in the second case, it was empty 1326156240 M * Bertl simply do vnamespace -i 0 -e -- /bin/bash 1326156254 M * Bertl (which enters the outer namespace) 1326156275 M * Bertl then do whatever is necessary to get the zfs mount done 1326156292 M * Guy- that was already done on the host, before the guest started 1326156300 M * Guy- so nothing should be necessary here 1326156315 M * Bertl but undone on guest startup (cleanup? remember?) 1326156331 M * Guy- no, because this fs was in the guest fstab 1326156348 M * Guy- (there were two, which were mounted on top of each other, but in the wrong order - I was trying to fix this) 1326156369 M * Bertl /srv is outside the guest, so definitely not able to put it into the guest's fstab 1326156371 M * Guy- I had /srv/gallery mounted on /var/www/gallery, and then /srv/www mounted on /var/www 1326156396 M * Guy- I mean /etc/vservers/guest/fstab 1326156415 M * Bertl so what do you have there? 1326156441 M * Guy- /srv/www /var/www none bind,nosuid,nodev,noatime 0 0 1326156444 M * Guy- /srv/gallery /var/www/gallery none bind,nodev,nosuid,noexec,noatime 0 0 1326156451 M * Guy- these two lines (originally in reverse order) 1326156468 M * Bertl so nothing about /srv, no? 1326156474 M * Guy- ah, /srv itself, right 1326156491 M * Guy- I didn't realise you could remove that and leave stuff that's mounted under it intact 1326156523 M * Bertl well, it gets bind mounted somewhere else, you can remove the original at some point 1326156541 M * Guy- but this presents a problem then - I don't see how I could get /srv mounted inside the management namespace of the guest 1326156559 M * Bertl the same way you got it mounted on the host 1326156567 M * Guy- I'll try, but I don't think it'll work 1326156568 M * Guy- let's see 1326156598 M * Guy- zfs mount tank/srv 1326156598 M * Guy- cannot mount 'tank/srv': filesystem already mounted 1326156620 M * Guy- # mountpoint /srv 1326156623 M * Guy- /srv is not a mountpoint 1326156707 M * Bertl and what does /proc/mounts say? 1326156735 M * Bertl (please use paste.linux-vserver.org for everything longer than 3 lines) 1326156753 M * Guy- there is no need to paste it, I think - it lists several subdirectories of /srv, but not /srv itself 1326156773 M * Guy- the subdirectories it does list are ones that got mounted inside the guest on its startup 1326156788 M * Bertl then the zfs mount tool is simply wrong 1326156809 M * Guy- it likely doesn't support namespaces 1326156815 M * Bertl could be 1326156836 M * Guy- OK, I'll report this as a missing feature then 1326156850 M * Guy- so what does the -i switch of vnamespace do? the help is not very forthcoming 1326156862 M * Guy- I get -i 0; -i 1 would be the namespace the guest processes use? 1326156872 M * Bertl it's the index of the namespace set (o = outer, 1 = inner) 1326156883 M * Guy- OK 1326156903 M * Guy- I'll try to find a place for this in the vserver faq and explain as best I can 1326156909 M * Guy- thank you 1326156910 M * Bertl excellent! 1326156914 M * Bertl you're welcome! 1326156915 J * fisted_ ~fisted@xdsl-87-78-218-20.netcologne.de 1326157199 Q * fisted Ping timeout: 480 seconds 1326157415 Q * dowdle 1326157415 M * Guy- ah, the faq was actually wrong 1326157418 M * Guy- it says: 1326157419 M * Guy- Note that this not work for adding a bindmount (-o bind) of a directory outside of a vserver into the vserver. For this, there is no alternative but restarting the vserver. 1326157474 M * Bertl probably just outdated 1326157543 M * Bertl or maybe a misconception caused by the effects of the guest space cleanup 1326158038 M * Bertl what also might be worth mentioning is that 'mount' usually modifies and shows /etc/mtab 1326158054 M * Bertl so you end up with strange information sometimes :) 1326159129 M * Guy- Bertl: http://linux-vserver.org/index.php?title=Frequently_Asked_Questions&diff=5185&oldid=5165 - does this look good? 1326159487 Q * fisted_ Quit: brb 1326159500 J * fisted ~fisted@xdsl-87-78-218-20.netcologne.de 1326159666 M * Guy- meanwhile, I'm turning in 1326161475 M * Bertl have a good one, I'm almost off to bed as well, looks good, maybe could become a separate page though ... 1326161523 M * Bertl (the faq might simply link there from several? questions) 1326161812 M * Bertl off to bed now .. have a good one everyone! 1326161820 N * Bertl Bertl_zZ 1326172290 J * ghislain ~AQUEOS@adsl2.aqueos.com 1326173063 J * nicholi ~nicholi@rrcs-76-79-196-34.west.biz.rr.com 1326174026 J * sannes ~ace@cm-84.209.106.118.getinternet.no 1326182668 J * Marbug ~Marbug@83.101.67.3 1326185592 N * Bertl_zZ Bertl 1326185598 M * Bertl morning folks! 1326185769 Q * ensc|w Remote host closed the connection 1326185777 J * ensc|w ~ensc@www.sigma-chemnitz.de 1326187762 J * kir ~kir@swsoft-msk-nat.sw.ru 1326188116 J * gucki ~gucki@80-218-125-247.dclient.hispeed.ch 1326188183 P * kir PING 1326188183 1326188766 J * nou Chaton@causse.larzac.fr.eu.org 1326189312 Q * Mr_Smoke Read error: Connection reset by peer 1326189324 J * Mr_Smoke ~smokey@layla.lecoyote.org 1326189783 J * ghislain1 ~AQUEOS@adsl2.aqueos.com 1326190052 Q * ghislain Ping timeout: 480 seconds 1326191916 Q * zbyniu Read error: Connection reset by peer 1326192178 J * zbyniu ~zbyniu@ip-62.181.188.13.static.crowley.pl 1326194887 J * sid4windr luser@bastard-operator.from-hell.be 1326194910 Q * sid3windr Read error: Connection reset by peer 1326196560 Q * Aiken Remote host closed the connection 1326198218 Q * macmaN Ping timeout: 480 seconds 1326198647 N * sid4windr sid3windr 1326198886 J * macmaN ~chezburge@138.167.190.90.dyn.estpak.ee 1326199395 J * petzsch ~markus@dslb-092-078-239-059.pools.arcor-ip.net 1326200669 M * ser morning, Bertl ;) 1326200716 M * ser is it really possible nobody made vserver kernel for ubuntu? 1326200803 M * Bertl usually the debian kernels work for ubuntu as well, so quite possible 1326200851 A * pmjdebruijn would try that 1326200853 M * pmjdebruijn wouldn't* 1326200884 M * pmjdebruijn especially since rolling your own isn't that hard 1326201028 M * macmaN sup all 1326201095 M * macmaN i just got hit with kernel BUG. Process had java in it, this is the first i've seen related to java. i have minecraft server running inside vserver, is this capable of crashing the host like this. 1326201112 M * macmaN Jan 10 12:02:20 server kernel: [1246413.768106] BUG: unable to handle kernel paging request at ffffffff 1326201127 M * macmaN Jan 10 12:02:20 server kernel: [1246413.768155] Pid: 27544, comm: java Tainted: P 3.0.7-vs2.3.1+pf #3 Gigabyte Technology Co., Ltd. P55M-UD2/P55M-UD2 1326201137 M * ser macmaN: congrats! ;-) 1326201138 M * Bertl this comes with a longer trace, please upload somewhere 1326201160 M * macmaN after this its a pretty massive BUG list by various processes 1326201172 M * macmaN just a sec 1326201186 M * Bertl make sure to upload everything from the beginning 1326201201 M * macmaN yep 1326201306 J * BenG ~bengreen@cpc10-aztw24-2-0-cust114.aztw.cable.virginmedia.com 1326201517 M * macmaN try this 1326201520 M * macmaN https://apps.dataring.ee/messages-2012-01-10 1326201543 M * macmaN http works too, if youre scared of the selfsigned cert 1326201552 M * macmaN but dont be :> 1326201573 M * macmaN trouble started right around noon, 12:02 the BUG hit 1326201674 Q * fisted Read error: Operation timed out 1326201736 M * Bertl what proprietary modules have you loaded? 1326201746 J * fisted ~fisted@xdsl-87-78-216-107.netcologne.de 1326201919 M * pmjdebruijn +pf? 1326202993 M * daniel_hozac nvidia from the looks of it... 1326203071 M * daniel_hozac the log looks incomplete though 1326203072 Q * BenG Quit: I Leave 1326204773 M * macmaN nvidia is the only one i believe 1326204787 M * macmaN +pf means pf-sources 1326204803 M * Bertl and what does that mean? 1326204806 M * macmaN http://pf.natalenko.name/ 1326204842 M * macmaN vserver patch applies cleanly aside from having to move a few #defines, so these dont seem to touch each other 1326204865 M * macmaN move = change their order, not move to another file or some other hack 1326204865 M * Bertl well, I presume the scheduler changes are to blame then 1326204895 M * macmaN im using elevator=cfq 1326204962 M * Bertl -ck patchset is more relevant, anyway, most likely not Linux-VServer related 1326205006 M * macmaN yeah. it isnt even sure that this java process came from inside vserver. i am not sure how the pid's work 1326205033 M * macmaN if it says pid 27544, is that pid on the host system 1326205047 M * macmaN i am doing hourly "ps aux" outputs now to a file 1326205066 M * Bertl the pids are global 1326205258 M * macmaN how do i view all processes from the host, incl vserver ones 1326205267 M * Bertl vps 1326205447 M * macmaN uhhuh cool 1326205706 M * macmaN i wonder if its possible to change the magic sysrq combo 1326205719 M * macmaN i only have a wireless keyboard that doesnt have the sysrq button at all 1326205760 M * macmaN ah You could also change the SysRq itself in /proc/sys/kernel/sysrq-key (it's normally 84 - Alt-SysRq for Intel). 1326205899 M * macmaN ah nowadays its On all - write a character to /proc/sysrq-trigger. e.g.: 1326206088 M * macmaN yey the print scr key works after all 1326206123 M * Bertl off for a nap .. bbl 1326206129 N * Bertl Bertl_zZ 1326208854 N * ensc Guest23584 1326208864 J * ensc ~irc-ensc@p54ADDCAC.dip.t-dialin.net 1326209273 Q * Guest23584 Ping timeout: 480 seconds 1326210053 J * dowdle ~dowdle@scott.coe.montana.edu 1326211441 N * Bertl_zZ Bertl 1326211447 M * Bertl back now ... 1326215286 J * bonbons ~bonbons@2001:960:7ab:0:e86d:5a0c:b972:e771 1326224168 M * gucki anyone here using openvz and expiring "Cannot allocate memory" when doing "cat /proc/self/mountinfo" inside a vm? 1326224843 M * Bertl gucki: wron channel, this is Linux-VServer not OVZ (check the openvz channel on freenode) 1326224847 M * Bertl *wrong even 1326224866 M * gucki Bertl: yeah sorry, wrong paste ;-) 1326226832 J * dna ~dna@232-163-103-86.dynamic.dsl.tng.de 1326228263 Q * arekm Quit: leaving 1326228313 Q * gucki Remote host closed the connection 1326228437 J * arekm ~arekm@ixion.pld-linux.org 1326229332 J * bergerx ~bergerx@178.233.1.186 1326230402 M * puck Hey, on Debian Squeeze with 3.2.0-vs2.3.2.5 and util-vserver 0.30.216-pre3000-1 when I try and run vserver-stat I get told it can't access /proc/uptime. The Proc-Security wiki page appears to refer to going from kernel 2.4 -> 2.6. Any suggestions on what is going on? 1326230434 M * puck I've upgraded from a 2.6.36.2-vs2.3.0.36.38 kernel 1326230492 M * Bertl did you run the vprocunhide runlevel script? 1326230515 M * Bertl (if not, look for vprocunhide and rerun that) 1326230544 M * puck ah ha, yes. 1326230553 M * puck Is that no longer run on start up by util-vserver? 1326230618 M * Bertl no idea what you did to get the tools installed, but the default install/install-distribution should do that 1326230683 M * puck This is the one from http://repo.psand.net/ - it also doesn't seem to start the vservers anymore. Which seems a bit ... odd. 1326230726 M * Bertl sure that you haven't just disabled the runlevel service (by accident oder so)? 1326230747 M * puck Nope, running /etc/init.d/util-vserver start doesn't start them, and looking in the script I see no logic to do so. 1326230772 M * Bertl there are three runlevel scripts 1326230818 M * Bertl vprocunhide, vservers-default and util-vserver 1326230834 M * Bertl vprocunhide is the one preparing proc for you 1326230838 M * puck Right, I see those in the package, but they're not in /etc/init.d 1326230843 M * puck I'm reinstalling the package now. 1326230859 M * Bertl while vservers-default will start your guests marked as 'default' 1326230865 M * puck :) 1326230881 M * puck Let me hit it with a bigger hammer. 1326230909 M * puck You can see now why I was rather confused. :) 1326230985 M * Bertl yeah, hit it :) 1326231010 M * puck Heh dependency issues on removing the packages, so now I can't remove the util-vserver-sysv package because the others are already removed. :( 1326231021 A * puck hacks code 1326231047 M * Bertl sounds like a dpkg/apt feature :) 1326231060 M * puck Sounds like the dependencies not being set right. ;) 1326231149 M * puck Ah, it tries to run the vprocunhide init script on removal, but the script doesn't exist so the removal process bombs out. 1326231594 M * puck For some bizarre reason the .deb wasn't installing the init.d files. I've extracted the archive and copied them in by hand, now it works. 1326231598 M * puck Bertl: thank you! 1326231785 M * Bertl you're welcome! 1326231798 Q * sannes Remote host closed the connection 1326231804 Q * imcsk8 Remote host closed the connection 1326231899 Q * dna Quit: Verlassend 1326232210 Q * bonbons Quit: Leaving 1326234503 J * Aiken ~Aiken@2001:44b8:2168:1000:21f:d0ff:fed6:d63f 1326236224 Q * Marbug Ping timeout: 480 seconds 1326236609 M * Bertl off to bed now ... have a good one everyone! 1326236625 N * Bertl Bertl_zZ 1326236893 Q * daniel_hozac Ping timeout: 480 seconds 1326238244 M * Guy- Bertl_zZ: the issue with zfsonlinux goes deeper... the namespace cleanup apparently causes zfs datasets to be unmounted globally (including on the host) 1326238593 Q * ghislain1 Quit: Leaving. 1326239035 M * Guy- as a temporary workaround, would it be possible to disable the cleanup for filesystems of a certain type (e.g. zfs)? 1326239706 Q * petzsch Quit: Leaving.