1368144267 Q * Ghislain1 Quit: Leaving. 1368151865 Q * Romster Ping timeout: 480 seconds 1368152130 J * Romster ~romster@202.168.100.149.dynamic.rev.eftel.com 1368155000 M * Bertl off to bed now ... have a good one everyone! 1368155005 N * Bertl Bertl_zZ 1368169337 J * Ghislain ~aqueos@adsl1.aqueos.com 1368174426 J * bonbons ~bonbons@2001:a18:20a:9d01:242f:bc0d:e5a7:905 1368174474 N * l0kit Guest4874 1368174479 J * l0kit ~1oxT@0001b54e.user.oftc.net 1368174870 Q * Guest4874 Ping timeout: 480 seconds 1368175012 N * Bertl_zZ Bertl 1368175018 M * Bertl morning folks! 1368175273 M * fback hello Bertl! 1368175282 M * fback not much sleep today ;) 1368175494 M * Bertl yeah, well, trying to adjust my timezone to a different one :) 1368175869 M * fback Bertl: or better, live in two not compatibile tomezones? ;-) 1368177707 M * Bertl nah, that would be too complicated :) 1368178118 M * Arach Hey guys. By chance, does anyone know if it's possible to unmount the original / (after replacing it with another partition on the same target; this part already works here) from inside a new mount namespace, maybe using some tricks like mount with MS_MOVE? 1368178147 M * Bertl you can do a pivot root, then unmount it 1368178163 M * Bertl (that's what is usually done in the initramfs) 1368178205 Q * ensc|w Remote host closed the connection 1368178214 J * ensc|w ~ensc@www.sigma-chemnitz.de 1368178318 M * Arach Bertl, are you sure about unmounting from initramfs? As far as I can see, the "rootfs / extX rw 0 0" is always in /proc/mounts. Doesn't seem it's being unmounted before or after mounting the real rootfs. 1368178395 M * Bertl well, the initramfs root typically is tmpfs 1368178419 M * Bertl the rootfs entry is just something the kernel makes up to keep userspace happy 1368178462 M * Arach Hmm, I see. OK, thanks, I'll try pivot_root. 1368178509 M * Bertl i.e. in a typical kernel boot (recent kernels) the initramfs is populated via cpio, then drivers are set up and root is mounted (typically /sysroot) then the pivot root happens 1368178562 M * Bertl typically the old root gets moved to /initrd and later unmounted 1368178610 M * Bertl note that any process started from the old rootfs will keep it around, although you can lazy unmount it to disappear 1368178693 Q * Walex Read error: Connection reset by peer 1368178749 M * Arach Lazy unmount... I've never seen MNT_DETACH actually working, but I guess it's because I tried it on / only. 1368178853 M * Arach Anyway, I should have checked grsec's treating of pivot_root earlier not to dismiss this option for no reason. Since grsec actually makes a distinction between chroot and pivot_root, so chroot_findtask restrictions should still work. 1368178945 M * Arach I know this is kinda irrelevant here, since I'm kinda inventing my own lxc tool in case grsec will stop supporting vserver patches in the future, but you guys should be very familiar with this stuff, so I decided to ask. Sorry if it's off topic here. 1368179017 M * Bertl doesn't look like grsec will stop supporting Linux-VServer soon (talk to spender) 1368179043 M * Arach He said he's not sure about it. 1368179058 M * Arach It depends on a sponsor or something like that. 1368179235 M * Bertl wll, doesn't hurt to be prepared 1368179491 M * Arach Yeah. Actually I started even before he announced vserver support. ;) I always needed a better tool than the upstream lxc tools or libvirt for OS level virt for testing, but vserver hadn't good grsec support. I hope it will change now. 1368181052 J * jakob_ ~chatzilla@62.116.207.125 1368181123 M * jakob_ Hi I was wondering if there is a problem in running a vserver host with guests installed on a nfs-mounted directory? 1368181144 M * Bertl shouldn't be, as long as the guest can reach the nfs server 1368181177 M * jakob_ ok, thanks, I'll give it a spin 1368182293 Q * Hunger Ping timeout: 480 seconds 1368183024 Q * jakob_ Quit: ChatZilla 0.9.90 [Firefox-Trunk 20.0a1/20130105061132] 1368183906 Q * Aiken Remote host closed the connection 1368184185 Q * ircuser-1 Ping timeout: 480 seconds 1368187703 J * ircuser-1 ~ircuser-1@35.222-62-69.ftth.swbr.surewest.net 1368189609 M * Bertl off for now ... bbl 1368189613 N * Bertl Bertl_oO 1368199357 Q * cuba33ci Remote host closed the connection 1368199470 J * cuba33ci ~cuba33ci@114-36-224-43.dynamic.hinet.net 1368200072 J * hijacker_ ~hijacker@cable-84-43-134-121.mnet.bg 1368201361 J * Hunger hunger@proactivesec.com 1368201656 J * nlm ~nlm@host211.200-43-249.telecom.net.ar 1368202237 Q * nlm Quit: 1368208618 M * jrklein Long time Linux Vserver user here. Considering use of Linux Vserver and KVM side-by-side on the same physical host. I was able to setup a functional host with multiple Vserver guests (Linux) and multiple KVM guests (Windows) and setup seems to work fine. Are there compatibility issues (Vserver vs KVM) I should be aware of or watch out for? 1368208624 M * jrklein Physical host is running CentOS 6.4 x86_64 (kernel 2.6.32-358.2.1.el6.vs2.3.0.36.29.6.31, util-vserver 0.30.216-1.pre3034.el6, kvm 0.12.1.2-2.355.0.1.el6.centos.2) on Intel X3450 (2xQC) 2.67, 16GB, 4x600GB SAS 15K RAID 10. 1368208686 M * daniel_hozac no, it works well together. 1368208693 M * daniel_hozac i've been running that for years. 1368208715 M * jrklein ... and LSI MegaRAID SAS 9260-4i 512MB w/ BBU 1368208771 M * jrklein daniel_hozac: Thank you. That's great to hear! Planning to phase out a few aging VMware servers with very small guests. 1368208831 M * Arach If security isn't among your primary concerns. 1368208846 M * jrklein daniel_hozac: Also, thank you very much for maintaing rpm.hozac.com! The packages for CentOS 6.4 worked flawlessly. 1368208983 M * jrklein Arach: I assume the KVM guests are not the issue. Would you be concerned about unauthorized access from one of the Linux Vserver guests? 1368209929 M * jrklein Arach: I would like to hear more about your security concerns. I do not doubt that running these side-by-side may have security implications. Would like to hear more if you don't mind. 1368210718 M * Bertl_oO I presume, the comment hinted on not having grsec involved 1368210980 M * Jb_boin i dont see why vserver would be a security concern, if you set correctly the flags you shouldnt have any issues 1368211756 M * Bertl_oO well, there is always 'more' security (think se-linux et al) 1368220482 Q * Arach Remote host closed the connection 1368220509 J * Arach ~arach@9KCAACSRQ.tor-irc.dnsbl.oftc.net 1368221501 Q * hijacker_ Quit: Leaving 1368221723 Q * Ghislain Quit: Leaving. 1368222158 M * Bertl_oO off to bed now ... have a good one everyone! 1368222173 N * Bertl_oO Bertl_zZ 1368222805 J * Aiken ~Aiken@2001:44b8:2168:1000:21f:d0ff:fed6:d63f 1368228502 Q * bonbons Quit: Leaving