1468898520 M * AlexanderS Is it save to unhide /proc/net/* when using network namespaces? And is there any possibility to enable write permissions?
1468901355 N * Bertl_zZ Bertl_oO
1468905483 J * Ghislain ~aqueos@adsl1.aqueos.com
1468905889 Q * FireEgl Ping timeout: 480 seconds
1468906499 J * FireEgl Fire_OFTC@2604:2d80:8410:c009:85eb:7e17:2523:5af0
1468907011 J * derjohn_mob ~aj@88.128.80.20
1468909715 Q * derjohn_mob Ping timeout: 480 seconds
1468909971 J * derjohn_mob ~aj@88.128.80.20
1468910525 Q * derjohn_mob Ping timeout: 480 seconds
1468912953 J * derjohn_mob ~aj@fw.gkh-setu.de
1468915487 J * tim_ ~quassel@90.63.246.187
1468924672 J * Gremble ~Gremble@cpc87179-aztw31-2-0-cust6.18-1.cable.virginm.net
1468926004 M * Gremble hey all
1468929007 Q * Aiken Remote host closed the connection
1468932704 M * Ghislain hey
1468934949 Q * derjohn_mob Ping timeout: 480 seconds
1468935484 J * derjohn_mob ~aj@fw.gkh-setu.de
1468936335 Q * derjohn_mob Ping timeout: 480 seconds
1468936736 M * Bertl_oO AlexanderS: we do not restrict writing at all, so if some areas of /proc(/net) are not writeable, it is most likely due to the network namespace  
1468936777 M * Bertl_oO unhiding might or might not work, depending on how the content is generated, i.e. if it is hidden by Linux-VServer code, then you can certainly unhide it
1468936883 J * derjohn_mob ~aj@fw.gkh-setu.de
1468937426 M * AlexanderS Bertl_oO: unhiding worked, but I get permission denied. If I understand __dx_permission correctly, it denies all write requests to procfs if the process is not in the admin or watch space?! I would like to disable this check for /proc/net/ if using network namespaces, maybe using a context capability or flag.
1468937476 M * Bertl_oO yeah, just add a flag per context and check for that then
1468937517 M * Bertl_oO there are a number of flag or capability bits available (i.e. unused) which you could use for this purpose
1468937783 M * AlexanderS Ok, I try to create a patch.
1468941869 M * Bertl_oO off for a nap ... bbl
1468941871 N * Bertl_oO Bertl_zZ
1468948444 Q * Ghislain Ping timeout: 480 seconds
1468948641 Q * macmaN Read error: Connection reset by peer
1468948765 J * macmaN ~chezburge@90.190.182.21
1468948829 J * Ghislain ~aqueos@adsl1.aqueos.com
1468949278 J * Ghislain1 ~aqueos@adsl1.aqueos.com
1468949279 Q * Ghislain Read error: Connection reset by peer
1468949764 J * Ghislain ~aqueos@adsl1.aqueos.com
1468949764 Q * Ghislain1 Read error: Connection reset by peer
1468949985 M * AlexanderS Bertl_zZ: util-vserver has support for IATTR_WRITE: https://github.com/linux-vserver/util-vserver/commit/7ca2184598beb16840dffa6680e87e87723f846f But I cannot find this in the linux-vserver patch. Was it there once, or was it just planned? This would also a possibility to make some proc files writable to the guest (and it has the advantage, that it is not all or nothing like the context flag).
1468951073 M * daniel_hozac could require the combination of the two though.
1468951141 Q * derjohn_mob Ping timeout: 480 seconds
1468952439 M * AlexanderS Sure, a flag to enable write permission and a check for IATTR_WRITE of the specific inode is also possible.
1468952610 Q * macmaN Read error: Connection reset by peer
1468953454 J * macmaN ~chezburge@90.190.182.21
1468954348 J * derjohn_mob ~aj@p578b6aa1.dip0.t-ipconnect.de
1468955636 Q * Gremble Quit: I Leave
1468961523 Q * FireEgl Ping timeout: 480 seconds
1468962113 J * FireEgl Fire_OFTC@2604:2d80:8410:c009:85eb:7e17:2523:5af0
1468965203 J * Aiken ~Aiken@d63f.h.jbmb.net
1468966145 M * AlexanderS IATTR_WRITE support alone is dead simple: https://gist.github.com/AlexanderS/6506e3d8b71c6bee8938b6faba39c175
1468969498 Q * Ghislain Quit: Leaving.
1468970261 Q * Aiken Remote host closed the connection
1468970404 J * Aiken ~Aiken@d63f.h.jbmb.net
1468970953 J * Ghislain ~aqueos@adsl1.aqueos.com
1468971025 Q * Ghislain