1555557757 M * Bertl_oO off to bed now ... have a good one everyone! 1555557758 N * Bertl_oO Bertl_zZ 1555561689 J * fstd_ ~fstd@xdsl-78-35-83-217.nc.de 1555562159 Q * fstd Ping timeout: 480 seconds 1555573534 J * hijacker ~nikolay@149.235.255.3 1555579569 M * thithib Bertl_zZ: basically CLIP OS is a multi-level system. Typically we have a high level and a low level, and they are VServer contexts. In practice there are more "cages" (that's how we call them), for instance for the Xorg server itself 1555579715 M * thithib the high and low levels are two completely different user environments 1555580193 M * thithib and yes, we use a custom VServer patch + grsec + other custom and homemade hardening patches 1555584125 Q * Ghislain Ping timeout: 480 seconds 1555586866 N * Bertl_zZ Bertl 1555586869 M * Bertl morning folks! 1555586904 M * Bertl thithib: okay. do you unshare a pid namespace for your 'cages' ? 1555590224 M * thithib Bertl: yes 1555590259 M * Bertl so, is there any advantage of having the Linux-VServer pid isolation code? 1555590314 M * Bertl because if you unshare pid namespaces anyway and do not want to run init-less (i.e. fake init) contexts, then I would remove this part from the patches 1555591435 Q * Aiken Remote host closed the connection 1555591455 M * thithib yes, true 1555591765 M * thithib my idea was to not derive too far from the upstream VServer patch, but yes we could also do that 1555597703 J * romster_ ~romster@158.140.215.184 1555597704 Q * romster Read error: Connection reset by peer 1555599673 J * romster ~romster@158.140.215.184 1555599673 Q * romster_ Read error: Connection reset by peer 1555602468 Q * hijacker 1555602894 M * Bertl off for now ... bbl 1555602896 N * Bertl Bertl_oO 1555616596 J * Aiken ~Aiken@b951.h.jbmb.net 1555622818 Q * gnarface Remote host closed the connection 1555623218 J * gnarface ~gnarface@108-227-52-42.lightspeed.irvnca.sbcglobal.net