1362182794 Q * geb Ping timeout: 480 seconds 1362183120 J * geb ~geb@mars.gebura.eu.org 1362191209 M * Chlorek anyone? 1362191215 M * Chlorek ping pong? 1362191229 M * Chlorek which capability is responsible for sysct switching inside guest? 1362191267 M * Chlorek I'd like to unblock 1362191282 M * Chlorek *sysctl 1362203705 Q * bzed Ping timeout: 480 seconds 1362205517 J * bzed ~bzed@bzed.netrep.oftc.net 1362207694 Q * bzed Ping timeout: 480 seconds 1362208171 N * Bertl_zZ Bertl 1362208174 M * Bertl morning folks! 1362208235 M * Bertl Chlorek: CAP_SYS_ADMIN, but you do not want to give that lightly to a guest 1362208665 J * bzed ~bzed@bzed.netrep.oftc.net 1362209150 Q * bzed Ping timeout: 480 seconds 1362210656 J * bzed ~bzed@bzed.netrep.oftc.net 1362214627 J * nkukard_ ~nkukard@196-210-205-18.dynamic.isadsl.co.za 1362214774 Q * _WildPikachu_ Ping timeout: 480 seconds 1362215877 J * bonbons ~bonbons@2001:a18:20a:1601:ccdc:5532:de88:f032 1362217691 M * daniel_hozac other capabilities may be needed too, depending on which one it is about. 1362219033 J * X-ian ~chris@p4FCCEF48.dip.t-dialin.net 1362219533 M * X-ian Hi. I have some trouble with the lo network device: running debian 2.6.32 stock kernel, I missed lo. So I set nflags to ~single_ip and created lo in interfaces/0 . I assigned a private ip, made DNAT and SNAT ipfilter rules and started the vserver. now making incoming connections works. but outgoing connections have to explicitly bind to this address to get snat-ed. nc ... 25 fails and nc ... 25 -s 10.... works. 1362219662 M * daniel_hozac the Debian kernel doesn't come with automatic loopback? 1362219740 M * X-ian as far as i know they switched this off 1362220239 M * X-ian I just got the idea to configure 127.0.0.1 at last. now it seems to work. 1362220630 Q * X-ian Quit: leaving 1362226523 M * Bertl off for a nap ... bbl 1362226545 N * Bertl Bertl_zZ 1362227393 Q * ircuser-1 Ping timeout: 480 seconds 1362229608 M * Chlorek Bertl_zZ: seems it's not working 1362229610 M * Chlorek # vattribute --xid 153 --get|grep SYS_ADMIN >/dev/null; echo $? 1362229610 M * Chlorek 0 1362229641 M * Chlorek also all kernel.grsecurity.chroot_deny_* are set to 0 1362230126 N * ensc Guest693 1362230135 J * ensc ~irc-ensc@p54ADDD6A.dip.t-dialin.net 1362230543 Q * Guest693 Ping timeout: 480 seconds 1362230835 J * ircuser-1 ~ircuser-1@35.222-62-69.ftth.swbr.surewest.net 1362235198 M * Rockj I assume 3.8.1 will get a vserver patch due to the local user exploits (net_sock and another one) soon? :-) 1362236769 N * Bertl_zZ Bertl 1362236776 M * Bertl back now ... 1362236822 M * Bertl Chlorek: what's the exact command you are trying? 1362237708 M * Bertl Rockj: we'll see, important exploits/fixes get applied to longterm kernels as well 1362237779 M * Bertl but feel free to motivate me with a donation :) 1362238367 Q * eyck Remote host closed the connection 1362239180 J * eyck ~eyck@nat08.nowanet.pl 1362245960 J * Milhouse ~chatzilla@c-24-34-74-228.hsd1.ma.comcast.net 1362246104 M * Milhouse Hi All - getting Vserver going with Pacemaker. To date, have been creating a separate Logical Volume for each vserver as a way of managing space. Now, have created a Logical Volume for DRBD/Pacemker, are putting all Vservers in there. Suggestions for how to manage vserver space? Quorums? Nested LVM? 1362246129 M * Bertl hey Milhouse! 1362246153 M * Bertl you have a bunch of options there, you can use disk limits with tagging 1362246178 M * Bertl you can also benefit from sharing disk space (and in return memory) via unifiaction 1362246199 M * Bertl but of course, you can partition the DRBD volume as well 1362246246 M * Milhouse OH... 1362246266 M * Milhouse So each time we create a vserver, we'd create a new logical volume in the DRBD? 1362246283 M * Milhouse I.e, is that what you mean? 1362246387 M * Bertl either that or as you already suggested, use lvm to manage/create subvolumes 1362246424 M * Milhouse OK, thanks(!)....will try both, see where things come out. Appreciate it! 1362246448 M * Bertl but of course, with separate volumes/filesystems you'll lose the sharing as well 1362246464 M * Bertl (no change to what you had before :) 1362246497 M * Milhouse OK...didn't know that....so sounds like separate partitions more versatile... 1362246519 M * Bertl basically it all depends on your setup/needs 1362246526 M * Milhouse OK, thanks! 1362246544 M * Bertl for example, if you have 200 guests, all very similar, e.g. the same debian install, etc 1362246546 M * Milhouse PS - will post back when see where end up. 1362246552 M * Milhouse Bye for now.. 1362246556 M * Bertl okay, cya 1362248753 Q * Milhouse Remote host closed the connection 1362250540 J * clopez ~clopez@108.30.165.83.dynamic.mundo-r.com 1362257163 Q * nou Ping timeout: 480 seconds 1362257480 Q * Chlorek Remote host closed the connection 1362260391 J * nou Chaton@causse.larzac.fr.eu.org