1348876955 M * isAAAc :)
1348877076 M * Bertl_oO off to bed now ... have a good one everyone!
1348877080 N * Bertl_oO Bertl_zZ
1348879285 J * deathtje_ ~deathtje@216.67.225.106
1348879296 Q * deathtje Remote host closed the connection
1348880955 Q * fisted_ Read error: No route to host
1348882148 J * fisted ~fisted@xdsl-87-78-229-138.netcologne.de
1348887848 Q * isAAAc Quit: Konversation terminated!
1348888751 J * clopez_ ~clopez@17.28.165.83.dynamic.mundo-r.com
1348892491 Q * clopez_ Ping timeout: 480 seconds
1348895084 Q * quasisane Read error: Operation timed out
1348895476 J * quasisane ~sanep@c-24-218-184-186.hsd1.nh.comcast.net
1348900032 J * ghislain ~AQUEOS@adsl2.aqueos.com
1348901079 Q * ghislain Quit: Leaving.
1348901953 Q * ensc|w Remote host closed the connection
1348901961 J * ensc|w ~ensc@www.sigma-chemnitz.de
1348902065 J * ghislain ~AQUEOS@adsl2.aqueos.com
1348902114 Q * ghislain 
1348902397 Q * Romster Remote host closed the connection
1348902468 Q * thierryp Remote host closed the connection
1348905835 J * Romster ~romster@202.168.100.149.dynamic.rev.eftel.com
1348908939 N * Bertl_zZ Bertl_oO
1348909086 J * fisted_ ~fisted@xdsl-84-44-224-193.netcologne.de
1348909488 Q * fisted Ping timeout: 480 seconds
1348911890 J * ju ~ju@curl.eatmytux.com
1348914025 Q * eyck Remote host closed the connection
1348916752 J * eyck ~eyck@nat08.nowanet.pl
1348917584 J * soho ~chatzilla@c-24-34-74-228.hsd1.ma.comcast.net
1348917597 N * soho wombat
1348917609 Q * wombat 
1348919398 J * mib_yd2ak4 18224ae4@ircip3.mibbit.com
1348919414 M * mib_yd2ak4 Hi All: trying to get print working with x2go between 2 Vservers (one as user server, one as cups server).  This is a bit long...
1348919422 M * mib_yd2ak4 2go relies on creating a spool link to folders inside of /tmp on user server (and then a script turns the print job into a pdf and sends it back to the client from the x2go server).  When we start x2go session, link shows as broken and syslog has:
1348919431 M * mib_yd2ak4 Sep 29 11:39:38 vserver11 /usr/bin/x2gostartagent: successfully started X2Go agent session with ID user1-50-1348918777_stDGNOME_dp24 Sep 29 11:39:40 vserver11 /usr/bin/x2goruncommand: launching session with Xsession-x2go mechanism, using STARTUP="/usr/bin/gnome-session" Sep 29 11:39:41 vserver11 /usr/bin/x2gomountdirs[9409]: WARNING: mounting of /home/soho/.x
1348919461 M * mib_yd2ak4 WARNING: mounting of /home/soho/.x2go/S-user1-50-1348918777_stDGNOME_dp24/spool failed
1348919487 M * mib_yd2ak4 So we think for some reason the spool link doesn't work with /tmp on the vserver guest.
1348919506 M * mib_yd2ak4 Could this due to the tmpfs nature of Vserver config fstab?  FYI - we can print when we use x2go on a "regular" server....but are unsure how to address this.
1348922579 J * bonbons ~bonbons@2001:960:7ab:0:9dff:812b:cec0:62b6
1348924795 Q * Wonka Ping timeout: 480 seconds
1348925934 Q * Aiken Remote host closed the connection
1348931141 M * Bertl_oO mib_yd2ak4: could be, but it looks more like it is trying to mount something
1348931148 M * Bertl_oO off for a nap ... bbl
1348931150 N * Bertl_oO Bertl_zZ
1348931485 M * mib_yd2ak4 Thanks Bertl - sorry was away...if trying to mount something, should we make a change in the fstab or is this a script/code problem of the printing app
1348931893 J * clopez ~clopez@17.28.165.83.dynamic.mundo-r.com
1348932979 Q * fisted_ Quit: leaving
1348934978 J * fisted ~fisted@xdsl-84-44-224-193.netcologne.de
1348935596 J * guerby ~guerby@nc10d-ipv6.tetaneutral.net
1348936840 J * thierryp ~thierry@zouk.inria.fr
1348937036 Q * thierryp Remote host closed the connection
1348937956 M * daniel_hozac mib_yd2ak4: look on the real system what kind of mount it is.
1348938332 M * mib_yd2ak4 I think it's a sym link to a "on the fly" folder created in /tmp from the user
1348938343 M * mib_yd2ak4 sorry...from the user's directory.
1348938379 Q * clopez Quit: Leaving
1348938417 J * clopez ~clopez@17.28.165.83.dynamic.mundo-r.com
1348938446 M * mib_yd2ak4 OK - let me check and will get back..
1348938885 M * mib_yd2ak4 When connection works, looks like this in syslog:  Sep 29 13:11:15 bc /usr/bin/x2gostartagent: successfully started X2Go agent session with ID soho-50-1348938673_stDGNOME_dp24 Sep 29 13:11:18 bc /usr/bin/x2gomountdirs[3986]: successfully mounted soho@127.0.0.1:30003/home/soho/.x2go/S-soho-50-1348938673_stDGNOME_dp24/spool to /tmp/.x2go-soho/spool/C-soho-50-13
1348938930 M * mib_yd2ak4 successfully mounted soho@127.0.0.1:30003/home/soho/.x2go/S-soho-50-1348938673_stDGNOME_dp24/spool to /tmp/.x2go-soho/spool/C-soho-50-1348938673_stDGNOME_dp24
1348939031 M * mib_yd2ak4 So would things have trouble mounting in tmpfs format?
1348939139 M * daniel_hozac check cat /proc/mounts when it's working.
1348939157 M * mib_yd2ak4 OK..hang on
1348939328 M * mib_yd2ak4 Here goes
1348939356 M * mib_yd2ak4 root@bc:/home/soho# cat /proc/mounts rootfs / rootfs rw 0 0 none /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0 none /proc proc rw,nosuid,nodev,noexec,relatime 0 0 none /dev devtmpfs rw,relatime,size=999836k,nr_inodes=218364,mode=755 0 0 none /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
1348939383 M * mib_yd2ak4 soho@127.0.0.1:/home/soho/.x2go/S-soho-50-1348939182_stDGNOME_dp24/spool /tmp/.x2go-soho/spool/C-soho-50-1348939182_stDGNOME_dp24 fuse.sshfs rw,nosuid,nodev,relatime,user_id=1000,group_id=1000,max_read=65536 0 0
1348939487 M * mib_yd2ak4 Rats...not sure these all got over...try again...
1348939496 M * mib_yd2ak4 root@bc:/home/soho# cat /proc/mounts rootfs / rootfs rw 0 0 none /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0 none /proc proc rw,nosuid,nodev,noexec,relatime 0 0 none /dev devtmpfs rw,relatime,size=999836k,nr_inodes=218364,mode=755 0 0 none /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
1348939543 M * mib_yd2ak4  /dev/mapper/bc-root / ext3 rw,relatime,errors=remount-ro,data=ordered 0 0 tmpfs /lib/init/rw tmpfs rw,nosuid,relatime,mode=755 0 0 tmpfs /dev/shm tmpfs rw,nosuid,nodev,relatime 0 0 /dev/sda1 /boot ext2 rw,relatime,errors=continue 0 0
1348939558 M * mib_yd2ak4 dev/mapper/bc-home /home ext3 rw,relatime,errors=continue,data=ordered 0 0 /dev/mapper/bc-tmp /tmp ext3 rw,relatime,errors=continue,data=ordered 0 0 /dev/mapper/bc-usr /usr ext3 rw,relatime,errors=continue,data=ordered 0 0 /dev/mapper/bc-var /var ext3 rw,relatime,errors=continue,data=ordered 0 0 fusectl /sys/fs/fuse/connections fusectl rw,relatime 0 0
1348939571 M * mib_yd2ak4 binfmt_misc /proc/sys/fs/binfmt_misc binfmt_misc rw,nosuid,nodev,noexec,relatime 0 0 soho@127.0.0.1:/home/soho/.x2go/S-soho-50-1348939182_stDGNOME_dp24/spool /tmp/.x2go-soho/spool/C-soho-50-1348939182_stDGNOME_dp24 fuse.sshfs rw,nosuid,nodev,relatime,user_id=1000,group_id=1000,max_read=65536 0 0
1348940281 M * daniel_hozac you'll want to use paste.linux-vserver.org for that
1348940493 J * hijacker ~hijacker@cable-84-43-134-121.mnet.bg
1348940498 M * mib_yd2ak4 Thanks Daniel - just tried it (paste.linux-vserver.org --- Posted by mib_yd2ak4 on Sat 29th Sep 19:39) 
1348940753 M * daniel_hozac so it looks like you're going to have to enable fuse and and mounting in your guest for that to work.
1348940790 M * mib_yd2ak4 Are there any posts on how to do that?  Is that a security concern?
1348941634 M * mib_yd2ak4 Would you copy /dev/fuse into /vdir/dev?
1348941893 M * mib_yd2ak4 and copy SECURE_MOUNT, SECURE_REMOUNT, BINARY_MOUNT into ccapaiblities and SYS_ADMIN into bcapablities....again, does this pose security risks (users escaping into the host)?
1348942362 Q * nou Read error: Network is unreachable
1348942873 N * Bertl_zZ Bertl
1348942878 M * Bertl back now ...
1348943015 M * Bertl mib_yd2ak4: as always, giving more permissions poses a certain security risk, for example, allowing fuse inside a guest opens up arbitrary filesystems, which in turn can delay or even destabilize the kernel
1348943056 M * Bertl but it is still more secure than running it on the host
1348943279 M * mib_yd2ak4 So sounds in this case like have to make a trade-off choice:  either no printing or put in fuse and take security risk...
1348943317 M * Bertl I'm not sure why (or for what) the system requires fuse at all
1348943332 M * Bertl again, printing is something usually done via a print server (cups)
1348943353 M * Bertl and cups doesn't really require any fuse mounting or similar stuff to work
1348943406 M * Bertl besides that, even if it would require this, you could still put it into a separate (isoalted) guest which is not reachable for the other guests (except via network printing)
1348943635 M * mib_yd2ak4 yes - can try to describe how I think they are doing printing, but current set up has one vserver guest as cups server, and others as user servers, with an SSH connection between the user guests and the cups guest.  So if we enabled fuse in that scenario...
1348943698 M * mib_yd2ak4 I.e., even in this design, they seem to require fuse when we print to mount these temporary folders.
1348943732 M * Bertl well, it is an insecure design :)
1348943744 M * mib_yd2ak4 Oh....
1348943792 M * mib_yd2ak4 So are we faced with a tradeoff/choice:  keep the security with no printing vs. set up fuse and lessen security?  Am hoping to punch through that tradeoff....
1348943799 M * Bertl but I'd look through the config options and source, maybe there is something to disable that fuse stuff
1348943825 M * mib_yd2ak4 Look through "config options and source" of their code, right?
1348943826 M * Bertl and/or utilize a remote cups server (e.g. on a different guest)
1348943862 M * Bertl I'm not really familiar with x2go, so config options at compile _and_ run time
1348943934 M * mib_yd2ak4 Sorry Bertl - last statement - we do have cups on a "different guest"; so user servers (guests) are separate from cups guest (all are running on the same host).  
1348943963 M * Bertl okay, where does the fuse stuff happen?
1348943978 M * Bertl (or where is it supposed to happen)
1348944023 M * mib_yd2ak4 I think it is supposed to happen on the "x2go server" guest to which a user connects; users would not connect to the cups server guest directly... 
1348944061 M * Bertl in this case, you have the full implications of allowing the fuse stuff
1348944076 M * Bertl i.e. you have to weight that against increased security
1348944091 M * mib_yd2ak4 Rats
1348944097 M * Bertl (if there isn't an option to disable it)
1348944131 M * Bertl if it would be supposed to happen on the cups server, you could shut that off from any guest access except the network printing port
1348944164 M * Bertl which would elevate the issue in that way that only cups could do evil stuff with the fuse mounts :)
1348944194 M * mib_yd2ak4 yes - I think the only connection between the cups guest and any x2go server guests if via an ssh connection, though the way they do it involves root login via ssh
1348944223 M * Bertl which makes it the same domain as the other guest anyway
1348944229 M * mib_yd2ak4 yes
1348944250 M * Bertl i.e. if you ssh over 'as root', you can do anything you like (within the permissions root has on the target)
1348944263 M * mib_yd2ak4 yes
1348944321 M * mib_yd2ak4 but it sounds like if users don't have access to the cups guest (and they could mount some sort of brute force attack I guess from the x2go server guests) then their fuse mounts would be OK?
1348944401 M * Bertl might be, or might not be the case
1348944447 M * Bertl depends on if you can trigger the x2go stuff into transporting an user account into the cups guest and/or force/allow arbitrary remote mounts 
1348944505 M * mib_yd2ak4 OK...
1348944522 M * mib_yd2ak4 Looks like some more research....
1348944551 M * mib_yd2ak4 can you suggest a post to enable fuse in a guest?  am thinking we'll try to get it going and then assess...
1348944628 M * Bertl I don't think there is special documentation, you need to make sure the module(s) are loaded to permit fuse mounts (if that part is modularized) on the host
1348944652 M * Bertl and give the various *MOUNT* capabilities to the guest
1348944673 M * Bertl you can easily check if you have everything by doing the/a fuse mount manually
1348944677 M * Bertl (inside the guest)
1348944691 M * mib_yd2ak4 OK, thanks Bertl.  Will post back with what we find.
1348944694 J * nlm_ ~nlm@host230.200-117-23.telecom.net.ar
1348944699 M * Bertl you're welcome!
1348944836 J * oftc ~oftc@auburn.sored.pl
1348944844 N * oftc Guest8638
1348944894 Q * fisted Quit: leaving
1348944959 J * nicholi2 ~nicholi@rrcs-76-79-196-34.west.biz.rr.com
1348944973 Q * nicholi synthon.oftc.net oxygen.oftc.net
1348944973 Q * nlm synthon.oftc.net oxygen.oftc.net
1348944973 Q * WMP synthon.oftc.net oxygen.oftc.net
1348944973 Q * hijacker_ synthon.oftc.net oxygen.oftc.net
1348944973 Q * ircuser-1 synthon.oftc.net oxygen.oftc.net
1348944973 Q * puck synthon.oftc.net oxygen.oftc.net
1348944973 Q * FireEgl synthon.oftc.net oxygen.oftc.net
1348944973 N * Guest8638 WMP
1348945191 J * puck ~puck@2404:130:0:1000::23:10
1348945632 J * ircuser-1 ~ircuser-1@35.222-62-69.ftth.swbr.surewest.net
1348945660 J * hijacker_ ~hijacker@213.91.163.5
1348945693 J * FireEgl ~FireEgl@173-25-83-57.client.mchsi.com
1348946294 Q * clopez Ping timeout: 480 seconds
1348950872 Q * mib_yd2ak4 Quit: http://www.mibbit.com ajax IRC Client
1348953281 J * Wonka produziert@chaos.in-kiel.de
1348953923 Q * guerby Ping timeout: 480 seconds
1348957480 Q * bonbons Quit: Leaving
1348957557 Q * hijacker Quit: Leaving
1348959405 J * fisted ~fisted@xdsl-84-44-238-12.netcologne.de