1373069009 Q * Ghislain Quit: Leaving.
1373092734 M * Bertl off to bed now ... have a good one everyone!
1373092738 N * Bertl Bertl_zZ
1373098236 J * bonbons ~bonbons@2001:a18:20b:a301:9ce3:8662:76bd:ba1a
1373108620 Q * ircuser-1 Read error: Operation timed out
1373111934 N * Bertl_zZ Bertl
1373111940 M * Bertl morning folks!
1373111985 M * daniel_hozac morning Bertl!
1373112458 J * ircuser-1 ~ircuser-1@35.222-62-69.ftth.swbr.surewest.net
1373112470 M * Bertl daniel_hozac: how's going?
1373112491 M * daniel_hozac pretty good, but very busy
1373112494 M * daniel_hozac how about you?
1373112517 M * Bertl yeah, same here ...
1373115891 Q * Aiken Remote host closed the connection
1373120633 Q * eyck Remote host closed the connection
1373125680 Q * nkukard Ping timeout: 480 seconds
1373126704 M * glen any ideas how to get audit working inside vserver?
1373126713 J * nkukard ~nkukard@41-133-138-137.dsl.mweb.co.za
1373126882 M * Bertl glen: what do you want to audit?
1373127319 J * eyck ~eyck@nat08.nowanet.pl
1373127586 M * glen Bertl: file (write) accesses
1373127633 M * Bertl did you assign the bcapability to the guest?
1373127646 M * glen i think i did
1373127666 M * Bertl so what doesn't work then? i.e. what error do you get?
1373127687 M * glen MKNOD SYS_ADMIN AUDIT_WRITE
1373127701 M * glen not sure should i add with SYS_ prefix?
1373127764 M * glen well, auditd is not starting up inside guest, and when tring to use host auditd, it does not "See" guest file changes
1373127781 M * glen it _does_ see some other guest audit events like crontab edits via pam
1373127893 M * Bertl so why is auditd not starting up inside the guest? what error do you get?
1373127921 M * glen why audit fails to start is rather unclear: # strace -s200 -ff /sbin/auditd  2>/tmp/audit.log
1373127925 M * glen http://sprunge.us/ESEN
1373127963 M * glen [pid 30447] sendto(6, "<27>Jul  6 19:24:31 auditd[30447]: Unable to set audit pid, exiting\0", 68, MSG_NOSIGNAL, NULL, 0) =
1373127969 M * glen seems the main cause
1373128001 M * glen or this
1373128001 M * glen [pid 30447] sendto(6, "<28>Jul  6 19:24:31 auditd[30447]: Error setting audit daemon pid (Operation not permitted)\0", 92,
1373128020 M * Bertl what about CAP_AUDIT_CONTROL? does the guest have that?
1373128054 M * glen no, it has just those 3 i pasted at 19:21:27
1373128072 M * glen but imho sys_admin gives full power kind of?
1373128103 M * Bertl kind of, except for audit control :)
1373128158 M * glen oh.better
1373128158 M * glen 19:29:09 root[load: 0.25]@builderth ~# service auditd status
1373128159 M * glen auditd (pid 31490) is running...
1373128173 M * glen thanks!
1373128181 M * Bertl you're welcome!
1373128323 M * glen https://www.pld-linux.org/docs/vserver#running_auditd_inside_guest
1373128345 M * glen probably the info is not complete, as i also have SYS_ADMIN set now, need to test on "fresh guest" :)
1373128366 M * Bertl yeah, SYS_ADMIN should not be required
1373128500 M * glen it's there for other purposes 
1373130435 N * l0kit Guest2309
1373130443 J * l0kit ~1oxT@0001b54e.user.oftc.net
1373130839 Q * Guest2309 Ping timeout: 480 seconds
1373131222 Q * arekm Ping timeout: 480 seconds
1373132464 J * arekm ~arekm@000161e0.user.oftc.net
1373133988 J * Ghislain ~aqueos@adsl1.aqueos.com
1373137387 J * hijacker_ ~hijacker@cable-84-43-134-121.mnet.bg
1373141218 Q * hijacker_ Quit: Leaving
1373145029 J * cuba33ci_ ~cuba33ci@114-36-250-70.dynamic.hinet.net
1373145180 Q * cuba33ci Read error: Operation timed out
1373145188 N * cuba33ci_ cuba33ci
1373147000 J * Aiken ~Aiken@2001:44b8:2168:1000:21f:d0ff:fed6:d63f
1373149623 Q * bonbons Quit: Leaving
1373151467 Q * Ghislain Quit: Leaving.