1407719742 M * Bertl off to bed now ... have a good one everyone!
1407719753 N * Bertl Bertl_zZ
1407738283 J * Ghislain ~aqueos@adsl1.aqueos.com
1407748170 N * Bertl_zZ Bertl
1407748183 M * Bertl morning folks!
1407748189 M * undefined morn
1407750250 J * DoberMann ~james@2a01:e35:8b44:84c0::2
1407751774 M * Ghislain yop
1407752269 M * Mr_Smoke mo'i
1407752270 M * Mr_Smoke n
1407752296 M * Mr_Smoke Bertl: would you care to clarify this gentoo/hardened situation when you have the chance?
1407752397 M * renihs_ gentoo/hardened situation?
1407752558 M * Mr_Smoke The fact that the hardened gentoo toolchain suddenly cannot build dietlibc, and therefore util-vserver, and that somewhere, someone hinted at the fact that hardened vs. VServer is a bad idea
1407752634 M * Bertl well, I consider the hardened toolchain a funny thing, not unsimilar to se-linux
1407752677 M * Bertl it has a great potential to increase security when used properly, but it also generates a lot of problems on the way
1407752703 M * Bertl for dietlibc that simply means that obviously dietlibc and the hardened toolchain were not tested together
1407752752 M * Bertl both might need adjustments to work properly, but I'm not sure I see the point of going through that, unless you are a big fan of the hardened toolchain (or a maintainer)
1407752907 M * Mr_Smoke Well I'm a big fan of the SSP/nopie 
1407752911 M * Mr_Smoke +protections
1407752919 M * Mr_Smoke Which come with the hardened toolchain.
1407752940 M * Mr_Smoke Besides, this problem is on the verge of causing util-vserver's removal from the portage tree
1407752985 M * distemper Mr_Smoke: i think at least ssp was enabled by default for the normal toolchains, too (at least for gcc-4.8+) last month
1407753015 M * Mr_Smoke 4.8 hasn't made it to stable yet
1407753348 Q * ensc Remote host closed the connection
1407753366 J * ensc ~irc-ensc@p54ADF3A3.dip0.t-ipconnect.de
1407753396 M * renihs_ Mr_Smoke, no the issue was that dietlibc is unmaintened
1407753407 M * renihs_ the 0.34_pre20140729 should have fixed that for the time being
1407753425 M * renihs_ snapshot :)
1407753518 M * Mr_Smoke renihs_: it does help building util-vserver … as long as you're not using the hardened profile
1407753527 M * Mr_Smoke Otherwise you can't build dietlibc itself
1407753548 M * renihs_ Mr_Smoke, hmm i have some hardened builds hmm
1407753554 M * renihs_ what issue are you facing actually?
1407753578 M * Mr_Smoke And the other thing is, I *WAS* able to build util-vserver pre 3038 against dietlibc < 0.34 at some point, but not anymore
1407753580 A * renihs_ has no access to them atm 
1407753597 M * renihs_ well i recommend using the 0.34 version :)
1407753598 M * Mr_Smoke renihs_: hardened + dietlibc = error 139 while building dietlibc
1407753600 M * Bertl renihs_: dietlibc is maintained, but probably not in gentoo :)
1407753617 M * Mr_Smoke renihs_: yeah, well, the build fails with .34 + hardened too
1407753621 M * renihs_ Bertl, yeah, sloppy phrasing from my side 
1407753652 M * Bertl no problem, just clarifying :)
1407753657 M * renihs_ Mr_Smoke, hmm cant access them now to check hmm 
1407753695 M * Mr_Smoke renihs_: there are bugs open over at b.g.o that attest that fact
1407753699 M * renihs_ and CCx isnt around neither hmm 
1407753709 M * Mr_Smoke https://bugs.gentoo.org/show_bug.cgi?id=414629
1407753781 M * Mr_Smoke The one thing that bugs me is that my logs clearly show that I build util-vserver in december, 0.30.216-pre3038, against dietlibc 0.33, NOT 0.34
1407753789 M * renihs_ hmm i suppose i build with 4.8.x and 0.34
1407753801 M * Mr_Smoke I wonder how that's even possible, given the missing declaration error
1407753821 M * renihs_ Mr_Smoke, that sounds abit strange but i too hate successfull builds on some boxes, not so on other 
1407753830 M * renihs_ never looked into the why
1407753848 M * Bertl not so unexpected by a highly modular and flexible distro like gentoo
1407753895 M * renihs_ also, s/hate/had
1407753967 M * Mr_Smoke Bertl: well, are you saying that Gentoo invented that stpcpy() at some point?
1407753994 M * Bertl no, I was referring to the different results on different machines
1407753996 M * Aiken if dietlibc had been previously built & installed then util-versver would also build and install
1407754015 M * renihs_ Aiken, yeah, i would say thats the most likely "cause" as well
1407754020 M * Aiken assuming you had not touched dietlibc for awhile I have no trouble believing util-vserver installed for you in dec last year
1407754060 M * Mr_Smoke Aiken: Yes, but it does not build anymore, on the same rig.
1407754078 M * Aiken until I noticed the recent mask & removal notice I had been successfully installing util-vserver with a dietlibc that had been installed Aug 2011
1407754112 A * renihs_ pokes at the nice snapshot (tpre20140729) hat was emergency cobbled together just recently
1407754139 M * Aiken the 0.34 snapshot did the trick for me
1407754161 M * renihs_ should also prevent the removal from portage for the time being 
1407754162 M * Aiken disclaimer time, I don't use hardened
1407754170 M * renihs_ until a better solution is found at least
1407754172 M * Mr_Smoke Yeah, that + the de-hardening of my gcc/glibc
1407754172 M * Aiken the mask seems to have been removed
1407754195 M * Mr_Smoke I didn't expect that.
1407754204 M * Aiken just did emerge -pv on an image that has never seen anything vserver and no mask message
1407754220 M * renihs_ yeah, mask is removed too for the moment
1407754240 M * renihs_ might come back in a couple months but i suppose we will have thought of something else by then 
1407754271 A * renihs_ needs to keep that in mind
1407754276 M * renihs_ else pacho kicks in again :)
1407754312 P * undefined 
1407754766 J * fisted_ ~fisted@xdsl-81-173-189-62.netcologne.de
1407754902 N * AbyssOne a1-away
1407754938 N * a1-away AbyssOne
1407755216 Q * fisted Ping timeout: 480 seconds
1407755216 N * fisted_ fisted
1407755316 M * Aiken the 0.33 dietlibc where I could still build util-vserver have been built with gcc 4.4.5, the dietlibc where I could not had been built with gcc 4.7.3
1407755356 M * Aiken that is why I had wondered if something similar had been why the dec build had worked
1407755555 M * Mr_Smoke Aiken: I went back as far as gcc 4.5 and couldn't build it, I didn't try 4.4, but sounds like you're right
1407755582 M * Mr_Smoke I'm still curious how/where gcc 4.4 found the stpcpy() declaration
1407755663 M * Aiken don't know
1407755694 M * Aiken I did not realize there was a problem until I saw the masked message and tried building a fresh copy of the tools in a new image
1407755728 M * Aiken so until a couple of weeks ago I was still using that aug 2011 dietlibc
1407755734 M * Mr_Smoke Me too
1407755750 M * Mr_Smoke Hm, apparently there's no maintainer for util-vserver anymore,
1407755754 M * Mr_Smoke Sad.
1407755903 M * Bertl again, there is, and daniel_hozac does a good job, on gentoo we seem to have lost hollow as maintainer
1407755951 M * Bertl do not confuse distro maintainers with Linux-VServer/tool maintainers
1407755974 M * Mr_Smoke Bertl: yeah, I meant distro maintainer, of course :)
1407756151 M * renihs_ Bertl, yes, were did hollow go? 
1407756238 M * Bertl I guess he has other interests or personal problems, I really don't know, at some point he stopped maintaining the wiki and shortly after that maintaining the packages
1407756340 M * renihs_ :(
1407756363 M * renihs_ so no chance of bribing with crates of beer or similiar 
1407756746 M * Bertl no idea, maybe :) 
1407756763 M * Bertl but generally, people come and go in projects (not just open source)
1407756793 M * Bertl sometimes it takes a while for somebody to take over, sometimes the project dies away
1407756812 M * renihs_ well, thats not an option 
1407756826 M * renihs_ i mean, everything is an option, not a good option i mean :)
1407756871 M * Bertl if somebody is interested enough, then there will be somebody maintaining gentoo packages :)
1407756924 M * Bertl Linux-VServer would have died back in 2001 when jacques disappeared if I hadn't had jumped in, similar happened with the tools when enrico got a life and daniel_hozac took over
1407756977 M * renihs_ hmm well, vserver is way too much used on gentoo to be ignored in any way, shape of form 
1407756987 M * renihs_ the gentoo must survive, so does vserver :)
1407756993 M * renihs_ on gentoo i mean
1407757017 M * Bertl well, then, maybe consider becomming a gento maintainer :)
1407757034 M * renihs_ hmmm :)
1407757043 M * renihs_ i am looking around for a victim already
1407757044 M * Bertl or if you already are, at lest a maintainer of util-vserver :)
1407757059 M * Bertl (and probably dietlibc as well)
1407757060 A * renihs_ has ccxcz in mind :)
1407757080 M * renihs_ which would make sense since he is also involved into hardening 
1407757104 M * renihs_ he will probably ask me if i am just lazy or stupid too but its worth a shot :)
1407757105 M * Bertl I guess that would help with the hardened issues
1407757140 M * renihs_ yeah, something will have to be done, current situation isnt acceptable for long term i suppose 
1407757149 M * Bertl but it could also have a negative effect, like back when devfs was evil and unfixable
1407757167 M * Bertl (and devices could never be created successfully from kernel space :)
1407757191 M * renihs_ hmm well it should be another few years before history starts repeating i hope :)
1407757195 M * Bertl luckily nowadays we have overcome most of udev and are just embracing the brand new devtmpfs :)
1407757251 M * Bertl so what I'm saing is: it might well be that a hardened maintainer takes the position that dietlibc is unfixably broken
1407757690 M * Mr_Smoke Hm
1407757708 M * Mr_Smoke Weird. I built htop with vserver USE flag but it's not showing the virtual processes
1407758975 Q * Ghislain Read error: Connection reset by peer
1407759189 J * Ghislain ~aqueos@adsl1.aqueos.com
1407760843 Q * Ghislain Ping timeout: 480 seconds
1407760911 J * Ghislain ~aqueos@adsl1.aqueos.com
1407760931 J * Ghislain1 ~aqueos@adsl2.aqueos.com
1407761393 Q * Ghislain Ping timeout: 480 seconds
1407762917 M * Mr_Smoke Bertl: where does one find information about guest processes again?
1407762931 M * Mr_Smoke /proc -alike information, I mean
1407763585 M * Mr_Smoke Hm I'm guessing VSERVER_PROC_SECURE is the issue here
1407763697 J * undefined ~undefined@00011a48.user.oftc.net
1407763744 M * Mr_Smoke So question is, how boad would it be to run without that opion?
1407763746 M * Mr_Smoke option*
1407765097 M * Bertl did you read the help for that option?
1407765268 M * Mr_Smoke I did
1407765304 M * Mr_Smoke I'm thinking it can't be terrible (unless the host is pwnd but then it's already a massive screwup)
1407765312 M * Mr_Smoke I'm just asking if there's more than meets the eye
1407765685 M * Bertl okay, obviously the help is confusing then
1407765719 M * Bertl this option hides /proc entries (inside a guest) unless they are process entries or specifically enabled
1407765742 M * Bertl this is usually what you want in a potentially hostile environment
1407765773 M * Bertl guest processes are generally visible in the guest and spectator context
1407765784 M * Bertl (so not really related to that option)
1407766064 M * Mr_Smoke Ah.
1407766089 M * Mr_Smoke Bertl: what I'm after is how the host can see the guest proc info
1407766099 M * Mr_Smoke vps obviously knows how to do that, but htop doesn't.
1407766123 M * Bertl vps is basically a wrapper which runs ps from the spectator context
1407766142 M * Mr_Smoke I see
1407766164 M * Mr_Smoke Whereas htop apparently expects something in /proc, from what I can tell of the source code
1407766264 M * Mr_Smoke So basically that's a no-can-do as such, it would require a wrapper too, right?
1407766486 M * Bertl If I remember correctly, htop was adapted to handle Linux-VServer specific information (at some point)
1407766508 M * Bertl you can probably simply run it inside the spectator context and it will work
1407766555 M * Mr_Smoke Hm
1407766708 M * Mr_Smoke Bertl: so basically, an alias that does 'chcontext --ctx 1 htop' would do. Thanks :)
1407766820 M * Mr_Smoke Hm
1407766840 M * Mr_Smoke That works well enough on my old 2.6.38 kernel, not on the 3.10 one.
1407766841 M * Bertl it might do, I'm not really using htop anywhere
1407766874 M * Bertl maybe different kernel config
1407766906 M * Mr_Smoke Ah, my bad. It works, it's just that all process are listed under VxID 0 and CGROUP null
1407766962 M * Mr_Smoke (in the newer kernel)
1407766980 M * Bertl guest processes should have an VxID != 0
1407766992 M * Bertl for host processes VxID 0 is fine
1407767151 M * Mr_Smoke Yup, that's the problem. even guest processes are listed with 0
1407767175 M * Mr_Smoke Manually reading /proc entries suggests the cgroup information is there too, and no different from the older kernel
1407767199 M * Bertl so something in htop was 'improved' :)
1407767255 M * Bertl IIRC, there was a change in the parser which requires a different kernel /proc format
1407767266 M * Bertl we added a patch for that on recent Linux-VServer 
1407767293 M * Mr_Smoke Ah well, it works well with a slightly older version of htop
1407767301 M * Bertl http://vserver.13thfloor.at/Experimental/delta-proc-feat01.diff
1407767304 M * Mr_Smoke All is well then :)
1407767377 M * Mr_Smoke Just need to remember how to tell htop to save the columns
1407773107 J * bonbons ~bonbons@2001:a18:207:101:29fa:cb09:d02b:49dd
1407777685 J * zerick ~eocrospom@190.187.21.53
1407778255 M * daniel_hozac hijacker: looks like your files were moved around after you built it. rebuilding util-vserver should pick up the new paths automatically
1407779060 J * Ghislain ~aqueos@adsl1.aqueos.com
1407779353 Q * Ghislain1 Ping timeout: 480 seconds
1407780073 Q * Ghislain Quit: Leaving.
1407780166 J * Ghislain ~aqueos@adsl1.aqueos.com
1407780507 Q * DoberMann Ping timeout: 480 seconds
1407787178 Q * zerick Remote host closed the connection
1407790902 Q * bonbons Quit: Leaving
1407793826 Q * Ghislain Quit: Leaving.
1407795116 J * DoberMann ~james@2a01:e35:8b44:84c0::2
1407797280 J * zerick ~eocrospom@190.187.21.53
1407800841 J * fisted_ ~fisted@xdsl-87-78-81-155.netcologne.de
1407801291 Q * fisted Ping timeout: 480 seconds
1407801292 N * fisted_ fisted