1422144945 Q * bonbons Quit: Leaving
1422145454 Q * thierryp Remote host closed the connection
1422147602 Q * fstd Remote host closed the connection
1422147643 J * fstd ~fstd@xdsl-87-78-189-208.netcologne.de
1422149070 J * thierryp ~thierry@home.parmentelat.net
1422149623 Q * thierryp Ping timeout: 480 seconds
1422151842 M * Bertl off for a nap .. bbl
1422151851 N * Bertl Bertl_zZ
1422154993 Q * derjohn_mob Ping timeout: 480 seconds
1422155504 J * derjohn_mob ~aj@ip-37-201-93-67.hsi13.unitymediagroup.de
1422156418 J * thierryp ~thierry@2a01:e35:2e2b:e2c0:856a:775c:ed1a:56b0
1422156903 Q * thierryp Ping timeout: 480 seconds
1422162089 N * Bertl_zZ Bertl
1422162090 M * Bertl back now ...
1422163703 J * thierryp ~thierry@2a01:e35:2e2b:e2c0:856a:775c:ed1a:56b0
1422164188 Q * thierryp Ping timeout: 480 seconds
1422170987 J * thierryp ~thierry@home.parmentelat.net
1422171469 Q * thierryp Ping timeout: 480 seconds
1422171796 J * zerick ~zerick@179.7.68.4
1422174135 Q * derjohn_mob Ping timeout: 480 seconds
1422174745 J * derjohn_mob ~aj@ip-37-201-93-67.hsi13.unitymediagroup.de
1422175577 J * thierryp ~thierry@2a01:e35:2e2b:e2c0:856a:775c:ed1a:56b0
1422175581 Q * thierryp Remote host closed the connection
1422175583 J * thierryp ~thierry@home.parmentelat.net
1422175996 J * thierryp_ ~thierry@home.parmentelat.net
1422175996 Q * thierryp Read error: Connection reset by peer
1422176547 J * thierryp ~thierry@2a01:e35:2e2b:e2c0:856a:775c:ed1a:56b0
1422176547 Q * thierryp_ Read error: Connection reset by peer
1422179296 J * bonbons ~bonbons@2001:a18:22e:fb01:f0a3:91a6:743a:7154
1422179814 Q * thierryp Remote host closed the connection
1422180045 J * Ghislain ~aqueos@adsl1.aqueos.com
1422181060 J * thierryp ~thierry@home.parmentelat.net
1422181061 Q * thierryp Remote host closed the connection
1422181070 J * thierryp ~thierry@home.parmentelat.net
1422181078 Q * thierryp Remote host closed the connection
1422181103 J * thierryp ~thierry@home.parmentelat.net
1422181362 Q * thierryp Read error: No route to host
1422181374 J * thierryp ~thierry@home.parmentelat.net
1422181378 Q * thierryp Remote host closed the connection
1422181387 J * thierryp ~thierry@home.parmentelat.net
1422181394 Q * thierryp Remote host closed the connection
1422181407 J * thierryp ~thierry@home.parmentelat.net
1422184756 Q * zerick Remote host closed the connection
1422185724 Q * thierryp Remote host closed the connection
1422185944 J * thierryp ~thierry@home.parmentelat.net
1422187231 Q * Aiken Remote host closed the connection
1422187592 M * Bertl off to bed now ... have a good one!
1422187600 N * Bertl Bertl_zZ
1422189643 Q * ensc|w Remote host closed the connection
1422190802 Q * fstd Remote host closed the connection
1422190843 J * fstd ~fstd@xdsl-87-78-182-44.netcologne.de
1422207422 N * Bertl_zZ Bertl
1422207427 M * Bertl morning folks!
1422207573 M * undefined morn
1422207931 M * undefined that pid namespace patch you provided might have worked for AlexanderS, but i still get "ls: cannot read symbolic link /proc/self: No such file or directory" when doing "ls -l /proc/self" from within a lxc container on a vserver kernel
1422207942 M * undefined i need to synthesize it down to a simple test
1422208806 M * Bertl I was almost expecting that ... yes, please find a simple test
1422208925 M * Bertl the interesting part is that /proc/self works fine in the namespace example given by AlexanderS
1422209343 M * undefined i wonder if it's related to user namespace
1422209364 M * undefined because you can't even enable user_ns in the kernel without compilation errors
1422209442 M * Bertl hmm, haven't we fixed them already?
1422209487 M * undefined i haven't tried lxc without user namespaces, so maybe i'll also try that, if it's even possible (to help eliminate possible problems/solutions)
1422209487 M * Bertl I have to admit, I still test with USER_NS off as it doesn't make much sense for me
1422209499 M * undefined no, there's still the krag issue
1422209527 M * undefined i'll pastebin it
1422209538 M * Bertl in uidgid.h, yes?
1422209586 M * undefined yes
1422209607 M * undefined http://pastebin.com/dmPwKVA7
1422209675 M * undefined i also comment out CLONE_NEWUSER (just as is done with CLONE_NEWPID) so uitl-vserver doesn't try to create a new user namespace
1422209766 M * Bertl makes sense, where is the make_ktag and from_ktag used?
1422209824 M * undefined don't remember
1422209826 M * undefined let me look
1422210355 M * undefined net/sunrpc/auth.c:rpcauth_lookupcred()
1422210356 M * undefined fs/ocfs2/namei.c:__ocfs2_mknod_locked()
1422210356 M * undefined fs/btrfs/inode.c:btrfs_read_locked_inode()
1422210356 M * undefined include/linux/fs.h:i_tag_read()
1422210356 M * undefined include/linux/fs.h:i_tag_write()
1422210356 M * undefined kernel/vserver/inode.c:__vc_set_iattr()
1422210392 M * Bertl ah, okay :)
1422210404 M * undefined my implementation of (make|from)_ktag is unchanged from the non user-ns implementation
1422210433 M * undefined so, from the perspective of vserver, vtags are unchanged whether userns is enabled or not
1422210525 M * undefined though i realize that could cause security concerns in a user namespace (ie the checks for who can change tags within a user namespace might be incorrect because they don't consider user namespaces)
1422210566 M * undefined but right now vserver syscalls don't work within a user namespace because the checks for root don't consider user namespaces
1422210572 M * undefined (that's a different patch i have)
1422210641 M * undefined but i'm not so sure that user namespaces are useful for vserver, so i didn't develop/test that any further and right now have them (vserver and lxc) be somewhat mutually exclusive (by use of user namespaces)
1422210689 M * undefined but my knowledge and experience are limited, so i don't rule out any mistakes/errors in my logic or code
1422211198 M * undefined Bertl: test case for /proc/self in a user namespace: vspace --new --user sh -c 'mount -t proc none /proc; ls -al /proc/self'
1422211234 M * undefined hmmm
1422211245 M * undefined i don't see the "mount: only root can do that"
1422211352 M * undefined that's probably because vspace needs to create uid and gid mappings for the new user namespace between sys_clone() and execvp() calls otherwise all capabilities are removed from the executed vcontext because the uid and gid are 65535
1422211381 M * undefined as i noted in http://archives.linux-vserver.org/201410/0051.html
1422211405 M * undefined or maybe i need to upgrade my version of util-vserver
1422211490 M * Bertl I get sh: setgid: invalid argument
1422211509 M * Bertl need a newer util-vserver too I guess
1422211596 M * undefined let me try it without my userns patch
1422216039 J * Aiken ~Aiken@d63f.h.jbmb.net
1422218250 J * sannes ~ace@2a02:fe0:c120:ae50:acd1:70ee:5a2:6b26
1422218723 Q * ggherdov__ Ping timeout: 480 seconds
1422219764 M * undefined ok, got distracted with lxc and its various commands, specifically lxc-unshare, lxc-usernsexec, etc
1422219791 M * undefined i need to do some more research to find a simple test case and familiarize myself better with what happens when (ie what environment)
1422220066 Q * Ghislain Quit: Leaving.
1422222482 Q * bonbons Quit: Leaving
1422225198 J * ggherdov__ sid11402@id-11402.ealing.irccloud.com
1422227745 Q * derjohn_mob Remote host closed the connection
1422229272 Q * thierryp Remote host closed the connection