1455753783 M * AlexanderS *mhh* is there any reason why I cannot read /proc/$PID/ns/* in ctx 1?
1455754313 M * Bertl probably the default flags are not set correctly
1455754726 M * AlexanderS And how I can get/set this values? vprocunhide cannot be used for the pid directoryies, or am I missing something?
1455755079 M * Bertl hmm, what kernel version is that?
1455755215 M * AlexanderS 3.18.11-vs2.3.7.4-beng
1455755296 M * AlexanderS The entries are there but if I try ls -l I get something like this: "ls: cannot read symbolic link /proc/955/ns/net: Permission denied"
1455755473 M * Bertl the directory itself can be listed fine?
1455755782 M * AlexanderS yes
1455755827 M * AlexanderS But I cannot get the target of the symlinks... So it's not really useful ;)
1455756312 M * Bertl okay, you probably want to enable Linux-VServer debugging in the kernel and check where the actual access is blocked
1455757143 Q * fstd Remote host closed the connection
1455757273 J * fstd ~fstd@xdsl-87-78-16-240.netcologne.de
1455757637 M * AlexanderS (recompiling kernel now...)
1455761553 J * derjohn_mobi ~aj@x590cf651.dyn.telefonica.de
1455761994 Q * aj__ Ping timeout: 480 seconds
1455764493 M * AlexanderS Bertl: Any hints how to activate appropriate debug? echo 255 > /proc/sys/vserver/debug_perm does not output anything to dmesg. :(
1455764929 M * Bertl misc, bits 9 and 10 are interesting for proc
1455764976 M * Bertl maybe cvirt, bit 2 (pid virtualization)
1455765007 M * Bertl misc bit 6, proc task function
1455765484 M * AlexanderS No debug messages :(
1455765691 M * AlexanderS I get other debug messages regarding /proc, but if I try to access f.e. /proc/$PID/ns/net there is no debug message.
1455766174 M * AlexanderS Ah, I cannot use ptrace inside ctx 1, so maybe the proc access is blocked with ptrace_may_access in the vanilla code.
1455768971 M * AlexanderS Maybe there is something missing in the capabilities stuff in the __ptrace_may_access code?
1455768977 A * AlexanderS have to sleep now
1455769138 M * Bertl the symlink looks like it is a virtual one
1455769138 M * Bertl i.e. it doesn't refer to a file or actual entry
1455769153 M * Bertl most likely mainline prevents access to other namespaces via proc
1455769392 M * AlexanderS But ptrace should work in ctx 1? https://gist.github.com/AlexanderS/7cf7ee2c13382a0d640d
1455769623 M * Bertl ptrace does a number of checks and no, it is not expected to work in ctx 1 across isolation
1455769659 M * Bertl if you want to ptrace a process, you better enter the guest context with the necessary capability
1455778549 M * Bertl off to bed now ... have a good one everyone!
1455778550 N * Bertl Bertl_zZ
1455781452 J * Ghislain ~aqueos@adsl1.aqueos.com
1455783981 J * _nikolay ~Nikolay@199.91.137.248
1455786682 Q * derjohn_mobi Ping timeout: 480 seconds
1455788222 J * derjohn_mobi ~aj@2001:6f8:1337:0:40a1:6d91:a8a5:6d83
1455789339 Q * fback Quit: Reconnecting
1455789350 J * fback ~fback@red.fback.net
1455791550 M * _nikolay morning fellows
1455791573 M * _nikolay Bertl_zZ, compiling rpm with lua use flag got rid of the original error, thanks for the pointers
1455791612 M * _nikolay however now yum is complaining that it cannot install filesystem and glibc-common packages...
1455791744 M * _nikolay   Installing : filesystem-3.2-20.el7.x86_64                                                                                                                                                                                             6/19 
1455791744 M * _nikolay Error unpacking rpm package filesystem-3.2-20.el7.x86_64
1455791769 M * _nikolay with an underlying error at:
1455791797 M * _nikolay D: create     120777  1 (   0,   0)     8 /sbin;56c59e51
1455791797 M * _nikolay error: unpacking of archive failed on file /sbin: cpio: rename
1455791797 M * _nikolay   Installing : basesystem-10.0-7.el7.centos.noarch                                                                                                                                                                                      7/19 
1455791797 M * _nikolay error: filesystem-3.2-20.el7.x86_64: install failed
1455791845 M * _nikolay already tried multiple versions of rpm, yum and cpio
1455793312 M * Ghislain several things: check that you have enough quota and no dlimits hanging around, check that rpm is not using a /tmp in ram that would be too small
1455793478 M * Ghislain the /tmp issue is quite common so try to strace the process to find where it fails export TMPDIR=/var/tmp  with /var/tmp in disk can work too but sometimes TMPDIR is not the one picked so check
1455794667 M * AlexanderS Bertl_zZ:: I do not want to ptrace the process, but this explains it. The access to /proc/PID/ns/* is limited to "ptraceable" processes: https://github.com/torvalds/linux/blob/master/fs/proc/namespaces.c#L70  Could we replace ptrace_may_access in procfs code with ptrace_may_acces(..) || vx_check(0, VS_WATCH_P) or something like that? Or maybe add a check for ctx 1 inside of ptrace_may_access?
1455795325 J * druschka_domaintechnik ~druschka@91-135-172-81.net.pr-link.at
1455795788 Q * Aiken Remote host closed the connection
1455798944 M * _nikolay Ghislain, this is a new installation, there are no d/u limits, tmp is not in ram, the remaining packages are extracted successfully so there is plenty of space
1455798950 M * _nikolay looks like cpio rename operation is failing
1455798964 M * _nikolay when it attempts to rename /sbin directory...
1455799002 M * _nikolay perhaps it comes with immune flag set, I do not know...
1455800343 Q * fstd Remote host closed the connection
1455800465 J * fstd ~fstd@xdsl-87-78-10-37.netcologne.de
1455800800 N * Bertl_zZ Bertl
1455800802 M * Bertl morning folks!
1455800881 M * Bertl AlexanderS: I will look into adding an exception for the spectator context to view the proc data
1455800902 M * AlexanderS Bertl: thanks
1455801136 M * Guy- Bertl: about that updated patch...?
1455801363 M * Bertl didn't happen yesterday, but I'm on it ...
1455809161 M * Guy- Bertl: is there anything other than the two fixes by dhozac that you'll include?
1455809722 M * Bertl probably not
1455809883 M * Guy- OK, since I'm building such a patched source now anyway, would it help if I made a composite patch?
1455810050 M * Bertl I'm currently testing and checking how to integrate the patches
1455810117 M * Guy- OK, that I can't help with :)
1455810233 M * Guy- http://people.linux-vserver.org/~dhozac/p/k/delta-fakeinit-fix05.diff doesn't even apply now
1455810656 M * Guy- I think I merged it...
1455810878 Q * druschka_domaintechnik Quit: druschka_domaintechnik
1455813082 M * daniel_hozac do you have fix04 already?
1455814095 Q * click Remote host closed the connection
1455814365 M * Guy- daniel_hozac: no -- I hadn't realized they were cumulative
1455814550 J * click click@ice.vcon.no
1455814572 M * Guy- OK, in sequence the apply properly
1455815192 Q * _nikolay Ping timeout: 480 seconds
1455815383 Q * jrklein Remote host closed the connection
1455815394 J * jrklein ~cloud@proxy.dnihost.net
1455818656 J * Aiken ~Aiken@d63f.h.jbmb.net
1455821082 Q * derjohn_mobi Ping timeout: 480 seconds
1455821891 M * Bertl off for a nap ... bbl
1455821893 N * Bertl Bertl_zZ
1455822945 J * derjohn_mobi ~aj@x590cf651.dyn.telefonica.de
1455836284 N * Bertl_zZ Bertl
1455836286 M * Bertl back now ...