1332634274 M * Bertl_oO off to bed now ... have a good one everyone!
1332634287 N * Bertl_oO Bertl_zZ
1332640817 J * clopez ~clopez@82.25.60.213.dynamic.mundo-r.com
1332641454 Q * clopez Ping timeout: 480 seconds
1332654707 J * ghislain ~AQUEOS@adsl2.aqueos.com
1332665119 J * bonbons ~bonbons@2001:960:7ab:0:e423:a180:4248:9de2
1332667327 N * Bertl_zZ Bertl
1332667332 M * Bertl morning folks!
1332675494 M * morfoh moin
1332683190 Q * brambles Remote host closed the connection
1332684615 Q * bonbons Ping timeout: 480 seconds
1332686857 J * bonbons ~bonbons@2001:960:7ab:0:e423:a180:4248:9de2
1332693273 Q * Chlorek Ping timeout: 480 seconds
1332693490 J * Chlorek chlorek@chlorek.com
1332693777 J * petzsch ~markus@dslb-092-078-226-192.pools.arcor-ip.net
1332695815 Q * ensc|w Remote host closed the connection
1332695824 J * ensc|w ~ensc@www.sigma-chemnitz.de
1332704248 J * hijacker_ ~hijacker@cable-84-43-134-121.mnet.bg
1332704624 J * Strav ~user@dsl-66-36-139-32.mtl.aei.ca
1332704630 Q * click Ping timeout: 480 seconds
1332704711 M * Strav Hi. I'm trying to launch a vserver guest on a patched 2.6.36.2 kernel (grsec+vserver) in virtual box and I'm getting the following error: vcontext: pivot_root(): Invalid argument. Any thoughts on what could be wrong? Note that there is no rule in my grsec (/etc/sysctl.conf) to stop the pivot_root call. 
1332705089 J * click click@ice.vcon.no
1332705549 Q * hijacker_ Quit: Leaving
1332705661 M * Bertl probably a grsec misconfiguration
1332706171 M * Strav Bertl: I don't have the kernel.grsecurity.chroot_deny_pivot key in my sysctl.conf is there any way I can ensure that grsec is not interferring?
1332706244 M * Bertl no idea, I'm not using grsec and there haven't been patches for some time ... but there is nothing in Linux-VServer blocking pivot_root() and I remember that it was a known grsec issue
1332706322 M * Strav Bertl: most google results about it do mention a possible issue with grsec, but some have mentionned that it could be due to the version of util-vserver.
1332706352 M * Bertl well, I hope you are using a recent version, best the latest pre release
1332706408 M * Bertl off for now ... bbl
1332706409 M * Strav Bertl: yep I needed to (had another error while trying to launch the guest that was fixed by upgrading the tools). Bertl: btw, do you happend to know if seperately applying the grsec patches and the vserver ones is a problem of any kind?
1332706417 M * Strav thanks, cya
1332706442 M * Bertl AFAIK, there are several clashes between grsec and Linux-VServer which need to be resolved
1332706446 M * Bertl cya later
1332706450 N * Bertl Bertl_oO
1332706777 J * micah_ ~micah@micah.riseup.net
1332706780 Q * micah_ 
1332707342 Q * petzsch Read error: Connection reset by peer
1332708144 Q * bergerx Quit: Leaving
1332708569 Q * ghislain Quit: Leaving.
1332709157 J * Aiken ~Aiken@2001:44b8:2168:1000:21f:d0ff:fed6:d63f
1332709463 Q * bonbons Quit: Leaving
1332712925 J * clopez ~clopez@82.25.60.213.dynamic.mundo-r.com
1332715914 M * Strav Hi. I'm trying to launch a vserver guest on a patched 2.6.36.2 kernel (grsec+vserver) in virtual box and I'm getting the following error: vcontext: pivot_root(): Invalid argument. Any thoughts on what could be wrong? Note that there is no rule in my grsec (/etc/sysctl.conf) to stop the pivot_root call. 
1332715944 N * Bertl_oO Bertl
1332715950 M * Bertl back now ... good timing!
1332715956 M * Strav hehe :)
1332715964 M * Bertl did you try without the grsec part?
1332715985 M * Bertl should be easy to verify that it actually is grsec related
1332715989 M * Strav you mean by loading a kernel without gsec?
1332716010 M * Bertl yes, just build the same kernel with the same config (and Linux-VServer patch) but without grsec
1332716074 M * Strav well, grsec is a prerequisite but I guess it wouldn't hurt to know where the problem is. Yep I'll give it a try.
1332716281 M * Strav Actually, I'm wondering if vserver really is a good idea. It feels like a maintenance nightmare to keep up-to-date with kernel security updates while applying the grsec+vserver patch, especially given the fact that there's a small subset of kernel versions that works well with both patches. Perhaps using xen + grsec might be a better solution.
1332716342 M * Bertl if grsec and easy maintainance without much work is your primary objecive, then probably
1332716382 M * Bertl alternatively you can hire somebody to keep the integration up-to-date
1332716429 M * Strav My objective is to build as best as I can, a secure and highly available cluster - for a client that's not ready to pay much for it.
1332716489 M * Bertl well, security in Linux-VServer without grsec is sufficient for hostile environments (like mass hosting and similar)
1332716504 M * Bertl you can also easily integrate most pax features with Linux-VServer 
1332716556 M * Bertl the clashing parts in Linux-VServer + grsec usually originate from duplicated security features and/or unawareness of context isolation in the grsec patch
1332716586 M * Strav interesting, I didn't tried to apply the pax patches along with v-server.
1332716628 M * Bertl Linux-VServer is lightweight and rather unintrusive in most aspects
1332716638 M * Bertl we keep it simple and performant
1332716658 M * Strav yep, this is why it was my first choice for "virtualisation" (I'm mainly interested in file system isolation).
1332716846 M * Strav Sorry for my ignorance but besides PAX and the RBAC, is there anything else to grsecurity? (if not, perhaps only applying the pax patches and using SELinux as my rbac will be sufficient)
1332716890 M * Bertl I'm not the expert on grsec, as I said, I don't use it because I never felt an actual need for it
1332716915 M * Bertl you might chat with harry (check the email archives) or somebody actually using it
1332716928 M * Bertl s/migh/might want to/
1332716955 M * Strav Ok. Anyhow, I'll dig a little further into grsecs documentation when I'll have some time.
1332717079 M * Strav I'll be going, lotta homework to catch on. A big thanks for your time!
1332717112 M * Bertl you're welcome!
1332717122 M * Strav cya!
1332717126 P * Strav ERC Version 5.3 (IRC client for Emacs)
1332718583 Q * disposable Remote host closed the connection