1383436899 M * undefined i can't get vdevmap to work on kernel 3.10.17-vs2.3.6.6.3+1-amd64 & utils 0.30.216-pre3038 1383436915 M * undefined or at least not the way i remember (and documented) it worked 1383436958 M * undefined echo MKNOD >/etc/vservers/build/bcapabilities 1383437023 M * undefined and then create the device entries under /etc/vservers/build/apps/vdevmap/ 1383437065 M * undefined eg mkdir zero; echo /dev/zero >zero/device; touch zero/{create,open} 1383437112 M * undefined i can create the entries specified for vdevmap 1383437118 M * undefined (that's not hte problem) 1383437140 M * undefined but i can also create all other devices (ie those not specified for vdevmap) 1383437260 M * undefined is that how it's suppose to work? if you specify MKNOD, then yes, but not when used in conjunction with vdevmap 1383437289 M * undefined or at least that's what i remember (and have documented; but i've been wrong before) 1383437956 M * undefined i've searched through the patched kernel code and i can't find where vdevmap is used for mknod (for that matter, i can't find the kernel code used for mknod), but i can find where vs_map_device is used when opening a blk or chr device 1383438886 Q * treaki Ping timeout: 480 seconds 1383438940 J * treaki e18dc5b443@p4FF4BD16.dip0.t-ipconnect.de 1383441425 M * undefined (to continue) i've instrumented the code (ie printk) and can see that __lookup_mapping returns 4 (default) and uses dmap_defaults which apparently allows open access (ie cat loop0, which isn't in vdevmap) 1383441539 M * Bertl there is a cgroup subsystem in recent kernels verifying device creation 1383441648 M * undefined yep, tried that as soon as my testing of vdevmap failed and it works 1383441666 M * undefined but i was curious to see why vdevmap didn't work 1383441685 M * undefined (i'm a glutton for punishment, liking to debug stuff and all) 1383441730 M * undefined so i started searching, reviewing, and instrumenting the code 1383441804 M * Bertl well, we remove stuff which is already handled by mainline, so the device permission checks 1383441836 M * undefined if you or daniel told me that was "the future" and vdevmap was deprecated, then i was going to pursue integrating cgroup devices into util-vserver 1383441850 M * undefined but it doesn't look integrated yet 1383441853 M * Bertl vs_blkdev_perm() and vs_chrdev_perm() are not used anymore 1383441863 M * undefined at least not in pre3038 1383441874 M * Bertl we are at pre3054 or so :) 1383441907 M * undefined not according to the irc channel ;) 1383441919 M * undefined irc channel announcement 1383441938 M * undefined but i was going to look at util-vserver in git 1383442010 F * ChanServ +o Bertl 1383442014 M * undefined yeah, i couldn't find vs_(blk|chr)dev_perm used anywhere, but vs_map_(chr|blk)dev is 1383442018 T * Bertl http://linux-vserver.org/ |stable 3.6.x-vs2.3.x|util-vserver-0.30.216-pre3054| He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the Wiki, and we forget about the minute. 1383442032 F * Bertl -o Bertl 1383442065 M * Bertl yes, the mapping functionality is still valuable and not present in mainline 1383442115 M * undefined fyi, i don't use mapping, just the permissions 1383442137 M * Bertl then you can safely disable this option in the kernel config 1383442191 M * undefined yes; only exists because i was migrating stuff/configs/options forward from 3.0 (which came from 2.6.35, etc) 1383442397 M * undefined ah, i see why i didn't know about pre3054: it was only realized 2 days ago 1383442474 M * Bertl but it was a good and valid argument nevertheless :) 1383442482 M * undefined it wasn't just because of the irc channel, but because pre3038 was the latest at http://people.linux-vserver.org/~dhozac/t/uv-testing/ when i downloaded and built it 2 weeks ago (and since it hadn't been updated much before that [ie april], i wasn't worried about checking back often) 1383442509 M * undefined thanks! i try the new version 1383442821 M * Bertl won't help with the mknod permissions though, they are configured via cgroups now 1383442842 M * Bertl (which is basically the same as with pre3038 1383442845 M * Bertl ) 1383442847 M * undefined yeah, but i'm looking to see if there's any integration with cgroup 1383442869 M * Bertl cgroup integration has been there for a while 1383442871 M * undefined if only to copy/cat stuff out of files under /etc/vservers 1383442885 M * undefined yeah, i use util-vserver cgroup-integration for other things 1383442896 M * Bertl yup, that's basically it, used for the limits and similar 1383443057 M * undefined or even if util-vserver will only run a script on vserver start-up, i know what i want done (as i already did it by hand tonight just to test it; didn't know it existed until i was greping for CAP_MKNOD and saw Documentation/cgroups/devices.txt) 1383443076 M * undefined but i've never needed to do that before, so i've got some learning of util-vserver to do 1383443094 M * Bertl check the great flower page 1383443127 M * undefined yeah, i was just there earlier to double-check the vdevmap stuff, but wasn't looking for anything related to cgroup 1383443173 M * undefined or how to run a admin-specified script 1383443196 M * undefined but i'll be sure to check there (and the source code if only to get a better understanding of it) 1383444768 Q * bonbons Quit: Leaving 1383447148 M * Bertl off to bed now ... have a good one everyone! 1383447156 N * Bertl Bertl_zZ 1383449996 J * thierryp ~thierry@home.parmentelat.net 1383452418 Q * thierryp Remote host closed the connection 1383452439 J * thierryp ~thierry@2a01:e35:2e2b:e2c0:49e2:95c8:708e:7cb7 1383452920 Q * thierryp Ping timeout: 480 seconds 1383456678 J * thierryp ~thierry@2a01:e35:2e2b:e2c0:e0ac:f3ef:8fae:d9f6 1383457160 Q * thierryp Ping timeout: 480 seconds 1383458074 J * geos_one ~chatzilla@80.123.185.198 1383458201 M * undefined well, i had to write a pre-start script to configure cgroup device permissions 1383458230 M * undefined using /etc/vservers//cgroup/devices.{allow,deny} didn't work 1383458300 M * undefined 1. i need devices.deny processed first (to create default deny rule) and then process devices.accept to accept what i want 1383458460 M * undefined 2. writing the entire ~10 lines of devices.accept to /dev/cgroup//devices.accept at once (ie cat devices.accept >/dev/cgroup//devices.accept) caused a E2BIG 1383458900 M * undefined i'm still not sure about the E2BIG error because the behavior wasn't consistent (well, it always consistently failed when done by "vserver start", but using bash's built in "echo" with a multi-line "foo\nbar" always worked, and /bin/echo failed, and when using strace it looked like bash's echo did a write() per embedded newline, while /bin/echo did a single write(), and i think i saw one time where /bin/echo succeeded) 1383459116 M * undefined in pre-start i did one built-in bash echo per permission (eg "c 1:3 m") because i know that works 1383469202 Q * fisted Remote host closed the connection 1383469222 J * fisted ~fisted@xdsl-87-78-185-29.netcologne.de 1383472074 J * bonbons ~bonbons@2001:a18:224:2e01:8d2f:4267:ea64:1a4b 1383473057 Q * kiorky Remote host closed the connection 1383473074 J * kiorky ~kiorky@cryptelium.net 1383483265 N * l0kit Guest4250 1383483271 J * l0kit ~1oxT@0001b54e.user.oftc.net 1383483660 Q * Guest4250 Ping timeout: 480 seconds 1383484991 Q * ncopa Ping timeout: 480 seconds 1383485341 J * ncopa ~test@3.203.202.84.customer.cdi.no 1383486453 N * Bertl_zZ Bertl 1383486469 M * Bertl morning folks! 1383503701 J * fisted_ ~fisted@xdsl-84-44-147-17.netcologne.de 1383504057 Q * fisted Ping timeout: 480 seconds 1383504057 N * fisted_ fisted 1383508669 J * thierryp ~thierry@2a01:e35:2e2b:e2c0:5453:3c99:f501:9e36 1383508839 Q * thierryp Remote host closed the connection 1383508860 J * thierryp ~thierry@home.parmentelat.net 1383509345 Q * thierryp Ping timeout: 480 seconds 1383512401 Q * fisted Remote host closed the connection 1383512429 J * fisted ~fisted@xdsl-84-44-147-17.netcologne.de 1383516663 Q * bonbons Quit: Leaving 1383518624 J * brambles lechuck@s0.barwen.ch 1383519326 J * thierryp ~thierry@2a01:e35:2e2b:e2c0:5866:9f5:8ace:d3e9 1383519902 Q * thierryp Remote host closed the connection 1383519923 J * thierryp ~thierry@2a01:e35:2e2b:e2c0:5866:9f5:8ace:d3e9 1383520405 Q * thierryp Ping timeout: 480 seconds