1341274985 P * chas 
1341280450 J * chas ~charlie10@82-69-206-182.dsl.in-addr.zen.co.uk
1341280814 M * chas Hi all, a while ago I was asking:  how to compile a 64bit kernel with vserver patch on a debian mixed architecture.
1341280823 M * Bertl yup
1341280824 M * chas Ben kindly helped me out.
1341280842 M * chas My question now is: Once I create the chroot environment and build the kernel how do I install it?
1341280859 M * chas I thinking here that I would have two boot directories one in the host env and one in the chroot env.
1341280868 M * chas Do I have to mount the host /boot inside the chroot env?
1341280882 M * Bertl do 'make help', look for a debian related package :)
1341280974 M * chas Sorry is simple but I don't understand what's being said here?
1341280993 M * chas I keep missing words out.
1341281019 M * chas The command is simple enough but I don't understand what is intended?
1341281079 M * Bertl okay, enter the kernel build tree, do: 'make help | grep deb'
1341281275 M * chas Ok I see, but which env do I run the installation in?  I'm assuming I run it in my chroot env as the host/mixed gives me errors.
1341281294 M * Bertl you run the make in the chroot, you get a package
1341281308 M * Bertl you should be able to install that on the host
1341281328 M * Bertl if not, you can still do a make modules_install and make install
1341281344 M * Bertl and simply copy over the /lib*/modules/* and /boot/vm*
1341281375 M * chas OK that sounds like a good work around.
1341281401 M * Bertl but double check first with the package, it should do the trick
1341281446 M * chas I'm asking because I managed to download this package: linux-image-2.6.32-5-vserver-amd64_2.6.32-45_amd64.deb  and I get error trying it in my host env.
1341281495 M * chas It's late here not but I will try the chroot in the morning. Thank again for your help.
1341281513 M * Bertl np, have fun (or a good sleep :)
1341281534 P * chas 
1341285726 Q * clopez Ping timeout: 480 seconds
1341291404 J * ghislain ~AQUEOS@adsl2.aqueos.com
1341293689 M * uranus Bertl, is there any chance to debug such dmesg outputs? http://paste.linux-vserver.org/22861
1341294046 M * Bertl well, yes, to some degree
1341294059 M * Bertl what kernel/patch is that?
1341294084 M * uranus 3.2.21 with 2.3.2.10
1341294207 M * Bertl well, the first step is to find all occurances of this byte sequence in the kernel code
1341294246 M * uranus simple grep`
1341294247 M * uranus ?
1341294248 M * Bertl once that has been found, you can map the place(s) to functions and specific object files (given that you have the kernel build tree or can recreate it)
1341294264 M * uranus build tree is there
1341294291 M * Bertl grep will fail at the non ascii/special bytes
1341294302 M * Bertl i.e. you want a 'binary grep' for that
1341294310 M * uranus thx
1341294332 M * Bertl assuming that there are not that many occurances, you might simply use hexedit to search for the sequence
1341294370 M * uranus i hoped to find in 3.2 a more stable version than 3.3, because in 3.3 we have after a few days secure-mount processes in state d and also kswapd in state d
1341294398 M * Bertl did you try with 3.4 yet?
1341294412 M * uranus no that's the next step for this day
1341294464 M * Bertl btw, interesting regarding secure mount, that sounds like you are doing many stop/start cycles in your setup?
1341294472 M * uranus yes
1341294501 M * Bertl so it might be easily triggerable with a start/stop or even restart loop?
1341294512 M * uranus maybe some off the restarts are under heavy I/O, but disabling blkio did not solve that issue
1341294518 M * uranus maybe
1341294528 M * uranus good point
1341294534 M * Bertl for example, have a bunch of guests (like 5-10)
1341294545 M * Bertl and restart them in parallel in a loop
1341294553 M * Bertl (i.e. one loop for each of them)
1341294574 M * uranus just a moment, will setup the loop
1341294594 M * Bertl if that doesn't shake out something (if there is anything related to this setup) ...
1341294702 M * Bertl btw, there seems to be a dnotify/inotify related issue on kernels up to 3.4 which causes strange and unexpected delays 
1341294720 M * uranus 3.4 is affected also?
1341294733 M * Bertl it was fixed in 3.4 IIRC
1341294747 M * uranus Bertl, http://paste.linux-vserver.org/22862 should do the trick or?
1341294762 M * uranus oh well, that sounds nice :), have to test 3.4 after the loop
1341294781 M * Bertl do you usually issue restarts?
1341294799 M * uranus hmm no
1341294802 M * uranus stop and start
1341294805 M * Bertl if yes, then the loop should be fine, can be written tighter like this though:
1341294818 M * Bertl while true; do vserver <name> restart; done
1341294831 M * Bertl if you use stop and start, then I'd use that as well
1341294869 M * Bertl something like: while true; do vserver <name> start; sleep 1; vserver <name> stop; sleep 1; done
1341294879 M * uranus set -e should brake my loop right?
1341295004 M * Bertl IMHO it has no effect in your script
1341295011 M * uranus the import thing at this state is to get a secure-mount in state d to check reproduceability right?
1341295047 M * Bertl yes, although a kernel oops/trace could be nice too :)
1341295094 M * uranus i did not get any of them
1341295211 J * ncopa ~ncopa@3.203.202.84.customer.cdi.no
1341295715 J * FireEgl ~FireEgl@173-16-9-169.client.mchsi.com
1341296471 M * uranus Bertl 5 restarts running now in parallel more will follow, till now no secure-mount in state D
1341296994 Q * ncopa Quit: Leaving
1341297279 J * ncopa ~ncopa@3.203.202.84.customer.cdi.no
1341300484 Q * FireEgl Quit: Leaving...
1341302843 Q * uranus Quit: Verlassend
1341302856 J * uranus ~uranus@62.152.161.117
1341304535 J * FireEgl FireEgl@2001:470:e5ad:1:39bc:7c86:c6bf:ea69
1341304849 J * plastics ~plastics@c-69-138-42-222.hsd1.tn.comcast.net
1341305195 J * petzsch ~markus@dslb-092-078-112-205.pools.arcor-ip.net
1341305336 Q * plastics Ping timeout: 480 seconds
1341307364 Q * brambles Quit: leaving
1341307401 J * brambles brambles@79.133.200.49
1341307465 J * fisted_ ~fisted@xdsl-84-44-145-48.netcologne.de
1341307754 Q * fisted Ping timeout: 480 seconds
1341309116 Q * petzsch Quit: Leaving.
1341310274 J * clopez ~clopez@fanzine.igalia.com
1341312700 J * petzsch ~markus@dslb-092-078-112-205.pools.arcor-ip.net
1341312910 J * BenG ~bengreen@cpc2-oxfd11-0-0-cust221.4-3.cable.virginmedia.com
1341314348 M * Bertl off to bed now ... have a good one everyone!
1341314352 N * Bertl Bertl_zZ
1341314978 Q * petzsch Read error: Connection reset by peer
1341317936 J * plastics ~plastics@c-69-138-42-222.hsd1.tn.comcast.net
1341318865 Q * Aiken Remote host closed the connection
1341322831 Q * plastics Ping timeout: 480 seconds
1341323094 J * DreamerC ~DreamerC@122-116-181-118.HINET-IP.hinet.net
1341324807 J * plastics ~plastics@c-69-138-42-222.hsd1.tn.comcast.net
1341326325 Q * BenG Quit: I Leave
1341327446 M * ghislain if i want to check a guest with a host binary ( to prevent rootkit modified one) how can i do this ? if i use vnamespace -e xx /bin/ps  it will use the host binary in the guest context, will this work ?
1341327482 N * ensc Guest2020
1341327492 J * ensc ~irc-ensc@p54ADFBB0.dip.t-dialin.net
1341327877 Q * Guest2020 Ping timeout: 480 seconds
1341331335 J * BenG ~bengreen@cpc10-aztw24-2-0-cust114.aztw.cable.virginmedia.com
1341331376 Q * hparker Ping timeout: 480 seconds
1341331828 J * bonbons ~bonbons@2001:960:7ab:0:89a3:30ab:7575:7b8c
1341332808 N * Bertl_zZ Bertl
1341332813 M * Bertl morning folks!
1341332951 M * uranus moin Bertl my restart loop did not provide any secure-mount in State D after 10 hour
1341333131 Q * plastics Ping timeout: 480 seconds
1341333607 M * Bertl okay, so it is unlikely that it is start/stop related
1341333626 J * bergerx ~bergerx@2-228-78-73.ip190.fastwebnet.it
1341333648 M * Bertl i.e. I suspect it might be either coincidence or requires some other yet unknown ingredient
1341334867 Q * ensc|w Remote host closed the connection
1341334876 J * ensc|w ~ensc@www.sigma-chemnitz.de
1341337221 Q * fisted_ Ping timeout: 480 seconds
1341339240 J * fisted ~fisted@xdsl-84-44-145-48.netcologne.de
1341339327 Q * BenG Quit: I Leave
1341339898 Q * bergerx Ping timeout: 480 seconds
1341342493 J * bergerx ~bergerx@2-228-78-73.ip190.fastwebnet.it
1341342802 J * plastics ~plastics@c-69-138-42-222.hsd1.tn.comcast.net
1341346348 J * patulo c8447022@ircip2.mibbit.com
1341346411 M * patulo Hi, I need to know if it's possible to run virtualbox inside a vserver guest with this kernel 2.6.32-5-vserver-amd64
1341346414 M * patulo any ideas ?
1341346419 M * patulo thanks !
1341346483 M * Bertl no idea, probably virtualbox will make use of the kvm kernel interface or similar
1341346501 M * patulo it asks for dkms
1341346503 M * Bertl in which case you might need some extra capabilities to get it work
1341346523 M * Bertl s/it work/it to work/
1341346526 M * patulo could u tell me wich capabilities should I ?
1341346537 M * patulo which
1341346538 M * patulo :P
1341346542 M * Bertl depends on where it fails, strace -fF should help
1341346713 M * patulo ok, I'm stracing it now 
1341346835 M * patulo Could not load the Host USB Proxy service: VERR_NOT_FOUND.
1341346849 M * patulo that error I suppose is cause it want access to the USB hub
1341346856 M * patulo wich actually I don't really need
1341346951 M * patulo the red message that appears in the Vbox says "The value of the Processor(s) field on the System page is not complete."
1341346962 M * Bertl well, then disable it (the usb part)
1341346965 M * patulo but it doesn't crash
1341347005 M * patulo I just disabled it now
1341347030 M * patulo the guest is running with the standard capabilities
1341347072 M * patulo it's like it lacks of processors
1341347174 N * BobR BobR_zZ
1341347441 M * patulo i just add the VIRT_CPU to the ccapabilities and the guest fails to start with this msg... "Unknown ccap 'VIRT_CPU'"
1341347478 M * patulo do u know what I'm doing wrong ?
1341347597 M * Bertl VIRT_CPU is a cflag not a ccap, so yes, I know what you are doing wrong :)
1341347632 M * patulo jeee :P
1341347633 M * patulo ok !!
1341347634 M * Bertl but VIRT_CPU is not very likely to help you with virutalbox
1341347636 M * patulo thnx !
1341347641 M * Bertl what does the strace say?
1341347655 M * patulo nothing, cause it doesn't fails actually....
1341347667 M * patulo or too much... !
1341347683 M * Bertl so everything fine with virtualbox?
1341347706 M * patulo the vbox interface starts
1341347714 M * patulo but I can start a VM
1341347716 M * patulo cant
1341347725 M * patulo it can't see the processor
1341347757 M * Bertl and what does "can't see" mean?
1341347873 M * patulo in the screen where you can set how many processors you can assign to a VM it shows 0 processors available
1341347891 M * patulo good question, by the way :P
1341347909 M * Bertl so it probably got that info somewhere (or rather didn't get it)
1341347928 M * Bertl check with the strace output where it does do the "looking" :)
1341347941 M * patulo jeee
1341347943 M * patulo yeah :P
1341347986 M * patulo ooops
1341348004 Q * clopez Ping timeout: 480 seconds
1341348017 M * patulo I don't know what happend, I just removed the capabilities and now it doesn't start !....
1341348026 M * patulo root@vpsdesa:/etc/vservers/x# rm bcapabilities.no ccapabilities.no  root@vpsdesa:/etc/vservers/x# vserver x start chroot-sh: open("/etc/mtab"): Read-only file system chroot-sh: unlink("var/run/motd"): Read-only file system chroot-sh: unlink("var/run/crond.reboot"): Read-only file system
1341348090 M * patulo this server it's playing with me...
1341348166 M * Bertl be careful, servers can be vicious sometimes
1341348218 M * patulo I rebooted and the guest starts ... :P
1341348230 M * patulo maybe is a Windows :P
1341348356 M * Bertl yeah, recent distros try to immitate Windoof or MacOX behaviour very closely
1341348381 M * patulo it's a squeeze !!!! not Mint/ubuntu :P !
1341348386 M * patulo It should be decent !
1341348636 Q * sannes Remote host closed the connection
1341348653 M * patulo is there any way to give all privileges to a guest ?
1341348662 M * patulo its a trusted environment
1341348710 M * Bertl yes, you can give all capabilities (bcapabilities) to the guest
1341348735 M * patulo I'll try that just to be sure that is a matter of caps ;)
1341348740 M * patulo or not ...
1341348747 M * Bertl but if it is looking in /proc somewhere, you might need to unhide the entries, and if it uses a device, you might want to add that one
1341348787 M * patulo I'll give it another look at the strace
1341349087 J * Aiken ~Aiken@2001:44b8:2168:1000:21f:d0ff:fed6:d63f
1341349171 Q * plastics Ping timeout: 480 seconds
1341349380 Q * bonbons Quit: Leaving
1341349658 M * patulo it's not a matter of bcaps !! jeeee
1341349665 M * patulo it fails anyway
1341349678 M * patulo Im now trying to strace it
1341349699 M * patulo to catch when it tries to "see" the processors
1341349988 M * patulo does it mean anything to you: "[pid  2413] read(7, 0x7e77f4, 4096)     = -1 EAGAIN (Resource temporarily unavailable)"
1341349991 M * patulo EAGAIN ?
1341350010 M * Bertl yes, it means the system call was interrupted
1341350017 M * Bertl (and the process should try again)
1341350034 M * patulo should I look before that, shouldn't ?
1341350058 M * Bertl that happens when a signal is received for example, so that's not really unusual
1341350068 M * patulo ok
1341350081 M * patulo the nohup file I got is 445000 lines :P
1341350116 Q * bergerx Ping timeout: 480 seconds
1341350346 M * patulo [pid  2423] access("/etc/ld.so.nohwcap", F_OK <unfinished ...> [pid  2422] <... brk resumed> )         = 0x1406000 [pid  2423] <... access resumed> )      = -1 ENOENT (No such file or directory) [pid  2422] access("/etc/ld.so.nohwcap", F_OK <unfinished ...>
1341350346 M * patulo what about that ?
1341350497 M * Bertl that's normal unless you want to deactivate hardware optimized versions of system libraries
1341350508 M * patulo ok, tnhx !
1341350669 M * Bertl you might also take a peek at the source code, maybe something obvious stands out
1341350680 M * patulo yeah
1341350694 M * patulo I'm doing that right now....
1341350997 J * clopez ~clopez@131.29.165.83.dynamic.mundo-r.com
1341351152 M * patulo could you guess where in the /proc can the Vbox look for procinfo... I just know /proc/pcuinfo and /proc/stat...
1341351162 M * patulo but there is no error looking for that in the strace
1341351270 M * Bertl no idea, but I'd suggest to search the sources for the errormessage
1341351279 M * Bertl (you get an error message, yes?)
1341351293 M * patulo "The value of the Processor(s) field on the System page is not complete."
1341351316 M * patulo that... but that string doesnt exist in my nohup !
1341351386 M * Bertl search in the vbox source
1341351554 J * fisted_ ~fisted@xdsl-87-78-17-177.netcologne.de
1341351838 Q * fisted Ping timeout: 480 seconds
1341353868 Q * ghislain Quit: Leaving.
1341354212 M * nkukard this is rather odd, I'm getting a  setruid  -EPERM error and i've assigned CAP_SETUID to the guest in bcapabilities
1341354215 M * nkukard I must be missing something
1341354240 M * nkukard setreuid 
1341354498 M * nkukard hrmmm
1341354553 M * Bertl CAP_SETUID is given by default
1341354562 M * nkukard exactly, I just saw that too
1341354583 M * nkukard setreuid(0, 0)                          = -1 EPERM (Operation not permitted)   <= getting that in a setuid binary
1341354597 M * Bertl kernel/patch?
1341354622 M * nkukard 2.6.32.25, patch , one sec
1341354757 M * nkukard Bertl, I'm unable to determine the patch, is there a way I can do so from within the system itself without having the sources?
1341354913 M * Bertl not really
1341354933 M * Bertl the patch version is usually part of the kernel version name
1341354946 M * Bertl (unless a distro maintainer removes it :)
1341354949 M * nkukard yea, in this case its just  2.6.32.25-vserver
1341354959 M * nkukard its been changed when building the kernel
1341355172 M * Bertl btw setreuid has a bunch of cases where it returns EPERM
1341355243 M * nkukard right, if I chroot, loging as the user and run the app, it works, but if I ssh into the vserver and run it I get the EPERM 
1341355260 M * nkukard I'm trying to figure out if I can see from /proc/x/status what the app is running with in terms of caps
1341355972 M * Bertl assuming that no LSM is enabled, I'd look for some kind of dropped capabilitie and/or messed up (e/r)uids
1341356404 M * daniel_hozac note that setreuid will never work with strace
1341356417 M * daniel_hozac so you're probably chasing the wrong thing there.
1341356434 M * Bertl good point
1341356447 M * nkukard ah
1341356542 M * nkukard http://pastebin.com/zUdnJj9S
1341356558 M * nkukard 2 lines from the bottom I ran without strace
1341357098 M * Bertl check the app where the error message is generated and what might cause it
1341357201 Q * ensc|w Ping timeout: 480 seconds
1341357615 J * ensc|w ~ensc@www.sigma-chemnitz.de
1341359100 J * bergerx ~bergerx@static-94-33-32-60.clienti.tiscali.it