1587524138 M * Bertl_oO off to bed now ... have a good one everyone! 1587524139 N * Bertl_oO Bertl_zZ 1587532471 J * Ghislain ~ghislain@adsl2.aqueos.com 1587539082 M * Ghislain okay so this is the last one 4.9.219 with the time patch. I have a host and 2 guests that share the host ip, they are debian 10 host and guest on btrfs subvolumes 1587539155 M * Ghislain if i do a diff -r on the 2 guest config i get only the name, the context and the fstab that differs 1587539255 M * Ghislain kernel 4.9.219-vs2.3.9.12 1587539412 M * Ghislain https://pastebin.com/raw/DPmfUWeX 1587539495 M * Ghislain ip setup https://pastebin.com/raw/3QCw1gqH 1587540706 M * Ghislain i have a similar setup on 4.9.217 and it works on another computer 1587542879 M * Ghislain tu vois une connerie toi dans 1587542879 M * Ghislain RewriteRule "^/en/your\-destination/ski\-area/friendly\-experience/.*" "https://%{HTTP_HOST}/en/your-destination/ski-area/fun-zone-marvel-cascades/" [NC,R,L] 1587542879 M * Ghislain RewriteRule "^/en/your\-destination/ski\-area/top\-ski\-spots\-marvel\-cascades\-gers/.*" "https://%{HTTP_HOST}/en/your-destination/ski-area/freeride-zone-gers/" [NC,R,L] 1587543504 M * Ghislain oups sorry wrong window 1587543519 M * Ghislain i rebooted in 4.9.217 and got same behavior 1587543524 M * Ghislain must test more 1587544281 J * fstd_ ~fstd@xdsl-78-34-185-22.nc.de 1587544599 J * hijacker ~nikolay@external.oldum.net 1587544748 Q * fstd Ping timeout: 480 seconds 1587544868 M * Ghislain well 4.9.207 same, so okay i must have done some silly thing somewhere but i cannot find what. 1587548021 N * Bertl_zZ Bertl 1587548026 M * Bertl morning folks! 1587548153 M * Bertl Ghislain: can you check the capabilites and flags with vattribute --get ? 1587548159 M * Bertl (for each context) 1587548173 M * Bertl and also run an strace -fF on the ping? 1587548290 M * Ghislain hi, yes, here it is 1587548291 M * Ghislain https://pastebin.com/raw/73BBtbuv 1587548456 M * Bertl can you do the working one as well? 1587548553 M * Ghislain well this is strange 1587548567 M * Ghislain in the working one, it works but if i add strace then it wont 1587548605 M * Ghislain https://pastebin.com/raw/BjrakLSi 1587548612 M * Bertl check for any messages on the host (dmesg, log) 1587548622 M * Bertl could be some security framework 1587548643 M * Ghislain nothing ont the dmesg 1587548712 M * Ghislain normaly none is active 1587548859 M * Ghislain neither selinux tomoyo or apparmor is compiled in the kernel 1587548877 M * Ghislain its udac mode 1587548959 M * Bertl let's cat the /proc/virtnet//* for each of them please 1587548984 M * Bertl and also run nattribute --get 1587549030 M * Ghislain https://pastebin.com/raw/eD8EtJJc 1587549096 M * Ghislain https://pastebin.com/raw/WrQVxw15 1587549110 M * Ghislain i use a puppet template to configure the guest so they really should be the same 1587549110 M * Bertl hmm, and you didn't mess up with the guest files? 1587549143 M * Bertl let's check the flags on both 'ping' executables with ls -la 1587549156 M * Ghislain no they are both 0755 1587549166 M * Ghislain but if i suid the non working one then it works 1587549196 M * Bertl 0755 is not suid 1587549201 M * Bertl ping requires suid 1587549210 M * Ghislain the guest i built the first one and rsynced it to the secodn one then changed the name 1587549276 M * Bertl which also explains why it fails when you use strace as user 1587549330 M * Ghislain https://pastebin.com/raw/fi0PetLN it works on a non root user with 0755 right 1587549398 M * Ghislain you see this seems really weird 1587549412 M * Bertl I'd say your testing is flawed and you are bringing capabilities with you or something like this 1587549445 M * Bertl ssh into the guest as that user, verify who you are (id) and then test 1587549461 M * Bertl (without sudo and other stuff) 1587549498 M * Ghislain i noticed it because backuppc do not backup host it cannot ping (by default), ok let me install ssh on it 1587549609 M * Ghislain dam this installed systemd... f...ing sticky thing this one 1587549999 M * Ghislain with ssh still not working, trying on the one that work.... 1587550453 M * Ghislain ok, so on the one that work everything is fine i connect in ssh , do the ping it work, sudo root do the ping it works also 1587550459 M * Ghislain BUT on the one that do not 1587550483 M * Ghislain the sh connection and the ping each stall for 20S befaore doing anything 1587550492 M * Ghislain the ssh eventualy work but the ping do not 1587550508 M * Ghislain but they both have very long freeze before executing 1587550553 M * Bertl dns issue? 1587550567 M * Ghislain ping google.com return immediatly a ping: socket: Address family not supported by protocol 1587550567 M * Ghislain but the sudo of the same waith 20s before pinging 1587550576 M * Ghislain no because iut happen also if i ping an ip 1587550586 M * Ghislain and dig work instantly 1587550619 M * Ghislain oh 1587550626 M * Ghislain sudo bash also stall 20S 1587550632 M * Ghislain that is weird 1587550658 M * Bertl well, I have no idea what's going on there :) 1587550791 M * Ghislain i bet even linus would have no idea 1587550843 M * Ghislain well thanks for the help anyway i will try to understand what is locking it up 1587550868 M * Ghislain will tell you if i find so you can add it to the ghislain's weird thing list 1587550879 M * Ghislain i am sure you keep a lit ;p 1587550945 M * Bertl well, I checked the code for the ping socket operation 1587550990 M * Bertl (where it fails) and we do an override baed on NXC_RAW_ICMP and CAP_NET_RAW 1587551016 M * Bertl now we verified that you have NXC_RAW_ICMP set, which means that you must be missing CAP_NET_RAW 1587551053 M * Ghislain yes but that would be the case on both 1587551078 M * Bertl check with 'cat /proc/self/status' 1587551094 M * Bertl inside the guest under the same condition as the ping is running 1587551294 M * Ghislain well it print things.... 1587551327 M * Ghislain CapBnd: 8000003fffffffff 1587551420 M * Bertl yeah, let's upload those for both cases :) 1587551422 M * AlexanderS Ghislain: Can you check and compare "getcap /bin/ping"? 1587551465 M * Ghislain oh, one has cap_net_raw+ep 1587551465 M * Ghislain the other pritn nothing 1587551466 M * AlexanderS Maybe the rsync dropped the "cap_net_raw" capability on that file. 1587551531 M * AlexanderS That's the way how ping works without root nowadays. 1587551607 M * Ghislain okay that will explain the sudo issue also i bet it use cap too 1587551634 M * Ghislain nope it does not :) 1587551798 M * Ghislain okay AlexanderS: ok now ping works , still have the 20s stall but unpriviledge ping works 1587551824 M * Ghislain so you bet some essential cpas have been lost in the rsync 1587551841 M * Bertl what was your rsync command? 1587551871 M * Ghislain rsync -axHSD --partial --numeric-ids 1587552001 M * Bertl -AX ? 1587552070 M * Ghislain i think i will have to add that yes 1587552085 M * Ghislain will try and tell you how it goes 1587552092 M * Ghislain thanks a lot both of you ! 1587552208 M * Bertl np 1587553043 M * Guy- Bertl: since ACLs are stored in xattrs, does -A actually make a difference when used with -X, do you know? 1587553069 M * Bertl no idea 1587553105 M * Guy- OK, just tried it and -X doesn't transfer the ACL 1587553205 M * Guy- I suppose rsync deliberately skips the system.posix_acl_access xattr if invoke without -A 1587553212 M * Guy- *invoked 1587553901 M * Ghislain perhaps the difference is that -A force -p too 1587555824 M * Bertl off for now ... bbl 1587555826 N * Bertl Bertl_oO 1587571431 Q * hijacker 1587580728 Q * Ghislain Quit: Leaving. 1587584893 Q * fstd_ Ping timeout: 480 seconds 1587584894 J * fstd ~fstd@xdsl-78-34-185-22.nc.de 1587586022 J * fstd_ ~fstd@xdsl-78-34-185-22.nc.de 1587586076 Q * fstd Read error: Connection reset by peer 1587586206 Q * fstd_ Remote host closed the connection 1587593585 Q * CcxWrk Ping timeout: 480 seconds 1587594812 J * fstd ~fstd@xdsl-78-34-185-22.nc.de